METHOD AND SYSTEM FOR GENERATING CONFIGURABLE MANAGEMENT INFORMATION BASE FOR A NETWORK OF
CONTROLLERS
FIELD OF THE INVENTION
Embodiments of the disclosure generally relate to controls of industrial systems, and more particularly methods and systems for managing a group of controllers.
BACKGROUND OF THE INVENTION
A typical industrial application can include tens to hundreds of controllers to monitor and control sets of subsystems. Examples of such applications include a power plant, a factory, a refinery, a power distribution site, a wind or solar farm, among others. There is a trend to improve the operation and productivity of existing and new industrial applications by automating the controls of such application as well as leveraging the data generated at such applications. Given, for example, that a typical gas turbine engine, which can be one of many sited at a given power plant, can have upwards of 200 sensors and can generate over 300 data points per second of performance operation, the task of automating, analyzing, and data mining useful information from the vast amount of generated data is a challenge.
In addition, industrial applications make up the core infrastructure of any given geographic location. Secured operation of the controllers employed in such applications is a requirement of industrial applications to safeguard against intrusion and disruption of the infrastructure and services thereof. To ensure such secure operation, certain controllers require the physical action, of an operator, at the controller when making changes or updates to the hardware, firmware, operating system, and/or security features of the controller. In many instances, manual switches (e.g., DIP switches, jumpers) located on the device must be activated for the controller to allow such change or updates to occur.

One type of control architecture employs a human-machine-interface (HMI) controller that serves as a local point of aggregation of control for a plurality of controllers. This controller, in some implementations, is a ruggedized multi-touch display that combines both a rugged multi-touch display interface and a processing element dedicated to automating and aggregating the controls and data collection of the one or more subsystems. Examples of aggregated controls include the aggregating of alarms and status conditions for a set of controllers.
Simple Network Management Protocol (SNMP) is an efficient and well-established technology for managing devices with limited HMI capabilities. A SNMP network includes a managed device running a SNMP agent that communicates to a SNMP manager running, for example, on a server. The SNMP agent, which often has a limited HMI, allows parameters, such as status and operating values, maintained by the managed device to be communicated to the SNMP manager. The SNMP manager uses a management information base (MIB) containing a static collection of definitions of administration parameters of the managed data to access such parameters of the managed device. For example, the SNMP manager can use the MIB to request information from the SNMP agent as well as to interpret notifications, alarms, and messages sent from the SNMP agent. The MIB of a given managed device is primarily provided by the manufacturer of the managed device and are typically updated with update MIB files provided by the manufacturer.
Therefore, what are needed are devices, systems and methods that overcome challenges in the present art, some of which are described above.
SUMMARY OF THE INVENTION
Disclosed herein is a method and system of generating an updated management information base (MIB) (e.g., a "configurable MIB") of a computing device, where the updated MIB includes definitions for parameters (e.g., raw data and

semi-processed data) associated with operations of a network of controllers such as Programmable Logic Controller (PLC) and Supervisory Control And Data Acquisition (SCADA) systems. This technology provides a framework to extend the MIB of a Simple-Network-Management-Protocol (SNMP) agent executing on a computing device to include the operating and status data of a group of controllers that are connected to the computing device, wherein the computing device serves as the aggregator/monitor of such controllers. In this manner, the updated MIB provides access both to device data of the group of managed controllers and to the local data of the computing device. In some embodiments, the computing device is a HMI device that provides ruggedized and multi-touch display of operating conditions and status for the managed controllers. The technology enables the use of SNMP framework to monitor alarms, status, fault conditions, among others, from a SNMP agent residing on the computing device, at a SNMP manager executed on a server (e.g., a remote server or an external collector).
In addition to extending the MIB to multiple controllers, the technology enables controllers to be added to the network of managed controllers (connected to the computing device) without having update MIB generated by a given manufacturer of the controller. Data from the added controllers, once available to the managed device, can be added to those that are accessible by SNMP manager using the existing SNMP framework. The updated MIB herein is generated at a managed device and is loaded into a SNMP manager to allow the SNMP manager to communicate with the SNMP agent and access the data therein.
In addition, the technology enables the updated MIB to be dynamically-generated within an information model framework. This information framework beneficially allows data collected to the computing device (e.g., the HMI computing device) to be organized in an information model to allow properties and metadata information associated with the raw data (of the controllers and managed device) to be made explicit and preserved. The raw data in conjunction with its own properties, the properties of the managed device and the controllers, and any metadata

information collected therefrom enables derivation of controller-level information and knowledge, which can be used to derived equipment-level and plant-level information and knowledge. The information model further provides a self-describing framework for each of the elements of the data to allow the updated MIB to be parse-able by the SNMP manager in a self-contained manner. That is, the updated MIB includes the information sufficient for the reading of the contents therein by a lightweight application.
In addition, the technology enables a single action, e.g., of programming a runtime application for the monitoring of control values and alarms of a HMI controller, to configure a SNMP agent and its corresponding SNMP manager within a SNMP framework without the operator having to separately write a MIB for the SNMP manager. The managed device generates the updated MIB in an automatic manner by extracting the control parameters from the runtime application. In this manner, the updated MIB optimally provides only data necessary for the operation of the runtime application monitoring and control application, thereby conserving and minimizing usage of limited controller computing resources.
In addition, the technology enables a security measure that allows device configuration permissions to be set only by physical presence of an operator at a HMI device. That is, the operator has to provide tactile gestures to a HMI display of the device and/or manual activation of physical switches of the device to fulfill this security measure. This technology enables an operator to perform underlying changes and/or updates to hardware, firmware, operating system, and/or security features of the controller without having to access manual switches, often located on circuit boards within the controller. The technology enables a "soft" manual switch that is comparable, in effect, to a "hard" manual switch.
In one aspect, a method of generating an updated management information base (MIB) (e.g., a configurable MIB) of a computing device is described. The updated MIB includes data associated with operations of a plurality of controllers (e.g., a SCAD A, PLC, and other industrial controllers) in communication with the

computing device, where the computing device and plurality of controllers, collectively, forms a subnetwork (e.g., an industrial network) managed by the computing device. The method includes receiving, by a processor of the computing device (e.g., QuickPanelPlus), one or more supervision commands (e.g., Alarms and/or HMI Tags) associated with operations of one or more controllers, wherein the supervision command includes an identifier corresponding to one or more control parameters (e.g., 10 values and/or status values) of the one or more controllers. The method further includes generating, by the processor, an updated MTB for the computing device, wherein the updated MTB includes definitions for interfacing to the one or more control parameters of the one or more controllers. The updated MIB is used by a SNMP manager executing on a second computing device (e.g., a server) to interface with a SNMP agent executing on the computing device through SNMP. The method further includes receiving, by the processor, data (e.g., control parameters) associated with operations of the one or more controllers. The method further includes comparing, by the processor, the received data to one or more notification rules associated with the supervision command. The method further includes, in response to a match of a particular notification rule of the one or notification rules, causing, by the processor of the computing device, transmission of a Simple-Network-Management-Protocol (SNMP) notification to a SNMP manager at a second computing device, wherein the SNMP notification includes an indication of a matched notification rule. In some embodiments, the SNMP notification is transmitted, at the SNMP agent, in response to an event triggered by a managed parameter.
In some embodiments, the method (e.g., of using the updated MIB to request data from the SNMP agent by the SNMP manager) includes receiving, by the processor, from the SNMP manager of the second computing device, a SNMP request for a control value corresponding to the one or more control parameters of the one or more controllers, wherein the control value is derived from the updated MIB; and in response to the request, transmitting, by the processor, a SNMP message to the

SNMP manager, the SNMP message including, at least, the requested control value. In some embodiments, the SNMP message includes a message selected from the group consisting of an alert, an out-of-bound condition, an in-bound condition, a normal status, an abnormal status, among others.
In some embodiments, the controller includes a system selected from the group consisting of a Programmable Logic Controller (PLC) and a Supervisory Control and Data Acquisition (SCADA) system.
In some embodiments, the updated management information base includes a plurality of static components and a plurality of dynamic components, wherein each of the plurality of static components includes instructions associated with information of the computing device, and wherein each of the plurality of dynamic components includes instructions associated with information of the one or more controllers.
In another aspect, a method is described (e.g., of extending, and re-extending, a management information base (MIB) of a computing device to include operating parameters of a set of controllers, where the controller is in communication with the computing device. The method includes establishing, at the computing device, one or more first connections to a corresponding set of one or more first controllers, wherein the computing device is configured to receive first operating data from the set of one or more first controllers on an on-going basis during runtime of the computing device. The method further includes generating, at the computing device, a first MIB, wherein the first MIB includes i) access definitions of operating data corresponding to the computing device and ii) access definitions of the first operating data corresponding to the set of one or more first controllers (e.g., wherein the MIB is stored in the memory of the computing device). The method further includes establishing, at the computing device, one or more second connections to a corresponding set of one or more second controllers, wherein the computing device is configured to receive second operating data from the one or more second controllers on an on-going basis during the runtime of the computing device. The method further includes generating, at the computing device, a second MIB, wherein the

second MIB includes i) access definitions of the operating data corresponding to the computing device, ii) access definitions of the first operating data corresponding to the set of one or more first controllers, and iii) access definitions of the second operating data corresponding to the set of one or more second controllers.
In some embodiments, the method (e.g., of using the first and second MIB by a SNMP manager), includes: loading, in memory of a second computing device (e.g., a server running a SNMP manager), the first MIB, wherein the second computing device is executing a SNMP manager; interrogating, at the second computing device, a SNMP agent executing on the computing device for the status or operating data associated with the set of one or more first controllers, wherein the status and/or operating data is derived from the first MIB; loading, in memory of the second computing device, the second MIB; and interrogating, at the second computing device, the SNMP agent of the computing device for the status or operating data associated with either the set of the one or more first controllers and/or the set of the one or more second controllers, wherein the status and/or operating data is derived from the second MIB.
In another aspect, a system of generating an updated management information base (MIB) (e.g., a configurable MIB) of a computing device is described. The updated MIB includes data associated with operations of a plurality of controllers (e.g., a SCAD A, PLC, and other industrial controllers) in communication with the computing device, where the computing device and plurality of controllers, collectively, forms a subnetwork (e.g., an industrial network) managed by the computing device. The system includes a processor and a memory having instructions stored thereon, wherein the instructions, when executed by the processor, cause the processor to receive one or more supervision commands (e.g., Alarms and/or HMI Tags) associated with operations of one or more controllers, wherein the supervision command includes an identifier corresponding to one or more control parameters (e.g., 10 values and/or status values) of the one or more controllers.

