Classifications

• • G—PHYSICS
  • G05—CONTROLLING; REGULATING
  • G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
  • G05B19/00—Programme-control systems
  • G05B19/02—Programme-control systems electric
  • G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
  • G05B19/05—Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
  • G05B19/058—Safety, monitoring
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L61/00—Network arrangements, protocols or services for addressing or naming
  • H04L61/50—Address allocation
  • H04L61/5038—Address allocation for local use, e.g. in LAN or USB networks, or in a controller area network [CAN]
• • G—PHYSICS
  • G05—CONTROLLING; REGULATING
  • G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
  • G05B2219/00—Program-control systems
  • G05B2219/10—Plc systems
  • G05B2219/11—Plc I-O input output
  • G05B2219/1113—Address setting
• • G—PHYSICS
  • G05—CONTROLLING; REGULATING
  • G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
  • G05B2219/00—Program-control systems
  • G05B2219/10—Plc systems
  • G05B2219/15—Plc structure of the system
  • G05B2219/15072—Modules in daisy chain, connected by parallel cable
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L61/00—Network arrangements, protocols or services for addressing or naming
  • H04L61/50—Address allocation
  • H04L61/5046—Resolving address allocation conflicts; Testing of addresses

Definitions

• a programmable logic controller or programmable controller is a digital computer used for automation of electromechanical processes, such as control of machinery on factory assembly lines, amusement rides, or light fixtures.
• PLCs are used in many industries and machines. Unlike general-purpose computers, the PLC is designed for multiple inputs and output arrangements, extended temperature ranges, immunity to electrical noise, and resistance to vibration and impact. Programs to control machine operation are typically stored in battery-backed-up or non-volatile memory.
• a PLC is an example of a hard real time system since output results must be produced in response to input conditions within a limited time, otherwise unintended operation will result.
• PLCs are typically armored for severe conditions (such as dust, moisture, heat, cold) and have the facility for extensive input/output (I/O) arrangements to connect, for example, to sensors and actuators.
• PLCs may be capable of reading limit switches, analog process variables (such as temperature and pressure), and the positions of complex positioning systems.
• Some PLCs may use machine vision and/or may operate electric motors, pneumatic or hydraulic cylinders, magnetic relays, solenoids, or analog outputs.
• the input/output arrangements may be built into a simple PLC, or the PLC may have external I/O modules, which may be referred to as "signal modules," attached to a computer network that plugs into the PLC.
• Modular PLCs may include a chassis (also called a rack) into which are placed modules with different functions. The processor and selection of I/O modules are customized for the particular application. Several racks may be administered by a single processor, and may have thousands of inputs and outputs. A communications medium, such as a special high speed serial I/O link, may be used so that racks can be distributed away from the processor, reducing the wiring costs for large plants.
• PLCs may be used in mission critical environments where failures may compromise worker, public and/or environmental safety or otherwise result in substantial costs. As such, some PLCs may be designed with fail-safe features. Regardless, proper installation and configuration of such PLCs may be required to ensure correct operation as well as, for example, compliance with regulatory requirements.
• Figure 1 depicts a block diagram of an exemplary modular programmable logic controller including a CPU and multiple modules according to the disclosed embodiments.
• FIG. 2 is a block diagram of an exemplary communications interface used by the CPU and modules of Figure 1.
• Figure 3 depicts a block diagram of the logical architecture of the module of Figure 1.
• Figure 4 shows an overview diagram of the discovery and address assignment processes according to the disclosed embodiments.
• Figure 5 depicts a flow chart showing the sequence by which address assignment and parameterization are performed according to the disclosed embodiments.
• Figures 6A and 6B depict a flow diagram of the address assignment process according to one embodiment.
• Figure 7 depicts a schematic diagram showing exemplary configuration of the module multiplexer shown in Figure 2 for two modules at the beginning of Module Discovery according to one embodiment.
• Figures 8A and 8B depict a flow diagram of a module discovery process according to one embodiment.
• Figure 9 shows a flow chart of the module discovery process of
• FIGS. 8A and 8B showing an exemplary retry algorithm for use therewith.
• Figures 10-12 depict flow diagrams of an exemplary round trip delay measurement process for use with the disclosed embodiments.
• Figures 13A and 13B depict a flow diagram of an exemplary address verification process for use with the disclosed embodiments.
• Figures 14A and 14B depict a flow diagram of an alternate module discovery process according to one embodiment.
• Figures 15A and 15B depict a flow diagram of an alternate address assignment process according to one embodiment.
• Figures 16A and 16B depict a flow diagram of an alternate address verification process according to one embodiment.
• Figure 17 shows a block diagram of a system for discovery of at least one device according to one embodiment.
• Figure 18 shows a flow chart depicting operation of the system of
• Figure 19 shows a flow chart depicting operation of a device for use with the system Figure 17.
• Figure 20 shows a block diagram of a general computer system for use with the disclosed embodiments.
• the disclosed embodiments relate to a programmable logic controller (“PLC") arrangement featuring a control device/module capable of being connected to one or more external devices/modules via a "daisy chain” topology where the control device and the one or more external devices are connected to each other in series, wherein communications from a transmitting device to a receiving device must pass through, or otherwise be received and retransmitted by, each intervening device there between.
• PLC programmable logic controller
• the disclosed embodiments relate to a system and method by which the control device may be connected to an unknown number of external devices, some of which may be dedicated fail-safe operation capable devices, as will be described, and wherein the control device may discover and configure all of the external devices, both fail-safe and non- fail-safe capable, connected thereto in a manner which allows the fail-safe devices, i.e. the fail-safe subsystems thereof, to detect errors therein.
• the control device may discover and configure all of the external devices, both fail-safe and non- fail-safe capable, connected thereto in a manner which allows the fail-safe devices, i.e. the fail-safe subsystems thereof, to detect errors therein.
• F-subsystem Fail-safe subsystem A redundant microcontroller system that performs all safety related processing of the F-modules. Fail-safe behavior is achieved via reciprocal comparison of safety related data and communications results.
• F- ⁇ , F- iC Microcontroller of the fail safe subsystem.
• ⁇ and iC are used synonymously in this document
• configuration typically includes assigning each external device a unique communication address by which the control device may exclusively communicate with that device.
• each intervening device between the control device and the intended recipient device will be privy to the communications being transmitted.
• each device can recognize communications intended for that device and otherwise retransmit the communication to the next device in the serial chain.
• Address assignment verification may be accomplished manually such as by requiring an operator of the PLC to manually assign addresses to each external device corresponding to an automatically assigned address, such as by setting DIP switches on each device or otherwise programming each device. The manually set address may then be used to validate the automatically assigned address.
• manual configuration may be error prone. For example, the operator may assign the same address to two or more different external devices or may fail to assign an address to a particular device. Further, the operator, after successful configuration, may fail to notice that one or more devices are not operating properly or are otherwise malfunctioning.
• PLC configuration is a complicated process and that there may be numerous opportunities for misconfiguration by an operator.
• PLCs are complicated devices and that malfunctions may occur despite proper operator configuration.
• PLC arrangements are often periodically reconfigured and/or modified, introducing additional opportunities for misconfiguration and/or malfunctions to occur.
• An exemplary PLC system is the Simatic S7-1200 F series manufactured by Siemens AG, located in Munich, Germany, referred to herein as the S7-1200. While the disclosed embodiments will be discussed in relation to the S7-1200, it will be appreciated that they may be applicable to any PLC arrangement wherein a control device is serially connected with one or more external devices.
• the control device is referred to as a CPU or F- CPU and the external devices are referred to as external modules, signal modules or F-modules, wherein F-modules specifically refer to fail safe capable signal modules.
• the specific implementation and operation details provided below with respect to the S7-1200 are exemplary and implementation dependent and that suitable alternatives are contemplated herein.
• the CPU and signal modules may be installed in a central rack with the signal modules being physically connected to the CPU in a daisy chain fashion.
• the CPU In order to establish communication with the signal modules, the CPU must assign a device (or station) address to each module. Once the device address has been assigned, the CPU is able to communicate with the modules as if they were connected in multi-drop fashion to a serial bus regardless of their physical position in the daisy chain.
• the S7-1200 F-CPU may support two independent expansion buses, one on the left side of the CPU and the other on the right side of the CPU.
