Method for identifying data corruption in a data transfer over an error-proof communication link

Abstract

System and method for identifying data corruption in a data transfer over an error-proof communication link, wherein additional structure checksums are formed to secure a data structure during transfer of the data structure, where representatives are associated with the data types, and the structure checksum is formed via the representatives to provide identification of data corruption in a data transfer over an error-proof communication link between a first automation component and a second automation component in industrial control engineering.

Claims

1. A method for identifying data corruption in a data transfer over an error-proof communication link between a first automation component and a second automation component in an automation system of industrial control engineering, a respective checksum regarding a telegram to be transferred being formed both at the first automation component and at the second automation component during transfer of a data structure to secure the data structure in the telegram to be transferred, and the data structure including different data types, the method comprising: associating a data-type-specific representative with the different data types contained in the data structure before the respective checksum at the first automation component for the telegram to be transferred is formed; forming a structure checksum via data-type-specific representatives; transferring the data structure with the structure checksum that is formed via the data-type-specific representatives; associating, in the second automation component, the data-type-specific representative with the data types in the received data structure; forming the structure checksum via the data-type-specific representatives; checking the transferred structure checksum and a newly calculated structure checksum at the second automation component; and indicating data corruption has been identified in an event of a discrepancy between the transferred structure checksums and the newly calculated structure checksum.

2. The method as claimed in claim 1, wherein, in the event of identification of data corruption, a data transfer error in the communication link is identified; wherein a secure condition is selected for the communication link; and wherein pre-projected substitute values are provided in the second automation component.

3. The method as claimed in claim 1, wherein, during data transfer, the structure checksum formed via the representatives is transferred in addition to the respective checksums formed for the telegram to be transferred.

4. The method as claimed in claim 2, wherein, during data transfer, the structure checksum formed via the representatives is transferred in addition to the respective checksums formed for the telegram to be transferred.

5. The method as claimed in claim 1, wherein one of (i) a numerical indicator, (ii) a textual indicator and (iii) the data type indicator is utilized as the representative.

6. The method as claimed in claim 2, wherein one of (i) a numerical indicator, (ii) a textual indicator and (iii) the data type indicator is utilized as the data-type-specific representative.

7. The method as claimed in claim 3, wherein one of (i) a numerical indicator, (ii) a textual indicator and (iii) the data type indicator is utilized as the data-type-specific representative.

8. The method as claimed in claim 1, wherein a security protocol is utilized to achieve data transfer.

9. An engineering system for at least one of setup, configuration and monitoring of an error-proof communication link between a first automation component and a second automation component in an automation system of industrial control engineering, a respective checksum regarding a telegram to be transferred being formed both at the first automation component and at the second automation component during transfer of a data structure to secure the data structure in the telegram to be transferred, data structures being transferable over the communication link, and the data structures including different data types, the engineering system comprising: an association device configured to associate with each of the data types of a data structure associated with a set-up error-proof communication link, a respective data-type-specific representative before the respective checksum at the first automation component for the telegram to be transferred is formed, and configured to transfer said association to the first and second automation components as an item of association information; wherein a structure checksum is formed via the data-type-specific representatives to identify data corruption in a data transfer over the error-proof communication link between the first and second automation components.

10. The engineering system as claimed in claim 9, wherein the system triggers an entry in a diagnostic buffer if data corruption is identified by the first and second automation components.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The drawing illustrates an exemplary embodiment of the invention. In the drawing:

(2) FIG. 1 shows a basic mapping table or association table, with data types and three examples of data structures;

(3) FIG. 2 shows a data transfer from a transmitter to a receiver in accordance with the prior art (without any errors);

(4) FIG. 3 shows a data transfer between a transmitter and a receiver in accordance with the prior art (with data corruption unidentified);

(5) FIG. 4 shows a data transfer between a transmitter and a receiver, with an additional structure checksum relating to the data types of the data structure in accordance with the invention;

(6) FIG. 5 shows an automation system having an error-proof communication link between two automation components in accordance with the invention; and

(7) FIG. 6 is a flowchart of the method in accordance with the invention.

DETAILED DESCRIPTION OF THE EXEMPLARY EMBODIMENTS

(8) FIG. 1 illustrates a mapping table for a data structure 20 with a first data type 21, a second data type 22, a third data type 23, a fourth data type 24 and a fifth data type 25. The data structure 20 accordingly includes five structural elements (Bool, Int, Dint, Word, DWord). Unambiguously associated with each of the data types 21, 22, 23, 24, 25 is a representative 30. The Bool data type has the representative 17, the Int data type has the representative 89, the Dint data type has the representative 47, the Word data type has the representative 91, and the DWord data type has the representative 50.

(9) For example, the data structure A is composed of four data types, in the order Bool, Int, Bool, Int, and accordingly there are associated with the Bool data types the representatives 17 and with the Int data types the representatives 89. If the order of the representatives 17, 89, 17, 89 is used to form the checksum, then a specific checksum 0X11223344 is obtained for the data structure of example A.

(10) The data structure B has data types in the order Int, Bool, Bool, Int, and accordingly has the representatives 89, 17, 17, 89; an exemplary checksum from the order of the representatives 89, 17, 17, 89 would give a checksum of 0X59425945.

(11) Likewise, the data structure C has four data types, in this case the data types Int, Word, Dint, DWord, and accordingly the representatives 89, 91, 47, 50 are associated therewith, and an exemplary checksum of 0X9A693BF8 is obtained.

