JP6199827B2 - Combination of injection molding machine and password issuing machine - Google Patents

Description

  The present invention relates to an injection molding machine and a password issuer that require user authentication.

  As is well known in the art, an injection molding machine includes an injection device comprising a heating cylinder and a screw that can be driven in the rotation direction and the axial direction within the heating cylinder, a pair of molds, and these molds. A mold clamping device for clamping the mold, an ejector device for ejecting a molded product, and the like are configured, and these devices are controlled by a controller. The controller also stores know-how related to manufacturing technology. That is, molding conditions are set, and measured value data measured by a sensor provided in each apparatus is input. In other words, when operated from the controller, the injection molding machine can be operated, and know-how regarding manufacturing technology can be easily accessed. Therefore, it is necessary to ensure security in the injection molding machine, and the controller performs authentication so that only authorized users can operate.

JP 2012-79209 A JP 2012-14434 A

  There are various methods for authenticating the operator. For example, Patent Document 1 describes a method of authenticating with an ID card. The injection molding machine described in Patent Document 1 is provided with an ID card reader capable of reading ID card information without contact. An ID card is distributed in advance to users who are given the authority to operate the injection molding machine. Therefore, when the user holds the ID card over the ID card reader, authentication is completed and the injection molding machine can be operated.

  A method of authenticating a user with a user ID and a password is also well known. The injection molding machine that performs authentication is provided with an input terminal. When a user ID and password for identifying the user are input from the input terminal, the user is authenticated and the operation of the injection molding machine is permitted. In such a conventional injection molding machine, the password consists of a character string determined by the user, and the user writes it in advance in the controller. Alternatively, there is a password that is fixedly prepared in advance in the injection molding machine. Such a password is also written in the controller of the injection molding machine as a fixed character string. In any case, most passwords consist of fixed strings.

  Although it is not directly related to the injection molding machine, the password at the time of authentication is not a fixed character string, but a so-called one-time password in which the character string changes for each authentication is also known. For example, as in Patent Document 2, It has been proposed in a number of documents. There are various one-time password authentication methods, but the representative ones are the time synchronization method and the challenge-response method. In the time synchronization method, a password generator that generates a password in advance, that is, a token is distributed to a user who is authenticated. When the user inputs a unique key number, such as a user ID, in the token, a numerical value composed of a combination of the user ID and the current time stamp is processed by a predetermined hash function to obtain a hash value having a predetermined number of bits. A character string is generated based on a rule determined from the hash value. That is, a one-time password is generated in the token. When a user inputs a user ID and a one-time password in an authentication device to be authenticated, such as a server computer, the server computer also performs the same processing as the token from the user ID and the current time, and internally stores the password. Generate a string. Authentication is performed by comparing the entered one-time password with the character string of this password. On the other hand, in the challenge-response method, a response generator that performs a calculation using a predetermined function is distributed to users who are authenticated. When a user makes a request to an authentication device to be authenticated, for example, a server computer, a temporarily generated numerical value called a challenge is sent from the server computer. The challenge is a random number that does not make sense by itself. When the user inputs this challenge to the response generator, a numerical value called a response is generated by processing with a predetermined function. At this time, the server computer also calculates a numerical value corresponding to the response from the challenge by the same function. When the user inputs the response obtained by the response generator to the server computer, the numerical values are compared and authentication is performed. As described above, a one-time password is issued at the timing of authentication, and is valid only for a short time. Therefore, even if a password is leaked to a third party, the one-time password is impersonated by the third party. There is almost no possibility, and high security is ensured. It is also conceivable to apply such a conventionally known one-time password authentication method to an injection molding machine.