• the right side bus or signal module bus (SM) may provide for the connection of digital and analog signal modules to the CPU. In one implementation, all F-modules are connected to the SM bus.
• the left side bus may provide for the connection of communication modules (CM) or communication processor modules (CP). Both the SM and the CM buses may utilize a Master/Slave protocol, such as Modbus, with the CPU being the master.
• the SM bus and the CM bus are independent and there are no restrictions regarding the use of identical device address values between the two buses. Therefore, the disclosed embodiments used in assigning device address values to expansion modules may be independently used for each bus. For example, the following conventions may be implemented:
• Figure 1 shows an exemplary relationship between the physical position of modules or slot number and the device address that is assigned by the F-CPU. This relationship may be fixed by design and may be relied upon as a means of detecting faults.
• the expansion bus protocol and the communications hardware may support both unicast (point to point) and broadcast addressing. Modules that have not been assigned a device address yet use an "unconfigured address", reserved for this purpose.
• Unicast messages normally yield a reply (at least an acknowledgement frame, if no data is returned). The receiver of a unicast message may also return an error reply (negative acknowledgement) instead. Broadcasts are not acknowledged / replied. Unless otherwise noted, the CPU re-sends all unicast messages up to two times, if no reply is received. That is, up to three tries are performed.
• All S7-1200 modules including the CPU have a unique 16 byte serial number assigned by the factory and stored in non-volatile memory at the time of manufacture.
• CPU and the modules is shown in Figure 2 and implements the functions of a receiver, a transmitter and a message pass-through mode.
• the Receiver can either listen to the upstream or to the downstream port (selectable via MUX 4). In normal operation, the receiver listens to the upstream port.
• the receiver circuit provides address filtering, that is, it receives only messages addressed to one of its configured destination addresses. Apart from the assigned device address, the receivers also listen to a broadcast address. Modules that have not received their device address yet, listen to a dedicated "unconfigured address" instead.
• the transmitter Via MUX 3 and MUX 5, the transmitter is able to send upstream, downstream or in both directions. In normal operation, it transmits in upstream direction (towards the CPU).
• Message pass-through mode (also called message repeating mode) can be enabled via MUX 3 (switch in upper position) for the downstream path and via MUX 5 (switch in lower position) for the upstream path.
• the device When the device transmits a message on its own, it opens the pass-through path for the destination port during the time of its transmission.
• the message pass- through feature provides timing regeneration and thus involves a FIFO that buffers a defined number of bits and therefore delays passed-through messages for a well defined period of time.
• the communication interface can be configured to loop back messages on the upstream port or on the downstream port.
• Loopback mode is not used in normal operation, but will be temporarily enabled in the course of the startup process to support round-trip delay time measurement. Only the upstream loopback mode will be used for this purpose.
• the communication interface also supports two internal loopback modes, where the node's own receiver is connected to its own transmitter. An upstream or a downstream loopback path can be used.
• Fail safe signal modules i.e. F modules
• SIL Safety Integrity Level
• This fail safe subsystem referred to as an f-subsystem, handles all safety related tasks and utilizes the communication hardware (Bus ASIC, I/O Bus) as a so called "black channel” - a communication channel that is not designed or validated according to the relevant safety standards.
• Standard signal modules i.e. non-fail safe capable, may not have this subsystem, so the Bus-ASIC (which contains a microcontroller itself) may have to provide all functionality.
• Standard modules and F-modules must be able to co-exist on the same bus, without compromising the integrity of the safety functions realized via F-CPU and F-modules.
• Opto-isolator or similar devices provide galvanic isolation between the Bus-ASIC and the F- ⁇ , including input / output circuitry. Therefore, Bus- ASIC and F- ⁇ use different power sources.
• the Bus ASICs are powered by the F-CPU, via the I/O-Bus, whereas the fail safe subsystems of F-modules are powered from an external supply voltage.
• the I/O-Bus and all Bus- ASICs are automatically powered on when power is applied to the F-CPU, whereas the F- ⁇ rely on their external supply which may be switched on later, may not be applied to all F-modules at the same time or may not be applied at all.
• the F-CPU is capable of executing safety related PLC programs in a SIL 3 compliant fashion, using coded processing and the PROFIsafe (IEC 61784-3-3) communication protocol. However, this is only possible in conjunction with the diagnostic coverage and safe shutoff capability provided by the F-I/O modules.
• the PROFIsafe protocol relies on the correct assignment of a PROFIsafe device address to each communication endpoint. Correct addressing is verified by checking the address assigned over the black channel (contained in the F-parameter record) against a "retentive" copy stored in the device or assigned via a diverse mechanism as will be described herein.
• a retentive selection of the F address in the individual devices can be achieved through one of the following methods:
• Coding switch in the unit for the codename (the F-Device address of compact Devices, for example)
• the disclosed embodiments relate to an approach based on method number 3 - correct address assignment is verified by means of two diverse addressing mechanisms, utilizing the same communications hardware. Since the primary steps of these addressing or address verification methods are performed by subsystems that are part of the "black channel” (and thus are not SIL rated), special care is taken to ensure that all critical steps can be verified by SIL 3 rated subsystems (the redundant F ⁇ Cs).
• PROFIsafe address assignment and F-module parameterization are safety related functions.
• the proposed fail-safe address assignment and F-module parameterization process comprises four activities:
• Figure 4 shows the logical dependencies between these activities.
• SM-Bus device addresses to all modules. It also determines the total number of modules on the bus. Address assignment relies on the daisy chain topology of the bus and on the behavior of the modules, which start up with message repeating disabled. This allows the CPU to directly assign an address to the first module and instruct the module to enable message repeating, then assign an address to the next module, etc. until all modules have been found and have received an address.
• Module discovery is an alternative way of enumerating the modules on the bus. It is initiated by the CPU and autonomously carried out by the Bus- ASICs of all connected modules. Like AdAs, the module discovery process makes use of the daisy chain topology of the bus: A discovery request is relayed from one node (CPU or module) to the next one until the end of the chain is reached. In one embodiment, each node adds a data structure to the request. The last module in the chain includes this incrementally built list in a discovery response message and sends it upstream, towards the CPU. In an alternate embodiment, as will be described in more detail below, each node, upon receipt of the discover request message, may generate and send back to the CPU an identification message which the CPU collects.
• the message again is relayed from node to node, with, in one embodiment, each node (including the CPU) adding another entry and therefore building a second list.
• each node including the CPU
• the last node may generate a response message which each upstream node encrypts or otherwise transforms with its own unique encryption key and forwards to the next upstream node.
• the CPU stores the completed discovery response in RAM and sends it to the F ⁇ Cs of each F-module later, in the address verification and parameterization (A VP) phase.
• module discovery can be viewed as a purely diagnostic measure. It produces no data that will ultimately be used by the module or the CPU, but provides diagnostic coverage for the address assignment process.
• Round Trip Delay Measurement may be used as an additional diagnostic measure, intended to verify correct address assignment by means of a diverse mechanism. RTDM is performed after address assignment, when all modules already have been switched to message pass-through mode. The CPU measures the round trip delay to each module and records the results.
• a unique feature of this check is that it is able to detect modules that are silently stuck in message pass-through mode.
• a VP Address verification and Parameterization
• the CPU sends all relevant data acquired during AdAs, MD and RTDM to the failsafe subsystems of all F-modules. Also, it provides each module with its configuration and parameterization data.
• Each F-module uses these data in the following way:
• Figure 5 shows the sequence in which the fail-safe address assignment and parameterization activities are carried out and which subsystem performs which task. Due to dependencies between these activities, AdAs, MD and RTDM are performed in the following sequence:
• MD is done first, since it requires the modules to be logically isolated from each other, that is, message pass-through mode must not yet be enabled. As no retries are performed during MD list generation, the whole process is repeated until the CPU sees an equal number of modules in two consecutive tries or until a defined maximum number of tries is reached.
• AdAs is performed next (precondition for RTDM).
• RTDM follows AdAs, since it requires the modules to be addressable and have message pass-through enabled. 4. Address verification and parameterization is the last step, since it relies on the data gathered in first three phases.
• AdAs, MD and RTDM are performed by standard subsystems, whereas the final verification (A VP) is done by the SIL3 rated F-subsystems.
