CN103370660A - Programmable logic controller, and method of storing password for programmable logic controller - Google Patents

Programmable logic controller, and method of storing password for programmable logic controller Download PDF

Info

Publication number
CN103370660A
CN103370660A CN2011800676998A CN201180067699A CN103370660A CN 103370660 A CN103370660 A CN 103370660A CN 2011800676998 A CN2011800676998 A CN 2011800676998A CN 201180067699 A CN201180067699 A CN 201180067699A CN 103370660 A CN103370660 A CN 103370660A
Authority
CN
China
Prior art keywords
password
unit
plc
slave unit
programmable logic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011800676998A
Other languages
Chinese (zh)
Inventor
由井梦树
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Publication of CN103370660A publication Critical patent/CN103370660A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/04Programme control other than numerical control, i.e. in sequence controllers or logic controllers
    • G05B19/05Programmable logic controllers, e.g. simulating logic interconnections of signals according to ladder diagrams or function charts
    • G05B19/058Safety, monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Programmable Controllers (AREA)

Abstract

A programmable logic controller (100), according to the embodiments of the present invention, is provided with a master unit (110) and one or more slave units (120, 130, 140, 150, 160). The master unit (110) has a configuration information table (111a) for managing IO numbers allocated to the slave units (120, 130, 140, 150, 160), and generates shared password information (121a, 131a, 141a, 151a, 161a) from divided password data, which is obtained by dividing the password that was originally set in the master unit (110), using the IO numbers allocated to the slave units (120, 130, 140, 150, 160). The slave units (120, 130, 140, 150, 160) store the shared password information (121a, 131a, 141a, 151a, 161a) sent from the master unit (110).

