[go: up one dir, main page]

WO2018193277A1 - One-way data system (ods) - Google Patents

One-way data system (ods) Download PDF

Info

Publication number
WO2018193277A1
WO2018193277A1 PCT/IB2017/000455 IB2017000455W WO2018193277A1 WO 2018193277 A1 WO2018193277 A1 WO 2018193277A1 IB 2017000455 W IB2017000455 W IB 2017000455W WO 2018193277 A1 WO2018193277 A1 WO 2018193277A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
computer
transmitter
receiver
terminal
Prior art date
Application number
PCT/IB2017/000455
Other languages
French (fr)
Inventor
Nasser M. LOOTAH
Tayeb Taher A R AL KHAJA
Muhammed Ali ZULFIQUER
Khaled Mahmoud Ahmed KULEY
Mohd Kamrul ISLAM
Seyed Esmaeel HOSEYNI
Muhammad Faisal A. A. MAKKI
Original Assignee
Dubai Electricity And Water Authority
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dubai Electricity And Water Authority filed Critical Dubai Electricity And Water Authority
Priority to GBGB1709043.2A priority Critical patent/GB201709043D0/en
Priority to PCT/IB2017/000455 priority patent/WO2018193277A1/en
Publication of WO2018193277A1 publication Critical patent/WO2018193277A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/80Optical aspects relating to the use of optical transmission for specific applications, not provided for in groups H04B10/03 - H04B10/70, e.g. optical power feeding or optical transmission through water
    • H04B10/85Protection from unauthorised access, e.g. eavesdrop protection