The instructions, when executed by the processor, further cause the processor to generate an updated MIB for the computing device, wherein the updated MIB includes definitions for interfacing to the one or more control parameters of the one or more controllers (e.g., wherein the updated MIB is used by a SNMP manager executing on a second computing device (e.g., a server), wherein the SNMP manager interfaces with a SNMP agent through SNMP messages using information in the updated MIB, and wherein the SNMP agent is executed on the computing device).
The instructions, when executed by the processor, further cause the processor to receive data associated with operations of the one or more controllers.
The instructions, when executed by the processor, further cause the processor to compare the received data to one or more notification rules associated with the supervision command.
The instructions, when executed by the processor, further cause the processor to, in response to a match of a particular notification rule of the one or notification rules, cause transmission of a Simple-Network-Management-Protocol (SNMP) notification to a SNMP manager at a second computing device, wherein the SNMP notification includes an indication of a matched notification rule.
In some embodiments, the instructions, when executed by the processor, further cause the processor to receive from the SNMP manager of the second computing device, a SNMP request for a control value corresponding to the one or more control parameters of the one or more controllers, wherein the control value is derived from the updated MIB; and in response to the request, transmit a SNMP message to the SNMP manager, the SNMP message including, at least, the requested control value (e.g., wherein the SNMP message includes a message selected from the group consisting of an alert, an out-of-bound condition, an in-bound condition, a normal status, an abnormal status, among others).
In some embodiments, the controller includes a system selected from the group consisting of a Programmable Logic Controller (PLC) and a Supervisory Control and Data Acquisition (SCADA) system.

In some embodiments, the updated management information base includes a plurality of static components and a plurality of dynamic components, wherein each of the plurality of static components includes instructions associated with information of the computing device, and wherein each of the plurality of dynamic components includes instructions associated with information of the one or more controllers.
In another aspect, a system is described (e.g., of extending, and re-extending, a management information base (MIB) of a computing device to include operating parameters of a set of controllers, where the controller is in communication with the computing device. The system includes a processor and a memory having instructions stored thereon, wherein the instructions, when executed by the processor, cause the processor to establish, at the computing device, one or more first connections to a corresponding set of one or more first controllers, wherein the computing device is configured to receive first operating data from the set of one or more first controllers on an on-going basis during runtime of the computing device.
The instructions, when executed by the processor, further cause the processor to generate, at the computing device, a first MIB, wherein the first MIB includes i) access definitions of the operating data corresponding to the computing device and ii) access definitions of the first operating data corresponding to the set of one or more first controllers (e.g., wherein the MIB is stored in the memory of the computing device).
The instructions, when executed by the processor, further cause the processor to establish, at the computing device, one or more second connections to a corresponding set of one or more second controllers, wherein the computing device is configured to receive second operating data from the one or more second controllers on an on-going basis during the runtime of the computing device.
The instructions, when executed by the processor, further cause the processor to generate, at the computing device, a second MIB, wherein the second MIB includes i) access definitions of the operating data corresponding to the computing device, ii) access definitions of the first operating data corresponding to the set of one

or more first controllers, and iii) access definitions the second operating data corresponding to the set of one or more second controllers.
In another aspect, a dynamically-generated management information base (MIB) file is described. The dynamically-generated management information base (MIB) file is stored in a non-transitory computer readable medium such as a mass storage device connected to a computing device. The dynamically-generated MIB file includes a first set of instructions; and a second set of instructions, wherein each of the first set of instructions includes statically-defined elements corresponding to a set of one or more first parameters associated with operations and/or information of the computing device, and wherein each of the second set of instructions includes dynamically-defined elements corresponding to a set of one or more second parameters associated with operations and/or information of the plurality of controllers (e.g., wherein the second set of instructions includes instructions for alarms and 10 parameters) (and, e.g., wherein the number of second set of instructions varies according to a number of alarms and a number of 10 parameters established for a given runtime application of a computing device), wherein each dynamically-defined element includes an object definition and an object definition type, wherein the object definition includes a data field selected from the group consisting of an object name, an object status, and an object definition, and wherein the object definition type includes a data field selected from the group consisting of a syntax field, an access field, a status field, and a description field. The object definition type describes the attributes and/or properties of the each object definition.
In some embodiments, the set of one or more second parameters includes one or more alarm definitions and (e.g., Alarms/Traps) and one or more 10 parameters (e.g., sequence of HMI-Tags), wherein each of the one or more alarm definitions and each of the one or more 10 definitions include a first definition section and second definition section, wherein each first definition section includes objects selected from the group consisting of a list of object identifiers, a status field, and an object definition, and wherein each second definition section corresponds to a given object

in the list of object identifiers, and each second definitions section includes one or more objects selected from the group consisting of a syntax field, an access field, a status field, and a description field.
In another aspect, a system that invokes configuration of the system via a tactile input is described. The system includes a processor, a display, and a memory. The display (e.g., a multi-touch display) is in communication with the processor and is configured to receive tactile inputs from one or more sensors operatively coupled to the display. The memory has instruction stored thereon, wherein the instruction, when executed by the processor, cause the processor to cause, at the display, presentation of a graphical rendering at an area of the display, wherein the rendering includes a graphical element associated with a device configuration parameter; detect, via the one or more sensors associated with the display, a selection of a tactile input (e.g., a swipe, a double-tap, or any other tactile or finger gesturing pattern or sequence) (e.g., wherein the tactile input is received via an operating system API) received via the sensors of the display, wherein the tactile input corresponds to activation of the graphical element associated with the device configuration parameter, and wherein the device configuration parameter is associated with a configuration service corresponding to a device configuration application (e.g., a firmware update routine, a startup screen bypass routine, an enhanced security mode, or a communication stack enable/disable mode) (and wherein the device configuration parameter is stored in non-volatile memory of the computing device); and in response to the detection of the tactile input, store, in the memory (e.g., non¬volatile memory) of the apparatus, a modification of the device configuration parameter.
In some embodiments, the instructions, when executed by the processor, cause the processor to execute the configuration service associated with the device configuration application, wherein device configuration service is invokable via the tactile input, and wherein the device configuration service is not invokable via an

input associated with a keyboard input, a mouse input, and/or a cursor input of the computing device.
In some embodiments, the device configuration service is invokable only via the tactile input.
In some embodiments, the system includes a plurality of selectable switches (e.g., a dual-in-line package "DIP" switch) coupled to a circuit board of the apparatus (e.g., wherein the circuit board includes the processor and the memory of the system), wherein the device configuration service is invokable only either via the tactile input or via a selection of one or more switches of the plurality of selectable switches.
In some embodiments, the device configuration parameter is associated with permissions selected from the group consisting of a device firmware upgrade; an enabling and/or disabling a device enhanced security mode; enabling and/or disabling a device start-up window bypass mode; and an enabling and/or disabling a communication protocol (e.g., a SNMP, TCP, UDP, etc.).
In some embodiments, the tactile input includes two or more user inputs to areas of the display, including a first input at a first area and a second input at a second area, wherein the first area is different from the second area.
In some embodiments, the tactile input includes two or more user inputs to areas of the display, including a first input at a first area and a second input at a second area, wherein the first area is the same as the second area.
In some embodiments, the device configuration parameter is stored in non-volatile memory of the computing device.
In another aspect, a method for securely invoking device configuration of a computing device via a tactile input is described. The method includes causing, at a display of a computing device, presentation of a graphical rendering at an area of the display, wherein the rendering includes a graphical element associated with a device configuration parameter; detecting, via one or more sensors associated with the display, a selection of a tactile input (e.g., a swipe, a double-tap, or any other tactile or finger gesturing pattern or sequence) received via the one or more sensors of the

display, the tactile input associated with the graphical element associated with the device configuration parameter, wherein the device configuration parameter is associated with a configuration service corresponding to a device configuration application (e.g., a firmware update routine, a startup screen bypass routine, an enhanced security mode, or a communication stack enable/disable mode); and storing, in memory (e.g., non-volatile memory) of the computing device, a modification of the device configuration parameter (e.g., the device configuration application uses the device configuration parameter to initiate a device configuration routine therein).
In some embodiments, the method further includes, in response to the detection of the tactile input, executing the configuration service associated with the device configuration application, wherein device configuration service is invokable via the tactile input, and wherein the device configuration service is not invokable via an input associated with a keyboard input, a mouse input, and/or a cursor input of the computing device.
In another aspect, a method for securely invoking device configuration of a computing device via a tactile input is described. The method includes determining, via a processor of a computing device, one or more gestures associated with a tactile input received at a display (e.g., a multi-touch display) of the computing device; in response to the determination, comparing, by the processor, the one or more received gestures with a security gesture associated with activation of a device configuration service invokable at the computing device; and in response to a match, executing activation of the device configuration service at the computing device (e.g., wherein the device configuration service is invokable only via the tactile input) (e.g., wherein the device configuration service is not invokable via a keyboard input, a mouse input, and a cursor input of the computing device).
BRIEF DESCRIPTION OF THE DRAWINGS

