JP2006135883A - Remote wireless control system for construction machine - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To make signal analysis extremely difficult even if a radio signal generated from a controller is intercepted. <P>SOLUTION: A set of controller and receiver has a plurality of common and intrinsic keys to transmit from the controller to the receiver a signal containing information for specifying a key selected out of the plurality of keys and a cryptographic code encrypted using the key selected out of the plurality of keys. In the receiver, the key used to encrypt the transmitted cryptographic code is specified from the signal received from the controller, and this specified key is used to decrypt the cryptographic code. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a remote wireless operation system for a construction machine in which a construction machine such as a hydraulic excavator or a crane is remotely operated (remotely controlled) by a radio signal, and more specifically, a signal including an ID and an operation signal from an operating machine. The present invention relates to a technique for preventing unauthorized remote operation by a malicious third party in a remote wireless operation system in which a receiver of a construction machine performs unique identification using an ID.

  The number of remotely operated construction machines that can be remotely operated (controlled) using radio signals is increasing year by year. Radio waves used for remote control by radio are generally used for specific low-power radio due to restrictions in the Radio Law. In particular, specific low-power radio is used for remote radio operation of construction machinery. Popular as a standard.

  The maximum transmission speed of the specific low-power radio is 2400 to 4800 bps (see Non-Patent Document 1), and the amount of operation signals necessary for the construction machine is about 20 bytes. Since the signal transmission delay time leads to the operation delay of the construction machine, it is necessary that the signal has as little redundancy as possible. For this reason, in remote radio operation of a construction machine using a specific low-power radio, the operation signal is simply transmitted serially, and an error detection code is added to the end of the operation signal and transmitted cyclically for communication. Has been done.

  Whether or not the construction machine can be operated with a radio signal is determined by assigning a common and unique ID in advance to the operation machine and the receiver of the construction machine corresponding to the operation machine on a one-to-one basis. An ID is added to the operation signal to be transmitted, and the ID is detected and determined on the receiving side, thereby determining whether to operate the construction machine. That is, in the conventional remote radio operation system for construction machinery, as long as the IDs match, the receiving side recognizes it as an operation signal to itself, and the operation signal is normal by error detection using an error detection code. If it is determined (there is no communication error in the signal), the operation using the received operation signal is executed.

  Therefore, if the ID is known to a malicious third party, the construction machine is illegally operated. Therefore, when the controller such as the lever of the controller has a concealed numerical value and the controller is in the ID registration mode, the ID can be changed every time the controller is operated, so that the operator of the controller can actually change the ID. A technique is known in which the ID of the transmitting side and the receiving side is erased when the power is turned off to enhance the confidentiality of the ID (see Patent Document 1). . However, even in the technique disclosed in Patent Document 1, once the remote wireless operation of the construction machine is started, the ID is not changed. Further, the error detection code is not changed.

  By the way, if a radio signal emitted from the controller is intercepted, there is an ID in a portion that can be recognized as a fixed signal, and it is an operation signal that changes depending on the type of operation. Therefore, it is easy to extract the ID. The third party can analyze the extracted ID. In addition, the details of the operation signals (number of signals and number of operations) are not disclosed by the manufacturer of the wireless remote control, so it is not easy, but the radio signals themselves cannot prevent interception. It is not possible to completely prevent the operation signal from being analyzed by comparing it with the operation signal.

As described above, in a conventional construction machine remote wireless operation system, there is a mechanism to prevent a malicious third party from operating (driving) the construction machine illegally by analyzing the operation signal. The current situation was not.
Anritsu Technical No. 72 Sept. 1996 JP-A-5-268665

  Remotely-operated construction machines are used for various purposes, and are often used in a wide area such as an outdoor construction site, and the number of operating machines is increasing recently. In this way, when the construction machine is operated outdoors by remote wireless operation, since the wireless signal is not shielded, it is extremely difficult to prevent the interception of the wireless signal emitted from the operating device. It is not possible to completely prevent the wireless signal from being intercepted and analyzing the ID and the operation signal.

  In recent years, it has become necessary to take defensive measures in the remote wireless operation system for construction machines in the above environment. This is because there is a concern that if a situation occurs where a large construction machine is driven without permission by a malicious third party, a great damage is caused. Therefore, even if a radio signal emitted from the operating device is intercepted, it is difficult to analyze the signal as much as possible, and it is as difficult as possible for a third party to operate the construction machine by remote wireless operation. There is a need for a mechanism to make it. In addition, even if a signal is analyzed, there is a demand for a mechanism that limits the range of its influence and that the analysis result cannot be applied to other construction machines even if they are the same type of construction machine.