Description

The password store method of programmable logic controller (PLC) and programmable logic controller (PLC)
Technical field
The present invention relates to the technology that a kind of password of the control system that has prevented from using programmable logic controller (PLC) is revealed.
Background technology
Current known following programmable logic controller (PLC) (Programmable Logic Controller:PLC), it is built-in with microprocessor, in response to the state of the input signal of operating switch and various sensors, be stored in the sequencer in the program storage, carry out the driving control of the electrical loads such as various actuators and display device.
In each unit (PLC unit) of PLC, by the input block that is built-in with input interface circuit, be built-in with the output unit of output interface circuit, the following structural form of a plurality of unit widespread use that consists of with the elementary cell of input block and output unit etc. being controlled based on sequencer, namely, connect with each connector of (base unit) on the main frame platen that has each other a plurality of connectors that are connected by bus, Bussing connector that perhaps will be each other links and each other by the bus connection etc., can be simply with each cellular installation or pull down and connect with various combinations.
The personnel beyond the system operator in addition, in the PLC unit of above-mentioned variety of way, the salvo of various internal datas proposed, so that can't change or usurp the internal datas such as the sequencer of PLC unit and set information.
Salvo as internal data; currently there is a following method: when system operator utilizes PLC unit change internal data or reads internal data from the PLC unit; the PLC unit contrasts the encrypted message set in self and the system operator encrypted message from inputs such as personal computer instruments, and whether system operator is judged to request source.
At this moment, have the preservation position as the encrypted message in PLC, set, be kept at the method in PLC unit self monomer and the encrypted message section of PLC unit be kept at method in other the PLC unit etc.Authentication information is kept at method in PLC unit self monomer, from the preservation viewpoint of data, is very natural method.On the other hand, about with the authentication information section and the method for distributed and saved, known have a secret sharing approach of (k, n) threshold value etc. (with reference to non-patent literature 1), and the method easily is applied to PLC.
On the other hand, the PLC unit has for anti-fault, broken string usually, the unit is extracted and mechanism that the dismounting of other PLC unit in the system is detected.
On the basis of above-mentioned mechanism, also require in recent years following function, namely, even PLC breaks down the unit in the course of work of system, need not halt system, can be replaced by the PLC unit with this PLC unit identical type, thus can carry out with fault before identical action (with reference to patent documentation 1).
Patent documentation 1: 2008-No. 97369 communiques of TOHKEMY
Non-patent literature 1:A.Shamir, " How to share a Secret, " Commun.ACM, vol.22no.11pp.612-613,1979.)
Summary of the invention
As mentioned above, according to existing technology, the PLC unit can be extracted with cellular installation the unit of other unit and detect.But up to now, for being not the PLC unit (changing the outer unit of object) of changing object on the control system, when being installed in the PLC unit (unit after the replacing) after being replaced into replacing as the PLC unit in the slot numbering of changing object (unit before changing), judge after the replacing the unit whether the control system supvr expect the unit installed.Namely, because not having to judge is that system operator is desirably in the PLC unit (regular unit) that uses on the control system, or system operator is not desirably in the PLC unit (non-normal unit) that uses in the system, therefore exists replacing owing to the unit to cause non-normal unit to sneak into problem in the control system.
In addition, for the PLC unit self encrypted message is divided into n the data (password partition data) after (n is not for comprising 0 natural number), sometimes by collecting together wherein more than or equal to k password partition data (k is the natural number except 0 that is less than or equal to n), the encrypted message of this PLC unit can be reduced.
For example, there is the secret sharing approach of above-mentioned (k, n) threshold value as above-mentioned method of reducing.In the situation that use the method, will be by (k, n) the password partition data of the secret sharing approach generation of threshold value is kept in other the PLC unit, but owing to also preserving the password partition data in the unit before replacing, therefore, when carrying out unit replacement, the password partition data reduces, and need to prevent the minimizing of password partition data when repeatedly carrying out unit replacement at every turn.
System operator is wished when carrying out unit replacement at every turn, utilization is remaining password partition data on control system, by (k, n) the secret sharing approach of threshold value, encrypted message is reduced, and again by the secret sharing approach generating cipher of (k, n) threshold value partition data, disperse and be saved in the PLC unit of unit on interior control system that comprises after the replacing.At this moment, password partition data in the unit that is kept at before changing be kept at replacing after the unit in the different situation of password partition data under, exist the operator of malice to select arbitrarily slot numbering, for this slot numbering, the PLC unit that repeatedly will programme for stealing passwords information (unit that has malice) is when carrying out dismounting, and the data volume of the password partition data that sends to the unit that has malice constantly increases.
