JP6923038B2 - Communication systems, communication methods, and programs - Google Patents

Description

The present invention relates to communication systems, communication methods, and programs.

In Patent Document 1, in a communication system having a communication master and a communication slave that operates in response to a command from the communication master, a command is transmitted from the communication master to the communication slave, and the operation result from the communication slave to the communication master. Is stated to be sent.

International Publication No. 2017/046916

An object to be solved by the present invention is, for example, to enhance security in a communication system including a plurality of industrial devices capable of synchronous communication.

The communication system according to one aspect of the present invention is a communication system including a plurality of industrial devices capable of synchronous communication, and the plurality of industrial devices that perform communication include an encryption unit that encrypts transmitted data and other industries. It has a transmission unit that transmits the transmission data to the device, a reception unit that receives encrypted reception data from the other industrial equipment, and a decoding unit that decodes the reception data.

The communication method according to one aspect of the present invention is a communication method of a plurality of industrial devices capable of synchronous communication, in which transmission data is encrypted, the transmission data is transmitted between the plurality of industrial devices, and the plurality of transmission data are transmitted. Receives encrypted received data between industrial devices and decrypts the received data.

The program according to one aspect of the present invention includes an encryption unit that encrypts transmission data of an industrial device capable of synchronous communication with another industrial device, a transmission unit that transmits the transmission data to the other industrial device, and the other. It functions as a receiving unit that receives encrypted received data and a decoding unit that decrypts the received data.

According to one aspect of the present invention, the communication system has a setting unit for setting encrypted communication for each combination of industrial devices for communication.

According to one aspect of the present invention, the setting unit makes settings related to encrypted communication for each combination of industrial devices to be communicated based on the model of the industrial device included in the combination.

According to one aspect of the present invention, the encryption unit encrypts the transmission data based on the type of the transmission data, and the decryption unit encrypts the reception data based on the type of the reception data. Decrypt.

According to one aspect of the present invention, the encryption unit encrypts the transmitted data based on whether or not synchronous communication is used, and the decryption unit is based on whether or not synchronous communication is used. The received data is decrypted.

According to one aspect of the present invention, the communication system includes three or more industrial devices capable of synchronous communication, a combination of industrial devices that use encrypted communication, and an industrial device that does not use encrypted communication. Can be mixed with the combination of.

According to one aspect of the present invention, the communication system includes three or more industrial devices capable of synchronous communication, and a combination of industrial devices for encrypted communication by the first encryption method and a second encryption. It is possible to mix with a combination of industrial equipment that performs encrypted communication by the method.

According to one aspect of the present invention, the plurality of industrial devices that perform communication have a second control circuit for performing encrypted communication, in addition to the first control circuit for controlling the device connected to itself. At least the encryption unit and the decryption unit are realized by the second control circuit.

According to one aspect of the present invention, the communication system relates to a determination unit for determining whether or not the network configuration of the communication system has been changed, and for encrypted communication when it is determined that the network configuration has been changed. It has a setting unit for setting.

According to one aspect of the present invention, a plurality of industrial devices that perform communication can use at least one encryption method, and the communication system is based on a encryption method that is common to the plurality of industrial devices that perform communication. It has a determination unit that determines the encryption method used in encrypted communication.

According to one aspect of the present invention, when there are a plurality of encryption methods common to a plurality of industrial devices that perform communication, the determination unit encrypts the encryption based on the priority determined for each of the plurality of encryption methods. Determine the encryption method to be used in the communication.

According to one aspect of the present invention, a plurality of industrial devices that communicate do not perform encrypted communication when debugging is performed.

According to one aspect of the present invention, the plurality of industrial devices that perform communication include a master device and a slave device that operates based on a command from the master device, and the master device and the slave. The device has the encryption unit, the transmission unit, the reception unit, and the decryption unit.

According to the above invention, for example, security in a communication system including a plurality of industrial devices capable of synchronous communication can be enhanced.

It is a figure which shows an example of the whole structure of the communication system which concerns on embodiment. It is a functional block diagram which shows the function realized by the communication system. It is a figure which shows the data storage example of model data. It is a figure which shows the data storage example of the setting data. It is a flow chart which shows the configuration process. It is a flow chart which shows the motor control processing. It is a figure which shows the data storage example of the type data. It is a functional block diagram of the modification (1). It is a figure which shows the data storage example of priority data.

[1. Embodiment 1]
From the point of view of the inventor of the present invention, in a communication system including a plurality of industrial devices capable of synchronous communication, a malicious third party may rewrite or snoop data on the network. However, in the conventional communication system, all the data in the communication system is exchanged in plain text, so that the security cannot be sufficiently ensured. Therefore, the inventor of the present invention has devised a new and original communication system as a result of diligent research and development in order to enhance security in a communication system including a plurality of industrial devices capable of synchronous communication. Hereinafter, the communication system and the like according to the present embodiment will be described in detail.

[1-1. Overall configuration of communication system]
FIG. 1 is a diagram showing an example of the overall configuration of the communication system according to the embodiment. As shown in FIG. 1, the communication system 1 includes a controller 10, motor control devices 20A to 20D, motors 30A to 30D, sensors 40A to 40D, and encoders 50A to 50D. Hereinafter, when it is not necessary to distinguish each of the motor control devices 20A to 20D, the motors 30A to 30D, the sensors 40A to 40D, and the encoders 50A to 50D, the motor control device 20, the motor 30, the sensor 40, and the encoder are simply used. It is described as 50.

The controller 10 is a device that controls the motor control device 20. In the present embodiment, the case where the controller 10 controls four motor control devices 20 will be described, but the number of motor control devices 20 controlled by the controller 10 may be any number, for example, one. There may be two, three, or five or more. Further, for example, not only the motor control device 20 but also sensors or input / output devices may be connected to the controller 10. Further, for example, the communication system 1 may include a plurality of controllers 10.

For example, the controller 10 includes a CPU 11, a storage unit 12, and a communication unit 13. The CPU 11 includes at least one processor. The storage unit 12 includes a RAM, an EEPROM, and a hard disk, and stores various programs and data. The CPU 11 executes various processes based on these programs and data. The communication unit 13 includes a communication interface such as a network card and various communication connectors, and communicates with other devices.

The motor control device 20 is a device that controls the motor 30. The motor control device 20 is sometimes called a servo amplifier or a servo pack (registered trademark). In the present embodiment, the case where the motor control device 20 controls one motor 30 will be described, but the motor control device 20 may control a plurality of motors 30. Further, not only the motor 30, the sensor 40, and the encoder 50 but also input / output devices and the like may be connected to the motor control device 20. The motor control device 20 controls the voltage with respect to the motor 30 connected by the power line based on the command received from the controller 10. The motor 30 may be of a rotary type or a linear type.

For example, the motor control device 20A includes a CPU 21A, a storage unit 22A, a communication unit 23A, and an SOC (System On Chip) 24A. The physical configurations of the CPU 21A, the storage unit 22A, and the communication unit 23A are the same as those of the CPU 11, the storage unit 12, and the communication unit 13.

The SOC24A is a circuit in which functions of a specific purpose are integrated on a chip. In the present embodiment, the SOC24A is a circuit specialized for encrypted communication, and includes, for example, a CPU 240A and an encryption chip 241B. The physical configuration of the CPU 240A is the same as that of the CPU 11, and for example, firmware for encrypted communication is deployed. The encryption chip 241B includes, for example, a memory for storing a key and an arithmetic circuit for executing an arithmetic specialized for a specific encryption method. The encryption chip 241B executes the encryption and decryption operations based on the key stored in the memory according to the instruction of the CPU 240A.

The SOC 24A may be built in at the time of manufacturing the motor control device 20A, or the user may install the SOC 24A after purchasing the motor control device 20A. Further, for example, the SOC 24A may not be built in the housing of the motor control device 20A, but may be externally attached by using an input / output unit such as a USB terminal. Further, the physical configuration of the SOC24A is not limited to the example described above, and may have a configuration capable of performing encryption and decryption operations. For example, the SOC 24A may have a sub CPU instead of the encryption chip 241A, and the CPU may execute encryption and decryption operations. Further, for example, the CPU 240A may execute the encryption and decryption operations without preparing the encryption chip 241A.

The physical configuration of the motor control devices 20B and 20D is the same as that of the motor control device 20A. That is, the physical configurations of the CPU 21B, 21D, the storage units 22B, 22D, the communication units 23B, 23D, and the SOC 24B, 24D are the same as those of the CPU 21A, the storage unit 22A, the communication unit 23A, and the SOC 24A. The motor control device 20C includes a CPU 21C, a storage unit 22C, and a communication unit 23C. The physical configuration of each of these is the same as that of the CPU 21A, the storage unit 22A, and the communication unit 23A. However, the motor control device 20C does not support encrypted communication and does not have an SOC. In the following description, when the individual configurations included in the motor control device 20 are not distinguished, the alphabetic symbols at the end are omitted, such as the CPU 21, the storage unit 22, the communication unit 23, and the SOC 24.