• the general approach is that the standard subsystems generate and collect verification data, whereas the F-subsystems evaluate the data and make a final go / no go decision.
• the CPU assigns SM-Bus addresses to all signal modules and enables message repeating.
• the SM-Bus operates similar to a multidrop bus from the CPUs point of view. Address assignment makes use of the fact that without message repeating, each module is an island. Specifically, the CPU relies on the assumption, that its transmission to assign an address is only received by a single station.
• All modules are intended to start up with message repeating disabled.
• this allows the CPU to assign an address to the module physically adjacent to the CPU. Once the module has been given an address, the CPU can command the module to enable message repeating (both downstream and upstream). The CPU can then assign an address to the next downstream module. The process of assigning an address and enabling message repeating continues until all modules have been assigned an address.
• the CPU automatically determines the number of attached modules. This information is stored by the CPU and provided to the F-modules in the AVP phase.
• a precautionary "reset address” command may be broadcast at the start and specifically sent to each module prior to setting the address. These commands normally have no effect and time out. Their purpose is to allow the
• module discovery is an alternative way of enumerating the modules on the bus.
• the CPU and modules (Bus-ASICs) incrementally build lists that contain all modules' ID-Records (CRC protected structures containing a module type code and the module's serial number). The positions of each module's entries in these lists reflect its physical position on the bus.
• each F-module is able to determine its physical position and consequently its SM-Bus address by looking up its own serial number in the lists.
• MD enables the F- modules to verify their SM-Bus addresses by means of a diverse mechanism.
• All S7-1200 modules including the CPU have a factory assigned, unique 16 byte serial number.
• this serial number is embedded in an "ID-block", which contains a CRC - as shown in the table below.
• the structure in the table below represents the data portion of a discovery response frame, which is returned to the upstream node by each module.
• FIG. 7 shows how the multiplexers in the communication interfaces of all modules are configured at the beginning of the Module Discovery phase. Since address assignment has not yet been performed (MD is the first activity after startup), all modules have message pass-through disabled. Each module listens to the upstream port and transmits the messages related to the discovery request in both directions (upstream and downstream). As can be seen from this diagram, the CPU is able to communicate with the module in slot 2, but it cannot communicate directly with the module in slot 3. Thus each module is an island connected to its neighbors by one upstream bridge and one downstream bridge.
• the discovery process takes advantage of this arrangement of islands to incrementally build a list of the stations physically connected to the SM bus.
• FIG. 8A and 8B An overview of one implementation of the discovery process is shown in Figures 8A and 8B. It shows one discovery run for an F-CPU with 3 signal modules attached. It will be appreciated that, in any given implementation, there may be more or fewer modules attached and may include a combination of F-modules and standard, i.e. non-fail safe capable, modules.
• the CPU initiates and completes the discovery process in the following way:
• This initial request contains the CPU's request data, as a first list entry.
• the CPU then waits for a discovery response from the first module.
• the CPU will normally also receive the Reset Address and
• the CPU Upon receipt of the discovery response the CPU completes the discovery process by adding its own response data and saving it for distribution to F-modules during the AVP step. If it does not receive a discovery response within an appropriate period of time (long enough for the discovery process to complete), it considers this discovery run as failed.
• each module performs the following steps:
• downstream module treats this message as a discovery request, the upstream node as an indirect acknowledgement.
• the module If no indirect acknowledgement is received within a short period of time (TO01), the module assumes it is the last one in the chain, configures its multiplexer to listen to the upstream port and returns a discovery response frame.
• the discovery response frame consists of the discovery request just sent downstream plus the module's ModuleldentNumber and serial number. After sending the discovery response the module leaves the "discovery" state.
• the module If the module received an indirect acknowledgement in step 5 but does not receive a discovery response within a long timeout (TO02), it leaves the "discovery" state and configures its multiplexer to listen to the upstream port. This allows the bus to recover from a packet loss during the discovery process, so that the whole process can be re-tried.
• TO02 long timeout
• the last module converts the discovery request to a discovery reply, by adding another list intended to collect each module's type identifier and serial number.
• the module adds its own data as the first entry and sends the discovery reply to the next upstream node.
• a module receiving a discovery response performs the following steps: 1. Adds its own type identifier and serial number and updates the corresponding length field.
• the discovery request is propagated upstream to the CPU and a list containing type and serial number of each module is incrementally built.
• the discovery response contains the data of all nodes in the format shown in the table above.
• the discovery process uses a global retry scheme - the whole discovery run, as described above, is repeated as required in order to deal with packet loss and to provide a consistent result. Packet loss during the discovery process can lead to two possible outcomes:
• Discovery process stalls and times out (e.g. discovery response message lost)
• Failure a) can easily be detected by the CPU and could be handled by performing a retry. Failure b) is not detectable by the CPU during this stage of the fail-safe address assignment process and thus could lead to an availability problem - the CPU would proceed to the next phase and the F ⁇ Cs would reveal the failure later and refuse to start up. Therefore, the CPU always performs at least one retry of the discovery process and compares the number of modules found in both runs. If they differ, the CPU performs additional retries until two consecutive runs deliver the same number of modules or a defined maximum number of tries is reached.
• the CPU After address assignment, the CPU performs a series of round trip delay measurements, which are used by the F ⁇ Cs in the AVP phase, in order to verify SM-Bus addressing by means of a diverse mechanism.
• This method makes use of the fact that the communication interface of each module acts as a regenerative repeater in message pass-through mode which adds a well defined delay to each message propagated upstream or downstream.
• a module By commanding a module to loop back a message from the CPU, a measurement of the propagation time can be made. Since the number of bit times in the message is well known, the extra bit times added by each regenerative repeater can be used to determine the modules position relative to the CPU.
• FIG. 10-12 shows the RTDM workflow for an F-CPU with 3 signal modules attached. To measure the round trip delay for one module, the CPU:
• the loopback message contains a payload that is unique for each measurement during the RTDM phase.
• step 4 If a timeout occurs in step 4, the CPU records the measurement as timed out. If the integrity check in step 6 fails, the CPU records the measurement as failed (INVALID).
• Each individual result is included in the RTDM results structure, so that all interpretation of the data can be done by the fail-safe subsystems of the F- modules.
• the measurements may be repeated several times or may be re-tried if a timeout occurs.
• the expected delay time per module position can be estimated as:
• t to i(N s i ot ) k a *(t tolMes + + (N s i ot -1) * n bitRepeater ) * 1/baud *
• Allowance factor e.g. 1.2 for modules and e.g. 1.5 for internal loopback measurement
• a valid range of the measured delay time can be defined for each physical position and thus for each SM-Bus address.
• the following table shows the acceptance region for each module position.
• the data refer to the difference between measured delay value and reference value (see below).
• an internal loopback RTD measurement is performed as a reference value. This reference value is subtracted from all module RTD values, prior to evaluation.
• AVP Address Verification and Parameterization
• the CPU polls the status of all F- modules and waits for the F ⁇ Cs to become available.
• the CPU encounters an F-module that is ready to start up, it send all data gathered during MD, AdAs and RTDM to the module, along with the configuration and parameterization records. Thereby, the CPU initiates the modules' AVP process.
• the Bus-ASIC of an F-module directly forwards these data to the F ⁇ Cs and does not keep a local copy.
• the CPU waits for a defined maximum time (ParameterizationTime) for all F-modules to come online. If the ParameterizationTime period expires before all modules are ready, the CPU will not hold up normal operation any longer and will continue without configuring the unavailable modules. If any of these modules do become ready at a later point in time, the CPU will provide all required data to the module.
• ParameterizationTime a defined maximum time
• the AVP process utilizes several data structures. After startup, the F ⁇ Cs of each F-module fetch a record containing the local address (as assigned during AdAs) from the Bus-ASIC:
• the CPU packs all data gathered during the first three phases into one large record hereafter called "module discovery information”.
• This data structure shown in the table below, is sent to the F ⁇ Cs of each F-module, as soon as they become available.
• the configuration records transferred during the AVP phase provide basic information about type, architecture and capabilities of a signal module. This information contained is not safety related.
