A data-processing system having at least one operating memory holding operating data is provided with a protection unit having an execution environment protected from unauthorized access. At least one monitoring logic in the execution environment is connected to the operating memory for monitoring unauthorized modifications, access, or similar protection violations of the operating data stored in the operating memory and for generating an output on detection of such a protection violation. A protection logic in the execution environment holds replacement data capable of replacing the operating data and is connected to the monitoring logic for, on generation of the output, providing to the operating memory the replacement data for the operation or for a substitute operation of the data-processing system.

An electronic access control device for controlling data access to Heating, Ventilating and Air Conditioning (HVAC) devices of an HVAC system includes electronic communication circuits and a processor connected to the electronic communication circuits. An electronic communication circuit communicates via a first communication link with an external computing device, separate from the HVAC system. An electronic communication circuit communicates with one or more of the HVAC devices via a second communication link. The processor receives via the first communication link a data request directed to a particular device of the HVAC devices, checks authorization of the data request, upon authorization, forwards the data request via the second communication link to the particular device, receives via the second communication link a data content from the particular device, generates a data response, using the data content, and transmits the data response via the first communication link to the external computing device.

An industrial device is configured to implement a lightweight file authentication sequence that rapidly verifies the integrity of mobile code supplied to the industrial device. The industrial device generates a file authentication code (FAC), which is stored on the industrial device and only made accessible to users via a local connection to the industrial device. The device-specific file FAC is installed on the program development application used to develop or edit the mobile code to be executed on the industrial device. The development application provides the mobile code to the industrial device together with a hash-based message authentication code (HMAC) generated using a retrieved copy of the FAC. The industrial device only permits execution of the mobile code if the HMAC included with the mobile code matches a locally created HMAC generated by the industrial device based on the mobile code and the device's local copy of the FAC.

Methods, systems, and computer-readable media for industrial control software execution management. For example, there is provided a method for enabling a software module included in a plurality of software modules of an application package installed on a computing device configured to control a turbomachine of an industrial plant. The method can include receiving, by a processor of the computing device, a request for executing the software module. The method can include generating and sending an activation request to a remote server. The method can include generating, by the remote server, an activation code if a verification protocol is successfully completed. The method can include forwarding the activation code to the computing device. The method can include activating the software module when the activation code is received by the processor.

A system of monitoring and controlling an operation, comprising: an input means, the input means is adapted for user to input user-defined parameters, a middleware application in connection with the input means via a network, the middleware application is in communication with a directory database and also a relational database management system via communication means, a data management system being installed as a slave program in the middleware application and as a slave program in one more external server or external device, the middleware application is in communication with the external servers or device via communication means, whereby the master-slave relation allows exchange of data between the middleware application and the server architecture.

An industrial device is configured to implement a lightweight file authentication sequence that rapidly verifies the integrity of mobile code supplied to the industrial device. The industrial device generates a file authentication code (FAC), which is stored on the industrial device and only made accessible to users via a local connection to the industrial device. The device-specific file FAC is installed on the program development application used to develop or edit the mobile code to be executed on the industrial device. The development application provides the mobile code to the industrial device together with a hash-based message authentication code (HMAC) generated using a retrieved copy of the FAC. The industrial device only permits execution of the mobile code if the HMAC included with the mobile code matches a locally created HMAC generated by the industrial device based on the mobile code and the device's local copy of the FAC.

Methods, systems, and computer-readable media for industrial control software execution management. For example, there is provided a method for enabling a software module included in a plurality of software modules of an application package installed on a computing device configured to control a turbomachine of an industrial plant. The method can include receiving, by a processor of the computing device, a request for executing the software module. The method can include generating and sending an activation request to a remote server. The method can include generating, by the remote server, an activation code if a verification protocol is successfully completed. The method can include forwarding the activation code to the computing device. The method can include activating the software module when the activation code is received by the processor.

A system of monitoring and controlling an operation, comprising: an input means, the input means is adapted for user to input user-defined parameters, a middleware application in connection with the input means via a network, the middleware application is in communication with a directory database and also a relational database management system via communication means, a data management system being installed as a slave program in the middleware application and as a slave program in one more external server or external device, the middleware application is in communication with the external servers or device via communication means, whereby the master-slave relation allows exchange of data between the middleware application and the server architecture.