WO2024079916A1 - Production system and control device - Google Patents

Production system and control device Download PDF

Info

Publication number
WO2024079916A1
WO2024079916A1 PCT/JP2022/038490 JP2022038490W WO2024079916A1 WO 2024079916 A1 WO2024079916 A1 WO 2024079916A1 JP 2022038490 W JP2022038490 W JP 2022038490W WO 2024079916 A1 WO2024079916 A1 WO 2024079916A1
Authority
WO
WIPO (PCT)
Prior art keywords
operator
terminal
authority
unit
control device
Prior art date
Application number
PCT/JP2022/038490
Other languages
French (fr)
Japanese (ja)
Inventor
光徳 渡邉
Original Assignee
ファナック株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ファナック株式会社 filed Critical ファナック株式会社
Priority to PCT/JP2022/038490 priority Critical patent/WO2024079916A1/en
Publication of WO2024079916A1 publication Critical patent/WO2024079916A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • This disclosure relates to a production system and a control device.
  • the production system disclosed herein solves the above problem by only requesting authorization of authority from the administrator's terminal when an operation that requires administrator authority occurs, and granting authority to the worker based on the response.
  • An aspect of the present disclosure is a production system in which a control device that controls an industrial machine used by an operator for work and a terminal used by an approver that approves operations by the operator related to functions of the control device and the industrial machine are connected via a network, the production system including an authority information storage unit that stores authority information related to the operations and a terminal information storage unit that stores terminal information related to the terminal, the control device including an operation reception unit that receives operations by the operator, an authority processing unit that determines whether the operator may execute the operation based on the authority information stored in the authority information storage unit, a first communication control unit that controls communication with the terminal used by the approver based on the terminal information stored in the terminal information storage unit, and a terminal information storage unit that stores terminal information related to the terminal information.
  • the terminal includes a second communication control unit that controls communication with the control device, and an operation authorization determination unit that determines whether the operator can perform the operation based on the operation of the approver
  • the authority processing unit refers to the authority information storage unit and transmits a request for approval of the execution of the operation by the operator to the terminal via the first communication control unit, and determines that the operator may perform the operation when a response is obtained to the request indicating that the operation by the operator has been approved, and determines that the operator cannot perform the operation when a response is obtained to the request indicating that the operation by the operator has not been approved.
  • FIG. 1 is a schematic hardware configuration diagram of a production system according to a first embodiment of the present disclosure.
  • 1 is a block diagram showing schematic functions of a production system according to a first embodiment of the present disclosure.
  • FIG. 4 is a diagram showing an example of operation information according to the first embodiment.
  • FIG. 4 is a diagram showing an example of authority information according to the first embodiment.
  • FIG. 11 is a diagram showing an example of an operation permission request setting screen according to the first embodiment.
  • FIG. 4 is a diagram showing an example of terminal information according to the first embodiment.
  • FIG. 11 is a block diagram showing schematic functions of a production system according to a second embodiment of the present disclosure.
  • FIG. 13 is a schematic functional block diagram showing a production system according to another embodiment of the present disclosure.
  • FIG. 1 is a schematic hardware configuration diagram showing a main part of a production system according to a first embodiment of the present disclosure.
  • a production system 300 is configured by connecting a control device 1 and a terminal 8 via a network 5.
  • the control device 1 controls an industrial machine 3 installed at a manufacturing site such as a factory based on an operation by an operator.
  • the terminal 8 is, for example, a terminal owned by an administrator who manages the control device 1.
  • the CPU 11 provided in the control device 1 is a processor that controls the entire control device 1.
  • the CPU 11 reads the system program stored in the ROM 12 via the bus 22, and controls the entire control device 1 according to the system program.
  • the RAM 13 temporarily stores temporary calculation data, display data, and various data input from outside.
  • the non-volatile memory 14 is composed of, for example, a memory backed up by a battery (not shown) or an SSD (Solid State Drive), and retains its memory state even when the power to the control device 1 is turned off.
  • the non-volatile memory 14 stores data acquired from the industrial machine 3, programs and data read from the external device 72 via the interface 15, programs and data input via the input device 71, programs and data acquired from other devices via the network 5, etc.
  • the programs and data stored in the non-volatile memory 14 may be expanded into the RAM 13 when executed/used.
  • various system programs such as well-known analysis programs are written in advance into the ROM 12.
  • the interface 15 is an interface for connecting the CPU 11 of the control device 1 to an external device 72 such as a USB device.
  • the external device 72 may be an external storage means such as a memory reader that reads and writes recording media such as CompactFlash (registered trademark) and SD cards, or a disk drive that reads and writes recording media such as CDs, DVDs, and BDs.
  • programs and setting data are read from the external device 72.
  • programs and setting data edited within the control device 1 can be stored in the external storage means via the external device 72.
  • the interface 20 is an interface for connecting the CPU 11 of the control device 1 to a wired or wireless network 5.
  • the network 5 is connected to control devices of other industrial machines, a fog computer 6, a cloud server 7, a terminal 8 operated by an administrator, etc., and exchanges data with the control device 1.
  • the display device 70 displays the various data loaded into the memory and the data obtained as a result of executing programs, etc., output via the interface 17.
  • the display device 70 may also be equipped with an LED indicator or warning lamp that shows the state of the machine.
  • the input device 71 which is composed of a keyboard, pointing device, card reader, etc., passes commands and data based on operations by the operator to the CPU 11 via the interface 18.
  • the control device 1 controls the industrial machinery 3 based on a control program, an external signal, an instruction from an operator, etc.
  • the industrial machinery 3 is a machine tool, an electric discharge machine, a robot, etc. that is installed at a manufacturing site such as a factory.
  • the terminal 8 operated by the administrator may be, for example, a personal computer installed remotely from the industrial machine 3 or the control device 1. It may also be a portable device or a wearable terminal carried by the administrator.
  • the terminal 8 exchanges data and programs with the control device 1 at least via the network 5 in response to the administrator's operations.
  • the CPU 811 provided in the terminal 8 is a processor that controls the entire terminal 8.
  • the CPU 811 reads the system program stored in the ROM 812 via the bus 822, and controls the entire terminal 8 in accordance with the system program.
  • the RAM 813 temporarily stores temporary calculation data, display data, and various data input from outside.
  • the non-volatile memory 814 is composed of, for example, a memory backed up by a battery (not shown) or an SSD (Solid State Drive), and the memory state is maintained even when the power supply of the terminal 8 is turned off.
  • the non-volatile memory 814 stores programs and data acquired from the control device 1 or other devices via the network 5, programs and data input via the input device 871, etc.
  • the programs and data stored in the non-volatile memory 814 may be expanded in the RAM 813 when executed/used.
  • various system programs such as well-known image processing programs are written in advance in the ROM 812.
  • the interface 815 is an interface for connecting the CPU 811 of the terminal 8 to an external device 872 such as a USB device.
  • the external device 872 may be an external storage means such as a memory reader for reading and writing recording media such as CompactFlash (registered trademark) and SD cards, or a disk drive for reading and writing recording media such as CDs, DVDs, and BDs.
  • programs and data are read from the external device 872.
  • programs and data created within the terminal 8 can be recorded in the external storage means via the external device 872.
  • the interface 820 is an interface for connecting the CPU 811 of the terminal 8 to the wired or wireless network 5.
  • the network 5 is connected to the control device 1, the industrial machine 3, the fog computer 6, the cloud server 7, etc., and exchanges data with the terminal 8.
  • the display device 870 displays data read into memory, data obtained as a result of executing programs, etc., output via the interface 817.
  • the input device 871 which is comprised of a keyboard, pointing device, touch panel, etc., passes instructions and data based on operations by the operator to the CPU 811 via the interface 818.
  • FIG. 2 is a schematic block diagram showing the functions of the control device 1 and terminal 8 according to this embodiment.
  • the functions of the control device 1 and terminal 8 according to this embodiment are realized by the CPU 11 of the control device 1 and the CPU 811 of the terminal 8 shown in FIG. 1 executing system programs and controlling the operation of each part of the control device 1 and terminal 8.
  • the control device 1 includes an operator authentication unit 100, an operation reception unit 110, an authority processing unit 120, a communication control unit 130, and an operation execution unit 140.
  • an authentication information storage unit 200 which is an area that stores in advance information required to authenticate an operator who operates each function of the control device 1 and the industrial machine 3
  • an authority information storage unit 210 which is an area that stores in advance authority information related to the operation of each function of the control device 1 and the industrial machine 3
  • a terminal information storage unit 220 which is an area that stores information related to the terminal used by the approver.
  • the operator authentication unit 100 authenticates the operator who operates the control device 1. Then, it outputs the identification information of the authenticated operator to the operation reception unit 110.
  • the operator authentication unit 100 displays a message on the display device 70 prompting the operator to input authentication information.
  • the operator authentication unit 100 may acquire authentication information input from the input device 71 in response to the message, and authenticate the operator based on the acquired authentication information.
  • the authentication information may be information that uniquely identifies the operator and a password corresponding to the identification information.
  • the operator authentication unit 100 that has acquired the authentication information compares the received authentication information with the information stored in the authentication information storage unit 200.
  • the operator authentication unit 100 may also display, for example, on the display device 70 to show a token such as an ID card held by the operator.
  • the operator authentication unit 100 performs a predetermined exchange with the token (such as matching a PIN code), and as a result, acquires information that uniquely identifies the operator from the token via the input device 71. Having acquired the operator's identification information, the operator authentication unit 100 compares the received identification information with the information stored in the authentication information storage unit 200.
  • the operator's identification information is stored in the authentication information storage unit 200, it determines that the operator has been correctly authenticated, and outputs the operator's identification information to the operation reception unit 110.
  • the operator authentication performed by the operator authentication unit 100 may use other known methods as long as the operator can be uniquely authenticated.
  • the operation reception unit 110 creates operation information based on the content of the operation performed by the worker. Then, it outputs the created operation information to the authority processing unit 120.
  • the operation accepted by the operation reception unit 110 includes, for example, an operation by the worker on the input device 71, an operation on an operation panel not shown, an operation request based on an external signal, an operation request from another computer such as the fog computer 6 via the network 5, and the like.
  • the content of the operation accepted by the operation reception unit 110 includes all operations that can be executed by the control device 1, such as operations related to the control of the industrial machine 3, operations related to the reading, writing, editing, execution, etc. of a control program for controlling the industrial machine 3, operations related to the setting of the control device 1, and operations related to maintenance such as data backup and restoration.
  • the operation information created by the operation reception unit 110 includes, for example, information that uniquely identifies the operator and information that specifies the operation content.
  • the information that uniquely identifies the operator included in the operation information may be the identification information of the operator input from the operator authentication unit 100.
  • the information identifying the operation content may include information that uniquely identifies the operation content and auxiliary information according to the operation content.
  • the auxiliary information may include, for example, a target or parameters related to the operation.
  • Figure 3 shows an example of operation information created based on an operator's operation.
  • the name of the operator, "Operator A” is included as information that uniquely identifies the operator.
  • the operation content is "change settings”
  • the auxiliary information includes information that the change target is "machining accuracy setting” and the change content is "change normal setting to emphasis on accuracy.” Note that the operation content does not necessarily need to include auxiliary information. For example, in the example of Figure 3, if there is no need to finely divide authority according to the change target and change content for the operation "change settings,” auxiliary information such as the change target and change content is not required.
  • the authority processing unit 120 judges whether the operator performing the operation has the authority for the operation content based on the operation information input from the operation reception unit 110 and the authority information stored in the authority information storage unit 210.
  • the authority information is information that associates, for each operation that can be performed by the control device 1, authority person identification information, which is information for identifying the person who has the authority to perform the operation, and approver identification information, which is information for identifying the person who approves the execution of the operation.
  • the authority processing unit 120 reads out the authority information corresponding to the operation content from the authority information storage unit 210 based on the operation content included in the operation information.
  • the authority processing unit 120 compares the operator identification information included in the operation information with the authority person identification information included in the read authority information to judge whether the operator has the authority to perform the operation. Then, if it is judged that the operator has the authority to perform the operation, it judges that the operator may perform the operation and instructs the operation execution unit 140 to perform the operation. On the other hand, if it is judged that the operator does not have the authority to perform the operation, it creates an operation permission request to be sent to any approver included in the approver identification information included in the read authority information. This operation permission request may include information that is useful for the approver to determine whether or not to permit the operation.
  • the operation permission request may include information that can uniquely identify the industrial machine 3, information that can uniquely identify the operator, the operation content, information related to the current operating state of the industrial machine 3 (alarms, coordinate values, etc.), information related to the operating environment of the industrial machine 3 (ambient temperature, etc.), and comments from the operator.
  • the communication control unit 130 is instructed to transmit the created operation permission request.
  • the unit determines that the operator may execute the operation, and instructs the operation execution unit 140 to execute the operation.
  • the operation permission response is "not permitted” the unit determines that the operator cannot execute the operation, and responds to the operator that the operation cannot be executed, and discards the operation information.
  • FIG. 4 shows an example of authority information stored in the authority information storage unit 210.
  • authorities such as operator D and operator E have the authority to execute the operation. Even if the operation cannot be executed, the operation can be executed by obtaining approval from an approver such as administrator A or administrator B.
  • the authority identification information may be a whitelist that specifies those who have the authority to execute the operation. It may also be a blacklist that specifies those who are prohibited from executing the operation. Furthermore, it may be a combination of these.
  • authority information is prepared for each operation, but for example, multiple operations may be grouped together and authority information may be created for all operations belonging to the group.
  • the authority identification information and approver identification information are created by operator and administrator, but group information that groups operators and administrators into specific groups may be created in advance, and the authority identification information and approver identification information may be created using the group information.
  • FIG. 5 is a diagram illustrating an example of a screen that allows the operator to make the necessary settings when the authority processing unit 120 sends an operation permission request.