The CPU 21 of the motor control device 20 is an example of a first control circuit for controlling a device connected to itself, and the SOC 24 is an example of a second control circuit for performing encrypted communication. .. The control circuit is a circuit board created for performing arbitrary calculations, and may be capable of executing general-purpose processing such as CPU21, or is specialized for processing for a specific purpose such as SOC24. It may be. In general, the motor control device 20 is often equipped with a CPU 21 having the minimum necessary performance in order to reduce costs. In this case, the calculation processing of the encrypted communication may not be tolerated (a delay occurs in the processing). Therefore, in the present embodiment, the SOC 24 is mounted on the motor control device 20, but the CPU 21 is sufficient. If it has the performance, the CPU 21 may execute the calculation process of the encrypted communication without mounting the SOC 24.

The sensor 40 detects the operating status of the motor control device 20 or the motor 30. The sensor 40 may be a sensor capable of detecting a physical quantity, and may be, for example, a torque sensor, a temperature sensor, a force sensor, a motion sensor, or the like. The encoder 50 is a device that detects the position or speed of the motor 30, and is, for example, an optical or magnetic motor encoder. The encoder 50 is also a type of sensor. The motor control device 20 transmits the physical quantity detected by the sensor 40 and the feedback speed detected by the encoder 50 to the controller 10 at an arbitrary timing.

The programs and data described as being stored in each of the controller 10 and the motor control device 20 may be supplied via the network N, the Internet, or the like. Further, the hardware configurations of the controller 10 and the motor control device 20 are not limited to the above examples, and various hardware can be applied. For example, a reading unit (for example, an optical disk drive or a memory card slot) for reading a computer-readable information storage medium or an input / output unit (for example, a USB terminal) for directly connecting to an external device may be included. .. In this case, the program or data stored in the information storage medium may be supplied via the reading unit or the input / output unit. Further, for example, each of the controller 10 and the motor control device 20 may have an integrated circuit (ASIC) for a specific application such as motor control. For example, with respect to the SOC 24, the hardware configuration of the circuit such as the configuration as the SOC and the configuration of the CPU and the ASIC can be appropriately set.

[1-2. Overview of communication system]
In the communication system 1, the controller 10 and the motor control device 20 communicate with each other. Each of the controller 10 and the motor control device 20 is an example of industrial equipment. Therefore, the portion described as the controller 10 or the motor control device 20 in the present embodiment can be read as an industrial device.

Industrial equipment is a general term for equipment that assists or acts on behalf of human work and its peripheral equipment. For example, in addition to the controller 10 and the motor control device 20, a robot controller, an industrial robot, an inverter, a converter, a machine tool, a PLC, or the like correspond to industrial equipment.

In the present embodiment, a case where a plurality of industrial devices that perform communication include a master device and a slave device that operates based on a command from the master device will be described. In particular, the relationship between the master and the slave will be described. It is not necessary to have. In other words, there does not have to be a master-slave relationship or a hierarchical relationship between industrial equipment.

A master device is a device that controls a slave device and transmits a command to the slave device. In other words, the master device is a device that acquires the operating state from the slave device. A slave device is a device that operates based on a command from a master device, and is a device controlled by the master device. In other words, a slave device is a device that transmits its own operating state to the master device. In this embodiment, the controller 10 corresponds to the master device, and the motor control device 20 corresponds to the slave device.

The controller 10 transmits a command to the motor control device 20, and the motor control device 20 operates the motor 30 based on the command. The controller 10 and the motor control device 20 are connected by a network N, which is a so-called field network, and communication is performed using an arbitrary communication protocol. In the communication system 1 of the present embodiment, each of the controller 10 and the motor control device 20 (an example of a plurality of industrial devices) can perform synchronous communication.

Synchronous communication is a communication method that matches the timing at which the transmitting device transmits data and the timing at which the receiving device receives data. In synchronous communication, in principle, no other processing is executed from the time when the data communication request is transmitted until the time when the response is received. Therefore, the transmitting device waits for receiving the response after transmitting the data to the receiving device. When the receiving device receives data from the transmitting device, it immediately executes the process and returns the processing result as a response to the transmitting device. When the device on the transmitting side receives the processing result, it shifts to the next processing. When synchronous communication is not performed, communication is performed using asynchronous communication.

Asynchronous communication is a communication method in which communication is performed without matching the timing at which the transmitting device transmits data and the timing at which the receiving device receives data. In asynchronous communication, other processing can be executed between the time when a data communication request is transmitted and the time when a response is received. Therefore, in asynchronous communication, the transmitting device can execute other processing between the time when the data is transmitted to the receiving device and the time when the response is received. Further, in asynchronous communication, the receiving device does not always execute the process immediately even if the data is received from the transmitting device. The device on the receiving side waits for the execution of the process until a predetermined condition is satisfied, or preferentially executes the synchronous communication process.

Synchronous communication is possible when the network environment and communication protocol that can use synchronous communication are in place. The controller 10 and the motor control device 20 do not necessarily have to perform synchronous communication in all communication, and synchronous communication and asynchronous communication may be used in combination, or a communication method other than synchronous communication may be used. In other words, although the controller 10 and the motor control device 20 can use synchronous communication as the network environment and communication protocol, they may dare to use other communication methods without using synchronous communication.

In the present embodiment, each of the controller 10 and the motor control device 20 is capable of encrypted communication. Encrypted communication is a communication method in which data is encrypted. As the encryption method itself, various encryption methods can be used. For example, a common key cryptosystem such as DES or FEAL may be used, or a public key cryptosystem such as RSA or DSA may be used.

Encrypted communication is possible when the network environment and communication protocol that can use encrypted communication are in place. The controller 10 and the motor control device 20 do not necessarily have to perform encrypted communication in all communications, and encrypted communication and unencrypted communication may be used in combination. The non-encrypted communication is a method that does not use encrypted communication, and is a method of communicating in plain text without encryption. In other words, the controller 10 and the motor control device 20 can use encrypted communication as the network environment and communication protocol, but may dare to use unencrypted communication.

In the present embodiment, the controller 10 supports encrypted communication, but the motor control device 20 includes a model that supports encrypted communication and a model that does not support encrypted communication. The case will be described. That is, the communication system 1 may include only a model that supports encrypted communication, but in the present embodiment, a model that supports encrypted communication and a model that supports encrypted communication are supported. A case where a model that does not exist and a model that does not exist are mixed in the communication system 1 will be described.

For example, the motor control devices 20A, 20B, and 20D are models that support encrypted communication and have an SOC 24, but the motor control device 20C is a model that does not support encrypted communication, and the SOC 24 is used. I don't have it. Therefore, encrypted communication can be used for communication between the controller 10 and the motor control devices 20A, 20B, and 20D, but encrypted communication cannot be used for communication between the controller 10 and the motor control device 20C. , All done in plain text.

Further, for example, the encryption methods of the motor control devices 20A, 20B, and 20D are the same as each other, and only a single encryption method may be used. However, in the present embodiment, a case where a plurality of encryption methods are mixed will be described. .. For example, the motor control devices 20A and 20B use DES to perform encrypted communication with the controller 10, and the motor control device 20D uses RSA to perform encrypted communication with the controller 10. It is assumed that the controller 10 can support these a plurality of encryption methods. Further, even if the same encryption method is used, methods having different numbers of bits (encryption strength) may be mixed. For example, 64-bit DES and 128-bit DES may be mixed.

As described above, in the present embodiment, by realizing encrypted communication between the controller 10 and the motor control device 20, the security in the communication system 1 including the controller 10 capable of synchronous communication and the motor control device 20 is enhanced. It has become like. Hereinafter, the details of the communication system 1 will be described.

[1-3. Functions realized by communication systems]
FIG. 2 is a functional block diagram showing the functions realized by the communication system 1. Here, the functions realized in each of the controller 10 and the motor control device 20 will be described. Since the motor control devices 20A, 20B, and 20D have the same functions, they are shown together in FIG. 2.

[1-3-1. Functions realized in the controller]
As shown in FIG. 2, in the controller 10, a data storage unit 100, a determination unit 101, a setting unit 102, an encryption unit 103, a transmission unit 104, a reception unit 105, and a decryption unit 106 are realized. The data storage unit 100 is mainly realized by the storage unit 12, and the determination unit 101, the setting unit 102, the encryption unit 103, the transmission unit 104, the reception unit 105, and the decryption unit 106 are mainly realized by the CPU 11.

[Data storage]
The data storage unit 100 stores data necessary for communication. For example, the data storage unit 100 includes model data DT1 in which the correspondence status of encrypted communication is shown for each model of the motor control device 20, and setting data DT2 in which the setting contents of encrypted communication are shown for each model of the motor control device 20. And remember.