The components in the drawings are not necessarily to scale relative to each other and like reference numerals designate corresponding parts throughout the several views:
Fig. 1 depicts an environment for generating an updated management information base (MIB) (e.g., a configurable MIB) of a computing device, wherein the updated MIB is associated with a group of controllers, in accordance with an illustrative embodiment.
Fig. 2 depicts a diagram illustrating the generation of an updated MIB file in accordance with an illustrative embodiment.
Fig. 3 depicts a diagram illustrating a method of generating an updated MIB file in accordance with an illustrative embodiment.
Fig. 4 depicts a diagram illustrating a method of extending and re-extending an updated MIB file in accordance with an illustrative embodiment.
Fig. 5 depicts a graphical user interface of a control platform application for creating a runtime application for execution on a SNMP-agent computing device in accordance with an illustrative embodiment.
Fig. 6 depicts a graphical user interface of a human-machine interface (UMI) controller for generating an updated MIB file in accordance with an illustrative embodiment.
Figs. 7-8 depict graphical user interfaces of a SNMP manager tool for loading an updated MIB file in accordance with an illustrative embodiment.
Fig. 9 depicts a graphical user interface of a SNMP manager tool for displaying the loaded MIB of a computing device, the loaded MIB including data associated with a group of controllers connected to the computing device, in accordance with an illustrative embodiment.
Fig. 10 depicts a graphical user interface of a SNMP manager tool for requesting 10 values of parameters from a SNMP agent service in accordance with an illustrative embodiment.

Fig. 11 depicts a graphical user interface of a SNMP manager tool for displaying alarms and notifications from a SNMP agent service in accordance with an illustrative embodiment.
Fig. 12 depicts an exemplary HMI controller executing as a SNMP agent in accordance with an illustrative embodiment.
Fig. 13 depicts an exemplary HMI controller of Fig. 12 in accordance with an illustrative embodiment.
Fig. 14 depicts the exemplary HMI controller of Fig. 12 operatively coupled to a group of controllers in accordance with an illustrative embodiment.
Fig. 15, comprising Figs. 15A, 15B, 15C, 15D, 15E, 15F, 15G, 15H, 151, 15J, 15K, 15L, and 15M, illustrates an exemplary MIB file in accordance with an illustrative embodiment.
Fig. 16 is a diagram illustrating a method of securely invoking device configuration of a HMI computing device via a tactile input in accordance with an illustrative embodiment.
Fig. 17 is a diagram illustrating a method of securely invoking device configuration of a HMI computing device via a tactile input in accordance with another illustrative embodiment.
Fig. 18 is a graphical user interface for securely invoking device configuration of a HMI computing device via a tactile input in accordance with an illustrative embodiment.
Fig. 19 is a diagram illustrating a system for securely invoking device configuration of a HMI computing device via a tactile input in accordance with an illustrative embodiment.
Fig. 20 is a diagram illustrating a system for securely invoking device configuration of a HMI computing device via a tactile input in accordance with another illustrative embodiment.
Fig. 21 is a diagram illustrating an industrial environment for use by a HMI controller in accordance with an illustrative embodiment.

DETAILED DESCRIPTION
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. Methods and materials similar or equivalent to those described herein can be used in the practice or testing of the present disclosure.
As used in the specification and the appended claims, the singular forms "a," "an" and "the" include plural referents unless the context clearly dictates otherwise. Ranges may be expressed herein as from "about" one particular value, and/or to "about" another particular value. When such a range is expressed, another embodiment includes from the one particular value and/or to the other particular value. Similarly, when values are expressed as approximations, by use of the antecedent "about," it will be understood that the particular value forms another embodiment. It will be further understood that the endpoints of each of the ranges are significant both in relation to the other endpoint, and independently of the other endpoint.
"Optional" or "optionally" means that the subsequently described event or circumstance may or may not occur, and that the description includes instances where said event or circumstance occurs and instances where it does not.
Throughout the description and claims of this specification, the word "comprise" and variations of the word, such as "comprising" and "comprises," means "including but not limited to," and is not intended to exclude, for example, other additives, components, integers or steps. "Exemplary" means "an example of and is not intended to convey an indication of a preferred or ideal embodiment. "Such as" is not used in a restrictive sense, but for explanatory purposes.
Disclosed are components that can be used to perform the disclosed methods and systems. These and other components are disclosed herein, and it is understood that when combinations, subsets, interactions, groups, etc. of these components are disclosed that while specific reference of each various individual and collective combinations and permutation of these may not be explicitly disclosed, each is

specifically contemplated and described herein, for all methods and systems. This applies to all aspects of this application including, but not limited to, steps in disclosed methods. Thus, if there are a variety of additional steps that can be performed it is understood that each of these additional steps can be performed with any specific embodiment or combination of embodiments of the disclosed methods.
The present methods and systems may be understood more readily by reference to the following detailed description of preferred embodiments and the Examples included therein and to the Figures and their previous and following description.
Fig. 1 depicts an environment 100 for generating an updated management information base (MTB) 102, also referred to as a "configurable MIB 102," of a computing device 104, shown as "UMI controller 104," wherein the updated MIB is associated with a group of controllers 108 (shown as 108a and 108b), in accordance with an illustrative embodiment.
As shown in Fig. 1, the computing device 104 is in communication, via a network 106 (e.g., TCP/IP Ethernet), with the plurality of controllers 108. The controllers 108 are coupled to sensors 110 as well as other controllers 108 and provide sensor measurements and various parameters to the computing device 104. In some embodiments, the UMI controller 104 executes control logic (e.g., supervisory and/or application control logic) for the controllers 108. Examples of controllers 108 include, but are not limited to industrial controllers such as Programmable Logic Controller (PLC) and a Supervisory Control and Data Acquisition (SCADA). These controllers may have dedicated one or more sets of data registers to store operating sensor measurements and control parameters.
The computing device 104 serves as an aggregator of the raw data from the controllers 108, as well as serves a human-machine interface (UMI) for managing the controls of the controllers 108. In some embodiments, the raw data of the controllers 108 are maintained in the memory (e.g., volatile memory) of the computing device 104. For example, the computing device 104 may provide UMI for displaying

alarms, notifications, and status of the controller 108 as well as measurements of the sensors 110 as collected by the controllers 108. In some embodiments, the computing device 104 includes a multi-touch display, which serves as a part of the HMI for managing the controls of the controllers 108. The computing device 104 includes a SNMP agent 114 to communicate, via SNMP, data of the computing device 104 with a SNMP manager 116. This data includes information associated with the computing device 104 and that of the controllers 108 and sensors 110.
Still referring to Fig. 1, the SNMP agent 114 executes on the computing device 104 to report information via SNMP to one or more SNMP managers 116. The SNMP agent 114 exposes the data of the computing device 104 as well as the data of the group of controllers 108 connected to the computing device 104 as variables.
The computing device 104 operatively connects to one or more second computing devices 112 (shown as server 112a, service 112b, and laptop 112c), which execute the one or more SNMP managers 116. In some embodiments, the computing device 104 connects to a wide area network 118 via a network node (not shown) such a switches, routers, firewall, etc. Still referring to FIG. 1, one or more of the servers 112 (shown as 112b and 112c) execute a control platform application 120 (shown as "Control Config. Tool 120) for developing and/or configuring a runtime application (not shown - see Fig. 2) for execution on the computing device 104. In some embodiments, the runtime application is a control application for controlling the S HMI controller 104 and its associated controllers 108. In some embodiments, the control application provides one or more of visualizations, control, analysis, and optimization operations of production data of the controllers 108. In some embodiments, the runtime application includes HMI and SCAD A control. In some embodiments, the runtime application includes data collection and historian operations. In some embodiments, the runtime application includes program protection operations. In some embodiments, the runtime application includes production management operations.

As shown in Fig. 1, the SNMP manager 116 and control platform application 120 are executed on the same computing device (e.g., device 112b). In some embodiments, the SNMP manager 116 and control platform application 120 are executed on different computing devices (e.g., devices 112a and 112c, respectively).
In some embodiments, the computing device 104 is implemented in the Quick View® product or the QuickPanelPlus® product manufactured by the General Electric Co. In some embodiments, the control platform application 120 is implemented in Proficy Machine Edition® Software developed by the General Electric Co.
The SNMP manager 116, in some embodiments, shares the collected data and/or alarms/notifications with other subsystems 122. In some embodiments, the SNMP manager 116 interfaces with an Embedded Resource Manager (ERM), a manufacturing execution system (MES), or a supply chain management (SCM) system. In some embodiments, the SNMP manager 116 interfaces with a storage area network. The list is not intended to be exhaustive and is provided merely as examples.
Fig. 2 depicts a diagram 200 illustrating the generation of an updated MIB file 102 in accordance with an illustrative embodiment. The updated MIB file 102 is created, for example, by the UMI controller 104 of Fig. 1.
The control platform application 120 (referred to in Fig. 2 as "PME Configuration Tool" and "PME Configurator") is configured to provide user configuration inputs to the UMI controller 104, which uses the inputs to generate the update MIB 102. The control platform application 120 provides a workspace to configure UMI tags and variable data used in the runtime application of the computing device 104 (referred to in Fig. 2 as "QP+"). UMI tags are, in some embodiments, parameter definitions that include the parameter name and datatype. The workspace is configured to connect, via a TCP/IP Ethernet connection 106, to the computing device 104 and receive data to a list of variables maintained by the computing device 104. The list of variables includes, in some embodiments, the IO