  • the authority processing unit 120 sends an operation permission request to the terminal 8 used by the approver, it may display a screen that allows the operator to select the approver, as illustrated in FIG. 5.
  • it may be possible to input the purpose of performing the operation, etc., as a comment.
  • the authority processing unit 120 may discard operation information created based on an operation request from another computer via the network 5, as it is deemed that the operation cannot be executed. For example, even if a direct operation request is received from the terminal 8 owned by the administrator, the operation information relating to that operation may be discarded.
  • the communication control unit 130 transmits an operation permission request to the terminal 8 used by the approver in response to a command from the authority processing unit 120. Then, it receives an operation permission determination, which is a response to the operation permission request, from the terminal 8 used by the approver, and outputs it to the authority processing unit 120.
  • the communication control unit 130 refers to the terminal information storage unit 220 to identify the terminal 8 used by the approver.
  • FIG. 6 is a diagram showing an example of terminal information stored in the terminal information storage unit 220.
  • the terminal information storage unit 220 stores approver terminal information that associates the approver with information that identifies the terminal used by the approver in advance.
  • the terminal identification information may be information that can uniquely identify the terminal 8 used by the approver on the network 5, such as an IP address in a TCP/IP network or a computer name in a Windows network. It may also be an email address or an identification name on a specified SNS.
  • the terminal information stored in the terminal information storage unit 220 may be information related to the terminal 8 used by the administrator that is acquired in advance and stored. In addition, when the administrator changes the terminal 8 being used, the terminal information stored in the terminal information storage unit 220 may be updated based on a terminal information change command sent from the terminal 8.
  • the communication control unit 130 that is sent refers to the terminal information storage unit 220 to identify the terminal 8 being used by the approver included in the operation permission request, and transmits the operation permission request to the identified terminal 8.
  • the communication control unit 130 may be configured to use known techniques such as communication encryption and attachment of a digital signature when communicating with the terminal 8. Basically, it is desirable to make it impossible for anyone, including workers and administrators, to intercept or disguise the content of communications between the communication control unit 130 and the terminal 8.
  • the operation execution unit 140 then executes the operations of the worker based on commands from the authority processing unit 120.
  • the operations executed by the operation execution unit 140 include all operations that can be executed by the control device 1, such as operations related to the control of the industrial machine 3, operations related to reading, writing, editing, and executing control programs for controlling the industrial machine 3, and operations related to setting the control device 1.
  • the terminal 8 includes a communication control unit 880 and an operation possibility determination unit 890 .
  • the communication control unit 880 included in the terminal 8 receives the operation permission request transmitted from the control device 1 via the network 5. Then, the communication control unit 880 outputs the received operation permission request to the operation permission determination unit 890.
  • the operation permission determination unit 890 determines whether to grant the operator permission for the operation included in the operation permission request input from the communication control unit 880.
  • the operation permission determination unit 890 may present an operation permission determination screen to the approver, who is the user of the terminal 8, and prompt the approver to input whether or not to permit the operation.
  • FIG. 7 shows an example of the operation permission determination screen. As illustrated in FIG. 7, the operation permission determination screen shows the request contents included in the operation permission request to the approver. The approver selects whether to permit or reject the operation contents of the operator depending on the request contents.
  • the operation permission determination unit 890 creates an operation permission response based on the approver's selection, and outputs the created operation permission response to the communication control unit 880.
  • the communication control unit 880 transmits the operation permission response input from the operation permission determination unit 890 to the control device 1 via the network 5.
  • the communication control unit 880 may be configured to use known techniques such as communication encryption and attachment of a digital signature when communicating with the control device 1. Basically, it is desirable to prevent the content of communication between the communication control unit 880 and the control device 1 from being intercepted or disguised by anyone, including the worker or administrator.
  • FIG. 8 is a flowchart illustrating the flow of processes executed in the production system 300.
  • the operator authentication unit 100 first authenticates the operator as an operator (step SA01).
  • the operation reception unit 110 receives the operator's operation on the control device 1 (step SA02).
  • the authority processing unit 120 determines whether the authenticated operator has authority for the received operation (step SA03). If the operator has authority to perform the operation (step SA03: Yes), the operation execution unit 140 executes the operation (step SA11).
  • step SA03 If the operator does not have the authority to perform the operation (step SA03: No), the authority processing unit 120 creates an operation permission request according to the operator's instructions (step SA04), and the communication control unit 130 sends the created operation permission request to the terminal 8 (step SA05).
  • the operation permission determination unit 890 creates an operation permission response according to the approver's instructions (step SA07).
  • the communication control unit 880 then transmits the created operation permission response to the control device 1 (step SA08).
  • step SA09 the authority processing unit 120 judges whether the operator's operation is permitted or not based on the operation permission response (step SA10). If the operator's operation is permitted (step SA10: Yes), the operation execution unit 140 executes the operation (step SA11). On the other hand, if the operator's operation is not permitted (step SA10: No), the authority processing unit 120 responds to the operator that the operation cannot be executed and discards the operation information (step SA12). Thereafter, steps SA02 to SA12 are repeated while the operator is performing the operation.
  • the production system 300 makes it possible to perform necessary approval processing while reliably preventing the execution of operations unintended by the manager of the industrial machine 3 even when the manager is not near the control device 1.
  • the worker requests approval of an operation from the manager who is not present, and can perform the operation if the manager receives permission.
  • remote operation and information leakage can be prevented by not granting authority to operation requests sent to the control device 1 from an external computer via the network 5.
  • by not transmitting the authentication information of the approver to the worker arbitrary operation by the worker can be prevented.
  • necessary operations can be performed without being affected by the location or status of the manager, which greatly improves convenience and minimizes the downtime of the machine.
  • the authority processing unit 120 may record the time when the operation permission request is sent to the terminal 8. Then, if a predetermined time has elapsed since the operation permission request was sent and no operation permission response has been received, a response may be sent to the operator that the operation in the operation permission request cannot be executed, and the operation information may be discarded. Also, the operator may cancel the operation after the operation permission request is sent but before the operation permission response is received.
  • This configuration makes it possible to flexibly respond to the situations of the operator and approver, such as when the approver is too busy to respond, when it is no longer necessary to execute the operation for which permission has been requested, or when the approver is changed.
  • the communication control unit 130 may restrict the sending of an operation permission request depending on the connection status of the terminal 8 to the network 5.
  • the terminal information storage unit 220 manages the connection status of the terminal 8 used by each approver to the network 5. Then, if the approver selected by the operator is connected to the network 5 via a provider outside the factory, the operator may be notified to change the settings of the operation permission request since the selected approver is inappropriate as a destination for the operation permission request. By configuring in this way, it becomes possible to achieve security that takes into account the connection status of the terminal 8.
  • the communication control unit 130 may include predetermined code information in the operation permission request sent to the terminal 8. At this time, the communication control unit 130 stores the sent operation permission request.
  • the communication control unit 880 of the terminal 8 includes the same code information included in the operation permission request in the operation permission response corresponding to the operation permission request.
  • the communication control unit 130 of the control device 1 that receives the operation permission response determines whether the code information included in the received operation permission response matches the code information included in the operation permission request stored at the time of transmission. If they do not match, the received operation permission response is discarded. This configuration makes it possible to respond to attacks in which operation permission information is intentionally created and sent.
  • the production system 300 it is possible to treat a person who is determined to have the authority to perform an operation according to the authority identification information as the approver without providing approver identification information in the authority information.
  • a person who has the authority to perform an operation may also work as an approver.
  • by configuring the system so that a person who has the authority to perform an operation can be selected as the approver it is possible to save on the storage area prepared for the authority information storage unit 210 and also to avoid the trouble of setting up a separate approver.
  • control device 1 may be incorporated as a component of the industrial machine 3.
  • each function of the control device 1 is implemented as a component of the industrial machine 3.
  • FIG. 9 is a schematic block diagram showing functions of the control device 1 and the terminal 8 according to the second embodiment.
  • the functions of the control device 1 and the terminal 8 according to this embodiment are realized by the CPU 11 of the control device 1 and the CPU 811 of the terminal 8, shown in FIG. 1, executing system programs and controlling the operation of each part of the control device 1 and the terminal 8.
  • the production system 300 differs from the production system 300 according to the first disclosure in that the authentication information storage unit 200, the authority information storage unit 210, and the terminal information storage unit 220 that were provided in the control device 1 are provided on a higher-level computer such as a fog computer 6.
  • the operator authentication unit 100, the authority processing unit 120, and the communication control unit 130 provided in the control device 1 access the fog computer 6 via the network 5 when accessing the authentication information stored in the authentication information storage unit 200, the authority information stored in the authority information storage unit 210, and the terminal information stored in the terminal information storage unit 220.
  • the access is secure using known encryption and digital signature techniques. Otherwise, it is the same as the production system 300 according to the first disclosure.
  • the production system 300 which has the above configuration, is capable of centrally managing the authentication information stored in the authentication information storage unit 200, the authority information stored in the authority information storage unit 210, and the terminal information stored in the terminal information storage unit 220. In addition, this information can be shared and used by multiple control devices 1. This improves the maintainability of the information that needs to be managed in the production system 300.
  • each function other than the operation reception unit 110, the authority processing unit 120, the communication control unit 130, and the operation execution unit 140 may be provided, for example, on a computer provided alongside the control device 1 or on another computer connected to the control device 1 via a network.
  • the operator authentication unit 100 may also be provided on another computer or a higher-level computer, rather than on the control device 1.
  • the control device 1 transmits the acquired information for identifying the operator and information for authenticating the operator to the operator authentication unit 100 provided on the other computer or the higher-level computer. Then, by receiving a response indicating that the operator has been authenticated, it may be determined that the operator has been correctly authenticated.
  • the production system 300 makes it possible to carry out the necessary approval process while reliably preventing the manager of the industrial machine 3 from performing operations unintended by the manager, even if the manager is not near the control device 1.
  • a production system (300) includes a control device (1) that controls an industrial machine (3) used by an operator for work, a terminal (8) that is connected to the control device (1) via a network (5) and is used by an approver who approves operations by the operator related to functions of the control device (1) and the industrial machine (3), an authority information storage unit (210) that stores authority information related to the operations, and a terminal information storage unit (220) that stores terminal information related to the terminal (8).
  • the control device (1) includes an operation reception unit (110) that receives operations by the operator, an authority processing unit (120) that determines whether the operator is allowed to execute the operations based on the authority information stored in the authority information storage unit (210), and a first communication control unit (130) that controls communication between the control device (1) and the terminal (8) used by the approver based on the terminal information stored in the terminal information storage unit (220).
  • the terminal (8) comprises a second communication control unit (880) that controls communication with the control device (1), and an operation feasibility determination unit (890) that determines whether the operator can perform the operation based on the operation of the approver, and the authority processing unit (120) refers to the authority information storage unit (210) and, if the operator has authority for the operation, or sends a request for approval of the execution of the operation by the operator to the terminal (8) via the first communication control unit (130), and, if a response is obtained in response to the request indicating that the operation by the operator has been approved, determines that the operator may perform the operation, and if a response is obtained in response to the request indicating that the operation by the operator has not been approved, determines that the operator cannot perform the operation.
  • the authority processing unit (120) further determines that the operation cannot be executed if the operation was obtained via a network (5).
  • the terminal information stored in the terminal information storage unit (220) is further updated when there is a change in the terminal (8) used by the approver.
  • the authority processing unit (120) further determines that the operation cannot be executed if the response is not obtained within a predetermined period of time after sending the request.
  • the authority processing unit (120) further notifies an operator of information regarding the connection state to the terminal (8) attempting to transmit the request.
  • the first communication control unit (130) further includes predetermined code information in the request to be sent to the terminal (8), and when a response to the request is received, if the code information included in the response does not match the response included in the request, the received response is discarded.
  • a control device (1) includes an operation receiving unit (110) that receives an operation by an operator, an authority processing unit (120) that refers to an authority information storage unit (210) that stores authority information related to the operation and determines whether the operator is allowed to execute the operation, a first communication control unit (130) that refers to a terminal information storage unit (220) that stores terminal information related to the terminal (8) used by an approver who approves the operation by the operator related to functions of the control device (1) and the industrial machine (3) to be controlled, and controls communication between the terminal (8) used by the approver, and based on the result of the determination by the authority processing unit (120), and an operation execution unit (140) that executes the operation based on the authority information stored in the authority information storage unit (210), and the authority processing unit (120) refers to the authority information storage unit (210) and, if the operator has the authority for the operation, or sends a request for approval of the execution of the operation by the operator to the terminal (8) via the first communication control unit (
  • Reference Signs List 1 Control device 3 Industrial machine 5 Network 6 Fog computer 7 Cloud server 8 Terminal 11 CPU 12 ROM 13 RAM 14 Non-volatile memory 15, 17, 18, 20 Interface 22 Bus 70 Display device 71 Input device 72 External device 100 Operator authentication unit 110 Operation reception unit 120 Authorization processing unit 130 Communication control unit 140 Operation execution unit 200 Authentication information storage unit 210 Authorization information storage unit 220 Terminal information storage unit 300 Production system 811 CPU 812 ROM 813 RAM 814 Non-volatile memory 815, 817, 818, 820 Interface 822 Bus 870 Display device 871 Input device 872 External device 880 Communication control unit 890 Operation possibility determination unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Factory Administration (AREA)