FIG. 3 is a diagram showing a data storage example of the model data DT1. As shown in FIG. 3, the model data DT1 shows the model of the motor control device 20, whether or not encrypted communication is possible, and the encryption method. The model is a type of motor control device 20, and is sometimes called a model or model number. The model may be indicated by a symbol string specified by the manufacturer of the motor control device 20, or may be indicated by a name given to the motor control device 20.

Whether or not encrypted communication is possible depends on whether or not encrypted communication is possible. In this embodiment, it is assumed that the types of encryption methods supported are shown for the models capable of encrypted communication, but when the same type of encryption is used for all models, only the availability of encrypted communication is indicated. May be shown. The model data DT1 may be downloaded by the manufacturer or created by the user. Note that the model data DT1 does not have to particularly indicate whether or not encrypted communication is possible, and may only show a list of models that support encrypted communication. On the contrary, the model data DT1 may show a list of models that do not support encrypted communication.

In the data storage example of FIG. 3, the model "X1" corresponds to DES, and the model "X2" corresponds to RSA and DES. The model "X3" supports RSA, and the model "X4" does not support encrypted communication. For example, the motor control devices 20A and 20B are model "X1" and correspond to DES. Further, for example, the motor control device 20C is a model "X4" and does not support encrypted communication. Further, for example, the motor control device 20D is a model "X3" and is compatible with RSA.

In FIG. 3, only the encryption method is shown in the model data DT1, but for example, the number of available bits may also be shown in the model data DT1. Further, for example, the model data DT1 may show only the models of a single manufacturer, or may indicate the models of a plurality of manufacturers. Further, for example, not only a specific manufacturer but also a plurality of manufacturers may be able to support encrypted communication. In this case, different model data DT1 may be prepared for each manufacturer.

FIG. 4 is a diagram showing a data storage example of the setting data DT2. As shown in FIG. 4, the setting data DT2 shows whether or not encrypted communication is used, the encryption method to be used, and the key to be used for each communication partner (that is, the motor control device 20) of the controller 10. A key is information used in at least one of encryption and decryption. For example, in the case of a common key encryption method, it is a common key used in both encryption and decryption, and it may be a public key encryption method. For example, it is a public key used for encryption and a private key used for decryption. The key may be generated by a predetermined key generation algorithm, or may be an arbitrary symbol string input by the user.

In the data storage example of FIG. 4, it is shown that DES encrypted communication is performed between the controller 10 and the motor control devices 20A and 20B by using the key "Y1". The key used by the motor control device 20A and the key used by the motor control device 20B may be the same or different. Further, for example, it is shown that encrypted communication is not performed between the controller 10 and the motor control device 20C. Further, for example, it is shown that RSA encrypted communication is performed between the controller 10 and the motor control device 20D by using the key "Y2" (a set of a public key and a private key).

In the present embodiment, the case where the key used in the encrypted communication is stored in the data storage unit 100 in advance will be described. However, the key is generated on the spot by using a random number or the like, and the controller 10 and the motor control device are used. It may be exchanged with 20. The data storage unit 100 may store at least one encryption method key, for example, may store only one encryption method key, or may store each key of a plurality of encryption methods. good. Further, the data storage unit 100 may store at least one key for a certain encryption method. For example, only one key common to a plurality of communication partners may be stored, and the data storage unit 100 may be used properly depending on the communication partner. You may store multiple keys in.

The data stored by the data storage unit 100 is not limited to the above example. For example, the data storage unit 100 stores a cryptographic algorithm used in encrypted communication. In the present embodiment, the encryption algorithm includes an encryption calculation formula and a decryption calculation formula, but the encryption calculation formula and the decryption calculation formula may be separate as data. In addition, for example, the data storage unit 100 may store device information described later, or may store the IP address of the motor control device 20. Further, for example, the data storage unit 200 may store a program or parameter in which commands to the motor control device 20 are shown in time series, or store response data, trace data, and the like received from the motor control device 20. You may.

[Judgment unit]
The determination unit 101 determines whether or not the network configuration of the communication system 1 has been changed. The network configuration is a configuration of industrial equipment connected to network N (configuration of industrial equipment included in communication system 1), and may mean, for example, the industrial equipment itself or a hardware configuration of industrial equipment (configuration of industrial equipment). (Part configuration) may be used. What industrial equipment is connected to the network N is an example of a network configuration. Further, what kind of hardware configuration (for example, communication interface performance, presence / absence of SOC24, etc.) the industrial equipment connected to the network N has is an example of the network configuration.

For example, the determination unit 101 determines that the network configuration has been changed when the industrial equipment is added, excluded, or replaced. Further, for example, the determination unit 101 does not add, exclude, or replace the industrial equipment itself, but when the hardware configuration of the industrial equipment is added, excluded, or replaced (for example, the communication interface is replaced or the SOC24 is replaced). When it is added), it is determined that the network configuration has been changed.

In the present embodiment, when the network configuration is changed, the user performs a predetermined change operation. Therefore, the determination unit 101 determines whether or not the network configuration has been changed by determining whether or not the change operation has been performed. The change operation may be a predetermined operation performed by the user when the network configuration is changed. For example, the user connects a personal computer or the like in which an engineering tool is installed to the controller 10 and performs a change operation.

When the user performs the change operation, the data storage unit 100 of the controller 10 records that the change operation has been performed by using information such as a flag. The information indicates whether or not the change operation has been performed, and becomes the first value when the change operation is performed, and becomes the second value when the change operation is not performed. The determination unit 101 executes the determination process by referring to the information. The determination unit 101 does not determine that the network configuration has been changed when the change operation has not been performed, and determines that the network configuration has been changed when the change operation has been performed.

The determination method of the determination unit 101 is not limited to the above example. Instead of manually instructing the user to change the network configuration, the determination unit 101 may execute the determination process using the information received from the motor control device 20 connected to the network N. For example, the determination unit 101 executes the determination process based on the device information acquired at the time of configuration or power-on.

The device information is information indicating a device connected to the network N, and is, for example, a device name, a model, a serial number, an IP address, or the like. The device information is stored in the device connected to the network N. The device information may indicate the hardware configuration of the device, for example, the type and performance of the CPU 21, or the presence or absence of the SOC 24. The controller 10 records the device information acquired in the past in the data storage unit 100, and the determination unit 101 says that the network configuration has been changed if the latest device information and the past device information match. If they do not match, it is determined that the network configuration has been changed.

Alternatively, for example, the motor control device 20 newly added to the network N or the motor control device 20 whose hardware configuration has been changed may voluntarily send a predetermined notification to the controller 10. In this case, the determination unit 101 determines whether or not the network configuration has been changed by determining whether or not the predetermined notification has been received.

[Settings]
The setting unit 102 makes settings related to encrypted communication for each combination of industrial devices that perform communication. The setting related to the encrypted communication may be performed regardless of the model, but in the present embodiment, the setting unit 102 is based on the model of the industrial device included in the combination for each combination of the industrial devices to be communicated. , Make settings related to encrypted communication.

The combination of industrial equipment that performs communication is a group of a plurality of industrial equipment that transmits and receives data, and if communication is performed between the controller 10 and the motor control device 20 as in the present embodiment, the industrial equipment It is a pair. In other words, the combination of industrial equipment that performs communication is the combination of the equipment on the data transmitting side and the equipment on the receiving side. In the present embodiment, since the controller 10 which is a master device and the motor control device 20 which is a slave device communicate with each other, the combination of the industrial devices that perform communication is the combination of the master device and the slave device. Further, in the present embodiment, since the setting unit 102 is realized in the controller 10, the setting unit 102 sets the encryption for each of the motor control devices 20 that are the communication partners of the controller 10. The setting unit 102 may not set all the motor control devices 20 in the network N, but may set only some of the motor control devices 20.

The setting related to the encrypted communication means at least one of the setting of whether or not to use the encrypted communication, the setting of the encryption method to be used, and the setting of the key to be used. The setting of the encryption method to be used may mean the type of the encryption method to be used, or may mean the number of bits of the encryption method to be used. In the present embodiment, the setting unit 102 describes a case where the setting unit 102 sets by recording each of the determination result of whether or not to use the encrypted communication, the encryption method to be used, and the key to be used in the setting data DT2. However, the setting contents may be retained in other data.

In the present embodiment, the model is indicated in the device information received by the controller 10 from the motor control device 20, and the setting unit 102 identifies the model by referring to the device information and sets the encrypted communication. As will be described, the model may be acquired by any method. For example, the user may input using a personal computer or the like to input the model of the motor control device 20, and in this case, the setting unit 102 specifies the model with reference to the model input by the user. In addition, for example, the controller 10 may request the motor control device 20 only for model information in addition to device information.

The relationship between the model and the set contents is stored in the data storage unit 100, and in the present embodiment, this relationship is shown in the model data DT1. This relationship may be defined in addition to the model data DT1, and may be shown as part of a program code (algorithm), or may be shown in a format such as a mathematical formula or a table. The setting unit 102 makes settings related to encrypted communication based on the setting contents associated with the model of the motor control device 20 with reference to the above relationship. For example, the setting unit 102 refers to the model data DT1 and specifies the setting contents associated with the model of the motor control device 20. The setting unit 102 sets the motor control device 20 by associating the specified setting contents and storing the specified setting contents in the setting data DT2.