• the parameterization records contain all safety related module parameters, which include the following data used during the AVP process:
• FIGs 13A and 13B show an overview of the activities performed in the AVP phase. As will be described, checks are performed by the F ⁇ Cs to ensure fail safe address assignment. These checks are performed on the data gathered during AdAs, MD and RTDM and on the configuration / parameterization records. Their main goals are to make sure that the SM-Bus address assigned to an F-module is correct and that the module received a valid set of parameters, which is actually intended to be used by this module. This inherently ensures that the module has received the correct F-address (contained in the parameters). The majority of these checks are intended to reveal errors in the overall fail-safe address assignment process. Therefore, typically all F-modules on the bus will refuse to start up, if an address assignment problem is detected.
• discovery resp l .req_len, discovery resp l .rsp.len, discovery_resp_2.req_len, discovery_resp_2. rsp.len and rtdm results.rtdm len. This ensures that the same number of modules has been found in AdAs and MD and that all structures refer to the same number of modules.
• Discovery Response fields of both discovery response records Check them against the corresponding entries (reversed order) in the Discovery Request fields.
• ModuleldentNumber of an F-CPU contains the ModuleldentNumber of an F-CPU and that all others refer to signal modules (standard or fail-safe).
• the module discovery algorithm may operate as follows. This description of the module discovery algorithm will assume the following definitions: Serial number and ID-Record: All S7-1200 modules including the CPU have a factory assigned, unique 16 byte serial number. For F-modules and F-CPUs, this serial number is embedded in an "ID-block", which contains a CRC - as shown in the table below.
• Tl and T2 Two reversible transformations, referred to as Tl and T2, are defined, which can be applied to data blocks of constant size.
• the transformations shall fulfill the following requirements:
• Tl and T2 have to be implemented on the Bus-ASIC, the inverse transformations Tl-1 and T2-1 have to be implemented on the F ⁇ Cs.
• Tl and T2 may actually be implemented as a special cases of transformation T3, described below (T3 called with a special keys, reserved for this purpose).
• T3 A reversible transformation, referred to as T3, is defined, which can be applied to a data block of constant size.
• Tl and T2 apply to T3, plus the following additional requirements:
• T3 could for instance be realized as a simple Feistel cipher (no real cryptographic strength required or desired) or as a series of reversible arithmetic operations. If operated in a cipher block chaining (CBC) mode, it probably is also useable as a "checksum" (hash function) for the temporary ID record.
• CBC cipher block chaining
• T3 has to be implemented on the Bus-ASIC, the inverse transformations T3-1 has to be implemented on the F ⁇ Cs.
• the structure shown in the following table represents the data portion of a discovery request frame, which is sent by the CPU to the first module and by each module to the next one in the chain.
• the structure shown in the following table represents the data portion of a discovery result frame, which is returned to the upstream node by each module that received a discovery request.
• the discovery result frame also acts as an end marker, returned by the last module in the chain.
• Relay nodes additionally transform this portion of the frame with T3 and the CRC of their ID record as the key.
• First SM OxAl End marker sent by first SM Second SM 0xA2 End marker, sent by first SM
• Module discovery is performed before address assignment takes place, therefore each module is able to communicate with the upstream device (either the CPU or another module), but messages cannot be passed through a module in order to communicate with a downstream module until device addresses have been assigned.
• each module is an island connected to its neighbors by one upstream bridge and one downstream bridge.
• the discovery process takes advantage of this arrangement of islands to incrementally find and determine the order of the stations physically connected to the SM bus. During the whole discovery phase, message pass- through mode will never be enabled. Messages that have to be sent from a module to the CPU (discovery results) will be relayed by modules upstream of the originator, one by one.
• Figures 14A and 14B show the discovery process for an F-CPU with 3 signal modules attached.
• the CPU starts the process by sending a discovery request to the module in slot 2.
• the module performs the following steps:
• modules While in the discovery state, modules have to relay discovery result messages received from the downstream module upstream, towards the CPU. In order to provide evidence that each message has taken the expected path, each module applies transformation T3 to a portion of the relayed message.
• a module When a module receives a discovery result messages carrying an end marker (can be identified via the position code), it leaves the discovery state after relaying the message and restores the initial multiplexer configuration. If no end marker is received, the module leaves the discovery state after a timeout.
• an end marker can be identified via the position code
• the CPU collects all received discovery result messages and ends the discovery phase upon reception of an end marker and / or after timeout. [00138] Immediately following the discovery process the CPU initiates the address assignment process as was described above.
• the address assignment also relies on the fact that each module is an island. Specifically, the CPU relies on the fact that its transmission to assign an address is only received by a single station.
• the CPU automatically determines the number of attached modules. This information is stored by the CPU and provided to the F-modules in phase 4.
• FIGS 15A and 15B The basic information flow is shown in Figures 15A and 15B which provides an example for an F-CPU with 3 signal modules attached.
• RTDM then proceeds as described elsewhere herein.
• Phase 4 includes configuration, parameterization and module startup for the steps are performed for each F-module individually and can be repeated if necessary, without any interference to the operation of other signal modules.
• the CPU polls the status of all F-modules and waits for the F- ⁇ to become available.
• Startup of the F ⁇ Cs may be delayed, since they rely on an external power supply - as opposed to the Bus-ASICs, which are powered via the CPU.
• the CPU waits for a defined maximum time (ParameterizationTime) for all F-modules to come online. If the ParameterizationTime period expires before all modules are ready, the CPU will not hold up normal operation any longer and will continue without configuring the unavailable modules. If any of these modules does become ready at a later point in time, the CPU will provide all required data to the module.
• ParameterizationTime a defined maximum time
• the same scheme can be used to re-configure F-modules that come back online after a restart of their F ⁇ Cs caused by a temporary loss of their external supply voltage.
• the CPU simply has to re-send all data gathered during phases 1 - 3 to the module, along with the configuration and parameterization records.
• the F ⁇ Cs check and apply the data in the same way as in a normal startup and, if successful, the module is ready for re-integration.
• phase 4 the following data are supplied to each F-module.
• the CPU packs all data gathered during phases 1 - 3 into one large structure hereafter called "module discovery information”. This data structure will be sent to each F-module.
• the configuration records transferred during phase 4 provide basic information about type, architecture and capabilities of a signal module. This information contained is not safety related.
• the parameterization records contain all safety related module parameters, which include the following data used during the address verification process:
• Figures 16A and 16B show an overview of all of the activities performed in phase 4.
• the following checks may be performed by the F ⁇ Cs to ensure fail safe address assignment. These checks are performed on the data gathered during phases 1 - 3 and on the configuration / parameterization records. Their main goals are to make sure that the SM-Bus address assigned to an F-module is correct and that the module received a valid set of parameters, which is actually intended to be used by this module. This inherently ensures that the module has received the correct F-address (contained in the parameters). The majority of these checks are intended to reveal errors in overall address assignment and verification process. Therefore, usually all F-modules on the bus will refuse to start up, if an address assignment problem is detected.
• T3[Kn] means: Transformation T3, using the CRC of module n as the key [00156] Therefore the following steps have to be performed, to revert the transformations:
• n-1 steps shall be performed (where n equals the number of records) and the T2-1 has to be applied to the last record.
• the phrase "coupled with” is defined to mean directly connected to or indirectly connected through one or more intermediate components. Such intermediate components may include both hardware and software based components. Further, to clarify the use in the pending claims and to hereby provide notice to the public, the phrases "at least one of ⁇ A>, ⁇ B>, ... and ⁇ N>" or "at least one of ⁇ A>, ⁇ B>, ... ⁇ N>, or combinations thereof are defined by the Applicant in the broadest sense, superseding any other implied definitions herebefore or hereinafter unless expressly asserted by the Applicant to the contrary, to mean one or more elements selected from the group comprising A, B, ... and N, that is to say, any combination of one or more of the elements A, B, ... or N including any one element alone or in combination with one or more of the other elements which may also include, in combination, additional elements not listed.
• Figure 17 shows a system 1700 for discovery of at least one device
• the devices 1702 which may be implemented as the Simatic S7-1200 PLC wherein the master device 1708 may implement the above described CPU module and the devices 1702 may implement the above described signal modules.
• the devices 1702 include at least one Fail Safe Module ("F-Module") and may further include other signal modules which are not F-Modules.