There is following problems in its result: exist the unit of malice can utilize obtained password partition data, by the secret sharing approach of (k, n) threshold value, the most at last encrypted message reduction.Under above-mentioned condition, the PLC unit on the control system disperses self encrypted message and when being saved to other PLC unit on the control system, must make to exist the PLC unit of malice can't collect password.
For example, self password partition data disperseed and be saved to PLC unit (the PLC unit of distributed and saved password) in a plurality of other PLC unit on the control system, the password partition data need to be sent in other PLC unit that in fact carry out keeping.At this moment, the password partition data for example be encrypted message is merely cut apart and the situation of data under, the PLC unit mistake that the operator that the PLC unit of keeping password partition data is stored in malice extracts password partition data or distributed and saved password is sent to the password partition data in the situation of unit of the existence malice of sneaking in the control system, even if the part of encrypted message, this encrypted message also are to the outside leakage to have occured.
In order to prevent the above-mentioned state of affairs, to encrypted message cut apart and distributed and saved other PLC unit to the system in the PLC unit, need to be before cutting apart encrypted message encrypted message be transformed to the information that other PLC unit can't be understood.Perhaps, need to be after cutting apart encrypted message the clip information of password be transformed to the information that other PLC unit can't be understood.In any situation, if the critical data of using in conversion is not only to be saved to the information that the PLC unit in other PLC unit is known by encrypted message is cut apart in system, then nonsensical.
Thus, for the PLC unit of distributed and saved password, need to be for the countermeasure of following situation, that is: unit replacement is carried out in the PLC unit of the password partition data of keeping self, the method for unit replacement is maliciously used and is replaced into the unit that has malice; Perhaps the unit replacement by carrying out owing to the robbed or burgled grade of unit when the unit after the replacing is not the unit of system operator expectation, sends the password partition data by mistake.And, there is following problem, namely, for in the unit that has malice various password partition datas being collected (at (k, n) in the situation of the secret sharing approach of threshold value, collect the situation of the data suitable with k password partition data) and with encrypted message reduction or because unit robbed or burgled and simply so that the problem revealed occurs the password partition data of this inside, unit, have to take some countermeasures.
The present invention is exactly In view of the foregoing and proposes, and its purpose is, obtains programmable logic controller (PLC) that a kind of password that effectively prevents distributed and saved reveals and the password store method of programmable logic controller (PLC).
In order to solve above-mentioned problem, realize purpose, the present invention has master unit and more than or equal to the programmable logic controller (PLC) of 1 slave unit, this programmable logic controller (PLC) is characterised in that, described master unit has the composition information table that the IO numbering that is dispensed to described slave unit is managed, according to the password that is set in the described master unit is cut apart the password partition data that gets, utilization is dispensed to the IO numbering of described slave unit, the generating cipher dispersed information, described slave unit is preserved the described password dispersed information that sends over from described master unit.
The effect of invention
According to the present invention, has the effect that reduces the cost of system operator administrator password by the leakage that prevents encrypted message.
Description of drawings
Fig. 1 is the integrally-built block diagram of the related programmable logic controller (PLC) of expression embodiments of the present invention.
Process flow diagram when Fig. 2 is the related unit replacement of embodiments of the present invention.
Embodiment
Below, based on accompanying drawing, the embodiment of the password store method of programmable logic controller (PLC) involved in the present invention and programmable logic controller (PLC) is elaborated.In addition, the present invention is not limited to present embodiment.
Embodiment
Below, with reference to accompanying drawing, embodiments of the present invention are elaborated.Fig. 1 is the integrally-built block diagram of the related programmable logic controller (PLC) 100 of expression embodiments of the present invention.
<state before the unit replacement 〉
In Fig. 1, programmable logic controller (PLC) 100 has elementary cell 110(master unit), a plurality of input block 120,140,160 and a plurality of output unit 130,150.At this, with input block 120,140,160 and output unit 130,150 be generically and collectively referred to as I/O unit or slave unit.
Elementary cell 110 is installed on the dismounting connector of slot 181a of base unit 180, with the collaborative control of carrying out the I/O unit (slave unit) 120,130,140,150,160 that is connected with the dismounting connector of other slots 181b of base unit 180,181c, 181d, 181e, 181f of base unit 180 and I/O unit 120,130,140,150,160 dismounting detection.