Abstract

In a production system according to the present disclosure, a control device for controlling an industrial machine and a terminal used by an approver are connected via a network, and said production system comprises: a permissions information storage unit for storing permissions information relating to operation; a terminal information storage unit for storing terminal information relating to the terminal; an operation reception unit for receiving an operation by an operator; a permissions processing unit for determining whether the operator may execute the operation; and an operation execution unit that executes the operation on the basis of the result of determination by the permissions processing unit. The permissions processing unit determines that the operator may execute an operation only when the operator has permission for the operation or when approval by the approver to execute the operation is obtained.

Description

生産システム及び制御装置Production Systems and Control Devices
 本開示は、生産システム及び制御装置に関する。 This disclosure relates to a production system and a control device.
 近年、工場の自動化やネットワーク化の進展に伴い、工場内で使用される産業機械の制御装置へのサイバー攻撃が増加している。そのため、以前はサイバー攻撃への対策が比較的疎かであった制御装置でも、セキュリティ機能の重要度が高まってきている(例えば、特許文献1など)。 In recent years, with the advancement of automation and networking in factories, cyber attacks on the control devices of industrial machines used in factories have been increasing. As a result, the importance of security functions has been increasing even for control devices, which previously had relatively little countermeasures against cyber attacks (for example, Patent Document 1, etc.).
 セキュリティ機能には様々なものがあるが、その1つとしてユーザ認証と権限管理が挙げられる。この対策により、攻撃者が工場ネットワークに侵入してもユーザ認証を通過できないため、攻撃に必要な権限が取得できず、遠隔操作や情報漏洩を防止できる。一方、工場の作業者が勝手な設定変更や作業を行うことも防止できるため、工場の安定稼働や品質向上にも寄与する。 There are various security functions, but one of them is user authentication and authority management. With this measure, even if an attacker infiltrates the factory network, they cannot pass user authentication, so they cannot obtain the authority necessary for an attack, preventing remote operation and information leaks. At the same time, it also prevents factory workers from changing settings or performing tasks without permission, which contributes to stable factory operations and improved quality.
特開2018-097524号公報JP 2018-097524 A
 制御装置の運用中に設定変更や特殊な操作が必要となった際に、必要な権限が管理者のみに制限されていて作業者が権限を有しない場合、管理者が装置のそばにいないと認証が行えず操作が実行できない。情報システムやオフィス機器などを扱うIT領域と比較して、生産システムや産業機械などを扱うOT領域では管理者の所在が流動的で固定化されないため、その影響も大きなものとなる。 When settings need to be changed or special operations need to be performed during operation of a control device, if the necessary authority is restricted to the administrator and the worker does not have it, authentication cannot be performed unless the administrator is near the device, and the operation cannot be performed. Compared to the IT domain, which handles information systems and office equipment, the location of the administrator is fluid and not fixed in the OT domain, which handles production systems and industrial machinery, and the impact can be significant.
 回避方法として、管理者が遠隔で操作する機能を追加したり、電話やメール等で作業者にパスワードなどの認証情報を伝達したりする方法が考えられる。しかしながら、これらの方法はセキュリティリスクを増大させる。 Possible ways to avoid this include adding a function that allows an administrator to operate the system remotely, or communicating authentication information such as passwords to workers via phone or email. However, these methods increase security risks.
 本開示による生産システムは、管理者の権限が必要となる操作が発生した際に、管理者の端末に対して権限の認可のみを求め、その応答に基づいて作業者に対して権限を与えることで、上記課題を解決する。 The production system disclosed herein solves the above problem by only requesting authorization of authority from the administrator's terminal when an operation that requires administrator authority occurs, and granting authority to the worker based on the response.
 そして、本開示の一態様は、操作者が作業に用いる産業機械を制御する制御装置と、前記操作者による前記制御装置及び前記産業機械が備える機能に係る操作を承認する承認者が利用している端末とがネットワークを介して接続された生産システムであって、前記操作に係る権限情報を記憶する権限情報記憶部と、前記端末に係る端末情報を記憶する端末情報記憶部と、を備え、前記制御装置は、前記操作者による操作を受け付ける操作受付部と、前記権限情報記憶部に記憶されている権限情報に基づいて、前記操作者が前記操作を実行して良いか否かを判定する権限処理部と、前記端末情報記憶部に記憶されている前記端末情報に基づいて、前記承認者が利用している前記端末との間の通信を制御する第1の通信制御部と、前記権限処理部による判定の結果に基づいて、前記操作を実行する操作実行部と、を備え、前記端末は、前記制御装置との間の通信を制御する第2の通信制御部と、前記承認者の操作に基づいて、前記操作者による前記操作の可否を判定する操作可否判定部と、を備え、前記権限処理部は、前記権限情報記憶部を参照して前記操作者に前記操作の権限が有る場合、または、前記操作者による前記操作に係る実行の承認の要求を前記第1の通信制御部を介して前記端末へと送信し、前記要求に対して前記操作者による前記操作が承認されたことを示す応答が取得された場合に、前記操作者が前記操作を実行して良いと判定し、前記要求に対して前記操作者による前記操作が承認されなかったことを示す応答が取得された場合に、前記操作者が前記操作を実行できないと判定する、生産システムである。 An aspect of the present disclosure is a production system in which a control device that controls an industrial machine used by an operator for work and a terminal used by an approver that approves operations by the operator related to functions of the control device and the industrial machine are connected via a network, the production system including an authority information storage unit that stores authority information related to the operations and a terminal information storage unit that stores terminal information related to the terminal, the control device including an operation reception unit that receives operations by the operator, an authority processing unit that determines whether the operator may execute the operation based on the authority information stored in the authority information storage unit, a first communication control unit that controls communication with the terminal used by the approver based on the terminal information stored in the terminal information storage unit, and a terminal information storage unit that stores terminal information related to the terminal information. and an operation execution unit that executes the operation based on the authorization information, and the terminal includes a second communication control unit that controls communication with the control device, and an operation authorization determination unit that determines whether the operator can perform the operation based on the operation of the approver, and the authority processing unit refers to the authority information storage unit and transmits a request for approval of the execution of the operation by the operator to the terminal via the first communication control unit, and determines that the operator may perform the operation when a response is obtained to the request indicating that the operation by the operator has been approved, and determines that the operator cannot perform the operation when a response is obtained to the request indicating that the operation by the operator has not been approved.
本開示の第1実施形態による生産システムの概略的なハードウェア構成図である。1 is a schematic hardware configuration diagram of a production system according to a first embodiment of the present disclosure. 本開示の第1実施形態による生産システムの概略的な機能を示すブロック図である。1 is a block diagram showing schematic functions of a production system according to a first embodiment of the present disclosure. 第1実施形態による操作情報の例を示す図である。FIG. 4 is a diagram showing an example of operation information according to the first embodiment. 第1実施形態による権限情報の例を示す図である。FIG. 4 is a diagram showing an example of authority information according to the first embodiment. 第1実施形態による操作許可要求設定画面の例を示す図である。FIG. 11 is a diagram showing an example of an operation permission request setting screen according to the first embodiment. 第1実施形態による端末情報の例を示す図である。FIG. 4 is a diagram showing an example of terminal information according to the first embodiment. 第1実施形態による操作可否判定画面の例を示す図である。FIG. 11 is a diagram showing an example of an operation propriety determination screen according to the first embodiment. 第1実施形態による生産システムにおいて実行される処理の流れを例示するフローチャートである。4 is a flowchart illustrating a flow of a process executed in the production system according to the first embodiment. 本開示の第2実施形態による生産システムの概略的な機能を示すブロック図である。FIG. 11 is a block diagram showing schematic functions of a production system according to a second embodiment of the present disclosure. 本開示のその他の実施形態による生産システムを示す概略的な機能を示すブロック図である。FIG. 13 is a schematic functional block diagram showing a production system according to another embodiment of the present disclosure.
 以下、本開示の実施形態を図面と共に説明する。
[第1実施形態]
 図1は本開示の第1実施形態による生産システムの要部を示す概略的なハードウェア構成図である。本実施形態による生産システム300は、制御装置1と端末8とがネットワーク5を介して接続されることで構成される。制御装置1は、作業者による操作に基づいて工場などの製造現場に設置された産業機械3を制御する。また、端末8は、例えば制御装置1を管理する管理者が所有する端末である。 Hereinafter, embodiments of the present disclosure will be described with reference to the drawings.
[First embodiment]
1 is a schematic hardware configuration diagram showing a main part of a production system according to a first embodiment of the present disclosure. A production system 300 according to this embodiment is configured by connecting a control device 1 and a terminal 8 via a network 5. The control device 1 controls an industrial machine 3 installed at a manufacturing site such as a factory based on an operation by an operator. The terminal 8 is, for example, a terminal owned by an administrator who manages the control device 1.
 本実施形態による制御装置1が備えるCPU11は、制御装置1を全体的に制御するプロセッサである。CPU11は、バス22を介してROM12に格納されたシステム・プログラムを読み出し、該システム・プログラムに従って制御装置1全体を制御する。RAM13には一時的な計算データや表示データ、及び外部から入力された各種データ等が一時的に格納される。 The CPU 11 provided in the control device 1 according to this embodiment is a processor that controls the entire control device 1. The CPU 11 reads the system program stored in the ROM 12 via the bus 22, and controls the entire control device 1 according to the system program. The RAM 13 temporarily stores temporary calculation data, display data, and various data input from outside.
 不揮発性メモリ14は、例えば図示しないバッテリでバックアップされたメモリやSSD(Solid State Drive)等で構成され、制御装置1の電源がオフされても記憶状態が保持される。不揮発性メモリ14には、産業機械3から取得したデータ、インタフェース15を介して外部機器72から読み込まれたプログラムやデータ、入力装置71を介して入力されたプログラムやデータ、ネットワーク5を介して他の装置から取得されたプログラムやデータ等が記憶される。不揮発性メモリ14に記憶されたプログラムやデータは、実行時/利用時にはRAM13に展開されてもよい。また、ROM12には、公知の解析プログラムなどの各種システム・プログラムがあらかじめ書き込まれている。 The non-volatile memory 14 is composed of, for example, a memory backed up by a battery (not shown) or an SSD (Solid State Drive), and retains its memory state even when the power to the control device 1 is turned off. The non-volatile memory 14 stores data acquired from the industrial machine 3, programs and data read from the external device 72 via the interface 15, programs and data input via the input device 71, programs and data acquired from other devices via the network 5, etc. The programs and data stored in the non-volatile memory 14 may be expanded into the RAM 13 when executed/used. In addition, various system programs such as well-known analysis programs are written in advance into the ROM 12.
 インタフェース15は、制御装置1のCPU11とUSB装置等の外部機器72と接続するためのインタフェースである。外部機器72は、コンパクトフラッシュ(登録商標)、SDカードなどの記録媒体を読み書きするメモリリーダや、CD、DVD、BDなどの記録媒体を読み書きするディスクドライブなどの外部記憶手段であってよい。外部機器72側からは、例えばプログラムや設定データ等が読み込まれる。また、制御装置1内で編集したプログラムや設定データ等は、外部機器72を介して外部記憶手段に記憶させることができる。 The interface 15 is an interface for connecting the CPU 11 of the control device 1 to an external device 72 such as a USB device. The external device 72 may be an external storage means such as a memory reader that reads and writes recording media such as CompactFlash (registered trademark) and SD cards, or a disk drive that reads and writes recording media such as CDs, DVDs, and BDs. For example, programs and setting data are read from the external device 72. In addition, programs and setting data edited within the control device 1 can be stored in the external storage means via the external device 72.
 インタフェース20は、制御装置1のCPU11と有線乃至無線のネットワーク5とを接続するためのインタフェースである。ネットワーク5には、他の産業機械の制御装置やフォグコンピュータ6、クラウドサーバ7、管理者が操作する端末8等が接続され、制御装置1との間で相互にデータのやり取りを行っている。 The interface 20 is an interface for connecting the CPU 11 of the control device 1 to a wired or wireless network 5. The network 5 is connected to control devices of other industrial machines, a fog computer 6, a cloud server 7, a terminal 8 operated by an administrator, etc., and exchanges data with the control device 1.
 表示装置70には、メモリ上に読み込まれた各データ、プログラム等が実行された結果として得られたデータ等がインタフェース17を介して出力されて表示される。表示装置70は、機械の状態を示すLEDインジケイターや警告ランプを備えていてもよい。また、キーボードやポインティングデバイス、カードリーダ等から構成される入力装置71は、インタフェース18を介してオペレータによる操作に基づく指令,データ等をCPU11に渡す。 The display device 70 displays the various data loaded into the memory and the data obtained as a result of executing programs, etc., output via the interface 17. The display device 70 may also be equipped with an LED indicator or warning lamp that shows the state of the machine. In addition, the input device 71, which is composed of a keyboard, pointing device, card reader, etc., passes commands and data based on operations by the operator to the CPU 11 via the interface 18.
 制御装置1は、制御用プログラム、外部からの信号、作業者による指令などに基づいて産業機械3を制御する。産業機械3は、工場などの製造現場に設置される工作機械や放電加工機、ロボットなどである。 The control device 1 controls the industrial machinery 3 based on a control program, an external signal, an instruction from an operator, etc. The industrial machinery 3 is a machine tool, an electric discharge machine, a robot, etc. that is installed at a manufacturing site such as a factory.
 管理者が操作する端末8は、例えば産業機械3や制御装置1の遠隔に設置されているパソコンであってよい。また、管理者が携帯する携帯機器や、ウェアラブル端末などであってもよい。端末8は、管理者の操作に応じて、少なくともネットワーク5を介して制御装置1との間でデータやプログラムのやり取りをする。 The terminal 8 operated by the administrator may be, for example, a personal computer installed remotely from the industrial machine 3 or the control device 1. It may also be a portable device or a wearable terminal carried by the administrator. The terminal 8 exchanges data and programs with the control device 1 at least via the network 5 in response to the administrator's operations.
 端末8が備えるCPU811は、端末8を全体的に制御するプロセッサである。CPU811は、バス822を介してROM812に格納されたシステム・プログラムを読み出し、該システム・プログラムに従って端末8全体を制御する。RAM813には一時的な計算データや表示データ、及び外部から入力された各種データ等が一時的に格納される。 The CPU 811 provided in the terminal 8 is a processor that controls the entire terminal 8. The CPU 811 reads the system program stored in the ROM 812 via the bus 822, and controls the entire terminal 8 in accordance with the system program. The RAM 813 temporarily stores temporary calculation data, display data, and various data input from outside.
 不揮発性メモリ814は、例えば図示しないバッテリでバックアップされたメモリやSSD(Solid State Drive)等で構成され、端末8の電源がオフされても記憶状態が保持される。不揮発性メモリ814には、ネットワーク5を介して制御装置1や他の装置から取得したプログラムやデータ、入力装置871を介して入力されたプログラムやデータ等が記憶される。不揮発性メモリ814に記憶されたプログラムやデータは、実行時/利用時にはRAM813に展開されてもよい。また、ROM812には、公知の画像処理プログラムなどの各種システム・プログラムがあらかじめ書き込まれている。 The non-volatile memory 814 is composed of, for example, a memory backed up by a battery (not shown) or an SSD (Solid State Drive), and the memory state is maintained even when the power supply of the terminal 8 is turned off. The non-volatile memory 814 stores programs and data acquired from the control device 1 or other devices via the network 5, programs and data input via the input device 871, etc. The programs and data stored in the non-volatile memory 814 may be expanded in the RAM 813 when executed/used. In addition, various system programs such as well-known image processing programs are written in advance in the ROM 812.
 インタフェース815は、端末8のCPU811とUSB装置等の外部機器872と接続するためのインタフェースである。外部機器872は、コンパクトフラッシュ(登録商標)、SDカードなどの記録媒体を読み書きするメモリリーダや、CD、DVD、BDなどの記録媒体を読み書きするディスクドライブなどの外部記憶手段であってよい。外部機器872側からは、例えばプログラムやデータ等が読み込まれる。また、端末8内で作成されたプログラムやデータ等は、外部機器872を介して外部記憶手段に記録させることができる。 The interface 815 is an interface for connecting the CPU 811 of the terminal 8 to an external device 872 such as a USB device. The external device 872 may be an external storage means such as a memory reader for reading and writing recording media such as CompactFlash (registered trademark) and SD cards, or a disk drive for reading and writing recording media such as CDs, DVDs, and BDs. For example, programs and data are read from the external device 872. In addition, programs and data created within the terminal 8 can be recorded in the external storage means via the external device 872.