• F-Module Fail Safe Module
• the disclosed embodiments may be applicable to other PLC systems and/or may be used in conjunction with other processes or protocols, now available or later developed, for ensuring reliable discovery and configuration of devices as described.
• each of the at least one device 1702 may include first and second communications interfaces 1704 1706 where each of the first and second communications interfaces 1704 1706 is operative to connect each of the at least one device 1702 to up to one other of the at least one device 1702, e.g. serially or in daisy chain fashion as described above. It will be appreciated that the first and second communications interfaces 1704 1706 may be logically and/or physically separately implemented or may be implemented as a single bidirectional interface having the capabilities described herein. Each of the at least one device 1702 may be further operative to, upon receipt of a discovery request message via the first communications interface 1704, transmit, i.e.
• the discovery request message or otherwise propagate, repeat or otherwise retransmit, the discovery request message or otherwise, responsive to the receipt, generate and transmit a new discovery request message via the second communications interface 1706 and await receipt of a discovery response message thereby for an elapse of a period of time, and, upon receipt of the discovery response message thereby or upon elapse of the period of time, generate another discovery response message including the received discovery response message therein, if any, and transmit the generated discovery response message via the first communications interface 1704.
• the system 1700 includes master device 1708 having a processor 1710 and a memory 1712 coupled therewith which may be implemented as the processor 2002 and memory 2004 as described below with respect to Figure 20.
• the master device 1708 e.g. the CPU module, further includes first logic 1714 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to transmit a discovery request message to a first device 1702 of the at least one device 1702 coupled therewith, the discovery request message not being transmitted to the first device 1702 through any other of the at least one device 1702, e.g. the discovery request message is transmitted to the first of an unknown number of daisy chained devices 1702 as described above.
• the master device 1708 also includes second logic 1716 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to determine or otherwise derive, as a function of each of the at least one device 1702 being operative to transmit the discovery request message, a first data structure, e.g. a list or other construct, which uniquely identifies each of the at least one device by a first identifier associated therewith and further identifies each device's 1702 relative position to another of the at least one device 1702 which received the discovery request message prior, i.e. immediately prior e.g. its upstream neighbor, thereto.
• a first data structure e.g. a list or other construct
• each of the at least one device 1702 may be further operative to augment, or otherwise insert, append or modify, the discovery request message with the first identifier, or otherwise generate a new discovery request which includes the received discovery request and the first identifier, such as a device unique CRC code, identifying the associated at least one device 1702 prior to transmitting the discovery request message, the first data structure comprising the discovery request message as augmented, or the newly generated discovery request, by each of the at least one device 1702, i.e. the accumulated device 1702 identifiers.
• the first identifier such as a device unique CRC code
• each device may be further operative to generate and transmit a discovery request message including a verifiable identifier, such as a unique serial number and a CRC code over this serial number, identifying the associated at least one device 1702.
• each device may further augment the discovery request message with an identifier of the preceding/upstream neighbor device 1702 from which the discovery request was received.
• each of the at least one device 1702 may be further operative to generate, upon receipt of the discovery request message, a response thereto including the first identifier associated therewith, which may include a verifiable identifier associated therewith and a verifiable identifier of the preceding/upstream neighbor device 1702, as received with the discovery request, and transmit the response via the first communications interface 1704, i.e. to be propagated by any upstream devices 1702 to the master device 1708, e.g. the CPU module.
• the master device 1708 may further include fourth logic 1720, encompassed in Figure by "other logic” 1720, stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to receive each of the responses from each of the at least one device 1702, the first data structure comprising the received responses.
• fourth logic 1720 encompassed in Figure by "other logic” 1720, stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to receive each of the responses from each of the at least one device 1702, the first data structure comprising the received responses.
• other logic stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to receive each of the responses from each of the at least one device 1702, the first data structure comprising the received responses.
• an upstream device may encrypt or otherwise transform the received response using a device unique value, similar to the encryption described below.
• each device may further transform and/or encrypt the response as transformed/encrypted by the prior device forming a recursively trans formed/encrypted data structure, the recursive un-transformation/un- encryption of which may reveal which devices in which order the response was propagated to reach the CPU.
• the first data structure may include the accumulated list of device identifiers within the discovery request, which as will be described below, is eventually communicated back to the master device 1708.
• the first data structure may include the accumulation of the response messages, accumulated by the master device 1708, sent by each of the devices 1702 to the master device 1708 as each device received the discovery request message.
• the master device 1708 may further include third logic 1718 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to determine, e.g. derive or otherwise receive, as a function of each of the at least one device 1702 being operative to generate and transmit the generated discovery response message, a second data structure, e.g. a list or other construct, which uniquely identifies each of the least one device 1702 by a second identifier, such as a unique device serial number, associated therewith different from the first identifier and which further identifies each device's 1702 relative position to another of the at least one device 1702 which transmitted the generated discovery response message thereto.
• a second data structure e.g. a list or other construct
• the master device 1708 includes fourth logic 1720 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to receive the generated discovery response message, e.g. including the accumulated modifications by each of the at least one device 1702, from the first device 1702, the second data structure comprising the received generated discovery response message.
• the modifications performed by each device may comprise an appending of data identifying the device and its downstream preceding neighbor device.
• the modifications performed by each device may include a transformation, such as an encryption, based on a device unique key value wherein the resultant discovery response message is a recursively transformed device data structure.
• the last device 1702 in the chain of devices 1702 may, upon, for example, a time out after waiting for a response from a non-existent downstream device 1702, determine that it is the last device 1702 in the chain and, based thereon, generate an indication message that it is the last device 1702 and transmit that indication message to the next upstream device 1702 to be further propagated up the chain to the master device 1708.
• Each device 1702 upon receipt of this indication message may transform the received message prior to propagating it to the next device as described above. Thereby, a recursively otherwise repeatedly transformed data structure is created, the order in which the transforms are applied being indicative of the order of the device 1702 through which the indication message was passed. Utilizing the known device unique key values and the expected order of the devices, the transformations may be reversed to validate that the known device unique keys or the device ordering is in fact correct.
• each of the at least one device 1702 may be further operative to, upon receipt of an address assignment message via the first communication interface 1704, determine if the device 1702 has an assigned address and if the device 1702 has an assigned address, transmit the address assignment message via the second communication interface 1706, and if the device 1702 does not have an assigned address, assign the address of the address assignment message thereto, wherein each of the at least one device 1702, subsequent to the assignment of an address thereto, is responsive to requests addressed thereto.
• the master device 1708 may further include fourth logic 1720 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to transmit, such as according to the address assignment protocol described above, an address assignment message to the first device 1702 for each of the at least one device 1702.
• the fourth logic 1720 is executable by the processor 1710 to cause the processor 1710 to transmit address assignment messages, with sequentially assigned addresses correlated to the number of the at least one device through which the address assignment message is expected to be transmitted, until it has been determined that the last of the at least one device 1702 in the chain of devices 1702 has had an address assigned, such as by a response indicative thereof to a subsequent address assignment message.
• the fourth logic 1720 may be executable by the processor 1710 to cause the processor 1710 to transmit an address assignment message to each of the at least one device 1702 identified based on the first and second data structures, each address assignment message comprising a unique address correlated to the number of the at least one device 1702 through which the address assignment message is expected to be transmitted.
• the unique address may be selected sequentially from a pre-defmed sequence of addresses.
• the master device 1708 may further include fifth logic 1720 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to generate the unique address.
• each of the at least one device 1702 may be characterized by a device delay between the receipt of a communication on one of the first and second communications interfaces 1704 1706 and the transmission of the received communication on the other of the first and second communications interfaces 1704 1706.
• the master device 1708 may further include fourth logic 1720 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to transmit a request for a response addressed to each of the at least one device 1702, identified during the address assignment process described above, or based on the first and second data structures, using the unique address assigned thereto or to all valid addresses whether assigned to a device 1702 or not, and for each response received in response to the request, determine a delay between transmission of the request and receipt of the response thereto, and further transmit the determined delays to at least one of the device 1702, e.g.
• a F-module device 1702 for comparison by the device 1702 with an expected delay computed by the device for each received response based on the unique address assigned to the at least one device 1702 and the associated device delay, and indication an error when the determined delay deviates from the expected delay.
