JP4832376B2 - Supervisory control system - Google Patents

Description

  In the present invention, in a plant or the like that performs a monitoring and control business, the worker who is engaged in the business is authenticated (hereinafter referred to as personal authentication or personal authentication) and the operation authority of the worker is confirmed. It is related with the monitoring control system which can aim at the improvement of security by permitting operation from the result of the operation authority and the personal authentication for the operation request.

  As a conventional technique, as described in [Patent Document 1], there is a system that performs worker confirmation at regular time intervals using worker's biological appearance information.

  Further, as described in [Patent Document 2], in a monitoring and control facility, there is proposed a system for setting worker authentication means using a fingerprint that is a worker's biometric information and the operator's operation authority. .

JP 2006-163453 A JP 2001-125602 A

  The personal authentication method described in [Patent Document 1] and [Patent Document 2] is personal authentication using one biometric authentication means. For this reason, for example, in the case of fingerprint authentication, when it is impossible to authenticate because of a finger injury, or when it is in a situation where fingerprint authentication cannot be performed because of wearing a glove, it is one of the normal tasks of monitoring control work Cannot be performed or the security function is turned off.

  In these control systems, humans who have registered fingerprints in advance can use the monitoring and control facility. However, if a disaster occurs and operations requiring urgent action are required, humans who are not registered in the system cannot operate. There is a problem that the control work cannot be performed until the worker arrives.

  In addition, in the conventional technology, the operator is authenticated at the time of starting up the control system or at the display start timing of the operation screen, but this authentication method does not necessarily require the operator himself or herself to operate the plant. There was a drawback that data could be changed.

  Also, in the fields of water purification plants, power plants, etc., it is necessary to perform control in real time, and with conventional technology, it takes time to read biometric information, so that workers are authenticated each time an operator performs an operation. It was difficult. In other words, when performing worker authentication using the biometric information of the worker, in order to increase the authentication accuracy based on the biometric information, an operation such as the operator directly touching the authentication device or showing the authentication device is required. In the case of the operator, there was no time to operate the authentication device between operations, and it was necessary to take off the protective equipment each time, which was not a practical method.

  When biometric information is used for worker authentication, personal information such as fingerprints, finger vein patterns, facial images, iris patterns, and voiceprints are unique, and biometric information recorded and managed for authentication flows out If so, its significance is not comparable to other authentication information.

  Recently, there is an increasing need for countermeasures against terrorism in infrastructure, and it is necessary to strengthen the security of plant operation monitoring systems. When using biometric information or biometric appearance information for worker authentication, it is necessary to pay attention to the handling of such information, and when introducing strong security, the burden on the plant administrator who adopts an authentication method that handles biometric information is large, This is a problem when introducing a biometric authentication system.

  In addition, the plant described above has a high social importance, and there are facilities that are difficult to operate by all operators and maintenance personnel. In the conventional monitoring control system, a mechanism is adopted in which a worker is authenticated at the start of work, the operation authority of the worker is set in advance, and only permitted operations can be executed. However, as mentioned above, it is necessary to control the plant in real time because it is possible for the operator to operate the plant even if it is not necessarily the person himself, and it is necessary to authenticate that the operator himself is operating the operation each time. It was difficult to do.

  An object of the present invention is to provide a monitoring and control system capable of authenticating a worker in response to an operation request of a worker in real-time control in consideration of operation authority at the time of a disaster, inspection and maintenance in a monitoring control system such as a plant. It is in.

  In order to solve the above problem, the monitoring control system of the present invention includes a first worker specifying device that reads a worker's biological information or biological appearance information, and a second worker specifying for recognizing the worker. Device, biometric information storage unit storing personal biometric information or bioappearance information in advance, personal setting information storage unit storing personal identification information including operation authority permitted by operator, inspection and maintenance of equipment Equipment information storage unit storing equipment information including registration information and disaster registration information, and when the operator's operation request input by the input device is the first time, or the second worker specifying device recognizes the worker If not, a personal authentication execution unit that performs personal authentication based on the biometric information or bioappearance information read from the biometric information storage unit and the biometric information or bioappearance information read by the first operator identification device; Existence of operation authority for the facility requested by the operator using the personal authentication result of the authentication execution unit, the facility information stored in the facility setting information storage unit, and the personal identification information stored in the personal setting information storage unit It is provided with a personal authentication information collating unit for judging the above.

