JPH1185703A - Human interface operation capability authentication system, software use capability authentication system and its program record medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide the system having high flexibility in operation/use regulation and the security function of operation/use management. SOLUTION: A human interface operation capability authentication system regulating an operation processing on units 2 and 3 in accordance with operation capability is provided with input means 18 and 19, an individual authentication means 15 obtaining identification information for identifying an operator, a capability data storage means 17 storing information of permitted operation types in accordance with respective operators, and an operation capability authentication means 16 retrieving the capability data storage means 17 based on identification information, taking out information of the permitted operation types and transferring operation input to an operation processing only when operation input from the input means 18 and 19 is the permitted operation type.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a human interface operator qualification system, a software qualification system and a human interface operator qualification system for certifying operation qualifications in a plant monitoring device or the like when using software via a network. It relates to a program recording medium.

[0002]

2. Description of the Related Art Monitoring and control devices are widely used for monitoring and controlling plants and the like. This monitoring and control device includes a controller for controlling each device constituting the plant and a monitoring device for further monitoring the controller.

[0003] Various operations on plant equipment and the like are executed by an operator inputting to a monitoring device.
Not everyone can execute this device operation by any operation. When anyone can make any input to the monitoring device, control parameters such as PID control are changed by a person other than a control expert,
This is because problems such as modification of the control program itself may occur.

[0004] Such inconvenience not only hinders normal monitoring and control of a plant or the like, but also may cause a dangerous situation such as a malfunction of a control target. Accordingly, the operation of the monitoring device has been conventionally restricted by the mode key switch according to the qualification of the operator.

FIG. 12 is a diagram showing a switch configuration for performing a conventional operation restriction method. FIG. 1 shows an initialization key switch and a mode key switch of a conventional monitoring device.

The initialize key switch is a switch for initializing the monitoring device, and the mode key switch is for limiting the operation. The mode key switch can be changed to four modes of a lock mode, an operator mode, a supervisor mode and an engineer mode, but this switch operation cannot be performed unless a mode key is inserted.

In the lock mode, only monitoring is possible and no operation can be performed. Also, in the operator mode, an ordinary operator-level operation input can be executed. In the supervisor mode, input of a level operated by a technical person or the like can be performed, and PID parameters can be changed, and any operation that cannot be performed in the operator mode can be performed.
In the engineer mode, maintenance, adjustment, and the like performed by the device supplier can be performed. That is, the operation function is limited by each mode.

To change these modes, a person with a predetermined qualification inserts a mode key into a mode key switch, operates this switch to change the mode, and removes the key to determine the mode.

[0009]

However, the above-described method of restricting an operator to the monitoring apparatus by the mode key switch has the following problems. 1) The operation limit (operation qualification) is fixed to four modes, and it is not possible to set many types of operation restrictions according to the circumstances.

2) The contents of restrictions in each mode cannot be freely set, and further operation restrictions according to the monitoring target and the like cannot be flexibly provided. 3) In the case of the above method, how to manage the mode key is important. That is, if a mode key cannot be prepared immediately when necessary, the operation cannot be performed, which is rather inconvenient. On the other hand, if the mode key is kept held, anyone can change the mode and cannot restrict the operation.

[0011] 4) It is unclear who operated by simply changing the operation mode with the mode key, and it is difficult to confirm to the operator when an important operation is performed.

[0012] As described above, in the conventional operation restriction method in a monitoring apparatus or the like, the flexibility of operation restriction and the security function of operation management are poor, and a human interface operation qualification authentication system having these functions enhanced is demanded.

On the other hand, with the development of computer technology and communication technology, a system has recently been constructed in which an individual user having a computer function accesses a network such as the Internet and a communication destination company or the like supplies an application program. In such a system, the user terminal does not have a large-capacity secondary storage device or advanced peripheral devices, and does not install application programs in the terminal in advance. On the other hand, the software manufacturer that is the communication destination stores applications such as word processing software and CAD software in a server of the company so as to be able to be provided via a network, and connects the server via the network to a hard disk of an individual user on which the application is installed. It is used as if it were.