 インタフェース820は、端末8のCPU811と有線乃至無線のネットワーク5とを接続するためのインタフェースである。ネットワーク5には、制御装置1や産業機械3、フォグコンピュータ6、クラウドサーバ7等が接続され、端末8との間で相互にデータのやり取りを行っている。 The interface 820 is an interface for connecting the CPU 811 of the terminal 8 to the wired or wireless network 5. The network 5 is connected to the control device 1, the industrial machine 3, the fog computer 6, the cloud server 7, etc., and exchanges data with the terminal 8.
 表示装置870には、メモリ上に読み込まれた各データ、プログラム等が実行された結果として得られたデータ等がインタフェース817を介して出力されて表示される。また、キーボードやポインティングデバイス、タッチパネル等から構成される入力装置871は、オペレータによる操作に基づく指令、データ等をインタフェース818を介してCPU811に渡す。 The display device 870 displays data read into memory, data obtained as a result of executing programs, etc., output via the interface 817. The input device 871, which is comprised of a keyboard, pointing device, touch panel, etc., passes instructions and data based on operations by the operator to the CPU 811 via the interface 818.
 図2は、本実施形態による制御装置1及び端末8が備える機能を概略的なブロック図として示したものである。本実施形態による制御装置1及び端末8が備える各機能は、図1に示した制御装置1が備えるCPU11及び端末8が備えるCPU811がそれぞれシステム・プログラムを実行し、制御装置1及び端末8の各部の動作を制御することにより実現される。 FIG. 2 is a schematic block diagram showing the functions of the control device 1 and terminal 8 according to this embodiment. The functions of the control device 1 and terminal 8 according to this embodiment are realized by the CPU 11 of the control device 1 and the CPU 811 of the terminal 8 shown in FIG. 1 executing system programs and controlling the operation of each part of the control device 1 and terminal 8.
 本実施形態による制御装置1は、操作者認証部100、操作受付部110、権限処理部120、通信制御部130、操作実行部140を備える。また、制御装置1のRAM13乃至不揮発性メモリ14上には、制御装置1及び産業機械3が備える各機能を操作する操作者を認証するために必要となる情報を予め記憶した領域である認証情報記憶部200、制御装置1及び産業機械3が備える各機能の操作に係る権限情報を予め記憶した領域である権限情報記憶部210、及び承認者が利用している端末に係る情報を記憶している領域である端末情報記憶部220が予め用意されている。 The control device 1 according to this embodiment includes an operator authentication unit 100, an operation reception unit 110, an authority processing unit 120, a communication control unit 130, and an operation execution unit 140. In addition, on the RAM 13 to the non-volatile memory 14 of the control device 1, there are prepared in advance an authentication information storage unit 200, which is an area that stores in advance information required to authenticate an operator who operates each function of the control device 1 and the industrial machine 3, an authority information storage unit 210, which is an area that stores in advance authority information related to the operation of each function of the control device 1 and the industrial machine 3, and a terminal information storage unit 220, which is an area that stores information related to the terminal used by the approver.
 操作者認証部100は、制御装置1に対して操作を行う操作者を認証する。そして、認証した操作者の識別情報を操作受付部110へと出力する。操作者認証部100は、例えば表示装置70に対して認証情報を入力するように促す表示を行う。この場合、それに対する応答として入力装置71から入力された認証情報を取得し、取得した認証情報に基づいて操作者を認証するようにしてもよい。この時、認証情報としては、操作者を一意に識別する情報及び当該識別情報に対応するパスワードを用いることができる。認証情報を取得した操作者認証部100は、受け付けた認証情報と、認証情報記憶部200に記憶されている情報とを照合する。そして、照合した結果、識別情報とパスワードの組が正しいものであると判定できた場合、操作者が正しく認証されたと判定し、操作者の識別情報を操作受付部110へと出力する。また、操作者認証部100は、例えば表示装置70に対して操作者が保有するIDカードなどのトークンを示すように表示を行うようにしてもよい。この場合、操作者認証部100はトークンとの間で所定のやり取り(PINコードの照合など)を行い、その結果として入力装置71を介してトークンから操作者を一意に識別する情報を取得する。操作者の識別情報を取得した操作者認証部100は、受け付けた識別情報と、認証情報記憶部200に記憶されている情報とを照合する。そして、認証情報記憶部200に操作者の識別情報が記憶されている場合、操作者が正しく認証されたと判定し、操作者の識別情報を操作受付部110へと出力する。操作者認証部100が行う操作者の認証は、操作者が一意に認証できるのであれば、その他の公知の手法を用いるようにしてもよい。 The operator authentication unit 100 authenticates the operator who operates the control device 1. Then, it outputs the identification information of the authenticated operator to the operation reception unit 110. The operator authentication unit 100, for example, displays a message on the display device 70 prompting the operator to input authentication information. In this case, the operator authentication unit 100 may acquire authentication information input from the input device 71 in response to the message, and authenticate the operator based on the acquired authentication information. At this time, the authentication information may be information that uniquely identifies the operator and a password corresponding to the identification information. The operator authentication unit 100 that has acquired the authentication information compares the received authentication information with the information stored in the authentication information storage unit 200. Then, if it is determined that the combination of the identification information and the password is correct as a result of the comparison, it determines that the operator has been correctly authenticated, and outputs the identification information of the operator to the operation reception unit 110. The operator authentication unit 100 may also display, for example, on the display device 70 to show a token such as an ID card held by the operator. In this case, the operator authentication unit 100 performs a predetermined exchange with the token (such as matching a PIN code), and as a result, acquires information that uniquely identifies the operator from the token via the input device 71. Having acquired the operator's identification information, the operator authentication unit 100 compares the received identification information with the information stored in the authentication information storage unit 200. If the operator's identification information is stored in the authentication information storage unit 200, it determines that the operator has been correctly authenticated, and outputs the operator's identification information to the operation reception unit 110. The operator authentication performed by the operator authentication unit 100 may use other known methods as long as the operator can be uniquely authenticated.
 操作受付部110は、作業者が操作した内容に基づいて操作情報を作成する。そして、作成した操作情報を権限処理部120へと出力する。操作受付部110が受け付ける操作は、例えば作業者による入力装置71に対する操作や、図示しない操作盤に対する操作、外部信号に基づく操作要求、ネットワーク5を介したフォグコンピュータ6などの他のコンピュータからの操作要求などを含む。操作受付部110が受け付ける操作の内容は、産業機械3の制御に係る操作、産業機械3を制御するための制御用プログラムの読み込み、書き込み、編集、実行などに係る操作、制御装置1の設定に係る操作、データのバックアップ、リストアなどのメンテナンスに係る操作など、制御装置1において実行可能なあらゆる操作を含む。操作受付部110が作成する操作情報は、例えば操作者を一意に識別する情報と、操作内容を特定する情報を含む。操作情報に含まれる操作者を一意に識別する情報は、その操作が入力装置71や操作盤から受け付けた操作である場合、操作者認証部100から入力された操作者の識別情報であってよい。また、その操作が外部信号やネットワーク5を介した操作要求である場合、当該操作要求に含まれる操作者の識別情報であってよい。一方、操作内容を特定する情報は、操作内容を一意に特定する情報と、その操作内容に応じた補助的な情報を含んでいてよい。補助的な情報は、例えば操作に係る対象やパラメータなどを含んでいてよい。 The operation reception unit 110 creates operation information based on the content of the operation performed by the worker. Then, it outputs the created operation information to the authority processing unit 120. The operation accepted by the operation reception unit 110 includes, for example, an operation by the worker on the input device 71, an operation on an operation panel not shown, an operation request based on an external signal, an operation request from another computer such as the fog computer 6 via the network 5, and the like. The content of the operation accepted by the operation reception unit 110 includes all operations that can be executed by the control device 1, such as operations related to the control of the industrial machine 3, operations related to the reading, writing, editing, execution, etc. of a control program for controlling the industrial machine 3, operations related to the setting of the control device 1, and operations related to maintenance such as data backup and restoration. The operation information created by the operation reception unit 110 includes, for example, information that uniquely identifies the operator and information that specifies the operation content. When the operation is an operation accepted from the input device 71 or an operation panel, the information that uniquely identifies the operator included in the operation information may be the identification information of the operator input from the operator authentication unit 100. Furthermore, if the operation is an operation request sent via an external signal or the network 5, the information may be identification information of the operator included in the operation request. On the other hand, the information identifying the operation content may include information that uniquely identifies the operation content and auxiliary information according to the operation content. The auxiliary information may include, for example, a target or parameters related to the operation.
 図3は、作業者の操作に基づいて作成される操作情報の例を示している。図3の例では、操作者を一意に識別する情報として操作者の名称「作業者A」という情報を含んでいる。また、操作内容は「設定変更」であり、その補助的情報として、変更対象が「加工精度設定」、変更内容が「通常設定を精度重視へ変更」である、という情報を含んでいる。なお、操作内容には必ずしも補助的情報を含む必要は無い。例えば、図3の例において、「設定変更」という操作について、変更対象や変更内容に応じた細やかに権限を分ける必要が無い場合などには、変更対象や変更内容などの補助的情報は不要である。 Figure 3 shows an example of operation information created based on an operator's operation. In the example of Figure 3, the name of the operator, "Operator A," is included as information that uniquely identifies the operator. The operation content is "change settings," and the auxiliary information includes information that the change target is "machining accuracy setting" and the change content is "change normal setting to emphasis on accuracy." Note that the operation content does not necessarily need to include auxiliary information. For example, in the example of Figure 3, if there is no need to finely divide authority according to the change target and change content for the operation "change settings," auxiliary information such as the change target and change content is not required.
 権限処理部120は、操作受付部110から入力された操作情報と、権限情報記憶部210に記憶されている権限情報とに基づいて、操作をする作業者が操作内容に係る権限を有しているか否かを判定する。権限情報は、制御装置1において実行可能なそれぞれの操作に対して、当該操作を実行する権限を持つ者を特定するための情報である権限者特定情報、及び、当該操作の実行を承認する者を特定するための情報である承認者特定情報を関連付けたものである。権限処理部120は、操作情報に含まれる操作内容に基づいて権限情報記憶部210から当該操作内容に対応する権限情報を読み出す。そして、操作情報に含まれる操作者の識別情報と、読み出した権限情報に含まれる権限者特定情報とを突き合せて、操作者に当該操作を行う権限があるか否かを判定する。そして、操作者に操作を行う権限が有ると判定した場合、操作者が当該操作を実行しても良いと判断し、当該操作を実行するように操作実行部140へと指令する。一方で、操作者に操作を行う権限が無いと判定した場合、読み出した権限情報に含まれる承認者特定情報に含まれるいずれかの承認者に対して送信する操作許可要求を作成する。この操作許可要求には、承認者が当該操作を許可するべきか否かを判断するために有益な情報を含めてよい。例えば、操作許可要求には、産業機械3を一意に識別できる情報、操作者を一意に識別できる情報、操作内容、産業機械3の現在の動作状態に係る情報(アラーム、座標値など)、産業機械3の動作環境に係る情報(環境温度など)、操作者のコメントなどを含んでいてよい。その後、作成した操作許可要求を送信するように、通信制御部130に指令する。そして、操作許可要求に対する承認者の操作可否応答が「許可」である場合は、操作者が当該操作を実行しても良いと判断し、当該操作を実行するように操作実行部140へと指令する。一方、操作可否応答が「許可しない」である場合は、操作者が当該操作を実行できないと判断し、当該操作の実行できない旨を操作者へ応答し、操作情報を破棄する。 The authority processing unit 120 judges whether the operator performing the operation has the authority for the operation content based on the operation information input from the operation reception unit 110 and the authority information stored in the authority information storage unit 210. The authority information is information that associates, for each operation that can be performed by the control device 1, authority person identification information, which is information for identifying the person who has the authority to perform the operation, and approver identification information, which is information for identifying the person who approves the execution of the operation. The authority processing unit 120 reads out the authority information corresponding to the operation content from the authority information storage unit 210 based on the operation content included in the operation information. Then, the authority processing unit 120 compares the operator identification information included in the operation information with the authority person identification information included in the read authority information to judge whether the operator has the authority to perform the operation. Then, if it is judged that the operator has the authority to perform the operation, it judges that the operator may perform the operation and instructs the operation execution unit 140 to perform the operation. On the other hand, if it is judged that the operator does not have the authority to perform the operation, it creates an operation permission request to be sent to any approver included in the approver identification information included in the read authority information. This operation permission request may include information that is useful for the approver to determine whether or not to permit the operation. For example, the operation permission request may include information that can uniquely identify the industrial machine 3, information that can uniquely identify the operator, the operation content, information related to the current operating state of the industrial machine 3 (alarms, coordinate values, etc.), information related to the operating environment of the industrial machine 3 (ambient temperature, etc.), and comments from the operator. After that, the communication control unit 130 is instructed to transmit the created operation permission request. Then, if the operation permission response from the approver to the operation permission request is "permitted," the unit determines that the operator may execute the operation, and instructs the operation execution unit 140 to execute the operation. On the other hand, if the operation permission response is "not permitted," the unit determines that the operator cannot execute the operation, and responds to the operator that the operation cannot be executed, and discards the operation information.
 図4は、権限情報記憶部210に記憶される権限情報の例を示している。図4の例では、制御装置1で実行できる「操作A」については、作業者D、作業者Eなどの作業者は当該操作を実行する権限を有している。また、仮に実行できない場合であっても、管理者A、管理者Bなどの承認者から承認を得ることで、当該操作を実行することができる。権限者特定情報は、操作を実行する権限を有する者を明記するホワイトリストであってよい。また、操作の実行する禁止する者を明記するブラックリストであってよい。更に、これらを組み合わせたものであってよい。図4の例では、個々の操作毎に権限情報を用意しているが、例えば複数の操作を1つのグループにまとめて、当該グループに属する全ての操作についてまとめて権限情報を作成してもよい。また、図4の例では、権限者特定情報、承認者特定情報には、作業者単位、管理者単位でリストを作成しているが、作業者や管理者を所定のグループでまとめたグループ情報を予め作成しておき、そのグループ情報を利用して権限者特定情報、承認者特定情報を作成するようにしてもよい。 FIG. 4 shows an example of authority information stored in the authority information storage unit 210. In the example of FIG. 4, for "operation A" that can be executed by the control device 1, operators such as operator D and operator E have the authority to execute the operation. Even if the operation cannot be executed, the operation can be executed by obtaining approval from an approver such as administrator A or administrator B. The authority identification information may be a whitelist that specifies those who have the authority to execute the operation. It may also be a blacklist that specifies those who are prohibited from executing the operation. Furthermore, it may be a combination of these. In the example of FIG. 4, authority information is prepared for each operation, but for example, multiple operations may be grouped together and authority information may be created for all operations belonging to the group. In the example of FIG. 4, the authority identification information and approver identification information are created by operator and administrator, but group information that groups operators and administrators into specific groups may be created in advance, and the authority identification information and approver identification information may be created using the group information.
 図5は、権限処理部120が操作許可要求を送信する際に作業者に対して必要な設定を行わせる画面を例示する図である。権限処理部120は承認者が利用している端末8に対して操作許可要求を送信する際に、図5に例示するように、作業者に承認者を選択させる画面を表示するようにしてよい。また、操作を実行する目的などをコメントとして入力できるようにしてもよい。 FIG. 5 is a diagram illustrating an example of a screen that allows the operator to make the necessary settings when the authority processing unit 120 sends an operation permission request. When the authority processing unit 120 sends an operation permission request to the terminal 8 used by the approver, it may display a screen that allows the operator to select the approver, as illustrated in FIG. 5. In addition, it may be possible to input the purpose of performing the operation, etc., as a comment.