  According to the present invention, it is possible to authenticate the worker with respect to the operation request of the worker while realizing real-time control in consideration of the operation authority at the time of disaster, inspection, and maintenance in the monitoring control system such as the plant, and security is ensured. A monitoring control system that can be provided can be provided.

  A monitoring control system according to an embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a configuration diagram of a monitoring control system according to the present embodiment. Here, the monitoring control system of the present embodiment is used in water purification plants, power plants, factories, roads, railways, and the like.

  The monitoring control system of this embodiment mainly includes a work authentication system 10, an input / output processing unit 50 connected to the work authentication system 10, a personal authentication system 60 connected to the input / output processing unit 50, and an output device 20. And an input device 30 and an operator specifying device 40.

  The work authentication system 10 is connected to the equipment information storage unit 14 and the personal setting information storage unit 12 connected to the administrator's terminal 11, the equipment information storage unit 14, the personal setting information storage unit 12, and the input / output processing unit 50. And a personal authentication information verification unit 13.

  The input / output processing unit 50 includes an operation execution unit 51 connected to the personal authentication information matching unit 13 and the output device 20 of the work authentication system 10, an operation history storage unit 52 connected to the operation execution unit 51, and the input device 30. And the personal identification verification requesting unit 54 connected to the personal identification information verification unit 13 and the personal identification system 60.

  The worker specifying device 40 includes an RF tag reader 41, an authentication device with finger vein authentication function 42, and a face image information acquisition unit 43. The RF tag reader 41, an authentication device with finger vein authentication function 42, and a face image information acquisition unit. 43 are connected to the personal authentication verification requesting unit 54 of the input / output processing unit 50, respectively.

  The personal authentication system 60 includes a personal authentication execution unit 61 connected to the input / output processing unit 50 and a biometric information storage unit 62 connected to the personal authentication execution unit 61.

  The worker 70 refers to the information of the monitoring control system obtained from the output device 20 and inputs it with the input device 30 to make an operation request. The input processing unit 53 of the input / output processing unit 50 that has received the operation request of the worker 70 from the input device 30 authenticates with the finger vein authentication function of the worker specifying device 40 when the operation request from the worker 70 is the first time. The apparatus 42, the face image information acquisition unit 43, and the like acquire biological information using the worker's fingerprint and finger vein pattern, and biological appearance information such as the worker's face image, iris pattern, body odor, voice print, and walking. . Also, the personal identification information is read from the reading unit of the personal identification device 40 worn by the worker by the RF tag reader 41 of the worker identification device 40 or the like.

  The input / output processing unit 50 sends the acquired biometric information or biometric appearance information to the personal authentication verification request unit 54. The personal authentication verification request unit 54 that has received the biometric information or the biometric appearance information requests the personal authentication execution unit 61 of the personal authentication system 60 for personal authentication. In the personal authentication execution unit 61, the biometric information or the biometric appearance information of the worker 70 received from the personal authentication verification request unit 54 and the biometric information or the biometric appearance information stored in advance in the personal authentication system 60 are stored in the biometric information storage unit. Obtained from 62 and performs personal authentication.

  The result of the personal authentication executed by the personal authentication execution unit 61 is transmitted to the personal authentication verification request unit 54. Upon receiving the personal authentication result, the personal authentication verification request unit 54 causes the personal authentication information verification unit 13 to operate the personal authentication verification result of the worker 70, the personal identification information acquired from the personal identification device 40, and the operator 70. Information on the equipment to be performed and details of operations are transmitted.

  The personal authentication information matching unit 13 that has received the information acquires the personal identification information of the worker 70 from the personal setting information storage unit 12 of the work authentication system 10 and acquires the operation authority permitted for the worker 70. To do. In addition, the personal authentication information collating unit 13 acquires equipment maintenance / inspection equipment information and disaster information of the monitoring control system from the equipment information storage unit 14.

