CN103258148B - Control system, control device and program execution control method - Google Patents
Control system, control device and program execution control method Download PDFInfo
- Publication number
- CN103258148B CN103258148B CN201210144756.4A CN201210144756A CN103258148B CN 103258148 B CN103258148 B CN 103258148B CN 201210144756 A CN201210144756 A CN 201210144756A CN 103258148 B CN103258148 B CN 103258148B
- Authority
- CN
- China
- Prior art keywords
- security code
- program
- information
- execution
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a kind of control system, control device and program execution control method, it considers the utilization of control program, maintainability, and from the view point of the safety of the control program worked at PLC, prevents the improper use of control program.In the controls, have: the first memory storing the user program containing the first security code and established procedure code; Store and contain the first security code with the second memory of the security information of the second security code after the conversion of regulation algorithm; Unit is permitted in the execution of the execution of grant user program; To the program execution unit performing the user program that is allowed and perform, perform allowance unit the first security code contained in user program is changed with the algorithm of afore mentioned rules, and the security code after conversion and the second security code obtained from security information are compared, when consistent, the execution of grant user program.
Description
Technical field
The present invention relates to control device and the control system of the execution of control program, particularly relate to and control at PLC(ProgrammableLogicController, programmable logic controller (PLC)) control system of the execution of the upper PLC program performed, control device and control method.
Background technology
At present, as FA(FactoryAutomation, workshop robotization) etc. industrial multi-purpose computer, use programmable logic controller (PLC) (ProgrammableLogicController: call PLC in the following text, programmable logic controller (PLC)).When PLC carries out sequential control to control object equipment, such as, the test sections such as the sensor of control object equipment, switch are connected to the input terminal of PLC by user, the equipments such as the motor of control object equipment are connected to the lead-out terminal of PLC.Then, PLC exports the output signal corresponding with the input signal to input terminal according to the control program performed from lead-out terminal, controls thus to control object equipment.
At this, for the technology of the improper use of the program preventing from performing on PLC, such as, there will be a known patent documentation 1,2 etc.Describing by making control program can only work on specific control device in patent documentation 1,2, realizing the control device preventing the improper utilization of control program.
More specifically, the control device that patent documentation 1 is recorded is built-in with the certification ladder based on the eigenvalue (such as serial i D) of permitting the specific PLC performed in control program.And, when making control program work on specific PLC, use certification ladder to carry out certification.Control device only after the authentication has been successful when permit the execution of this control program, therefore, even if hypothesis control program reveals (outflow), control program does not also work on other control device.Thus, even if suppose that this control program is revealed, because control program does not work on other control device, so the improper use of program can be prevented.
Prior art document
Patent documentation
Patent documentation 1:(Japan) JP 2011-165041 publication
Patent documentation 2:(Japan) JP 2009-70144 publication
Summary of the invention
The problem that invention will solve
But when control device there occurs fault, during repairing there occurs the control device of fault, the activity in production of factory stops, so, sometimes adopt by arranging alternative machine by maintenance person etc. temporarily and make the method that the activity in production of factory continues.
But, in the invention that patent documentation 1,2 is recorded, use the authentication information of the eigenvalue based on serial i D equal controller to carry out certification, only in successful authentication situation, just permit the execution of this control program.Therefore, when control device there occurs fault, directly the control program used in the control device that there occurs fault can not be directly used in alternative machine.Following problem is there is in this situation, namely, due to the eigenvalue based on alternative machine built-in in control program (such as, serial i D) certification ladder, therefore alternative machine control program (compiling etc., compile) must again be rewritten until the process consumes time that again starts of the activity in production of the recovery of control device, i.e. factory.
The present invention proposes to solve such problem, its object is to provide a kind of consider control program utilization, while maintainability, from the safety point of view of the control program worked at PLC, prevent the control system of the improper use of control program, control device and program execution control method.
Solve the technological means of problem
In order to solve the problem, present invention employs the device for solving above-mentioned problem with following characteristics.
The control system of a mode of the present invention, comprise secure file distribution device, security code entering device, secondary load device and control device, it is characterized in that: above-mentioned secure file distribution device has: generate the secure file generation unit comprising the secure file of the first security code, above-mentioned security code entering device has: security code converting unit, and it converts by the algorithm of regulation above-mentioned first security code obtained from above-mentioned secure file to second security code; With safety information logining unit, it will comprise the safety information logining of above-mentioned second security code to above-mentioned control device, above-mentioned secondary load utensil has: generate the Program Generating unit comprising the user program of above-mentioned first security code and regulated procedure code, above-mentioned control device has: first memory, and it stores above-mentioned user program; Second memory, it stores the security information comprising above-mentioned second security code logged in by above-mentioned safety information logining unit; Perform and permit unit, it permits the execution being stored in the above-mentioned user program of above-mentioned first memory; And program execution unit, it performs permits by above-mentioned execution the above-mentioned user program that unit permits execution, unit is permitted in above-mentioned execution, when the above-mentioned user program being stored in above-mentioned first memory comprises the procedure code of afore mentioned rules, by the algorithm of afore mentioned rules, the first security code contained in above-mentioned user program is changed, this security code after conversion and the second security code obtained from the security information being stored in above-mentioned second memory are compared, when consistent, permit the execution of above-mentioned user program.
In addition, the control device of a mode of the present invention has: first memory, and it stores the user program comprising the first security code and regulated procedure code; Second memory, it stores the security information comprising the second security code, and above-mentioned first security code is changed and log in by security code entering device with the algorithm of regulation by this second security code; Perform and permit unit, it permits the execution being stored in the above-mentioned user program of above-mentioned first memory; Program execution unit, it performs permits by above-mentioned execution the above-mentioned user program that unit permits execution, unit is permitted in above-mentioned execution, when comprising the procedure code of afore mentioned rules in the above-mentioned user program being stored in above-mentioned first memory, by the algorithm of afore mentioned rules, the first security code that above-mentioned user program comprises is changed, this security code after conversion and the second security code obtained from the security information being stored in above-mentioned second memory are compared, when consistent, permit the execution of above-mentioned user program.
In addition, in the program execution control method of a mode of the present invention, the generation of security code entering device comprises the security information of the second security code and this security information is inputed to control device, this second security code is that the first security code is converted by the algorithm of regulation, secondary load device generates user program and this user program is inputed to above-mentioned control device, above-mentioned user program comprises regulated procedure code and above-mentioned first security code, when above-mentioned control device comprises the procedure code of afore mentioned rules in above-mentioned user program, above-mentioned first security code from above-mentioned secondary load device input is changed by the algorithm of afore mentioned rules, with this security code after changing and above-mentioned second security code consistent into condition, permit the execution of above-mentioned user program.
In addition, the scheme combination in any of textural element of the present invention, performance or textural element being applicable to device, method, computer program, storage medium etc. is also effective as mode of the present invention.
The effect of invention
According to the present invention, can provide a kind of consider control program utilization, while maintainability, from the safety point of view of the control program worked at PLC, prevent the control system of the improper use of control program, control device and program execution control method.
