JP2011021977A - System for monitoring of nuclear power generation plant, and operation-maintenance data management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a system for monitoring a nuclear power generation plant and an operation-maintenance data management system, wherein each individual person or individual department can use dedicated environment or application in an optional place such as field site or office, without the problems of radiation control, management of plant monitoring control information, and security of a plant monitoring control apparatus. <P>SOLUTION: The system 301 for monitoring the nuclear power generation plant includes a monitoring control network 100 to which the plant monitoring control apparatus 22 is connected, an one-way gateway 201, a plant information server 202, a thin client server 203 obtaining desired data from among the monitoring control information from the plant information server 202, a thin client terminal 207 installed in a radiation control area, and a thin client terminal 211 installed outside the radiation control area. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a nuclear power plant monitoring system that remotely uses monitoring control information of a nuclear power plant via a network from any location such as the site of a nuclear power plant or a management office, and the site and management of a nuclear power plant. The present invention relates to a nuclear power plant operation / maintenance data management system that remotely uses nuclear power plant operation / maintenance information from an arbitrary location such as an office via a network.

2. Description of the Related Art Plant monitoring and control devices that monitor and control recent nuclear power plants (hereinafter simply referred to as “plants”) have been digitized. For example, in an improved boiling water nuclear plant, a full digital type plant monitoring and control system is used. The device is used. This plant supervisory control device collects supervisory control information over the entire plant by the supervisory control devices from the reactor safety protection system to the turbine auxiliary system via the supervisory control network, and inputs signals to the alarm system and plant control It is used as business data.
Furthermore, the plant monitoring and control apparatus includes a process computer, and the monitoring and control information and plant control data are processed by the process computer and processed and provided to data necessary for operation and maintenance.

  The use of personal computers, PDAs (Personal Digital Assistants) and the like is also increasing in field work such as during periodic inspections of plants. For example, work management data such as instrument calibration records and cable connection confirmations is highly requested to be changed to data input by PDAs from methods recorded on paper in the field. In some cases, monitoring control information such as operation data is required on site. For example, in a calibration work for a meter such as a pressure transmitter, it is necessary to check information such as a change in an instruction value and an alarm report accompanying a work performed on site. Also, in maintenance work for instruments such as instruments, valves, pumps, etc., it is necessary to confirm that work start conditions are in place, such as isolating the target equipment so that it does not affect operation. . At present, these confirmation operations can be performed only in the central control room, so field workers can communicate with operators or maintenance personnel in the central control room using a mobile phone such as PHS (Personal Handy-phone System). You must proceed.

  By the way, these plant monitoring control information relates to the safety of the plant, and it is necessary to maintain confidentiality. Therefore, it is normally available only in the central control room where the plant monitoring control device is installed. In order to utilize the monitoring and control information of the plant for the creation and maintenance of forms in periodic inspections, it is necessary to record data from the central control room to paper media or magnetic recording media, take it out of the central control room, and process it. There is a high need for online access in terms of management efficiency.

To meet such needs, a client-server system using a dedicated network can be used for a plant monitoring system that provides monitoring control information necessary for offices and sites outside the central control room, and for offices and sites outside the central control room. An operation / maintenance data management system that provides necessary operation / maintenance data can be considered.
However, with this method, when trying to support various types of monitoring control information and use locations, the cost of a dedicated network, a server for a client server method, and a terminal increase, and thus the system must be a limited application. . In addition, in order to suppress an increase in cost, the application software used for the client server method is a method in which users share general-purpose software.

  Patent Document 1 discloses a remote monitoring control system based on an agent method using a wide area network instead of a client server method. A technique is disclosed in which the monitoring specification can be changed by using an agent without replacing the program of the monitoring control device. In addition, since transmission guarantees and security functions are important because a wide area network is used, in the technique described in Patent Document 1, an agent with security processing is used in the wide area network, and the dedicated network of the monitoring control device is entered from the wide area network. Later, a lightweight agent without a security function is generated, and the system corresponds to a monitoring control device with a small CPU processing capacity and memory capacity.

JP 2003-167801 A

  It is effective for improving work efficiency that each individual or individual department can use a dedicated environment and application software at an arbitrary place such as a plant site or an office. The most straightforward example is that work-related information and data processing applications prepared at the office can be used on-site, and reports can be created at the office based on data entered on-site. It is to be. For this purpose, the first conceivable method is a method using a dedicated network for improving the efficiency of the work for connecting between the site and the office. However, this method has both cost and usability. Have difficulty.

  As a method not using a dedicated network, it is conceivable to use a portable personal computer of each individual or individual department and carry it to the site or office. Also, when plant monitoring and control information such as operation data is required at the site, a general-purpose network is installed at the site, and this general-purpose network and the plant monitoring and control network are connected to each other on-line from a personal computer. It is conceivable to construct a system for receiving plant monitoring control data such as operation data.

  However, there are three problems in the method of using a portable personal computer in a plant. The first is the problem of radiation management. When using information devices such as personal computers and PDAs in the radiation control area and taking it out of the management area such as an office, it is necessary to inspect the radioactive contamination for radioactive substances. In particular, a system that ventilates the interior of a personal computer and cools the CPU, electronic circuit, and the like therein requires a long time for the radioactivity contamination inspection. As information devices such as personal computers and PDAs are brought into the field, the radioactive contamination inspection work becomes enormous, and the cost required for personnel and equipment for the radioactive contamination inspection may increase.

The second is an information management problem. The data input at the site and the plant supervisory control information received from the plant supervisory control network are stored in the personal computer or PDA storage device used. For this reason, there is a risk of information leakage when a personal computer or PDA is connected to the Internet or when it is stolen.
The third is a problem of ensuring the security of the plant monitoring control device. When a general-purpose network laid on the site and a plant monitoring and control network are connected, an unauthorized signal may be transmitted to the plant monitoring and controlling device by a malicious user or the like, causing a malfunction of the plant monitoring and controlling device. In the case of the prior art of Patent Document 1 described above, since a lightweight agent having no security function is generated and used, it is malicious to the reactor safety protection system via the monitoring control network of the plant monitoring control device. There is a problem that a lightweight agent program becomes intrusive.

  The present invention allows each individual or individual department to be in any place such as a site or office without causing the above-mentioned problems of radiation management, problems of management of plant monitoring control information, and security problems of the plant monitoring control apparatus. The purpose is to provide a nuclear power plant monitoring system and operation / maintenance data management system that can use a dedicated environment and applications.

  In order to solve the above problems, a monitoring system for a nuclear power plant according to a first aspect of the present invention includes a monitoring control network to which a plant monitoring control device is connected, and plant information for collecting monitoring control information in real time via the monitoring control network. The server, a thin client server with a built-in program for receiving and processing desired data from the plant information server among the monitoring control information stored in the plant information server, and a thin client server installed in the radiation management area of the nuclear power plant A first thin client terminal that stores only a program and data for remotely operating a client server via a network for a sink line terminal different from the supervisory control network, and a thin client installed outside the radiation management area of the nuclear power plant Server, thin A second thin client terminal for storing only a program and data to be remotely operated via a network for a remote terminal, and a monitoring control network and a plant information server. A one-way gateway having a function of transmitting data to the plant information server side and conversely not transmitting data from the plant information server to the supervisory control network side is provided.