  The personal authentication information verification unit 13 refers to the information received from the personal authentication verification request unit 54, the information received from the personal setting information storage unit 12, and the information received from the facility information storage unit 14. It is determined whether the requested equipment has the operation authority, whether the equipment is in a maintenance, inspection, or disaster state. If the operation request of the worker 70 is permitted, the operation of the input / output processing unit 50 is performed. An operation request is made to the execution unit 51.

  In the operation execution unit 51, when the operation request is received, the operation history storage unit 52 stores the personal identification information that can identify the worker 70, the operation content, the time, and the operation result. Further, the result of processing performed by the operation execution unit 51 is transmitted to the worker 70 via the output device 20.

  Further, for example, by providing a biometric information reading unit in a pointing device such as a mouse, the worker can be authenticated every time the operator operates, and the worker may be specified.

  FIG. 2 is a flowchart of the authentication procedure in the present embodiment. When an operator makes an operation request using the input device 30 in step S001, the personal authentication verification request unit 54 checks whether biometric authentication or biometric appearance authentication is necessary in step S002. After performing biometric authentication and biometric appearance authentication, there has been a change in the reading status of the personal identification device 40, such as the worker identification device 40 such as an RF tag being removed from the body or the personal identification device 40 being out of the reading range. If this is the case, or at the first time of operation, in step S003, the personal authentication execution unit 61 is requested to perform biometric authentication and biometric appearance authentication of the worker. Here, detection of whether or not the personal identification device is removed is performed using a body temperature sensor or a removal sensor.

  When the biometric authentication and the biometric appearance authentication are successful, the personal authentication information matching unit 13 reads out the equipment inspection, maintenance registration information, and disaster registration information from the equipment information storage unit 14.

  In step S010, the personal authentication information matching unit 13 refers to these pieces of information and the personal setting information of the worker obtained from the personal setting information storage unit 12, and the worker 70 who has made the operation request makes the personal setting information storage unit. 12 and the person who is registered in the biometric information storage unit 62, determines whether the content of the operation request is permitted, and sends the result to the operation execution unit 51. Receiving this information, the operation execution unit 51 executes the requested process in step S011. In step S012, the operation execution result is output to the output device 20, and the operator 70 can obtain the output result.

  Once the biometric authentication and the biometric appearance authentication are performed, the worker has moved, such as the personal identification device 40 of the worker 70 has not moved, has not been removed, or the personal identification device 40 is in the reading range. If not, there is no need for biometric authentication and biometric appearance authentication. In this case, information is read from the personal identification device 40 such as an RF tag in step S004 shown in FIG. If the personal identification information read from the personal identification device 40 is already registered in the plant control system, the personal setting of the worker 70 is read out and the equipment information is acquired from the equipment information storage unit 14 in step S007. I do.

  At this time, if the information of the personal identification device 40 such as the RF tag is not registered in the plant control system, the personal authentication information matching unit 13 receives the authentication failure information from the personal authentication verification requesting unit 54. In step S008, equipment information is acquired from the equipment information storage unit 14 because there is a possibility of inspection or a disaster.

  In step S009, if the target equipment of the operation request is registered for maintenance and inspection and does not require an authentication result for the operation request, or is registered for a disaster, anyone can operate in the event of a disaster It is determined whether or not the setting is possible. Even if the personal authentication fails, the personal authentication information collation unit 13 accepts the operation request issued by the worker 70 in step S011 and sets the operation execution unit 51 to perform the operation if the work authentication is not required. Make a request. However, if the requested operation is not permitted in step S010, or if authentication is always required in step S009, a message indicating that execution is impossible is output to the output device 20 in step S013.

  In this way, when the worker issues an operation request to the plant monitoring and control system, whether the worker who issued the request is a person registered in the personal setting information storage unit, or issued an operation request. Since it is checked whether or not the facility has the operation authority and the operation result is output to the output unit of the monitoring and control apparatus, it is possible to realize the personal authentication and the operation authority check for each request of the worker.

  Since a plurality of pieces of biological information and biological appearance information can be set and appropriate information can be selected for each plant, it is possible to cope with cases where the personal identification device is detached from the body and cannot be authenticated.