values and control values of the one or more industrial controllers 108. In some embodiments, the connection is a Wireless connection such as a Wi-Fi connection (e.g., in accordance with IEEE 802.11).
Still referring to Fig. 2, the workspace receives commands from an operator to configure UMI tags and/or variable data for the QP+ (step 202). An exemplary workspace in the control platform application 120 is discussed in detail in Fig. 5. The control platform application 120 compiles and/or builds the runtime application with the UMI tags and variable (step 204). Through the connection with the computing device 104, the control platform application 120 transfers and/or downloads the built-runtime application to the connected computing device 104 (step 206). Such connections may be physical connections such as Ethernet as well as wireless connections.
In some embodiments, the control platform application 120 is configured to transfer and/or download the built runtime application to multiple connected computing devices 104.
In some embodiments, the control platform application 120 is configured to operate with a second application (e.g., a toolkit or an external application) to perform steps 202, 204, and/or 206. Such applications may be executing in a parallel local process with the control platform application 120. In some embodiments, the second application is operable on a cloud service or network.
Still referring to Fig. 2, upon receipt of the runtime application at the computing device 104 (shown in Fig. 2 as "QuickPanel+ 104"), the runtime application (shown as block 208) is executed. In some embodiments, the runtime application 208 runs in parallel to a SNMP agent 114 also running on the computing device 104 such that the runtime application 208 and the SNMP agent 114 are separate processes or services executing on the computing device 104. In other embodiments, the runtime application 208 and SNMP agent 114 are sub-processes in the same application or service executing on the computing device 104.

During startup and initialization of the runtime application, a SNMP record is generated by the runtime application (block 218) following the start of the runtime application (block 216). In some embodiments, the SNMP record is generated during the initialization and startup of the runtime application 208. The SNMP record is used by a SNMP extension application 212 to create an updated MIB 102. The SNMP record includes one or more identifiers corresponding to one or more control parameters of the computing device 104 and the controllers 108. In some embodiments, the control parameters includes 10 values, IO configuration, 10 control settings, device configuration, device information, and/or and device control settings associated with the one or more controllers 108 as well as the computing device 104. In some embodiments, the SNMP record include alarms and notifications created at the control platform application 120.
As shown in Fig. 2, the SNMP agent 114 includes the SNMP extension application 212 and a SNMP agent service 214 (shown as "SNMP service 214"). The SNMP extension application 212 is configured to communicate to the SNMP agent service 214.
In some embodiments, the SNMP extension application 212 passes the SNMP records and/or the identifiers of relevant parameters to the SNMP agent service 214, which in turn retrieves the corresponding data values of the parameters from the memory of the computing device 104. Thereafter, the SNMP agent service 214 is configured to communicate to a SNMP manager 116 to provide the received data values. In some embodiments, the SNMP extension application 212 is an application, service, or process that reads SNMP records from the runtime application to generate an updated MIB 102 (e.g., a MIB file) based on the user input to create the HMI runtime application. The user input includes, in some embodiments, one more supervision commands (e.g., alarms, notifications, and/or request-able data values such as HMI-tags) associated with operations of one or more controllers 108. The updated MIB 102 includes one or more definitions of the data (e.g., parameters) and data objects (e.g., device information) of the computing device 104. The definitions

are organized in a structure having a hierarchical namespace for accessing each identifiers of the data and data objects.
In some embodiments, the SNMP extension application 212, upon receipt of SNMP records and/or during initialization of the runtime application, is configured to determine whether a new MIB is needed to be generated. In some embodiments, the SNMP extension application 212 maintains a list of SNMP records from the previous runtime and compares the current SNMP records to the previous SNMP records to determine if the SNMP records has changed from the previous execution.
Upon generation of the MIB file, the SNMP extension application 212 stores the generated MIB 102 (e.g., generated MIB file) into the memory of the computing device 104. An operator may access the MIB file, e.g., via the HMI of the computing device 104, and transfer the file to a mass storage device (e.g., CompactFlash, Secure Digital (SD) Card, and/or other solid-state devices) connected to the computing device 104. In some embodiments, the operator accesses the MIB file and transfers the file, over the network, to a computing device executing the SNMP manager 116 (namely, a computing device that will serve as the SNMP manager 116 for the SNMP agent service 214). In some embodiments, the SNMP extension application 212 automatically stores the generated MIB 102 (as a MIB file) to a pre-defined mass storage device connected to the computing device 104.
Referring still to Fig. 2, following generation of the SNMP records in the runtime application 208, the runtime application 208 is configured, in some embodiments, to register startup and shutdown services and/or events with the SNMP agent 114 (see block 220) prior to completion of the runtime initialization sequence (see block 222). For example, the runtime application 220 may register and/or associates alarms and/or notifications corresponding to an IO value or status value of the controllers 108 as an operating system event, whereby triggered alarms and notifications are automatically notified to the SNMP agent service 214 to transmit to the SNMP manager 116.

In some embodiments, the SNMP extension application 212 is a service or process executed by the SNMP agent 114 (as shown in Fig. 2).
In other embodiments, the SNMP extension application 212 is a service or process executed by the runtime application (not shown). In some embodiments, the SNMP extension application 212 is executed at the end of the runtime startup and initialization of the runtime application 208.
In other embodiments, the SNMP extension application 212 is an independent service or process, separate from the SNMP agent service 214 and/or the runtime application 208.
In some embodiments, the SNMP service 114 and/or the SNMP agent operates in the application layer of the OSI model. In some embodiments, the SNMP agent 114 receives requests via UDP (as shown in Fig. 2), from the SNMP manager 116, for example, at port 161 of the SNMP agent service 214. In some embodiments, the SNMP extension application 212 communicates with the SNMP service 114 via UDP, e.g., via port 161. The SNMP manager 116 may send requests from any available source port, also, to port 161. In response to a request from the SNMP manager 116, the SNMP agent 114 may transmit a response message to the source port of the SNMP manager 116. In some embodiments, the SNMP manager 116 receives notifications (e.g., Traps and Alarms) on port 162. The SNMP agent 114 may generate notifications from any available port of the SNMP agent 114. In some embodiments, when used with Transport Layer Security or Datagram Transport Layer Security, SNMP requests are received at the SNMP agent on port 10161, and traps are sent to the SNMP manager at port 10162.
Fig. 3 depicts a diagram illustrating a method 300 of generating and using an updated MIB file 102 in accordance with an illustrative embodiment. The method 300 includes receiving, by a processor of the computing device 104, one or more supervision commands associated with operations of one or more controllers 108, wherein the supervision command includes an identifier corresponding to one or more control parameters (e.g., IO values and/or status values) of the one or more

controllers 108 (step 302). The supervision commands originate, in some embodiments, from a control platform application 120, as discussed in relation to Fig. 2, and is received at the computing device 104 over a TCP/IP Ethernet connection. The supervision commands may include one or more alarms, notifications, or parameters for data associated with one or more controllers 108 connected to the computing device 104. In some embodiments, the supervision comments include one or more HMI tags. HMI tags, in some embodiments, includes both IO parameters associated with data from a controller and a corresponding datatype definition of the IO parameter. Datatype definition may include types such as Booleans, integers, floating point numbers, character strings, among others. In some embodiments, datatype definition includes graphics and multimedia files.
The method further includes generating, by the processor of the computing device 104, an updated MTB 102 for the computing device 104, wherein the updated MIB 102 includes definitions for interfacing to the one or more control parameters of the one or more controllers 108 (step 304). The one or more control parameters of the one or more controllers 108 may be associated with (that is, maintained, at each respective controller, at) dedicated and/or reserved data registers of the controllers 108. The updated MIB 102, in some embodiments, is stored, as a file, onto a mass storage device connected to the computing device 104 and is subsequently loaded into a memory of a second computing device executing a SNMP manager 116. In some embodiments, the updated MIB 102 is stored as a file onto a memory (e.g., non¬volatile memory) of the computing device 104. The updated MIB 102 is then transferred to the second computing device executing the SNMP manager 116 over the network. In some embodiments, the transfer is performed according to configuration settings established by the user without further interaction of the user during runtime.
At the second computing device, the updated MIB file 102 is loaded, in some embodiments, into the SNMP manager 116 via a loading tool. In some embodiments, the tool reads the numeric object identifiers and its corresponding datatype definition

located in the updated MIB 102 to translate the definitions for interfacing to the one or more control parameters of the one or more controllers. The tool may include a graphical user interface to view the various control parameters. The tool may load one or more MTBs corresponding to several computing devices 104 for use by the SNMP manager. The interface may enable the user to send requests to a SNMP agent service, e.g., via GET, SET, and/or GET NEXT commands for values of the control parameters defined in the updated MIB 102.
At the computing device, upon receipt of a request from the SNMP manager, the SNMP agent service (executing on the computing device) transmits a SNMP message, as a reply, to the SNMP manager (executing on a second computing device). The SNMP message may include a requested control or data value. In some embodiments, the tool configures the SNMP manager to receive alarms and notifications from a SNMP agent service.
Still referring to Fig. 3, the method 300 further includes receiving, by the processor of the computing device 104, data associated with operations of the one or more controllers 108 (step 306). The data may be received over the TCP/IP Ethernet connection established between the controllers 108 and the computing device 104. The method further includes comparing, by the processor, the received data to one or more notification rules associated with the supervision command (step 308). The notification rules may be established at a control platform application 120 for a runtime application of the computing device 104. The notification rules may include an out-of-bound condition, and in-bound condition, a normal status, an abnormal status.
In response to a match of a particular notification rule of the one or notification rules, the method includes causing, by the processor of the computing device, transmission of a SNMP notification to a SNMP manager at a second computing device, wherein the SNMP notification includes an indication of a matched notification rule (step 310). The SNMP notification, in some embodiments, includes one or more alarm or notification values (e.g., where the alarms and