Inside in elementary cell 110 is provided with: MPU114; Storer (ROM) 111 as auxilary unit; Main storage means (RAM) 112; And for the data bus interface 113 that carries out intercell communication.
It (is respectively that input block 120 is installed among the slot 181b that input block 120,140,160 is installed in respectively among slot 181b, 181d, the 181f of base unit 180, input block 140 is installed among the slot 181d, input block 160 is installed among the slot 181f), and be connected with elementary cell 110 via base unit 180.
Via the outside switching signal/simulating signal of input terminal platform (not shown) input in the input block 120 etc. 191, open and close signal/simulating signal etc. 191 and be connected to input I/F(and also comprise MPU) 122.Via the outside switching signal/simulating signal of input terminal platform (not shown) input in the input block 140 etc. 193, open and close signal/simulating signal etc. 193 and be connected to input I/F(and also comprise MPU) 142.Via the outside switching signal/simulating signal of input terminal platform (not shown) input in the input block 160 etc. 194, open and close signal/simulating signal etc. 194 and be connected to input I/F(and also comprise MPU) 162.
Be provided with in input block 120: input I/F(also comprises MPU) 122; Storer (ROM) 121 as auxilary unit; Main storage means (RAM) 123; And data bus I/F124.Input block 140,160 also is respectively identical structure as shown in Figure 1.
Output unit 130 is provided with: output I/F(also comprises MPU) 132; Storer (ROM) 131 as auxilary unit; Main storage means (RAM) 133; And data bus I/F134.Output unit 150 and the output unit 170 of afterwards output unit 150 being changed also are respectively identical structure as shown in Figure 1.In output unit 130, via lead-out terminal platform (not shown), external loading/fictitious load etc. 192 also comprise MPU with output I/F() 132 be connected.
The composition information 111a that preserves in the storer (ROM) 111 of elementary cell 110 is data group (composition information table), stores in this data group (composition information table): the slot numbering of slot 181b and the initial IO numbering of distributing to slot 181b; The slot numbering of slot 181c and the initial IO numbering of distributing to slot 181c; Slot 181d and the initial IO numbering of distributing to slot 181d; The slot numbering of slot 181e and the initial IO numbering of distributing to slot 181e; And the slot numbering of slot 181f and the initial IO numbering of distributing to slot 181f.
Password dispersed information 111c is the initial IO numbering of utilizing elementary cell 110, reversible data (password distributed and saved data) based on the generation of password partition data, this password partition data is for example by (k, n) secret sharing approach, will for the encrypted messages of setting in elementary cell 110 of system authentication (such as the authentication etc. that is used for reading from the engineering design instrument data in the PLC unit) itself cut apart and must.Password dispersed information 111c can be reduced to original password partition data by the initial IO numbering of distributing to elementary cell 110.
Changing with password 111b is for when changing, the unit of elementary cell 110 after for replacing, and the replacing of carrying out the unit is the data of desired this judgement of replacing of system operator whether.
With password dispersed information 111c similarly, password dispersed information 121a is in the initial IO of elementary cell 110 interior use input blocks 120 numbering based on the password partition data and after generating, be sent to the reversible data (password distributed and saved data) of input block 120, wherein, this password partition data is by (k, n) secret sharing approach, to cutting apart for the encrypted message in elementary cell 110 settings of system authentication.
Password dispersed information 131a, 141a, 151a, 161a are similarly, to use respectively each I/O unit 130,140,150,160 initial IO numbering based on the password partition data and after generating elementary cell 110 is interior, be sent to respectively each I/O unit 130,140,150,160 reversible data (password distributed and saved data), wherein, this password partition data is by (k, n) secret sharing approach, to cutting apart for the encrypted message in elementary cell 110 settings of system authentication.
Output unit 150 is unit that the system in action changes, and is equivalent to the front unit of above-mentioned replacing.
Output unit 170 is to replace output unit 150 and be appended to unit in the system after replacing, is equivalent to the unit after the above-mentioned replacing.
Changing with password 171b is for when the unit replacement, and 110 pairs of output units of elementary cell 170 are the encrypted message judged of the unit of system operator expectation replacing whether.
<flow process of unit replacement 〉
Below, with reference to the process flow diagram of Fig. 2, the action during to the related unit replacement of the embodiment in the programmable logic controller (PLC) shown in Figure 1 100 is elaborated.The process flow diagram of Fig. 2 relates to the action of carrying out in elementary cell 110.Output unit 170 shown in Figure 1 is equivalent to " unit after the replacing " in the process flow diagram of Fig. 2, and output unit 150 is equivalent to " unit before changing " of Fig. 2, and slot 181e is equivalent to " changing the object slot " of Fig. 2.
At first, in step S200,110 pairs of elementary cells are pulled down PLC unit (output unit 150) this situation the slot numbering of " changing the object slot " and this situation of new PLC unit (output unit 170) have been installed have detected from base unit 180.
Then, in step S210, elementary cell 110 reads the interior replacing password 171b in unit (output unit 170) after the replacing.
