1. Patent Search
  2. Details

Automation Component Configuration

20210255607 · 2021-08-19

    Inventors

    Cpc classification

    International classification

    Abstract

    An engineering system for engineering, programming and/or configuring industrial automation components and particularly engineering, programming and/or configuring security related features of automation components in automation projects, automation components, automation component databases, receiving tools, a computer program, a data carrier signal and a method for facilitating the provision of automation component configurations for automation components of an industrial automation project, wherein the method especially focuses on security aspects of automation projects, and wherein automation component description data comprising functionality parameters for configuring functionality of the automation components and security parameters for configuring security functions of the automation components are determined and, based on the industrial automation project, a functionality parameter setting for the functionality parameters and a security parameter setting for the security parameters is determined To facilitate the implementation of security parameter settings in engineering projects to achieve high and solution wide security.

    Claims

    1.-16. (canceled)

    17. A method for providing automation component configurations for at least one automation component of an industrial automation project, the method comprising: determining automation component description data comprising at least one functionality parameter for configuring functionality of the at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component; determining, by an engineering system, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter; and providing at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings.

    18. The method according to claim 17, wherein said determining automation component description data further comprises: retrieving at least one of (i) a default functionality parameter setting and (ii) a default security parameter setting, said determining the functionality parameter setting being further based on at least one of (i) the default functionality parameter setting and (ii) the default security parameter setting.

    19. The method according to claim 18, wherein said determining automation component description data further comprises: retrieving at least one of (i) a default functionality parameter setting and (ii) a default security parameter setting, said determining the functionality parameter setting being further based on at least one of (i) the default functionality parameter setting and (ii) the default security parameter setting.

    20. The method according to claim 17, further comprising: combining the determined security parameter settings to a set of project-level security data for the automation project.

    21. The method according to claim 17, further comprising: providing at least one of (i) the automation component configurations and (ii) project-level security data to a receiving tool.

    22. The method according to claim 21, wherein the receiving tool comprises at least one of a verification tool and a monitoring tool.

    23. The method according to claim 17, further comprising: providing an automation component configuration for one of (i) each automation component and (ii) each group of related automation components.

    24. The method according to claim 17, further comprising: evaluating a set of project-level security data of the automation project in accordance with definable security criteria.

    25. The method according to claim 17, further comprising: optimizing a set of project-level security data in accordance with at least one of (i) a definable project security level and (ii) definable security zones.

    26. The method according to claim 17, further comprising: structuring the automation component description data in accordance with a format comprising at least functionality data and security data.

    27. The method according to claim 17, further comprising: enriching the automation component description data with at least parts of the automation component configurations.

    28. An engineering system for providing at least one automation component configurations for an industrial automation project, the engineering system being at least one of configured and operative to: determine automation component description data comprising at least one functionality parameter for configuring functionality of the at least one automation component and at least one security parameter for configuring security functions of the at least one automation component; determine, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter; and provide at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings.

    29. Automation component comprising: a processor; and memory; wherein the processor is at least one of configured and operative to: at least one of (i) receive and (ii) retrieve automation component configurations provided by: determining automation component description data comprising at least one functionality parameter for configuring functionality of the automation component and determining at least one security parameter for configuring security functions of the automation component; and providing at least one automation component configuration comprising a determined functionality parameter settings and determined security parameter settings; and wherein the processor is at least one of further configured and operative to: apply functionality parameter settings and security parameter settings obtained from at least one of the (i) received and (ii) retrieved automation component configurations.

    30. Automation component database providing at least one of (i) automation component description data, (ii) default functionality parameters and (iii) default security parameters; wherein the database is accessed when: determining automation component description data comprising at least one functionality parameter for configuring functionality of at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component; determining, by an engineering system, based on an industrial automation project, a functionality parameter setting for the at least one functionality parameter and a security parameter setting for the at least one security parameter; and providing at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings.

    31. A receiving tool operative to at least one of receive and retrieve at least one of (i) automation component configurations and (ii) project-level security data provided by: determining automation component description data comprising at least one functionality parameter for configuring functionality of at least one automation component and determining at least one security parameter for configuring security functions of the at least one automation component; determining, by an engineering system, based on the industrial automation project, a functionality parameter setting for the at least one functionality parameter (FP) and a security parameter setting for the at least one security parameter; and providing at least one automation component configuration comprising the determined functionality parameter settings and the determined security parameter settings; wherein the receiving tool is further configured to process at least one of (i) the automation component configurations and (ii) project-level security data.