Accompanying drawing explanation
One of Fig. 1 Control system architecture figure (skeleton diagram) representing present embodiment example;
Fig. 2 is the functional structure example of the Control system architecture figure of present embodiment;
Fig. 3 represents the operation screen example (one) of the secure file distribution device of present embodiment;
Fig. 4 represents the operation screen example (its two) of the secure file distribution device of present embodiment;
Fig. 5 represents the operation screen example of the security code entering device of present embodiment;
Fig. 6 represents the program editor picture example of the secondary load device of present embodiment;
Fig. 7 is the sequential chart of the flow process of the information processing 1 representing present embodiment;
Fig. 8 is the sequential chart of the flow process of the information processing 2 representing present embodiment;
Fig. 9 is the process flow diagram of the PLC program execution control treatment flow process of the program execution department 205 representing present embodiment;
Figure 10 is the process flow diagram of the security code check processing flow process of the SFB function part 206 representing present embodiment;
Figure 11 be should use-case Control system architecture figure functional structure example;
The appointment example that Figure 12 represents " active position information ";
Figure 13 is that represent should the process flow diagram of security code check processing flow process of SFB function part 206 of use-case.
Symbol description
100 secondary load devices
101 Program Generating portions
102 storeies
200PLC
201 safety information logining receiving portions
202 safe storages
203 motion time measurement portions
204 program storages
205 program execution departments
206SFB function part 206
207 compare the portion of checking
208 yards of converter sections
209 notification units
210 user ROM draw-in grooves
211 positional information obtaining sections
300 secure file distribution devices
301 secure file generating units
400 security code entering devices
401 secure file reading parts
402 storeies
403 safety information logining portions
404 yards of converter sections
Embodiment
Below, enumerate embodiment with reference to accompanying drawing to be described for implementing mode of the present invention.
[ system architecture ]
Fig. 1 represents an example of the Control system architecture figure (skeleton diagram) of present embodiment.As shown in Figure 1, the system of present embodiment comprises secondary load device 100, PLC200, secure file distribution device 300, security code entering device 400.
Secondary load device 100 is the auxiliary computer installations of the PLC program (control program) being created on PLC200 body of work.Therefore, secondary load device 100 possesses PLC Program Generating program editor.By program editor, over the display, therefore, user can develop the PLC program of expectation to the display of Program Generating picture on this screen.In addition, the PLC program after User Exploitation downloads to PLC200 from secondary load device 100.
PLC200 is the programmable logic controller (PLC) (ProgrammableLogicController) used as the control device of factory automation (FA).PLC200 by the signal storage that inputs from load module to I/O(Input/Output, I/O) storer, carry out logical operation based on the PLC program logged in advance in program storage 201.In addition, be sent to output module by after this operation result write I/O storer, then perform so-called perimeter systems process (loading processing, various system process).PLC200, by repeatedly carrying out these process, controls the opertaing device as object.
Secure file distribution device 300 is generating security file (SecurityFile, classified document) and the end device exported.This secure file uses when " security code (SecurityCode, security code) " logs in PLC200 by security code entering device 400.
Security code entering device 400 is the end devices for the security information containing " security code ", " trial employment period " being logged in PLC200.That is, security code entering device 400 obtains secure file from secure file distribution device 300, is taken out and signs in PLC200 by the security code contained by this secure file.In addition, the trial employment period that user inputs, except security code, is also signed in PLC200 by security code entering device 400.
It is more than the Control system architecture example of present embodiment.In addition, in normal circumstances, in PLC200 runs, secondary load device 100, secure file distribution device 300 and security code entering device 400 are taken off from PLC200 to be used.In addition, the preferences such as secure file distribution device 300 and security code entering device 400, as taken care of by the manufacturer of exploitation PLC program, managed, are not placed on the place being placed with PLC200 at user place.
[ functional structure ]
Fig. 2 is the functional structure example of the Control system architecture figure of present embodiment.Below, successively each device is described.
(secure file distribution device)
The secure file distribution device 300 of present embodiment comprises secure file generating unit 301.Secure file (being shown as SF in figure), when receiving user from " security code " (being shown as SC-A figure) that (input parts) such as keyboards inputs, is encrypted with the public-key cryptography dish of security code entering device 300, is exported by secure file generating unit 301." security code " containing user's input in secure file.Security code entering device 400 by the secure file deciphering after encryption, thus obtains this " security code ".In addition, in security code except the value containing security code itself, also can contain the size of data (such as, 64bit etc.) of this security code.
(security code entering device)
The security code entering device 400 of present embodiment comprises secure file reading part 401, storer 402, safety information logining portion 403, code converter section 404.
Secure file reading part 401 reads the secure file issued from secure file distribution device 300.In addition, because secure file is encrypted, therefore, secure file reading part 401 uses the encryption key of corresponding above-mentioned public-key cryptography to be deciphered by secure file.Then, secure file reading part 401 extracts " security code " (SC-A) and is saved in storer 402 from the secure file after deciphering.
Safety information logining portion 403 obtains " security code " from storer 402.Then, safety information logining portion 403 entrusts code converter section 404 will be somebody's turn to do " security code " (SC-A) and is converted to different " security code " (being SC-B in figure).
In addition, safety information logining portion 403 accepts " trial employment period " from user's input." trial employment period " is when using PLC200, though be used to specify do not buy proper licence (license) etc. also can information during Interim use PLC200.The input method of " trial employment period " to have such as 10 hours, 1 day, 1 month etc. concrete during input or the input on concrete like this date on March 1st, 2011 (up to only).In addition, safety information logining portion 403 generates the security information (also can be " security code ") of " security code " (SC-B) after containing conversion and " trial employment period ", and logs in this security information to PLC200.The login of security information utilizes by internet channel and USB(UniversalSerialBus, USB (universal serial bus)) cable that is connected with PLC200 such as port or serial ports sends security information to realize to PLC200.PLC200 is only from security code entering device 400(safety information logining portion 403) accept the login of security information, do not accept the login of the security information from other device.In addition, the security information of generation also can be saved in storer 402 by safety information logining portion 403.
The algorithm that the security code obtained specifies is converted to other different security code by code converter section 404 according to the trust in safety information logining portion 403.In present embodiment, specifically for " security code A " (SC-A) is converted to " security code B " (SC-B).
(secondary load device)
The secondary load device 100 of present embodiment comprises Program Generating portion 101, storer 102.
Program Generating portion 101 is realized by PLC Program Generating program editor, carries out with the generation of the PLC program of PLC200 body of work (generating auxiliary).101 pairs, Program Generating portion user provides program editor, various instrument (tool) etc., generates the PLC program that user expects.
In addition, when PLC Program Generating, when the program in considering to want to protect user to generate, such as, user carries out predetermined operation from program editor.Program Generating portion 101 accepts this predetermined operation, process such below carrying out the program in generation.That is, Program Generating portion 101 PLC program initialization process or perform process time etc., to recall the mode generator program code of security code inspection system functional block (being called SFB).
More specifically, the code recalling security code inspection SFB function part 206, when PLC200 performs this PLC program, is appended to a part for the procedure code that user generates by Program Generating portion 101.In addition, as the parameter of the SFB206 of security code inspection, preset in the lump " security code ".In addition, this security code needs to arrange " security code A " security code that (SC-A) is identical inputted with user in secure file distribution device 300.
And the compiling of the procedure code that the user that Program Generating portion 101 carries out having added the code recalling security code inspection SFB function part 206 generates, generates PLC program.In addition, the PLC program generated is kept at storer 102.In addition, the PLC program generated is sent to PLC200(and downloads).
(PLC)
Then, the PLC200 of present embodiment comprises safety information logining receiving portion 201, safe storage 202, motion time measurement portion 203, program storage 204, program execution department 205, SFB function part 206(comprise the portion of checking 207 that compares, code converter section 208), notification unit 209.
Safety information logining receiving portion 201 is from security code entering device 400(safety information logining portion 403) accept security information, and by the safety information logining (preservation) that receives to safe storage 202.In security information, as mentioned above containing " security code " (SC-B) and " trial employment period ", therefore, these information extractions are gone out and is saved in safe storage 202.In addition, safety information logining receiving portion 201 only will from security code entering device 400(safety information logining portion 403) safety information logining that receives to safe storage 202, do not accept the login of the security information from other device.