• the at least one device 1702 may be, upon receipt of a message including the first and second data structures, operative to derive data from the first and second data structures which identify the associated device 1702 and the associated device's 1702 position with respect to an arrangement of the other of the at least one device 1702 and verify correctness thereof.
• the master device 1708 may further include fourth logic 1720 stored in the memory 1712 and executable by the processor 1710 to cause the processor 1710 to transmit a message comprising the first and second data structures to the first device 1702 for at least one device 1702, such as those devices 1702 identified based on the first and second data structures.
• Figure 17 further depicts a block diagram of a device 1702, which may be the signal module described above and which further may or may not comprise an F-Module, operative to obtain an assigned address.
• the device 1702 includes a memory 1722, first and second communications interfaces 1704 1706, and a processor 1724 coupled with the memory 1722 and the first and second communications interfaces 1704 1706, each of the first and second communications interfaces 1704 1706 being operative to connect to up to one other device 1702, e.g. serially or in daisy chain fashion as described above.
• the first and second communications interfaces 1704 1706 may be logically and/or physically separately implemented or may be implemented as a single bidirectional interface having the capabilities described herein.
• the processor 1724 and memory 1722 may be implemented as the processor 2002 and memory 2004 as described below with respect to Figure 20.
• the device 1702 includes first logic 1726 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to transmit, e.g. propagate or otherwise retransmit or relay, upon receipt of a discovery request message via the first communications interface 1704 from a sender thereof, the discovery request message, or otherwise generate, in response to the receipt of the discovery request message, and transmit another new discovery request message which may include the received discovery request message therein, via the second communications interface 1706 and await receipt of a discovery response message thereby for an elapse of a period of time, and, upon receipt of the discovery response message thereby or upon elapse of the period of time, generate another discovery response message including the received discovery response message therein, if any, and transmitting the generated discovery response message via the first communications interface 1704.
• first logic 1726 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to transmit, e.g. propagate or otherwise retransmit or relay, upon receipt of a discovery request message via the first communications interface 1704 from
• the device 1702 may further include second logic 1728 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to, upon receipt of a discovery request message via the first communications interface 1704 and/or prior to the transmission of the discovery request message, augment the discovery request message with, or otherwise generate a new discovery request including, a first identifier, e.g. a verifiable identifier such as a unique serial number and a cyclical redundancy check code computed based thereon, identifying the device 1702.
• the discovery request message may be further augmented with a second identifier identifying the sender of the discovery request message.
• the first identifier may be a cyclical redundancy check value of a device identifier of the device 1702. The augmented discovery request message may then be converted to a discovery response message and transmitted via the first communications interface 1704.
• the device 1702 may further include second logic 1728 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to generate, upon receipt of the discovery request message, an identification message identifying the device 1702, e.g. including a verifiable identifier, such as a unique serial number and cyclical redundancy check code thereover, and transmit the identification message to the sender, and third logic 1728 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to transmit, upon receipt of the identification message via the second communications interface 1706, the identification message via the first communications interface 1704.
• the received identification message may be transformed, e.g. encrypted, prior to being transmitted, such as based on a device unique key value, as was described above.
• the device 1702 may further include second logic 1728 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to determine, upon receipt of an address assignment message comprising an address via the first communication interface 1704, if the device 1702 has an assigned address, and if the device 1702 has an assigned address, transmit the address assignment message via the second communication interface 1706, and if the device 1702 does not have an assigned address, assign the address of the address assignment message thereto, wherein the device 1702, subsequent to the assignment of an address thereto, is responsive to requests addressed thereto.
• second logic 1728 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to determine, upon receipt of an address assignment message comprising an address via the first communication interface 1704, if the device 1702 has an assigned address, and if the device 1702 has an assigned address, transmit the address assignment message via the second communication interface 1706, and if the device 1702 does not have an assigned address, assign the address of the address assignment message thereto, wherein the device 1702
• the first logic 1726 may be further executable, upon receipt by the processor 1724 of the discovery response message, to cause the processor 1724 to augment the discovery response message with a first identifier identifying the device 1702 and, in an alternative embodiment, a second identifier identifying the sender of the discovery response message.
• the first identifier may be a serial number of the device 1702 and the second identifier may the serial number of the device from which the discovery response message was received.
• the first logic 1726 may be further executable, upon receipt by the processor 1724 of the discovery response message via the second communications interface 1706, to cause the processor 1724 to apply a transformation, such as an encryption function, to the received discovery response message based on a key value unique to the device 1702, wherein the received discovery response message may only be obtained from the transformed received discovery response message using the key value.
• the key value may be one of a cyclical redundancy check value or a check sum value computed based on the received discovery response message or otherwise determined or derived from a unique identifier of the device 1702.
• the transformation may be an encryption based on the key value.
• the last device 1702 in the chain of devices upon determining that it is the last device 1702, may generate an end-of-chain indicator as the discovery response message, and transmit this indicator to the next upstream device 1702 which transforms the indicator, as described above, and transmits it to the next device 1702, and so on.
• the device 1702 may further include second logic 1728 stored in the memory 1722 and executable by the processor 1724 to cause the processor 1724 to derive, upon receipt of a message including first and second data structures wherein the first data structure uniquely identifies at least the device 1702 by a first identifier associated therewith and further identifies the device's 1702 relative position to the sender of the discovery request message thereto and the second data structure uniquely identifies each at least the device 1702 by a second identifier associated therewith different from the first identifier and which further identifies the device's 1702 relative position to the sender which transmitted the generated discovery response message thereto, data from the first and second data structures which identify the device 1702 and the device's 1702 position with respect to an arrangement of the other devices 1702 and verify correctness thereof.
• the second data structure comprises a recursively transformed discovery response message
• the derivation further comprising recursively untransforming the second data structure, such as based on the known key values and ordering
• Figure 18 depicts a flow chart showing operation of the system 1700 of Figure 17.
• Figure 18 shows a computer implemented method for discovery by a master device 1708 of at least one device 1702, e.g. where the number of devices are unknown.
• each of the at least one device 1702 includes first and second communications interfaces 1704 1706, each of the first and second communications interfaces 1704 1706 being operative to connect each of the at least one device 1702 to up to one other of the at least one device 1702.
• each of the at least one device 1702 is operative to, upon receipt of a discovery request message via the first communications interface 1704, transmit the discovery request message via the second communications 1706 and await receipt of a discovery response message thereby for an elapse of a period of time, and, upon receipt of the discovery response message thereby or upon elapse of the period of time, generate another discovery response message including the received discovery response message therein, if any, and transmit the generated discovery response message via the first communications interface 1704.
• the operation includes: transmitting, by a processor 1710, a discovery request message to a first device 1702 of the at least one device 1702 coupled therewith, the discovery request message not being transmitted to the first device 1702 through any other of the at least one device 1702 [Block 1802]; determining, by the processor 1710 as a function of each of the at least one device 1702 being operative to transmit the discovery request message, a first data structure which uniquely identifies each of the at least one device 1702 by a first identifier associated therewith and further identifies each device's 1702 relative position to another of the at least one device 1702 which received the discovery request message prior thereto [Block 1804]; and determining, by the processor 1710 as a function of each of the at least one device 1702 being operative to generate and transmit the generated discovery response message, a second data structure which uniquely identifies each of the least one device 1702 by a second identifier associated therewith different from the first identifier and which further identifies each device's 17
• each of the at least one device 1702 may be further operative to augment the discovery request message with the first identifier identifying the associated at least one device 1702 prior to transmitting the discovery request message, the first data structure comprising the discovery request message as augmented by each of the at least one device 1702.
• each of the at least one device 1702 may be further operative to generate, upon receipt of the discovery request message, a response thereto including the first identifier associated therewith, and transmit the response via the first communications interface 1704 and wherein the operation further includes: receiving each of the responses from each of the at least one device 1702, the first data structure comprising the received responses [Block 1808]. [00184] In one embodiment, the operation further includes receiving the generated discovery response message from the first device 1702, the second data structure comprising the received generated discovery response message [Block 1810].
• each of the at least one device 1702 may be further operative to, upon receipt of an address assignment message via the first communication interface 1704, determine if the device 1702 has an assigned address and if the device 1702 has an assigned address, transmit the address assignment message via the second communication interface 1706, and if the device 1704 does not have an assigned address, assign the address of the address assignment message thereto, wherein each of the at least one device 1702, subsequent to the assignment of an address thereto, is responsive to requests addressed thereto.