  In addition, by registering information that can identify a worker by associating biometric information and biometric appearance information in the personal setting information storage unit, authentication at the time of an operation request is performed using an authentication means based on biometric information at the first authentication. The method reduces the authentication time by using the personal identification information, and can authenticate the user and confirm the operation authority every time the operator requests the operation.

  Also, the personal authentication is not the worker's biometric information, but a reader that is necessary for authentication is installed near the operating instrument, and the worker's biological appearance and behavior features such as facial images, iris patterns, body odor, voiceprint, and walking It is possible to check the work authority while confirming that the worker has not been changed every time the worker requests an operation.

  Also, a personal identification device such as an RF tag is attached to the worker, and when the operator operates, the personal identification device information is obtained from a reading unit provided near the work implement, and the worker issues an operation request. It is possible to check work authority while confirming that

  Also, a personal information identification device such as an RF tag is attached to the worker, and authentication is performed while using the personal identification device when the worker operates, and the RF tag has a worker by means of a body temperature sensor or a removal sensor. Detects whether or not the personal identification device has been removed, and identifies the worker by biometric information such as fingerprints and vein patterns, or the worker's appearance and behavior characteristic information such as facial image, iris pattern, body odor, voice print, and walking After identifying the worker once at the start of work, the personal identification device such as an RF tag attached to the worker is validated. When it is detected that an individual identification device such as an RF tag has been removed, the authentication is performed again by biometric information, bioappearance information, or biobehavioral information, thereby reducing the number of biometric authentications performed by the operator. Authentication can be performed for each operation request of the operator.

  FIG. 3 shows the flow of processing for editing worker information by the manager 11 or a worker 70 having equivalent authority, inspecting, maintaining, and registering plant monitoring system equipment in the equipment information storage unit 14, or editing disaster information. It is a thing.

  In step S <b> 101, using the input device 30, the administrator 11 or the worker 70 is stored in the facility information editing request or the operator information editing request registered in the personal setting information storage unit 12. Equipment inspection, maintenance registration, or disaster information editing request stored in the equipment information storage unit 14 is made.

  If the operation request from the administrator 11 or the worker 70 is the first time, authentication processing is performed because biometric authentication and biometric appearance authentication are necessary in step S102. Biometric authentication and biometric appearance authentication are performed. If the authentication is not successful, the output device 20 displays an inexecutable message and ends the process.

  If it is not the first request, it is determined in step S103 that the administrator 11 or the worker 70 has already undergone biometric authentication and biometric appearance authentication, and is not necessary. In this case, the personal identification device 40 to be worn to identify the administrator 11 or the worker 70 is read, and based on the information obtained from the reading device of the personal identification device 40 such as the RF tag reader 41 in step S104. Read personally identifiable information.

  If it is determined in S105 that the personal identification information read from the personal setting information storage unit 12 has already been registered, in step S106, the personal setting information of the administrator 11 or the worker 70 is stored in the personal setting information storage unit. 12 is read out.

  If personal setting information such as an RF tag is not registered in the personal setting information storage unit 12, in step S111, an output indicating that execution is impossible is output to the output device 20, and the process ends. If the biometric authentication and the biometric appearance authentication are successful in step S103, or if the authentication using the information of the personal identification device such as the RF tag is successful in step S105, the personal authentication information matching unit 13 operates in step S107. Information on the target equipment is acquired from the equipment information storage unit 14.

  In step S108, the personal authentication information collation unit 13 refers to the personal setting information and the facility information, and checks whether the manager 11 or the operator 70 can execute the operation on the operation target facility. If the operation is not permitted, a message indicating that the operation cannot be performed is output to the output device 20 and the process is terminated. If the operation is permitted, the personal authentication information matching unit 13 executes the requested process in step S109. In step S110, the operation result is output to the output device 20, and the process ends.

  In this way, the administrator and the worker who has the authority to change the personal settings need to perform monitoring and control work regardless of the presence of personal authentication during normal work and the setting of operation authority for reasons such as disasters. Assuming that there is a case, the monitoring control system can be used to set whether or not each worker who performs work at the time of a disaster performs authentication and set operational authority for the monitoring and control equipment. The plant can be operated while maintaining security so that there is no hindrance.

