Method for generating and updating a remote instance of a screen view

Abstract

A method and apparatus for generating and updating a remote instance of a screen view for a communication device during a communication session. The screen view has a number of data elements that are presented on the screen view in accordance with a defined static or dynamic display schema. A display schema that at least partially corresponds to the display schema of the screen view is transmitted to the communication device at least a first time via a first communication path, the values of at least one of the data elements are transmitted to the communication device via a second communication path during the communication session, and the values of the data elements and the transmitted display schema are combined by the communication device in order to display the remote instance.

Claims

1. A method for generating and updating a remote instance of a screen view for at least one communication device during a communication session, comprising: a number of data elements presented on the screen view in accordance with a defined static or dynamic display schema; a display schema that at least partially corresponds to the display schema of the screen view transmitted to the communication device at least a first time via at least one first communication path; values of at least one of the data elements transmitted to the communication device via at least one second communication path during the communication session; wherein the transmitted values of the data elements and the transmitted display schema are combined by the communication device in order to display the remote instance; and communication over the second communication path takes place via a broker and is executed in accordance with a protocol which functions in accordance with a subscriber/publisher model.

2. The method according to claim 1, wherein the screen view comprises a display of a computer unit which serves to control an installation of a user.

3. The method according to claim 1, wherein at least one of the number of data element represents data of the telemetry level.

4. The method according to claim 1, wherein data transmission over the second communication path is encrypted.

5. The method according to claim 1, wherein at least the second communication path defines a reverse channel.

6. An apparatus for making available a remote instance of a screen view for display on a communication device, comprising: wherein a computer unit on which the screen view is displayed, the computer unit having at least one first communication path and at least one second communication path to the communication device; a number of data elements presented on the screen view in accordance with a defined static or dynamic display schema; a display schema that at least partially corresponds to the display schema of the screen view transmitted by the computer to the communication device at least a first time via the first communication path; values of at least one of the data elements transmitted to the communication device via the second communication path during a communication session; wherein the computer unit accesses the first communication path via a network interface and accesses the second communication path via a security controller; and the security controller executes the communication via the second communication path according to a protocol which functions in accordance with a subscriber/publisher model.

7. The apparatus according to claim 6, wherein the second communication path feeds from the security controller via a broker.

8. The apparatus according to claim 6, wherein the security controller has an encryption and decryption unit.

9. The apparatus according to claim 6, wherein a plurality of instances of the data elements, depending on an authorization, are transmitted selectively to the communication device.

10. A software product embodied on a non-transitory computer medium which can be executed by a communication device for displaying a remote instance of a screen view displayed on a remote computer unit, comprising: at least one first communication path and at least one second communication path connecting the communication device to the computer unit; the software product enables the communication device to execute at least the following: reception of a display schema that at least partially corresponds to a display schema of the screen view via the first communication path; reception of values of data elements via the second communication path during a communication session is with a broker and in accordance with a protocol that functions with a subscriber/publisher model; combination of the received display schema and received values of the data elements to form the remote instance of the screen view; and display of the remote instance.

11. The software product according to claim 10, wherein the software product further enables the communication device to transmit data values to the remote computer unit via the second communication path.

12. The software product according to claim 11, wherein the data values are entered by a user via a user interface of the communication device.

13. The method according to claim 1, wherein at least one data element of the number of data elements represents measured data from measuring sensors.

14. The method according to claim 1, wherein the transmitted display schema corresponds to a subset of the display schema of the screen view, based on authorization.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) The present teaching is explained in more detail below with reference to FIG. 1, which shows advantageous embodiments of the present teaching in an exemplary, schematic and non-restricting form. In the drawing,

(2) FIG. 1 shows a schematic overview of the units and communication paths involved in the method according to the present teaching.

(3) FIG. 2 illustrates by way of example how different authorizations can be used in the individual instances for a required different presentation.

DETAILED DESCRIPTION

(4) The area separated by a dashed line on the left-hand side in FIG. 1 is associated with a user 17, wherein the user operates an installation 3 by means of a computer unit 4 which serves as control unit for the installation 3. The installation 3 can, for example, be a test rig, a machine or other industrial installation which can be operated, parameterized and/or monitored via the computer unit 4.

(5) The installation 3 has a multiplicity of installation components 8.sup.I, 8.sup.II, 8.sup.III, wherein the installation components can, for example, represent actuators, measuring units or generally any components which generate and forward data to the computer unit 4, and/or can receive data from the computer unit 4. Communication between the computer unit 4 and the installation components 8 can, for example, take place via a bus connection 20.