• the operation may further include transmitting, by the processor 1710, an address assignment message to the first device 1702 for each of the at least one device 1702, either, for example, sequentially assigned or identified based on the first and second data structures, each address assignment message comprising a unique address correlated to the number of the at least one device 1702 through which the address assignment message is expected to be transmitted [Block 1812].
• the unique address may be selected sequentially from a pre-defmed sequence of addresses.
• the operation may further include generating, by the processor 1710, the unique address.
• each of the at least one device 1702 may be characterized by a device delay between the receipt of a communication on one of the first and second communications interfaces 1704 1706 and the transmission of the received communication on the other of the first and second communications interfaces 1704 1706.
• the operation of the system 1700 may further include: transmitting, by the processor 1710, a request for a response addressed to each of the at least one device 1702, to all valid addresses, to only those addresses assigned during the address assignment process describe above or only to those devices identified based on the first and second data structures, using the unique address assigned thereto [Block 1814]; and for each response received in response to the request, determining, by the processor 1710, a delay between transmission of the request and receipt of the response thereto [Block 1816]; transmitting the determined delays between the transmission of the request and the receipt of the response to each of the at least one device 1702 for comparison thereby with an expected delay for each received response computed based on the unique address assigned to the at least one device 1702 and the associated device delay [Block 1818]; and indication of an error when the determined delay deviates from the expected delay [Block 1820].
• At least one device 1702 may be, upon receipt of a message including the first and second data structures, operative to derive data from the first and second data structures which identify the associated device 1702 and the associated device's 1702 position with respect to an arrangement of the other of the at least one device 1702 and verify correctness thereof. Accordingly, the operation of the system 1700 may further include transmitting, by the processor 1710, a message comprising the first and second data structures to the first device 1702 to at least one device 1702 identified based on the first and second data structures [Block 1822].
• Figure 19 depicts a flow chart showing operation of the device
• Figure 19 shows a computer implemented method for obtaining an assigned address by a device 1702, as described above, having a processor 1724 and first and second communications interfaces 1704 1706 coupled therewith, each of the first and second communications interfaces 1704 1706 being operative to connect to up to one other device 1702, as was described above.
• the operation includes: transmitting, upon receipt of a discovery request message via the first communications interface 1704 from a sender thereof, a discovery request message via the second communications interface 1706 [Block 1902] and awaiting receipt of a discovery response message thereby for an elapse of a period of time, and, upon receipt of the discovery response message thereby or upon elapse of the period of time, generating another discovery response message including the received discovery response message therein, if any, [Block 1904] and transmitting the generated discovery response message via the first communications interface 1704 [Block 1906].
• the operation of the device 1702 may further include determining, by the processor 1724 upon receipt of an address assignment message comprising an address via the first communication interface 1704, if the device 1702 has an assigned address, [Block 1908] and if the device 1702 has an assigned address, transmitting the address assignment message via the second communication interface 1706 [Block 1910], and if the device 1702 does not have an assigned address, assigning the address of the address assignment message thereto, wherein the device 1702, subsequent to the assignment of an address thereto, is responsive to requests addressed thereto [Block 1912].
• the operation of the device 1702 may further include, prior to the transmitting of the discovery request message, augmenting, by the processor 1724, the discovery request message with a first identifier identifying the device 1702, or otherwise creating a new discovery request with the first identifier identifying the device 1702 and, in an alternate embodiment, a second identifier identifying the sender of the discovery request message [Block 1914].
• the first identifier nay be a cyclical redundancy check value of a device identifier of the device 1702.
• the operation of the device 1702 may further include: generating, by the processor 1724 upon receipt of the discovery request message, an identification message identifying the device 1702 [Block 1916] and transmitting the identification message to the sender [Block 1918]; and transmitting, by the processor 1724 upon receipt of the identification message via the second communications interface 1706, the identification message via the first communications interface 1704 [Block 1920].
• the identification message may be transformed, as described above, prior to transmitting it.
• the generating of the other discovery response message may further include, upon receipt of the discovery response message, augmenting, by the processor 1724, the discovery response message with a first identifier identifying the device 1702 and a second identifier identifying the sender of the discovery response message [Block 1922].
• the first identifier may be a serial number of the device 1702.
• the generating of the other discovery response message may include, upon receipt of the discovery response message, applying, by the processor 1724, a transformation to the received discovery response message based on a key value unique to the device 1702, wherein the received discovery response message may only be obtained from the transformed received discovery response message using the key value [Block 1924].
• the key value may be determined or derived from one of the identifiers of the device 1702.
• the transformation may be an encryption based on the key value.
• the operation of the device 1702 may further include deriving, by the processor 1724 upon receipt of a message including first and second data structures wherein the first data structure uniquely identifies at least the device 1702 by a verifiable identifier associated therewith and further identifies the device's 1702 relative position to the sender of the discovery request message thereto and the second data structure uniquely identifies each of the at least the device 1702 by a second identifier associated therewith different from the first identifier and which further identifies the device's 1702 relative position to the sender which transmitted the generated discovery response message thereto, data from the first and second data structures which identify the device 1702 and the device's 1702 position with respect to an arrangement of the other devices 1702 [Block 1926] and verifying correctness thereof [Block 1928].
• the second data structure may be a recursively transformed discovery response message, the deriving further comprising recursively untrans forming the second data structure [Block 1930].
• modules described herein may be implemented using, among other things, a tangible computer-readable medium comprising computer-executable instructions (e.g., executable software code).
• modules may be implemented as software code, firmware code, hardware, and/or a combination of the aforementioned.
• the modules may be embodied as part of a programmable logic controller as described above.
• the computer system 2000 can include a set of instructions that can be executed to cause the computer system 2000 to perform any one or more of the methods or computer based functions disclosed herein.
• the computer system 2000 may operate as a standalone device or may be connected, e.g., using a network, to other computer systems or peripheral devices. Any of the components discussed above, such as the master device 1708, device 1702, or processors 1710, 1724, may be a computer system 2000 or a component in the computer system 2000.
• the computer system 2000 may implement a programmable logic controller, of which the disclosed embodiments are a component thereof.
• the computer system 2000 may operate in the capacity of a server or as a client user computer in a client-server user network environment, or as a peer computer system in a peer-to-peer (or distributed) network environment.
• the computer system 2000 can also be implemented as or incorporated into various devices, such as a personal computer (PC), a tablet PC, a set-top box (STB), a personal digital assistant (PDA), a mobile device, a palmtop computer, a laptop computer, a desktop computer, a communications device, a wireless telephone, a land-line telephone, a control system, a camera, a scanner, a facsimile machine, a printer, a pager, a personal trusted device, a web appliance, a network router, switch or bridge, or any other machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.
• PC personal computer
• PDA personal digital assistant
• the computer system 2000 can be implemented using electronic devices that provide voice, video or data communication.
• the term "system” shall also be taken to include any collection of systems or sub-systems that individually or jointly execute a set, or multiple sets, of instructions to perform one or more computer functions.
• the computer system 2000 may include a processor 2002, e.g., a central processing unit (CPU), a graphics processing unit (GPU), or both.
• the processor 2002 may be a component in a variety of systems.
• the processor 2002 may be part of a standard personal computer or a workstation.
• the processor 2002 may be one or more general processors, digital signal processors, application specific integrated circuits, field programmable gate arrays, servers, networks, digital circuits, analog circuits, combinations thereof, or other now known or later developed devices for analyzing and processing data.
• the processor 2002 may implement a software program, such as code generated manually (i.e., programmed).
• the computer system 2000 may include a memory 2004 that can communicate via a bus 2008.
• the memory 2004 may be a main memory, a static memory, or a dynamic memory.
• the memory 2004 may include, but is not limited to computer readable storage media such as various types of volatile and non-volatile storage media, including but not limited to random access memory, read-only memory, programmable read-only memory, electrically programmable read-only memory, electrically erasable read-only memory, flash memory, magnetic tape or disk, optical media and the like.
• the memory 2004 includes a cache or random access memory for the processor 2002.