Safe storage 202 is realized by the high safety chip of against tampering, flash memories, and it is the storer of limiting access.In the present embodiment, only have safety information logining receiving portion 201 and 203 pairs, motion time measurement portion safe storage 202 to have write authority, in addition, only have and compare 207 pairs, the portion of checking safe storage 202 there is reading authority.On the other hand, user can not conduct interviews to safe storage 202.As shown in Figure 2, in this case, " security code B ", " trial employment period ", " actuation time " is stored at this safe storage 202.
Motion time measurement portion 203 starts the measurement of " actuation time " of PLC200 in the moment of preserving " trial employment period " to safe storage 202.The standard time clock (internal clocking) of motion time measurement portion 203 and PLC200 differently, it carries out the measurement of the actuation time of PLC200 (such as by independently clock, based on the scan period of PLC (from reading in input data to during reading in input data next time), measure actuation time of PLC).Distorting of actuation time of causing of the behavior etc. of refunding the time of standard time clock in order to prevent due to user by the reason that independently clock carries out the measurement of the actuation time of PLC200.Therefore, although user can access the standard time clock of PLC200, motion time measurement portion 203 can not be accessed." actuation time (information) " measured is saved in safe storage 202 by motion time measurement portion 203 after each measurement one by one.
Program storage 204 is the storeies for storing the PLC program in PLC200 body of work generated by secondary load device 100.Forbid that the access from user is relative as mentioned above with safe storage 202, program storage 204 allows the user memory from the access of user.
The PLC program that secondary load device 100 generates also can be stored into storage medium by user in advance, this storage medium storing PLC program is inserted the user ROM draw-in groove 210 of PLC200.In this situation, PLC200 will be stored in the PLC program transportation of this storage medium to program storage 204.
Program execution department 205 performs the PLC program being stored in program storage 204.But, containing when recalling the code of security code inspection SFB function part 206 in PLC program, recall SFB function part 206 according to this code.And program execution department 205 only just continues the execution of PLC program after the execution obtaining PLC program from SFB function part 206 is permitted, when the execution not obtaining PLC program is permitted, forbid the execution of (stopping) PLC program.In addition, this process is not only implemented when the execution process of PLC program, such as, also can implement when the initialization process of PLC program.In this situation, forbid the execution of this PLC program below.
SFB function part 206 is security code inspection SFB, is equivalent to perform allowance portion.Specifically, compare the portion of checking 207 and comprise yard converter section 208.Relatively checking portion 207 accepts recalling from program execution department 205, implements process below.
First, compare the portion of checking 207 to obtain " trial employment period " and " actuation time " that be stored in safe storage 202.As above-mentioned, " trial employment period " is even if be used to specify the information do not bought during proper licence etc. also temporarily can use PLC200, therefore, when " actuation time " of PLC200 within " trial employment period ", program execution department 205 is permitted to the execution of the PLC program as security code check object.
On the other hand, when " actuation time " of PLC200 not within " trial employment period " (" actuation time " have passed through " trial employment period "), for program execution department 205, forbid the execution (disapproving) as the PLC program of security code check object.
In addition, on the other hand, when " trial employment period " is not stored in safe storage 202, the inspection that the portion of checking 207 implements security code contained in PLC program is compared.
First, compare the portion of checking 207 and obtain " security code " (such as SC-A) as setting parameter in as the PLC program of security code check object.Then, the conversion of " security code " is entrusted to code converter section 208.
Security code converter section 208 is according to trust conversion " security code " of comparing the portion of checking 207.Code converter section 208 is converted to security code by the algorithm that the code converter section 404 with security code entering device 400 is identical.In this case, " security code A " is converted to " security code B "." security code " after conversion is transferred to and compares the portion of checking 207 by code converter section 208.
Relatively check portion 207 obtain conversion after " security code " after, then obtain " security code " (such as, the SC-B) being stored in safe storage 202.Then, " security code " in " security code " changed by code converter section 208 and safe storage 202 is compared (or checking), when two security codes are consistent, for program execution department 205, permit the execution of the PLC program as security code check object.
On the other hand, when two security codes are inconsistent, for program execution department 205, forbid the execution (disapproving) as the PLC program of security code check object.
Notification unit 209 waits the execution result of notice PLC program to user.Concrete Notification Method is to the notice such as display of each device or is notified by mail etc. to journal file output journal or to the terminal of regulation.
It is more than the functional structure example of the Control system architecture figure of present embodiment.The program that in fact these each function parts can be performed by the CPU of each device realizes on computers.In addition, these functional blocks not necessarily must be realized by the program be clearly separated, and also can recall from other program as subroutine (subroutine) or function.In addition, a part for functional block also can be IC(IntegratedCircuit, integrated circuit) or FPGA(FieldProgrammableGateArray, field programmable gate array) etc. hardware unit.
In addition, the program relevant to these each function parts is not kept at common program storage 204 region, and be kept at that user can not directly access enhance safe region (not shown).
[ operation screen example ]
Below, the operation screen example of each device is described.
(secure file distribution device)
Fig. 3 represents the operation screen example (one) of the secure file distribution device of present embodiment.As mentioned above, secure file distribution device 300 is generating security file and the end device exported.
User can be generated and output safety file by the operation screen of the display picture display operating in secure file distribution device 300.As shown in Figure 3, first user inputs the password being used for logging in (login) to secure file distribution device 300 in user authentication picture (a).After user authentication success, enter menu screen (b).Then, in menu screen (b), when user presses " secure file distribution ", enter secure file distribution picture (c).
In secure file distribution picture (c), user inputs arbitrarily after " security code ", presses " adding ".The security code of input is appended to " complete list ".In addition, in " distribution memorandum ", can merge the secure file of each distribution and add arbitrary memorandum.
Then, user presses " distribution ".Afterwards, display confirmation screen (d), containing the end of output of secure file of security code being appended to " complete list ".
The secure file of such generation, output uses when security code entering device 400 logs in security code to PLC200.Secure file such as can be saved in pocket storage medium by user, via this storage medium, secure file is transferred to security code entering device 400.Or, also via network, secure file can be transferred to security code entering device 400.
Fig. 4 represents the operation screen example (its two) of the secure file distribution device of present embodiment.Specifically, when pressing " display of distribution resume " in Fig. 3 (b), display is somebody's turn to do " display of secure file distribution resume ".As shown in Figure 4, secure file distribution device 300 shows the details (" issue date ", " security code ", " distribution memorandum " etc.) of the secure file of distribution in the past.
(security code entering device)
Fig. 5 represents the operation screen example of the security code entering device of present embodiment.As noted above, security code entering device 400 is the end devices for the security information containing " security code " or " trial employment period " being logged in PLC200.User obtains secure file by the operation screen of the display picture display operating in security code entering device 400.In addition, take out security code contained in secure file and sign in PLC200.
As shown in Figure 5, the user's first password of input for logging in security code entering device 400 in user authentication picture (a).After user authentication success, enter menu screen (b).Then, in menu screen (b), when user presses " safety information logining ", enter safety information logining picture (c).
At safety information logining picture (c), first user specifies the login destination PLC of security information.When legend, PLC is assumed to be the situation situation about being connected with via network connected via USB port, and user can by the PLC of the login destination (sending destination) of any one method appointment security information.