  By the way, in the conventional remote radio operation system for construction machines, as long as the IDs match and the operation signal is transmitted without error, the construction machine on the receiving side moves in response to the operation signal. In other words, in order to move a remote-controlled construction machine simply and randomly, there is no need to interpret the meaning of the operation signal. Perform some action. Therefore, the countermeasures against the unauthorized operation in the remote wireless operation system of the construction machine are not only the countermeasures against the interception of the signal and the analysis of the contents, but even if the unauthorized wireless signal is received, the construction machine Is a mechanism that does not operate, and this is different from the general confidentiality of communication in which it is only necessary to prevent signal analysis.

  The present invention has been made in view of the circumstances as described above, and its purpose is to make it very difficult to analyze a signal even if a radio signal emitted from an operating device is intercepted, Therefore, it is intended to realize a remote radio operation system with high secrecy and safety. Further, the object of the present invention is to limit the range of influence even if a signal is analyzed, and the analysis result cannot be applied to other construction machines even if they are the same type of construction machine. There is in doing so. In addition, even if the signal is analyzed, by incorporating a signal indicating that driving is permitted into the wirelessly transmitted signal, it is even more difficult to carry out unauthorized driving operations and remote control with excellent confidentiality. There is a wireless operation system.

In order to achieve the above-described object, the present invention provides that the operating machine and the receiver of the construction machine corresponding to the operating machine have a common and unique ID, and the ID from the operating machine to the receiver. When the receiver that has transmitted the signal including the operation signal wirelessly and has received the transmission signal from the operation device matches the ID, and there is no error in the signal due to error detection using an error detection code In the remote wireless operation system for a construction machine configured to output an operation command to the controller of the construction machine, a pair of the operation machine and the receiver is provided with a plurality of common and unique keys, The controller receives the signal including information for specifying a key selected from the plurality of keys and an encryption code encrypted using the key selected from the plurality of keys. Providing means for transmitting to the machine, The signal unit, from a signal received from the operating device, the encryption codes came sent to identify the key used to encrypt, provided with means for decoding the cipher code by using the specified key.
Further, the operating device randomly selects a key from the plurality of keys for each frame unit to be transmitted.
Further, the operating device encrypts at least the error detection code.
Further, an operation permission signal is arranged in the encryption code transmitted from the operation device, and the receiver outputs an operation command only when the operation permission signal is normal.

According to the present invention, a pair of an operating device and a receiver is provided with a plurality of common and unique keys, and a key for encryption and decryption is dynamically changed, for example, encryption performed for each frame unit. Since the code is changed at random, even if a radio signal is intercepted, it becomes very difficult to decode the signal. Therefore, the realization of a remote wireless operation system for construction machines that can be operated with a legitimate operating machine and is extremely difficult to operate with a third-party radio, which is highly confidential and safe. Can do. Also, by encrypting the error detection code, even if the ID is decrypted, the error detection code cannot be decrypted if the encryption code cannot be decrypted. Therefore, it is possible to prevent an unauthorized operation that cannot be prevented by a conventional remote radio operation system for construction machines, in which only the ID is decoded and the construction machine is caused to perform some kind of random operation. it can. Even if the signal is analyzed, the key for encryption and decryption is shared only with the pair of the operating device and the receiver. There is no impact on the construction machinery. In addition, even if the signal is analyzed, it is necessary to include a signal (operation permission signal) indicating that operation is permitted in the signal transmitted wirelessly, unless the arrangement of the operation permission signal is clarified. It is possible to provide a mechanism in which the vehicle cannot be driven, and it is possible to further improve confidentiality and defense against unauthorized operation.
In general, according to the present invention, it is possible to prevent as far as possible illegal and dangerous remote control operation of construction machines due to terrorist activities and mischief, and to improve safety.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram showing an outline of a remote wireless operation system for a construction machine according to an embodiment of the present invention (hereinafter referred to as the present embodiment).

  In FIG. 1, 1 is an operating device, 2 is a remotely operated construction machine (here, a hydraulic excavator) that can be operated only by the operating device 1, and the construction machine 2 includes a receiver 21, a vehicle body controller 22, an electromagnetic A valve unit 23, an antenna 24, and the like are mounted. When the operator operates the controller 1, radio waves (radio signals) are emitted from the wireless transmission means built in the controller 1, and this radio signal is received by the receiver 21 via the antenna 24 on the construction machine 1 side. The The received signal is processed by the signal processing program in the receiver 21. When the received signal is recognized as a regular signal, an operation command signal is serially output from the receiver 21 to the vehicle body controller 22. In response to this, the vehicle body controller 22 appropriately drives and controls the electromagnetic valve unit 23, and various actuators (not shown) of the construction machine 1 are operated in accordance with the operation of the electromagnetic valve unit 23. It is driven by operation. Although not shown, the vehicle body controller 22 controls driving of relays and switches based on the operation command signal from the receiver 21.