In such a system, an application is provided via a network according to a contract between a user and a company, so that the software maker needs to restrict use according to the contents of the contract. Therefore, in such a case, there is a need for a software use qualification authentication system having a high flexibility of use restriction and a high security function of use management similar to the case of the monitoring and control device.

The present invention has been made in consideration of such circumstances, and has a human interface operator qualification authentication system and a software use qualification authentication system having a high flexibility of operation / use restriction and a high security function of operation / use management. And its program recording medium.

[0016]

According to a first aspect of the present invention, there is provided a human interface operating qualification authentication system for restricting an operation process on a device according to an operation qualification. In addition, identification information for identifying the operator is obtained.

Further, information on the permitted operation type is stored in the qualification data storage means for each operator. Then, the operating qualification authentication unit searches the qualification data storage unit based on the identification information, and extracts the information of the permitted operation type. Here, when an operation input to the device is performed from the input unit, the operation input is transferred to the operation process by the operating qualification authentication unit only when the operation input from the input unit is the permitted operation type.

Since the present invention is constructed and operated in this manner, the contents of the operation restriction are stored in the qualification data storage means, thereby increasing flexibility, and the security of operation management is enhanced by the personal authentication means and the operation qualification authentication means. be able to.

Next, in a second aspect of the present invention, in the first aspect of the invention, the operating qualification authenticating means stores a history of an operator at least when an operation input is transferred to a device. An operating certification system.

Since the present invention is provided with such means, it is possible to easily confirm the operation later. Claim 3
According to the invention corresponding to the above, the identification information for identifying the operator, which is obtained by the personal authentication means, is fetched from the personal authentication means, and the qualification data storage means is searched based on the identification information to store the qualification data. Means for extracting information of an operation type permitted according to the identification information from the means, and an operation processing for executing a process on the device only when the operation input corresponds to any of the permitted operations. And a computer-readable program recording medium on which a program for executing a process for delivering the program is recorded.

Since the present invention is provided with such means, it is possible to supply a program for realizing the human interface operating qualification authentication system according to the first aspect of the present invention.

Further, according to the invention corresponding to claim 4, in a software use qualification authentication system for restricting use of a program according to use qualification, an individual authentication means
Identification information for identifying a user is obtained.

The qualification data storage means stores information on the types of programs permitted to be used for each user. Then, the software use qualification authentication unit searches the qualification data storage unit based on the identification information, and extracts the information of the program type that is permitted to use. Here, if a program use request is made from the input means, the input from the input means is executed by the software use qualification authentication means only when the requested program is the permitted program. Will be delivered to the part.

Since the present invention is constructed and operates as described above, the contents of the program use restriction are stored in the qualification data storage means, so that the flexibility is enhanced, and the security of the program use management is improved by the personal authentication means and the operation qualification authentication means. Can be higher.

Further, the invention corresponding to claim 5 is:
The identification information for identifying the user, which is obtained by the personal authentication means, is fetched from the personal authentication means, and the qualification data storage means is searched based on the identification information. A process of extracting information of a program type correspondingly permitted to be used;
A computer-readable program that records a program for executing a process of transferring an input from an input unit to a program starting or processing part only when the program use request corresponds to any of the permitted programs. It is a recording medium. Since the present invention is provided with such means, it is possible to supply a program for realizing the software use qualification authentication system according to the present invention.

[0026]

Embodiments of the present invention will be described below. (First Embodiment of the Invention) FIG. 1 is a block diagram showing a configuration example of a supervisory control device to which a human interface operation qualification authentication system according to a first embodiment of the present invention is applied.

The present apparatus is realized by a computer which reads a program recorded on a recording medium such as a magnetic disk and the operation of which is controlled by the program.
The monitoring control device shown in FIG. 1 is configured such that a monitoring device 2 and a controller 3 are connected to a data transmission line 1, and a control target device 5 forming a plant body 4 is connected to each controller 3.

The controller 3 provides control signals and the like to the devices 5 such as various sensors and valve opening / closing devices, receives measurement signals and the like from the devices 5, and issues operation commands to the devices 5 via the data transmission path 1. And data such as measured values and the like with the monitoring device 2.