Definitions

  • ODS One-Way Data System
  • the present invention relates to a device for unidirectional data transmission, and a corresponding system and method. These relate to IT infrastructure, especially to connecting an operating technology (OT) network, e.g. at a power plant or factory, with larger, insecure networks such as the internet, while maintaining the isolation of the plant network that is required for security reasons.
  • OT operating technology
  • the object of the invention is achieved by a device for unidirectional data transmission, also called “one-way data device” or ODD, comprising a fiber-optic cable, a transmitter terminal, and a receiver terminal.
  • the transmitter terminal comprises a light source and no light detection sensor
  • the receiver terminal comprises a light detection sensor and no light source.
  • the transmitter terminal and the receiver terminal are connected by the fiber-optic cable such that data can be transmitted from the transmitter terminal to the receiver terminal.
  • the transmitter terminal contains no light detection sensor, it is physically incapable of receiving information from the cable.
  • the receiver terminal is physi- cally incapable of sending information through the cable, since it does not contain a light source.
  • Such a device provides a simple and effective means of ensuring that data is transmitted only in one direction. Security is enhanced, since the device is physically incapable of transmitting data from the receiver terminal to the transmitter terminal.
  • the device for unidirectional data transmission is located inside a container, which is secured with a lock.
  • the components are thus protected and, in particular, do not move relative to one another. Failure of the fiber-optic cable consequently becomes very unlikely. It is especially preferred if the container is designed to fit a 19-inch rack.
  • the receiver terminal and the transmitter terminal each have a modular connector.
  • a connector of the 8P8C type (commonly referred to as RJ45 Ethernet connector) is preferred.
  • RJ45 Ethernet connector a connector of the 8P8C type
  • the object of the invention is also achieved by a system for unidirectional data transmission, also called "one-way data system" or ODS, comprising a one-way data device as described above, a transmitter computer, and a receiver computer.
  • the receiver computer is connected to the transmitter computer by the one-way data device.
  • Such a system can provide a complete solution for connecting e.g. an OT network to e.g. the internet, while ensuring the security of the OT network, since the one-way data system can guarantee that the connection is unidirectional - it is then physically impossible for data to travel from the internet to the OT network through the ODS.
  • the transmitter computer is configured to a) receive or fetch data from a data source, b) write said data from said data source to a spreadsheet file, c) read data from said spreadsheet file, and d) send said data from said spreadsheet file to the device for unidirectional data transmission.
  • the data from said spreadsheet file is sent via the UDP protocol.
  • the data source could be, for example, a server in an operating technology network at a power plant or factory, typically an OPC (Open Platform Communication) server.
  • An OPC client could, for example, receive data from such a server and write it to a spreadsheet file, preferably in MS Excel format.
  • the receiver computer is configured to a) receive data from the device for unidirectional data transmission via the UDP protocol, b) check said data from the device for unidirectional data transmission for errors, c) generate a notification if an error is found, d) write said data from the device for unidirectional data transmission to a spreadsheet file, preferably in MS Excel format, and e) provide data from said spreadsheet file over a network connection.
  • the error checking feature is necessary, since UDP does not guarantee error-free delivery of data.
  • the checksums provided by UDP may be used for this purpose. It is preferred, however, to include additional error-checking signals in the data in order to increase data security. If an error in the data is found, the notification could be generated in form of e.g. an email or an SMS to e.g. the relevant system administrator.
  • the transmitter computer, the receiver computer and the device for unidirectional data transmission are each designed to fit a 19-inch rack.
  • a method for unidirectional data transmission comprising the following steps:
  • Fig. 1 shows a schematic diagram of a device for unidirectional data transmission
  • ODD unidirectional data transmission
  • Fig. 2 shows a diagram of the data flow through a one-way data system (ODS);
  • Fig. 3 shows a schematic of a first preferred embodiment of the invention for realtime data transfer
  • Fig. 4 shows a schematic of a second preferred embodiment of the invention for remote file transfer.
  • the configuration of a one-way data device according to the invention is shown in Fig. 1.
  • This device for unidirectional data transmission ODD, the transmitter computer 100 and the receiver computer 110 together form a system for unidirectional data transfer ODS.
  • the one-way data device ODD typically provides modular connectors IN, OUT for connections to these computers 100, 110 via Ethernet cables RJ45.
  • the input connector IN is connected to a transmitter terminal Tx (e.g. by an Ethernet cable RJ45).
  • the transmitter terminal Tx contains a light source, but no light detection sensor, and is designed to convert the electrical signals from the input into optical signals. These are transmit- ted along the fiber-optic cable FO to the receiver terminal Rx, which contains a suitable light detection sensor, but no light source.
  • the receiver terminal Rx converts the optical signals received back into electrical signals, which are supplied to the output connector OUT (typically via an Ethernet cable RJ45).
  • the receiver terminal Rx is thus unable to send information back along the fiber-optic cable FO.
  • the typical data flow through a system for unidirectional data transmission according to the invention is shown in Fig. 2:
  • the data is fetched 200 from a server, or otherwise supplied to the transmitter computer 100.
  • the data is supplied by an OPC server, e.g. located at a power plant or factory, and fetched by an OPC client installed on the transmitter computer 100.
  • the data from the OPC server is then written 210 to a spreadsheet file, e.g. in MS Excel format.
  • the data can be modified by an operator, e.g. in order to add or remove additional signals according to the desired use of the data.
  • Transmitter software on the transmitter computer 100 then reads data from said spreadsheet file, converts the data to UDP datagrams and sends 220 these to the device for unidirectional data transmis- sion ODD.
  • signals for data verification and error checking may be added.
  • the data transfer may preferably occur as a continuous stream.
  • the UDP datagrams are received 230 by receiver software installed on the receiver computer 1 10.