In the present embodiment, the setting unit 102 sets the encrypted communication of the plurality of motor control devices 20 when it is determined that the network configuration has been changed. In other words, the setting unit 102 makes settings related to encrypted communication on condition that it is determined that the network configuration has been changed. The setting unit 102 does not make settings related to encrypted communication when it is not determined that the network configuration has been changed, and makes settings related to encrypted communication when it is determined that the network configuration has been changed.

Note that the setting unit 102 may make settings related to encrypted communication at other timings, not when the network configuration is changed. For example, the setting unit 102 may be set at the time of power-on or at the time of configuration. Further, for example, the setting unit 102 may be set when the user performs a predetermined operation from a personal computer or the like, or may be set periodically when a predetermined time arrives.

Further, the setting unit 102 may make settings related to encrypted communication based on information other than the model of the motor control device 20. For example, the setting unit 102 may make settings related to encrypted communication based on the role, performance, or serial number of the motor control device 20. Further, for example, the setting unit 102 may make settings related to encrypted communication based on the physical configuration of the motor control device 20 (for example, the presence / absence of the SOC 24). Alternatively, for example, the setting unit 102 may make common settings for all the motor control devices 20 regardless of the model of the motor control device 20, so that the same key of the same encryption method can be used.

[Encryption section]
The encryption unit 103 encrypts the transmitted data. The transmission data is data to be transmitted from the viewpoint of the device on the transmitting side. In the case of the controller 10, the transmission data is command data indicating a command to the motor control device 20. The command data includes parameters such as the content of the command and the output to the motor 30. The encryption unit 103 encrypts the transmitted data based on the key and the encryption algorithm stored in the data storage unit 100. As the encryption method itself, a known method may be used.

The communication system 1 of the present embodiment includes three or more industrial devices capable of synchronous communication, and is a combination of industrial devices that utilize encrypted communication (for example, a controller 10 and motor control devices 20A, 20B, 20D). ) And a combination of industrial equipment that does not use encrypted communication (for example, the controller 10 and the motor control device 20C) can be mixed. The term "mixable" here means a state in which an encrypted communication group and an unencrypted communication group can be included, and both of them do not necessarily have to be included. For example, the encryption unit 103 encrypts the transmission data when communicating with the motor control device 20 that uses encrypted communication, and encrypts the transmission data when communicating with the motor control device 20 that does not use encrypted communication. do not.

In the present embodiment, which motor control device 20 uses the encrypted communication is set by the setting unit 102. Therefore, the encryption unit 103 performs the encrypted communication based on the setting result of the setting unit 102. The motor control device 20 to be used and the motor control device 20 not to use encrypted communication are specified. For example, the encryption unit 103 refers to the setting data DT2, identifies the presence / absence of encrypted communication of the transmission destination motor control device 20, and determines whether or not to encrypt the transmission data.

Further, the communication system 1 of the present embodiment includes three or more industrial devices capable of synchronous communication, and is a combination of industrial devices that perform encrypted communication by the first encryption method (for example, controller 10 and motor control). The devices 20A and 20B) and a combination of industrial devices (for example, the controller 10 and the motor control device 20D) that perform encrypted communication by the second encryption method can be mixed. The term "mixable" here means a state in which a group using the first encryption method and a group using the second encryption method can be included, and both of them do not necessarily have to be included. No. The first encryption method and the second encryption method may be different from each other. For example, the encryption method logic itself may be different such as DES and RSA, and the encryption method logic itself is the same. The number of bits used by may be different. For example, the encryption unit 103 encrypts the transmission data based on the encryption method set in the motor control device 20 to which the transmission data is transmitted.

Since which motor control device 20 uses which encryption method and key is set by the setting unit 102, the encryption unit 103 determines the encryption method and key to be used based on the setting result of the setting unit 102. Identify. For example, the encryption unit 103 refers to the setting data DT2, specifies the encryption method and key of the transmission destination motor control device 20, and encrypts the transmission data based on the specified encryption method and key.

[Transmitter]
The transmission unit 104 transmits transmission data to other industrial equipment. The other industrial equipment here is the industrial equipment of the communication partner (industrial equipment to which the transmission data is transmitted), and in the present embodiment, the motor control device 20 that sends a command. The transmission unit 104 transmits encrypted transmission data to the motor control device 20 that uses encrypted communication, and unencrypted plaintext transmission data to the motor control device 20 that does not use encrypted communication. To send.

[Receiver]
The receiving unit 105 receives the encrypted received data from other industrial equipment. The other industrial equipment here is the industrial equipment of the communication partner (industrial equipment of the source of the received data), and in the present embodiment, the motor control device 20 that has sent a command. The received data is data to be received from the viewpoint of the device on the receiving side. In the case of the controller 10, the received data is response data indicating a response from the motor control device 20. For example, the response data shows the operation result of the motor control device 20 in response to the command. The receiving unit 105 receives encrypted reception data from the motor control device 20 that uses encrypted communication, and transmits plain text reception data from the motor control device 20 that does not use encrypted communication.

[Decoding section]
The decoding unit 106 decodes the received data. The decryption unit 106 decrypts the received data based on the key and the encryption algorithm stored in the data storage unit 100. As the decoding method itself, a known method may be used.

The decoding unit 106 decodes the received data when communicating with the motor control device 20 that uses encrypted communication, and decodes the received data because the received data is plaintext when communicating with the motor control device 20 that does not use encrypted communication. do not. Since which motor control device 20 uses encrypted communication is set by the setting unit 102, the encryption unit 103 is a motor control device that uses encrypted communication based on the setting result of the setting unit 102. 20 and a motor control device 20 that does not use encrypted communication are specified. For example, the decoding unit 106 refers to the setting data DT2, identifies the presence / absence of encrypted communication of the motor control device 20 of the transmission source, and determines whether or not to decrypt the received data.

Further, in the present embodiment, since a plurality of encryption methods can be mixed, the decoding unit 106 decrypts the received data based on the encryption method and the key set in the motor control device 20 that is the source of the received data. .. Since which motor control device 20 uses which encryption method and key is set by the setting unit 102, the decoding unit 106 determines the encryption method and key to be used based on the setting result of the setting unit 102. Identify. For example, the decoding unit 106 refers to the setting data DT2, specifies the encryption method and key of the motor control device 20 of the transmission source, and decodes the received data based on the specified encryption method and key.

[1-3-2. Functions realized in motor control devices]
As shown in FIG. 2, in the motor control devices 20A, 20B, 20D, the data storage unit 200, the encryption unit 201, the transmission unit 202, the reception unit 203, and the decryption unit 204 are realized. On the other hand, since the motor control device 20C does not use encrypted communication, the encryption unit 201 and the decryption unit 204 are not realized, and the data storage unit 200, the transmission unit 202, and the reception unit 203 are realized.

The data storage unit 200 is mainly realized by the memory in the storage unit 22 and the SOC 24. The encryption unit 201 and the decryption unit 204 may be realized mainly by the CPU 21, but in the present embodiment, the SOC 24 is mainly realized. The transmitting unit 202 and the receiving unit 203 may mainly realize the SOC 24, but in the present embodiment, the CPU 21 is mainly realized. At least the encryption unit 201 and the decryption unit 204 may be realized by the SOC 24 which is an example of the second control circuit, and other configurations may be realized by the SOC 24.

[Data storage]
The data storage unit 200 stores data necessary for communication. For example, the data storage unit 200 stores a key used in encrypted communication and an encryption algorithm. The data storage unit 200 may store a plurality of keys for a certain encryption method. When corresponding to a plurality of encryption methods, the data storage unit 200 may store the key for each encryption method or may store the key common to the plurality of encryption methods. Further, when corresponding to a plurality of encryption methods, the data storage unit 200 stores the encryption algorithm for each encryption method. The key may be stored in the data storage unit 200 in advance, or may be distributed by the controller 10.

The data stored by the data storage unit 200 is not limited to the above example. For example, the data storage unit 200 may store information indicating the encryption method corresponding to the motor control device 20, or may store device information. Further, for example, the data storage unit 200 may store the serial number and the model information separately from the device information, or may store the IP address of the controller 10. Further, for example, the data storage unit 200 may store a program or parameters for controlling the motor 30.

[Encryption section]
The encryption unit 201 encrypts the transmitted data. The transmitted data here is received data when viewed from the controller 10. In the case of the motor control device 20, the transmission data is a response to the motor control device 20. In the transmission data, physical quantities based on the detection signals of the sensor 40A and the encoder 50A are stored, and trace data or the like in which the operation status is stored in time series is stored. The encryption unit 201 encrypts the transmitted data based on the key and the encryption algorithm stored in the data storage unit 200. As the encryption method itself, a known method may be used.