notifications are event or service-triggered action executing on the computing device) or one or more 10 values (e.g., in response to a SNMP request from the SNMP manager).
Fig. 4 depicts a diagram illustrating a method 400 of extending and re-extending an updated MIB file 102 in accordance with an illustrative embodiment. The method 400 includes establishing, at the computing device 104, one or more first connections to a corresponding set of one or more first controllers 108a, wherein the computing device 104 is configured to receive first operating data from the set of one or more first controllers 108a on an on-going basis during runtime of the computing device 104 (step 402). The set of one or more first controllers 108a may include a SCADA system or a PLC system, for example, employed in an industrial application. The method further includes generating, at the computing device 104, a first MIB 102, wherein the first MIB includes: i) access definitions of the operating data corresponding to the computing device 104 and ii) access definitions of the first operating data corresponding to the set of one or more first controllers 108a (step 404).
The method further includes establishing, at the computing device 104, one or more second connections to a corresponding set of one or more second controllers 108b, wherein the computing device 104 is configured to receive second operating data from the one or more second controllers 108b on an on-going basis during the runtime of the computing device (step 406). The set of one or more second controllers 108b may include a second SCADA system or a second PLC system. The method further includes generating, at the computing device 104, a second MIB 102, wherein the second MIB includes: i) access definitions of the operating data corresponding to the computing device 104, ii) access definitions of the first operating data corresponding to the set of one or more first controllers 108a, and iii) access definitions of the second operating data corresponding to the set of one or more second controllers 108b. To this end, the method enables the MIB to be

configurably generated for additional controllers by an operator of an industrial system.
Fig. 5 depicts a graphical user interface 500 of a control platform application 120 for creating a runtime application for execution on a SNMP agent computing device 104 in accordance with an illustrative embodiment. The graphical user interface 500 includes a parameter workspace 502 (referred to in Fig. 5 as "Navigator 502") for viewing and navigating parameters available for access on a connected computing device 104. In some embodiments, the parameter workspace 502 displays parameters of a computing device connected (e.g., via Ethernet connection) to the computing device executing the control platform application 120.
In some embodiments, or in addition to displaying parameters through an Ethernet connection, control platform application 120 includes inputs to load and/or import one or more MIB files of a computing device. Upon being loaded and/or imported, the control platform application communicates with a SNMP service on a computing device to display the parameters of the computing device. The import and/or loading of MIB files functionality enables users to generate and build information models for their application needs by making available parameters associated with a given controller at the control platform application. To this end, any manufacturer MIB file may be imported to create a runtime configuration for the HMI controller.
In some embodiments, the parameter workspace displays the parameters in a hierarchical structure (such as a tree). In some embodiments, the parameter workspace displays the parameters for a plurality of connected computing devices 104 (shown as "Targetl 504"). Each connected computing devices 104 may include a plurality of HMI Tag 506 which includes a name identifier of the parameter 508 and a datatype definition 510.
As shown in Fig. 5, the graphical user interface 500 includes a HMI workspace 512 for creating a panel to execute as a runtime application on a connected

computing device 104. Within the panel, the HMI workspace 512 is configured to receive one or more widgets associated with an output display or an input display.
In some embodiments, the HMI workspace 512 is configured to display an alarm window panel 516. The alarm window panel 516 provides a log of alarms that are triggered during runtime of the runtime application. A log may include a time, date, variable, and value. The value may be Boolean, integer, floats, and/or character strings, among other data types.
Still referring to Fig. 5, the graphical user interface 500 includes a second parameter workspace 514 for displaying information associated with a given parameter selected in the parameter workspace 502. In some embodiments, the second parameter workspace 514 includes a selectable tab for viewing parameter details, for setting alarm conditions, and for setting logging conditions. A log entry, in some embodiments, is a condition that is stored within the computing device once triggered. An alarm results in a message (e.g., an alarm message, a notification message) being transmitted to an external device in addition to being logged at the computing device.
In some embodiments, each of the alarms corresponds to a reserved alarm register associated with the computing device 104. In other embodiments, the alarm corresponds to a memory space associated with the computing device 104.
Fig. 6 depicts a graphical user interface 600 of a HMI controller 104 for generating an updated MIB file 102 in accordance with an illustrative embodiment. The graphical user interface 600 includes a plurality of selectable tabs 602 to receive configuration settings for the HMI controller 104. These configuration settings may include adjustments to the device configuration such as the HMI display 604 (e.g., backlight levels), touch panel sensitivity 606, and display resolution 608. The configuration settings 602 may include adjustments to available communication stacks and protocol of the HMI controller 104 as well as services of the controller 104 (see panel 614). As shown, the graphical user interface 600 includes configuration

panels for enabling and disabling the SNTP and SNMP communication stacks (610, 612).
Still referring to Fig. 6, the graphical user interface 600 includes, in the SNMP agent configuration panel, one or more input widgets 616a, 616b to receive destination addresses of one or more devices (e.g., executing a SNMP manager) to receive the traps associated with a triggered alarm or notification. The destination address may be an IP address, a network name of the device, or any other device identifier.
As shown in Fig. 6, the graphical user interface 600 includes an input widget 618 to initiate a copy of the updated MIB file 102 to a mass storage device (e.g., a Secure Digital (SD) card). As discussed in relation to Fig. 2, an operator may access the MIB file, e.g., via the HMI of the computing device 104, and transfer the file to a mass storage device (e.g., CompactFlash, Secure Digital (SD) Card, and/or other solid-state devices) connected to the computing device 104. That is, during startup and initialization, the MIB file 102 is generated and stored within memory (e.g., non-volatile memory) of the HMI controller 104. The graphical user interface 600 provides, in some embodiments, a dialog panel 620 to confirm a successful copy of the MIB file to the mass storage device. In some embodiments, the graphical user interface 600 includes an input widget to initiate transfer, via a connection, of the updated MIB (e.g., updated MIB file) to the destination address 616a and 616b. In some embodiments, the updated MIB is transferred to the destination address as a data stream.
Figs. 7-8 depict a graphical user interface 700 of a SNMP manager tool (shown as "MIB Browser" in Fig. 7) for loading therein an updated MIB file 102 generated at a HMI controller in accordance with an illustrative embodiment. The graphical user interface 700 includes an input widget 702 to initiate the loading of a MIB file. In some embodiments, the graphical user interface 700 is configured to receive multiple requests from a user to add one or more MIB files to an existeing list of MIB maintained by the SNMP manager tool. The graphical user interface 700

includes input widgets 704, 706 to unload a loaded MIB file as well as to review loaded MIB files. The updated MIB files allow the SNMP manager tool to view parameters of the computing device 104 associated with a group of controllers 108.
Referring now to Fig. 8, upon selection of the input widget 702 in Fig. 7, the SNMP manager tool is configured to display a dialog window 800. The dialog window 800 allows a user to select a MIB file to load into the SNMP manager. The selected MIB file may be loaded from a SD card or a file location (e.g., from a network device). In some embodiments, the dialog window 800 allows multiple MIB files to be selected simultaneously.
Fig. 9 depicts a graphical user interface 900 of a SNMP manager tool for displaying the loaded MIB 102 of a computing device 104, where the loaded MIB 102 includes data associated with a group of controllers 108 connected to the computing device 104, in accordance with an illustrative embodiment. The SNMP manager tool is an application executing on the SNMP manager to provide UMI display of operations of the SNMP manager. The graphical user interface 900 includes a workspace 902 to display parameters 904 of the computing device 104 associated with a group of controllers 108. In some embodiments, upon selection of a parameter 904, the graphical user interface 900 displays the selected parameter 906, an object identifier (ODD) associated with the selected parameter (908), the loaded MIB file associated with the selected parameter (910), and the datatype of the parameter (912).
In some embodiments, and as shown in Fig. 9, the parameters of the update MIB 102 are organized in a hierarchical structure. In addition, the data are presented according to an information model framework. The graphical user interface 900 of the SNMP manager tool allows the user to add, delete, and modify this information model.
Fig. 10 depicts a graphical user interface 1000 of a SNMP manager tool for requesting IO values of parameters from a SNMP agent service in accordance with an illustrative embodiment. The graphical user interface 1000 includes a parameter

workspace 1002 which displays available parameters 1004 of a group of controllers 108 associated through a computing device 104. Each parameter is displayed with a name of the parameter (1006), a value of the parameter (1008), a data type (1010), and a source IP address of the parameter (1012). In some embodiments, each parameter is displayed with an identifier of the controller 108 originating the parameter, e.g., as a character string. The parameter workspace 1002 displays, in some embodiments, the source IP address (1014) associated the computing device 104 executing the SNMP agent.
Fig. 11 depicts a graphical user interface 1100 of a SNMP manager tool for displaying alarms and notifications from a SNMP agent service in accordance with an illustrative embodiment. The graphical user interface 1100 includes a first workspace 1102 that displays a list of SNMP agent services (including agent service "vl_3.188.85.219") connected to the SNMP manager tool. The graphical user interface 1100 includes a second workspace 1104 that displays alarms and notifications received at the SNMP manager tool from a SNMP agent service. The graphical user interface 1100 include a third workspace 1106 that displays detail and/or summary information of a given alarm and notification. An alarm and notification may include a source SNMP agent identifier 1108, an ODD identifier 1110, a trap description 1112, a trap classification 1114, a time stamp 1116, a message version number 1118, as well as a trap record 1120, which provide a summary information of the trapped parameter. The trap record may be presented in a tabular form and include the OID identifier associated with the trap parameter (1122), the data type of the parameter (1124), and the parameter value (1126). OIDs or Object Identifiers uniquely identify managed objects in an MIB hierarchy and may be represented as long sequence of numbers separated by dots, where each number corresponds to a node in the hierarchical structure.
Fig. 12 depicts an exemplary UMI controller 104 executing a SNMP agent 114 in accordance with an illustrative embodiment. The SNMP agent 114 interfaces with a SNMP manager 116, in some embodiments, which interfaces to a business