  FIG. 4 is an example in which room entry information is applied to this embodiment, and a room occupant information storage unit 15 is incorporated in the authentication system.

  The personal authentication information verification unit 13 checks the room entry status of the work 70 or the administrator 11 from the room entry information storage unit 15 every time there is an operation request from the worker 70 or the manager 11. Can be allowed. Alternatively, the personal authentication information verification unit 13 determines that the worker 70 or the manager 11 is in the room entry state after receiving the room visitor information once from the room visitor information storage unit 15, and does not reject the operation. When the information from the person information storage unit 15 is updated to the person leaving the room information, it can be rejected.

  FIG. 5 is a flowchart of the authentication procedure when the room occupant information storage unit 15 shown in FIG. 4 is provided. The authentication procedure shown in FIG. 5 is the same as the authentication procedure shown in FIG. 2, but in step S501, the personal authentication information matching unit 13 checks whether the setting is to use room entry / exit information, and step S502. Thus, in the case of setting to use the room entry / exit information, a difference is that a process for obtaining information on whether or not the worker is entering the room from the room entry information storage unit 15 and making a determination is added. When the operator 70 is not entering the room but issues an operation request, the output device 20 is informed that execution is impossible and the process is terminated.

  In this way, the entry / exit information of the worker is acquired from the information server of the entry / exit management system, stored as personal information in the personal setting information storage unit, and when an operation request from the worker occurs, the work If the person is not in the room, the request can be rejected.

  6 shows the flow of information between the plant monitoring control company 100 that uses the authentication system and the authentication data management company 110 that manages the biometric information storage unit 62 and the personal authentication execution unit 61 shown in FIGS. It is the figure which showed an example. A consignment contract 120 is concluded between the plant monitoring and control company 100 and the authentication data management company 110. By paying the contract fee 121, the biological information or the biological information of the manager 11 and the worker 70 who use the plant control system. Appearance information is requested to be managed by the authentication data management company 110.

  The plant supervisory control company 100 entrusts the authentication data management company 110 in the form of personal information registration 122 to add, delete, and change the personal information of the worker. As a result, in the plant supervisory control company 100, the burden of managing personal information is reduced, leading to a reduction in the burden of operating biometric authentication or biometric appearance authentication. The plant monitoring control company 100 and the authentication data management company 110 are connected by a communication network, and personal information can be centrally managed by the authentication data management company 110.

  The plant control system 125 accepts an operation request from the manager 11 or the worker 70, and when the request is the first time or the authentication by the personal identification device is invalid, the personal authentication verification request unit 54 manages the authentication data. A personal authentication request 123 is transmitted to the company 110 and an authentication result 124 is received.

  FIG. 7 is a diagram showing an example of information flow between the plant monitoring control company 100, the authentication data management company 110, and the staffing agency 115. A consignment contract 131 for plant monitoring work is concluded between the plant monitoring and control company 100 and the temporary staffing company 115, and a contract fee 132 is paid. Receiving the contract money, the temporary staffing company 115 makes a consignment contract 133 in the management of personal information with the authentication data management company 110 and pays the contract money 134. Thereafter, the personnel dispatching company 115 registers 135 the personal information of the personnel dispatched as the worker 70 in the biometric information storage unit 62 and registers it in the personal setting information storage unit 12 in the plant control system 100. With the configuration shown in FIG. 7, the plant monitoring control company 100 can avoid the risk of managing personal information and perform plant monitoring control work.

  In this way, biometric information such as fingerprints of plant operators and maintenance personnel, vein patterns, and facial appearance information such as facial images, iris patterns, body odors, voiceprints, and walking methods are services other than those of the supervisory control system administrator. The management reduces the administrative burden, and when there is a need to authenticate biometric information and biometric appearance information, it issues a request to the service provider's management system and manages the service provider that receives this request. In the system, information can be taken in from an external information reading device such as a biological information reading device or a camera in the monitoring control system, and an operator can be identified.