  FIG. 2 is a diagram illustrating the configuration of the operating device 1 in FIG. 1, in which 100 is a control unit, 101 is a CPU that performs overall control of the operating device 1 and executes various processes, and 102 is various signals processing programs and the like. A ROM 103 for storing processing programs and various data, 103 is a RAM used as a work area when data is read and written, and 104 is a digital signal for operating commands from various operating levers (not shown) provided in the controller 1. An analog / digital converter for converting to 105, a digital input processing means for receiving operation commands from various operation switches (not shown) provided in the controller 1, and a digital output processing for outputting video data to the display panel Means 107, a serial signal interface 108, a display panel for performing various displays, 109 a wireless transmission means 11 It is an antenna.

  The CPU 101 develops the signal processing program in the work area, reads and interprets the operation command input from the analog / digital converter 104 and the digital input processing means 105 based on this signal processing program, and based on this, reads the operation command (serial Signal) is generated, and a serial signal in which an error correction code is added to this operation command is created. Furthermore, one key is identified from a plurality of keys prepared in advance from random numbers randomly generated for each frame to be transmitted, and the serial signal created above is encrypted using the identified key. Turn into. A synchronization signal, an ID, and the like are added to the encrypted serial signal, and this is output from the serial signal interface 107 to the wireless communication means 109. The wireless communication means 109 performs modulation processing on the input signal, converts it to a high frequency signal, and transmits it as a radio wave from the antenna 110.

  FIG. 3 is a diagram showing the configuration of the receiver 21 of FIG. 1, in which 210 is a control unit, 211 is a CPU that performs overall control of the receiver 21 and executes various processes, 212 is a variety of signal processing programs and the like. A ROM 213 storing processing programs and various data is a RAM used as a work area by reading and writing data, 214 is a serial signal interface, and 215 is a wireless receiving means.

  The wireless receiving means 215 converts the transmission signal (high frequency signal) received from the controller 1 received through the antenna 24 into a low frequency signal, and then demodulates the modulated signal to convert the serial signal into the serial signal interface 214. Output to. Based on this signal processing program, the CPU 211 developing the signal processing program in the work area cuts out a frame from the serial signal input through the serial signal interface 214 using a synchronization signal, and detects an ID from the cut out data. To verify whether the IDs match. When the IDs match, the controller 1 specifies the key that encrypted the frame from the information for specifying the encrypted key that is incorporated in the ID, and specifies the key. The key is used to decrypt the signal, and then an error detection code is used to verify whether the signal is error free. If there is no error in the signal, an operation command (serial signal) is output to the vehicle body controller 22 through the serial signal interface 214.

  Note that the operating device 1 and the receiver 21 have a one-to-one correspondence, and the ROM 102 of the operating device 1 and the ROM 212 of the receiver 21 hold a common and unique ID (ID information). The ROM 102 of the operating device 1 and the ROM 212 of the receiver 21 hold a plurality of common and unique keys (key information) (here, for example, 16 keys are held) and correspond to each key. Random number information (in this case, for example, 16 × k (k is an integer equal to or greater than 1)) is stored. The ROM 102 of the controller 1 holds an encryption rule using a key, and the ROM 212 of the receiver 21 holds an encryption code decryption rule using a key.

  Here, as mentioned above, the types of radio waves that can be used in remote radio operation are limited by the Radio Law, and specific low-power radio is standard for radio waves used in remote radio operation systems for construction machinery. ing. The number of frequency channels of the specific low-power radio is 40 channels in the case of the 400 MHz band, and many construction machines are often operated simultaneously at the same site, so the communication method has to adopt single-line communication. . Therefore, encryption codes cannot be transmitted / received (two-way communication) between the controller 1 and the receiver 21. Therefore, a signal is transmitted from the controller 1 to the receiver 21 as shown in FIG. By transmitting to the click, signal transmission is performed.

  In the radio signal arrangement shown in FIG. 4, one frame includes SYN (synchronization signal), STX (Start of TeXt), ID, data, ETX (End of TeXt), CRC (Cyclic Redundancy Check: error detection code). The data 1 to data n in one frame are operation signals (= operation signals). CRC1 and CRC2 in one frame are error detection codes for detecting a signal error caused by noise or the like during transmission / reception. Note that the error detection code CRC is a SAM signal, an XOR signal, a CRC code, and a composite signal thereof as operation signals. In the receiver 21, first, the main body data portion of the frame is cut out from the signal arrangement in the wireless section by SYN (synchronization signal). FIG. 5 shows a signal arrangement of a frame excluding SYN cut out by the receiver 21.