    32. The receiving tool according to claim 31, wherein the receiving tool is further operative to provide a result of processing at least one of the (i) at one the automation component configuration and (ii) project-level security data to an engineering system.

    33. A computer program comprising instructions which, when executed by a processor of computer, causes the computer to provide automation component configurations for automation components of an industrial automation project, and further to perform the method according to claim 17.

    34. A data carrier signal carrying the computer program of claim 33.

    Description

    BRIEF DESCRIPTION OF THE DRAWINGS

    [0056] Embodiments of the invention are now described, by way of ex ample only, with reference to the accompanying drawings, of which:

    [0057] FIG. 1 shows the general concept of the invention;

    [0058] FIG. 2 shows an engineering system in accordance with the invention;

    [0059] FIG. 3 shows an automation component in accordance with the invention;

    [0060] FIG. 4 shows an automation project in relation with an industrial facility in accordance with the invention;

    [0061] FIG. 5 shows an industrial facility with its security zones in accordance with the invention;

    [0062] FIG. 6 shows an automation component database in interaction with an engineering system in accordance with the invention;

    [0063] FIG. 7 shows a further embodiment of an automation component database and the data being provided in accordance with the invention;

    [0064] FIG. 8 shows a further embodiment of an automation component database and the data being provided in accordance with the invention; and

    [0065] FIG. 9 is a flowchart of the method according to in accordance with the invention.

    DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

    [0066] FIG. 1 shows the general concept of the invention, which allows strict application of security parameters and parameter settings during engineering. Automation component description data CDD is shown on the left for three solution components, in this case for automation components C1, C2 and Cn. The automation component description data CDD comprises least functionality parameters FP and security parameters SP. The automation component description data CDD therefore is enhanced in accordance with the invention with security parameters SP, which can be configured with security parameter settings S1, . . . , Sn (not shown). The automation component C1 also comprises functionality parameters FP and their functionality parameter settings F1, . . . , Fn, which are not shown here for the sake of clarity. The available parameters and their settings are all data that are further useable or processable with a project tool, e.g., an engineering system ES as shown. The engineering system ES currently shows an automation project to be edited or engineered. The engineering system ES can create or retrieve, manage and/or optimize the security parameters SP and the security parameter settings S1, . . . , Sn respectively while using automation component description data CDD. As shown on the far right, the automation component C1 is to be provided with an automation component configuration ACC1 further comprising security parameter setting SI and functionality parameter setting FI. For the sake of clarity, automation components C2 and Cn their automation component configurations ACC2 and ACC3 are not shown but can be also created or engineered by the engineering system ES as described for the automation component configuration ACC1 for automation components C1.

    [0067] As previously mentioned, the automation project PRJ is currently loaded in the engineering system ES to generate automation component configuration ACC for three automation components C1, C2, Cn. The engineering system ES further cannot only be used for a current automation project PRJ but to manage and optimize already created projects and their security parameter settings S1, . . . , Sn and functionality parameter settings F1, . . . , Fn to optimize future automation projects PRJ or to improve automation projects PRJ that are already in place. Furthermore, the automation project shows project level security data PRJSEC, which comprises security information, e.g., parts of or complete security parameters SP and their settings S1, . . . , Sn, and further data related to security of the project PRJ, possibly including security data of all automation components C1, . . . , Cn to be used in the automation project PRJ.

    [0068] The engineering system ES can also be linked to an exploit database at which current security breaches are published, where the engineering system ES can check all of its automation projects PRJ and their project level security data PRJSEC for necessary steps and apply measures to the automation projects PRJ accordingly. The applicable measures then can be verified in a verification tool VT or directly applied via a configuration tool CT or directly via the engineering system ES.

    [0069] In accordance with an embodiment, which is compatible with all other embodiments, including or removing features of the current invention and in more detail there can be the following steps, each respective to the small letters a-g:

    [0070] Referring to (a): the automation component description data CDD used for project engineering and in project engineering systems ES are extended with security related data, security parameters SP required as input for security configurations, security testing, and/or security threat and risk analysis. Moreover, the security parameters SP are automatically provided for and into the project tooling, in this case the engineering system ES. One possible implementation of the invention extends existing automation component description data formats and databases (e.g., DIN EN 61360 or EC1@ss) with security configuration data. This includes, for example, communication ports that are open by default and those that are supported in general.

