A first component of an industrial automation system includes an electrically erasable programmable read-only memory (EEPROM) storing data identifying the first component. The data identifying the first component is read from the EEPROM by a second component to which the first component is communicatively coupled to authenticate the first component. The first component lacks a processor and a microcontroller, and does not run firmware.

A device may receive workflow data identifying an automation request, and may request jobs for the workflow data. The device may receive encrypted jobs based on the request for the jobs, and may determine whether encryption keys for the encrypted jobs are valid. The device may determine whether workflow portions for the encrypted jobs are valid, and may determine whether to allow or deny each of the encrypted jobs based on whether the encryption keys and the workflow portions are valid. The device may execute the encrypted jobs determined to be allowed, to generate execution results, and may forgo execution of the encrypted jobs determined to be denied. The device may process the execution results and the encrypted jobs determined to be denied, with a machine learning model, to predict a final result for the automation request, and may perform actions based on the final result.

A modular security control device for controlling an apparatus or an installation includes a basic control apparatus which is configured such that an apparatus or an installation which is at least connectable to the basic control apparatus is at least controllable via a sequence of a control program in the basic control apparatus, and includes a security module which is configured to provide or perform a cryptographic functionality for the basic control apparatus, where the security module is connected to the basic control apparatus by a data connection via a data interface, the basic control apparatus is configured to interact with the security module to achieve a security function of the security control device, and where the basic control apparatus is configured to query an identity and/or authenticity of the security module.

The disclosure extends to methods, systems, and computer program products for generating and optimizing irrigation protocols that are in compliance with municipal restrictions. The disclosure also extends to methods, systems and computer program products for providing automated irrigation.

A method for controlling a process of manufacturing an item includes making available an electronic control device (ECD) operatively associated with a processing apparatus and a central processing unit (CPU) connected to the ECD by a telecommunications network, transmitting, by the CPU, an encrypted message representative of a digital model of the item to be manufactured to the ECD, decrypting, by the ECD, the encrypted message to store the clear text digital model of the item, sending, by the ECD, an item processing start message with the digital model of the item to the processing apparatus, sending a message indicative of a status of advancement of processing of the item to the CPU, and, following reception of an item processing end message, sending to the ECD a message for deleting the clear text digital model of the item stored in the ECD.

A connection management device for establishing secured communications connections to an industrial automation system, wherein the device provides, in cases of a positive authorization verification outcome, access control information for establishing an encrypted communication connection between a first communication unit of a requesting user and a selected second communication unit, where the connection management device is formed by a server instance running on a firewall system, where data packets transmitted via an encrypted communications connection between the first communication unit of the requesting user and the selected second communication unit are encrypted for verification by the firewall system, based on specified security rules and, in cases of a successful verification, the data packets are forwarded encrypted to the first communication unit of the requesting user or to the selected second communication unit.

Provided is a method for operating a field device. The field device is configured for interacting with a control device. According to the method, a base key is received from a key generation device. A current constraint parameter relating to a predefined operating constraint for operating the field device is determined. A key is generated based on the base key and the current constraint parameter. The field device interacts with the control device using the generated key.

In a method for the encryption communication in a process plant, one or more keys for coding of electronic signals regarding the process plant, such as actuation signals, measurement signals, state signals, warning signals or such, are provided. The one or more keys are transmitted as acoustic signal via a ductwork guiding plant fluid, particularly a process fluid or an auxiliary fluid, from the first communication partner to the second communication partner. The process plant can be a chemical plant, a power plant, or a food-processing plant. The communication can be between a first and a second communication partner, which can include at least one field device, such as an actuator for adjusting a process fluid and/or a control electronics for supervising, controlling and/or regulating processes of the process plant.

An example method includes, in response to receiving a byte array including process data, determining whether auxiliary data is to be transmitted from a field device based on a counter, the auxiliary data including an encryption key identifier and an initialization vector, when auxiliary data is to be transmitted, transmitting a first data packet including the auxiliary data to the remote device, and determining a value for a source bit based on a type of connection between the field device and the remote device, the source bit and the counter included in associated data. The method further includes generating a nonce value based on the source bit and the initialization vector, encrypting a payload including the byte array based on the encryption key identifier and the nonce value, and transmitting a second data packet to the remote device, the second data packet including the associated data and the encrypted payload.

An example method to obtain process data associated with a process control system received from a field device includes identifying, at a computing device, associated data and a payload included in the data packet, the associated data including a source bit, determining, at the computing device, a type of connection between the field device and the computing device based on the source bit, determining, at the computing device, an encryption key identifier and an initialization vector based on an auxiliary data packet received prior to the data packet, generating, at the computing device, a nonce value based on the source bit and the initialization vector, the nonce value indicative of an input to a data encryption algorithm used by the field device to encrypt the payload, and extracting, at the computing device, the process data associated with the process control system from the payload.