  In a radio signal transmitted cyclically in the radio section signal arrangement shown in FIG. 4 and described above, IDs that do not change are easily distinguished from data 1 to data n that change according to the operation content. It is possible to analyze the ID by intercepting radio signals. It is also easily known that the changing part is an operation signal. Further, in the remote wireless operation system for construction machinery, the receiver 21 detects the ID, and if the detected ID matches the ID unique to the pair of the operating device 1 and the receiver 21, then the signal error is detected. If the result of the error detection is OK and the result of error detection is OK, the operation command is regarded as a correct operation signal and an operation command is passed to the vehicle body controller 22. The vehicle body controller 22 analyzes the operation command data to drive and control the corresponding controlled objects (solenoid valves and the like) (this mechanism is a construction machine such as a crane). The same applies to the above). Therefore, in the remote wireless operation system for construction machines that employs such a mechanism, if the ID is known to a third party, the third party can correctly perform the error detection operation without analyzing the operation signal. The construction machine will do some operation just to make it appear. Therefore, in the present embodiment, at least the error detection code is encrypted, and unless the third party can decrypt the code, the error detection code cannot be forged into a form that works for error detection. It is a thing.

  FIG. 6 shows the data structure of a signal of one frame that is wirelessly transmitted by the controller 1. In this embodiment, the signal No. 1 in one frame. The upper 4 bits of “7” (that is, ID3) are set as numerical data indicating a random number i that is randomly generated by the controller 1 every frame. As described above, the randomly generated random number i is information for specifying one of a plurality of keys shared only by the controller 1 and the receiver 21. In addition, using the key specified by the random number i, the signal No. All data after “8” is encrypted to be an encryption code. A signal having such a data structure is cyclically transmitted from the controller 1 in this way.

  FIG. 7 is a flowchart showing the flow of the one-frame signal encryption process by the controller 1. First, a random number i is generated (step S1), and the value (i1 to i4) of the generated random number i is set to signal No. 1 in FIG. It puts in b4-b7 of "7" (step S2). Then, the data to be encrypted is calculated by calculating the data to be encrypted (signals Nos. “8” to “n + 3”) in FIG. 6 and the data of the key I determined by the generated random number i. Encryption is performed to obtain an encryption code (step S3). As a result, signals from operation data 1 to data n to error detection codes CRC1 and CRC2 are encrypted. Examples of the encryption rule include taking an exclusive OR (XOR) of the data to be encrypted and the key data, and using this as an encryption code. In addition to this, an arbitrary encryption method such as a method of simply adding a number sequence for each bit can be used as the encryption method.

In this embodiment, as shown in FIG. 8, 16 types of keys for encryption and decryption are prepared. In correspondence with each signal No. to be encrypted. The key data I _{8 to In +3} are individually assigned for each signal (each signal No. “8” to “n + 3”). Key data having such a data structure is stored in the ROM 102 of the controller 1 and the ROM 212 of the receiver 21, respectively. In this way, each signal No. When the key data I _{1 to In +3} are assigned individually for each, the confidentiality is excellent.

  FIG. 9 is a flowchart showing an outline of the flow of signal processing of one frame signal by the receiver 21. First, a frame is cut out based on the synchronization signal (step S11), an ID is detected from the cut out data (step S12), and it is determined whether or not the IDs match (step S13). If the IDs do not match (NO in step S13), the process flow ends. If the IDs match (if YES in step S13), the signal No. The value of the random number i is extracted from b4 to b7 of “7”, and the key I on which the controller 1 has encrypted the frame is specified from the extracted value of the random number i (step S14). Then, using the data of the specified key I, the data (signal No. “8” to “n + 3”) that is an encryption code (encrypted) is decrypted (step S15). Next, error detection processing is performed using an error detection code (step S16), and it is determined whether or not there is an error in the signal (step S17). If there is an error in the signal (if NO in step S17), the process flow ends. If there is no error in the signal (if YES in step S17), an operation command (serial signal) is output to the vehicle body controller 22 (step S18), and this processing flow ends.