  • the transmitted data is checked for errors and then written 240 to a spreadsheet file, typically in MS Excel format. Users may be allowed to modify tag descrip- tions etc. as required. If errors are detected, a corresponding notification can be generated, usually in form of an email or SMS, in order to warn a responsible person that the one-way data system is not working correctly.
  • Data from this spreadsheet file is provided 250 by the receiver computer 110, for example by an OPC server installed on the receiver computer that acts - to the outside world - as a substitute for the OPC server at the plant, which is thus protected from outside influences by the one-way data system.
  • FIG. 3 A use-case of the system for unidirectional data transmission ODS for real-time data transfer is illustrated schematically in Fig. 3.
  • an OPC server computer 310 resides on a plant DCS (Distributed Control system) network 300.
  • the server 310 is tasked with fetching and subsequently providing real-time operating, monitoring and control signals of machines connected to the plant network 300.
  • the one-way data system ODS is connected to this server 310.
  • the transmitter computer 100 of the ODS gets the data from the OPC server 310 in real-time using OPC client software and transfers these real-time data into a spreadsheet.
  • MS Excel or similar software can thus be used as a user interface tool to add or remove any additional signals that may be required.
  • the transmitter software on the transmitter computer 100 continuously checks for changes in the data, obtains any identified data change from the spreadsheet in real-time and pushes these data through the device for unidirectional data transmission ODD to the receiver computer 1 10 via UDP.
  • the receiver software on the receiver computer 1 10 receives the transmitted data from the transmitter computer 100 and continuously updates the data into a spreadsheet in realtime, for example in Excel format.
  • An OPC Server installed on the receiver computer 1 10 receives the real-time data available in the spreadsheet, e.g. through DDE (Dynamic Data Exchange) or a similar interprocess communication method.
  • This OPC server (on the receiv- er computer 110) is linked to an interface computer 320, which is part of an outside network 330, e.g. a corporate business network.
  • a diagnostics computer 400 collects diagnostic data, e.g. from machines installed at the plant, from the plant network 300. At scheduled times, the diagnostics computer 400 pushes the data, e.g. in form of files, to the transmitter computer 100 of the system for unidirectional data transmis- sion ODS, e.g. via the plant network 300.
  • the transmitter software installed on the transmitter computer 100 receives these data files from the diagnostics computer 400 and (if applicable) converts and pushes them through the device for unidirectional data transmission ODD to the receiver computer 1 10 using UDP.
  • the receiver software installed on the receiv- er computer 1 10 receives the transmitted data file(s) from the transmitter computer 100 and pushes to the remote service/diagnostic system 420 over the internet 410, e.g. via an ADSL line.
  • the remote service/diagnostics system 420 is thus regularly supplied with diagnostics data from the local diagnostics computer 400 located at the plant, even via the insecure internet 410, without actually exposing the plant network 300 to the internet. Even if the remote service/diagnostics system 420 were to become compromised, it could not send any (potentially dangerous) signals to the plant network.
  • a datagram is a basic transfer unit associated with a packet-switched network. Data- grams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The delivery, arrival time, and order of arrival of datagrams need not be guaranteed by the network.
  • the term datagram is often considered synonymous to packet, but datagram is generally reserved for packets of an unreliable service, which cannot notify the sender if delivery fails, while the term packet applies to any packet, reliable or not (according to https://en.wikipedia.org/wiki/Datagram).
  • a distributed control system is a computerized control system for a process or plant, in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control. This is in contrast to non-distributed control systems that use centralized controllers; either discrete controllers located at a central control room or within a central computer.
  • the DCS concept increases reliability and reduces installation costs by localizing control functions near the process plant, but enables monitoring and su- pervisory control of the process remotely (according to https://en.wikipedia.org/wiki/Distributed_control_system).
  • Dynamic Data Exchange is a method of interprocess communication under Mi- crosoft Windows or OS/2. It allows one program to subscribe to items made available by another program, for example a cell in a Microsoft Excel spreadsheet, and be notified whenever that item changes. DDE was partially superseded by Object Linking and Embedding (OLE), but remains used for simple interprocess communication tasks. (See https://en.wikipedia.org/wiki/Dynamic_Data_Exchange.)
  • a modular connector is an electrical connector that was originally designed for use in telephone wiring, but has since been used for many other purposes. Probably the most well- known applications of modular connectors are for telephone jacks and for Ethernet jacks, both of which are nearly always modular connectors.
  • the 8 position 8 contact (8P8C) connector is a modular connector commonly used to terminate twisted pair and multi-conductor flat cable. These connectors are commonly used for Ethernet over twisted pair, registered jacks and other telephone applications, RS-232 serial using the EIA/TIA-561 and Yost standards, and other applications involving unshielded twisted pair, shielded twisted pair, and multi-conductor flat cable. 8P8C un-keyed modular connectors are commonly referred to as RJ45 in the context of Ethernet. (See https://en.wikipedia.org/wiki/Modular_connector.)
  • Open Platform Communication (OPC, formerly known as OLE for Process Control) is a series of standards and specifications for industrial telecommunication and specifies the communication of real-time data, e.g. at a power plant, between various control devices, e.g. from different manufacturers.
  • OPC servers provide standardized methods for any OPC client software to access data from a process control device (such as a distributed control system DCS).
  • DCS distributed control system
  • UDP User Datagram Protocol
  • RFC 768 The User Datagram Protocol
  • UDP uses a simple connectionless transmission model with a minimum of protocol mechanism.
  • UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues, and thus exposes the user's program to any unreliability of the underlying network: there is no guarantee of delivery, ordering, or duplicate protection.
  • UDP is suitable for purposes where error checking and correction are either not necessary or are performed in the application.
  • Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system (According to https://en.wikipedia.org/wiki/User_Datagram_Protocol). References
  • ODD device for unidirectional data transmission