    [0071] Referring to (b): the engineering system ES not only provides configuration data in the form of functionality parameters FP, but also combines and optimizes the component description data CDD in an intelligent way to generate project-level security data PRJSEC and descriptions from the automation component description data CDD by combining the security parameters SP relevant to the automation project to a set of project (or system) level security data PRJSEC. This ensures that security data at a solution level is available for further measures. As depicted here at an automation project PRJ level, attributes, such as parameters for network or physical zones, may also influence security attributes in the system level. This accumulation of security attributes, data or parameters is shown as project level security data PRJSEC. An example is a solution-wide protection level, or multiple different security zones, which define specific security attributes that must be met by single systems. The security zones are exemplary defined according to the IEC62443 security standards framework (IEC62443-3-3 and IEC62443-3-2). As an example, the project engineering tool, the engineering system ES, aggregates active ports and the configured IP addresses of the components, the automation components C1, . . . , Cn, in the solution, and can optimize the resulting list of data, e.g., by identifying communication relations and reducing the over-all list's complexity. Those communication relations can then be enriched with security relevant data (encryption, security zones, . . . ) and can be automatically generated as communication graphs and shown on HMI systems to simplify security analysis and monitoring.

    [0072] The tool can further optimize the data, for instance, by breaking it down to the several configured solution zones (these can be, for example, “security zones” defined in accordance with the IEC62443 security standards framework, e.g., IEC62443-3-3 and IEC62443-3-2).

    [0073] Furthermore, optimization can take into account the configuration of components that control the zone boundaries, such as firewalls, and that allow communication (based on IP addresses and ports) only when allowed by the configured firewall rules. For component security data that comprise security tests (descriptions of specific security tests to be performed on components), the optimization can be that the test cases are aggregated and chosen based on a security level or protection level assigned to the solution, zone, or component itself. This allows the optimization of the overall set of security tests (e.g., those that have to be performed later on during acceptance testing, or scheduled solution security verification during operation) to meet one or more given security levels. These steps can be performed by the engineering system ES itself, or any of the receiving tools VT, CT, MT.

    [0074] Referring to (c): The provided security attributes, descriptions and/or automation component configurations ACC1, ACCn can then be provided to receiving tools VT, CT, MT such as configuration tools CT, verification tools VT, or monitoring tools MT, preferably through standardized communication exchanges and data formats to allow more efficient and secure configuration, monitoring and verification of the configuration, especially the security configuration, of the solution. For example, the engineering system ES sends the generated security data SD for the automation project PRJ to a receiving tool VT, CT, MT that uses them. The receiving tools VT, CT, MT also could be configured to retrieve data from the engineering system in predefined intervals, to verify security, and to monitor changes and further relevant information. Exchange of the data can also be based on the extended standardized component description formats as described above, or can use other data formats.

    [0075] Referring to (d): The security data can be rolled out to the solution components, the automation components C1, . . . , Cn, by the configuration tool CT, e.g., after they were verified and/or monitored by the verification tool VT and/or monitoring tool MT. The configuration tool CT can be part of the engineering system ES or its functionality can be integrated into the engineering system ES. The receiving tool VT, CT, MT could be, for instance, a verification tool VT that loads the security data per security zone or for the whole system, and verifies the correct implementation (i.e., whether the list of actually scanned/audited open ports in each zone of the solution is equal to the security data received from the project tool).

    [0076] An alternative or addition to (d) could be that the receiving tool VT, CT, MT is a configuration tool CT that performs secure configuration of solution components, in this case the automation components C1, . . . , Cn, based on the security parameters SP and their settings S1, . . . , Sn received from the project tool, the engineering system ES. For example, the receiving tool VT, CT, MT interprets the received security data SD and converts it into SNMP MIB formatted data to exchange security data with individual components (e.g., to deactivate unneeded communication ports and network functions). Alternatives to SNMP MIB include security data SD exchange based on OPC-UA, or the Constrained Application Protocol (CoAP).