Then, user carries out the reading of secure file to security code entering device 400 by pressing " secure file reading ".Specifically, the storage medium preserving the secure file generated by secure file distribution device 300 is connected with security code entering device 400 by user.Then, press " secure file reading ", after specifying in the secure file preserved in storage medium, carry out the reading of secure file.
When user carries out the reading of secure file, the security code in secure file is presented at " security code " hurdle.In addition, when there is multiple security code in secure file, multiple security code is presented at " security code " hurdle.User is from selecting the security code logging in PLC in the middle of this.
Then, user carries out " login of trial employment period ".Specifically, when carrying out " login of trial employment period ", click the "Yes" in legend, and input " time " is specified.When not carrying out " login of trial employment period ", click "No" (logging on as arbitrarily of " trial employment period ").
" replacement actuation time " is used to specify and is not reset actuation time/reset.For PLC, " trial employment period " can log in again, therefore, when logging in again, can specify and not reset in the actuation time logging in moment only measurement so far again/reset.Must be appointed as during the first login of " trial employment period " and not carry out " replacement actuation time " (default value).
On the basis of above-mentioned setting, user presses " login ".Afterwards, display confirmation screen (d), for the login destination PLC of security information, the login of " security code " and " trial employment period " that have selected completes.That is, when legend, in this moment, by " security code ": 006BZ-dpAo2wTsb83amk, " trial employment period ": 10(hour) sign in the safe storage 202 of PLC200.In addition, when not carrying out " login of trial employment period ", for safety information logining destination PLC, the login of " security code " only selected terminates.
(secondary load device)
Fig. 6 represents the program editor picture example of the secondary load device of present embodiment.As above-mentioned, secondary load device is the computer installation of the generation of auxiliary PLC program.User develops the PLC program of expectation on this screen.In addition, the PLC program of User Exploitation downloads to PLC200 from secondary load device 100.
User, when protecting the program as object of protection in generating, carries out predetermined operation from such as program editor.Thus, for " procedure code as object of protection " that user generates, add in PLC200 side " the SFB procedure code " that recall security code inspection SFB.Then, user carry out on program editor containing " procedure code as object of protection " and " SFB procedure code " and the compiling of procedure code, generation PLC program.In addition, generated PLC program is sent to PLC200.
[ information processing ]
Below, the information processing example of each device is described.
(information processing 1)
Fig. 7 is the sequential chart of the flow process of the information processing 1 representing present embodiment.Specifically, first, to in information processing 1, secure file distribution device 300 generates, the process of output safety file and security code entering device 400 are described (simultaneously with reference to Fig. 2) to the process of the security information that PLC200 logged in containing " security code ", " trial employment period ".
S1: first, user inputs " security code A " (for example, referring to Fig. 3 (c)) to secure file by distribution device 300.
S2: after the secure file generating unit 301 of secure file distribution device 300 accepts " security code " (such as, SC-A) of user's input, generate the secure file containing being somebody's turn to do " security code " (such as, SC-A).
S3: generated secure file is encrypted by the public-key cryptography of secure file generating unit 301 use safety code entering device 300.
S4: secure file generating unit 301 exports the secure file (for example, referring to Fig. 3 (d)) after encryption.Output intent has and such as secure file is saved in pocket storage medium, via this storage medium, secure file is transferred to the method for security code entering device 400.Or, also via network, secure file can be sent to security code entering device 400.
S5: then, the secure file reading part 401 of security code entering device 400 reads the secure file (for example, referring to Fig. 5 (c)) issued by secure file distribution device 300.
S6: secure file reading part 401 uses the encryption key corresponding to above-mentioned public-key cryptography to be decrypted by encrypted secure file.
S7: secure file reading part 401 extracts " security code " (such as, SC-A) and is saved in storer 402 from the secure file after deciphering.
S8: when safety information logining portion 403 accepts the instruction of safety information logining from user, entrusts one " security code " (such as, the SC-A) by user selects to be converted to " security code " (such as, SC-B) to code converter section 404.The security code obtained, according to the trust from safety information logining portion 403, is converted to other different security code according to the algorithm of regulation by code converter section 404.In the present embodiment, " security code A " is converted to " security code B ".In addition, changing " security code " is like this to improve security further.Such as, even if when " security code A " has revealed, can not directly use " security code A ", not last for compare (or checking) " security code B " time, PLC program can not be performed.
S9: at this, as user's input " trial employment period ", safety information logining portion 403 obtains this " trial employment period " (for example, referring to Fig. 5 (c)).
S10: safety information logining portion 403 generates the security information of " trial employment period " of " security code " (such as, the SC-B) after containing conversion and input.In addition, the PLC200 specified to the login destination as security information logs in this security information (for example, referring to Fig. 5 (d)).Specifically, as mentioned above, security information is sent to PLC200 via networks such as USB, LAN, and logs in (preservation) in PLC200 side to safe storage 202.
In addition, as mentioned above, for PLC200, " trial employment period " can log in again, when logging in again, can specify and not reset/reset logging in the moment again up to the actuation time of only measuring (for example, referring to Fig. 5 (c)).Therefore, when the logging in again of " trial employment period " and when specifying " replacements actuation time " for "Yes", safety information logining portion 403, when login security information, will represent that the mark (flag) of " replacement actuation time " is sent to PLC200 simultaneously.
In addition, only in security code entering device 400, user freely can not log in arbitrary security code to PLC200, that is, need the secure file exported at security information distribution device 300 to read in security code entering device 400(S5).The reason of such formation is as follows, suppose, even if when security code entering device 400 has been revealed, the user attempting improper use PLC program freely can not log in the security code consistent with the security code (parameter) in PLC program to the safe storage 202 of PLC.
The safety information logining receiving portion 201 of S11: then, PLC200 will from security code entering device 400(safety information logining portion 403) security information i.e. " security code " (such as, SC-B) and " trial employment period " of obtaining be saved in safe storage 202.In addition, as mentioned above, because this safe storage 202 is storeies of limiting access, so user can not conduct interviews to this safe storage 202.
In addition, as above-mentioned, safety information logining receiving portion 201 only logs in safe storage 202 and steps on Green device 400(safety information logining portion 403 from security code) accept the security information of coming, do not accept the login of the security information from other device.Therefore, PLC200 confirms that login side's (transmit leg) of security information is for after security code entering device 400, logs in this security information.On the other hand, PLC200, when not confirming the login side of security information (transmit leg) for security code entering device 400, abandons this security information.
As the concrete confirmation method in login side (source), such as, when the transmitting-receiving of security information, PLC200 can utilize the certification of the key (key) (data of regulation or password etc.) using only security code entering device 400 to have, and confirms login side.In addition, such as, universal key pin mode (also referred to as encryption key (safe key) pin mode) can also be utilized.Security information is encrypted by the universal key (encryption key) of security code entering device 400 use safety code entering device 400, and the security information after encryption is sent to PLC200.PLC200 has the universal key (encryption key) identical with security code entering device 400, uses this universal key (encryption key) security information to be deciphered, can confirm login side thus.
S12: motion time measurement portion 203 starts the measurement of the actuation time of PLC200 in the moment " trial employment period " being saved in safe storage 202.Motion time measurement portion 203, in order to prevent distorting of actuation time, separates with the standard time clock (internal clocking) of PLC200, utilizes independently clock to carry out the measurement of the actuation time of PLC200.In addition, the actuation time of measurement, according to each measurement, is saved in safe storage 202 by motion time measurement portion 203 one by one.