Next, in step S220, the replacing that the output unit 170 after change reads in step S210 of 110 pairs of elementary cells is judged with whether password 111b is consistent with the replacing in being kept at elementary cell 110 with password 171b.In the situation that consistent (step S220: be) enters step S230.(step S220: no) enters step S290 in inconsistent situation.In addition, in step S210, reading situation about changing with password the unit (output unit 170) after changing, also be judged to be password inconsistent (step S220: no), enter step S290.
In step S230, wish the unit installed owing in step S220, being judged as output unit 170 after the replacing of installing and being system operator, therefore, in order to prevent from changing replacing in the unit that will be kept at the leakage of password after the replacing with password 171b deletion.
Next, the password dispersed information that 110 pairs of elementary cells are kept in the following unit in step S240 is collected, that is, be installed in the slot of changing beyond the object slot 181e and namely change unit in the slot of the outer slot numbering of object.In the situation that Fig. 1, the slot of changing the outer slot numbering of object refers to slot 181b, 181c, 181d, 181f, and the unit that is installed on them refers to I/O unit 120,130,140,160.Thus, 110 pairs of password dispersed information of elementary cell 121a, 131a, 141a, 161a collect.
Next, elementary cell 110 is in step S250, utilization is present in the initial IO numbering in the composition information 111a, each password dispersed information 121a, 131a, 141a, 161a that unit on being installed in the slot of changing slot numbering outside the object is collected are reduced to the password partition data, and utilize (k, n) the secret sharing approach of threshold value attempts carrying out the reduction of encrypted message.
In the situation that the number of the password dispersed information of collecting in step S240 is not enough k, can't utilize the secret sharing approach of (k, n) threshold value with encrypted message reduction (step S250: no).In this case, enter step S290.In the situation that encrypted message has obtained reduction (step S250: be), enter step S260.
In step S260, from form information 111a, read the initial IO numbering of distributing to the slot numbering of changing object slot 181e by elementary cell 110.
Next, in step S270, to utilize (k, n) encrypted message that restores in step S250 of the secret sharing approach of threshold value is divided into the password partition data, the initial IO to changing object slot numbering distribution that utilization is read in step S260 numbers, and generates the password dispersed information that once was sent to the unit (output unit 150) before changing.
And in step S280, the unit (output unit 170) after the password dispersed information that will generate in step S270 is sent to replacing enters step S290.
Step S290 represents that the authentication judgement finishes.
In addition, in the above-described embodiment, for utilizing (k as cutting apart the method for password, n) example of the secret sharing approach generating cipher of threshold value partition data is illustrated, but as the password dividing method that in the PLC of distributed and saved password, uses, be not limited to the secret sharing approach of (k, n) threshold value.If be divided at the encrypted message with certain PLC unit in the situation of n (n does not comprise 0 natural number) data, just can be with the method for the encrypted message reduction of this PLC unit by collecting k password partition data in the neat n data (password partition data) (k be less than or equal to n do not comprise 0 natural number), even (k then, n) method beyond the secret sharing approach of threshold value also can be implemented in the same manner with above-mentioned embodiment.
As described above; the password store method of the programmable logic controller (PLC) that embodiments of the present invention are related; in the programmable logic controller (PLC) of a plurality of I/O units that have elementary cell and connect with respect to elementary cell detachable ground; in order to protect sequencer and set information; and will be set in password in the elementary cell; such as utilizing the method generating cipher partition data such as the secret sharing approach of threshold value, with password partition data distributed and saved in intrasystem other unit.
The password store method of the programmable logic controller (PLC) that embodiment is related; in order to reduce the technology that password is revealed in the situation that unit replacement has occured in the system; the leakage that can reduce password means the cost that can reduce the system operator administrator password, and can reduce the risk of being revealed by the data of this cryptoguard.
The PLC unit of the programmable logic controller (PLC) that embodiment is related has the function of password distributed and saved in other PLC unit of setting for PLC unit self in elementary cell, function with the dismounting that can detect the PLC unit, by the IO distribution function PLC unit that is managed by self being carried out IO distributes, for example, the PLC unit that is managed by self has slot numbering according to the order that connects in system.The PLC unit of the programmable logic controller (PLC) that embodiment is related has when I/O, in self, preserve the function of the data of being entrusted by other PLC unit, will be made as " master unit of changing the object slot numbering " (elementary cell 110 of Fig. 1) to the elementary cell that the slot numbering of replacing object is controlled.