    [0077] The receiving tool VT, CT, MT could be a monitoring tool MT that transfers the received information, e.g., into COAP, to observer resources on the solution components in accordance with RFC7641.

    [0078] Referring to (e): the receiving tools VT, CT, MT can create and provide reports on configuration, verification or verification results back to the project tool ES to allow further optimization of solution security configuration data

    [0079] ACC1, ACCn and their security parameter settings S1, . . . , Sn and/or the automation component description data CDD. This allows an even deeper integration of security data SP and S1, . . . , Sn into the engineering of automation projects PRJ. In a later step, the receiving tool VT, CT, MT can provide configuration or verification results to the engineering system ES, to allow further optimization of security data SD or automated reporting of verification results and detected deviations.

    [0080] Referring to (f): the dashed arrow f indicates possible further embodiments that allow the engineering system ES to directly communicate with the automation components C1, . . . , Cn.

    [0081] The arrow tips are directed in both directions to show that the engineering system ES can directly configure the automation components. If necessary, the automation components C1, . . . , Cn also can directly communicate with the engineering system ES and, for example, request updates for functionality as well as security or the like. Using standardized data formats in accordance with the disclosed embodiments of the invention including security parameters SP simplifies the communication and enriches the automation system with a higher security.

    [0082] Referring to (g): the dashed arrow g indicates possible further embodiments, which allow the receiving tools VT, CT, MT to directly access the automation component description data CDD. This includes but is not limited to retrieving security and/or functionality parameters SP, FP, verifying the engineering system ES results created and/or received under (c) and/or the receiving tools VT, CT, MT providing additional data to enhance the automation component description data CDD. A verification tool VT, for example, can provide verification results of predefined configurations and store them in the automation component description data, so that similar or identical configurations do not have to be verified again. A configuration tool CT could provide data about how often and to what extent certain automation component configurations ACC1 have been provided and if they were successfully deployed in the field. A monitoring tool MT can provide data from live automation systems, possible failures, running times, maintenance requirements and more to enrich the automation component description data CDD.

    [0083] An implementation example of the above can be the allowed TCP/UDP communication ports in an automation project PRJ. A typical part of security configuration is the configuration of communication protocols per component (i.e., open TCP or UDP ports at given IP addresses of network components) such that only allowed ports are open and can be reached via the network. These configurations can be represented in security parameters SP and their respective security parameter set tings S1, . . . , Sn.

    [0084] FIG. 2 shows an engineering system ES in greater detail. In this embodiment, the engineering system ES comprises a processor CPU and a communication interface COM as well as a memory MEM. The memory MEM is divided into multiple parts and can be realized as a physical data carrier, such a hard disk drive or solid-state drive or also could be a central or decentral server infrastructure. The memory could also be implemented in the form of RAM. Indicated by solid horizontal lines, the memory MEM is divided into multiple parts that can be separated from each other on a physical or virtual level. As an example, the memory contains two automation projects PRJ. The upper automation project PRJ could be an older project that is still stored in the memory MEM of the engineering system ES.

    [0085] Indicated by the shown contents, the lower automation project PRJ is currently loaded and contains project level security data PRJSEC as well as models of two automation components C1, C2. The processor CPU is configured to execute code to provide automation component configurations ACC1, ACCn (not shown here) for the automation components C1, C2 of the currently loaded industrial automation project PRJ. The code can be provided as a computer program product comprising computer program code for executing the method in accordance with the disclosed embodiments of the invention. The processor CPU can be a single processor of a standalone PC, a multi-processor platform, a programmable logic controller, a virtual processor in a server processing farm and other processors or computing infrastructures capable of executing the code.

    [0086] FIG. 3 shows an automation component C1. The automation component C1 comprises a processor CPU, a communication interface COM and a memory MEM and N is an example for a hardware-based automation component. Automation components include but are not limited to: programmable logic controllers (PLCs), I/O modules, industrial communication devices, industrial networking components, sensors, actors, drives and other industrial devices commonly used in the process or automation industry. Software components that share hardware with other components are also configurable by the method in accordance with disclosed embodiments of the invention and/or the engineering system ES and/or a con figuration tool CT. Usually, an automation project comprises a PLC, a number of I/O modules that can communicate with the PLC over an industrial communication standard, and some sensors and some actors that communicate with each other and/or the PLC. All or some of these components can be provided with automation component configurations ACC1, ACCn via the method in accordance with disclosed embodiments of the invention. This list is not exhaustive and can be amended by adding or removing automation components C1, . . . , Cn respectively.