In addition, when " trial employment period " before this Already in safe storage 202, motion time measurement portion 203 represents the measurement of the actuation time starting PLC200.And, as above-mentioned, when " trial employment period " can log in again, when from security code entering device 400(safety information logining portion 403) when sending the mark of expression " replacement actuation time ", in S11, security information receiving portion 201 replaces (renewal) already present on safe storage 202 " trial employment period ".In addition, motion time measurement portion 203 starts the measurement of the actuation time of new PLC200.
(information processing 2)
Fig. 8 is the sequential chart of the flow process of the information processing 2 representing present embodiment.Specifically, in information processing 2, control treatment is performed to the PLC program of the PLC Program Generating process of secondary load device 100, the PLC download program process of secondary load device 100 and PLC200 and is described (simultaneously with reference to Fig. 2).
S21: first, the Program Generating portion 101 of secondary load device 100 is created on the procedure code (for example, referring to Fig. 6) of the PLC program of PLC200 body of work.That is, when user generates the user program code of user's expectation by program editor, Program Generating portion 101 adds the procedure code recalling security code inspection SFB206 in a part for this user program code.In addition, meanwhile, " security code " (such as, SC-A) as SFB206 parameter, is preset.This security code is provided by user, and is set as identical with " security code " (such as, the SC-A) inputted to secure file distribution device 300.
S22: then, when generating the procedure code of procedure code containing user program code and recall SFB206, Program Generating portion 101 compiles, and generates PLC program.In addition, the PLC program generated is saved in storer 102 by Program Generating portion 101.
S23: then, the PLC program of generation is sent to PLC200 by user operation or automatic operation etc. by Program Generating portion 101.
The program execution department 205 of S24:PLC200 controls the execution of the PLC program stored at program storage 204.Program execution department 205, when the execution process carrying out PLC program, containing when recalling the code of SFB function part 206 in PLC program, carries out recalling of SFB function part 206 according to this yard.And, program execution department 205 according to the rreturn value (" permit perform " or " forbidding performing ") from SFB function part 206 carry out continuing with PLC program execution or forbid the control that (termination) performs.These details describe in addition.In addition, not containing when recalling the code of SFB function part 206 in PLC program, as long as program execution department 205 directly carries out the execution of PLC program.
S25: the execution result of PLC program is informed to user etc. by notification unit 209.Specifically, as Notification Method, can notify at the display etc. of each device, or by carrying out daily record output to journal file or send mail to the terminal of regulation notifying.In addition, this notice also can only notify when the execution of PLC program has been prohibited.
(PLC program performs control treatment)
Fig. 9 is the process flow diagram of the PLC program execution control treatment flow process of the program execution department 205 representing present embodiment.Specifically, control (in Fig. 8 S24) is performed for above-mentioned PLC program, is described with reference to the accompanying drawings.
The program execution department 205 of S31:PLC200 performs the PLC program stored at program storage 204.Now, whether judge in PLC program containing the code recalling security code inspection SFB function part 206.At this, when not comprising the code recalling security code inspection SFB function part 206 in PLC program, because this PLC program is not by the program of special protection, program execution department 205 enters S34, directly performs PLC program.
S32: containing when recalling the code of security code inspection SFB function part 206 in PLC program, according to this code, program execution department 205 carries out recalling of SFB function part 206.At this, " security code " (such as the SC-A) as SFB206 setting parameter in PLC program, when recalling SFB function part 206, is passed to SFB function part 206 by program execution department 205.
S33: program execution department 205 obtains rreturn value (" permitting performing " or " forbidding performing ") from SFB function part 206.When rreturn value is " permitting performing ", enter S34.On the other hand, when rreturn value is for " forbidding performing ", S35 is entered.
S34: the rreturn value that program execution department 205 is coming from SFB function part 206 is " permitting performing ", perform PLC program.Thus, PLC200 main body implements the action of user's expectation by this PLC program.
S35: on the other hand, this PLC program, when the rreturn value from SFB function part 206 is for " forbidding performing ", is considered as improper PLC program, forbids that (termination) performs by program execution department 205.
(SFB function treatment)
Figure 10 is the process flow diagram of the security code check processing flow process of the SFB function part 206 representing present embodiment.Specifically, control (in Fig. 9 S32) is performed for above-mentioned PLC program, is described with reference to the accompanying drawings.
S41: in fig .9 in S32, when performing recalling of SFB function part 206 by program execution department 205, the portion of relatively checking 207 of SFB function part 206 obtains " trial employment period " from safe storage 202.When achieving " trial employment period ", enter S42.On the other hand, when " trial employment period " can not be obtained, S45 is entered.In addition, the situation that can not obtain " trial employment period " refers to the situation not logging in " trial employment period " at safe storage 202.
S42: comparing the portion of checking 207 when achieving " trial employment period ", then obtaining " actuation time " from safe storage 202.The moment that " actuation time " is preserving " trial employment period " starts this measurement, and therefore, when " trial employment period " logging in safe storage 202, " actuation time " will also be stored in safe storage 202.
S43: compare the portion of checking 207 when obtaining " actuation time " and " trial employment period " from safe storage 202, whether be in available period based on " actuation time " judgement " trial employment period ".As mentioned above, " trial employment period " represent and represent available period of PLC200 " actuation time " " actuation time " of PLC200.Therefore, compare the portion of checking 207 and can judge whether PLC200 was in " trial employment period " based on " actuation time " and " trial employment period ".When PLC200 was in " trial employment period ", enter S44.On the other hand, when PLC200 is not within " trial employment period ", S51 is entered.
Such as, when from the action of PLC200 through 5 hours, " actuation time " is 5(H), as " trial employment period " is set to 10(H), then judge PLC200 be in available " trial employment period ".In addition, such as, when from the action of PLC200 through 12 hours, " actuation time " is 12(H), if " trial employment period " is set to 10(H), then judge PLC200 not within available " trial employment period ".
S44: comparing the portion of checking 207 to permit the execution of the PLC program as security code check object, issuing rreturn value to program execution department 205: " permitting performing ".
S45: on the other hand, compares the portion of checking 207 when not obtaining " trial employment period " from safe storage 202 (S41), entrusts parameter: the conversion of " security code " (such as, SC-A) to code converter section 208.In " security code ", when carrying out recalling of SFB function part 206 by program execution department 205, obtain the code (in Fig. 9 S32) as SFB206 setting parameter in PLC program.
S46: code converter section 208 is according to trust conversion " security code " of comparing the portion of checking 207.It is converted to security code according to the algorithm identical with the code converter section 404 of security code entering device 400 by code converter section 208.Therefore, in this case, " security code A " is converted into " security code B "." security code " after conversion is passed to and is compared the portion of checking 207 by code converter section 208.
S47: compare the portion of checking 207 when " security code " after achieving conversion from code converter section 208, enter S48.On the other hand, when " security code " after conversion can not being obtained from code converter section 208, S51 is entered.
S48: compare the portion of checking 207 and obtain " security code " (such as, SC-B) from safe storage 202.When achieving " security code ", enter S49.On the other hand, when " security code " can not be obtained, S51 is entered.In addition, the situation that can not obtain " security code " is the situation not logging in " security code " in safe storage 202.
S49: when comparing " security code " in the parameter of the portion of checking 207 after obtaining conversion " security code " and safe storage 202, two security codes are compared (or checking).
S50: when two security codes are consistent, enter S44.That is, comparing the portion of checking 207 to permit the execution of the PLC program of the object checked as security code, issuing rreturn value to program execution department 205: " permitting performing ".On the other hand, when two security codes are inconsistent, S51 is entered.
S51: comparing the portion of checking 207 to forbid the execution of the PLC program of the object checked as security code, issuing rreturn value to program execution department 205: " forbidding performing ".