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

A one-way data device (ODD) is suggested, comprising a fiber-optic cable (FO), a transmitter terminal (Tx), and a receiver terminal (Rx). The transmitter terminal (Tx) comprises a light source and no light detection sensor, and the receiver terminal (Rx) comprises a light detection sensor and no light source. The transmitter terminal (Tx) and the receiver terminal (Rx) are connected by the fiber-optic cable (FO) such that data can be transmitted from the transmitter terminal (Tx) to the receiver terminal (Rx). Such a device provides a simple and effective means of ensuring that data is transmitted only in one direction. A one-way data system (ODS) is also suggested, comprising a transmitter computer (100) and a receiver computer (110) connected by a one-way data device (ODD). A corresponding method is also provided.

Description

One-Way Data System (ODS)
DESCRIPTION
FIELD OF THE INVENTION
The present invention relates to a device for unidirectional data transmission, and a corresponding system and method. These relate to IT infrastructure, especially to connecting an operating technology (OT) network, e.g. at a power plant or factory, with larger, insecure networks such as the internet, while maintaining the isolation of the plant network that is required for security reasons.
DESCRIPTION OF RELATED ART
Important infrastructure installations, such as power stations, usually operate in island mode for security reasons. Consequently, the operating data of each station is only available locally in the respective station control room. However, in the present world of information diversification, it is often considered desirable to make this data available to authorized users for online production plant monitoring, evaluation, reporting and decision making. For this purpose, the operating technology (OT) networks must be connected to wider, less secure networks (such as the internet). In order to maintain the necessary security at the plant, data should be allowed to flow in one direction only, and it should not be possible to send any form of command or data to the OT network. The possible security measures to establish such a connection are to use a suitable protocol in combination with the one of the following solutions: • installation of firewalls;
• VPN tunneling; or
• deploying one of the available unidirectional solutions in the market.
Each of these solutions has its own disadvantages relative to secure one way data transfer: The technological limitations and requirements of firewalls and/or VPN tunneling do not guarantee one-way (unidirectional) data transfer. Available solutions in the market that claim one-way data communication and physically unidirectional data flow are generally proprietary. Thus, it is not possible to verify that they are truly unidirectional. In addition, the marketed solutions frequently use FTP (file transfer protocol) to transfer data in form of files or folders. This protocol is not well suited to continuous streaming of real-time data.
OBJECT OF THE INVENTION It is, therefore, an object of the present invention to provide a more secure device, system and method for unidirectional data transmission.
BRIEF SUMMARY OF THE INVENTION
This aim is achieved by the inventions as claimed in the independent claims. Advantageous embodiments are described in the dependent claims, the disclosure of which is hereby incorporated into the description by reference.
Even if no multiple back-referenced claims are drawn, all reasonable combinations of the features in the claims shall be disclosed.
The object of the invention is achieved by a device for unidirectional data transmission, also called "one-way data device" or ODD, comprising a fiber-optic cable, a transmitter terminal, and a receiver terminal. The transmitter terminal comprises a light source and no light detection sensor, and the receiver terminal comprises a light detection sensor and no light source. The transmitter terminal and the receiver terminal are connected by the fiber-optic cable such that data can be transmitted from the transmitter terminal to the receiver terminal.
Since the transmitter terminal contains no light detection sensor, it is physically incapable of receiving information from the cable. In the same way, the receiver terminal is physi- cally incapable of sending information through the cable, since it does not contain a light source. Such a device provides a simple and effective means of ensuring that data is transmitted only in one direction. Security is enhanced, since the device is physically incapable of transmitting data from the receiver terminal to the transmitter terminal.
In a preferred embodiment, the device for unidirectional data transmission is located inside a container, which is secured with a lock. The components are thus protected and, in particular, do not move relative to one another. Failure of the fiber-optic cable consequently becomes very unlikely. It is especially preferred if the container is designed to fit a 19-inch rack.
It is also considered advantageous if the receiver terminal and the transmitter terminal each have a modular connector. A connector of the 8P8C type (commonly referred to as RJ45 Ethernet connector) is preferred. Thus, a standardized connection to other IT or net- working devices is provided.
The object of the invention is also achieved by a system for unidirectional data transmission, also called "one-way data system" or ODS, comprising a one-way data device as described above, a transmitter computer, and a receiver computer. The receiver computer is connected to the transmitter computer by the one-way data device.
Such a system can provide a complete solution for connecting e.g. an OT network to e.g. the internet, while ensuring the security of the OT network, since the one-way data system can guarantee that the connection is unidirectional - it is then physically impossible for data to travel from the internet to the OT network through the ODS.
Preferably, the transmitter computer is configured to a) receive or fetch data from a data source, b) write said data from said data source to a spreadsheet file, c) read data from said spreadsheet file, and d) send said data from said spreadsheet file to the device for unidirectional data transmission. The data from said spreadsheet file is sent via the UDP protocol.
The data source could be, for example, a server in an operating technology network at a power plant or factory, typically an OPC (Open Platform Communication) server. An OPC client could, for example, receive data from such a server and write it to a spreadsheet file, preferably in MS Excel format. Preferably, the receiver computer is configured to a) receive data from the device for unidirectional data transmission via the UDP protocol, b) check said data from the device for unidirectional data transmission for errors, c) generate a notification if an error is found, d) write said data from the device for unidirectional data transmission to a spreadsheet file, preferably in MS Excel format, and e) provide data from said spreadsheet file over a network connection.
The error checking feature is necessary, since UDP does not guarantee error-free delivery of data. The checksums provided by UDP may be used for this purpose. It is preferred, however, to include additional error-checking signals in the data in order to increase data security. If an error in the data is found, the notification could be generated in form of e.g. an email or an SMS to e.g. the relevant system administrator.
