Context-Sensitive Technical Audit Trail of A Technical System

Abstract

A method for controlling a technical system via a control system, wherein the control system, after processing a request from an operator, generates a response message to the request such that if a faulty state of the technical system occurs, then associated fault messages are linked in an automated manner to the request and the response message in the time between the request and the generation of the response message, and a corresponding item of information relating thereto is presented to the operator, where the link between the request, response message and fault messages is provided with a digital signature of the operator who made the request to the control system.

Claims

1.-6. (canceled)

7. A method for preparing a context-sensitive audit trail for a technical system via a control system, the method comprising: receiving a request at the control system from an operator; processing the request from the operator by the control system; generating, by the control system, an appropriate response message to the request if a faulty state of the technical system occurs in a time between the request to the control system and generation of the response message after the processing of the request, associated error messages being correlated in an automated manner with the request and the response message and a corresponding item of information relating thereto being presented to the operator; and providing a digital signature of the operator who made the request to the control system to a link between the request, response message and error messages.

8. The method as claimed in claim 7, wherein the error messages comprise at least one of (i) system messages, (ii) diagnostic messages, (iii) traces, (iv) logs and (v) security events.

9. The method as claimed in claim 7, wherein the control system requests an acknowledgement of the response message associated with its request from the operator after the linking of the request and the associated response message to the error messages.

10. The method as claimed in claim 8, wherein the control system requests an acknowledgement of the response message associated with its request from the operator after the linking of the request and the associated response message to the error messages.

11. The method as claimed in claim 7, wherein as part of the linking of the error messages to the request and the response message after the request has been received in the control system, the control system: a) determines components of the technical system which are affected by the request from the operator; b) determines error messages relating to a previously identified components which occur while the request from the operator is being processed; c) after processing the request from the operator, generation of the response message; d) links request, response message and error messages.

12. A control system for a technical system, the control system comprising: a processor; and memory; wherein the control system is configured to: receive a request from an operator; process the request from the operator; generate an appropriate response message to the request if a faulty state of the technical system occurs in a time between the request to the control system and generation of the response message after the processing of the request, associated error messages being correlated in an automated manner with the request and the response message and a corresponding item of information relating thereto being presented to the operator; and provide a digital signature of the operator who made the request to the control system to a link between the request, response message and error messages.

13. The control system of claim 12, wherein the technical system comprises one of a manufacturing or process system.

14. The control system of claim 12, wherein the control system controls the technical system during operation thereof

15. The control system of claim 14, wherein the technical system comprises one of a manufacturing or process system.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0035] The properties, features and advantages of this invention described above and the manner in which these are achieved, will become clearer and more readily understandable in connection with the following description of the exemplary embodiment which is explained in more detail in connection with the drawing, in which:

[0036] FIG. 1 is a schematic illustration of part of a control system in accordance with the invention formed as a process system; and

[0037] FIG. 2 is a flowchart of the method in accordance with the invention.

DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

[0038] FIG. 1 shows part of a control system 1 according to the invention of a technical system formed as a process system. The control system 1 comprises a server of an operating system or an operator station server and an associated operator station client 3. The operator station server 2 and the operator station client 3 are connected to one another via a terminal bus 4 and to other components of the control system 1 (not shown), such as an engineering system server or a process data archive.

[0039] A user or operator has access to the operator station server 2 via the operator station server 3 via the terminal bus 4 in the context of operation and observation. The terminal bus 4 can, without being limited thereto, be formed, for example, as an Industrial Ethernet.

[0040] The operator station server 2 has a device interface 5 that is connected to a system bus 6. The operator station server 2 can then communicate with an (external) device 7 (here an automation station). The connected device 7 may alternatively also be an application, in particular a web application. Within the scope of the invention, any number of devices and/or applications can be connected to the operator station server 2. The system bus 6 can, without being limited thereto, be formed, for example, as an Industrial Ethernet. The device 7 can in turn be connected to any number of subsystems (not shown).

[0041] A visualization service 8 is integrated in the operator station server 2, via which (visualization) data can be transmitted to the operator station client 3. In addition, the operator station server 4 has a process image 9 and a local archive 10.

[0042] An audit trail service 11 is implemented within the visualization service 8, the mode of operation and function of which are explained hereinafter.

[0043] An operator changes a control value of a controller of a process object of the process system in the operator station client 3. This information or request is transmitted from the operator station client 3 to the operator station server 2 (step I) and is read out there (inter alia) by the audit trail service 11 (step II).

[0044] The audit trail service 11 then creates an operating message and determines the devices 7 or process objects affected by the request from the operator. In addition, the audit trail service 11 receives all the error messages that describe a faulty state of the process system from the affected devices 7 or process objects and/or the local archive 10 until the processing of the request from the operator has been completed.

[0045] The request from the operator is initially processed in a step III in that the change in the control value is written into the process image 9. The device interface 5 or the device driver forwards the requested control value changes to the automation station 7 (step IV, V). Here, the change in control value is undertaken and corresponding feedback is given to the device interface 5 and the process image.

[0046] The audit trail service 11 is informed by the automation station 7 via its feedback as to whether the change in control value could be carried out successfully. Regardless of the success of the change in control value, the audit trail service 11 generates a response message to be acknowledged by the operator when the audit trail service 11 has received error messages from the devices 7 or process objects affected by the request in the time between the receipt of the request and the completion of the processing of the request. The response message, the request and the associated error messages are linked in an automated manner by the audit trail service 11 and are stored in the local archive 10 for later checking as well as presented to the operator for acknowledgement.

[0047] Any acknowledgement of the response message that may have been given by the operator is then also stored in the archive 10. The archive 10 need not necessarily be implemented locally on the operator station server 2, but can also be implemented separately from the operator station server 2, such as in a cloud-based environment. A cloud is understood to mean a computer network with online-based storage and server services, which is usually referred to as a cloud or cloud platform. The data saved in the cloud is accessible online, so that the process system also has access to a central data archive in the cloud via the internet.

[0048] Although the invention has been illustrated and described in detail by the preferred exemplary embodiment, the invention is not limited by the disclosed examples and other variations may be derived therefrom by a person skilled in the art without departing from the scope of the invention.

[0049] FIG. 2 is a flowchart of a method for preparing a context-sensitive audit trail for a technical system via a control system 1. The method comprises receiving a request at the control system 1 from an operator, as indicated in step 210.

[0050] Next, the request from the operator is processed by the control system 1, as indicated in step 220.

[0051] Next, the control system 1 generates an appropriate response message to the request if a faulty state of the technical system occurs in a time between the request to the control system and generation of the response message after the processing of the request, as indicated in step 230. Here, associated error messages are correlated in an automated manner with the request and the response message and a corresponding item of information relating thereto is presented to the operator.

[0052] Next, a digital signature of the operator who made the request to the control system 1 is provided to a link between the request, response message and error messages, as indicated in step 240. Thus, while there have been shown, described and pointed out fundamental novel features of the invention as applied to a preferred embodiment thereof, it will be understood that various omissions and substitutions and changes in the form and details of the methods described and the devices illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that all combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Moreover, it should be recognized that structures and/or elements and/or method steps shown and/or described in connection with any disclosed form or embodiment of the invention may be incorporated in any other disclosed or described or suggested form or embodiment as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.