The monitoring device 2 transmits an operation command based on an input from an operator or the like to the controller 3, receives device control information from the controller 3, sensor measurement values, and the like, and displays these contents on the CRT 11. It has a monitoring function that saves it in the operation history file 12.

The monitoring device 2 includes an input / output unit 13 having the above-mentioned monitoring function, an operation history file, and a human interface operator qualification authentication system main body 14 for providing input from the operator to the input / output unit 13. ing.

In the human interface operator qualification authentication system main unit 14, the identification information obtained by the personal authentication system 15 is input to the operator qualification authentication unit 16, and the operation qualification authentication unit 16 searches the qualification data file 17, and furthermore, Input from the touch panel 18 and the keyboard 19 is given to the input / output unit 13 according to the authenticated qualification.

The personal authentication system 15 acquires the operator's identification information. For example, it comprises an IC card reader that reads an ID number stored from an IC card, a voice identification device, a corneal identification device, a fingerprint identification device, and the like. In the present embodiment, it is constituted by an IC card reader.

The operating qualification authentication unit 16 obtains qualification information, specifically, operation enable / disable information for each operation item from the qualification data file 17 based on the identification information from the personal authentication system 15. In addition, the operation qualification authentication unit 16
Restricts inputs from input devices such as the touch panel 18 and the keyboard 19 based on the acquired operation permission / non-permission information, and outputs only inputs related to operation items that are permitted to be operated to the input / output unit 13. At this time, the operation input history of the operator with respect to the input / output unit 13 is stored in the operator history file 20. The touch panel 18 is an input device provided on the CRT 11 as a display device.

FIG. 2 is a diagram exemplifying the contents of the qualification data file in the present embodiment. Qualification data file 1
As shown in FIG. 7, reference numeral 7 denotes a database which defines whether each operation item can be operated or not for each individual operator corresponding to the ID number. As a result, only the person registered in the qualification data file 17 can operate only the operations permitted in the file 17.

Next, the operation of the thus configured human interface operator qualification authentication system according to the embodiment of the present invention will be described. FIG. 3 is a flowchart showing an operation of the human interface operating qualification authentication system of the present embodiment.

First, an IC card (ID card) of a person who intends to operate the personal authentication system 15 is inserted, and an ID number is read (ST1). When the ID number is obtained (ST2), the qualification data file 17 is opened by the operating qualification authentication unit 16 (ST3), and the ID is obtained.
Operation enable / disable information of each operation item corresponding to the number is searched (ST4).

In step ST4, it is determined whether or not the person corresponding to the read ID number is qualified to operate, and if the person is authorized to operate, data indicating what operations are permitted. That is, the permission / inhibition information of the operation item linked to the ID is read from the qualification data file 17 to the operation qualification authentication unit 16. In the example shown in FIG. 3, the read ID number is “0002”, and the operation permitted for this ID is only “operation m”.

After the reading, the qualification data file 17 is closed (ST5), and the touch panel 18
And an input from an input device such as the keyboard 19 is received (ST6). At this time, the input is accepted based on the operation enable / disable information of each operation item read in step ST4, and the operation is restricted according to the qualification of the operator.

The operation restriction process will be described with reference to FIG. FIG. 4 is a flowchart of the operation restriction processing in the human interface operating qualification authentication system of the present embodiment.

First, the operation qualification authentication unit 16 sets the ID
After the operation enable / disable information of each operation item corresponding to the operation item is acquired, if there is an input for any one of the operation items using the input device (ST11), the operation qualification authentication unit 16 allows the operation of each operation item. It is confirmed whether or not the operation item 1 can be executed with the ID based on the / non-permission information (ST
12a).

If the input from the input device is for the operation item 1 and the operation item 1 can be executed with the ID, the operation input is transferred from the operating qualification authentication unit 16 to the input / output unit 13 and executed. If not possible, the operation is ignored (ST13a).

Similarly, it is confirmed whether or not the operation input from step ST11 can be executed with the ID for the operation items 2 to m (ST12b to 12n). If the input from the input device is for any one of the operation items 2 to m and the operation items 2 to m can be executed with the ID, the operation input is transmitted from the operating qualification authentication unit 16 to the input / output unit 13. If not executable, the operation is ignored (ST13b to ST13n).