(6) The computer unit 4 has a screen view 1, on which a multiplicity of data elements D1, D2, etc. can be displayed according to a defined display schema 5. The display schema 5 can take any form and, for example, have dynamic or static image elements 6, wherein the display schema 5 assigns a particular display position 7.sup.I to 7.sup.V to each of the data elements D1, D2.

(7) The data elements D1, D2, etc. can represent any presentable values which are of interest for the computer unit 4 or the installation 3, for example variable or pre-specified parameter data, simulation data and/or data of the telemetry level, such as measured data from installation measuring sensors etc.

(8) The computer unit 4 has a network interface 9, by means of which communication via an open network 10 can take place. The open network 10 is preferably the Internet but can also be a different network which, for example, is only open to a defined circle of communication partners, provided that communication via and access to this network does not lie within the exclusive range of influence of one of the communication partners. The network interface 9 generally has security devices, such as a firewall structure for example, which prevent unauthorized data access by third parties via the open network 10.

(9) Communication between the computer unit 4 and the installation components 8 can take place, for example, via a low-level interface 11, which can likewise have security mechanisms in order to prevent improper access to the installation components 8.

(10) In addition, a security controller 12, the principle of operation of which is described in more detail below, is provided in the region of the user 17. The security controller 12 has data interfaces to the installation components 8 and to the computer unit 4, and it also has an interface to the open network 10, wherein this interface can, if necessary, completely block an incoming communication (for example by closing or deactivating all ports).

(11) From the point of view of the user 17, there may be an interest in making the content of the screen view 1 visible on one or more communication devices 13.sup.I, 13.sup.II as a remote instance 2 of the screen view 1 in real time, for example in order to discuss and rectify problems or malfunctions of one of the installation components 8 with a provider or service technician.

(12) Basically, numerous online collaboration tools are available for this purpose, with which it is possible, for example, to share the particular screen content in real time, wherein an image presentation of the screen view is produced, transmitted to the communication device 13 via the open network 10, and this image presentation presented on a screen of the communication device 13 as a remote instance 2 in an animated or static manner.

(13) However, these online collaboration tools have the disadvantage that the whole screen content is always transmitted to all communication devices 13, even when this screen content displays sensitive data which are not intended for this communication partner. Furthermore, it is generally impossible for the communication device to evaluate the data further, as the image presentation does not allow such a data evaluation.

(14) Two different communication devices 13.sup.I and 13.sup.II, on the screens of which a further instance 2.sup.I, 2.sup.II respectively of the screen view 1 is presented, are shown by way of example in FIG. 1. The further instances 2.sup.I, 2.sup.II are respectively based on a dynamic or static display schema 5.sup.I, 5.sup.II, which, like the screen view 1, can also have dynamic or static image elements 6 and assign a particular display position 7.sup.I to 7.sup.V to each data element D1, D2, etc.

(15) The display schemata 5.sup.I, 5.sup.II of the further instances 2.sup.I, 2.sup.II can correspond to the display schema 5 of the screen view 1; however, they can also differ therefrom. Further, the display schemata 5.sup.I, 5.sup.II of the further instances 2.sup.I, 2.sup.II can be defined in the hardware or software of the communication devices 13.sup.I and 13.sup.II or they can be transmitted at the beginning or during a communication session from the computer unit 4 via a first communication path 18 to the communication device 13.sup.I and 13.sup.II and processed by the hardware or software therein for displaying as a further instance 2.sup.I, 2.sup.II. Depending on requirements, a new display schema 5.sup.I, 5.sup.II can be transmitted every time the screen view 1 changes, or it can be transmitted at regular intervals in order, for example, to match the remote instances 2.sup.I, 2.sup.II continuously and in real time to the current screen view 1.

(16) Further, it is possible to make different display schemata 5.sup.I, 5.sup.II available for different communication devices 13.sup.I and 13.sup.II, for example when one of the communication devices 13.sup.I and 13.sup.II is only to receive restricted information relating to the image display 1, wherein, for example, certain image elements 6 or certain display positions 7 are not to appear in the remote instance 2.sup.I, 2.sup.II.

(17) However, the display schemata 5.sup.I, 5.sup.II do not contain any information relating to the current value of the data elements D1, D2, etc. but merely define their display position and form. The display schemata 5.sup.I, 5.sup.II therefore merely represent an empty shell which must still be supplemented by the current values of the data elements D1, D2, etc.