(12) FIG. 2 illustrates a data transfer of a data structure 20 between a transmitter 41 and a receiver 42 in accordance with the prior art. A data structure 20 having three data types 21, 22, 23 is transferred. For the purpose of securing transfer, in accordance with the prior art a checksum CRC.sub.telegr is formed, spanning the entire telegram including the data structure 20. The telegram with the data structure 20 and the checksum CRC.sub.telegr is transferred to the receiver 42, and if transfer is valid it arrives as it was sent. The checksum CRC.sub.telegr was formed to span the telegram with a starting value that contains, for example, the address securing information, and if both the receiver and the transmitter interpret the data in the same way, then the possibility of a transfer error is ruled out.

(13) FIG. 3 illustrates a data transfer error in accordance with the prior art. Once again, the transmitter 41 transmits to the receiver 42 the data structure 20 already shown in FIG. 2. In this case, however, an error has crept in during the transfer from the transmitter 41 to the receiver 42, in that the order of the data types in the data structure 20 has been mixed up. However, in accordance with the prior art a checksum CRC.sub.telegr is still formed such that it spans the entire data structure. The result is that the receiver 42 and the transmitter 41 have an undiscovered different interpretation of the data in the data structure. However, the telegram is still considered to be a valid telegram by the receiver.

(14) In accordance with the invention, in FIG. 4 an additional structure checksum CRC.sub.struct is now formed in relation to a data structure 20. The additional structure checksum CRC.sub.struct is formed by way of data-specific representatives 30 for the first data type 21, the second data type 22 and the third data type 23. Accordingly, the structure checksum CRC.sub.struct is formed using the numerical order 17, 89, 17. This means that before the checksum CRC.sub.telegr is formed for the telegram at the first automation component 11, a data-specific representative 30 is associated with the data types 21, 22, 23 in the data structure 20, and then the structure checksum CRC.sub.struct is formed using the representatives 30, and thereafter the data structure 20 is transferred with the structure checksum CRC.sub.struct formed using the representatives 30, where the normal checksum CRC.sub.telegr of the telegram is again additionally attached. Another possibility would also be for the checksum CRC.sub.struct of the data structure to be included as a starting value in the checksum CRC.sub.telegr of the telegram. Once this telegram arrives at the second automation component 12 or the receiver 42, then the data-type-specific representative 30 is once again associated with the data types 21, 22, 23 in the received data structure 20, and the structure checksum CRC.sub.struct is once again formed using the representatives 30. The transferred structure checksum CRC.sub.struct and the newly calculated structure checksum CRC.sub.struct are checked at the second automation component 12, i.e., at the receiver 42, and in the event of a discrepancy between the structure checksums, data corruption is identified.

(15) In FIG. 4, the receiver 42 and the transmitter 41 have different data structures 20. As a result, the telegrams accordingly have different checksums CRC.sub.struct or different starting values, and the telegram is regarded as invalid by the receiver and hence data corruption is identified.

(16) FIG. 5 illustrates an engineering system E for the setup, configuration and/or monitoring of an error-proof communication link 1. The engineering system E has an association device 31 that can associate representatives 30 with the data types 21, 22, 23 of a data structure 20.

(17) Using an association step of “recording” connection parameters 32, information on how the representatives 30 are associated with the data types 21, 22, 23 is stored in the automation system 10 in the first and second automation components 11, 12.

(18) FIG. 6 is a flowchart of the method for identifying data corruption in a data transfer over an error-proof communication link 1 between a first automation component 11 and a second automation component 12 in industrial control engineering, during transfer of a data structure 20 a checksum CRC.sub.telegr regarding a telegram to be transferred being formed both at the first automation component 11 and at the second automation component 12 to secure the data structure 20 in the telegram to be transferred, and the data structure 20 includes different data types 21, 22, 23, 24, 25. The method comprises associating a data-type-specific representative 30 with the different data types 21, 22, 23, 24, 25 contained in the data structure 20 before the checksum CRC.sub.telegr for the telegram is formed at the first automation component 11, as indicated in step 610.

(19) Next, a structure checksum CRC.sub.struct is formed via representatives 30, as indicated in step 620. The data structure 20 with the structure checksum CRC.sub.struct that is formed via the representatives 30 is now transferred, as indicated in step 630. Next, the data-type-specific representative 30 with the data types 21, 22, 23, 24, 25 in the received data structure 20 is associated in the second automation component 12, as indicated in step 640. Next, the structure checksum CRC.sub.struct is formed via the representatives 30, as indicated in step 650.

(20) Next, the transferred structure checksum CRC.sub.struct and a newly calculated structure checksum CRC.sub.struct are checked at the second automation component 12, as indicated in step 660. Next, data corruption that has been identified in an event of a discrepancy between the transferred structure checksums CRC.sub.struct and the newly calculated structure checksum CRC.sub.struct are now identified, as indicated in step 670.

(21) Thus, while there have been shown, described and pointed out fundamental novel features of the invention as applied to a preferred embodiment thereof, it will be understood that various omissions and substitutions and changes in the form and details of the devices illustrated, and in their operation, may be made by those skilled in the art without departing from the spirit of the invention. For example, it is expressly intended that all combinations of those elements and/or method steps which perform substantially the same function in substantially the same way to achieve the same results are within the scope of the invention. Moreover, it should be recognized that structures and/or elements shown and/or described in connection with any disclosed form or embodiment of the invention may be incorporated in any other disclosed or described or suggested form or embodiment as a general matter of design choice. It is the intention, therefore, to be limited only as indicated by the scope of the claims appended hereto.