[Transmitter]
The transmission unit 202 transmits transmission data to other industrial equipment. The other industrial equipment here is the industrial equipment of the communication partner (industrial equipment to which the transmission data is transmitted), and in the present embodiment, the controller 10 that sends a response. The transmission unit 202 of the motor control devices 20A, 20B, and 20D transmits encrypted transmission data to the controller 10, and the transmission unit 202 of the motor control device 20C transmits plain text transmission data to the controller 10.

[Receiver]
The receiving unit 203 receives received data from other industrial equipment. The other industrial equipment here is an industrial equipment of a communication partner (an industrial equipment of a source of received data), and in the present embodiment, is a controller 10 that sends a command. Further, the received data here is transmission data when viewed from the controller 10. The receiving unit 203 of the motor control devices 20A, 20B, and 20D receives the encrypted reception data from the controller 10, and the receiving unit 203 of the motor control device 20C transmits the plaintext reception data from the controller 10.

[Decoding section]
The decoding unit 204 decodes the received data. The decryption unit 204 decodes the received data based on the key and the encryption algorithm stored in the data storage unit 200. As the decoding method itself, a known method may be used.

[1-4. Processing executed by the communication system]
Next, the processing executed by the communication system 1 will be described. Here, as an example of the processing executed in the communication system 1, the configuration processing for setting the encrypted communication and the motor control processing for controlling the motor 30 will be described. The process described below is an example of the process executed by the functional block shown in FIG.

[Configuration processing]
FIG. 5 is a flow chart showing the configuration process. The configuration process is executed by the CPUs 11 and 21 operating according to the programs stored in the storage units 12 and 22, respectively. The communication in the configuration process may be synchronous communication or asynchronous communication.

As shown in FIG. 5, first, in the controller 10, the CPU 11 determines whether or not the network configuration has been changed (S100). The method for determining whether or not the network configuration has been changed is as described above. For example, the CPU 11 determines whether or not the change operation performed when the user changes the network configuration has been performed. In S100, it can be said that the necessity of executing the configuration is determined.

If it is not determined that the network configuration has been changed (S100; N), this process ends. In this case, since it is not necessary to change the setting data DT2, communication between the controller 10 and the motor control device 20 is performed based on the existing setting data DT2. If the setting data DT2 does not exist in the storage unit 12, the processing of S100 may be omitted and the processing of S101 to S105 may be executed.

On the other hand, when it is determined that the network configuration has been changed (S100; Y), the CPU 11 requests device information from the entire network N (S101). In S101, the CPU 11 transmits a command to transmit the device information to the broadcast address. All the devices connected to the network N transmit their own device information in response to the command, and the controller 10 can know what device is connected to the network N.

The motor control device 20 receives the request for device information (S102), and the CPU 21 transmits its own device information to the controller 10 (S103). The device information is stored in the storage unit 22 in advance, and in S103, the CPU 21 reads and transmits the device information stored in the storage unit 22.

The controller 10 receives device information from each motor control device 20 (S104), and the CPU 11 sets the encrypted communication of each motor control device 20 based on the device information and the model data DT1 (S105). ), This process ends. In S105, the CPU 11 identifies the device name and the model with reference to the device information, associates the device name with the setting contents associated with the specified model, and stores the encryption in the setting data DT2. Make settings related to communication. By executing the process of S105, the presence / absence of use of encrypted communication, the encryption method to be used, and the key to be used are set for each motor control device 20.

[Motor control processing]
FIG. 6 is a flow chart showing the motor control process. The motor control process is executed by the CPUs 11 and 21 operating according to the programs stored in the storage units 12 and 22, respectively, and the SOC 24 operating according to the firmware stored in itself. The communication in the motor control process may be synchronous communication or asynchronous communication.

As shown in FIG. 6, first, in the controller 10, the CPU 11 generates command data for the motor control device 20 based on the programs and parameters stored in the storage unit 12 (S200). The command data generated in S200 is transmission data when viewed from the controller 10, and reception data when viewed from the motor control device 20.

The CPU 11 specifies the setting related to the encrypted communication of the motor control device 20 to which the command data is transmitted, based on the setting data DT2 set by the configuration process (S201). In S201, the CPU 11 refers to the setting data DT2 and acquires the setting contents associated with the transmission destination motor control device 20. In the present embodiment, since encrypted communication is performed between the controller 10 and the motor control devices 20A, 20B, and 20D, the processes S202 to S211 described later are executed, and the process between the controller 10 and the motor control device 20C is executed. Then, since the unencrypted communication is performed, the processes S212 to S217 described later are executed.

When the destination motor control device 20 uses encrypted communication (S201; encrypted communication), that is, when the destination is the motor control devices 20A, 20B, 20D, the CPU 11 is based on the setting data DT2. The command data is encrypted (S202). In S202, the CPU 11 encrypts the command data based on the encryption method and the key indicated by the setting data DT2. The CPU 11 transmits the command data encrypted in S202 to the transmission destination motor control device 20 (S203).

The motor control devices 20A, 20B, and 20D receive the encrypted command data (S204), and the SOC 24 decodes the command data (S205). In S205, the CPU 240 of the SOC 24 causes the encryption chip 241 to decode the command data, acquires the decoded command data, and sends it to the CPU 21.

The CPU 21 controls the operation of the motor 30 based on the decoded command data (S206). In S206, the CPU 21 controls the output voltage to the motor 30 based on the command data. The CPU 21 generates response data, which is a response to the command data (S207). In S207, the CPU 21 generates response data based on the detection signals of the sensor 40 and the encoder 50, and sends the response data to the SOC 24.

The SOC 24 encrypts the response data generated in S207 (S208). In S208, the encryption chip 241B of the SOC 24 encrypts the response data based on the key stored in itself. The SOC 24 transmits the response data encrypted in S208 to the controller 10 (S209).

The controller 10 receives the encrypted response data (S210), and the CPU 11 decodes the response data (S211). In S211 the CPU 11 acquires the encrypted response data based on the key stored in the storage unit 12 and records it in the storage unit 12.

On the other hand, when the transmission destination motor control device 20 does not use encrypted communication (S201; unencrypted communication), that is, when the transmission destination is the motor control device 20C, the CPU 11 informs the communication partner motor control device 20. , The command data is transmitted in plain text without being encrypted (S212).

The motor control device 20C receives the plaintext command data (S213), and the CPU 21 controls the operation of the motor 30 based on the command data (S214). The process of S214 is the same as the process of S206. Subsequent processing of S215 and S216 are the same as the processing of S207 and the processing of S209. The response data generated in S215 is transmitted in plain text in S216 without being encrypted. The controller 10 receives the plaintext response data (S217). The received response data is recorded in the storage unit 12.

According to the communication system 1 of the first embodiment, in the communication system 1 including a plurality of industrial devices capable of synchronous communication, a plurality of industrial devices communicating with each other encrypt and transmit the transmitted data and decode the received data. This makes it possible to prevent falsification of transmitted data and received data and enhance security. For example, when the motor control device 20 that controls the motor 30 corresponds to an industrial device, if the operation command or operation waveform of the motor 30 is falsified, the motor control may be abnormal, but data falsification is prevented. By doing so, it is possible to prevent the motor control from becoming abnormal.

Further, by setting the encrypted communication for each combination of industrial devices for communication, flexible communication according to the combination of industrial devices for communication becomes possible. For example, if the combination of industrial devices that perform communication includes industrial devices that do not support encrypted communication, the industrial devices that do not support encrypted communication are decrypted by preventing encrypted communication. It is possible to prevent the operation from being hindered. Further, for example, when the strength of encrypted communication (calculation amount of encryption and decryption) is changed according to the performance of the industrial equipment included in the combination of the industrial equipment for communication, the security is improved according to the performance. It is possible to reduce the processing load and improve the processing speed. Further, for example, when the industrial equipment included in the combination of the industrial equipments to communicate is encrypted and communicated by the available encryption method, the encryption and the decryption can be surely performed, which hinders the operation of the industrial equipments. Can be prevented.

Further, for each combination of industrial devices to be communicated, settings related to encrypted communication are made based on the model of the industrial device included in the combination, so that flexible communication according to the model becomes possible. For example, if the combination of industrial devices that perform communication includes industrial devices of a model that does not support encrypted communication, the industry of the model that does not support encrypted communication should be prevented from performing encrypted communication. It is possible to prevent the device from being unable to be decrypted and interfering with its operation. Further, for example, when the strength of encrypted communication (calculation amount of encryption and decryption) is changed according to the performance of the model of the industrial device included in the combination of the industrial devices for communication, the performance of the model is changed. It is possible to improve security, reduce processing load, and improve processing speed. Further, for example, when encrypted communication is performed by an encryption method that can be used by the models of industrial devices included in the combination of industrial devices that perform communication, encryption and decryption can be reliably performed, and a specific model can be used. It is possible to prevent the operation of industrial equipment from being hindered.