" change the master unit of object slot numbering " and be installed in the initial IO numbering that the PLC unit in the slot numbering of distributed and saved is implemented in expectation by utilization, the password separate data is processed, thereby the reversible data that generates with respect to the password partition data is " password distributed and saved data ".To be installed in the slot numbering by the unit on the slot beyond the replacing object slot numbering of " changing the master unit of object slot numbering " management, be made as " changing the outer slot numbering of object ", will change front unit change be installed as change after during the unit, " change the master unit of object slot numbering " by (k, n) threshold value sharing approach is reduced to encrypted message with being kept at the password distributed and saved that is installed in the unit of changing on the outer slot numbering of object with data.
Preseted the unit replacement password in the unit after replacing, and the unit replacement of holding with the master unit of slot numbering " change object " is with in the consistent situation of password, and the unit that " changing the master unit of object slot numbering " is judged to be after the replacing is regular unit.If be judged to be regular unit, then the master unit of slot numbering " the change object " unit replacement that will be set in advance in the unit after the replacing is deleted with password.
And, the IO assignment information that " master unit of replacing object slot numbering " utilizes the encrypted message after the reduction and distribute to the slot numbering of replacing object, the generating cipher distributed and saved is with data (the password distributed and saved data of distributed and saved in the unit before replacing), is saved to after the replacing that is judged to be regular unit in the unit.
If the replacing that predefined replacing is held with password and the master unit of slot numbering " change object " in the unit after replacing is inconsistent with password, then " change the master unit of object slot numbering " not the unit after change send encrypted message, password partition data, password distributed and saved with data etc.
According to the embodiment of the present invention; PLC unit as master control; for example utilize (k; n) the secret sharing approach of threshold value; with protection in the password distributed and saved of the data such as the inner program of preserving in unit and the setting a plurality of PLC unit to the system; in these cases; replace with the unit that has malice even exist the operator of malice that the regular unit on the control system is pulled down; as long as in the unit that has malice, do not change the password of usefulness; then can in the unit that has malice, not send encrypted message; the password partition data; therefore password distributed and saved data can prevent the leakage of encrypted message.Thus, can reduce the cost of system operator administrator password.
In addition; according to the embodiment of the present invention; about for example utilizing (k; n) the secret sharing approach of threshold value; with the PLC unit as master control of protection in the password distributed and saved of the data such as the inner program of preserving in unit and the setting a plurality of PLC unit to the system; even know etc. such as changing the operator who is stored in malice with password; password distributed and saved data have been known by the unit that has malice; but because the password distributed and saved utilizes the IO assignment information to process with data; therefore; be difficult to be reduced to the password partition data, for example namely allow to reduction, because the password partition data is to utilize (k; n) the secret sharing approach of threshold value generates; therefore, as long as no k password distributed and saved is reduced to the password partition data with data, just can prevent the leakage of encrypted message.Thus, can reduce the cost of system operator administrator password.
And the present invention is not limited to above-mentioned embodiment, the implementation phase in, in the scope that does not break away from its purport, can carry out various distortion.In addition, include in the above-described embodiment the invention of stages, by disclosed a plurality of structure important documents are suitably made up, can extract various inventions.
For example, even at the several structure important documents of deletion from the entire infrastructure important document shown in the above-mentioned embodiment, also can solve the problem described in the summary of the invention hurdle, can access in the situation of the effect described in the effect hurdle of invention, the structure after this structure important document is deleted can extract as invention.And, also the structure important document in the above-mentioned embodiment suitably can be made up.
Industrial applicibility
As mentioned above, the password store method of programmable logic controller (PLC) involved in the present invention and programmable logic controller (PLC) is effective to the leakage that prevents password, is specially adapted to the situation of password distributed and saved to a plurality of PLC unit.
The explanation of label
100 programmable logic controller (PLC)s
110 elementary cells
120,140,160 input blocks
130 output units
Output unit before the replacing in 150 unit replacements
Output unit after the replacing in 170 unit replacements
111,121,131,141,151,161,171 storeies (ROM)
112,123,133,143,153,163,173 main storage means (RAM)
113,124,134,144,154,164,174 data bus I/F
114 MPU
122,142,162 input I/F
132,152,172 output I/F
111a forms information
111b, 171b change and use password
111c, 121a, 131a, 141a, 151a, 161a password dispersed information
180 base unit
181a, 181b, 181c, 181d, 181e, 181f slot
191,193,194 open and close signal/simulating signal etc.
192 external loadings/fictitious load etc.
S200 to S290 step