• the memory 2004 is separate from the processor 2002, such as a cache memory of a processor, the system memory, or other memory.
• the memory 2004 may be an external storage device or database for storing data. Examples include a hard drive, compact disc (“CD”), digital video disc (“DVD”), memory card, memory stick, floppy disc, universal serial bus (“USB”) memory device, or any other device operative to store data.
• the memory 2004 is operable to store instructions executable by the processor 2002.
• the functions, acts or tasks illustrated in the figures or described herein may be performed by the programmed processor 2002 executing the instructions 2012 stored in the memory 2004.
• the functions, acts or tasks are independent of the particular type of instructions set, storage media, processor or processing strategy and may be performed by software, hardware, integrated circuits, firm-ware, micro-code and the like, operating alone or in combination.
• processing strategies may include multiprocessing, multitasking, parallel processing and the like.
• the computer system 2000 may further include a display unit 2014, such as a liquid crystal display (LCD), an organic light emitting diode (OLED), a flat panel display, a solid state display, a cathode ray tube (CRT), a projector, a printer or other now known or later developed display device for outputting determined information.
• a display unit 2014 such as a liquid crystal display (LCD), an organic light emitting diode (OLED), a flat panel display, a solid state display, a cathode ray tube (CRT), a projector, a printer or other now known or later developed display device for outputting determined information.
• the display 2014 may act as an interface for the user to see the functioning of the processor 2002, or specifically as an interface with the software stored in the memory 2004 or in the drive unit 2006.
• the computer system 2000 may include an input device 2016 configured to allow a user to interact with any of the components of system 2000.
• the input device 2016 may be a number pad, a keyboard, or a cursor control device, such as a mouse, or a joystick, touch screen display, remote control or any other device operative to interact with the system 2000.
• the computer system 2000 may also include a disk or optical drive unit 2006.
• the disk drive unit 2006 may include a computer-readable medium 2010 in which one or more sets of instructions 2012, e.g. software, can be embedded.
• the instructions 2012 may embody one or more of the methods or logic as described herein.
• the instructions 2012 may reside completely, or at least partially, within the memory 2004 and/or within the processor 2002 during execution by the computer system 2000.
• the memory 2004 and the processor 2002 also may include computer-readable media as discussed above.
• the present disclosure contemplates a computer-readable medium that includes instructions 2012 or receives and executes instructions 2012 responsive to a propagated signal, so that a device connected to a network 2020 can communicate voice, video, audio, images or any other data over the network 2020. Further, the instructions 2012 may be transmitted or received over the network 2020 via a communication interface 2018.
• the communication interface 2018 may be a part of the processor 2002 or may be a separate component.
• the communication interface 2018 may be created in software or may be a physical connection in hardware.
• the communication interface 2018 is configured to connect with a network 2020, external media, the display 2014, or any other components in system 2000, or combinations thereof.
• the connection with the network 2020 may be a physical connection, such as a wired Ethernet connection or may be established wirelessly as discussed below.
• the additional connections with other components of the system 2000 may be physical connections or may be established wirelessly.
• the network 2020 may include wired networks, wireless networks, or combinations thereof.
• the wireless network may be a cellular telephone network, an 802.11, 802.16, 802.20, or WiMax network.
• the network 2020 may be a public network, such as the Internet, a private network, such as an intranet, or combinations thereof, and may utilize a variety of networking protocols now available or later developed including, but not limited to TCP/IP based networking protocols.
• Embodiments of the subject matter and the functional operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them.
• Embodiments of the subject matter described in this specification can be implemented as one or more computer program products, i.e., one or more modules of computer program instructions encoded on a computer readable medium for execution by, or to control the operation of, data processing apparatus. While the computer-readable medium is shown to be a single medium, the term "computer-readable medium" includes a single medium or multiple media, such as a centralized or distributed database, and/or associated caches and servers that store one or more sets of instructions.
• the term "computer-readable medium” shall also include any medium that is capable of storing, encoding or carrying a set of instructions for execution by a processor or that cause a computer system to perform any one or more of the methods or operations disclosed herein.
• the computer readable medium can be a machine-readable storage device, a machine- readable storage substrate, a memory device, or a combination of one or more of them.
• data processing apparatus encompasses all apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers.
• the apparatus can include, in addition to hardware, code that creates an execution environment for the computer program in question, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them.
• the computer- readable medium can include a solid-state memory such as a memory card or other package that houses one or more non-volatile read-only memories. Further, the computer-readable medium can be a random access memory or other volatile rewritable memory. Additionally, the computer-readable medium can include a magneto-optical or optical medium, such as a disk or tapes or other storage device to capture carrier wave signals such as a signal communicated over a transmission medium. A digital file attachment to an e-mail or other self-contained information archive or set of archives may be considered a distribution medium that is a tangible storage medium. Accordingly, the disclosure is considered to include any one or more of a computer-readable medium or a distribution medium and other equivalents and successor media, in which data or instructions may be stored.
• dedicated hardware implementations such as application specific integrated circuits, programmable logic arrays and other hardware devices, can be constructed to implement one or more of the methods described herein.
• Applications that may include the apparatus and systems of various embodiments can broadly include a variety of electronic and computer systems.
• One or more embodiments described herein may implement functions using two or more specific interconnected hardware modules or devices with related control and data signals that can be communicated between and through the modules, or as portions of an application-specific integrated circuit. Accordingly, the present system encompasses software, firmware, and hardware implementations.
• the methods described herein may be implemented by software programs executable by a computer system.
• implementations can include distributed processing, component/object distributed processing, and parallel processing.
• virtual computer system processing can be constructed to implement one or more of the methods or functionality as described herein.
• a computer program (also known as a program, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a standalone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
• a computer program does not necessarily correspond to a file in a file system.
• a program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code).
• a computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.
• the processes and logic flows described in this specification can be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating output.
• the processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit).
• processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and anyone or more processors of any kind of digital computer.
• a processor will receive instructions and data from a read only memory or a random access memory or both.
• the essential elements of a computer are a processor for performing instructions and one or more memory devices for storing instructions and data.
• a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
• mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
• a computer need not have such devices.
• a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA), a mobile audio player, a Global Positioning System (GPS) receiver, to name just a few.
• Computer readable media suitable for storing computer program instructions and data include all forms of non volatile memory, media and memory devices, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto optical disks; and CD ROM and DVD-ROM disks.
• the processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
• a device having a display, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer.
• a display e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor
• a keyboard and a pointing device e.g., a mouse or a trackball
• Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback provided to the user can be any form of sensory feedback, e.g., visual feedback, auditory feedback, or tactile feedback; and input from the user can be received in any form, including acoustic, speech, or tactile input.
• Embodiments of the subject matter described in this specification can be implemented in a computing system that includes a back end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the subject matter described in this specification, or any combination of one or more such back end, middleware, or front end components.
• the components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
• LAN local area network
• WAN wide area network
• the computing system can include clients and servers.
• a client and server are generally remote from each other and typically interact through a communication network.
• the relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
• inventions of the disclosure may be referred to herein, individually and/or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any particular invention or inventive concept.
• inventions may be referred to herein, individually and/or collectively, by the term "invention" merely for convenience and without intending to voluntarily limit the scope of this application to any particular invention or inventive concept.
• specific embodiments have been illustrated and described herein, it should be appreciated that any subsequent arrangement designed to achieve the same or similar purpose may be substituted for the specific embodiments shown.
• This disclosure is intended to cover any and all subsequent adaptations or variations of various embodiments. Combinations of the above embodiments, and other embodiments not specifically described herein, will be apparent to those of skill in the art upon reviewing the description.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Physics & Mathematics (AREA)
• General Physics & Mathematics (AREA)
• Automation & Control Theory (AREA)
• Small-Scale Networks (AREA)

Applications Claiming Priority (1)

Publications (1)

Family

ID=45931041

Family Applications (1)

Country Status (3)

Families Citing this family (14)

Family Cites Families (7)

• 2012
  • 2012-03-26 CN CN201280073165.0A patent/CN104285190A/zh active Pending
  • 2012-03-26 EP EP12712498.0A patent/EP2831683A1/de not_active Withdrawn
  • 2012-03-26 WO PCT/US2012/030541 patent/WO2013147734A1/en active Application Filing

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events