Abstract: Examples of techniques to enable transmission of alarm data in an industrial automation setting using a publish-subscribe communication system within an Open Platform Communications Unified Architecture (OPC UA) framework. In an example, the alarm data, initially encoded in OPC UA format, is collected from an OPC UA server over a client-server communication system. This data is then re-encoded into a target format compatible with a publish-subscribe communication network. The re-encoding process involves decoding a value from the alarm data based on OPC UA specifications and assigning the decoded value to a preidentified field in the target format. The re-encoded alarm data is then assigned to a message payload of a Message Queuing Telemetry Transport (MQTT) packet, which is subsequently published to an MQTT broker.

Abstract: The present disclosure provides a model processing method for edge computing devices and a cloud service system thereof. The cloud service system comprising, a cloud server, and a plurality of edge devices, wherein at least one edge device in the plurality of edge devices is connected to the cloud server through a network, said at least one edge device further connected to a plurality of data collectors, wherein the at least one edge device is configured to obtain at least one contextual data set from the at least one of the plurality of data collectors, aggregate the at least one contextual data set obtained from the at least one of the plurality of data collectors, train at least one of the aggregated contextual data set to create a data model, and push the data model to the cloud server to update at least a portion of a cloud data model. The method for cloud service system is also disclosed.

Abstract: The present invention provides a system for dynamically registering plugin with an Enterprise Performance Management (EPM) system. The system provides a database module operationally coupled to a repository for storing information on registered enterprises, one or more user devices mapped to the registered enterprises, and a set of rules corresponding to each user device. The system further comprises a data identification module which is configured to receive data from one or more user devices and a converter framework comprising a converter module and a plugin module for conversion of data from a user device. The system further provides a registration module which is operationally coupled to said data identification module and the database module and is configured to receive a plugin registration request from a user device including a plugin, identify the user device and its data type, and determine if the plugin is already registered with the repository.

Abstract: Techniques for optimized aggregation of a data source are described. A server device receives a request from a data source for aggregating thereof and compares each of a set of hardware metrics corresponding to hardware configuration of the server device with a corresponding threshold hardware metric. The server device is classified as a small-configuration device or a high-configuration device and complete aggregation of the data source or partial aggregation of the data source is allowed based on the classification. A set of utilized hardware metrics of the server device that corresponds to hardware resources of the server device that is being utilized is determined. One or more operations corresponding to the transmission of data of the data source that is to be performed by the server device is blocked if at least one of the set of utilized hardware metrics is higher than a corresponding threshold operational soft limit.

Abstract: The present invention provides a system for dynamically registering plugin with an Enterprise Performance Management (EPM) system. The system provides a database module operationally coupled to a repository for storing information on registered enterprises, one or more user devices mapped to the registered enterprises, and a set of rules corresponding to each user device. The system further comprises a data identification module which is configured to receive data from one or more user devices and a converter framework comprising a converter module and a plugin module for conversion of data from a user device. The system further provides a registration module which is operationally coupled to said data identification module and the database module and is configured to receive a plugin registration request from a user device including a plugin, identify the user device and its data type, and determine if the plugin is already registered with the repository.

Abstract: The present disclosure provides a system for routing data to the converter framework of an enterprise performance management (EPM) system. The EPM system includes a database module operatively connected to a repository that stores information of one or more registered user devices, and a set of rules corresponding to each registered device. The system further includes a data identification module which is operatively coupled to the database module. The data identification module is configured to receive data from one or more user devices and, thereafter, communicate with the database module to identify if the user device is a registered device or unregistered device. When the user device is a registered device, the data identification module routes the data to the converter framework according to the rules specified in the database module.

Abstract: An edge controller may be used for obtaining device data from one or more local devices at a local facility and to provide a representation of at least some of the device data to a remote server. The edge controller may include a network communication port, a cellular communication port and a device communication port. A controller is operatively coupled to the network communication port, the cellular communication port and the device communication port and is configured to receive configuration information and to install the received configuration information on the edge controller. The installed configuration information configures the controller to obtain the device data from the one or more local devices and to send a representation of at least some of the device data to the remote server.

Abstract: Examples of techniques to enable transmission of alarm data in an industrial automation setting using a publish-subscribe communication system within an Open Platform Communications Unified Architecture (OPC UA) framework. In an example, the alarm data, initially encoded in OPC UA format, is collected from an OPC UA server over a client-server communication system. This data is then re-encoded into a target format compatible with a publish-subscribe communication network. The re-encoding process involves decoding a value from the alarm data based on OPC UA specifications and assigning the decoded value to a preidentified field in the target format. The re-encoded alarm data is then assigned to a message payload of a Message Queuing Telemetry Transport (MQTT) packet, which is subsequently published to an MQTT broker.