[ summary ]
Above, in the information processing example of present embodiment, when PLC200 performs PLC program, by the code recalling SFB added to PLC program, recall SFB function part 206, implement the security code check processing in PLC program.On the other hand, the safe storage 202 be restricted in the access forming PLC200 is previously stored with " security code " via secure file distribution device 300 and security code entering device 400.Then, by with the comparing (or checking) of the security code after the conversion in PLC program, when two security codes are consistent, judge that this PLC program is as proper PLC program, and permit the execution of this PLC program at PLC200.On the other hand, when two security codes are inconsistent, judge that this PLC program is not proper PLC program (the improper use as PLC program), forbid the execution of this PLC program at PLC200.
Like this, according to the present embodiment, only have proper PLC that PLC program just can be made to run, therefore, realize the effect preventing the improper use of PLC program.And, for the assembling manufacturing business etc. using PLC to carry out product development, can prevent the Counterfeit Item of PLC, PLC program or pirate products from coming into the market.
In addition, at this, when the PLC200 of such as present embodiment there occurs fault, during repairing there occurs the PLC200 of fault, consider that the PLC(temporarily arranging alternative machine because the activity in production of factory stops is set to PLC200-2), the activity in production of factory is continued.Now, concrete use replaces resuming work of machine to carry out as follows.
First, maintenance workers (s) physical property arranges alternative machine PLC200-2.Then, maintenance workers logs in security information from security code entering device 400 to alternative machine PLC200-2.This security information is identical with the security information logged in the PLC200 that there occurs fault.As long as the code of the storer 402 being kept at security code entering device 400 is directly logged in just passable.Thus, the safe storage 202 of machine PLC200-2 is being replaced to store " security code " (such as, SC-B).
Then, maintenance workers stores PLC program (download) to the program storage 204 of alternative machine PLC200-2.This PLC program is identical with the PLC program used the PLC200 that there occurs fault.As long as the code that the storer 102 being directly stored in secondary load device 100 is preserved.Or, as mentioned above, when the PLC program generated by secondary load device 100 being stored into the storage medium inserting user ROM draw-in groove 210, maintenance workers to be chosen storage medium from the PLC200 that there occurs fault, this storage medium is inserted the user ROM draw-in groove 210 substituting machine PLC200-2.Thus, store (transmission) at the program storage 204 of alternative machine PLC200-2 and have the PLC program up to now used.
Then, in alternative machine PLC200-2, as long as maintenance workers performs PLC program.When PLC program performs, even if compare the portion of checking 207 at SFB function part 206() security code check processing in, due to " security code " (such as the SC-B) of the Parameter Switch in PLC program and safe storage 202 " security code " (such as, SC-B) consistent, therefore permit the execution of PLC program.
Simply resumed work by so above, even if in alternative machine PLC200-2, also can perform the PLC program identical with the program performed at the PLC200 that there occurs fault.That is, use alternative machine PLC200-2, the one-tenth product activity identical with the PLC200 that there occurs fault can be started rapidly again.
In addition, in the information processing example of present embodiment, implement security code check processing when being performed PLC program by PLC200, but, as long as within " trial employment period ", then do not need two " security codes " unanimously can perform PLC program yet.
Forgoing describe the situation logging in security information from security code entering device 400 to alternative machine PLC200-2, but when security code entering device 400 not at one's side, maintenance workers can not log in the security information identical with the security information logged at the PLC200 that there occurs fault from security code entering device 400 to alternative machine PLC200-2.
But, even if under these circumstances, as long as maintenance workers prepares to substitute the secure file distribution device (being set to secure file distribution device 300-2) of machine and the security code entering device (being set to security code entering device 400-2) of alternative machine.Maintenance workers is in alternative machine secure file distribution device 300-2 and alternative machine security code entering device 400-2, even if when do not know just when " security code ", also " security code " (for example, referring to Fig. 3 (c), the Fig. 5 (c)) of (illusory: Dammy) arbitrarily can be inputted.And, log in (such as " trial employment period " during stopping degree if the repairing of the PLC200 broken down is completed, with reference to Fig. 5 (c)) and log in the security information containing " security code " and " trial employment period " of (illusory) arbitrarily to alternative machine PLC200-2, even if then two " security codes " are inconsistent, the execution carrying out PLC program also can be fixed tentatively.That is, use alternative machine PLC200-2, the production same with the PLC200 that there occurs fault can be started rapidly again and apply flexibly.
In addition, comprise PLC200-2 PLC program is stored in PLC200() front, log in one month as the initial value of " trial employment period " in advance or one week etc. " trial employment period ", do not need the login of above-mentioned " trial employment period " of being undertaken by maintenance workers thus.
And, during " trial employment period ", when to customer objective lend PLC200, log in " security code " in advance to PLC200 and lend after " trial employment period ", the inspection of " trial employment period " is effective thus.Afterwards, in the middle of the trial employment period, user wishes to buy PLC200, by deleting " trial employment period " that logged in, after this inspection of " security code " is effective.
Like this, PLC according to the present embodiment, can consider the utilization of control program, maintainability, and from the safety point of view of the control program worked at PLC, prevents the improper use of control program.
[ application examples ]
, GPS(GlobalPositioningSystem is possessed to PLC200 below, GPS) sensor, and the example using the position of PLC to implement certification is described.That is, when PLC200 performs PLC program, whether certification arranges this PLC in the admitted use location of the use of this PLC program.And when PLC200 is positioned at this use location, PLC200 permits the execution of this PLC program.Thus, the security of the control program worked on PLC is improved further.Be described below.
Figure 11 be should use-case Control system architecture figure functional structure example.Compare the functional structure example of above-mentioned Fig. 2, different in secondary load device 100 with the local of PLC200.Below, be described centered by difference.
(secondary load device)
Should in the secondary load device 100 of use-case, Program Generating portion 101 carries out the generation (generating auxiliary) of the PLC program in PLC200 body of work.Now, the code recalling security code inspection SFB function part 206, as mentioned above for the user program code that user generates, is appended to a part for the program that user generates by Program Generating portion 101.In addition, simultaneously as security code inspection SFB206 parameter, preset " security code A ".In addition, also in use-case, should preset " active position information " as security code inspection SFB206 parameter.
" active position information " is for being used to specify the information of the use location (setting position) of the PLC200 of the execution permitting PLC program.That is, when PLC200 is positioned at the use location that " active position information " specify, PLC200 permits the execution of this PLC program.Therefore, user needs the use location of PLC200 (such as, the position of factory) to be appointed as " active position information ".
The appointment example that Figure 12 represents " active position information ".The mode that " active position information " divides c second with such as north latitude a degree b, east longitude d degree e divides f second etc., can with the form input of (latitude x. longitude y) such position coordinates obtained from GPS.
As shown in (a), " active position information " position coordinates with 2 can be specified by user.In this situation, the scope of rectangle is interior is active position scope, therefore, can specify in the mode for active position scope in the lands used such as such as factory.
In addition, as shown in (b), user can using " active position information " with the position of polygonal point (polygon form point) as appointment.In this situation, be active position scope in polygonal scope, therefore, can specify in the land used of such as factory etc. is active position scope.
In addition, such as, shown in (c), " active position information " can specify with the position coordinates of the central point of any by user.In this situation, be active position scope in the periphery circle scope of the central point of a bit.For being active position scope in the round scope that central point is how many, also predetermined radius z can be pre-determined in PLC200 side, also can by the position coordinates of user's designated centers point and its radius z.
