According to the present invention, an information processing apparatus comprises a first controller that executes a first program code; a second controller that executes a second program code different from the first program code, and communication with the first controller; a storage device that stores the first program code to be executed by the first controller and the second program code to be executed by the second controller; and a verifier that verifies, before the first controller and the second controller execute respective program codes, the respective program codes, stored in the storage device.

An example method includes, in response to receiving a byte array including process data, determining whether auxiliary data is to be transmitted from a field device based on a counter, the auxiliary data including an encryption key identifier and an initialization vector, when auxiliary data is to be transmitted, transmitting a first data packet including the auxiliary data to the remote device, and determining a value for a source bit based on a type of connection between the field device and the remote device, the source bit and the counter included in associated data. The method further includes generating a nonce value based on the source bit and the initialization vector, encrypting a payload including the byte array based on the encryption key identifier and the nonce value, and transmitting a second data packet to the remote device, the second data packet including the associated data and the encrypted payload.

A modular security control device for controlling an apparatus or an installation includes a basic control apparatus which is configured such that an apparatus or an installation which is at least connectable to the basic control apparatus is at least controllable via a sequence of a control program in the basic control apparatus, and includes a security module which is configured to provide or perform a cryptographic functionality for the basic control apparatus, where the security module is connected to the basic control apparatus by a data connection via a data interface, the basic control apparatus is configured to interact with the security module to achieve a security function of the security control device, and where the basic control apparatus is configured to query an identity and/or authenticity of the security module.

A method includes receiving at a field device, from a first client device or application, a message indicating a selection of a first one of a plurality of publish categories corresponding to a type of information desired by the first client device or application. The method further includes transmitting, from the field device to the first client device or application, an identification of each of a plurality of publish lists corresponding to the first one of the selected publish category. The publish lists are stored on the field device and each includes a set of parameters associated with the field device. The method includes receiving at the field device, from the first client device or application, a selection of a publish list identified by the field device, and transmitting, from the field device to the first client device or application, the set of parameters associated with the selected publish list.

A connection management device for establishing secured communications connections to an industrial automation system, wherein the device provides, in cases of a positive authorization verification outcome, access control information for establishing an encrypted communication connection between a first communication unit of a requesting user and a selected second communication unit, where the connection management device is formed by a server instance running on a firewall system, where data packets transmitted via an encrypted communications connection between the first communication unit of the requesting user and the selected second communication unit are encrypted for verification by the firewall system, based on specified security rules and, in cases of a successful verification, the data packets are forwarded encrypted to the first communication unit of the requesting user or to the selected second communication unit.

A motor control system includes a motor, a main controller configured to receive a first user program from a user device, and a motor controller configured to store the first user program transferred from the main controller such that the first user program is not readable from outside of the motor control system.

A method for operating a specific field device from a first group and a second group of field devices, wherein the first group exchanges data in an IP-based network, and the second group communicates at least via a non-IP-based connection, the method includes the following: transmitting multicast messages having an item of connection information via at least one portion of the field devices of the first group; integrating the operator device into the IP-based network; initiating a connection establishment with a field device of the second group; receiving the transmitted multicast messages by the operator unit so that the connection information is made available to the operator unit; generating a list of all field devices of the first group and the second group; selecting the specific field device using generated list; initiating a specific connection establishment with the specific selected field device; and operating of the specific selected field device with the mobile operator unit.

A method may include receiving, via a secure deployment management (SDM) system, data associated with operations of an industrial device from a SDM node associated with the industrial device. The data is received via a secure communication channel established by the SDM system with the SDM node and security protocols. The SDM node is communicatively coupled with a machine learning system for sending and receiving data. The machine learning system may generate an updated machine learning model based on the data and a machine learning model representative of expected outputs associated with the operations of the industrial device and generate updated configuration data based on the updated machine learning model. The method may then include receiving the updated configuration data from the SDM node via the secure communication channel and sending the updated configuration data to the industrial device without performing security operations on the updated configuration data.

A method may include receiving, via a secure deployment management (SDM) system, a notification indicative of a change in configuration data associated with an industrial device from a secure deployment management (SDM) node associated with the industrial device. The notification is received via a secure communication channel established by the SDM system with the SDM node and one or more security protocols. The method also includes retrieving, via the SDM system, the configuration data associated with the industrial device from a data source in response to receiving the notification and sending, via the SDM system, the configuration data to the SDM node via the secure communication channel. The industrial device may receive the configuration data from the SDM node without performing one or more security operations on the configuration data.

A method may include receiving, via a secure deployment management (SDM) system, data associated with one or more operations of an industrial device from a secure deployment management (SDM) node associated with the industrial device. The data is received via a secure communication channel established by the SDM system with the SDM node and security protocols. The method also includes sending the data to a computerized maintenance management system (CMMS) container component may perform tasks in conjunction with a computerized maintenance management system (CMMS) process, such that the CMMS container component may communicate with the CMMS process via a first firewall through which the SDM system is incapable of communicating. The SDM system may enable the data associated with the operations to communicate with the SDM node through a second firewall between the SDM system and the SDM node, the second firewall being different from the first firewall.