1 is a configuration diagram of a monitoring control system according to an embodiment of the present invention. The processing flow figure of the personal authentication of a present Example. The processing flow figure in the case of performing inspection, disaster registration, or worker information registration. The block diagram of the monitoring control system using entrance / exit information. The processing flow figure of the system using entrance / exit information. Flow chart of information between plant monitoring and control company and authentication data management company. Flow chart of information when a temporary staffing company is included.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Work authentication system 12 Personal setting information storage part 13 Personal authentication information collation part 14 Equipment information storage part 15 Room entry information storage part 20 Output device 30 Input device 40 Worker identification apparatus 50 Input / output processing part 51 Operation execution part 52 Operation history Storage unit 53 Input processing unit 54 Personal authentication verification request unit 60 Personal authentication system 61 Personal authentication execution unit 62 Biometric information storage unit

Claims (11)

A first worker identification device that reads the biological information or biological appearance information of the worker, a second worker identification device for recognizing the worker, and biological information that stores personal biological information or biological appearance information in advance. A storage unit, a personal setting information storage unit storing personal identification information including the operation authority permitted by the operator, and a facility information storage unit storing facility information including equipment inspection, maintenance registration information and disaster registration information When the operator makes an operation request using the input device, the operation request is determined to be the first time, or after the worker's biological information or biological appearance information is read by the first work specifying device, When it is determined that there is a change in the reading situation including that the second worker specifying device is outside the reading range, the biological information or the biological appearance information read from the biological information storage unit, and the first Product Personal authentication execution unit, said individual authentication execution unit personal authentication result and the setting 備情 facility information stored in the paper storage unit and the personal settings for performing personal authentication with the biometric information or biometric appearance information read by the user identification device A monitoring control system including a personal authentication information collating unit that determines whether or not the operator has an operation authority for the operation request target equipment using the personal identification information stored in the information storage unit. When the second worker specifying device can recognize the worker, the personal authentication information collating unit responds to the operator's operation request input by the input device. whether the operation authority for the personal authentication result and the setting 備情 paper storage unit to the stored equipment information and personal setting information storage unit in the stored personal identification information the operator of the operation requested equipment used based on The monitoring control system according to claim 1, wherein For the input device inputted worker operation requested by the personal authentication information collation unit, personal authentication result and the setting 備情 report based on the first biological appearance information read by the operator identification device The monitoring control according to claim 1, wherein it is determined whether or not the operator has an operation authority for the operation request target equipment using the facility information stored in the storage unit and the personal identification information stored in the personal setting information storage unit. system. The second worker identification device is a room occupant information storage unit that stores room occupant information, and the personal authentication information verification unit responds to an operation request of the worker input by the input device. the entrant the entry information that is recorded on the information set 備情 paper storage unit and the operator of the operation request using the personal identification information stored in the stored equipment information and personal setting information storage unit in the The monitoring control system according to claim 1, wherein presence or absence of operation authority for the target equipment is determined. The monitoring control system according to claim 1, wherein the first worker specifying device includes a pointing device such as a mouse equipped with a fingerprint and vein pattern biometric information reading device for specifying the worker.   The biological appearance information is information about the worker's appearance and behavior such as facial images, iris patterns, body odors, voiceprints, how to walk, etc., and the reader of the first worker identification device The monitoring control system according to claim 1, wherein the monitoring control system is an appearance information reading device such as a camera installed near the operating instrument.   2. The monitoring control system according to claim 1, wherein the second worker specifying device includes an RF tag worn by the worker and an RF tag reading device.   A sensor for detecting whether or not the worker has removed the second worker identification device; and when the sensor detects that the second worker identification device has been removed, The monitoring control system according to claim 1, wherein the biological information or the biological appearance information of the worker is read again by one worker specifying device.   A sensor for detecting whether or not the worker has removed the second worker identification device, and when the sensor detects that the second worker identification device has not been removed, The monitoring control system according to claim 1, wherein the personal identification result read by the first worker identification device is determined to be valid.   The monitoring control system according to any one of claims 1 to 9, further comprising an output device for displaying the inspection, maintenance registration status, or disaster status of the facility.   The biometric information storage unit, personal setting information storage unit, facility information storage unit, personal authentication execution unit, and personal authentication information collation unit are installed on the service provider side, and the first worker specifying device and the second worker are provided. The monitoring control system according to claim 1, wherein the monitoring control system is connected to the specific device and the input device via the Internet.

Images