 権限処理部120は、ネットワーク5を介した他のコンピュータからの操作要求に基づいて作成された操作情報ついては、当該操作を実行できないものとして、操作情報を破棄するようにしてもよい。例えば、管理者が有する端末8から直接の操作要求を受け付けたとしても、その操作に係る操作情報を破棄するようにしてよい。 The authority processing unit 120 may discard operation information created based on an operation request from another computer via the network 5, as it is deemed that the operation cannot be executed. For example, even if a direct operation request is received from the terminal 8 owned by the administrator, the operation information relating to that operation may be discarded.
 通信制御部130は、権限処理部120からの指令に応じて操作許可要求を承認者が利用している端末8に対して送信する。そして、承認者が利用している端末8から操作許可要求に対する応答である操作可否判定を受信し、権限処理部120へと出力する。通信制御部130は、承認者が利用している端末8を特定するために、端末情報記憶部220を参照する。図6は、端末情報記憶部220に記憶されている端末情報の例を示す図である。端末情報記憶部220には、予め承認者と、該承認者が利用している端末を識別する情報とを関連付けた承認者端末情報が記憶されている。端末識別情報は、例えばTCP/IPネットワークにおけるIPアドレスやWindowsネットワークにおけるコンピュータ名などのようにネットワーク5の上で承認者が利用している端末8を一意に識別できる情報であってよい。また、メールアドレスや所定のSNS上の識別名であってもよい。端末情報記憶部220に記憶されている端末情報は、予め管理者が用いている端末8に係る情報を取得しておいて記憶しておくようにすればよい。また、管理者が利用している端末8を変更した際に、端末8から送られてくる端末情報変更指令に基づいて端末情報記憶部220に記憶される端末情報を更新するようにしてもよい。送信される通信制御部130は、端末情報記憶部220を参照して、操作許可要求に含まれる承認者が利用している端末8を特定し、特定した端末8に対して操作許可要求を送信する。 The communication control unit 130 transmits an operation permission request to the terminal 8 used by the approver in response to a command from the authority processing unit 120. Then, it receives an operation permission determination, which is a response to the operation permission request, from the terminal 8 used by the approver, and outputs it to the authority processing unit 120. The communication control unit 130 refers to the terminal information storage unit 220 to identify the terminal 8 used by the approver. FIG. 6 is a diagram showing an example of terminal information stored in the terminal information storage unit 220. The terminal information storage unit 220 stores approver terminal information that associates the approver with information that identifies the terminal used by the approver in advance. The terminal identification information may be information that can uniquely identify the terminal 8 used by the approver on the network 5, such as an IP address in a TCP/IP network or a computer name in a Windows network. It may also be an email address or an identification name on a specified SNS. The terminal information stored in the terminal information storage unit 220 may be information related to the terminal 8 used by the administrator that is acquired in advance and stored. In addition, when the administrator changes the terminal 8 being used, the terminal information stored in the terminal information storage unit 220 may be updated based on a terminal information change command sent from the terminal 8. The communication control unit 130 that is sent refers to the terminal information storage unit 220 to identify the terminal 8 being used by the approver included in the operation permission request, and transmits the operation permission request to the identified terminal 8.
 通信制御部130は、端末8との通信をするに際して、公知の通信暗号化やデジタル署名の添付などの技術を用いるように構成してよい。基本的に、通信制御部130と端末8との間で行われる通信は、作業者、管理者も含めてその内容を傍受したり偽装したりできないようにすることが望ましい。 The communication control unit 130 may be configured to use known techniques such as communication encryption and attachment of a digital signature when communicating with the terminal 8. Basically, it is desirable to make it impossible for anyone, including workers and administrators, to intercept or disguise the content of communications between the communication control unit 130 and the terminal 8.
 そして、操作実行部140は、権限処理部120からの指令に基づいて、作業者の操作を実行する。操作実行部140が実行する操作は、産業機械3の制御に係る操作、産業機械3を制御するための制御用プログラムの読み込み、書き込み、編集、実行などに係る操作、制御装置1の設定に係る操作など、制御装置1において実行可能なあらゆる操作を含む。 The operation execution unit 140 then executes the operations of the worker based on commands from the authority processing unit 120. The operations executed by the operation execution unit 140 include all operations that can be executed by the control device 1, such as operations related to the control of the industrial machine 3, operations related to reading, writing, editing, and executing control programs for controlling the industrial machine 3, and operations related to setting the control device 1.
 一方で、本実施形態による端末8は、通信制御部880、操作可否判定部890を備える。
 端末8が備える通信制御部880は、制御装置1からネットワーク5を介して送信されてきた操作許可要求を受信する。そして、受信した操作許可要求を操作可否判定部890へと出力する。 On the other hand, the terminal 8 according to this embodiment includes a communication control unit 880 and an operation possibility determination unit 890 .
The communication control unit 880 included in the terminal 8 receives the operation permission request transmitted from the control device 1 via the network 5. Then, the communication control unit 880 outputs the received operation permission request to the operation permission determination unit 890.
 操作可否判定部890は、通信制御部880から入力された操作許可要求に含まれる操作について、操作者に権限を与えるか否かを判定する。例えば、操作可否判定部890は、端末8の利用者である承認者に対して操作可否判定画面を提示し、操作を許可するか否かの入力を承認者に促すようにしてよい。図7は、操作可否判定画面の例を示している。図7に例示するように、操作可否判定画面は操作許可要求に含まれる要求内容を承認者に示す。承認者は、要求内容に応じて操作者に対して操作内容を許可するか、または却下するかを選択する。操作可否判定部890は、承認者の選択に基づいた操作可否応答を作成し、作成した操作可否応答を通信制御部880へと出力する。 The operation permission determination unit 890 determines whether to grant the operator permission for the operation included in the operation permission request input from the communication control unit 880. For example, the operation permission determination unit 890 may present an operation permission determination screen to the approver, who is the user of the terminal 8, and prompt the approver to input whether or not to permit the operation. FIG. 7 shows an example of the operation permission determination screen. As illustrated in FIG. 7, the operation permission determination screen shows the request contents included in the operation permission request to the approver. The approver selects whether to permit or reject the operation contents of the operator depending on the request contents. The operation permission determination unit 890 creates an operation permission response based on the approver's selection, and outputs the created operation permission response to the communication control unit 880.
 そして、通信制御部880は、操作可否判定部890から入力された操作可否応答を、ネットワーク5を介して制御装置1へと送信する。通信制御部880は、制御装置1との通信をするに際して、公知の通信暗号化やデジタル署名の添付などの技術を用いるように構成してよい。基本的に、通信制御部880と制御装置1との間で行われる通信は、作業者、管理者も含めてその内容を傍受したり偽装したりできないようにすることが望ましい。 Then, the communication control unit 880 transmits the operation permission response input from the operation permission determination unit 890 to the control device 1 via the network 5. The communication control unit 880 may be configured to use known techniques such as communication encryption and attachment of a digital signature when communicating with the control device 1. Basically, it is desirable to prevent the content of communication between the communication control unit 880 and the control device 1 from being intercepted or disguised by anyone, including the worker or administrator.
 図8は、生産システム300において実行される処理の流れを例示するフローチャートである。
 操作者認証部100は、作業者が産業機械3を用いた作業を開始するに際して、まず当該作業者を操作者として認証する(ステップSA01)。次に、操作受付部110は、制御装置1に対する作業者の操作を受け付ける(ステップSA02)。権限処理部120は、認証した操作者が、受け付けた操作内容について権限を有するか否かを判定する(ステップSA03)。操作者が操作の権限が有る場合(ステップSA03:Yes)、操作実行部140が、当該操作を実行する(ステップSA11)。 FIG. 8 is a flowchart illustrating the flow of processes executed in the production system 300.
When an operator starts work using the industrial machine 3, the operator authentication unit 100 first authenticates the operator as an operator (step SA01). Next, the operation reception unit 110 receives the operator's operation on the control device 1 (step SA02). The authority processing unit 120 determines whether the authenticated operator has authority for the received operation (step SA03). If the operator has authority to perform the operation (step SA03: Yes), the operation execution unit 140 executes the operation (step SA11).
 操作者が操作の権限が無い場合(ステップSA03:No)、権限処理部120は、操作者の指示に従って操作許可要求を作成し(ステップSA04)、作成した操作許可要求を通信制御部130が端末8へと送信する(ステップSA05)。 If the operator does not have the authority to perform the operation (step SA03: No), the authority processing unit 120 creates an operation permission request according to the operator's instructions (step SA04), and the communication control unit 130 sends the created operation permission request to the terminal 8 (step SA05).
 端末8の通信制御部880が操作許可要求を受信すると(ステップSA06)、操作可否判定部890は、承認者の指示に従って操作可否応答を作成する(ステップSA07)。そして、作成した操作可否応答を通信制御部880が制御装置1へと送信する(ステップSA08)。 When the communication control unit 880 of the terminal 8 receives the operation permission request (step SA06), the operation permission determination unit 890 creates an operation permission response according to the approver's instructions (step SA07). The communication control unit 880 then transmits the created operation permission response to the control device 1 (step SA08).
 制御装置1の通信制御部130が操作可否応答を受信すると(ステップSA09)、権限処理部120は、操作可否応答により操作者の操作が許可されているか否かを判定する(ステップSA10)。操作者の操作が許可されている場合(ステップSA10:Yes)、操作実行部140が、当該操作を実行する(ステップSA11)。一方、操作者の操作が許可されていない場合(ステップSA10:No)、権限処理部120は、当該操作の実行できない旨を操作者へ応答し、操作情報を破棄する(ステップSA12)。以後、操作者による操作が行われる間、ステップSA02~SA12を繰り返す。 When the communication control unit 130 of the control device 1 receives the operation permission response (step SA09), the authority processing unit 120 judges whether the operator's operation is permitted or not based on the operation permission response (step SA10). If the operator's operation is permitted (step SA10: Yes), the operation execution unit 140 executes the operation (step SA11). On the other hand, if the operator's operation is not permitted (step SA10: No), the authority processing unit 120 responds to the operator that the operation cannot be executed and discards the operation information (step SA12). Thereafter, steps SA02 to SA12 are repeated while the operator is performing the operation.
 上記構成を備えた本実施形態による生産システム300は、産業機械3の管理者が制御装置1のそばにいなくても、管理者の意図しない操作の実行を確実に防止しつつ、必要な承認処理を行うことを可能とする。作業者は、その場にいない管理者に対して操作の承認要求を行い、許可を受けることで当該操作を実行することができるようになる。本実施形態による生産システムでは、ネットワーク5を介した外部のコンピュータから制御装置1に送られてくる操作要求に対して権限を与えないことで、遠隔操作や情報漏洩を防止できる。また、承認者の認証情報を作業者に伝達しないことで、作業者による勝手な操作を防止できる。更に、管理者の所在が流動的なOT領域でも、管理者の位置や状態に影響されずに必要な操作を行うことが可能となり、利便性が大幅に向上し機械の稼働停止時間を最小限にできる。 The production system 300 according to this embodiment with the above configuration makes it possible to perform necessary approval processing while reliably preventing the execution of operations unintended by the manager of the industrial machine 3 even when the manager is not near the control device 1. The worker requests approval of an operation from the manager who is not present, and can perform the operation if the manager receives permission. In the production system according to this embodiment, remote operation and information leakage can be prevented by not granting authority to operation requests sent to the control device 1 from an external computer via the network 5. In addition, by not transmitting the authentication information of the approver to the worker, arbitrary operation by the worker can be prevented. Furthermore, even in the OT area where the location of the manager is fluid, necessary operations can be performed without being affected by the location or status of the manager, which greatly improves convenience and minimizes the downtime of the machine.
 本実施形態による生産システム300の一変形例として、権限処理部120は、端末8に対して操作許可要求を送信した時刻を記録するようにしてよい。そして、操作許可要求を送信してから予め定めた所定時間が経過しても操作可否応答が送られてこなかった場合、当該操作許可要求における操作が実行できない旨を操作者へ応答し、操作情報を破棄するようにしてもよい。また、操作許可要求を送信してから操作可否応答を受信する前に、作業者による操作のキャンセルを受け付けるようにしてもよい。このように構成することで、承認者が忙しくて応答できない場合や、許可を要求した操作を実行する必要なくなった場合、承認者を変更する場合など、操作者及び承認者の状況に対して柔軟に対応することができるようになる。 As a modified example of the production system 300 according to this embodiment, the authority processing unit 120 may record the time when the operation permission request is sent to the terminal 8. Then, if a predetermined time has elapsed since the operation permission request was sent and no operation permission response has been received, a response may be sent to the operator that the operation in the operation permission request cannot be executed, and the operation information may be discarded. Also, the operator may cancel the operation after the operation permission request is sent but before the operation permission response is received. This configuration makes it possible to flexibly respond to the situations of the operator and approver, such as when the approver is too busy to respond, when it is no longer necessary to execute the operation for which permission has been requested, or when the approver is changed.
 本実施形態による生産システム300の他の変形例として、通信制御部130は、端末8のネットワーク5への接続状態に応じて、操作許可要求の送信を制限するようにしてもよい。例えば、端末情報記憶部220で、それぞれの承認者が利用している端末8のネットワーク5への接続状況を管理する。そして、操作者が選択した承認者が工場外のプロバイダを経由してネットワーク5に接続されている場合、選択した承認者が操作許可要求の送信先として不適切であるため、操作許可要求の設定を変更するように操作者に対して通知してもよい。このように構成することで、端末8の接続状況を考慮したセキュリティを実現することができるようになる。 As another variation of the production system 300 according to this embodiment, the communication control unit 130 may restrict the sending of an operation permission request depending on the connection status of the terminal 8 to the network 5. For example, the terminal information storage unit 220 manages the connection status of the terminal 8 used by each approver to the network 5. Then, if the approver selected by the operator is connected to the network 5 via a provider outside the factory, the operator may be notified to change the settings of the operation permission request since the selected approver is inappropriate as a destination for the operation permission request. By configuring in this way, it becomes possible to achieve security that takes into account the connection status of the terminal 8.
 本実施形態による生産システム300の他の変形例として、通信制御部130は、端末8へ送信する操作許可要求に所定の符丁情報を含めるようにしてよい。この時、通信制御部130は、送信した操作許可要求を記憶しておく。端末8の通信制御部880は、操作許可要求に対応する操作可否応答に対して、当該操作許可要求に含まれる符丁情報と同じものを含める。そして、操作可否応答を受信した制御装置1の通信制御部130は、受信した操作許可応答に含まれる符丁情報が、送信時に記憶していた操作許可要求に含まれる符丁情報と一致するかどうかを判定する。そして、一致しない場合には、受信した操作可否応答を破棄する。このように構成することで、操作可否情報を意図的に作成して送りつける攻撃などに対応することが可能となる。 As another variation of the production system 300 according to this embodiment, the communication control unit 130 may include predetermined code information in the operation permission request sent to the terminal 8. At this time, the communication control unit 130 stores the sent operation permission request. The communication control unit 880 of the terminal 8 includes the same code information included in the operation permission request in the operation permission response corresponding to the operation permission request. The communication control unit 130 of the control device 1 that receives the operation permission response then determines whether the code information included in the received operation permission response matches the code information included in the operation permission request stored at the time of transmission. If they do not match, the received operation permission response is discarded. This configuration makes it possible to respond to attacks in which operation permission information is intentionally created and sent.