(PLC)
Then, as shown in figure 11, positional information obtaining section 211 should added in the PLC200 of use-case.Positional information obtaining section 211 is realized by GPS sensor, and it receives the signal from gps satellite, obtains " the present position information " of the position that PLC200 is positioned at." the present position information " that obtains is passed to safety information logining receiving portion 201 by positional information obtaining section 211.Safety information logining receiving portion 201 " present position information " should be saved in safe storage 202.Via safety information logining receiving portion 201, " present position information " being saved in safe storage 202 is that safety information logining receiving portion 201 pairs of safe storages 202 have write authority because be limited the access of safe storage 202.In addition, " present position information " also relates to one of safe information.
Program execution department 205 performs the PLC program being stored in program storage 204.In addition, program execution department 205 containing when recalling the code of security code inspection SFB function part 206, recalls SFB function part 206 according to this code in PLC program.And program execution department 205 only when the execution achieving PLC program from SFB function part 206 is permitted, just continues the execution of PLC program, when obtain PLC program forbid execution, forbid the execution of (stopping) PLC program.
When comparing the portion of checking 207 and recalling SFB function part 206 by program execution department 205, as above-mentioned, based on " trial employment period ", " actuation time " and " security code ", judge that the allowance of PLC program performs, forbid performing.In use-case, also should judge that the allowance of PLC program performs based on " present position information ", forbidding performing.
That is, compare the portion of checking 207 to obtain " the present position information " that is kept in safe storage 202.As mentioned above, " present position information " in safe storage 202 represents the positional information being provided with PLC200.In addition, compare the portion of checking 207 and obtain " active position information " as setting parameter in the PLC program of the object checked as security code.Then, relatively check portion 207 and " present position information " and " active position information " is compared (or checking), when two positions information is consistent (when " present position information " is in the scope that " active position information " specify), in order to permit the execution of the PLC program as security code check object, issue rreturn value to program execution department 205: " permitting performing ".On the other hand, comparing the portion of checking 207 when two positions information is inconsistent, in order to forbid the execution of the PLC program of the object checked as security code, issuing rreturn value to program execution department 205: " forbidding performing ".
(SFB function treatment)
Figure 13 is that represent should the process flow diagram of security code check processing flow process of SFB function part 206 of use-case.Compared with above-mentioned Figure 10, add the step following S52 ~ 54 of S50 closely, step is in addition identical.Below, with reference to accompanying drawing, S52 ~ 54 are described.
S52: when comparing the portion of checking 207 two security codes are consistent in S50, then obtain " present position information " from safe storage 202.When achieving " present position information ", enter S53.On the other hand, when " present position information " can not be obtained, S51 is entered.In addition, the situation that can not obtain " present position information " refers to the place etc. being such as positioned at and can not being obtained positional information by GPS sensor.In this situation, also can notify the situation that can not obtain " present position information ", promote the correction etc. of the setting position of PLC, so that positional information (S25 in Fig. 8) can be obtained by GPS sensor.
S53: compare the portion of checking 207 and compare (checking) " present position information " and " active position information ".In addition, about " active position information ", comparing the portion of checking 207 when recalling SFB function part 206 by program execution department 205, obtaining at PLC program " active position information " (S32 in Fig. 9) as SFB206 setting parameter.
S54: compare the portion of checking 207 (" present position information " is in the situation in scope that " active position information " specify) when " present position information " is consistent with " active position information ", enter S44.
Then, comparing the portion of checking 207 to permit the execution of the PLC program of the object checked as security code, issuing rreturn value to program execution department 205: " permitting performing " (S44).
On the other hand, compare the portion of checking 207 when two positions information is inconsistent, enter S51.And, comparing the portion of checking 207 to forbid the execution of the PLC program of the object checked as security code, issuing rreturn value to program execution department 205: " forbidding performing ".
Above, should in use-case, by carrying out in the storage of PLC program internal memory " the active position information " of the utilization of this program, based on " the present position information " that obtains from the GPS sensor of PLC200, be only arranged at and can utilize the PLC200 in the region of PLC program (place) that this PLC program can be performed.Therefore, after such as PLC200 is set, inferior by the situation of taking this area out of in PLC200 main body, PLC program can not be performed beyond the assigned address that " active position information " determines, therefore, it is possible to prevent the use of PLC program (improper use can be called).That is, the security of the control program worked on PLC200 can be improved further.
As mentioned above, according to the present embodiment and application examples, a kind of utilization, the maintainability of considering control program can be provided, and from the view point of the security of the control program worked at PLC, prevent the control system of the improper use of control program, control device and control method.
In addition, the present invention is not limited to the embodiment of specifying, be recorded in claim scope main idea of the present invention scope in, can various distortion, change be carried out.
Claims (12)
1. a control system, comprises secure file distribution device, security code entering device, secondary load device and control device, it is characterized in that:
Described secure file distribution device has:
Generate the secure file generation unit comprising the secure file of the first security code,
Described security code entering device has:
Security code converting unit, it converts by the algorithm of regulation described first security code obtained from described secure file to second security code; With
Safety information logining unit, it will comprise the safety information logining of described second security code to described control device,
Described secondary load utensil has:
Generate the Program Generating unit comprising the user program of described first security code and regulated procedure code,
Described control device has:
First memory, it stores described user program;
Second memory, it stores the security information comprising described second security code logged in by described safety information logining unit;
Perform and permit unit, it permits the execution being stored in the described user program of described first memory; With
Program execution unit, it performs and performs the described user program of permitting unit and permitting performing by described,
Unit is permitted in described execution, when the described user program being stored in described first memory comprises described regulated procedure code, by the algorithm of described regulation, the first security code contained in described user program is changed, this security code after conversion and the second security code obtained from the security information being stored in described second memory are compared, when consistent, permit the execution of described user program.
2. control system as claimed in claim 1, is characterized in that:
Described safety information logining unit, when have input trial employment period information, will comprise the safety information logining of this trial employment period information and described second security code to described control device,
In described control device,
The security information comprising described trial employment period information and described second security code logged in by described safety information logining unit is stored at described second memory,
When described execution allowance unit comprises described trial employment period information in the security information being stored in described second memory, in the trial employment period, permit the execution being stored in the user program of described first memory.
3. control system as claimed in claim 2, is characterized in that:
Described control device has the measuring unit of the actuation time of measuring and controlling,
Described measuring unit, when the security information comprising described trial employment period information is stored in described second memory, starts the measurement of the actuation time of control device,
Described execution is permitted unit and is compared described actuation time and described trial employment period information, when being in the trial employment period actuation time of present moment, is considered as being in the trial employment period, permits the execution being stored in the user program of described first memory.
4. the control system according to any one of claims 1 to 3, is characterized in that:
The described Program Generating unit of described secondary load device generates and not only comprises described first security code and described regulated procedure code but also the user program comprising the positional information of regulation,
Described control device has the positional information acquisition unit of the present position information obtaining control device,
When described execution allowance unit comprises the positional information of described regulation in the described user program being stored in described first memory, when described present position information is in outside the position range determined by the positional information of this regulation, disapprove the execution of the user program being stored in described first memory.
5. a control device, is characterized in that, has:
First memory, it stores the user program comprising the first security code and regulated procedure code;
Second memory, it stores the security information comprising the second security code, and described first security code is changed and log in by security code entering device with the algorithm of regulation by this second security code;
Perform and permit unit, it permits the execution being stored in the described user program of described first memory;
Program execution unit, it performs and performs the described user program of permitting unit and permitting performing by described,
Unit is permitted in described execution, when comprising described regulated procedure code in the described user program being stored in described first memory, by the algorithm of described regulation, the first security code that described user program comprises is changed, this security code after conversion and the second security code obtained from the security information being stored in described second memory are compared, when consistent, permit the execution of described user program.