  As described above, there are various user authentication methods in an injection molding machine, or a well-known authentication method can be applied to authentication of an injection molding machine. In other words, as in the method described in Patent Document 1, authentication can be performed using an ID card, authentication can be performed using a password consisting of a fixed character string, or authentication can be performed using a one-time password whose password changes. You can also. Each method has many advantages. However, in view of the circumstances in the injection molding machine, these authentication methods also have a problem to be solved. In the injection molding machine, authorized users are given authority according to level, and operations that can be executed differ depending on the level. An engineer of an injection molding machine manufacturer needs to be given the authority to perform an operation without limitation on all the injection molding machines sold to customers. Otherwise, the injection molding machine cannot be maintained, and this is a special situation in the injection molding machine. Accordingly, considering each authentication method in view of this situation, first, in a method of authenticating a user with an ID card as in the method described in Patent Document 1, a manufacturer engineer always carries a dedicated ID card. It must be complicated. There is also a risk of the ID card being stolen. Then, there is a problem that a malicious third party is authenticated. Next, considering an authentication method using a fixed password, in this authentication method, once a password is leaked, a malicious third party is authenticated by so-called impersonation and the injection molding machine can be operated. By the way, there are circumstances in which password leakage cannot be avoided. For example, there is a case of maintaining an injection molding machine of a remote customer where it is difficult for a manufacturer engineer to visit. In such an injection molding machine, when the problem that has occurred must be solved urgently, maintenance must be requested from a user, a customer. In this case, the user is asked to authenticate the password for the engineer of the manufacturer. Then, the password will be leaked substantially. That is, thereafter, the user can operate all the injection molding machines, and there is a risk that the password will be leaked to other malicious third parties.

  There is also a problem when applying a conventional one-time password authentication method to an injection molding machine. In the one-time password authentication method, it is necessary to distribute a password generator, a response generator, and the like to a manufacturer's engineer, and the engineer must always carry such a device. This increases costs and is cumbersome. For example, if an injection molding machine manufacturer sets up a maintenance base and prepares a password generator, response equipment, etc. at the maintenance base, it may not be necessary to distribute such equipment to users. In other words, the engineer calls the operator at the maintenance site when he / she wants to receive authentication. Then, the operator operates the password generator, response generator, etc. to notify the technician of the one-time password, or notifies the response. Then, even if the user does not have a password generator, response generator, etc., the engineer can obtain a one-time password or response and perform user authentication. However, in general, when maintaining an injection molding machine, a manufacturer engineer repeatedly logs in, that is, authentication and logout, many times a day. Then, the engineer has to call the maintenance base every time he / she receives authentication, which is complicated.

  An object of the present invention is to provide an injection molding machine that solves the above-described conventional problems or problems. Specifically, a user who receives authentication is a device such as a password generator or a response generator. It is not always necessary to carry the product, and the safety and reliability of the authentication is high, and even if it is possible to receive authentication for emergency evacuation for unauthorized users, the subsequent authentication is definitely prohibited. An object of the present invention is to provide an injection molding machine that ensures security.

  In order to achieve the above object, the present invention is configured as a combination of an injection molding machine and a password issuer. The controller of the injection molding machine has a unique number consisting of a unique number such as a manufacturing number in an internal memory, an internal counter that counts up for a predetermined period, for example, every day, and a key number. The internal counter is viewed from the outside. The key number is displayed on the controller monitor. In the controller, an internal counter and a unique number are input to the first hash function to obtain an output value, a key number is generated from the output value, and a key number and the current date are input to the second hash function. To obtain an output value and generate a verification password from the output value. On the other hand, the password issuer can input the key number. When the operator reads the key number on the monitor and inputs it to the password issuer, the password issuer stores the key number and the current number in the second hash function. Enter the date to get the output value, and generate the input password from this output value.

That is, in order to achieve the above object, the invention according to claim 1 comprises a combination of an injection molding machine equipped with a controller and a password issuer, and an input password generated by the password issuer is stored in the controller. When input, it is a combination of an injection molding machine and a password issuer, which is compared with a verification password generated in the controller and authenticated by the user, and the controller has a unique fixing to the injection molding machine in an internal memory. A unique number, an internal counter that counts up in a predetermined cycle, and a predetermined key number. The internal counter is prohibited from being viewed and rewritten from the outside, and the key number is monitored by the controller. In the controller, the key number is The internal counter and the unique number are input to a first hash function and generated as a result, and the verification password is input to the second hash function with the key number and the current date. The password issuer includes an input unit, and when the key number is input from the input unit, the key number and the current date are input to the second hash function. The password for input is generated from the output value obtained as a result of the input, and is configured as a combination of an injection molding machine and a password issuer.
According to a second aspect of the present invention, in the combination of the injection molding machine and the password issuer according to the first aspect, the unique number is a manufacturing number of the injection molding machine, and the internal counter counts one count per day. It is configured as a combination of an injection molding machine and a password issuer characterized by being improved.

  As described above, the present invention comprises a combination of an injection molding machine equipped with a controller and a password issuer. When the input password generated by the password issuer is input to the controller, the verification generated in the controller. Compared with passwords for user authentication. In other words, authentication is performed with a password, and a password is generated by a password issuer instead of a fixed character string. That is, authentication is performed using a password such as a so-called one-time password. According to the present invention, the controller includes a unique number that is a unique fixed number for the injection molding machine in the internal memory, an internal counter that counts up at a predetermined cycle, and a predetermined key number. In the controller, the key number is displayed on the monitor of the controller, and the key number is input to the first hash function by the internal counter and the unique number. A verification password is generated from the output value obtained as a result of inputting the key number and the current date to the second hash function. Then, first, the key number is not updated unless the internal counter is updated. That is, the key number remains unchanged within the count-up cycle of the internal counter. Since the verification password is generated from this key number and today's date, the verification password changes either when the key number changes as the internal counter counts up or when the date changes. It becomes. Similarly, according to the present invention, the password issuer includes an input unit, and when the key number is input from the input unit, the key number and the current date are input to the second hash function, and the output value obtained as a result is An input password is generated. In other words, the input password is generated in the same manner as the verification password, and therefore changes in the same cycle as the verification password changes. The password will not change for a relatively long time. Such a password is not a one-time password that can be used only once, but a password that is valid for a predetermined period. Then, an operator who wants to receive authentication does not necessarily need to carry a password issuer. In other words, if a maintenance facility is equipped with a password issuer and the operator is stationed, the operator can simply tell the operator the key number read on the controller's monitor, and he / she can be given an authenticating input password. it can. This ensures security without the password issuer being stolen. Further, as long as the password does not change, authentication can be performed with the same input password any number of times for a predetermined period, so that it is not complicated. Even if an unauthorized user can be authenticated by providing an input password for emergency evacuation, the verification password will change at least the next day, so authentication can be received from the next day. Disappear. In other words, the password is not actually leaked. By the way, the current time is managed in the controller, but generally the time can be changed. That is, the current date can be changed. Then, assuming that the verification password is generated using only the current date, it is possible to restore the verification password to the original by simply operating the controller clock and changing the current date. There is a risk that an input password that could be authenticated before can be reused. In this case, the password is substantially leaked. However, in the present invention, not only the current date but also the key number is used to generate the detection password. Since the key number is generated from an internal counter that cannot be viewed or rewritten from the outside, the verification password cannot be restored even if the current date is returned. In other words, security is completely ensured. According to another invention, the unique number is the manufacturing number of the injection molding machine, and the internal counter is incremented by one count per day. The serial number is provided in all injection molding machines and can be used. Moreover, since the cycle of changing the internal counter is one day, it is relatively long. As a result, the verification password and the input password are not changed during one day, and are convenient.

It is a block diagram which shows typically the process of the injection molding machine which concerns on embodiment of this invention, and a password issuer.

  Hereinafter, an embodiment of the present invention will be described with reference to FIG. The injection molding machine 1 according to the present embodiment is also composed of various devices such as a mold clamping device that clamps a mold and an injection device that injects an injection material into the mold in the same manner as a conventional injection molding machine. A controller for controlling the apparatus is provided. The controller is provided with a monitor 3 and input means so that various settings can be made and necessary information can be displayed on the monitor 3. The injection molding machine 1 according to the present embodiment is characterized in that an operator is authenticated by a predetermined password. The predetermined password is generated by the password issuer 5 according to the present embodiment and provided to the operator. The password issuer 5 may be composed of dedicated hardware or a general-purpose personal computer. This is because it can be similarly implemented if an application program that realizes a predetermined function is installed.

  Processing related to authentication of the injection molding machine 1 according to the present embodiment will be described. First, data in the controller will be described. In the present embodiment, the memory area 6 in the controller stores three data consisting of a unique number 7, an internal counter 8, and a key number 9. The unique number 7 is a manufacturing number in the present embodiment. In other words, it is a unique and unique number assigned to each product of the injection molding machine. The internal counter 8 is a counter that is counted up at a predetermined cycle. In the present embodiment, the internal counter 8 is incremented by 1 count every day. The internal counter 8 is provided in the protection area 6a in the memory area 6, and browsing from outside and changing of values are prohibited. The key number 9 is a numerical value necessary for generating a password used for authentication, that is, a verification password and an input password. The key number 9 is displayed on the monitor 3 when a predetermined operation is performed in the controller. As will be described below, the verification password generation process 16 for generating the authentication password also requires the current date 17. The current date 17 is a number consisting of 8 digits each representing four years for the year, two digits for the month, and two digits for the day, but this may be provided as special data in the memory area 6. However, in the present embodiment, the verification password generation process 16 temporarily generates the current date 17 from the system time.

  Next, each process regarding authentication will be described. In the present embodiment, in the controller of the injection molding machine 1, the count-up process 11 is performed every day at 0:00. First, the count-up process 11 reads the current value of the internal counter 8, counts up by one count, and updates the internal counter 8. Next, the count-up process 11 starts the key number generation process 15. The key number generation process 15 reads the internal counter 8 and the unique number 7 and inputs them into the first hash function to obtain an output value. The first hash function can be composed of, for example, MD5, but other hash functions may be adopted. The hash function only needs to be able to calculate an output value by using the internal counter 8 and the unique number 7 as inputs, and the input value cannot be estimated from the obtained output value. For example, when the first hash function is composed of MD5, the output value is obtained as a 128-bit numerical value. The key number generation process 15 writes the output value of the first hash function as it is in the memory area 6 as the key number 9. Alternatively, with respect to the output value of the first hash function, the specific bit range is extracted as key number 9, and this is written in the memory area 6. Alternatively, the key number 9 may be obtained by performing other processing. In any case, the output value of the first hash function is processed based on the determined method to obtain the key number 9, which is written in the memory area 6.

  An operator who wants to receive authentication performs a predetermined operation on the controller. Then, the key number 9 stored in the memory area 6 is displayed on the monitor 3. On the monitor 3, the key number 9 is displayed in hexadecimal notation, for example. Alternatively, decimal notation or other notation may be used. The operator reads the key number 9. Next, the key number 9 is input to the password issuer 5 that is carried. In the password issuer 5, an input password generation process 19 is executed. The input password generation process 19 temporarily generates the current date 20 from the current system time, and inputs the input key number and the current date 20 to the second hash function to obtain an output value. Similarly to the first hash function, the second hash function is configured such that when an output value is obtained from an input value, the input value cannot be estimated from the output value. The input password generation process 19 obtains an input password from the output value obtained by the second hash function based on a predetermined method. For example, the output value may be used as the input password as it is, or a bit range of a predetermined range of the output value may be extracted and used as the input password. The input password generated in this way is displayed on the password issuer 5. The displayed input password may be in hexadecimal notation, decimal notation, or other notation.

  The operator reads the input password in the password issuer 5. Next, in the controller of the injection molding machine 1, an input password is input and an authentication request is made. Then, the authentication process 21 is executed in the controller. The authentication process 21 activates the verification password generation process 16. The verification password generation process 16 inputs the key number 9 stored in the memory area 6 and the current date 17 obtained from the system time to the second hash function to obtain an output value. This second hash function is the same function as the second hash function used by the input password generation process 19. The verification password generation process 16 obtains a verification password from the obtained output value of the second hash function based on a predetermined method. Note that this predetermined method is exactly the same as the method for generating the input password from the output value of the second hash function in the input password generation processing 19. The authentication process 21 receives the verification password from the verification password generation process 16 and compares it with the input password input by the operator. If they match, the operator is authenticated.