 本実施形態による生産システム300の他の変形例として、権限情報の中に承認者特定情報を設けずに、権限者特定情報により操作の権限が有るとされる者を承認者として扱うようにしてもよい。工場などにおいて、操作を行う権限を有する者が承認者としての仕事をしている場合もある。このような場合に、操作の権限がある者を承認者として選択できるように構成することで、権限情報記憶部210のために用意する記憶領域を節約することができ、また、別途承認者を設定する手間を省くことができる。 As another variation of the production system 300 according to this embodiment, it is possible to treat a person who is determined to have the authority to perform an operation according to the authority identification information as the approver without providing approver identification information in the authority information. In a factory, for example, a person who has the authority to perform an operation may also work as an approver. In such a case, by configuring the system so that a person who has the authority to perform an operation can be selected as the approver, it is possible to save on the storage area prepared for the authority information storage unit 210 and also to avoid the trouble of setting up a separate approver.
 本実施形態による生産システム300の他の変形例として、制御装置1は、産業機械3の構成要素として組み込まれていてもよい。この場合、制御装置1の各機能は、産業機械3の構成要素として実装される。 As another variation of the production system 300 according to this embodiment, the control device 1 may be incorporated as a component of the industrial machine 3. In this case, each function of the control device 1 is implemented as a component of the industrial machine 3.
[第2実施形態]
 図9は第2実施形態による制御装置1及び端末8が備える機能を概略的なブロック図として示したものである。本実施形態による制御装置1及び端末8が備える各機能は、図1に示した制御装置1が備えるCPU11及び端末8が備えるCPU811がそれぞれシステム・プログラムを実行し、制御装置1及び端末8の各部の動作を制御することにより実現される。 [Second embodiment]
9 is a schematic block diagram showing functions of the control device 1 and the terminal 8 according to the second embodiment. The functions of the control device 1 and the terminal 8 according to this embodiment are realized by the CPU 11 of the control device 1 and the CPU 811 of the terminal 8, shown in FIG. 1, executing system programs and controlling the operation of each part of the control device 1 and the terminal 8.
 本実施形態による生産システム300は、制御装置1が備えていた認証情報記憶部200、権限情報記憶部210、端末情報記憶部220を、フォグコンピュータ6などの上位コンピュータ上に設けた点で、第1の開示による生産システム300とは異なる。 The production system 300 according to this embodiment differs from the production system 300 according to the first disclosure in that the authentication information storage unit 200, the authority information storage unit 210, and the terminal information storage unit 220 that were provided in the control device 1 are provided on a higher-level computer such as a fog computer 6.
 本実施形態による制御装置1が備える操作者認証部100、権限処理部120、通信制御部130は、認証情報記憶部200に記憶される認証情報、権限情報記憶部210に記憶される権限情報、及び端末情報記憶部220に記憶される端末情報に対してそれぞれアクセスする際に、ネットワーク5を介してフォグコンピュータ6にアクセスする。フォグコンピュータ6にアクセスする際には、公知の暗号化やデジタル署名の技術を用いてセキュアにアクセスする。それ以外は、第1の開示による生産システム300と同様である。 The operator authentication unit 100, the authority processing unit 120, and the communication control unit 130 provided in the control device 1 according to this embodiment access the fog computer 6 via the network 5 when accessing the authentication information stored in the authentication information storage unit 200, the authority information stored in the authority information storage unit 210, and the terminal information stored in the terminal information storage unit 220. When accessing the fog computer 6, the access is secure using known encryption and digital signature techniques. Otherwise, it is the same as the production system 300 according to the first disclosure.
 上記構成を備えた本実施形態による生産システム300は、認証情報記憶部200に記憶される認証情報、権限情報記憶部210に記憶される権限情報、及び端末情報記憶部220に記憶される端末情報の管理を一元的に行うことが可能となる。また、これらの情報を複数の制御装置1にて共有して利用することが可能となる。そのため、生産システム300において管理する必要がある情報のメンテナンス性が向上する。 The production system 300 according to this embodiment, which has the above configuration, is capable of centrally managing the authentication information stored in the authentication information storage unit 200, the authority information stored in the authority information storage unit 210, and the terminal information stored in the terminal information storage unit 220. In addition, this information can be shared and used by multiple control devices 1. This improves the maintainability of the information that needs to be managed in the production system 300.
[その他の実施形態]
 上述した実施形態において、操作受付部110、権限処理部120、通信制御部130、操作実行部140以外の各機能は、例えば制御装置1に併設されたコンピュータや、制御装置1とネットワークを介して接続された他のコンピュータ上に設けるようにしてもよい。例えば、図10に例示するように、それぞれの記憶部を上位コンピュータ上に設けるのと同様に、操作者認証部100についても、制御装置1の上に配置せずに、他のコンピュータや上位コンピュータ上に配置するようにしてもよい。このように構成する場合、制御装置1は、取得した操作者を識別するための情報と認証するための情報を他のコンピュータや上位コンピュータ上に配置された操作者認証部100に対して送信する。そして、その応答として操作者が認証された旨を受信することで、操作者が正しく認証されたと判定するようにすればよい。 [Other embodiments]
In the above-described embodiment, each function other than the operation reception unit 110, the authority processing unit 120, the communication control unit 130, and the operation execution unit 140 may be provided, for example, on a computer provided alongside the control device 1 or on another computer connected to the control device 1 via a network. For example, as illustrated in FIG. 10, just as each storage unit is provided on a higher-level computer, the operator authentication unit 100 may also be provided on another computer or a higher-level computer, rather than on the control device 1. In this configuration, the control device 1 transmits the acquired information for identifying the operator and information for authenticating the operator to the operator authentication unit 100 provided on the other computer or the higher-level computer. Then, by receiving a response indicating that the operator has been authenticated, it may be determined that the operator has been correctly authenticated.
 このように構成することで、それぞれの製造現場における制御装置1及び産業機械3の運用状況に合わせた柔軟なシステムを構築することが可能となる。 By configuring it in this way, it is possible to build a flexible system that is tailored to the operational status of the control device 1 and industrial machine 3 at each manufacturing site.
 上記で説明した各実施形態による生産システム300は、産業機械3の管理者が制御装置1のそばにいなくても、管理者の意図しない操作の実行を確実に防止しつつ、必要な承認処理を行うことを可能とする。 The production system 300 according to each embodiment described above makes it possible to carry out the necessary approval process while reliably preventing the manager of the industrial machine 3 from performing operations unintended by the manager, even if the manager is not near the control device 1.
 以上、本開示について詳述したが、本開示は上述した個々の実施形態に限定されるものではない。これらの実施形態は、本開示の要旨を逸脱しない範囲で、または、請求の範囲に記載された内容とその均等物から導き出される本開示の趣旨を逸脱しない範囲で、種々の追加、置き換え、変更、部分的削除等が可能である。また、これらの実施形態は、組み合わせて実施することもできる。例えば、上述した実施形態において、各動作の順序や各処理の順序は、一例として示したものであり、これらに限定されるものではない。また、上述した実施形態の説明に数値又は数式が用いられている場合も同様である。 Although the present disclosure has been described in detail above, the present disclosure is not limited to the individual embodiments described above. Various additions, substitutions, modifications, partial deletions, etc. are possible in these embodiments, without departing from the gist of the present disclosure, or without departing from the spirit of the present disclosure derived from the contents described in the claims and their equivalents. These embodiments can also be implemented in combination. For example, in the above-mentioned embodiments, the order of each operation and the order of each process are shown as examples, and are not limited to these. The same applies when numerical values or formulas are used to explain the above-mentioned embodiments.
 以下に、本開示の実施形態に係る付記を示す。
(付記1)
 本開示の一態様による生産システム(300)は、操作者が作業に用いる産業機械(3)を制御する制御装置(1)と、前記制御装置(1)とネットワーク(5)を介して接続され、前記操作者による前記制御装置(1)及び前記産業機械(3)が備える機能に係る操作を承認する承認者が利用している端末(8)と、前記操作に係る権限情報を記憶する権限情報記憶部(210)と、前記端末(8)に係る端末情報を記憶する端末情報記憶部(220)と、を備え、前記制御装置(1)は、前記操作者による操作を受け付ける操作受付部(110)と、前記権限情報記憶部(210)に記憶されている権限情報に基づいて、前記操作者が前記操作を実行して良いか否かを判定する権限処理部(120)と、前記端末情報記憶部(220)に記憶されている前記端末情報に基づいて、前記承認者が利用している前記端末(8)との間の通信を制御する第1の通信制御部(130)と、前記権限処理部(120)による判定の結果に基づいて、前記操作を実行する操作実行部(140)と、を備え、前記端末(8)は、前記制御装置(1)との間の通信を制御する第2の通信制御部(880)と、前記承認者の操作に基づいて、前記操作者による前記操作の可否を判定する操作可否判定部(890)と、を備え、前記権限処理部(120)は、前記権限情報記憶部(210)を参照して前記操作者に前記操作の権限が有る場合、または、前記操作者による前記操作に係る実行の承認の要求を前記第1の通信制御部(130)を介して前記端末(8)へと送信し、前記要求に対して前記操作者による前記操作が承認されたことを示す応答が取得された場合に、前記操作者が前記操作を実行して良いと判定し、前記要求に対して前記操作者による前記操作が承認されなかったことを示す応答が取得された場合に、前記操作者が前記操作を実行できないと判定する。
(付記2)
 本開示の他の態様による生産システム(300)は、更に、前記権限処理部(120)は、前記操作がネットワーク(5)を経由して介して取得されたものである場合、前記操作を実行できないと判定する。
(付記3)
 本開示の他の態様による生産システム(300)は、更に、前記端末情報記憶部(220)に記憶される端末情報は、前記承認者が利用している端末(8)に変化があった場合に更新される。
(付記4)
 本開示の他の態様による生産システム(300)は、更に、前記権限処理部(120)は、前記要求を送信してから、予め定めた所定時間、前記応答を取得できなかった場合、前記操作を実行できないと判定する。
(付記5)
 本開示の他の態様による生産システム(300)は、更に、前記権限処理部(120)は、前記要求を送信しようとする前記端末(8)への接続状態に関する情報を操作者に対して通知する。
(付記6)
 本開示の他の態様による生産システム(300)は、更に、前記第1の通信制御部(130)は、前記端末(8)へ送信する前記要求に所定の符丁情報を含め、前記要求に対する前記応答を受信した際に該応答に含まれる符丁情報が前記要求に含めた応答と一致しない場合、受信した前記応答を破棄する。
(付記7)
 本開示の一態様による制御装置(1)は、操作者による操作を受け付ける操作受付部(110)と、前記操作に係る権限情報を記憶する権限情報記憶部(210)を参照して、前記操作者が前記操作を実行して良いか否かを判定する権限処理部(120)と、前記操作者による制御装置(1)及び制御対象となる産業機械(3)が備える機能に係る操作を承認する承認者が利用している端末(8)に係る端末情報を記憶する端末情報記憶部(220)を参照して、前記承認者が利用している前記端末(8)との間の通信を制御する第1の通信制御部(130)と、前記権限処理部(120)による判定の結果に基づいて、前記操作を実行する操作実行部(140)と、を備え、前記権限処理部(120)は、前記権限情報記憶部(210)を参照して前記操作者に前記操作の権限が有る場合、または、前記操作者による前記操作に係る実行の承認の要求を前記第1の通信制御部(130)を介して前記端末(8)へと送信し、前記要求に対して前記操作者による前記操作が承認されたことを示す応答が取得された場合に、前記操作者が前記操作を実行して良いと判定し、前記要求に対して前記操作者による前記操作が承認されなかったことを示す応答が取得された場合に、前記操作者が前記操作を実行できないと判定する。 Below, notes relating to the embodiments of the present disclosure are provided.
(Appendix 1)
A production system (300) according to one aspect of the present disclosure includes a control device (1) that controls an industrial machine (3) used by an operator for work, a terminal (8) that is connected to the control device (1) via a network (5) and is used by an approver who approves operations by the operator related to functions of the control device (1) and the industrial machine (3), an authority information storage unit (210) that stores authority information related to the operations, and a terminal information storage unit (220) that stores terminal information related to the terminal (8). The control device (1) includes an operation reception unit (110) that receives operations by the operator, an authority processing unit (120) that determines whether the operator is allowed to execute the operations based on the authority information stored in the authority information storage unit (210), and a first communication control unit (130) that controls communication between the control device (1) and the terminal (8) used by the approver based on the terminal information stored in the terminal information storage unit (220). and an operation execution unit (140) that executes the operation based on the result of the determination by the authority processing unit (120), and the terminal (8) comprises a second communication control unit (880) that controls communication with the control device (1), and an operation feasibility determination unit (890) that determines whether the operator can perform the operation based on the operation of the approver, and the authority processing unit (120) refers to the authority information storage unit (210) and, if the operator has authority for the operation, or sends a request for approval of the execution of the operation by the operator to the terminal (8) via the first communication control unit (130), and, if a response is obtained in response to the request indicating that the operation by the operator has been approved, determines that the operator may perform the operation, and if a response is obtained in response to the request indicating that the operation by the operator has not been approved, determines that the operator cannot perform the operation.
(Appendix 2)
In a production system (300) according to another aspect of the present disclosure, the authority processing unit (120) further determines that the operation cannot be executed if the operation was obtained via a network (5).
(Appendix 3)
In a production system (300) according to another aspect of the present disclosure, the terminal information stored in the terminal information storage unit (220) is further updated when there is a change in the terminal (8) used by the approver.
(Appendix 4)
In a production system (300) according to another aspect of the present disclosure, the authority processing unit (120) further determines that the operation cannot be executed if the response is not obtained within a predetermined period of time after sending the request.
(Appendix 5)
In a production system (300) according to another aspect of the present disclosure, the authority processing unit (120) further notifies an operator of information regarding the connection state to the terminal (8) attempting to transmit the request.
(Appendix 6)
In another aspect of the production system (300) of the present disclosure, the first communication control unit (130) further includes predetermined code information in the request to be sent to the terminal (8), and when a response to the request is received, if the code information included in the response does not match the response included in the request, the received response is discarded.
(Appendix 7)
A control device (1) according to one aspect of the present disclosure includes an operation receiving unit (110) that receives an operation by an operator, an authority processing unit (120) that refers to an authority information storage unit (210) that stores authority information related to the operation and determines whether the operator is allowed to execute the operation, a first communication control unit (130) that refers to a terminal information storage unit (220) that stores terminal information related to the terminal (8) used by an approver who approves the operation by the operator related to functions of the control device (1) and the industrial machine (3) to be controlled, and controls communication between the terminal (8) used by the approver, and based on the result of the determination by the authority processing unit (120), and an operation execution unit (140) that executes the operation based on the authority information stored in the authority information storage unit (210), and the authority processing unit (120) refers to the authority information storage unit (210) and, if the operator has the authority for the operation, or sends a request for approval of the execution of the operation by the operator to the terminal (8) via the first communication control unit (130), and if a response to the request indicating that the operation by the operator has been approved is obtained, determines that the operator may execute the operation, and if a response to the request indicating that the operation by the operator has not been approved is obtained, determines that the operator cannot execute the operation.
   1 制御装置
   3 産業機械
   5 ネットワーク
   6 フォグコンピュータ
   7 クラウドサーバ
   8 端末
  11 CPU
  12 ROM
  13 RAM
  14 不揮発性メモリ
  15,17,18,20 インタフェース
  22 バス
  70 表示装置
  71 入力装置
  72 外部機器
 100 操作者認証部
 110 操作受付部
 120 権限処理部
 130 通信制御部
 140 操作実行部
 200 認証情報記憶部
 210 権限情報記憶部
 220 端末情報記憶部
 300 生産システム
 811 CPU
 812 ROM
 813 RAM
 814 不揮発性メモリ
 815,817,818,820 インタフェース
 822 バス
 870 表示装置
 871 入力装置
 872 外部機器
 880 通信制御部
 890 操作可否判定部 Reference Signs List 1 Control device 3 Industrial machine 5 Network 6 Fog computer 7 Cloud server 8 Terminal 11 CPU
12 ROM
13 RAM
14 Non-volatile memory 15, 17, 18, 20 Interface 22 Bus 70 Display device 71 Input device 72 External device 100 Operator authentication unit 110 Operation reception unit 120 Authorization processing unit 130 Communication control unit 140 Operation execution unit 200 Authentication information storage unit 210 Authorization information storage unit 220 Terminal information storage unit 300 Production system 811 CPU
812 ROM
813 RAM
814 Non-volatile memory 815, 817, 818, 820 Interface 822 Bus 870 Display device 871 Input device 872 External device 880 Communication control unit 890 Operation possibility determination unit