6. control device as claimed in claim 5, is characterized in that:
Different from common program storage area, carried out the region of safe strengthening, the regulated procedure code had by inputting from secondary load device recalls and judges the allowance that user program performs or nonlicet functional module,
Described functional module, when having from described secondary load device input the user program comprising described regulated procedure code and the first security code, judges the allowance that described user program performs based on described first security code with from the security information of security code entering device input or disapproves.
7. control device as claimed in claim 5, is characterized in that:
The security information comprising trial employment period information and described second security code logged in by described security code entering device is stored at described second memory,
When described execution allowance unit comprises described trial employment period information in the security information being stored in described second memory, in the trial employment period, permit the execution being stored in the user program of described first memory.
8. control device as claimed in claim 7, is characterized in that:
There is the measuring unit of the actuation time of measuring and controlling,
Described measuring unit, when the security information comprising described trial employment period information is stored in described second memory, starts the measurement of the actuation time of control device,
Described execution is permitted unit and is compared described actuation time and described trial employment period information, when being in the trial employment period actuation time of present moment, is considered as being in the trial employment period, permits the execution being stored in the user program of described first memory.
9. the control device according to any one of claim 5 ~ 7, is characterized in that:
There is the positional information acquisition unit of the present position information obtaining control device,
Store in described first memory and not only comprise described first security code and described regulated procedure code but also the user program comprising the positional information of regulation,
When described execution allowance unit comprises the positional information of described regulation in the described user program being stored in described first memory, when described present position information is in outside the position range determined by the positional information of this regulation, disapprove the execution of the user program being stored in described first memory.
10. a program execution control method, is characterized in that:
The generation of security code entering device comprises the security information of the second security code and this security information is inputed to control device, and this second security code is that the first security code is converted by the algorithm of regulation,
Secondary load device generates user program and this user program is inputed to described control device, and described user program comprises regulated procedure code and described first security code,
When described control device comprises described regulated procedure code in described user program, described first security code from described secondary load device input is changed by the algorithm of described regulation, with this security code after changing and described second security code consistent into condition, permit the execution of described user program.
11. program execution control methods as claimed in claim 10, is characterized in that:
Described security code entering device adds trial employment period information to the described security information inputing to described control device,
Described control device, in the trial employment period, permits the execution of described user program.
12. program execution control methods as described in claim 10 or 11, is characterized in that:
Described secondary load device adds the active position information of the execution permitting this user program to the described user program inputing to described control device,
Described control device present position information be in the position range determined by described active position information outer time, disapprove the execution of described user program.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2012033368A JP5990927B2 (en) | 2012-02-17 | 2012-02-17 | Control system, control device, and program execution control method |
| JP2012-033368 | 2012-02-17 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103258148A CN103258148A (en) | 2013-08-21 |
| CN103258148B true CN103258148B (en) | 2016-02-24 |
Family
ID=48962060
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210144756.4A Active CN103258148B (en) | 2012-02-17 | 2012-05-10 | Control system, control device and program execution control method |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP5990927B2 (en) |
| CN (1) | CN103258148B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2015200971A (en) * | 2014-04-04 | 2015-11-12 | 富士電機株式会社 | Control system equipped with falsification detection function |
| JP6383240B2 (en) * | 2014-10-17 | 2018-08-29 | 株式会社東芝 | Control program maintenance device and control program maintenance method |
| RU2638000C1 (en) * | 2017-02-08 | 2017-12-08 | Акционерное общество "Лаборатория Касперского" | Method of monitoring execution system of programmable logic controller |
| JP2019159752A (en) * | 2018-03-13 | 2019-09-19 | オムロン株式会社 | Controller, license management method, and license management program |
| JP6573749B1 (en) * | 2018-08-30 | 2019-09-11 | 三菱電機株式会社 | Control device, control method and program |
| CN110632869A (en) * | 2019-08-16 | 2019-12-31 | 广东鑫光智能系统有限公司 | Multifunctional controller application system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101533438A (en) * | 2008-05-24 | 2009-09-16 | 威盛电子股份有限公司 | Microprocessor device for providing secure execution environment and method for executing secure code thereof |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3630451B2 (en) * | 1994-09-20 | 2005-03-16 | 富士通株式会社 | Software usage control device |
| EP0792044B1 (en) * | 1996-02-23 | 2001-05-02 | Fuji Xerox Co., Ltd. | Device and method for authenticating user's access rights to resources according to the Challenge-Response principle |
| JP2001282526A (en) * | 2000-03-31 | 2001-10-12 | Canon Inc | Software management device, its method and computer readable storage medium |
| US7974416B2 (en) * | 2002-11-27 | 2011-07-05 | Intel Corporation | Providing a secure execution mode in a pre-boot environment |
| WO2005029241A2 (en) * | 2003-09-15 | 2005-03-31 | Plum Thomas S | Automated safe secure techniques for eliminating |
| JP2005346662A (en) * | 2004-06-07 | 2005-12-15 | Seiko Epson Corp | Information equipment, control method for information equipment. and program |
| JP4406794B2 (en) * | 2006-03-24 | 2010-02-03 | 京セラミタ株式会社 | Image forming apparatus |
-
2012
- 2012-02-17 JP JP2012033368A patent/JP5990927B2/en active Active
- 2012-05-10 CN CN201210144756.4A patent/CN103258148B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101533438A (en) * | 2008-05-24 | 2009-09-16 | 威盛电子股份有限公司 | Microprocessor device for providing secure execution environment and method for executing secure code thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2013171346A (en) | 2013-09-02 |
| JP5990927B2 (en) | 2016-09-14 |
| CN103258148A (en) | 2013-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103258148B (en) | Control system, control device and program execution control method | |
| CN103425909B (en) | Control system, control device and program execution control method | |
| CN101232203B (en) | Apparatus, methods and system for role-based access in an intelligent electronic device | |
| TWI421786B (en) | Scalable and flexible information security for industrial automation | |
| CN104679553B (en) | For the method and apparatus of the secure distribution of embedded firmware | |
| CN203982565U (en) | Radio-frequency unit | |
| CN101484901B (en) | System and method for controlling productive process | |
| CN102156840B (en) | Controller and managing device thereof | |
| EP2702526B1 (en) | Method and apparatus for securing programming data of a programmable device | |
| CN108475319A (en) | Device birth voucher | |
| US8707423B2 (en) | Programmable display device, and control system | |
| US20130010965A1 (en) | Method and device for providing at least one secure cryptographic key | |
| CN103336473A (en) | Removable security modules and related methods | |
| US7716477B2 (en) | Data processing method, program of the same, and device of the same | |
| CN107948170A (en) | Interface requests parameter encryption method, device, equipment and readable storage medium storing program for executing | |
| US20220116391A1 (en) | Systems and methods for authorizing access to a component in an electric power distribution system | |
| CN104428782A (en) | Programmable logic controller | |
| CN103426238B (en) | Smart cart issuing system and method based on plug-ins | |
| CN101416129A (en) | Field apparatus | |
| JP2020024758A (en) | Maintenance element capable of being restored to factory state | |
| CN102763046A (en) | Programmable controller and programming device | |
| CN102202057A (en) | System and method for safely dumping data of mobile memory | |
| US20210160063A1 (en) | Cryptographic management of lifecycle states | |
| CN101206469A (en) | System and method for setting software option of numeric control device | |
| CN104054085A (en) | Information Processing Apparatus, Information Processing Method, And Computer Program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |