An engineering assistant system 1 includes: an engineering server 10 that issues a work list including information related to work necessary for performing the engineering of a process control system 100; and an at least one engineering client 20 that grants work authority for each worker based on the work list issued by the engineering server 10 and makes it possible to perform work on a constituent apparatus that constitutes the process control system 100 within a range of granted work authority.

A software defined (SD) process control system (SDCS) includes a control container having contents which are executable during run-time of the process plant to control at least a portion of an industrial process. The SDCS also includes a security service associated with the control container and including contents which define one or more security conditions. The security service executes via a container on a compute node of the SDCS to control access to and/or data flow from the control container based on the contents of the security container.

An opt-in from at least one user of a plurality of users associated with at least one tool of a plurality of tools is received. An authentication associated with a first opted-in user of the plurality of users associated with an access of a first tool of the plurality of tools is determined. A set of credentials required to operate the first tool associated with the first opted-in user is verified. A request to an Internet of things (IoT) receiver device is transmitted. A response from an IoT transmitter device is received. In response to determining that the first user is utilizing required equipment to operate the first tool, power to the first tool is supplied.

A method for validating a field device is disclosed. The field device includes a plurality of hardware and software modules and is provided with a first cryptographic signature on the manufacturer side. The first cryptographic signature identifies the device manufacturer or the original delivery state of the field device. The origin and integrity of the field device is validated on the customer side using the first cryptographic signature. Once the field device is adapted to a defined machinery, the field device is provided with a second cryptographic signature on the customer side. The second cryptographic signature identifies the adaptations of the field device made on the customer side as a machinery-specific desired state of the field device. At least one validation of the field device is carried out on the customer side using the second cryptographic signature during the period of installation of the field device in the defined machinery.

Techniques for authenticating industrial devices in an industrial automation environment are disclosed herein. In at least one implementation, a physical unclonable function response of an industrial device is extracted. The industrial device transmits a security certificate signed by a certificate authority that includes a device public key to a system, wherein the system validates the security certificate, encrypts an authentication challenge using the device public key, and transmits the authentication challenge to the industrial device. The industrial device generates a device private key using the physical unclonable function response and decrypts the authentication challenge using the device private key. The industrial device generates an authentication response based on the authentication challenge, encrypts the authentication response using the device private key, and transmits the authentication response to the system, wherein the system decrypts the authentication response using the device public key and authenticates the industrial device based on the authentication response.

Systems and methods are provided for controlling maintenance of a fuel dispenser. In one exemplary embodiment, a system is provided having a fuel dispenser that includes an electronics module having a data processor, a remote enterprise server in communication with the electronics module, and a remote code processor in communication with the remote enterprise server. The data processor is configured to determine an authorization password based on data characterizing the fuel dispenser, to receive a remote password that is generated by the remote code processor based on the fuel dispenser data, to determine that the remote password matches the authorization password, and to cause the fuel dispenser to enter a maintenance mode.

A control device can modify a first user program and first setting information in the storage unit executed by a control engine respectively using a second user program and second setting information received by the control device. A security engine of the control device verifies identity between the first user program and the second user program, evaluates the validity of setting indicated by the second setting information, and permits or prohibits performance of the above modification based on such a verification result and the evaluation.

Computer-implemented methods and systems for controlling a facility and configurable components are described. A method includes receiving an authentication indicator representing authentication of a user login to a user account accessible from a mobile application at a user device; receiving a request from the user account for access to one or more components of the facility; generating one or more queries to one or more databases based on the request; validating the request using the one or more queries to determine whether an access key should be granted; if the access key should be granted, generating the access key and presenting the access key at a user interface of the mobile application, the user interface accessible using the user account; upon actuation of the access key, enabling access to the one or more components of the facility. The components can be configurable components.

An image capture device for a secure industrial control system is disclosed. In an embodiment, the image capture device includes: an image sensor; a signal processor coupled to the image sensor; and a controller for managing the signal processor and transmitting data associated with processed image signals to at least one of an input/output module or a communications/control module via a communications interface that couples the controller to the at least one of the input/output module or the communications/control module, wherein the controller is configured to establish an encrypted tunnel between the controller and the at least one of the input/output module or the communications/control module based upon at least one respective security credential of the image capture device and at least one respective security credential of the at least one of the input/output module or the communications/control module.

Techniques are disclosed for providing anti-theft protection for power tools. In one example of the techniques of the disclosure, at least one processor of a power tool receives, from an operator, a command to operate the power tool. In response to receiving the command, the at least one processor determines whether at least one of a value of a master authentication counter of the power tool and a value of a user authentication counter of the power tool has reached a predetermined threshold. In response to determining that the at least one of the value of the master authentication counter and the value of the user authentication counter has reached a predetermined threshold, the at least one processor disables the power tool.