Claims (7)

  1.  操作者が作業に用いる産業機械を制御する制御装置と、
     前記制御装置とネットワークを介して接続され、前記操作者による前記制御装置及び前記産業機械が備える機能に係る操作を承認する承認者が利用している端末と、
     前記操作に係る権限情報を記憶する権限情報記憶部と、
     前記端末に係る端末情報を記憶する端末情報記憶部と、
     を備え、
     前記制御装置は、
      前記操作者による操作を受け付ける操作受付部と、
      前記権限情報記憶部に記憶されている権限情報に基づいて、前記操作者が前記操作を実行して良いか否かを判定する権限処理部と、
      前記端末情報記憶部に記憶されている前記端末情報に基づいて、前記承認者が利用している前記端末との間の通信を制御する第1の通信制御部と、
      前記権限処理部による判定の結果に基づいて、前記操作を実行する操作実行部と、
     を備え、
     前記端末は、
      前記制御装置との間の通信を制御する第2の通信制御部と、
      前記承認者の操作に基づいて、前記操作者による前記操作の可否を判定する操作可否判定部と、
     を備え、
     前記権限処理部は、前記権限情報記憶部を参照して前記操作者に前記操作の権限が有る場合、または、前記操作者による前記操作に係る実行の承認の要求を前記第1の通信制御部を介して前記端末へと送信し、前記要求に対して前記操作者による前記操作が承認されたことを示す応答が取得された場合に、前記操作者が前記操作を実行して良いと判定し、前記要求に対して前記操作者による前記操作が承認されなかったことを示す応答が取得された場合に、前記操作者が前記操作を実行できないと判定する、
    生産システム。     A control device that controls an industrial machine used by an operator;
    a terminal connected to the control device via a network and used by an approver who approves an operation related to the control device and a function of the industrial machine by the operator;
    an authority information storage unit that stores authority information related to the operation;
    A terminal information storage unit that stores terminal information related to the terminal;
    Equipped with
    The control device includes:
    an operation receiving unit that receives an operation by the operator;
    an authority processing unit that determines whether or not the operator is permitted to execute the operation based on authority information stored in the authority information storage unit;
    a first communication control unit that controls communication with the terminal used by the approver based on the terminal information stored in the terminal information storage unit;
    an operation execution unit that executes the operation based on a result of the determination by the authority processing unit;
    Equipped with
    The terminal includes:
    A second communication control unit that controls communication with the control device;
    an operation permission determination unit that determines whether the operation by the operator is permitted or not based on the operation of the approver;
    Equipped with
    the authority processing unit refers to the authority information storage unit and, if the operator has authority to perform the operation, or transmits a request for approval of the execution of the operation by the operator to the terminal via the first communication control unit, and, if a response to the request indicating that the operation by the operator has been approved is obtained, determines that the operator may perform the operation, and, if a response to the request indicating that the operation by the operator has not been approved is obtained, determines that the operator cannot perform the operation.
    Production system.
  2.  前記権限処理部は、前記操作がネットワークを経由して介して取得されたものである場合、前記操作を実行できないと判定する、
    請求項1に記載の生産システム。     the authority processing unit determines that the operation cannot be executed when the operation is acquired via a network;
    The production system according to claim 1 .
  3.  前記端末情報記憶部に記憶される端末情報は、前記承認者が利用している端末に変化があった場合に更新される、
    請求項1に記載の生産システム。     The terminal information stored in the terminal information storage unit is updated when there is a change in the terminal used by the approver.
    The production system according to claim 1 .
  4.  前記権限処理部は、前記要求を送信してから、予め定めた所定時間、前記応答を取得できなかった場合、前記操作を実行できないと判定する、
    請求項1に記載の生産システム。     the authority processing unit determines that the operation cannot be executed when the response is not obtained within a predetermined time period after the request is transmitted;
    The production system according to claim 1 .
  5.  前記権限処理部は、前記要求を送信しようとする前記端末への接続状態に関する情報を操作者に対して通知する、
    請求項1に記載の生産システム。     The authority processing unit notifies an operator of information regarding a connection state to the terminal from which the request is to be transmitted.
    The production system according to claim 1 .
  6.  前記第1の通信制御部は、前記端末へ送信する前記要求に所定の符丁情報を含め、前記要求に対する前記応答を受信した際に該応答に含まれる符丁情報が前記要求に含めた応答と一致しない場合、受信した前記応答を破棄する、
    請求項1に記載の生産システム。     the first communication control unit includes predetermined code information in the request to be transmitted to the terminal, and when receiving the response to the request, if the code information included in the response does not match the response included in the request, discards the received response.
    The production system according to claim 1 .
  7.  操作者による操作を受け付ける操作受付部と、
     前記操作に係る権限情報を記憶する権限情報記憶部を参照して、前記操作者が前記操作を実行して良いか否かを判定する権限処理部と、
     前記操作者による制御装置及び制御対象となる産業機械が備える機能に係る操作を承認する承認者が利用している端末に係る端末情報を記憶する端末情報記憶部を参照して、前記承認者が利用している前記端末との間の通信を制御する第1の通信制御部と、
      前記権限処理部による判定の結果に基づいて、前記操作を実行する操作実行部と、
     を備え、
     前記権限処理部は、前記権限情報記憶部を参照して前記操作者に前記操作の権限が有る場合、または、前記操作者による前記操作に係る実行の承認の要求を前記第1の通信制御部を介して前記端末へと送信し、前記要求に対して前記操作者による前記操作が承認されたことを示す応答が取得された場合に、前記操作者が前記操作を実行して良いと判定し、前記要求に対して前記操作者による前記操作が承認されなかったことを示す応答が取得された場合に、前記操作者が前記操作を実行できないと判定する、
    制御装置。     an operation reception unit that receives an operation by an operator;
    an authority processing unit that refers to an authority information storage unit that stores authority information related to the operation and determines whether or not the operator is permitted to execute the operation;
    a first communication control unit that controls communication with a terminal used by an approver who approves an operation by the operator related to a control device and a function of the industrial machine to be controlled, by referring to a terminal information storage unit that stores terminal information related to a terminal used by the approver;
    an operation execution unit that executes the operation based on a result of the determination by the authority processing unit;
    Equipped with
    the authority processing unit refers to the authority information storage unit and, if the operator has authority to perform the operation, or transmits a request for approval of the execution of the operation by the operator to the terminal via the first communication control unit, and, if a response to the request indicating that the operation by the operator has been approved is obtained, determines that the operator may perform the operation, and, if a response to the request indicating that the operation by the operator has not been approved is obtained, determines that the operator cannot perform the operation.
    Control device.
PCT/JP2022/038490 2022-10-14 2022-10-14 Production system and control device WO2024079916A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/038490 WO2024079916A1 (en) 2022-10-14 2022-10-14 Production system and control device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/038490 WO2024079916A1 (en) 2022-10-14 2022-10-14 Production system and control device