Further, in the communication system 1, more flexible communication becomes possible by making it possible to mix a combination of industrial devices that use encrypted communication and a combination of industrial devices that do not use encrypted communication. For example, when an industrial device that supports encrypted communication and an industrial device that does not support encrypted communication are mixed, if all the industrial devices try to perform encrypted communication, the encrypted communication will be performed. Industrial equipment that does not support the data cannot be decrypted, which may interfere with the operation. In this regard, according to the communication system 1, it is possible to prevent the operation of an industrial device that does not support encrypted communication from being hindered by not using the encrypted communication. Further, for industrial devices that can support encrypted communication, security can be ensured by performing encrypted communication.

Further, in the communication system 1, it is possible to mix a combination of industrial devices that perform encrypted communication by the first encryption method and a combination of industrial devices that perform encrypted communication by the second encryption method, which is more flexible. Communication becomes possible. For example, when industrial devices with different performances are mixed and all industrial devices try to perform high-strength encrypted communication, the low-performance industrial devices have a high processing load and may interfere with operation. There is sex. In this regard, according to the communication system 1, high-performance industrial equipment uses a high-strength encryption method with a large amount of calculation, and low-performance industrial equipment uses a low-strength encryption method with a small amount of calculation. It is possible to reduce the processing load of industrial equipment while increasing security.

Further, at least the encryption unit and the decryption unit are provided separately from the first control circuit (for example, CPU 21) for controlling the device connected to the encryption unit, and the second encryption communication is performed. By being realized by a control circuit (for example, SOC24), it is possible to avoid using the first control circuit for encryption and decryption, and it is possible to reduce the processing load. For example, when a second control circuit is externally connected to an industrial device, encrypted communication can be supported without incorporating the second control circuit inside the industrial device.

In addition, when it is determined that the network configuration of the communication system 1 has been changed, by making settings related to encrypted communication of a plurality of industrial devices, encrypted communication according to the latest network configuration is provided, and security is effective. Can be enhanced.

In addition, security can be improved when the master device and the slave device communicate with each other.

[2. Embodiment 2]
In the first embodiment, the case where the presence / absence of encrypted communication and the encryption method are determined according to the model of the motor control device 20 has been described. However, in the communication system 1, if there is data that requires encrypted communication, it is encrypted. Some data does not require cryptographic communication. Therefore, the presence or absence of encrypted communication or the encryption method may be determined according to the type of data. Hereinafter, the second embodiment, which is another embodiment of the communication system 1, will be described. In the second embodiment, the description of the same configuration as that of the first embodiment will be omitted.

In the second embodiment, the data storage unit 100 of the controller 10 stores the type data DT3 indicating the necessity of encrypted communication for each type of data. FIG. 7 is a diagram showing a data storage example of the type data DT3. As shown in FIG. 7, the type data DT3 indicates the type of data and the necessity of encrypted communication. Note that these relationships may be defined in addition to the type data DT3, and may be shown as part of a program code (algorithm), or may be shown in a format such as a mathematical formula or a table. .. The type data DT3 may indicate an encryption method and a key for each type of data.

In the data storage example of FIG. 7, if the operation waveform, operation command, and parameter are stolen or tampered with, the user's know-how may be leaked or the operation of the motor control device 20 may be hindered. Communication is needed. On the other hand, it is said that encrypted communication is not required because the device information has little effect even if it is stolen or falsified. It is assumed that the data storage unit 200 of the motor control device 20 also stores the same type data DT3.

The encryption unit 103 of the controller 10 encrypts the transmission data based on the type of transmission data. In the present embodiment, the encryption unit 103 encrypts the transmission data based on the type data DT3 and the type of transmission data. For example, the encryption unit 103 determines whether or not to encrypt the transmission data based on the type of transmission data. Further, for example, the encryption unit 103 determines the encryption method of the transmission data based on the type of the transmission data. Further, for example, the encryption unit 103 determines the key used for encrypting the transmission data based on the type of the transmission data. Similarly to the encryption unit 103, the encryption unit 201 of the motor control device 20 also encrypts the transmission data based on the type of transmission data.

The decoding unit 106 of the controller 10 decodes the received data based on the type of the received data. In the present embodiment, the decoding unit 106 decodes the received data based on the type data DT3 and the type of the received data. For example, the decoding unit 106 determines whether or not to decode the received data based on the type of the received data. Further, for example, the decryption unit 106 determines the encryption method of the received data based on the type of the received data. Further, for example, the decoding unit 106 determines a key to be used for decoding the received data based on the type of the received data. Similarly to the decoding unit 106, the decoding unit 204 of the motor control device 20 also decodes the received data based on the type of the received data.

In the second embodiment, the motor control process is executed in the same flow as in FIG. 6, but when the command data is generated in S200, is the CPU 11 the data to be encrypted based on the type of the command data? Judge whether or not. If it is determined that the data is to be encrypted, the process proceeds to S201, and the command data is encrypted and transmitted. On the other hand, if it is not determined that the data is to be encrypted, the process proceeds to S212, and the command data is transmitted in plain text.

Further, when the response data is generated in S207 or S215, the CPU 21 determines whether or not the data is encrypted based on the type of the response data. If it is determined that the data is to be encrypted, the process of S208 or S216 is executed, and the response data is encrypted and transmitted. On the other hand, if it is not determined that the data is to be encrypted, the processing of S208 or S216 is not executed, and the response data is transmitted in plain text.

According to the communication system 1 of the second embodiment, the transmitted data is encrypted based on the type of transmitted data, and the received data is decrypted based on the type of received data, thereby encrypting and decrypting according to the type of data. It enables flexible communication according to the model. For example, the importance varies depending on the type of data. Important data needs to be encrypted, and less important data may not need to be encrypted in the first place. In this respect, by encrypting only important data, it is not necessary to encrypt and decrypt less important data, and the processing load of industrial equipment can be reduced. Also, for example, even if all data is encrypted, important data should be encrypted with a high-strength encryption method, and less important data should be encrypted with a low-strength encryption method. Therefore, since a high-strength encryption method that requires complicated calculations is not used for all data, the processing load of industrial equipment can be reduced and the processing speed can be improved.

[3. Embodiment 3]
In the first and second embodiments, the case where the presence / absence of encrypted communication and the encryption method are determined according to the model of the motor control device 20 and the type of data has been described, but it is based on whether or not synchronous communication is used. , The presence or absence of encrypted communication and the encryption method may be determined. Hereinafter, the third embodiment, which is another embodiment of the communication system 1, will be described. In the third embodiment, the description of the same configuration as that of the first and second embodiments will be omitted.

The encryption unit 103 of the controller 10 encrypts the transmission data based on whether or not synchronous communication is used. Whether or not to use synchronous communication shall be described in the program for executing motor control processing, configuration processing, and the like. The encryption unit 103 determines whether or not the transmission data is transmitted by synchronous communication before the transmission data is generated and transmitted. For example, the encryption unit 103 encrypts the transmission data when the transmission data is transmitted by synchronous communication, and does not encrypt the transmission data when the transmission data is not transmitted by synchronous communication. On the contrary, the encryption unit 103 may not encrypt the transmission data when the transmission data is transmitted by the synchronous communication, and may encrypt the transmission data when the transmission data is not transmitted by the synchronous communication. Similarly to the encryption unit 103, the encryption unit 201 of the motor control device 20 also encrypts the transmission data based on whether or not synchronous communication is used.

The decoding unit 106 decodes the received data based on whether or not synchronous communication is used. The decoding unit 106 determines whether or not the received data is received by synchronous communication before or after the received data is received. For example, the decoding unit 106 decodes the received data when the received data is received by synchronous communication, and does not decode the received data when the received data is not transmitted by synchronous communication. On the contrary, the decoding unit 106 may not decrypt the received data when the received data is received by the synchronous communication, and may encrypt the received data when the received data is not received by the synchronous communication. Similarly to the decoding unit 106, the decoding unit 204 of the motor control device 20 also decodes the received data based on whether or not synchronous communication is used.

In the third embodiment, the motor control process is executed in the same flow as in FIG. 6, but when the command data is generated in S200, the CPU 11 determines whether or not to transmit the command data by synchronous communication. For example, when it is determined that the command data is transmitted by synchronous communication, the process proceeds to S201, and the command data is encrypted and transmitted. On the other hand, when it is not determined that the command data is transmitted by synchronous communication, the process proceeds to S212, and the command data is transmitted in plain text.

Further, when the response data is generated in S207 or S215, the CPU 21 determines whether or not to transmit the response data by synchronous communication based on the type of the response data. For example, when it is determined that the response data is transmitted by synchronous communication, the process of S208 or S216 is executed, and the response data is encrypted and transmitted. On the other hand, if it is not determined that the command data is transmitted by synchronous communication, the processing of S208 or S216 is not executed, and the response data is transmitted in plain text.