  As described above, in the present embodiment, the key for encryption and decryption is selected each time by the random number generated at every frame on the transmission side (controller side). Since each key is different, it is excellent in secrecy. Furthermore, since there is no regularity in the selection of the key, the secrecy is further increased. In this embodiment, since 16 types of keys expressed in 4 bits are used, it is considerably difficult for a third party to decrypt all the 16 types of keys. Moreover, since not only the operation signal but also the error detection code is encrypted, even if a third party decrypts only the ID and causes the construction machine to perform some random operation, error detection using the error detection code is possible. Since it cannot be performed, it is further excellent in secrecy and defense against illegal operations. Even if the key (encryption code) is analyzed, the key for encryption and decryption is shared only between the controller and the receiver. Even so, it is impossible to apply the analysis results to other construction machines.

  By the way, even if the switch signal goes wrong by 1 bit, it affects the operation. In this embodiment, the operation permission signals E + and E− configured by a plurality of bits indicating that the operation by the remote operation is further permitted, It is arranged at any position of data 1 to data n in FIG. This is because even if the key (encryption code) is analyzed, the construction machine cannot be operated by remote wireless operation by itself. That is, only when the operation permission signals E + and E− embedded in the data as encryption codes are normal at the same time as in the processing flow by the operation permission signal in FIG. 10 (in the case of YES in step S21). Driving is permitted (step S22), otherwise (NO in step S21), driving is prohibited (step S23). In this way, even if the key (encryption code) is analyzed and the error detection code can be manufactured to work normally, the remote operation is not performed unless the sequence of the operation permission signals E + and E− is clarified. Unauthorized operation of the construction machine by wireless operation can be prevented.

It is explanatory drawing which shows the outline of the remote radio | wireless operation system of the construction machine which concerns on one Embodiment of this invention. It is a block diagram which shows the structure of the operating device in FIG. It is a block diagram which shows the structure of the receiver in FIG. It is explanatory drawing which shows the signal arrangement | sequence (in the radio | wireless area) of the signal transmitted from the operating device in FIG. FIG. 3 is an explanatory diagram of a signal arrangement of frames excluding SYN cut out by the receiver in FIG. 1. It is explanatory drawing which shows the data structure of the signal of 1 frame which the operating device in FIG. 1 transmits wirelessly. It is a flowchart which shows the flow of the encryption process of the signal of 1 frame by the operating device in FIG. The key No. used in the remote wireless operation system for construction machinery according to one embodiment of the present invention is shown. And each key No. It is explanatory drawing which shows the key data. It is a flowchart which shows the outline | summary of the flow of the signal processing of the signal of 1 frame by the receiver in FIG. It is a flowchart which shows the flow of the process based on the driving | operation permission signal by the receiver in FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Controller 2 Construction machine 21 Receiver 22 Car body controller 23 Electromagnetic valve unit 24 Antenna 100 Control unit 101 CPU
102 ROM
103 RAM
104 Analog / Digital Converter 105 Digital Input Processing Unit 106 Digital Output Processing Unit 107 Serial Signal Interface 108 Display Panel 109 Wireless Transmission Unit 110 Antenna 210 Control Unit 211 CPU
212 ROM
213 RAM
214 Serial signal interface 215 Wireless receiving means i1 to i4 Random number i value E +, E- Operation permission signal

Claims (5)

The operating machine and the receiver of the construction machine corresponding to the operating machine have a common and unique ID, and wirelessly transmit a signal including the ID and the operating signal from the operating machine to the receiver. When the receiver that has received the transmission signal from the operating machine matches the ID and there is no error in the signal due to error detection using an error detection code, an operation command is sent to the controller of the construction machine. In a remote radio operation system for construction machinery that is configured to output
A plurality of common and unique keys are given to the pair of the operating device and the receiver,
The controller includes a signal including information for specifying a key selected from the plurality of keys and an encryption code encrypted using the key selected from the plurality of keys. Means to send to the receiver,
The receiver is provided with means for identifying the key used to encrypt the transmitted encryption code from the signal received from the controller and decrypting the encryption code using the specified key. ,
A remote radio operation system for construction machinery. In the remote radio operation system of the construction machine according to claim 1,
The remote control system for a construction machine, wherein the operating device has means for randomly selecting a key from the plurality of keys at predetermined timings. In the remote radio operation system of the construction machine according to claim 2,
The remote control system for a construction machine, wherein the operating device has means for randomly selecting a key from the plurality of keys for each frame unit to be transmitted. In the remote radio operation system of the construction machine according to claim 1,
A remote wireless operation system for construction machines, wherein at least an error detection code is encrypted. In the remote radio operation system of the construction machine according to claim 1,
An operation permission signal is arranged in an encryption code transmitted from the operation machine, and the receiver outputs an operation command to the construction machine controller only when the operation permission signal is normal. A remote wireless operation system for construction machinery.

Images