(18) The display schema 5.sup.I, 5.sup.II is transmitted from the computer unit 4 to the communication device 13 via a first communication path 18, wherein a conventional Internet connection, for example, can be used for this first communication path 18; in FIG. 1, this constitutes a connection from the computer unit 4, via the network interface 9 and via the open network 10 to the communication devices 13.

(19) In order to give the user 17 the option of defining exactly which data elements are to be displayable in which form for which communication device 13.sup.I and 13.sup.II, and in order to protect the values of these data elements against unauthorized access by third parties, a dedicated transmission path, which differs from the transmission path with which the display schemata 5.sup.I, 5.sup.II are transmitted, is chosen for communicating the values of the data elements.

(20) In FIG. 1, the values of the data elements D1, D2, etc. are transmitted by the security controller 12 to a broker 14. In doing so, the security controller 12 uses a protocol which functions in accordance with a subscriber/publisher model. Such protocols, for example according to the MQTT specification, enable the security controller 12 to implement firewall guidelines which completely block incoming traffic. By this means, a manipulation of the system by web services and a setting-up of an end-to-end connection to the computer unit 4 or to the installation components 8 can be ruled out.

(21) In the case of protocols which function in accordance with a subscriber/publisher model, it is known that no direct end-to-end connection is set up and the communication is always effected via the interposed broker 14. In general, the broker 14 receives data from a publisher and makes it available to one or more subscribers. In doing so, a certificate-supported identification of publisher and/or subscriber is also supported and can be used advantageously in conjunction with the present teaching. Each end point (i.e. in the case shown in FIG. 1, the security controller 12 and the network interfaces of the communication devices 13.sup.I and 13.sup.II) opens the communication to the broker 14 in its own right and this is not initiated from the outside. When an end point acts as publisher, data are transmitted from this end point to the broker 14, and when an end point acts as subscriber, data are called up to the end point by the broker 14. As the communication devices 13 and also the security controller 12 can act both as subscriber and as publisher, it is also possible to exchange data in both directions without having to set up a potentially vulnerable web service for this purpose.

(22) In FIG. 1, data communications from a publisher to the broker are shown by continuous arrows; subscriber operations, in which data are called up by a subscriber from the broker 14 from a channel 15, are shown as dashed arrows.

(23) The broker 14 in each case assigns the data elements D to a channel 15 and makes the values for these data elements D received from a publisher available in this channel for calling up by one or more subscribers. Four channels 15.sup.I to 15.sup.IV, to which a data element D1, D2, D3, D4 respectively is assigned, are shown by way of example in FIG. 1.

(24) To ensure that not everyone who knows the broker 14 and the corresponding channels 15 can call up the values of the data D stored in this channel, these are encrypted by the security controller 12 with a specific key S1, S2, etc. for each of the data D1, D2, etc. They therefore cannot be read out either by third parties or by the broker 14 itself. For this purpose, the security controller 12 has an encryption and decryption unit 21, which preferably can be implemented hardware-coded on a chip in order to prevent unauthorized access and manipulation by third parties.

(25) A decryption of the data stored in the channels must only be possible by the communication devices 13 which have authorization to do so. These authorizations can be assigned by the user 17 in any way, wherein the authorizations are communicated to the security controller 12 in the form of an assignment table 16. This assignment table 16 assigns data elements D to one or more communication devices 13 which is/are authorized to display this data element D. The specific assignment can take place, for example, by means of an asymmetrical key C1, C2, wherein each asymmetrical key C is assigned to a particular communication device 13.

(26) For example, to release the data element D1 for the communication device 13.sup.II to which the asymmetrical key C2 is assigned, the security controller 12 encrypts the symmetrical key S1 with which the data element D1 has been encrypted and transmits this key S1 encrypted to the communication device 13.sup.II, wherein this transmission is preferably also handled by the broker 14 with the help of the MQTT protocol. The communication device 13.sup.II can now decrypt the symmetrical key S1 with the help of its asymmetrical key C2 and thus decrypt the values associated with the data element D1 which have been called up from the channel 15.sup.I in encrypted form.

(27) The values which can be encrypted by the communication device 13 are then inserted by the hardware and software running on this communication device into the display schema at the appropriate point and, as a result, the remote instance 2.sup.I, 2.sup.II of the screen view is specifically updated for the particular communication device 13.

(28) In FIG. 1, in which, for clarity, the number of data elements D, keys S, C and communication devices 13 has been greatly restricted compared with the possible number, the first communication device 13.sup.I can, for example, only display the value of the first data element D1. On the other hand, the second communication device 13.sup.II can display the values of data element D1 and D4. None of the other values are presented in the remote instance 2.sup.II.