If it is determined that the command data is transmitted by synchronous communication, the process may shift to S212 and the command data may be transmitted in plain text. On the other hand, if it is not determined that the command data is transmitted by synchronous communication, the process may shift to S201 and the command data may be encrypted and transmitted. Further, when it is determined that the response data is transmitted by synchronous communication, the processing of S208 or S216 may not be executed, and the response data may be transmitted in plain text. On the other hand, if it is not determined that the command data is transmitted by synchronous communication, the process of S208 or S216 may be executed and the response data may be encrypted and transmitted.

According to the communication system 1 of the third embodiment, the communication method is performed by encrypting the transmitted data based on whether or not synchronous communication is used and decoding the received data based on whether or not synchronous communication is used. It is possible to perform encryption and decryption according to the above, and flexible communication according to the communication method becomes possible. For example, when synchronous communication is used, encryption and decryption can be performed, and when asynchronous communication is used, encryption and decryption can be performed. Further, for example, when synchronous communication is used, a low-strength encryption method with a small amount of calculation can be used, and when asynchronous communication is used, a high-strength encryption method with a large amount of calculation can be used. In synchronous communication, when there is no time to send and receive data and there is no clear possibility that the data will be tampered with, this will reduce the processing load of industrial equipment while ensuring security. Alternatively, it is possible to prevent delays in the operation of industrial equipment. Further, for example, contrary to the above, when synchronous communication is used, encryption and decryption can be performed, and when asynchronous communication is used, encryption and decryption can be prevented. Further, for example, when synchronous communication is used, a high-strength encryption method with a large amount of calculation can be used, and when asynchronous communication is used, a low-strength encryption method with a small amount of calculation can be used. In synchronous communication, important data that is directly linked to the operation of the device is often exchanged, and by doing so, falsification of important data can be prevented and security can be ensured. On the other hand, in asynchronous communication, low data that is not so important may be exchanged, and by doing so, the processing load of the industrial equipment can be reduced and the operation of the industrial equipment can be prevented from being delayed. You can also do it.

[4. Modification example]
The present invention is not limited to the embodiments described above. It can be changed as appropriate without departing from the spirit of the present invention.

(1) For example, the encryption methods that can be used may differ depending on the motor control device 20, and the controller 10 may not be able to use all of them. Therefore, the encryption method that can be used by the controller 10 and the encryption method that can be used by the motor control device 20 are compared, and if they match, encrypted communication is used, and if they do not match, encryption is performed. Communication may not be used.

FIG. 8 is a functional block diagram of the modified example (1). As shown in FIG. 8, in the modification (1), the determination unit 107 is realized in the controller 10. The determination unit 107 is mainly realized by the CPU 11. In this modification, at least one encryption method can be used by the plurality of industrial devices that perform communication, and the determination unit 107 performs encrypted communication based on the encryption method that is common to the plurality of industrial devices that perform communication. Decide which encryption method to use.

The determination unit 107 compares the encryption method that can be used by the controller 10 with the encryption method that can be used by the motor control device 20, and uses the encryption method that matches between them as the encryption method that is used in the encrypted communication. decide. When a plurality of encryption methods match, the determination unit 107 may select any one of the encryption methods at random, or may select them in order of priority as in the modified example (2) described later. You may choose based on. When a plurality of encryption methods match, the encryption method to be used may be used properly according to the type of data, the timing of data transmission, and the like.

It is assumed that the data indicating the encryption method that can be used by the controller 10 is stored in the data storage unit 100 in advance. Further, the data indicating the encryption method that can be used by the motor control device 20 may be stored in the data storage unit 100 in advance, or may be acquired from the motor control device 20. Further, when the available encryption methods between the controller 10 and the motor control device 20 do not match (when there is no common encryption method), the data may be transmitted in plain text to the user. A predetermined alarm may be output.

According to the modification (1), the encrypted communication is surely executed by determining the encryption method to be used among the plurality of industrial devices based on the encryption method common to the plurality of industrial devices that perform communication. be able to.

(2) Further, for example, in the modification (1), when there are a plurality of encryption methods that can be used by the controller 10 and a plurality of encryption methods that can be used by the motor control device 20. The encryption method to be used may be determined based on the priority of the encryption method. In this modification, the data storage unit 100 stores the priority data DT4 indicating the priority of the encryption method.

FIG. 9 is a diagram showing a data storage example of the priority data DT4. As shown in FIG. 9, the priority data DT4 shows the priority of each of the plurality of encryption methods. The priority may be any information that can identify the priority of the encryption method, and may be indicated by a numerical value or a symbol, for example. In the data storage example of FIG. 9, the lower the numerical value, the higher the priority.

When there are a plurality of encryption methods common to a plurality of industrial devices that perform communication, the determination unit 107 of the modification (2) performs encrypted communication based on the priority determined for each of the plurality of encryption methods. Decide which encryption method to use. The determination unit 107 may determine the encryption method having the highest priority among the plurality of encryption methods as the encryption method to be used in the encrypted communication, or the encryption method having the priority equal to or higher than the threshold value among the plurality of encryption methods. Any of the above may be determined as the encryption method used in the encrypted communication.

According to the modification (2), when there are a plurality of encryption methods common to a plurality of industrial devices that perform communication, between the plurality of industrial devices based on the priority set for each of the plurality of encryption methods. By deciding the encryption method to be used in, the optimum encryption method according to the priority can be used and the security can be effectively improved.

(3) For example, in the communication system 1, data may be exchanged for debugging a program, but a plurality of industrial devices that communicate do not perform encrypted communication when debugging is performed. You may do so. For example, the controller 10 determines whether or not it is in the debug mode, and if it determines that it is in the debug mode, it does not perform encrypted communication, and if it determines that it is not in the debug mode, it performs encrypted communication. conduct. The data indicating whether or not the debug mode is set may be stored in the data storage unit 100. For example, when debugging, the user connects a personal computer or the like to the controller 10 and performs an operation indicating that the debug mode is started. In this case, debug mode is started. In the debug mode, the motor control process shown in FIG. 6 is executed, but encrypted communication is not performed.

According to the modification (3), when debugging is performed, debugging can be performed more reliably by not performing encrypted communication.

(4) Further, for example, the above modification may be combined.

Further, for example, in the communication system 1, the communication between the controller 10 and the motor control device 20 may not be encrypted, but the communication between one controller 10 and another controller 10 may be encrypted. Further, for example, the communication between the controller 10 and a computer other than the motor control device 20 (for example, a database server) may be encrypted. Further, for example, when the motor control devices 20 can communicate with each other, the communication between one motor control device 20 and another motor control device 20 may be encrypted. Further, for example, the determination unit 101, the setting unit 102, and the determination unit 107 may be realized not by the controller 10 but by the motor control device 20, or may be realized by another computer.

Further, the embodiments described above are shown as specific examples, and the invention disclosed in the present specification is not limited to the configuration of these specific examples or the data storage example itself. Those skilled in the art may modify various modifications to these disclosed embodiments, for example, the shape and number of physical configurations, the data structure, and the execution order of processing. It should be understood that the technical scope of the invention disclosed herein also includes such modifications.

1 communication system, N network, 10 controller, 20 motor controller, 11,21,31 CPU, 12,22,32 storage unit, 13,23,33 communication unit, 24 SOC, 30 motors, 40 sensors, 50 encoders, 100,200 data storage unit, 101 judgment unit, 102 setting unit, 103,201 encryption unit, 104,202
Transmitter, 105, 203 Receiver, 106, 204 Decryptor, 107 Determinator, 241 Cryptographic chip, DT1 model data, DT2 setting data, DT3 type data, DT4 priority data.

Claims (10)