enterprise such as an Embedded Resource Manager (ERM) 1202 or a supply chain management (SCM) system. The SNMP manager 116, in some embodiments, interfaces to other HMI controllers, SCADA system, and/or a PLC system 1204. In some embodiments, the SNMP manager 116 interfaces to a manufacturing execution system (MES) 1204. In some embodiments, the SNMP manager 116 interfaces to one or more computing devices in an industrial automation pyramid (e.g., one or more enterprise-level systems, one or more management-level systems, one or more supervision-level system, one or more control-level systems, and/or field-level devices). In some embodiments, the SNMP manager 116 interfaces to one or more storage area networks 1216. The various enterprise systems (e.g., 1202, 1204, 1206, 1216) may be located within a local area network or a wide area network with the HMI controller. In some embodiments, the various enterprise system are located in a cloud system (e.g., a public cloud, a private cloud, or a hybrid cloud).
As shown in Fig. 12, the SNMP agent 114 is configured to aggregate data from one or more controllers 108, including IO points 1210 and system data 1212. An exemplary group of controllers 108 is discussed in relation to Fig. 13. The SNMP agent 114 maintains a set of traps 1214 in which each trap is a triggerable event associated with a user-defined alarm or notification condition. The IO points 1210, system data 1212, and traps 1214 are defined within a MIB 102 of the computing device 104.
Fig. 13 depicts the exemplary HMI controller 104 of Fig. 12 operatively coupled to a group of controllers 108 of an equipment 1300 in accordance with an illustrative embodiment. As shown in Fig. 13, the group of controllers 108 includes, in some embodiments, a first programmable logic controller 1302, a second programmable logic controller 1304, and a programmable action controller 1306. The HMI controller 104, in some embodiments, includes a multi-touch display to provide HMI runtime application associated with the operation of the equipment 1300. In some embodiments, the exemplary HMI controller 104 interfaces to one or

more user devices (e.g., a laptop, a mobile device, and/or a PDA device) within a local network or over a wide area network (WAN).
Fig. 14 depicts an exemplary HMI controller 104 in accordance with an illustrative embodiment. The HMI controller 104 includes one or more processors 1402, memory 1404a, 1404b, and communication ports 1412a, 1412b. The communication ports 1412a, 1412b includes, in some embodiments, an Ethernet port 1412a and a RS232 port 1412b. In some embodiments, the communication ports 1412 include a wireless transceiver.
Computing systems, environments, and/or configurations that may be suitable for use include, but are not limited to, personal computers (PCs), server computers, handheld or laptop devices, multiprocessor systems, microprocessor-based systems, network PCs, minicomputers, mainframe computers, embedded systems, distributed computing environments that include any of the above systems or devices, and the like.
Computer-executable instructions, such as program modules, being executed by a computer may be used. Generally, program modules include routines, programs, objects, components, data structures, etc. that performs particular tasks or implement particular abstract data types. Distributed computing environments may be used where tasks are performed by remote processing devices that are linked through a communications network or other data transmission medium. In a distributed computing environment, program modules and other data may be located in both local and remote computer storage media including memory storage devices.
Computing device 1400 may have additional features/functionality. For example, computing device 1400 may include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape. Such additional storage is illustrated in Fig. 14 by removable storage and non-removable storage (1408).
Computing device 1400 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed by

device 1400 and include both volatile and non-volatile media, and removable and non-removable media.
Computer storage media include volatile and non-volatile, and removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Memory 1404, removable storage 1408, and non-removable storage 1410 are all examples of computer storage media. Computer storage media include, but are not limited to, RAM, ROM, electrically erasable program read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computing device 1400. Any such computer storage media may be part of computing device 1400.
Computing device 1400 may contain communications connection(s) 1412 that allow the device to communicate with other devices. As shown in Fig. 14, communication connections 1412 include an Ethernet port 1412a and a RS232 or Modbus port 1412b. Computing device 1400 may also have input device(s) 1414 such as a keyboard, mouse, pen, voice input device, touch input device, etc. Output device(s) 1416 such as a display, speakers, printer, etc. may also be included. The computing device 1400 may include a multi-touch display 1418.
It should be understood that the various techniques described herein may be implemented in connection with hardware or software or, where appropriate, with a combination of both. Thus, the processes and apparatus of the presently disclosed subject matter, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium where, when the program code is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the presently disclosed subject matter.

Although exemplary implementations may refer to utilizing aspects of the presently disclosed subject matter in the context of one or more stand-alone computer systems, the subject matter is not so limited, but rather may be implemented in connection with any computing environment, such as a network or distributed computing environment. Still further, aspects of the presently disclosed subject matter may be implemented in or across a plurality of processing chips or devices, and storage may similarly be affected across a plurality of devices. Such devices might include PCs, network servers, and handheld devices, for example.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims. Information Model Framework of MIB File
In another aspect, Fig. 15, comprising Figs. 15A-15M, illustrates an exemplary MIB file in accordance with an illustrative embodiment. The updated MIB is dynamically-generated within an information model framework to beneficially allow data collected at the computing device (e.g., the HMI computing device) to be organized in an information model, whereby the model allows properties and metadata information associated with the raw data (of the various connected controllers) to be made explicit and preserved. The raw data in conjunction with its own properties, the properties of the collected device, and any metadata information collected therebetween enables derivation of controller-level information and knowledge, which can be used to derived equipment-level and plant-level information and knowledge. The dynamically-generated management information base (MIB) file is associated with a computing device operatively connected to a plurality of controllers (e.g., SCADA/PLC). The MIB files includes objects corresponding to the computing device and the plurality of connected controllers.

In addition, the information model framework of the MIB file provides a self-describing model of the various objects therein. To this end, the information model may be extended with the additional of new objects (e.g., more alarms) or object-type (e.g., alarm metadata), e.g., at the control platform application, without requiring further operator modification at the SNMP manager and/or SNMP agent.
As shown in Fig. 15, the dynamically-generated MIB file 1500 includes a first set of instructions 1502 (see Fig. 15b) and a second set of instructions 1504 (see Figs. 15c - 151). A header of the MIB file is shown in Fig. 15a. Each of the first set of instructions 1502 includes statically-defined elements 1506 corresponding to a set of one or more first parameters 1508 (e.g., 1508a-1508d) associated with operations and/or information of the computing device 104. That is, the statically-defined elements 1506a-1506c are added to the MIB file 102 independent of the number alarms and IO parameters to be accessed from the computing device 104. In some embodiments the statically-defined elements are defined in a configuration setting of the runtime application. Each of the statically-defined elements 1506 includes a plurality of attributes that collectively define a class structure for the statically-defined elements 1506. The plurality of attributes defines metadata associated with the computing device and/or the MIB file (i.e., self-describing information), including, in some embodiments, a syntax field 1512, an access field 1514, a status field 1516, a description field 1518, and a reference number 1520 (see 1508a at Fig. 15b). The syntax field 1512 defines a type of data object, for example, as a DisplayString or a selectable Integer. The access field 1514 defines a read properties of the parameter, for example, as a read-only or a read-write. The status field 1516 defines whether inclusion of the object in the MIB file is mandatory. The description field 1518 provides a character description of the field. The reference number 1514 is a unique local number specific to an object in the MIB file. These fields collectively define an "object type" within the information model.
Referring now to Figs. 15c-15(l), each of the second set of instructions 1504 includes dynamically-defined elements 1510 corresponding to a set of one or more

second parameters associated with operations and/or information of the plurality of controllers 108. The second set of instructions may include instructions for alarms (see Figs. 15c and 15d) and 10 parameters (see Figs. 15e - 151) and may vary according to a number of alarms and a number of 10 parameters established for a given runtime application of a computing device 104.
The alarm trap, in some embodiments, corresponds to alarm events that are executed on the FDVII controller 104 running at the SNMP agent 114 to notify the SNMP manager 116 when a certain pre-defined alarm condition occurs. The IO parameters of the SNMP agent and SNMP manager are maintained as "FDVIITags" in which each HMI-tag includes data value and a data type. These data values corresponds to control, input, and/or output parameters of controllers 108 that are accessible to the SNMP agent 114.
Referring to Figs. 15c and 15d, the alarm traps are defined in the information model herein as a "notification type" (rather than an object type) according to the information model. As shown in Fig. 15c, a notification-type object is defined by a set of objects 1522, a status field 1524, a description field 1526, and a reference number 1528. Each object of the set of objects 1522 is further defined by an object-type description 1530 (shown in Fig. 15d), which is the same object-type description used in the statically-defined elements. That is, the object type description of the dynamically-defined elements includes the syntax field 1512, the access field 1514, the status field 1516, the description field 1518, and the reference number 1520 for each of the alarm-trap element 1522. Examples of alarm objects include "AlarmTagName", "AlarmTagValue", "AlarmProjectName", "AlarmGroupName", "AlarmTime", and "AlarmMessage."
Referring still to Figs. 15e-151, each IO parameter is defined in the information model as an object type (see Fig. 15e), which has a syntax 1532 of a "Sequence of HMITags". The "Sequence of HMI-tags 1532" object is then defined as a list (see Fig. 15f) where each element of the list is subsequently defined as an object type having the same structure as the object-type definition of the statically-