Abstract: Examples techniques of data provisioning in an industrial facility are described. A first data broker receives from a client, a request for data from a data source. A second data broker samples the data from the data source at a sampling interval specified in the request and publishes the sampled data to an upstream data broker at publishing interval specified in the request. The upstream data broker is an intermediate data broker positioned between the first data broker and the second data broker in a hierarchical chain data brokers implemented in a communication network of the 10 industrial facility. The intermediate data broker configured to receive the published data and transmit the received data to the first data broker at a sampling and publishing intervals less than the second data broker.

Abstract: Techniques for optimized aggregation of a data source are described. A server device receives a request from a data source for aggregating thereof and compares each of a set of hardware metrics corresponding to hardware configuration of the server device with a corresponding threshold hardware metric. The server device is classified as a small-configuration device or a high-configuration device and complete aggregation of the data source or partial aggregation of the data source is allowed based on the classification. A set of utilized hardware metrics of the server device that corresponds to hardware resources of the server device that is being utilized is determined. One or more operations corresponding to the transmission of data of the data source that is to be performed by the server device is blocked if at least one of the set of utilized hardware metrics is higher than a corresponding threshold operational soft limit.

Abstract: An edge controller may be used for obtaining device data from one or more local devices at a local facility and to provide a representation of at least some of the device data to a remote server. The edge controller may include a network communication port, a cellular communication port and a device communication port. A controller is operatively coupled to the network communication port, the cellular communication port and the device communication port and is configured to receive configuration information and to install the received configuration information on the edge controller. The installed configuration information configures the controller to obtain the device data from the one or more local devices and to send a representation of at least some of the device data to the remote server.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method of controlling tunneling in a communication network of an industrial process facility including a client computer and server computer running different communication protocols coupled by the communication network. The method includes providing the client and server computer with a processor connected to a memory. The processor implements a tunneling reliability program including a training model including labeled groups representing reliability data and security data determined from data sources received across the communication network and a learning classifying algorithm for classifying the reliability data and security data as being reliable or not reliable. The processor determines if the communication network is reliable based on the classified reliability data and security data. In response to determining that the communication network is not reliable or secure a notification is generated for a user that the communication network is not reliable and the notification is transmitted to the user.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A head mounted combination for use in an industrial facility includes an eye shield and an augmented reality headset computer system for communicating over a wireless channel including a processor, system memory, transceiver, a location, orientation and a gaze sensor. A display(s) is embedded in or on an inside surface of the eye shield or lens and coupled to the processor. Client software stored in the system memory determines what the user is looking at together with a 3D model of system elements in the industrial facility used for overlaying computer generated representations of viewed system elements within the user's field of view. Display marker(s) is added to the viewed system elements which have further data available to indicate availability. Responsive to the user triggering the display marker, the first element data is displayed in the display for viewing by the user together with the real world view.

Abstract: A system, method and computer program product for dynamically changing access tokens in a communication system. A client computer system is communicatively coupled by a communication channel to at least one target server. The client computer system includes a processor connected to a storage device that has a non-transitory machine-readable storage medium. The storage device stores a connection failure recovery program. The client computer system is programmed to implement the connection failure recovery program. The client computer system initiates a session by transmitting a first request for a connection to the target server using a first token type such as a client security token and if the first request fails, transmits a second request for a connection to the target server using a different token type.

Abstract: A system and method which dynamically generate proxy connections in a communication system. A client computer system has a processor that is coupled by a communications path including at least one proxy connection to a first target server. An algorithm for dynamically generating proxy connections is stored in machine readable storage. The algorithm is implemented by the processor causing the client computer system to execute generating an additional one of the proxy connections in response to receiving a request and to generate a program identifier which identifies the additional proxy connection. The processor determines if the program identifier is a unique program identifier. If the program identifier is not unique, the processor changes the identifier to render it a modified program identifier so that it is unique and stores the program identifier or the modified program identifier to a configuration file at the client computer system.

Abstract: A system and method of diagnosing and correcting errors in a server computer. A server computer is coupled by a communication path to a client computer. A storage device stores a diagnostic error detecting and correcting program and the server computer is programmed to implement the diagnostic error detecting and correcting program. The server computer detects several selected operating parameters during operation of the server process and determines if at least a first of the selected operating parameters are outside a pre-determined specification for the selected operating parameters. In response to the selected operating parameters being outside the pre-determined specification, the server computer notifies the client computer of an error with the server process. The server computer can also detect communication errors and attempt to restore communications by modifying communication parameter(s).