Claims (12)

1. programmable logic controller (PLC), it has master unit and more than or equal to 1 slave unit,
This programmable logic controller (PLC) is characterised in that,
Described master unit has the composition information table that the IO numbering that is dispensed to described slave unit is managed, according to the password that is set in the described master unit is cut apart the password partition data that gets, utilization is dispensed to the IO numbering of described slave unit, generating cipher dispersed information
Described slave unit is preserved the described password dispersed information that sends over from described master unit.
2. programmable logic controller (PLC) according to claim 1 is characterized in that,
Described master unit utilizes the IO numbering that is dispensed to described master unit according to the password that is set in the described master unit is cut apart the password partition data that gets, and generates from the password dispersed information and preserves.
3. programmable logic controller (PLC) according to claim 1 and 2 is characterized in that,
Be replaced by at described slave unit in the situation of new slave unit,
Only the 1st changing in the 2nd replacing held with password and the described new slave unit situation consistent with password that described master unit is held, the described password dispersed information that the described slave unit that described master unit will be replaced is preserved is sent to described new slave unit.
4. programmable logic controller (PLC) according to claim 3 is characterized in that,
Be replaced by at described slave unit in the situation of new slave unit,
Described master unit is collected the described password dispersed information of being preserved by the described slave unit of not changing, and generates the described password dispersed information that sends to described new slave unit based on the described password dispersed information of collecting.
5. according to claim 3 or 4 described programmable logic controller (PLC)s, it is characterized in that,
The described the 1st changing in described the 2nd replacing held with password and the described new slave unit situation consistent with password that described master unit is held, from described new slave unit, described the 2nd replacing is deleted with password.
6. each described programmable logic controller (PLC) in 5 according to claim 1 is characterized in that,
Utilize the secret sharing approach of (k, n) threshold value, the password that is set in the described master unit is cut apart the generating cipher partition data.
7. the password store method of a programmable logic controller (PLC), this programmable logic controller (PLC) have master unit and more than or equal to 1 slave unit,
The password store method of this programmable logic controller (PLC) is characterised in that,
Described master unit is cut apart the password that is set in the described master unit, the generating cipher partition data,
Described master unit utilization is dispensed to the IO numbering by self-administered described slave unit, according to described password partition data, and the generating cipher dispersed information,
Described master unit is sent to described slave unit with described password dispersed information,
Described slave unit is preserved the described password dispersed information that sends over from described master unit.
8. the password store method of programmable logic controller (PLC) according to claim 7 is characterized in that,
Described master unit utilization is dispensed to the IO numbering of described master unit, according to described password partition data, generates from the password dispersed information and preserves.
9. according to claim 7 or the password store method of 8 described programmable logic controller (PLC)s, it is characterized in that,
Be replaced by at described slave unit in the situation of new slave unit,
The 1st change the 2nd replacing held with password and described new slave unit and judge with whether password is consistent what described master unit was held,
Only in the situation that consistent, described master unit will be sent to described new slave unit by the described password dispersed information that the described slave unit that is replaced is preserved.
10. the password store method of programmable logic controller (PLC) according to claim 9 is characterized in that,
Be replaced by at described slave unit in the situation of described new slave unit,
Described master unit is collected the described password dispersed information of being preserved by the described slave unit of not changing, and generates the described password dispersed information that sends to described new slave unit based on the described password dispersed information of collecting.
11. according to claim 9 or the password store method of 10 described programmable logic controller (PLC)s, it is characterized in that,
The described the 1st changing in described the 2nd replacing held with password and the described new slave unit situation consistent with password that described master unit is held, from described new slave unit, described the 2nd replacing is deleted with password.
12. the password store method of each described programmable logic controller (PLC) in 11 is characterized in that according to claim 7,
Utilize the secret sharing approach of (k, n) threshold value, the password that is set in the described master unit is cut apart the generating cipher partition data.
CN2011800676998A 2011-02-16 2011-02-16 Programmable logic controller, and method of storing password for programmable logic controller Pending CN103370660A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/053299 WO2012111117A1 (en) 2011-02-16 2011-02-16 Programmable logic controller, and method of storing password for programmable logic controller