  A nuclear power plant operation / maintenance data management system according to a second aspect of the invention includes a plant information server for storing operation / maintenance information, and desired data among the operation / maintenance information stored in the plant information server. A thin client server containing a program that receives and processes from the server and a radiation control area of the nuclear power plant, and remotely operates the thin client server via a network for a sink line terminal different from the supervisory control network. A first thin client terminal that stores only the program and data, and a program and data that are installed outside the radiation control area of the nuclear power plant and remotely operate the thin client server via the network for the sink line terminal The second thin cry to Installed between the monitoring terminal, the monitoring control network, and the plant information server, and transmits specific data set in advance among the operation / maintenance information to the plant information server. Conversely, the data from the plant information server is monitored and controlled. And a one-way gateway having a function of not transmitting to the network side.

  According to the first invention and the second invention, in a system in which each individual or individual department can use a dedicated environment or application at any place such as a site or office in a nuclear power plant, By installing the first thin client terminal and the second thin client terminal respectively outside, it is possible to prevent an increase in radiation management work even when a large amount of information equipment is used in the radiation management area. Further, by using the first and second thin client terminals that do not have a writable non-volatile storage device such as a hard disk, the risk of information leakage including unintentional cases can be greatly reduced. Furthermore, a one-way gateway is arranged between the plant monitoring and control network and the plant information server, so that a transmission signal from the user does not reach the monitoring and control network, so that the nuclear power plant monitoring and control system or nuclear power generation While providing information on the plant operation / maintenance data management system online to the first and second thin client terminals, the security of the plant monitoring control device can be ensured.

  According to the present invention, each individual or individual can be used in any place such as a site or an office without causing the above-mentioned radiation management problem, plant monitoring control information management problem, and plant monitoring control device security problem. It is possible to provide a nuclear power plant monitoring system and an operation / maintenance data management system in which departments can use dedicated environments and applications.

It is a block diagram of the monitoring system of the nuclear power plant which is 1st Embodiment. It is a block diagram of a one-way gateway. It is a block diagram of a plant information server. It is a block diagram of a thin client server. It is a block diagram of a thin client terminal. It is explanatory drawing of the structure of the authentication information database in a thin client server, (a) is explanatory drawing of a data access permission table, (b) is explanatory drawing of a user ID table, (c) is description of a terminal ID table. FIG. 4D is an explanatory diagram of a card ID table. It is explanatory drawing of the display screen of the monitoring program which operate | moves with a thin client server, (a) is explanatory drawing of a main menu screen, (b) is explanatory drawing of an apparatus monitoring menu screen, (c) is trend monitoring. (D) is an explanatory diagram of an alarm monitoring menu screen, (e) is an explanatory diagram of an equipment monitoring screen, (f) is an explanatory diagram of a trend monitoring screen, and (g) is an alarm monitoring. It is explanatory drawing of a screen. It is a block diagram of the modification of a one-way gateway. It is a block diagram of the plant information server with a gateway function which made the one-way gateway and the plant information server an integrated apparatus. An example in which a plurality of plant information servers are configured is shown. It is a block diagram of the monitoring system of the nuclear power plant of 2nd Embodiment. It is a block diagram of the monitoring system of the nuclear power plant of 3rd Embodiment.

Hereinafter, a monitoring system for a nuclear power plant according to a first embodiment of the present invention will be described with reference to the drawings.
<< First Embodiment >>
(Overall configuration of the nuclear power plant monitoring system)
FIG. 1 shows the overall configuration of a monitoring system for a nuclear power plant.
The nuclear power plant (hereinafter simply referred to as “plant”) monitoring system 301 of this embodiment is mainly connected to a plant monitoring control device 22 and a monitoring control network 100 described later included in the plant monitoring control device 22. The thin client terminal (the first client terminal) connected to the thin client server 203 via the direction gateway 201, the plant information server 202, the thin client server 203, the external connection communication line 105, the local area network 107, the Ethernet (registered trademark) 113A, 113B, etc. 1 thin client terminal) 207, wireless terminal 208, thin client terminal (second thin client terminal) 211, and other thin client terminals 213 connected to the thin client server 203 via the wide area network 115. Nde is configured.
The plant monitoring control device 22, the one-way gateway 201, the plant information server 202, and the thin client server 203 are arranged in a central control room 303 of the plant, for example.

The one-way gateway 201 and the plant information server 202 are connected by the one-way gateway output side network 101, and the plant information server 202 and the thin client server 203 are connected by the thin client server side network 103. .
The thin client server 203 is connected to a VPN (Virtual Private Network) concentrator 204 via the external connection communication line 105 and the firewall 205A.

The VPN concentrator 204 is connected to the thin client terminal 207 via the shared local area network 107 used for various communication purposes in the plant, the firewall 205B, and the Ethernet 113A installed in the field 305 in the radiation management area of the plant. And connected to the wireless terminal 208. In FIG. 1, only one thin client terminal 207 and one wireless terminal 208 are representatively displayed, but a plurality of thin client terminals 207 and wireless terminals 208 are arranged at required locations.
In the field 305 in the radiation management area, a plurality of PDAs 209 that are limited to use in the radiation management area and are not allowed to be taken out from the radiation management area are arranged, connected to the wireless terminal 208 by wireless communication, It can be used during maintenance inspections of equipment and devices.
The thin client terminal 207 has a communication operation program 255c for remotely operating the thin client server 203, and the PDA 209 also has a similar communication operation program 255c.

  The VPN concentrator 204 is connected to the thin client terminal 211 via the local area network 107 and the firewall 205C via the Ethernet 113B installed in the field outside the plant radiation management area or in the office 307. In FIG. 1, only one thin client terminal 211 is representatively displayed, but a plurality of thin client terminals 211 are arranged at required locations. The thin client terminal 211 has a communication operation program 255 c for remotely operating the thin client server 203.

Further, the VPN concentrator 204 is connected to a wide area network 115 such as the Internet via the local area network 107 and the firewall 205D. Further, other thin client terminals 213 are connected via a firewall 205E and an Ethernet 113C connected to the wide area network 115. The other thin client terminals 213 are, for example, a central power supply control center that monitors the operation and transmission system of power generation facilities of a power company that owns the plant, and a nuclear power operation management department that provides technical support for plant operation and maintenance management at the head office side. Etc. In FIG. 1, only one other thin client terminal 213 is typically displayed, but a plurality of other thin client terminals 213 are arranged at a required location. Other thin client terminals 213 also have a communication operation program 255 c for remotely operating the thin client server 203.
Here, the communication operation program 255c corresponds to “a program for remotely operating a thin client server via a network for a thin line terminal different from the monitoring control network” described in the claims.
Further, the Ethernets 113A, 113B, and 113C correspond to the “network for the sync terminal” recited in the claims.

  Incidentally, the VPN concentrator 204 is virtual on a shared network such as the Internet while maintaining the same security as the private network connection between the firewall 205A and the other firewalls 205B, 205C, and 205D. It is a network device for providing a secure communication environment for establishing a private network connection.

Next, each configuration described above will be described in more detail.
(Plant monitoring controller)
First, the plant monitoring control device 22 will be described. A plant monitoring control device 22 for monitoring and controlling the operation state of the nuclear power plant is mainly a monitoring operation panel 17 connected to the monitoring control network 100, a regular system monitoring control device 18, a safety system monitoring control device 20, and a process computer 21. Etc.
The monitoring operation panel 17 displays the operation state of the entire plant, displays the reactor pressure, heat output, generator output, etc., and displays the operation status of each system included in the plant. It has a monitoring display screen, operating means such as systems and devices included in the plant, for example, a switch for turning on and off the systems and devices included in the plant, a system selection switch, a scram button, an adjustment dial, and the like.

The normal-system monitoring and control device 18 is composed of a plurality of normal-system monitoring control panels that monitor and control the operation of each system and equipment in a normal plant. The safety system monitoring and control device 20 scrams the reactor, traps radioactive materials in the reactor containment vessel, operates an emergency core cooling system that cools the core in the event of an accident, and cools the reactor containment vessel It consists of a plurality of emergency monitoring control panels that share functions such as operating the containment spray cooling system.
Here, the monitoring control panel is a housing in which a power supply circuit, various instrumentation units, and the like are stored in a housing.

The process computer 21 processes signals indicating the state of each device output from the normal system monitoring control device 18 and the safety system monitoring control device 20 to the monitoring control network 100 to obtain information and plant information necessary for plant operation monitoring control. Provide information necessary for maintenance of
The process computer 21 outputs signals indicating the state of each device output from the normal system monitoring control device 18 and the safety system monitoring control device 20, for example, temperature, pressure, flow rate, valve opening, pump rotation speed, etc. Processing is performed so as to display the current state on the plant monitoring display screen of the monitoring operation panel 17 described above, or processing is performed so as to display a signal trend indicating the state of each of the exemplified devices.

Further, the process computer 21 processes a signal indicating the state of each device output from the regular system monitoring control device 18 to the monitoring control network 100 to calculate the thermal output of the reactor and the thermal limit value of the fuel in the core. The calculation is performed and displayed on the monitoring control screen of the monitoring operation panel 17 as information necessary for plant operation monitoring control.
In addition, the process computer 21 processes on / off signals, alarm signals, and the like of the devices output to the monitoring control network 100 from the normal system monitoring control device 18 and the safety system monitoring control device 20, and the monitoring operation panel 17. The operation function and alarm log of each device are recorded in a storage device included in the process computer 21, for example, using a hard disk.

  The safety system monitoring and control device 20 that requires particularly high safety is composed of a monitoring control panel that is separate from the monitoring control panel that constitutes the regular system monitoring and control device 18, and displays a gateway 19 ("GW19" in FIG. 1). ) To the supervisory control network 100.

A signal indicating the status of each device, an on / off signal of each device, an alarm signal, and a process computer 21 output from the regular system monitoring control device 18 and the safety system monitoring control device 20 to the monitoring control network 100 are calculated. The information such as the thermal output of the nuclear reactor and the thermal limit value of the fuel in the core is hereinafter collectively referred to as “monitoring control information”.
The monitoring control information is appended with an identifier indicating the type of information and time information indicating the occurrence date and time of the monitoring control information.

  As shown in FIG. 1, a one-way gateway 201 is connected to the monitoring control network 100, and a plant information server 202 is connected to the output side of the one-way gateway 201 via the one-way gateway output side network 101. Yes.

(One-way gateway)
As shown in FIG. 2, the one-way gateway 201 includes a communication interface 223, a central processing unit 224, storage devices 225 and 226, a bus 227, a communication interface 228, and the like. The storage device 225 is composed of, for example, a ROM, and stores a communication reading program 225a, a communication output program 225b, and a firewall program 225c. The central processing unit 224 stores the communication reading program 225a, the communication output program 225b, and the firewall program 225c. By executing the above, only the information previously selected and set from the monitoring control information flowing from the monitoring control network 100 to the one-way gateway output side network 101 and flowing on the monitoring control network 100 is plant information at a constant cycle. The data is transmitted to the server 202 via the one-way gateway output side network 101.

Incidentally, the storage device 226 is constituted by, for example, a RAM, and stores a buffer function for temporarily storing the monitoring control information received via the communication interface 223 by executing the communication reading program 225a in the central processing unit 224. Device.
A signal from the monitoring control network 100 is captured by the communication interface 223. The central processing unit 224 executes the communication reading program 225 a to convert the acquired signal into data, and overwrites and saves it in the storage device 226 via the bus 227. In addition, the central processing unit 224 executes the communication output program 225b to output only data of the monitoring control information set in advance among the data in the storage device 226 to the communication interface 228 at a constant cycle. By such an operation, preset information out of the monitoring control information of the monitoring control network 100 is transmitted to the plant information server 202.

  The firewall program 225c accesses the monitoring control network 100 without permission by a virus or an unauthorized program, and transmits arbitrary information to the one-way gateway output side network 101 including the monitoring control information that is not selected and set in advance. It is a program that prevents this. On the other hand, the data transmitted from the plant information server 202 to the one-way gateway 201 is taken in by the communication interface 228. By executing the firewall program 225c in the central processing unit 224, the data is sent to the central processing unit 224. Is not received by the one-way gateway (in the sense that it is not stored as data). Therefore, the one-way gateway 201 has no risk of taking in a malicious program from the plant information server 202 side, and can prevent an unauthorized signal or an unauthorized program from being transmitted to the monitoring control network 100.

(Plant information server)
As shown in FIG. 3, the plant information server 202 includes communication interfaces 231, 238, a central processing unit 232, a RAM 233, storage devices 235, 236, a bus 237, and the like. The storage device 235 is constituted by a storage device using a hard disk, for example, and stores a communication reading program 235a and a communication output management program 235b. The central processing unit 232 stores the communication reading program 235a and the communication output management program 235b. Execute. The central processing unit 232 executes the communication reading program 235a, reads the monitoring control information from the one-way gateway 201 via the communication interface 231 at a constant cycle, and indicates the type of the monitoring control information The data is classified according to the identifier, and past data for a predetermined time set in advance according to the type of the monitoring control information is overwritten and saved in the storage device 236 as a history. That is, monitoring control information is collected in real time.
The storage device 236 is a storage device using a hard disk, for example.

  The central processing unit 232 executes the communication output management program 235b in parallel with the execution of the communication reading program 235a, monitors the data request from the thin client server 203 via the communication interface 238, and has a data request. In this case, the requested type of monitoring control information is read from the storage device 236 and transmitted to the thin client server 203 through the communication interface 238.

(Thin client server and thin client terminal)
Next, the thin client server 203, the thin client terminals 207 and 211, the other thin client terminals 213, and the PDA 209 will be described with reference to FIGS.
As shown in FIG. 4, the thin client server 203 includes communication interfaces 241 and 248, a central processing unit 242, a RAM 243, storage devices 245 and 246, a bus 247, and the like. The storage device 245 is constituted by a storage device using a hard disk, for example, and stores an authentication information database 245a, a monitoring program 245b, and an operation / maintenance data management program 245c. The central processing unit 242 monitors the monitoring program. 245b and the operation / maintenance data management program 245c are executed.
Here, the monitoring program 245b is one of the application programs. For example, the access authority corresponding to the data type of the monitoring control information is determined by a user ID table 245e (see FIG. 6B) described later. The permitted monitoring control information is transmitted to the thin client terminals 207 and 211, the other thin client terminals 213, and the PDA 209.
Incidentally, the above-described monitoring control information includes device status data, system parameter trends, and the like as will be described later with reference to FIG.

The operation / maintenance data management program 245c is one of the application programs. For example, the access authority according to the type of operation / maintenance information data is determined, and the permitted operation / maintenance information is transferred to the thin client terminal. 207, 211, the other thin client terminal 213, and the PDA 209.
The operation / maintenance data management program 245c is a database (not shown) stored in the storage device 245. The facility information DB (database), the drawing DB, and the maintenance management DB described in FIG. 1 of JP-A-2008-191725. The construction / work subject DB, the procedure manual DB, the report DB, the worker DB, the equipment management DB, the tool management DB, the instrument management DB, and the test apparatus management DB can be used. The operation / maintenance data management program 245c includes an equipment management server computer, a work management server computer, an on-site maintenance support server computer, a tool / equipment management server computer described in FIG. 1 of JP-A-2008-191725, It has the function of an instrument / test apparatus management server computer (see FIGS. 4 to 6 of Japanese Patent Laid-Open No. 2008-191725).

Here, the operation / maintenance information refers to information held in each database that can be used by the operation / maintenance data management program 245c described above, and a user such as an on-site worker using the thin client terminal 207 or the PDA 209 disposed on the site 305. Is included.
Incidentally, by having each database that can be used by the operation / maintenance data management program 245c and the above-described operation / maintenance data management program 245c, the plant monitoring system 301 can be configured as “Nuclear Power Plant It is also an “operation and maintenance data management system”.

As shown in FIG. 5, the thin client terminals 207 and 211 and the other thin client terminals 213 include a communication interface 251, a central processing unit 252, a storage device 255, RAMs 256A and 256B, a bus 257, an input unit such as a keyboard and a mouse. 259 and an input interface 258 connected to a display unit 261 such as a liquid crystal display device, for example, an input interface 262 connected to an IC card reader 263 that reads an authentication IC card 265, and the like. Yes.
Incidentally, the RAM 256A is generally called a main memory when the central processing unit 252 processes data, and the RAM 256B is a so-called VRAM used when displaying data on the display unit 261.
Further, the thin client terminals 207 and 211 and the other thin client terminals 213 do not have a writable nonvolatile storage device or recording device using a recording medium such as a hard disk, CD, or DVD.
The storage device 255 is constituted by a storage device using a ROM, for example, and stores an OS program 255a, a terminal control program 255b, a communication operation program 255c, and a terminal ID (terminal identification information) 255d. In 252, the OS program 255 a, terminal control program 255 b, and communication operation program 255 c are executed.
Here, the terminal ID 255d corresponds to “data for remotely operating the thin client server via Ethernet” recited in the claims.

  The authentication IC card 265 includes user IDs (personal identification information) 245q (see FIG. 6B) of a plurality of users who can log in to the thin client terminals 207, 211, and 213, and user IDs 245q. The combination of the corresponding password 245t (see FIG. 6B), the card ID 245r (see FIG. 6D) of the authentication IC card 265 (see FIG. 5), and the terminal ID 255d (see FIG. 5) It is recorded. Further, a decryption key is also recorded on the authentication IC card 265.

Although not shown, the configuration of the PDA 209 is almost the same as the configuration shown in FIG. 5, and the communication interface 251 has only a wireless communication function and can be replaced by a communication connection with the wireless terminal 208 (see FIG. 1). It is. Incidentally, the PDA 209 does not have a writable nonvolatile storage device or recording device using a recording medium such as a hard disk, a CD, or a DVD.
In the configuration of the PDA 209, the IC tag reader is connected in place of the IC card reader 263, and the information on the IC tag built in the personal ID card carried by the field worker or the like is read, or the site in the radiation control area is read. In 305, it may be possible to read an identification IC tag affixed to a device subject to maintenance inspection, for example, a valve, a field control panel, a field power panel, or the like.

  Incidentally, the thin client server 203 has an authentication information database 245 a in the storage device 245. The authentication information database 245a includes a data access permission table 245d shown in FIG. 6A, a user ID table 245e shown in FIG. 6B, a terminal ID table 245f shown in FIG. The card ID table 245g shown in d) is included.

As shown in (a) of FIG. 6, in the column displaying “data name” in the data access permission table 245 d, for example, a data name 245 p that is an identifier indicating the type of various types of monitoring control information of the plant, for example, DAT_a, DAT_b,... Are recorded in separate lines. In the column of “user ID”, one or more user IDs 245q permitted to access the data name 245p are recorded corresponding to the data name 245p. For example, only the user with the user ID 245q of “USR_a” and “USR_b” is permitted to access the monitoring control information data whose data name 245p is “DAT_a”. In the data of the monitoring control information whose data name 245p is “DAT_b”, the “user ID” and the display column are only displayed as “USR”, but this is all the user IDs 245q recorded in the user ID table 245e. Means that access is allowed.
In the column of “card ID”, one or more card IDs 245r that are permitted to access the data of the data name 245p are recorded. The card ID 245r is recorded on the authentication IC card 265 described above.

  In the column of “terminal ID”, one or a plurality of terminal IDs 255d that are permitted to access the data of the data name 245p are recorded. The terminal ID 255d is the terminal ID 255d stored in the storage device 255 of the thin client terminals 207, 211, and 213 and the PDA 209 described above.

As shown in FIG. 6B, the user ID table 245e includes a user ID 245q that permits access to the thin client server 203, a password 245t corresponding thereto, and an application program 245u that permits use of the user ID 245q corresponding to the user ID 245q. Has been stored.
As shown in FIG. 6C, the terminal ID table 245f stores a terminal ID 255d that permits access to the thin client server 203 and an application program 245u that permits use of the terminal ID 255d in correspondence with the terminal ID 255d. ing.
As shown in FIG. 6D, the card ID table 245g stores a card ID 245r that permits access to the thin client server 203.
Thus, the authentication information database 245a is configured, and the connection is made according to the user ID 245q, the card ID 245r, and the terminal ID 255d transmitted from the thin client terminals 207, 211, and 213 and the PDA 209 that are connected to the thin client server 203. It is possible to select an application program 245u that permits, rejects, or permits use. In the example of FIG. 4, a monitoring program 245b and an operation / maintenance data management program 245c are specific examples of the application program 245u.

  Next, a case where the user accesses the plant monitoring control information using the thin client terminal 207 arranged at the site in the radiation management area of the plant and displays it on the display unit 261 of the thin client terminal 207 is taken as an example. The operation control procedure of the thin client terminal 207 and the thin client server 203 will be described.

(Authentication procedure)
First, the authentication procedure will be described. When the thin client terminal 207 is activated by the user, the terminal control program 255b, which is application software running on the OS program 255a, is activated, requesting insertion of the authentication IC card 265 into the IC card reader 263, and then The user is requested to input the user ID 245q and the password 245t using the input unit 259. The terminal control program 255b includes an input user ID 245q and password 245t, a terminal ID 255d stored in the storage device 255 of the thin client terminal 207, and a card ID 245r recorded in the authentication IC card 265 for authentication. Check whether it is included in the combination of the above-described user ID 245q stored in the IC card 265, the password 245t corresponding to the user ID 245q, the card ID 245r of the authentication IC card 265, and the terminal ID 255d. , Allow login. If it is not included in the combination, it is determined that the user ID 245q or the password 245t is erroneously input, and the user ID 245q and the password 245t are prompted to be input again. Exit.

  Upon completion of login upon receiving user authentication, the terminal control program 255b transmits the VPN concentrator 204 (FIG. 1) via the Ethernet 113A (see FIG. 1), the firewall 205B (see FIG. 1), and the local area network 107 (see FIG. 1). A virtual dedicated communication path is formed. Next, an operation signal from the input unit 259 such as a mouse or a keyboard can be transmitted to the thin client server 203. Thereafter, the communication operation program 255c is automatically activated, and the user ID 245q, the password 245t, the terminal ID 255d, and the card ID 245r input by the user and authenticated by the thin client terminal 207 are transmitted to the thin client server 203. At this time, these pieces of information are encrypted by the communication operation program 255 c and transmitted together with the composite key recorded on the authentication IC card 265.

The thin client server 203 decrypts the encrypted user ID 245q, password 245t, terminal ID 255d, and card ID 245r received with the decrypted key, and allows the thin client server 203 to access the user ID 245q, password 245t, It is checked whether the terminal ID is 255d and the card ID is 245r. Hereinafter, a case where the permitted one is received will be described.
After that, the thin client server 203, for example, in accordance with the authenticated user ID 245q, an application program that permits use of the thin client terminal 207 stored in the storage device 245 is transmitted to the user ID table 245e (FIG. 6). Based on (b)), the remote operation from the thin client terminal 207 is set. Here, a monitoring program 245b and an operation / maintenance data management program 245c can be provided as application programs.

  Incidentally, the thin client server 203 uses the terminal ID table 245f ((c in FIG. 6C) to permit the thin client terminal 207 to use the thin client terminal 207 stored in the storage device 245 according to the authenticated terminal ID 255d. ))) May be set to be remotely operable from the thin client terminal 207.

  Here, it is assumed that the user who accesses the thin client server 203 with the thin client terminal 207 is in a state where both the monitoring program 245b and the operation / maintenance data management program 245c can be used. Next, a case where the user uses the monitoring program 245b will be described with reference to FIG.

When the thin client server 203 starts the monitoring program 245b by an operation from a user using the thin client terminal 207, for example, the thin client server 203 displays a main menu screen 52 as shown in FIG. Data is encrypted and transmitted so as to be displayed on the display unit 261 (see FIG. 5) of the terminal 207. The communication operation program 255 c of the thin client terminal 207 decrypts the program and displays the main menu screen 52 on the display unit 261. The main menu screen 52 includes “device monitoring menu”, “trend monitoring menu”, “alarm monitoring menu”, “operation / maintenance management menu” and icon buttons 52 a, 52 b, 52 c, 52 d for display, and “select”. A display selection button 61, an end icon button 62, and a mouse pointer 63 are displayed. The user selects the item to be displayed from the above-mentioned menu by clicking with the pointer 63, and selects the icon button of the selected menu to the selected display color. When the user clicks the selection button 61, the selected item is selected. A signal for switching to the menu screen is transmitted to the thin client server 203.
Here, an icon button 52d of the “operation / maintenance management menu” is also displayed on the main menu screen 52 so that the user can switch to the operation / maintenance data management program 245c permitted. If the user is not authorized to use the operation / maintenance data management program 245c, the icon button 52d is not displayed.

  When the monitoring program 245b of the thin client server 203 receives the icon button signal indicating the menu selected on the main menu screen 52, the monitoring program 245b encrypts the data to the thin client terminal 207 so as to display the corresponding detailed menu screen. Send. In response to this, the communication operation program 255c of the thin client terminal 207 decrypts the received data and causes the display unit 261 to display a detailed menu screen.

  When the user selects the “device monitoring menu” icon button 52 a, a device monitoring menu screen 53, which is one of the detailed menu screens as shown in FIG. 7B, is displayed on the display unit 261. A list of will be displayed. The device monitoring menu screen 53 includes a system name column 53a, a device display column 53b belonging to the system, a “menu” for returning to the main menu screen 52, a main menu return button 65 for display, and a list of systems / devices. “Previous page” and display page return button 66 for returning to the page, “back page” and display page feed button 67, selection button 61, and pointer 63 for displaying the list of systems and devices to the next page are displayed. Is done.

For example, since there are a plurality of pumps and valves in the devices belonging to each system, the device display field 53b includes not only the name of the device but also the system number for identifying the system to which it belongs and the device. An identification number (not shown) combined with the attached device number is also displayed at the same time.
Since the list of systems / devices covers a plurality of pages, if the device does not exist on the display page, the display page is changed by clicking the page return button 66 and page feed button 67.
Then, the device of the system to be selected is designated with the pointer 63 and clicked to change to the selected color, and then the selection button 61 is clicked to complete the selection of the device of the system, and a signal indicating the selected device is displayed. The encrypted data is encrypted from the thin client terminal 207 and transmitted to the thin client server 203.

When the thin client server 203 receives a signal indicating the selected device from the thin client terminal 207, it is requested from the thin client terminal 207 based on the data access permission table 245d (see FIG. 6A). The user ID 245q, the card ID 245r, and the terminal ID 255d received when the data of the data name 245p displayed on the device monitoring screen 56 (see FIG. 7E) corresponding to the signal indicating the connected device is connected to the thin client terminal 207. The combination is checked to determine whether or not it is permitted. If it is permitted, the device monitoring screen 56 including the data with the data name 245p is encrypted and transmitted so as to be displayed on the display unit 261 of the thin client terminal 207.
If it is not permitted, a message “This data is not permitted” is transmitted so as to be displayed on the display unit 261 of the thin client terminal 207.

FIG. 7E shows the thin client server 203 when the monitoring program 245b permits access to the data with the data name 245p indicating the status of the device requested from the thin client terminal 207. It is an example of the apparatus monitoring screen 56 which transmits to the terminal 207. For example, when “valve 1” surrounded by a square frame is selected on the device monitoring menu screen 53 shown in FIG. 7B, the open / close state of surrounding valves including the “valve 1” is displayed. .
In addition to the main menu return button 65, the device monitoring screen 56 is provided with a detailed menu return button 68 that is an icon button for returning to the device monitoring menu screen 53.

  When the user selects the “trend monitoring menu” icon button 52b while the main menu screen 52 is displayed on the display unit 261 of the thin client terminal 207, the detailed menu screen as shown in FIG. Is displayed on the display unit 261, and a list of systems and parameters is displayed. The trend monitoring menu screen 54 has a system name column 54a, a system parameter display field 54b, a “menu” for returning to the main menu screen 52, a main menu return button 65 for display, and a list of systems / devices on the previous page. “Previous page” for returning and a page return button 66 for display, “Back page” for displaying a list of systems and devices to the next page, a page feed button 67 for display, a selection button 61, and a pointer 63 are displayed. .

Each system parameter includes, for example, the pump rotation speed (explained as “pump 1 rotation speed” and “pump 2 rotation speed” in FIG. 7C) and the pump flow rate in FIG. Since there are a plurality of system parameters such as pressure (not shown) and pressure (not shown), the system parameter display field 54b includes not only the name of the system parameter but also a system for identifying the system to which it belongs. An identification number (not shown) combining the number and the parameter number assigned to identify the system parameter is also displayed at the same time.
Since the list of system / parameters extends over a plurality of pages, when the device does not exist on the display page, the display page is changed by clicking the page return button 66 and the page feed button 67.
Then, the system parameter to be selected is designated with the pointer 63 and clicked to change to the selected color, and then the selection button 61 is clicked to finish the selection of the system parameter, and the signal indicating the selected system parameter is It is encrypted from the thin client terminal 207 and transmitted to the thin client server 203.

When the thin client server 203 receives a signal indicating the selected system parameter from the thin client terminal 207, the request is received from the thin client terminal 207 based on the data access permission table 245d (see FIG. 6A). The user name 245p, the card ID 245r, and the terminal ID 255d received when the data name 245p displayed on the trend monitoring screen 57 (see (f) of FIG. 7) corresponding to the signal indicating the system parameter is connected to the thin client terminal 207. The combination is checked to determine whether or not it is permitted. If it is permitted, the trend monitoring screen 57 including the data of the data name 245p is encrypted and transmitted so as to be displayed on the display unit 261 of the thin client terminal 207.
If it is not permitted, a message “This data is not permitted” is transmitted so as to be displayed on the display unit 261 of the thin client terminal 207.

FIG. 7F shows that when the thin client server 203 permits the monitoring program 245b to access the data of the data name 245p indicating the trend of the system parameters requested from the thin client terminal 207, the thin client server 203 It is an example of the trend monitoring screen 57 transmitted to the client terminal 207. For example, as shown in (f) of FIG. 7, time changes of “parameter 1” and “parameter 2” are displayed.
In addition to the main menu return button 65, the trend monitor screen 57 is provided with a detailed menu return button 69 that is an icon button for returning to the trend monitor menu screen 54.

Similarly, when the user selects the “alarm monitoring menu” icon button 52c in a state where the main menu screen 52 is displayed on the display unit 261 of the thin client terminal 207, as shown in FIG. The alarm monitoring menu screen 55, which is a detailed menu, is displayed, and a system list 55a is displayed. In FIG. 7D, system names “recirculation system A”, “recirculation system B”, “control rod drive system”, and “coolant purification system” are illustrated. The user selects the system for which alarm monitoring is desired using the pointer 63 and the selection button 61 as described above. In the thin client server 203, access permission to alarm data is checked as described above. Then, when permitted, an alarm monitoring screen 58 as shown in FIG. 7G, for example, is displayed on the display unit 261 of the thin client terminal 207, which displays the alarm list of the system selected by the user.
In addition to the main menu return button 65, the alarm monitoring screen 58 is provided with a detailed menu return button 70 that is an icon button for returning to the alarm monitoring menu screen 55.

In this way, the user is stored in the storage device 245 of the thin client server 203 from the thin client terminal 207 even at a location away from the central control room 303, such as the site 305 (see FIG. 1) in the radiation management area. By using the monitoring program 245b, which is an application program, it is possible to check the device isolation status before the start of maintenance inspection work at the site 305, monitor the trend change of system parameters during the operation, and the alarm issue status. As the monitoring screen, a screen that faithfully emulates a part of the monitoring screen of the plant monitoring control device 22 is displayed by the monitoring program 245b, thereby being the same as the screen used for monitoring and operation in the central control room 303. It is also possible to prevent human error by unifying the display.
Note that a detailed method for storing the operation record in the storage device 236 by remotely operating the operation / maintenance data management program 245c of the thin client server 203 using the PDA 209 for maintenance inspection is described in Application of Known Technology. Detailed description will be omitted.

  In the description so far, the thin client terminal 207 has been described as an example. However, during maintenance and inspection work at the site 305, the PDA 209 is used to connect to the wireless terminal 208 to check the device isolation status, change the trend of system parameters, Alarm alert status can be monitored.

In addition, at the site outside the radiation control area of the plant and the office 307, the thin client terminal 211 can be used to check the device isolation status, change the trend of system parameters, and monitor the alarm status.
At this time, if it is confirmed that the user ID is the same in the authentication of the user ID in the thin client server 203, the data access permission table 245d ((a in FIG. 6) is provided so that the same environment and application program are provided. )) Is set, the user can obtain the same convenience as using the same thin client terminal while using different thin client terminals at the site 305 and the office 307.
In addition, since the work records of maintenance and inspection at the site 305 are also stored as electronic information in the storage device 236 of the thin client server 203, the work is started from the site 305 as in the case where the work record is written on the recording paper as in the past. There is no need to perform a radioactive contamination inspection when taking records.
Further, since it is not necessary to take out a portable personal computer from the field 305 in the radiation control area as in the prior art, there is no need to perform a radioactive contamination inspection, and no radioactive contamination inspection work is required.

  Furthermore, in order to always display specific parameters such as the generator output of the plant and the reactor output for the purpose of system operation and the monitoring of the operation status of the plant in other thin client terminals 213 via the wide area network 115 The thin client server 203 is accessed, and a trend monitoring screen 57 for system parameters such as generator output and reactor output permitted by the user ID and terminal ID can be displayed on the display unit 261.

