This invention relates to factory process control systems, and more particularly, to communications protocol schemes for securing the integrity of messages passed in a process control system against crosstalk in the system.
Factory processing operations often utilize a control system of distributed sensors and actuators to monitor and control operations like food or materials processing. Sensors might monitor, for example, the pressure and temperature of processed materials, while actuators might control the opening of valves and the regulation of heat. A factory processing operation may rely on hundreds, or even thousands, of such sensors and actuators, distributed throughout the factory process site, (which may be many miles wide) for successful integration of process control.
Each of the control system's distributed sensors and actuators is typically connected to a central control station in the factory by means of a transmitter connected to an electrical link. Together with links from other sensors and actuators, as well as links to autonomous processing equipment not in the control system, the link is strung through the factory to the central controller. The central controller communicates with the sensor and actuator transmitters across the links to command their operations and monitor their status. For example, the closure of a valve in an emergency situation would be commanded by the controller across the system link and to the transmitter corresponding to the valve actuator.
Commonly, the bundle of transmitter links strung through the factory is susceptible to electrical signal crosstalk between the links and also to external sources of electrical noise from, for example, the autonomous processing equipment. In addition, links which share common impedances (such as a common fuse) are even more susceptible to internal crosstalk. This internal crosstalk and external noise can distort valid command and response messages sent between the central controller and the sensors and actuators, and may even introduce false messages into the system. Thus, direct hardware links between the controller and the transmitters do not ensure that controller commands are received and acted on only by an intended sensor or actuator, and do not ensure that reply messages to the controller originated at an expected transmitter.
Conventional addressing schemes, in which each sensor and actuator is assigned a unique address, are also ineffective at securing the integrity of command and reply messages in the control system. In a typical factory process installation, there is no predefined upper limit on the number of sensors and actuators that could be added to the system; as the process changes over time, the control system correspondingly changes in an unpredictable way. Thus, in an address-based scheme in which a destination address field would be included in each message, the address field would have to be arbitrarily wide to accommodate an unpredictably large number of unique addresses for all possible future transmitters. Also, the length of a message and correspondingly, the message transmission time and the control system throughput would be severely impacted by such an address field requirement.