The master device is a communication system that transmits command data by synchronous communication to each of a first slave device that is a predetermined model and a second slave device that is not the predetermined model.
The master device is
As soon as the receiving device receives data from the transmitting device, the first command data transmitted to the first slave device is encrypted by synchronous communication for executing processing and returning the processing result as a response , and the above. The second command data transmitted to the second slave device in synchronous communication is not encrypted, and even if the receiving device receives the data from the transmitting device, the processing is not always executed immediately in asynchronous communication. The third command data transmitted to the first slave device and the fourth command data transmitted to the second slave device by the asynchronous communication are an encryption unit that is not encrypted.
The encrypted first command data is transmitted to the first slave device by the synchronous communication, and the unencrypted third command data is transmitted by the asynchronous communication to the second slave device. , the second instruction data unencrypted transmitted in the synchronous communication, and a transmission unit that transmits the fourth command data unencrypted by said asynchronous communication,
Have,
The first slave device is
From the master device, and the receiving portion of the first command data encrypted received by said synchronous communication, and for receiving the third command data unencrypted by said asynchronous communication,
The received in synchronous communication, a decoding unit for decoding the first command data encrypted,
An operating unit that immediately executes the process based on the decrypted first command data and does not immediately execute the process based on the unencrypted third command data.
Have,
The second slave device is
A receiving unit that receives the unencrypted second command data from the master device in the synchronous communication and receives the unencrypted fourth command data in the asynchronous communication.
An operating unit that immediately executes unencrypted processing based on the second command data and does not immediately execute processing based on the unencrypted fourth command data.
Communication system with. The master device is a communication system that transmits command data by synchronous communication to each of a first slave device that is a predetermined model and a second slave device that is not the predetermined model.
The master device is
Even if the receiving device receives the data from the transmitting device, the processing is not always executed immediately. The first command data transmitted to the first slave device is encrypted by the asynchronous communication, and the asynchronous communication is performed. The second command data transmitted to the second slave device is not encrypted, and is a synchronous communication for executing processing and returning the processing result as a response as soon as the receiving device receives the data from the transmitting device. An encryption unit that does not encrypt the third command data transmitted to the first slave device and the fourth command data transmitted to the second slave device in the synchronous communication.
The first slave device, the encrypted first command data is transmitted by the asynchronous communication, and the third command data unencrypted and transmitted in the synchronous communication, the second slave device and transmitting the second command data is not encrypted by the asynchronous communication, and a transmission unit that transmits the fourth command data unencrypted by said synchronous communication,
Have,
The first slave device is
From the master device, and the receiving unit the encrypted first command data has been received by said asynchronous communication, and for receiving the third command data unencrypted by said synchronous communication,
The received asynchronous communication, and a decoding unit for decoding the first command data encrypted,
An operation unit that does not immediately execute the process based on the decrypted first command data and immediately executes the process based on the unencrypted third command data.
Have,
The second slave device is
A receiving unit that receives the unencrypted second command data from the master device by the asynchronous communication and receives the unencrypted fourth command data by the synchronous communication.
An operation unit that does not immediately execute the processing based on the unencrypted second command data and immediately executes the processing based on the unencrypted fourth command data.
Communication system with. The master device is a communication system that transmits command data by synchronous communication to each of a first slave device that is a predetermined model and a second slave device that is not the predetermined model.
The master device is
As soon as the receiving device receives data from the transmitting device, it executes processing and uses synchronous communication to return the processing result as a response, or the receiving device receives data from the transmitting device. Cryptography that encrypts command data with an encryption method according to whether asynchronous communication is used, which does not always execute processing immediately, and whether it is the predetermined model or not. Kabu and
A transmission unit that transmits the encrypted command data to each of the first slave device and the second slave device, and
Have,
Each of the first slave device and the second slave device
A receiver that receives encrypted command data from the master device,
The command data encrypted by an encryption method according to whether the synchronous communication or the asynchronous communication is used and whether or not the user is the predetermined model or the predetermined model. Decryption unit that decodes
An operation unit that immediately executes the process based on the command data received in the synchronous communication and does not immediately execute the process based on the command data received in the asynchronous communication.
Communication system with. The master device, Ri Oh in controller that controls the motor control equipment for controlling the motor, each of the first slave device and the second slave device, Ru said motor controller der,
The communication system according to any one of claims 1 to 3. A communication method in which the master device transmits command data by synchronous communication to each of a first slave device which is a predetermined model and a second slave device which is not the predetermined model.
The master device is
As soon as the receiving device receives data from the transmitting device, the first command data transmitted to the first slave device is encrypted by synchronous communication for executing processing and returning the processing result as a response , and the above. The second command data transmitted to the second slave device in synchronous communication is not encrypted, and even if the receiving device receives the data from the transmitting device, the processing is not always executed immediately in asynchronous communication. The third command data transmitted to the first slave device and the fourth command data transmitted to the second slave device by the asynchronous communication are not encrypted.
The encrypted first command data is transmitted to the first slave device by the synchronous communication, and the unencrypted third command data is transmitted by the asynchronous communication to the second slave device. , the second instruction data unencrypted transmitted in the synchronous communication, and transmits the fourth command data unencrypted by said asynchronous communication,
The first slave device is
From the master device, the encrypted first command data has been received by said synchronous communication, and receives the third command data unencrypted by said asynchronous communication,
The encrypted first command data received in the synchronous communication is decrypted, and the data is decrypted.
The process based on the decrypted first command data is immediately executed, and the process based on the unencrypted third command data is not immediately executed.
The second slave device is
The unencrypted second command data is received from the master device by the synchronous communication, and the unencrypted fourth command data is received by the asynchronous communication.
The process based on the unencrypted second command data is immediately executed, and the process based on the unencrypted fourth command data is not immediately executed.
Communication method. A communication method in which the master device transmits command data by synchronous communication to each of a first slave device which is a predetermined model and a second slave device which is not the predetermined model.
The master device is
Even if the receiving device receives the data from the transmitting device, the processing is not always executed immediately. The first command data transmitted to the first slave device is encrypted by the asynchronous communication, and the asynchronous communication is performed. The second command data transmitted to the second slave device is not encrypted, and is a synchronous communication for executing processing and returning the processing result as a response as soon as the receiving device receives the data from the transmitting device. The third command data transmitted to the first slave device and the fourth command data transmitted to the second slave device in the synchronous communication are not encrypted.
The first slave device, the encrypted first command data is transmitted by the asynchronous communication, and the third command data unencrypted and transmitted in the synchronous communication, the second slave device and transmitting the second command data is not encrypted by the asynchronous communication, and transmits the fourth command data unencrypted by said synchronous communication,
The first slave device is
From the master device, the encrypted first command data has been received by said asynchronous communication, and receives the third command data unencrypted by said synchronous communication,
The encrypted first command data received by the asynchronous communication is decrypted, and the data is decrypted.
The process based on the decrypted first command data is not immediately executed, and the process based on the unencrypted third command data is immediately executed.
The second slave device is
The unencrypted second command data is received from the master device by the asynchronous communication, and the unencrypted fourth command data is received by the synchronous communication.
The unencrypted process based on the second command data is not immediately executed, and the unencrypted process based on the fourth command data is immediately executed.
Communication method. A communication method in which the master device transmits command data by synchronous communication to each of a first slave device which is a predetermined model and a second slave device which is not the predetermined model.
The master device is
As soon as the receiving device receives data from the transmitting device, it executes processing and uses synchronous communication to return the processing result as a response, or the receiving device receives data from the transmitting device. However, the command data is encrypted by an encryption method according to whether asynchronous communication is used, which does not always execute the process immediately, and whether the model is the predetermined model or the predetermined model.
The encrypted command data is transmitted to each of the first slave device and the second slave device, and the encrypted command data is transmitted.
Each of the first slave device and the second slave device
Receives encrypted command data from the master device and receives
The command data encrypted by an encryption method according to whether the synchronous communication or the asynchronous communication is used and whether or not the user is the predetermined model or the predetermined model. Decrypt and
The process based on the command data received in the synchronous communication is immediately executed, and the process based on the command data received in the asynchronous communication is not immediately executed.
Communication method. A master device that transmits command data by synchronous communication to each of a first slave device that is a predetermined model and a second slave device that is not the predetermined model.
As soon as the receiving device receives data from the transmitting device, the first command data transmitted to the first slave device is encrypted by synchronous communication for executing processing and returning the processing result as a response , and the above. The second command data transmitted to the second slave device in synchronous communication is not encrypted, and even if the receiving device receives the data from the transmitting device, the processing is not always executed immediately in asynchronous communication. An encryption unit that does not encrypt the third command data transmitted to the first slave device and the fourth command data transmitted to the second slave device by the asynchronous communication.
The encrypted first command data is transmitted to the first slave device by the synchronous communication, and the unencrypted third command data is transmitted by the asynchronous communication to the second slave device. , the transmission unit the second command data unencrypted and transmitted in the synchronous communication, and for transmitting said fourth command data unencrypted by said asynchronous communication,
A program to function as. A master device that transmits command data by synchronous communication to each of a first slave device that is a predetermined model and a second slave device that is not the predetermined model.
Even if the receiving device receives the data from the transmitting device, the processing is not always executed immediately. The first command data transmitted to the first slave device is encrypted by the asynchronous communication, and the asynchronous communication is performed. The second command data transmitted to the second slave device is not encrypted, and is a synchronous communication for executing processing and returning the processing result as a response as soon as the receiving device receives the data from the transmitting device. An encryption unit that does not encrypt the third command data transmitted to the first slave device and the fourth command data transmitted to the second slave device in the synchronous communication.
The first slave device, the encrypted first command data is transmitted by the asynchronous communication, and the third command data unencrypted and transmitted in the synchronous communication, the second slave device , the transmission unit transmits the second command data is not encrypted by the non-synchronous communication, and for transmitting said fourth command data unencrypted by said synchronous communication,
A program to function as. A master device that transmits command data by synchronous communication to each of a first slave device that is a predetermined model and a second slave device that is not the predetermined model.
As soon as the receiving device receives data from the transmitting device, it executes processing and uses synchronous communication to return the processing result as a response, or the receiving device receives data from the transmitting device. Cryptography that encrypts command data with an encryption method according to whether asynchronous communication is used, which does not always execute processing immediately, and whether it is the predetermined model or not. Kabu,
A transmission unit that transmits the encrypted command data to each of the first slave device and the second slave device .
A program to function as.

Images