(29) In a practical example, the broker 14 could be made available by a manufacturer of certain installation components 8, for example. (This manufacturer can also provide the security controller 12). By this means, the manufacturer can provide his customer (i.e. the user 17) with an option of himself defining exactly who is to see which data of the installation components 8. Not even the manufacturer who operates the broker 14 can himself access these data unless he is authorized to do so by the user 17. The system components can, for example, be sensors, and the values of the data elements D can accordingly be telemetry data of these sensors.

(30) The system according to the present teaching can also be used in the opposite direction, for example for remote maintenance, in that namely a communication device 13 as publisher feeds data into a channel, and these data are read out by the security controller 12, which then acts as subscriber. Depending on the application, the security controller 12 can then forward the data to the computer unit 4 and/or, if appropriate, directly to the installation components 8.

(31) The values of the data elements D can either be made available to the authorized communication devices in their complete form via the broker 14, or they can be made available in a restricted form according to the requirements of the user 17. For example, it may therefore be necessary or required to display with a communication device whether the value of the data element D lies within certain parameters; at the same time, it can however be undesirable that the communication device 13 displays the exact value. In this case, a binary value (true/false), which is transmitted to the communication device 13 via a particular channel 15, can be produced, for example from the current value of the appropriate data element D based on the parameter condition. Information relating to the compliance of the particular parameters can then be displayed on the remote instance 2 of the communication device instead of the actual value. The display can also be in an animated or coded form, for example as a color code (e.g. true: green, false: red).

(32) FIG. 2 illustrates by way of example how different authorizations can be used in the individual instances for a required different presentation.

(33) The screen view 1 of FIG. 2 has an image element 6 and a plurality of display positions for the values of the data elements D1 to D4, which are defined in accordance with a display schema 5. D1 is currently displaying a value of 10.8, D2 is showing 75.7 C, D3 a value of 307, and D4 a value of 76% (these values are purely by way of example and are used only for illustration).

(34) The image element 6 shown in the screen view 1, which could, for example, represent a simulation structure or a flow diagram, has an area which in this case is not defined as part of the display schema 5 but as an image data element B1 which represents a specific type of data element and therefore, like the other data elements D, is transmitted to the communication device via a second communication path.

(35) The part of the image element 6 which is defined in the display schema 5 is then combined in the particular further instance 2.sup.I, 2.sup.II with the currently transmitted image data element B1 in order to be able to display different image elements 6.sup.I, 6.sup.II in the respective remote instances 2.sup.I, 2.sup.II. Depending on the type of image data element B1 transmitted, this therefore enables either the image element 6.sup.I to be displayed on a remote instance 2.sup.I with all details and/or in a dynamic presentation, or the image element 6.sup.II can be displayed in another remote instance 2.sup.II in a simplified, less detailed and/or static form. For an online meeting, for example, the user may need to display his current screen view 1 to each of the different meeting participants in a different degree of detail. For example, the remote instance 2.sup.I of a first communication partner is to display a value for the data element D2 in a reduced resolution, and the image element 6 is to be displayed in its full degree of detail and, if appropriate, dynamically. On the other hand, the remote instance 2.sup.II of a second communication partner is to show merely a status indication for the data element D2 (e.g. OK or Fault), and the image element 6 is only to be displayed here in reduced form. (A detailed description of the presentation of the other data elements D1, D3 and D4 has been dispensed with for the sake of clarity but can follow in a similar manner).

(36) Three different channels 15.sup.I, 15.sup.II and 15.sup.III, in which a value for the data element 2 is made available in a different degree of detail in each case, are defined in the broker 14 for the data element D2. The first channel 15.sup.I makes the exact value available (D2-1), the second channel 15.sup.II makes the value available in a lower resolution (D2-2) and the third channel 15.sup.III makes only binary information relating to the status of the value available (D2-3).

(37) A channel 15.sup.IV for the image data element B1-1 in its detailed form and a second channel 15.sup.V for the image data element B1-2 in its simplified form are likewise made available for the image data element B1.

(38) The image data elements B can be made available via the same broker 14 as the data elements D; however, a plurality of brokers 14 can also be defined, which would define a plurality of second communication paths.

(39) By setting the authorizations (which, as described above, can be carried out by means of keys C1, C2), the user can define exactly which content is presented in which form on each remote instance, wherein the presentation of the content in the remote instances 2.sup.I, 2.sup.II is matched to the presentation of the screen view 1 in real time.