	US 12,085,921 B2
	Managing firmware and software updates within a secure deployment system
David C. Mazur, Mequon, WI (US); Rob A. Entzminger, Shawnee, KS (US); Nathaniel S. Sandler, Chagrin Falls, OH (US); Jonathan Alan Mills, Mayfield Heights, OH (US); and Todd A. Wiese, Hubertus, WI (US)
Assigned to Rockwell Automation Technologies, Inc., Mayfield Heights, OH (US)
Filed by Rockwell Automation Technologies, Inc., Mayfield Heights, OH (US)
Filed on Feb. 7, 2023, as Appl. No. 18/107,004.
Claims priority of provisional application 63/425,117, filed on Nov. 14, 2022.
Prior Publication US 2024/0160190 A1, May 16, 2024
Int. Cl. G06F 21/00 (2013.01); G05B 19/418 (2006.01)

CPC G05B 19/4185 (2013.01) [G05B 2219/23317 (2013.01); G05B 2219/25205 (2013.01)]

11 Claims

1. A method, comprising:

receiving, via a network interface of a secure deployment management (SDM) system comprising at least one processor, a notification indicative of a change in first configuration data stored within an industrial device from a secure deployment management (SDM) node associated with the industrial device, wherein the SDM system and the SDM node are configured to communicate via a secure network of an industrial automation system via a preprogrammed handshake protocol, wherein the change in the first configuration data is received from a user via a computing device configured to locally connect to the industrial device, wherein the SDM node is preregistered with the SDM system and comprises a system-on-chip (SoC) circuit integrated within the industrial device, wherein the SDM node corresponds to one of a plurality of SDM nodes authorized to communicate with the SDM system via the preprogrammed handshake protocol, and wherein the notification is received via a secure communication channel between the SDM system and the SDM node after the secure communication channel is established by the SDM system with the SDM node and one or more security protocols;

retrieving, via the SDM system, second configuration data associated with the industrial device from a data source separate from the SoC circuit in response to receiving the notification, wherein the second configuration data corresponds to the first configuration data excluding the change in the first configuration data, and wherein the data source is configured to communicate with the SDM system via a remote network; and

sending, via the SDM system, the second configuration data to the SDM node via the secure communication channel in response to establishing the secure communication channel between the SDM system and the SDM node and verifying that the second configuration data is associated with the industrial device, wherein the industrial device is configured to:

receive the second configuration data from the SDM node without performing one or more security operations on the second configuration data; and

modify one or more operations performed by the industrial device based on the second configuration data.