defined elements (i.e., the object type includes the syntax field 1512, the access field 1514, the status field 1516, the description field 1518, and the reference number 1520). Within the list (of HMITags sequences), each HMITag includes a HMI-tag identifier 1536 and a datatype 1538. Device Permissions by Tactile Gestures
In another aspect, the HMI controller 104 may be configured to enable a security measure that allows device permissions to be set only by physical presence of operator at the device. In some embodiments, the operator has to provide tactile gestures to a HMI display of the device and/or manual activation of physical switches of the device to fulfill the security measure. This feature enables operators to perform underlying changes and/or updates to hardware, firmware, operating system, and/or security features of the controller without having to access manual switches (e.g., DIP switches), often located on circuit boards within the controller. The technology enables a "soft" manual switch that is comparable, in effect, to a "hard" manual switch.
Fig. 16 is a diagram illustrating a method 1600 of securely invoking device configuration of a HMI computing device (e.g., device 104) via a tactile input in accordance with an illustrative embodiment. The method 1600 includes causing, at a display of a computing device, presentation of a graphical rendering at an area of the display, wherein the rendering includes a graphical element associated with a device configuration parameter (step 1602). The method 1600 further includes detecting, via one or more sensors associated with the display, a selection of a tactile input (e.g., a swipe, a double-tap, or any other tactile or finger gesturing pattern or sequence) received via the one or more sensors of the display, the tactile input associated with the graphical element associated with the device configuration parameter, wherein the device configuration parameter is associated with a configuration service corresponding to a device configuration application. Examples of device configuration application includes, but are not limited to, a firmware update routine, a

startup screen bypass routine, an enhanced security mode, or a communication stack enable/disable mode.
The method 1600 further includes, in response to the detection of the tactile input, storing, in memory (e.g., non-volatile memory) of the computing device, a modification of the device configuration parameter (step 1606). The method 1600 may further include executing the configuration service associated with the device configuration application, wherein device configuration service is invokable via the tactile input, and wherein the device configuration service is not invokable via an input associated with a keyboard input, a mouse input, and/or a cursor input of the computing device.
Fig. 17 is a diagram illustrating a method 1700 of securely invoking device configuration of a HMI computing device via a tactile input in accordance with another illustrative embodiment. The method 1700 includes determining, via a processor of a computing device (e.g., computing device 104), one or more gestures associated with a tactile input received at a display (e.g., a multi-touch display) of the computing device (step 1702). In some embodiments, the computing device presents a graphical user interface on a display of the computing device. The graphical user interfaces includes one or more widgets associated with the enabling and/or disabling of a device configuration setting. The widget may include instructions and/or description associated with the configuration setting.
In some embodiments, the one or more gestures are received, via sensors on the display, at a location on the display associated with one or more widgets for activating the configuration service and/or routine. The tactile input may include a pattern and/or a sequence of inputs received at the display, e.g., a multi-touch display, of the computing device 104. In some embodiments, the tactile input is received via the multi-touch sensor 1418 as described in relation to Fig. 14.
The method 1700 includes, in response to the determination (of step 1702), comparing, by the processor, the one or more received gestures with a security gesture associated with activation of a device configuration service invokable at the

computing device (step 1704). In some embodiments, the security gesture is a Boolean operation and/or condition - for example, actuate upon receipt of a double tap at a widget, actuate upon receipt of a single tap at a widget, actuate upon receipt of a password or code at a dialog box, actuate upon receipt of a two dimensional pattern received over a defined portion of the display. In some embodiments, the Boolean operation and/or condition are stored in a database of the computing device. In some embodiments, the same security gesture is used for each type of device configuration services invokable at the computing device. In other embodiments, the security gesture is different for each of the types of device configuration services.
The method 1700 further includes, in response to a match (of step 1704), executing activation of the device configuration service at the computing device (step 1706). In some embodiments, execution of the device configuration service results in an executable routine, file, event, or service associated to the configuration setting to be invoked.
In some embodiments, the device configuration service is invokable only via the tactile input. That is, the device configuration service is not invokable via a keyboard input, a mouse input, and a cursor input of the computing device. To this end, inputs, for example, from the operating system API relating to the keyboard input, the mouse input, and the cursor input are not classified as a tactile gesture for comparison to the security gesture.
Fig. 18 is a graphical user interface 1800 for securely invoking device configuration of a HMI computing device via a tactile input in accordance with an illustrative embodiment. The graphical user interface 1800 is presented, in some embodiments, by way of execution of a runtime application, service, or process running on a HMI controller. The graphical user interface 1800 includes one or more device configuration inputs 1802-1808 corresponding to a firmware upgrade 1802, a startup screen bypass routine 1804, an enhanced security mode 1806, or a communication stack enable/disable mode 1808. The graphical user interface 1800 includes an enable widget 1810 to receive a command from the user to enable the

selected device configuration input. Upon selections of one of the inputs 1802, 1804, 1806, 1808, and the enable widget 1810, the runtime application, in some embodiments, invokes one or more executable instructions associated with a respective device configuration action. For example, upon receipt of selections of the input to upgrade the firmware of the device (1802) and the enable button 1810, a firmware upgrade service or executable file is executed.
Fig. 19 is a diagram illustrating a system 1900 for securely invoking device configuration of a HMI computing device 104 via a tactile input in accordance with an illustrative embodiment. The system 1900 includes one or more device inputs such as keyboard inputs 1902, mouse input 1904. The system 1900, in some embodiments, further includes communication inputs 1906 such as device inputs from a remote computing device. The system 1900, in some embodiments, further includes communication inputs 1908 corresponding to tactile gestures received at a display of a remote computing device. The system 1900 further includes inputs from a sensor located on the computing device (e.g., multi-touch display), which corresponds with a physical touch (e.g., a tactile gesture). The tactile gesture may include any physical touch associated with a physical sensor on the computing device.
Still referring to Fig. 19, the system 1900 includes an input filter logic 1912 to filter HMI inputs that does not corresponds to inputs received at a HMI display of the computing device. In some embodiments, the FDVII display parameters are accessed through APIs of the operating system of the computing device. The input filter logic 1912, in some embodiments, does not act upon one or more manual switches (e.g., DIP switches) located on the circuit board of the computing device. To this end, the system 1900 may receive either tactile inputs from the HMI display or the manual switches to enable the respective device configuration service, process, and/or executable file.
Fig. 20 is a diagram illustrating a system 2000 for securely invoking device configuration of a HMI computing device (e.g., computing device 104) via a tactile

input in accordance with another illustrative embodiment. The system includes a HMI-display (e.g., a multi-touch display) for receiving inputs at a display of the device. The system includes a processor and a memory having instructions thereon, wherein the instructions, when executed by the processor, cause the processor to receive inputs at the display, where the inputs corresponds to one or more tactile inputs received at the display. In some embodiments, the instructions are executed in a service (2002). The system further includes one or more manual switches (e.g., DIP switches) located on the circuit board of the computing device. The settings on the manual switches may trigger an operating-system level event (2004). In some embodiments, the inputs of the one or more tactile inputs and the manual-switch inputs are mapped to non-volatile memory of the computing device (2006). In some embodiments, a configuration application reads the non-volatile memory of the computing device to determine whether to initiate instructions to perform the configuration (2008). In some embodiments, the configuration application is an event that is invoked upon a trigger associated with the receipt of inputs of the one or more tactile inputs and the manual-switch inputs. In some embodiments, the configuration application results in a power-down and hardware re-initialization of the system. In some embodiments, the configuration application interrogates the non¬volatile memory to continue with a configuration subroutine that has been initiated.
While the methods and systems have been described in connection with preferred embodiments and specific examples, it is not intended that the scope be limited to the particular embodiments set forth, as the embodiments herein are intended in all respects to be illustrative rather than restrictive. Fig. 21, for example, is a diagram illustrating industrial environments for use by the HMI controller described herein in accordance with an illustrative embodiment.
Unless otherwise expressly stated, it is in no way intended that any method set forth herein be construed as requiring that its steps be performed in a specific order. Accordingly, where a method claim does not actually recite an order to be followed by its steps or it is not otherwise specifically stated in the claims or descriptions that

the steps are to be limited to a specific order, it is no way intended that an order be inferred, in any respect. This holds for any possible non-express basis for interpretation, including: matters of logic with respect to arrangement of steps or operational flow; plain meaning derived from grammatical organization or punctuation; the number or type of embodiments described in the specification.
Throughout this application, various publications may be referenced. The disclosures of these publications in their entireties are hereby incorporated by reference into this application in order to more fully describe the state of the art to which the methods and systems pertain.
It will be apparent to those skilled in the art that various modifications and variations can be made without departing from the scope or spirit. Other embodiments will be apparent to those skilled in the art from consideration of the specification and practice disclosed herein. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit being indicated by the following claims.