In a further embodiment of the system for unidirectional data transmission, the transmitter computer, the receiver computer and the device for unidirectional data transmission are each designed to fit a 19-inch rack.
Security, and especially reliability, is enhanced, if the transmitter computer, the receiver computer and the device for unidirectional data transmission are arranged in a single cabinet; and said cabinet is secured with a lock. Cable failures thus become very unlikely, since the components of the system do not move relative to one another, and the cables are not accessible and thus cannot be tampered with.
The object of the invention is also achieved by a method. In what follows, individual steps of a method will be described in more detail. The steps do not necessarily have to be performed in the order given in the text. Also, further steps not explicitly stated may be part of the method.
A method for unidirectional data transmission is therefore suggested, comprising the following steps:
a) receiving or fetching data from a data source;
b) writing said data to a spreadsheet file;
c) reading data from the spreadsheet file;
d) converting said data from said spreadsheet file into datagrams; e) transmitting said datagrams to the transmitter terminal of a device for unidirectional data transmission according to any one of claims 1 to 4; wherein the UDP protocol is used; f) transmitting said datagrams from the transmitter terminal to the receiver terminal along the fiber-optic cable of said device for unidirectional data transmission;
g) receiving said datagrams from the receiver terminal of said device for unidirectional data transmission;
h) performing error checking on the received datagrams;
i) generating a notification if an error is found;
j) converting said datagrams to spreadsheet data;
k) writing said spreadsheet data to a spreadsheet file; and
I) providing data from said spreadsheet file over a network connection.
Furthermore, the object of the invention is achieved by
- a computer program, wherein the computer program is adapted to perform steps c) to e) of the method described above while said computer program is being executed on a transmitter computer in a one-way data system as described above; and by
- a computer program, wherein the computer program is adapted to perform steps g) to k) of the method described above while said computer program is being executed on a receiver computer in a one-way data system as described above.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
Other objects and advantages of the present invention may be ascertained from a reading of the specification and appended claims in conjunction with the drawings therein.
For a more complete understanding of the present invention, reference is established to the following description made in connection with accompanying drawings in which:
Fig. 1 shows a schematic diagram of a device for unidirectional data transmission
(ODD) as part of a system for unidirectional data transmission (ODS);
Fig. 2 shows a diagram of the data flow through a one-way data system (ODS);
Fig. 3 shows a schematic of a first preferred embodiment of the invention for realtime data transfer; and Fig. 4 shows a schematic of a second preferred embodiment of the invention for remote file transfer.
DETAILED DESCRIPTION OF THE INVENTION
The configuration of a one-way data device according to the invention is shown in Fig. 1. This device for unidirectional data transmission ODD, the transmitter computer 100 and the receiver computer 110 together form a system for unidirectional data transfer ODS. The one-way data device ODD typically provides modular connectors IN, OUT for connections to these computers 100, 110 via Ethernet cables RJ45. Inside the one-way data device, the input connector IN is connected to a transmitter terminal Tx (e.g. by an Ethernet cable RJ45). The transmitter terminal Tx contains a light source, but no light detection sensor, and is designed to convert the electrical signals from the input into optical signals. These are transmit- ted along the fiber-optic cable FO to the receiver terminal Rx, which contains a suitable light detection sensor, but no light source. The receiver terminal Rx converts the optical signals received back into electrical signals, which are supplied to the output connector OUT (typically via an Ethernet cable RJ45). The receiver terminal Rx is thus unable to send information back along the fiber-optic cable FO.
The typical data flow through a system for unidirectional data transmission according to the invention is shown in Fig. 2: The data is fetched 200 from a server, or otherwise supplied to the transmitter computer 100. Typically, the data is supplied by an OPC server, e.g. located at a power plant or factory, and fetched by an OPC client installed on the transmitter computer 100. The data from the OPC server is then written 210 to a spreadsheet file, e.g. in MS Excel format. At this stage, the data can be modified by an operator, e.g. in order to add or remove additional signals according to the desired use of the data. Transmitter software on the transmitter computer 100 then reads data from said spreadsheet file, converts the data to UDP datagrams and sends 220 these to the device for unidirectional data transmis- sion ODD. At this stage, signals for data verification and error checking may be added. The data transfer may preferably occur as a continuous stream. After passing through this device, the UDP datagrams are received 230 by receiver software installed on the receiver computer 1 10. At this stage, the transmitted data is checked for errors and then written 240 to a spreadsheet file, typically in MS Excel format. Users may be allowed to modify tag descrip- tions etc. as required. If errors are detected, a corresponding notification can be generated, usually in form of an email or SMS, in order to warn a responsible person that the one-way data system is not working correctly. Data from this spreadsheet file is provided 250 by the receiver computer 110, for example by an OPC server installed on the receiver computer that acts - to the outside world - as a substitute for the OPC server at the plant, which is thus protected from outside influences by the one-way data system.
A use-case of the system for unidirectional data transmission ODS for real-time data transfer is illustrated schematically in Fig. 3. In this embodiment, an OPC server computer 310 resides on a plant DCS (Distributed Control system) network 300. The server 310 is tasked with fetching and subsequently providing real-time operating, monitoring and control signals of machines connected to the plant network 300. The one-way data system ODS is connected to this server 310. The transmitter computer 100 of the ODS gets the data from the OPC server 310 in real-time using OPC client software and transfers these real-time data into a spreadsheet. In a typical situation, MS Excel or similar software can thus be used as a user interface tool to add or remove any additional signals that may be required. The transmitter software on the transmitter computer 100 continuously checks for changes in the data, obtains any identified data change from the spreadsheet in real-time and pushes these data through the device for unidirectional data transmission ODD to the receiver computer 1 10 via UDP. The receiver software on the receiver computer 1 10 receives the transmitted data from the transmitter computer 100 and continuously updates the data into a spreadsheet in realtime, for example in Excel format. An OPC Server installed on the receiver computer 1 10 receives the real-time data available in the spreadsheet, e.g. through DDE (Dynamic Data Exchange) or a similar interprocess communication method. This OPC server (on the receiv- er computer 110) is linked to an interface computer 320, which is part of an outside network 330, e.g. a corporate business network. Real-time data from the plant can thus be continuously provided to a remote information system, without exposing the plant network 300 to the less secure network 330. A second use-case of the system for unidirectional data transmission ODS for a remote diagnostic situation is illustrated schematically in Fig. 4. In this embodiment, a diagnostics computer 400 collects diagnostic data, e.g. from machines installed at the plant, from the plant network 300. At scheduled times, the diagnostics computer 400 pushes the data, e.g. in form of files, to the transmitter computer 100 of the system for unidirectional data transmis- sion ODS, e.g. via the plant network 300. The transmitter software installed on the transmitter computer 100 receives these data files from the diagnostics computer 400 and (if applicable) converts and pushes them through the device for unidirectional data transmission ODD to the receiver computer 1 10 using UDP. The receiver software installed on the receiv- er computer 1 10 receives the transmitted data file(s) from the transmitter computer 100 and pushes to the remote service/diagnostic system 420 over the internet 410, e.g. via an ADSL line. The remote service/diagnostics system 420 is thus regularly supplied with diagnostics data from the local diagnostics computer 400 located at the plant, even via the insecure internet 410, without actually exposing the plant network 300 to the internet. Even if the remote service/diagnostics system 420 were to become compromised, it could not send any (potentially dangerous) signals to the plant network.
While the present inventions have been described and illustrated in conjunction with a number of specific embodiments, those skilled in the art will appreciate that variations and modifications may be made without departing from the principles of the inventions as herein illustrated, as described and claimed. The present inventions may be embodied in other specific forms without departing from their spirit or essential characteristics. The described embodiments are considered in all respects to be illustrative and not restrictive. The scope of the inventions is, therefore, indicated by the appended claims, rather than by the foregoing description. All changes which come within the meaning and range of equivalence of the claims are to be embraced within their scope.
Glossary
Datagram
A datagram is a basic transfer unit associated with a packet-switched network. Data- grams are typically structured in header and payload sections. Datagrams provide a connectionless communication service across a packet-switched network. The delivery, arrival time, and order of arrival of datagrams need not be guaranteed by the network. The term datagram is often considered synonymous to packet, but datagram is generally reserved for packets of an unreliable service, which cannot notify the sender if delivery fails, while the term packet applies to any packet, reliable or not (according to https://en.wikipedia.org/wiki/Datagram).
DCS
A distributed control system (DCS) is a computerized control system for a process or plant, in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control. This is in contrast to non-distributed control systems that use centralized controllers; either discrete controllers located at a central control room or within a central computer. The DCS concept increases reliability and reduces installation costs by localizing control functions near the process plant, but enables monitoring and su- pervisory control of the process remotely (according to https://en.wikipedia.org/wiki/Distributed_control_system).
DDE
Dynamic Data Exchange (DDE) is a method of interprocess communication under Mi- crosoft Windows or OS/2. It allows one program to subscribe to items made available by another program, for example a cell in a Microsoft Excel spreadsheet, and be notified whenever that item changes. DDE was partially superseded by Object Linking and Embedding (OLE), but remains used for simple interprocess communication tasks. (See https://en.wikipedia.org/wiki/Dynamic_Data_Exchange.)
Modular connector (8P8C)
A modular connector is an electrical connector that was originally designed for use in telephone wiring, but has since been used for many other purposes. Probably the most well- known applications of modular connectors are for telephone jacks and for Ethernet jacks, both of which are nearly always modular connectors.
The 8 position 8 contact (8P8C) connector is a modular connector commonly used to terminate twisted pair and multi-conductor flat cable. These connectors are commonly used for Ethernet over twisted pair, registered jacks and other telephone applications, RS-232 serial using the EIA/TIA-561 and Yost standards, and other applications involving unshielded twisted pair, shielded twisted pair, and multi-conductor flat cable. 8P8C un-keyed modular connectors are commonly referred to as RJ45 in the context of Ethernet. (See https://en.wikipedia.org/wiki/Modular_connector.)
OPC
Open Platform Communication (OPC, formerly known as OLE for Process Control) is a series of standards and specifications for industrial telecommunication and specifies the communication of real-time data, e.g. at a power plant, between various control devices, e.g. from different manufacturers. OPC servers provide standardized methods for any OPC client software to access data from a process control device (such as a distributed control system DCS). Traditionally, any time a software package needed access to data from a device, a custom interface, or driver, had to be written. The purpose of OPC is to define a common interface that is written once and then reused by any (e.g. business, SCADA, HMI, or cus- torn) software packages.
UDP
The User Datagram Protocol (UDP) is formally defined in RFC 768. UDP uses a simple connectionless transmission model with a minimum of protocol mechanism. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues, and thus exposes the user's program to any unreliability of the underlying network: there is no guarantee of delivery, ordering, or duplicate protection. UDP is suitable for purposes where error checking and correction are either not necessary or are performed in the application. Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system (According to https://en.wikipedia.org/wiki/User_Datagram_Protocol). References
100 transmitter computer
1 10 receiver computer
200 fetch data from server
210 write data to file
220 send data from file to ODD
230 receive and check data from ODD
240 write data to file
250 provide data from file
300 plant network
310 plant OPC server
320 interface computer
330 outside network
400 diagnostics computer
410 internet
420 remote service/diagnostic system
FO fiber-optic cable
IN, OUT modular connectors
ODD device for unidirectional data transmission
ODS system for unidirectional data transmission
RJ45 Ethernet cable
Rx receiver terminal
Tx transmitter terminal

Claims

1. Device for unidirectional data transmission (ODD), comprising:
a) a fiber-optic cable (FO),
b) a transmitter terminal (Tx), and
c) a receiver terminal (Rx);
d) wherein the transmitter terminal (Tx) comprises a light source and no light detection sensor;
e) wherein the receiver terminal (Rx) comprises a light detection sensor and no light source; and
f) wherein the transmitter terminal (Tx) and the receiver terminal (Rx) are connected by the fiber-optic cable (FO) such that data can be transmitted from the light source of the transmitter terminal (Tx) to the light detection sensor of the receiver terminal (Rx).
2. Device according to claim 1 ; wherein the device is located inside a container; and wherein said container is secured with a lock.
3. Device according to claim 2; wherein the container is designed to fit a 19-inch rack.
4. Device according to any one of claims 1 to 3; wherein the receiver terminal (Rx) and the transmitter terminal (Tx) each have a modular connector (IN, OUT).
5. System for unidirectional data transmission (ODS), comprising:
a device (ODD) according to any one of claims 1 to 4, a transmitter computer (100), and a receiver computer (1 10);
wherein the receiver computer (1 10) is connected to the transmitter computer (100) by the device (ODD) according to any one of claims 1 to 4.
6. System according to claim 5; wherein the transmitter computer (100) is configured to a) receive or fetch data from a data source (310; 400);
b) write said data from said data source (310; 400) to a spreadsheet file; c) read data from said spreadsheet file; and
d) send said data from said spreadsheet file to the device for unidirectional data transmission (ODD);
wherein said data from said spreadsheet file is sent via the UDP protocol.
7. System according to claim 5 or 6; wherein the receiver computer (1 10) is configured to
a) receive data from the device for unidirectional data transmission (ODD) via the UDP protocol:
b) check said data from the device for unidirectional data transmission (ODD) for errors;
c) generate a notification if an error is found;
d) write said data from the device for unidirectional data transmission to a spreadsheet file; and
e) provide data from said spreadsheet file over a network connection.
8. System according to any one of claims 5 to 7; wherein the transmitter computer (100), the receiver computer (1 10) and the device for unidirectional data transmission (ODD) are each designed to fit a 19-inch rack.
9. System according to any one of claims 5 to 8; wherein the transmitter computer (100), the receiver computer (110) and the device for unidirectional data transmission (ODD) are arranged in a single cabinet; and wherein said cabinet is secured with a lock.
10. Method for unidirectional data transmission; comprising the following steps:
a) receiving or fetching (200) data from a data source;
b) writing (210) said data to a spreadsheet file;
c) reading data from the spreadsheet file;
d) converting said data from said spreadsheet file into datagrams;
e) transmitting (220) said datagrams to the transmitter terminal of a device for unidirectional data transmission (ODD) according to any one of claims 1 to 4; wherein the UDP protocol is used;
f) transmitting said datagrams from the transmitter terminal to the receiver terminal along the fiber-optic cable of said device for unidirectional data transmission (ODD); g) receiving (230) said datagrams from the receiver terminal of said device for unidirectional data transmission;
h) performing error checking (230) on the received datagrams;
i) generating a notification if an error is found;
j) converting said datagrams to spreadsheet data;
k) writing (240) said spreadsheet data to a spreadsheet file; and
I) providing (250) data from said spreadsheet file over a network connection.
1 1. Computer program, wherein the computer program is adapted to perform steps c) to e) of the method according to claim 10 while said computer program is being executed on a transmitter computer (100) in a system (ODS) according to any one of claims 5 to 9.
12. Computer program, wherein the computer program is adapted to perform steps g) to k) of the method according to claim 10 while said computer program is being executed on a receiver computer (110) in a system (ODS) according to any one of claims 5 to 9.
PCT/IB2017/000455 2017-04-21 2017-04-21 One-way data system (ods) WO2018193277A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
GBGB1709043.2A GB201709043D0 (en) 2017-04-21 2017-04-21 No details
PCT/IB2017/000455 WO2018193277A1 (en) 2017-04-21 2017-04-21 One-way data system (ods)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2017/000455 WO2018193277A1 (en) 2017-04-21 2017-04-21 One-way data system (ods)

Publications (1)

Publication Number Publication Date
WO2018193277A1 true WO2018193277A1 (en) 2018-10-25

Family

ID=59349863

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2017/000455 WO2018193277A1 (en) 2017-04-21 2017-04-21 One-way data system (ods)

Country Status (2)

Country Link
GB (1) GB201709043D0 (en)
WO (1) WO2018193277A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021043830A1 (en) 2019-09-05 2021-03-11 Terega Unidirectional data transfer system and corresponding method
CN116054945A (en) * 2023-04-06 2023-05-02 深圳华创芯光科技有限公司 High-reliability unidirectional optical wireless communication data transmission system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202906969U (en) * 2012-09-25 2013-04-24 上海辰锐信息科技公司 Boundary safety transmission equipment base on unidirectional light technology and a communication system employing the equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202906969U (en) * 2012-09-25 2013-04-24 上海辰锐信息科技公司 Boundary safety transmission equipment base on unidirectional light technology and a communication system employing the equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
COMPUTER HOUSING: "Fantec TCG-3830KX07-1", FANTEC, 8 March 2012 (2012-03-08), Retrieved from the Internet <URL:https://geizhals.at/?phist=746369> [retrieved on 20180323] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021043830A1 (en) 2019-09-05 2021-03-11 Terega Unidirectional data transfer system and corresponding method
FR3100626A1 (en) 2019-09-05 2021-03-12 Terega UNIDIRECTIONAL DATA TRANSFER SYSTEM AND CORRESPONDING METHOD
CN116054945A (en) * 2023-04-06 2023-05-02 深圳华创芯光科技有限公司 High-reliability unidirectional optical wireless communication data transmission system

Also Published As

Publication number Publication date
GB201709043D0 (en) 2017-07-19

Similar Documents

Publication Publication Date Title
US11734213B2 (en) Integration of multiple communication physical layers and protocols in a process control input/output device
US20060031577A1 (en) Remote processing and protocol conversion interface module
US7685267B2 (en) Method and system for connecting to a field device
CN107852415B (en) Method and apparatus for non-reactive transfer of data between networks
JP6606293B2 (en) Method and device for monitoring data processing and data transmission within the safety chain of a safety system
US12107835B2 (en) Secure remote access to historical data
CN104169817A (en) Control device for controlling safety-critical processes in an automated plant and method for parameterizing the control device
CN110161896B (en) Control system for a power supply assembly and associated method for starting, controlling and monitoring a power supply assembly
CN116255492A (en) Novel valve control system
WO2018193277A1 (en) One-way data system (ods)
JP7063976B2 (en) Data transmission between at least one secure producer and at least one secure consumer
CN106375273A (en) Automated network and method for monitoring data packet transmission security
KR101740236B1 (en) A remote management system for apparatus having mqtt and dds client module
LU100282B1 (en) One-Way Data System (ODS)
KR20170093562A (en) Smart factory connection module and operating method thereof
AU2018373682B2 (en) Method for remote management of a device connected to a residential gateway
KR101888792B1 (en) Method for data communication and system comprising the same
US20090097470A1 (en) Methods and systems for communicating data
US20250110463A1 (en) I/o carrier and backplane for industrial process control systems
US20250110911A1 (en) I/o carrier and backplane for industrial process control systems
AlMadhoun Communication Protocols
CN119094621A (en) Communication protocol development methods, devices, equipment, media and products
Berrie et al. Networks in Process Automation: Hardware Structures and Integration of Process Variables into Networks
HE800ETN200 et al. SmartStack™

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 1709043.2

Country of ref document: GB

WWE Wipo information: entry into national phase

Ref document number: LU100282

Country of ref document: LU

WWG Wipo information: grant in national office

Ref document number: LU100282

Country of ref document: LU

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17906467

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17906467

Country of ref document: EP

Kind code of ref document: A1