Publications (1)

Publication Number Publication Date
CN103370660A true CN103370660A (en) 2013-10-23

Family

ID=46672081

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011800676998A Pending CN103370660A (en) 2011-02-16 2011-02-16 Programmable logic controller, and method of storing password for programmable logic controller

Country Status (6)

Country Link
JP (1) JPWO2012111117A1 (en)
KR (1) KR20130106884A (en)
CN (1) CN103370660A (en)
DE (1) DE112011104899T5 (en)
TW (1) TW201235804A (en)
WO (1) WO2012111117A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014012870A1 (en) 2013-09-05 2015-03-05 Seoul Viosys Co., Ltd. Air purifier using ultraviolet rays
CN111769992B (en) * 2020-07-13 2022-06-21 迈普通信技术股份有限公司 Network data management method, cloud platform and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008087734A1 (en) * 2007-01-19 2008-07-24 Mitsubishi Electric Corporation Cryptogram generating device, cryptogram communication system, and group parameter generating device
CN101329658A (en) * 2007-06-21 2008-12-24 西门子(中国)有限公司 Encryption and decryption method, and PLC system using the same
JP2009103774A (en) * 2007-10-22 2009-05-14 Panasonic Corp Secret sharing system
CN101840221A (en) * 2009-01-21 2010-09-22 费舍-柔斯芒特系统股份有限公司 Removable security modules and related methods

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4788912B2 (en) 2006-10-12 2011-10-05 オムロン株式会社 PLC
JP5332004B2 (en) * 2009-06-29 2013-11-06 独立行政法人産業技術総合研究所 Electronic device and its unauthorized use prevention method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008087734A1 (en) * 2007-01-19 2008-07-24 Mitsubishi Electric Corporation Cryptogram generating device, cryptogram communication system, and group parameter generating device
CN101329658A (en) * 2007-06-21 2008-12-24 西门子(中国)有限公司 Encryption and decryption method, and PLC system using the same
JP2009103774A (en) * 2007-10-22 2009-05-14 Panasonic Corp Secret sharing system
CN101840221A (en) * 2009-01-21 2010-09-22 费舍-柔斯芒特系统股份有限公司 Removable security modules and related methods

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
许春香 等: "门限多重秘密共享方案", 《电子学报》 *

Also Published As

Publication number Publication date
KR20130106884A (en) 2013-09-30
WO2012111117A1 (en) 2012-08-23
DE112011104899T5 (en) 2013-11-07
TW201235804A (en) 2012-09-01
JPWO2012111117A1 (en) 2014-07-03

Similar Documents

Publication Publication Date Title
CN110909079B (en) Data exchange synchronization method, system, device, server and storage medium
EP3013005B1 (en) Method and system for virtual network mapping protection and computer storage medium
CN104077199B (en) Based on partition method and the system of the high-availability cluster of shared disk
CN101442471A (en) Method for implementing backup and switch of IPSec tunnel, system and node equipment, networking architecture
CN105391684A (en) Centralized management method and centralized management device for strategies
CN104468648A (en) Data processing system and method
CN104903861A (en) Clipboard management
CN103488590A (en) Programmable display
CN107426021A (en) Construction method, device and the redundant system of redundant system
CN103369660A (en) Network-element data synchronization method and network-element device
CN109005198A (en) A kind of controller attack protection security strategy generation method and system
CN104298936B (en) A kind of FPGA encryptions and parameter configuring system based on CPLD chips
CN111061741B (en) Power test data management method, system, terminal and storage medium
CN103370660A (en) Programmable logic controller, and method of storing password for programmable logic controller
CN111985006A (en) Block chain based data synchronization method, system and computer readable storage medium
CN109977038A (en) A kind of access control method of encrypted U disk, system and medium
CN111083088A (en) Cloud platform hierarchical management method and device based on multiple security domains
CN202331125U (en) Remote controller
CN112099878A (en) Application software configuration management method, device and system
CN112468317A (en) Cluster topology updating method, system, equipment and computer storage medium
EP3794482B1 (en) Method for securing an automated system
CN105591467B (en) Relay protection fault information main station system based on Service-Oriented Architecture Based
CN102868594B (en) Method and device for message processing
CN108154042A (en) A kind of file system encryption method and device
CN116048654A (en) Automatic configuration method and system for hardware resources

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20131023