    [0087] FIG. 4 shows an automation project PRJ in relation with an industrial facility FAC. The industrial facility FAC to the right displays a very much simplified example of an automation project limited to a single industrial facility FAC and its automation components C1, C2. On the left, an automation project PRJ can be seen, comprising virtual representations of the industrial facility VFAC, models of the automation components C1, C2, including pre-engineered automation component configurations ACC1, ACC2, and a facility level security data FESEC. In this case, the facility level security data FESEC can be equal to a project level security data PRJSEC because only this one facility FAC has to be configured/provided with automation component configurations ACC1, ACC2. Facility level security data FESEC can be provided with the same method additional or alternative according to the current invention and enables the same benefits on the facility level as the security data does on a project level.

    [0088] The automation component configurations ACC1, ACC2 each can be provided by a in accordance with disclosed embodiments of the invention, e.g., by an engineering system ES not shown here. They comprise functionality and security parameters FP, SP including their settings F1, F2, SI, S2. In the automation components C1, C2 employed in the industrial facility FAC the settings are depicted each in the respective component. For example, the automation components C1 can be a PLC that has a simple motion program as a functionality parameter FI with a number of security parameters, such as an internal encryption of the data processed by the PLC. This encryption, for example, could be the security parameter setting SI. The automation component C2 could be a motor integrated drive controller that is controlled by the PLC C1, which as a functionality parameter FP can rotate and its functionality parameter setting FI is configured to rotate upon a signal by the PLC. In this case, the security parameter setting S2 could be the presence of a certificate, allowing encrypted communication between the automation components C1 and C2. The two-security parameter settings SI, S2 are also depicted in the facility level security data FASEC where they can be monitored, verified and if needed can also be provided in a newer version to the actual facility FAC and its automation components C1, C2 as an update for security parameters SP.

    [0089] FIG. 5 shows an industrial facility FAC, comprising eight different automation components C1, . . . , C8 that are divided into multiple security zones Z1, Z2, Z3. The security zones Z1, Z2, Z3 are defined by the need for security measures in a certain area in the automation system. In this example, the three security zones Z1, Z2, Z3 each correspond to a required security level. Security zone Z1 could be a low security zone that includes access for logistics companies and other contractors. This low security zone Z1 therefore should not contain any sensitive data, sensitive machines or processes.

    [0090] The medium security zone Z2 could comprise a certain amount of low sensitive data or processes that is/are regularly the case in production facilities.

    [0091] The third and high-security zone Z3 could then comprise strictly confidential information, such as the certification processes for electronic products or the recipes for chemical or other process industry products. In such a high-level security zone Z3 secret keys for certificates could be deployed to automation devices.

    [0092] FIG. 6 shows an automation component database DB in interaction with an engineering system ES. Automation component databases DB can be provided in the form of automation component libraries as a known form of functionality parameters from current engineering systems ES. The disclosed embodiments of the invention now enhance the automation component description data CDD with security parameters SP for and preferably will for all automation components C1, . . . , Cn. Additionally, in accordance with a further embodiment of the invention, default security parameter settings defS are also provided as default functionality parameters defF.

    [0093] Referring to (h): the engineering system ES can retrieve or receive automation component data CDD for automation components C1, . . . , Cn that are to be used in the automation project. The engineering system ES can also enhance the automation component data CDD that it receives from the automation component database DB itself or by user input. This is especially helpful when automation components C1, . . . , Cn must be configured that are very similar to each other and automation component data CDD is available only for a similar component.

    [0094] Referring to (j): the automation component database DB further provides default security parameter settings defS. The engineering system ES can automatically receive or retrieve the default security parameter settings defS. This can happen initiated by a manual input or automatically, e.g., by an automated security wizard provided by the engineering system ES to ensure a high level of security automatically when engineering automation projects PRJ. At least parts of the default security parameter settings defS can be part of the automation component description data CDD. Providing default security parameter settings defS improves the level of security achieved significantly when rolling out a security concept in an automation project PRJ. Furthermore it is possible that automation components C1, . . . , Cn that have not been provided with a security parameter setting S1, . . . , Sn yet are highlighted in the engineering system ES and default security parameter settings are proposed to the user or even automatically applied.

    [0095] Referring to (k): the automation component database DB further provides default functionality parameter settings defF. The default functionality parameter settings defF can be functions of automation components C1, . . . , Cn that are often used and therefore are easily deployable, when default components are used. Examples are standard movement patterns for motion controllers, sensors evaluation components and further control (open and closed loop) components. It is possible that certain functionality parameter F1, . . . , Fn settings are in some cases always linked with a default security parameter setting defS. Such a default security parameter setting defS can be proposed to the user or automatically implemented by the engineering system to ensure security where needed.

    [0096] FIG. 7 shows an automation component database DB similar to the one of FIG. 6. It shows default security parameter settings defS and default functionality parameter settings defF as part of the automation component description data CDD.

    [0097] This can be the case for automation component related but not automation component specific data. For example basic certificates can be provided for all automation components.

    [0098] Referring to (m): the default parameter settings defF, defS can be provided by the automation database DB combined with the automation component description data CDD for components usually required in an automation project PRj. The engineering system ES could also initiate a request for certain automation components with certain default settings defF, defS already applied.

    [0099] FIG. 8 shows another automation component database DB similar to the ones of FIGS. 6 and 7. In this case, a set of default security parameter settings defS and default functionality parameter settings defF is provided by the automation component database DB for an automation component C1. For example, a memory encryption can be enabled by standard as a default security parameter setting defS. Certain automation components, such as “edge devices”, that have a connection to an internal network as well as an external network, such as the internet, may have a wide set of default security parameter settings. For example, all http access can be blocked and an https access could be enforced. In addition, certain data packets/telegrams may also be filtered and/or blocked completely.

    [0100] Those settings can be provided as default parameter settings defS or can be part of engineering the automation project PRJ.

    [0101] Referring to (n): In this embodiment, a completely preconfigured standardized building block for a certain device, in this case the automation component C1, can be requested by the engineering system ES or provided by the automation database DB to the engineering system. This ensures a simple configuration for standard use cases, such as securely controlling a process or a drive system, while ensuring a high level of security for the entire automation project PRJ.

    [0102] All the embodiment shown in FIGS. 6, 7 and 8 can be combined with each other in any way, with the possibility to combine default security parameter settings defS and/or default functionality parameter settings defF in any one or more of the positions shown in FIGS. 6, 7 and 8. For example, the default security parameter settings can be provided in the automation component database DB as well as in the automation component description data CDD and additionally for each of the components C1, C2, Cn.

    [0103] FIG. 9 shows a flowchart of the method in accordance with the invention. This includes: [0104] a first step S1 of determining automation component description data CDD comprising one or more functionality parameters FP for configuring functionality of the one or more automation components C1, . . . , Cn and one or more security parameters SP for configuring security functions of the one or more automation components C1, . . . , Cn; [0105] followed by a second step S2 of determining, based on the industrial automation project PRJ, one or more functionality parameter settings F1, . . . , Fn for the one or more functionality parameters FP and one or more security parameter settings S1, . . . , Sn for the one or more security parameters SP, and [0106] optionally (indicated by dashed lines) followed by a third step of providing S3 one or more automation component configurations ACC1, ACCn comprising the determined functionality parameter settings F1, . . . , Fn and the determined security parameter settings S1, . . . , Sn.

    [0107] Furthermore, step S3 may be based on steps SI and/or S2. Hence in accordance with a further embodiment, the method may only consist of step S3.

    [0108] Although the present invention has been described in detail with reference to the preferred embodiment, it is to be understood that the present invention is not limited by the disclosed examples, and that numerous additional modifications and variations could be made thereto by a person skilled in the art without departing from the scope of the invention.

    [0109] Thus, while there have been shown, described and pointed out fundamental novel features of the invention as applied to a preferred embodiment thereof, it will be understood that various omissions and substitutions and changes in the form and details of the methods described and the devices illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that all combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Moreover, it should be recognized that structures and/or elements and/or method steps shown and/or described in connection with any disclosed form or embodiment of the invention may be incorporated in any other disclosed or described or suggested form or embodiment as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.