  As described above, among the components shown in FIG. 1, the one-way gateway 201, the plant information server 202, and the thin client server 203 are installed in the same central control room 303 as the plant monitoring control device 22. Normally, in a nuclear power plant, there are a number of gates and monitoring stations in each of the surrounding monitoring area, the surrounding protection area, and the protection area, and the central control room 303 in which the plant monitoring control device 22 is installed has an ID card. There is a room entry check etc. Therefore, the central control room 303 is a very high security area. By storing data in the central control room 303, not only the leakage of data via the external connection communication line 105 but also the one-way gateway 201 is stored. In addition, the risk of physical fraud such as direct access to the plant information server 202 and the thin client server 203 can be reduced.

<Modification of one-way gateway>
FIG. 8 shows a modification of the one-way gateway in the first embodiment. The one-way gateway 201A of this modification is configured by two gateways 201a and 201b. The same components as those of the one-way gateway 201 are denoted by the same reference numerals, and redundant description is omitted. Incidentally, the hardware configuration of the storage devices 225A and 225B is the same as that of the storage device 225 in the one-way gateway 201.
A signal from the monitoring control network 100 is captured by the communication interface 223 in the gateway 201a. The central processing unit 224 converts the captured signal into data by executing the communication reading program 225a stored in the storage device 225A, and overwrites and saves it in the storage device 226 via the bus 227. Further, the central processing unit 224 transmits the data in the storage device 226 from the communication interface 228 to the gateway 201b at a constant cycle by executing the transmission dedicated program 225d in the storage device 225A.

The transmitted data is captured by the communication interface 223 in the gateway 201b. The data fetched into the communication interface 223 in the gateway 201b is overwritten and saved in the storage device 226 via the bus 227 by the central processing unit 224 executing the reception-only program 225e in the storage device 225B. Further, the data stored in the storage device 226 of the gateway 201b is transmitted from the central processing unit 224 to the plant information server 202 via the communication interface 228 by the communication output program 225b in the storage device 225B. For one-way communication between the gateway 201a and the gateway 201b, for example, a dedicated application program (not shown) based on UDP (User Datagram Protocol) is created using the Ethernet 201c, and the storage devices of the gateways 201a and 201b It can be easily realized by storing in 225A and 225B.
Alternatively, by using dedicated hardware for the communication interface 228 of the gateway 201a and the communication interface 223 of the gateway 201b, that is, a dedicated communication board, the communication interface 228 of the gateway 201a is dedicated for transmission, and the communication interface 223 of the gateway 201b is dedicated for reception. It is also possible to use one-way communication physically. The one-way gateway 201A in FIG. 8 has a more complicated configuration than the one-way gateway 201 in FIG. 2, but the function of receiving data from the plant information server 202 side has been deleted to ensure higher safety. it can.

<< Modification of one-way gateway and plant information server >>
Next, a modification example in which the gateway 201b has the function of the plant information server 202 in the one-way gateway 201A in FIG. 8 will be described with reference to FIG.
Instead of the one-way gateway 201A in FIG. 8, a plant information server 201B with a gateway function is used, and the plant information server 201B with a gateway function includes a gateway 201a and a plant information server 202A. And the plant information server 202A in this modification differs from the plant information server 202 in that the reception-only program 225e and the communication output management program 235b are stored in the storage device 235A. The same configurations as those of the first embodiment or the one-way gateway 201A described above are denoted by the same reference numerals, and redundant description is omitted. Incidentally, the hardware configuration of the storage device 235 </ b> A is the same as the storage device 235 in the plant information server 202. Further, the communication interface 228 of the gateway 201a and the communication interface 231 of the plant information server 202A use the above-described Ethernet 201c, a dedicated application program (not shown) based on UDP, a storage device 225A of the gateway 201a, a plant information server This can be easily realized by storing in the storage device 235A of 202A.

  By adopting such a configuration of the plant information server 201B with gateway function, in communication between the gateway 201a and the plant information server 202A, the gateway 201a has a communication program dedicated to transmission and the plant information server 202A has a communication program dedicated to reception. Communication in only one direction can be realized. And it becomes a complicated structure compared with the one-way gateway 201 of FIG. 2 like the one-way gateway 201A of FIG. 8, but the reception function of the data from the plant information server 202A side is deleted, and it is higher Safety can be secured.

<Multiple plant information servers>
Further, as shown in FIG. 10, a plurality of plant information servers 202 may be provided. In this case, it is preferable that a plurality of thin client servers 203 are also connected to the thin client server side network 103.
Then, with respect to the monitoring control information transmitted from the one-way gateway 201 or the modified one-way gateway 201A in the first embodiment to the plant information server 202, the communication information set in advance for each plant information server 202 is read. The program 235a determines whether it should be stored in the storage device 236 according to the identifier indicating the type of the monitoring control information, and stores it. Thus, by making the monitoring control information stored in the storage device 236 different between the plant information servers 202, the monitoring control information that the thin client server 203 connected to each plant information server 202 has as a user ID and a terminal ID. It is possible to adopt a configuration in which the access authority to each type is assigned according to a group of user IDs and terminal IDs. With such a configuration, the load on the plant information server 202 per unit can be reduced, and the plant information that can be accessed for each access authority corresponding to the type of the user's monitoring control information can be easily managed.

<< Second Embodiment >>
Next, a monitoring system 301A for a nuclear power plant according to a second embodiment will be described with reference to FIG.
There is also a need to output data and documents processed by the monitoring program 245b and the operation / maintenance data management program 245c which are application programs of the thin client server 203. In the configuration of the plant monitoring system 301 shown in FIG. 1, a personal computer having a recording medium writing device 271, for example, a hard disk storage device, or a dedicated printer 273 in the thin client server 203 or the Ethernet work 113 </ b> B in the office 307. It is good also as a structure which connected. With such a configuration, at the beginning of the operation of the recording medium writing device 271 and the dedicated printer 273, for example, the user is asked to input the password or insert the authentication IC card 265, and the password or the authentication IC card 265 is requested. Is transmitted to the thin client server 203. The user ID 245q (see FIG. 6B) recorded in FIG. Then, it is desirable that the thin client server 203 confirms the authority to use it, and saves an operation log so that it is possible to trace what data is taken out from the thin client server 203. Such a technique is known, for example, a technique disclosed in Japanese Patent Application Laid-Open No. 2008-123070, and detailed description thereof is omitted.
In this case, in the authentication information database 245a (see FIG. 4), a terminal ID for checking access authority from the recording medium writing device 271 and the dedicated printer 273, a personal identification number, information on the authentication IC card 265, and the like are registered in advance. Has been.

