Abstract: Examples of techniques to enable transmission of alarm data in an industrial automation setting using a publish-subscribe communication system within an Open Platform Communications Unified Architecture (OPC UA) framework. In an example, the alarm data, initially encoded in OPC UA format, is collected from an OPC UA server over a client-server communication system. This data is then re-encoded into a target format compatible with a publish-subscribe communication network. The re-encoding process involves decoding a value from the alarm data based on OPC UA specifications and assigning the decoded value to a preidentified field in the target format. The re-encoded alarm data is then assigned to a message payload of a Message Queuing Telemetry Transport (MQTT) packet, which is subsequently published to an MQTT broker.

Abstract: Examples techniques of data provisioning in an industrial facility are described. A first data broker receives from a client, a request for data from a data source. A second data broker samples the data from the data source at a sampling interval specified in the request and publishes the sampled data to an upstream data broker at publishing interval specified in the request. The upstream data broker is an intermediate data broker positioned between the first data broker and the second data broker in a hierarchical chain data brokers implemented in a communication network of the 10 industrial facility. The intermediate data broker configured to receive the published data and transmit the received data to the first data broker at a sampling and publishing intervals less than the second data broker.

Abstract: Techniques for optimized aggregation of a data source are described. A server device receives a request from a data source for aggregating thereof and compares each of a set of hardware metrics corresponding to hardware configuration of the server device with a corresponding threshold hardware metric. The server device is classified as a small-configuration device or a high-configuration device and complete aggregation of the data source or partial aggregation of the data source is allowed based on the classification. A set of utilized hardware metrics of the server device that corresponds to hardware resources of the server device that is being utilized is determined. One or more operations corresponding to the transmission of data of the data source that is to be performed by the server device is blocked if at least one of the set of utilized hardware metrics is higher than a corresponding threshold operational soft limit.

Abstract: Described herein are window heat pumps that are configured to heat or cool building interiors while providing simple installation options. A heat pump may comprise interior, exterior, and interconnecting portions such that the interconnecting portion extends between and mechanically, fluidically, and electrically interconnects the interior and exterior portions. When installed, the interconnecting portion extends through a window and supports the interior and exterior portions relative to each other and the building. The interior and exterior portions protrude below with windowsill thereby reducing obstructions to the window. The interior portion comprises two or more air outlets spaced apart from each other and directing air into the building interior at different angles. For example, a first air outlet may direct air at least in part toward the ceiling, while the second air outlet may direct air along the floor.

Abstract: An edge controller may be used for obtaining device data from one or more local devices at a local facility and to provide a representation of at least some of the device data to a remote server. The edge controller may include a network communication port, a cellular communication port and a device communication port. A controller is operatively coupled to the network communication port, the cellular communication port and the device communication port and is configured to receive configuration information and to install the received configuration information on the edge controller. The installed configuration information configures the controller to obtain the device data from the one or more local devices and to send a representation of at least some of the device data to the remote server.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method of controlling tunneling in a communication network of an industrial process facility including a client computer and server computer running different communication protocols coupled by the communication network. The method includes providing the client and server computer with a processor connected to a memory. The processor implements a tunneling reliability program including a training model including labeled groups representing reliability data and security data determined from data sources received across the communication network and a learning classifying algorithm for classifying the reliability data and security data as being reliable or not reliable. The processor determines if the communication network is reliable based on the classified reliability data and security data. In response to determining that the communication network is not reliable or secure a notification is generated for a user that the communication network is not reliable and the notification is transmitted to the user.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A head mounted combination for use in an industrial facility includes an eye shield and an augmented reality headset computer system for communicating over a wireless channel including a processor, system memory, transceiver, a location, orientation and a gaze sensor. A display(s) is embedded in or on an inside surface of the eye shield or lens and coupled to the processor. Client software stored in the system memory determines what the user is looking at together with a 3D model of system elements in the industrial facility used for overlaying computer generated representations of viewed system elements within the user's field of view. Display marker(s) is added to the viewed system elements which have further data available to indicate availability. Responsive to the user triggering the display marker, the first element data is displayed in the display for viewing by the user together with the real world view.

Abstract: A system, method and computer program product for dynamically changing access tokens in a communication system. A client computer system is communicatively coupled by a communication channel to at least one target server. The client computer system includes a processor connected to a storage device that has a non-transitory machine-readable storage medium. The storage device stores a connection failure recovery program. The client computer system is programmed to implement the connection failure recovery program. The client computer system initiates a session by transmitting a first request for a connection to the target server using a first token type such as a client security token and if the first request fails, transmits a second request for a connection to the target server using a different token type.

Abstract: A system and method which dynamically generate proxy connections in a communication system. A client computer system has a processor that is coupled by a communications path including at least one proxy connection to a first target server. An algorithm for dynamically generating proxy connections is stored in machine readable storage. The algorithm is implemented by the processor causing the client computer system to execute generating an additional one of the proxy connections in response to receiving a request and to generate a program identifier which identifies the additional proxy connection. The processor determines if the program identifier is a unique program identifier. If the program identifier is not unique, the processor changes the identifier to render it a modified program identifier so that it is unique and stores the program identifier or the modified program identifier to a configuration file at the client computer system.

Abstract: A system and method of diagnosing and correcting errors in a server computer. A server computer is coupled by a communication path to a client computer. A storage device stores a diagnostic error detecting and correcting program and the server computer is programmed to implement the diagnostic error detecting and correcting program. The server computer detects several selected operating parameters during operation of the server process and determines if at least a first of the selected operating parameters are outside a pre-determined specification for the selected operating parameters. In response to the selected operating parameters being outside the pre-determined specification, the server computer notifies the client computer of an error with the server process. The server computer can also detect communication errors and attempt to restore communications by modifying communication parameter(s).

Abstract: A system and method of diagnosing and correcting errors in a server computer. A server computer is coupled by a communication path to a client computer. A storage device stores a diagnostic error detecting and correcting program and the server computer is programmed to implement the diagnostic error detecting and correcting program. The server computer detects several selected operating parameters during operation of the server process and determines if at least a first of the selected operating parameters are outside a pre-determined specification for the selected operating parameters. In response to the selected operating parameters being outside the pre-determined specification, the server computer notifies the client computer of an error with the server process. The server computer can also detect communication errors and attempt to restore communications by modifying communication parameter(s).

Abstract: A system and method which dynamically generate proxy connections in a communication system. A client computer system has a processor that is coupled by a communications path including at least one proxy connection to a first target server. An algorithm for dynamically generating proxy connections is stored in machine readable storage. The algorithm is implemented by the processor causing the client computer system to execute generating an additional one of the proxy connections in response to receiving a request and to generate a program identifier which identifies the additional proxy connection. The processor determines if the program identifier is a unique program identifier. If the program identifier is not unique, the processor changes the identifier to render it a modified program identifier so that it is unique and stores the program identifier or the modified program identifier to a configuration file at the client computer system.

Abstract: A system, method and computer program product for dynamically changing access tokens in a communication system. A client computer system is communicatively coupled by a communication channel to at least one target server. The client computer system includes a processor connected to a storage device that has a non-transitory machine-readable storage medium. The storage device stores a connection failure recovery program. The client computer system is programmed to implement the connection failure recovery program. The client computer system initiates a session by transmitting a first request for a connection to the target server using a first token type such as a client security token and if the first request fails, transmits a second request for a connection to the target server using a different token type.