  The injection molding machine 1 according to the present embodiment authenticates the operator in this way, and thus has the following characteristics. First, if the date does not change, the input password and the verification password do not change. Therefore, the operator can be authenticated with the same input password any number of times on the same day. Then, the operator only needs to operate the password issuer 5 once a day, and the password issuer 5 is operated less frequently. Then, the password issuer 5 may not be carried by the operator but may be held by another administrator, and the operator can obtain an input password by making an inquiry to the other administrator by telephone or the like. There are other features as well. The key number 9 is generated by a unique number 7 unique to each injection molding machine, and the input password is generated by the key number. Therefore, an input password that can be authenticated with respect to a certain injection molding machine is not allowed to be authenticated with other injection molding machines, so that security is ensured. Security is further enhanced by providing an internal counter 8. That is, the internal counter 8 used when generating the key number 9 cannot be browsed from the outside, and the value cannot be changed. The internal counter 8 is counted up every day. Then, the key number 9 is surely updated every day. Of the key number 9 and the current date 17 used when generating the verification password, the current date 17 can be changed by deliberately returning the system time of the controller to the past. Therefore, the verification password cannot be changed back to the verification password used in the past. This further ensures security.

  The authentication method of the injection molding machine 1 according to the present embodiment can be variously modified. For example, the count-up process 11 has been described as being activated at 0:00 every day, but may be activated every half day. Then, the internal counter 8 is incremented by one count every half day, and as a result, the input password is changed every half day. This shortens the effective period of the input password and increases security. Still other variations are possible. In the present embodiment, the verification password is generated every time the verification password generation process 16 is executed, and the verification password generation process 16 is executed from the authentication process 21. Yes. In other words, the verification password is generated internally every time authentication is received. In this way, the verification password is temporarily generated and disappears, so it can be said that the security is ensured without being viewed from the outside. However, even if a verification password is provided as special data and stored in the protected area 6a that cannot be browsed from the outside, the security is similarly secured. In this case, the verification password generation process 16 need not be executed from the authentication process 21 each time. For example, the verification password generation process 16 may be executed from the count-up process 11 and may be executed after the key number generation process 15 is executed. In this case, the authentication process 21 reads the verification password stored as data and compares it with the input password. By the way, in the description of the injection molding machine 1 and the password issuer 5, the relationship between these numbers is not particularly mentioned, but a plurality of password issuers 5, 5, .. May be prepared, or a single password issuer 5 may be associated with a plurality of injection molding machines 1, 1,. Further, the unique number 7 can be modified. Any number that is unique and unique in the injection molding machine 1 can be used. For example, a MAC address can be adopted.

DESCRIPTION OF SYMBOLS 1 Injection molding machine 3 Monitor 5 Password issuer 6 Memory area 7 Unique number 8 Internal counter 9 Key number 15 Key number generation processing 16 Verification password generation processing 17 Current date 19 Input password generation processing 20 Current date 21 Authentication processing

Claims (2)

It consists of a combination of an injection molding machine equipped with a controller and a password issuer. When an input password generated by the password issuer is input to the controller, it is compared with a verification password generated in the controller to authenticate the user. A combination of an injection molding machine and a password issuer,
The controller includes a unique number that is a fixed number unique to the injection molding machine in an internal memory, an internal counter that counts up at a predetermined cycle, and a predetermined key number. Browsing and rewriting is prohibited, and the key number is displayed on the monitor of the controller,
In the controller, the key number is generated from an output value obtained by inputting the internal counter and the unique number to a first hash function, and the verification password is generated from the key to a second hash function. The number and current date are entered and generated from the resulting output value,
The password issuer includes an input unit. When the key number is input from the input unit, the key number and the current date are input to the second hash function, and the input password is obtained from an output value obtained as a result. A combination of an injection molding machine and a password issuer, characterized in that is generated.   2. The combination of an injection molding machine and a password issuer according to claim 1, wherein the unique number is a manufacturing number of the injection molding machine, and the internal counter is incremented by one count per day. A combination of an injection molding machine and a password issuer.

Images