Publications (1)

Publication Number Publication Date
WO2024079916A1 true WO2024079916A1 (en) 2024-04-18

Family

ID=90669289

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/038490 WO2024079916A1 (en) 2022-10-14 2022-10-14 Production system and control device

Country Status (1)

Country Link
WO (1) WO2024079916A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002163016A (en) * 2000-11-27 2002-06-07 Canon Inc Control system and control method for industrial equipment
JP2008189261A (en) * 2007-02-07 2008-08-21 Quality Kk Vehicle control system and qualification control program
JP2019102046A (en) * 2017-12-06 2019-06-24 新東工業株式会社 Industrial machine start-up control system, start-up control method, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002163016A (en) * 2000-11-27 2002-06-07 Canon Inc Control system and control method for industrial equipment
JP2008189261A (en) * 2007-02-07 2008-08-21 Quality Kk Vehicle control system and qualification control program
JP2019102046A (en) * 2017-12-06 2019-06-24 新東工業株式会社 Industrial machine start-up control system, start-up control method, and program

Similar Documents

Publication Publication Date Title
CN110083129B (en) Industrial controller module, method for implementing security thereof, and computer-readable medium
US8670868B2 (en) System and a method for providing safe remote access to a robot controller
US8989386B2 (en) Method and device for providing at least one secure cryptographic key
US10075450B2 (en) One time use password for temporary privilege escalation in a role-based access control (RBAC) system
EP2474140B1 (en) Checking a configuration modification for an ied
EP3036928B1 (en) Mobile device authentication
JP6640802B2 (en) Edge server and application security management system
CN112769808B (en) Mobile fort machine for industrial local area network, operation and maintenance method thereof and computer equipment
JP6457471B2 (en) Operator identification system
EP3920060A1 (en) User security credentials as an element of functional safety
KR102137309B1 (en) Intergrated Monitoring System
EP3667526B1 (en) Rapid file authentication on automation devices
JP2008225872A (en) Management device and management method
WO2024079916A1 (en) Production system and control device
JP2011221846A (en) Access monitoring device, access monitoring method and program thereof
US20220085982A1 (en) Safety system and maintenance method
US20220092011A1 (en) Usb connection management
CN108268796B (en) Offline management method and device based on offline password
JP2007004550A (en) Printer
CN112004978A (en) Key information generation system and key information generation method
JP7401269B2 (en) Control device
US20220272073A1 (en) Proxy And A Communication System Comprising Said Proxy
CN114981736A (en) Control system, relay device, and access management program
CN116360300A (en) Industrial function safety system, method and medium
JP2004007295A (en) Network apparatus and control method of network