WE CLAIM:
1. A method of generating an updated management information base (MIB) of a
computing device, the updated MIB including data associated with operations of a
plurality of controllers in communication with the computing device, the computing
device and plurality of controllers, collectively, forming a subnetwork managed by
the computing device, the method comprising:
receiving, by a processor of the computing device, one or more supervision commands associated with operations of one or more controllers, wherein the supervision command includes an identifier corresponding to one or more control parameters of the one or more controllers;
generating, by the processor, an updated MIB for the computing device, wherein the updated MIB includes definitions for interfacing to the one or more control parameters of the one or more controllers, wherein the SNMP manager interfaces with a SNMP agent through SNMP messages using information in the updated MIB, and wherein the SNMP agent is executed on the computing device);
receiving, by the processor, data associated with operations of the one or more controllers;
comparing, by the processor, the received data to one or more notification rules associated with the supervision command; and
in response to a match of a particular notification rule of the one or notification rules, causing, by the processor of the computing device, transmission of a Simple-Network-Management-Protocol (SNMP) notification to a SNMP manager at a second computing device, wherein the SNMP notification includes an indication of a matched notification rule.
2. The method as claimed in claim 1, comprising:
receiving, by the processor, from the SNMP manager of the second computing device, a SNMP request for a control value corresponding to the one or

more control parameters of the one or more controllers, wherein the control value is derived from the updated MIB; and
in response to the request, transmitting, by the processor, a SNMP message to the SNMP manager, the SNMP message including, at least, the requested control value.
3. The method as claimed in claim 1, wherein the controller includes a system selected from the group consisting of a Programmable Logic Controller (PLC) and a Supervisory Control And Data Acquisition (SCADA) system.
4. The method as claimed in claim 1, wherein the updated management information base includes a plurality of static components and a plurality of dynamic components, wherein each of the plurality of static components includes instructions associated with information of the computing device, and wherein each of the plurality of dynamic components includes instructions associated with information of the one or more controllers.
5. A method, the method comprising:
establishing, at the computing device, one or more first connections to a corresponding set of one or more first controllers, wherein the computing device is configured to receive first operating data from the set of one or more first controllers on an on-going basis during runtime of the computing device;
generating, at the computing device, a first MIB, wherein the first MIB includes:
i) operating data corresponding to the computing device and
ii) the first operating data corresponding to the set of one or more first controllers;
establishing, at the computing device, one or more second connections to a corresponding set of one or more second controllers, wherein the computing device is

configured to receive second operating data from the one or more second controllers on an on-going basis during the runtime of the computing device; and
generating, at the computing device, a second MIB, wherein the second MIB includes:
i) the operating data corresponding to the computing device,
ii) the first operating data corresponding to the set of one or more first
controllers, and iii) the second operating data corresponding to the set of one or more second controllers.
6. The method as claimed in claim 5, comprising:
loading, in memory of a second computing device, the first MIB, wherein the second computing device is executing a SNMP manager;
interrogating, at the second computing device, a SNMP agent executing on the computing device for the status or operating data associated with the set of one or more first controllers, wherein the status and/or operating data is derived from the first MIB;
loading, in memory of the second computing device, the second MIB; and
interrogating, at the second computing device, the SNMP agent of the computing device for the status or operating data associated with either the set of the one or more first controllers and/or the set of the one or more second controllers, wherein the status and/or operating data is derived from the second MIB.
7. A dynamically-generated management information base (MIB) file associated
with a computing device operatively connected to a plurality of, wherein the MIB
files includes objects corresponding to the computing device and the plurality of
connected controllers, the dynamically-generated MIB file comprising:
a first set of instructions; and a a second set of instructions,

wherein each of the first set of instructions includes statically-defined elements corresponding to a set of one or more first parameters associated with operations and/or information of the computing device, and
wherein each of the second set of instructions include dynamically-defined elements corresponding to a set of one or more second parameters associated with operations and/or information of the plurality of controllers,
wherein each dynamically-defined element includes an object definition and an object definition type,
wherein the object definition includes a data field selected from the group consisting of an object name, an object status, and an object definition, and
wherein the object definition type includes a data field selected from the group consisting of a syntax field, an access field, a status field, and a description field.
8. The dynamically-generated management information base (MIB) file as
claimed in claim 7, wherein the set of one or more second parameters include one or
more alarm definitions and and one or more 10 parameters,
wherein each of the one or more alarm definitions and each of the one or more 10 definitions include a first definition section and second definition section,
wherein each first definition section includes objects selected from the group consisting of a list of object identifiers, a status field, and an object definition, and
wherein each second definition section corresponds to a given object in the list of object identifiers, and each second definitions section includes one or more objects selected from the group consisting of a syntax field, an access field, a status field, and a description field.
9. A system of a computing device, the updated MIB including data associated
with operations of a plurality of controllers in communication with the computing

device, the computing device and plurality of controllers, collectively, forming a subnetwork managed by the computing device, the system comprising: a processor; and
a memory having instructions stored thereon, wherein the instructions, when executed by the processor, cause the processor to:
receive one or more supervision commands associated with operations of one or more controllers, wherein the supervision command includes an identifier corresponding to one or more control parameters of the one or more controllers;
generate an updated MIB for the computing device, wherein the updated MIB includes definitions for interfacing to the one or more control parameters of the one or more controllers wherein the updated MIB is used by a SNMP manager executing on a second computing device wherein the SNMP manager interfaces with a SNMP agent through SNMP messages using information in the updated MIB, and wherein the SNMP agent is executed on the computing device);
receive data associated with operations of the one or more controllers;
compare the received data to one or more notification rules associated with the supervision command; and
in response to a match of a particular notification rule of the one or notification rules, cause transmission of a Simple-Network-Management-Protocol (SNMP) notification to a SNMP manager at a second computing device, wherein the SNMP notification includes an indication of a matched notification rule.
10. A system of a computing device to include operating parameters of a set of controllers, wherein the controller is in communication with the computing device), the system comprising:

a processor; and
a memory having instructions stored thereon, wherein the instructions, when executed by the processor, cause the processor to:
establish, at the computing device, one or more first connections to a corresponding set of one or more first controllers, wherein the computing device is configured to receive first operating data from the set of one or more first controllers on an on-going basis during runtime of the computing device;
generate, at the computing device, a first MIB, wherein the first MIB includes:
i) access definitions of operating data corresponding to the computing device, and
ii) access definitions of the first operating data corresponding to the set of one or more first controllers;
establish, at the computing device, one or more second connections to a corresponding set of one or more second controllers, wherein the computing device is configured to receive second operating data from the one or more second controllers on an on-going basis during the runtime of the computing device; and
generate, at the computing device, a second MIB, wherein the second MIB includes:
i) access definitions of the operating data corresponding to the computing device,
ii) access definitions of the first operating data corresponding to the set of one or more first controllers, and
iii) access definitions of the second operating data corresponding to the set of one or more second controllers.

11. A system that invokes configuration of the system via a tactile input, the
system comprising:
a processor;
a display in communication with the processor, the display being configured to receive tactile inputs from one or more sensors operatively coupled to the display; and a memory having instruction logics stored thereon, wherein the instruction logics, when executed by the processor, cause the processor to:
cause, at the display, presentation of a graphical rendering at an area of the display, wherein the rendering includes a graphical element associated with a device configuration parameter; detect, via the one or more sensors associated with the display, a selection of a tactile input wherein the tactile input is received via an operating system API, received via the sensors of the display, wherein the tactile input corresponds to activation of the graphical element associated with the device configuration parameter, and wherein the device configuration parameter is associated with a configuration service corresponding to a device configuration application and wherein the device configuration parameter is stored in non-volatile memory of the computing device; and in response to the detection of the tactile input, store, in the memory of the apparatus, a modification of the device configuration parameter.
12. The system as claimed in claim 11, wherein the instructions, when executed
by the processor, cause the processor to:
execute the configuration service associated with the device configuration application, wherein device configuration service is invokable via the tactile input,

and wherein the device configuration service is not invokable via an input associated with a keyboard input, a mouse input, and/or a cursor input of the computing device.
13. The system as claimed in claim 11, wherein the device configuration service is invokable only via the tactile input.
14. The system as claimed in claim 11, comprising:
a plurality of selectable switches coupled to a circuit board of the apparatus, wherein the device configuration service is invokable only either via the tactile input or via a selection of one or more switches of the plurality of selectable switches.
15. The system as claimed in claim 11, wherein the device configuration parameter is associated with permissions selected from the group consisting of a device firmware upgrade; an enabling and/or disabling a device enhanced security mode; enabling and/or disabling a device start-up window bypass mode; and an enabling and/or disabling a communication protocol.
16. The system as claimed in claim 11, wherein the tactile input includes two or more user inputs to areas of the display, including a first input at a first area and a second input at a second area, wherein the first area is different from the second area.
17. The system as claimed in claim 11, wherein the tactile input includes two or more user inputs to areas of the display, including a first input at a first area and a second input at a second area, wherein the first area is the same as the second area.

18. The system as claimed in claim 11, wherein the device configuration parameter is stored in non-volatile memory of the computing device.
19. A method for securely invoking device configuration of a computing device via a tactile input, the method comprising:
causing, at a display of a computing device, presentation of a graphical rendering at an area of the display, wherein the rendering includes a graphical element associated with a device configuration parameter;
detecting, via one or more sensors associated with the display, a selection of a tactile input received via the one or more sensors of the display, the tactile input associated with the graphical element associated with the device configuration parameter, wherein the device configuration parameter is associated with a configuration service corresponding to a device configuration application; and
storing, in memory of the computing device, a modification of the device configuration parameter.
20. The method as claimed in claim 19, comprising:
in response to the detection of the tactile input, using the stored modification to execute the configuration service associated with the device configuration application, wherein device configuration service is invokable via the tactile input, and wherein the device configuration service is not invokable via an input associated with a keyboard input, a mouse input, and/or a cursor input of the computing device.
21. A method for securely invoking device configuration of a computing device
via a tactile input, the method comprising:

determining, via a processor of a computing device, one or more gestures associated with a tactile input received at a display of the computing device;
in response to the determination, comparing, by the processor, the one or more received gestures with a security gesture associated with activation of a device configuration service invokable at the computing device; and
in response to a match, executing activation of the device configuration service at the computing device.