<< Third Embodiment >>
A nuclear power plant monitoring system 301B of the third embodiment will be described with reference to FIG. The nuclear power plant monitoring system 301B shown in FIG. 12 can execute an application that can be commonly used by the user with respect to the configuration of the nuclear power plant monitoring system 301 in the first embodiment shown in FIG. An application server 275 is added by connecting to the plant information server 202 and the thin client server 203 so as to be communicable. The common application server 275 obtains data set in advance from the plant information server 202 at a constant cycle, and is an application commonly used by many users, such as extracting trends of main parameters such as power generation amount and core thermal output. The program is executed and accumulated in the database 275a. The user requests data stored in the database 275a of the common application server 275 via the thin client server 203 and causes the other thin client terminal 213 to display the data. By adding the common application server 275 and the database 275a, when many users access the thin client server 203 in duplicate, the thin client server 203 itself extracts trends of main parameters such as power generation amount and core thermal output. Therefore, it is not necessary to simultaneously store application programs and large data that many users commonly use by remote control, and the load on the thin client server 203 can be reduced.

22 Plant Monitoring and Control Device 100 Monitoring and Control Network 113A, 113B, 113C Ethernet (Network for Synclined Terminal)
115 Wide Area Network 201, 201A One-way Gateway 201B Plant Information Server with Gateway Function 201a, 201b Gateway 201c Ethernet 202, 202A Plant Information Server 203 Thin Client Server 204 VPN Concentrator 207 Thin Client Terminal (First Thin Client Terminal)
208 wireless terminal 209 PDA
211 Thin client terminal (second thin client terminal)
213 Thin client terminal (other thin client terminals)
225, 225A, 225B Storage device 225a Communication reading program 225b Communication output program 225c Firewall program 225d Transmission-only program 225e Reception-only program 235b Communication output management program 245a Authentication information database 245b Monitoring program 245c Operation / maintenance data management program 245d Data access Permission table 245u Application program 255 Storage device 255a OS program 255b Terminal control program 255c Communication operation program 259 Input unit 261 Display unit 263 IC card reader 265 Authentication IC card 271 Recording medium writing device 273 Dedicated printer 275 Common application server 275a Database 301 , 301A, 3 1B nuclear power plant monitoring system (operation of nuclear power plant maintenance data management system)
303 Central control room 305 On-site (in the radiation control area)
307 Office (outside radiation control area)

Claims (11)

In a nuclear power plant monitoring system that refers to monitoring control information of a nuclear power plant from an arbitrary location via a network,
A supervisory control network to which a plant supervisory control device for monitoring and controlling the nuclear power plant is connected;
A plant information server for collecting the monitoring control information in real time via the monitoring control network;
A thin client server containing a program for receiving and processing desired data from the plant information server among the monitoring control information stored in the plant information server;
A first thin client terminal that is installed in a radiation management area of the nuclear power plant and that stores only a program and data for remotely operating the thin client server via a network for a sink line terminal different from the monitoring control network When,
A second thin client terminal that is installed outside the radiation control area of the nuclear power plant and stores only the program and data for remotely operating the thin client server via the network for the sink terminal;
It is installed between the monitoring control network and the plant information server, and transmits specific data set in advance among the monitoring control information to the plant information server side. Conversely, the data from the plant information server is the monitoring A nuclear power plant monitoring system comprising: a one-way gateway having a function not to be transmitted to a control network side. A plurality of the plant information servers are provided, and the monitoring control information set in advance for each plant information server from the monitoring control network is transmitted via the one-way gateway,
2. The nuclear power plant monitoring system according to claim 1, wherein the plant information server to which the thin client server is connected is switched according to at least terminal identification information of the first thin client terminal and the second client terminal. And a common application server connected to the plant information server and having a storage unit for storing a program and a processing result for receiving and processing the monitoring control information set in advance.
The common application server transmits the processing result to a preset one including at least a thin client server, a first thin client terminal, and a second client terminal as connection destinations. The monitoring system of the nuclear power plant of Claim 1 or Claim 2.   The emulation program for displaying the monitoring control information in the display format similar to the monitoring screen of the plant monitoring control device and the operation method of the monitoring screen is stored in the thin client server or the common application server. 4. The nuclear power plant monitoring system according to 3.   The thin client server, the common application server, the plant information server, and the one-way gateway are installed in a central control room in a protected area of the nuclear power plant that is managed to enter and exit based on personal identification information. A monitoring system for a nuclear power plant according to claim 3 or 4. And a dedicated printer or recording medium writing device connected to the thin client server via the network for the sync terminal.
The dedicated printer has a function of printing out the monitoring control information stored in the thin client server, a function of limiting print output by personal identification information or a personal identification number, or a function of saving an output log. ,
The recording medium writing device has a function of outputting and recording the monitoring control information accumulated in the thin client server, a function of restricting the output recording by personal identification information or a personal identification number, or a function of saving an output log The monitoring system for a nuclear power plant according to any one of claims 1 to 5, characterized by comprising: In a nuclear power plant operation / maintenance data management system that operates or references nuclear power plant operation / maintenance information from any location via a network,
A plant information server for accumulating the operation / maintenance information;
A thin client server having a built-in program for receiving and processing desired data from the plant information server among the operation and maintenance information stored in the plant information server;
A first thin client terminal that is installed in a radiation management area of the nuclear power plant and that stores only a program and data for remotely operating the thin client server via a network for a sink line terminal different from the monitoring control network When,
A second thin client terminal that is installed outside the radiation control area of the nuclear power plant and stores only the program and data for remotely operating the thin client server via the network for the sink terminal;
It is installed between the monitoring control network and the plant information server, and transmits specific data set in advance among the operation / maintenance information to the plant information server side. Conversely, data from the plant information server is the data An operation / maintenance data management system for a nuclear power plant, comprising: a one-way gateway having a function not to be transmitted to the supervisory control network side. A plurality of the plant information servers are provided, and the operation / maintenance information set in advance for each plant information server from the supervisory control network is transmitted via the one-way gateway,
The operation / maintenance data of the nuclear power plant according to claim 7, wherein a plant information server to which the thin client server is connected is switched according to at least terminal identification information of the first thin client terminal and the second client terminal. Management system. And a common application server connected to the plant information server and having a storage unit for storing a program and a processing result for receiving and processing the preset operation / maintenance information,
The common application server transmits the processing result to a preset one including at least a thin client server, a first thin client terminal, and a second client terminal as connection destinations. An operation / maintenance data management system for a nuclear power plant according to claim 7 or 8.   The thin client server, the common application server, the plant information server, and the one-way gateway are installed in a central control room in a protected area of the nuclear power plant that is managed to enter and exit based on personal identification information. An operation / maintenance data management system for a nuclear power plant according to claim 9. And a dedicated printer or recording medium writing device connected to the thin client server via the network for the sync terminal.
The dedicated printer has a function of printing out the operation / maintenance information stored in the thin client server, and also has a function of limiting print output by personal identification information or a password, or a function of saving an output log. And
The recording medium writing device has a function of outputting and recording the operation / maintenance information stored in the thin client server, and also stores a function of limiting the output recording by personal identification information or a personal identification number, or an output log. The operation / maintenance data management system for a nuclear power plant according to any one of claims 7 to 10, wherein the system has a function.

Images