As described above, when the operator inserts the IC card and makes an input to the input device, the operating qualification authentication unit 16 transfers only the input of the operation items permitted to the operator to the input / output unit. It will be.

At this time, the operator ID number, the operation start time and the operation end time are stored in the operator history file 20 as the operator history, as shown in FIG.

FIG. 5 is a diagram exemplifying the contents of the operator history file stored by the operating qualification authentication unit of the present embodiment. The contents of the operator history file 20 can be displayed on the CRT 11 by the input / output unit 13. It should be noted that the ID number and the name of the corresponding operator are displayed on the CRT 11 for easy understanding.

On the other hand, the operation history file 12 stores operation commands to the controller 3 and the like, device control information from the controller 3, sensor measurement values, and the like, for example, as shown in FIG.

FIG. 6 is a diagram exemplifying the contents of the operation history file of the present embodiment. The contents of the operation history file 12 can also be displayed on the CRT 11 by the input / output unit 13.

Therefore, by comparing the display contents from the operator history file 20 and the display contents from the operation history file 12, it is possible to confirm which operation has been performed by whom.

As described above, the human interface operation qualification authentication system according to the embodiment of the present invention includes the operation qualification authentication unit 16, and based on the ID number acquired by the personal authentication system 15, the qualification data file 17 The operation enable / disable information of each operation item corresponding to the ID is taken out, and the input of only the permitted operation items is accepted from the input device, so that the operation enable contents can be set for each operator, It also eliminates the need to use mode keys that are difficult to manage,
It is possible to provide a system with extremely high flexibility in operation restriction and security functions for operation management.

More specifically, the operation can be restricted individually according to the job type and level of the operator. In addition, since the ID from the personal authentication system 15 is collated in the qualification data file 17 to restrict the operation, the operation of an outsider who is not registered in the qualification data file is not accepted, which contributes to the improvement of the security function.

In the human interface operating qualification authentication system of the present embodiment, the operator history file 20 is provided so that the contents of the operation history file 12 can be compared with each other. Can be easily confirmed. As a result, when an accident or abnormal situation occurs in the plant, for example, the actual operator can confirm the specific situation at the time of operation, which contributes to elucidation of the cause of the accident or abnormal situation and early recovery. be able to. (Second Embodiment of the Invention) In this embodiment, the information of both the operation history file and the operator history file in the first embodiment is managed integrally and can be displayed simultaneously.

FIG. 7 is a block diagram showing a monitoring apparatus to which a human interface operation qualification authentication system according to a second embodiment of the present invention is applied. The same parts as those in FIG. The description is omitted, and only different portions are described here. Note that FIG. 7 shows only the part of the monitoring device 2, and the display of other parts is omitted.

In the human interface operating qualification authentication system of the present embodiment, the operation history file and the operator history file of FIG. 1 are integrally formed to form an operation operator history file 21, and are the same as in the first embodiment. Is configured.

FIG. 8 is a diagram exemplifying the contents of the operation operator history file of the present embodiment. As shown in the figure, the operation operator history file 21 stores an operator ID number for an operation at each time. In addition,
The operation history for the operation operator history file 21 is stored by the input / output unit 13, and the operator history is stored by the operation qualification authentication unit 16. The contents can be displayed on the CRT 11 by the input / output unit 13.

The thus configured human interface operating qualification authentication system operates in the same manner as in the first embodiment, and also displays information as shown in FIG. .

As described above, the human interface operator qualification authentication system according to the embodiment of the present invention has the same configuration as that of the first embodiment, and also includes the operation history from the operation operator history file 21 at one time. Since the information of the operator corresponding to the information can be extracted and displayed, the same effect as that of the first embodiment can be obtained. In addition, it is possible to more clearly and easily know who performed each operation on the monitoring device 2. Can be. This allows the actual operator to confirm the specific situation at the time of operation.

In the present embodiment, when displaying the operation history and the operator history in association with each other, both files 12, 12
Although the operation operator history file 21 is provided integrally with the file 20, the present invention is not limited to the case where such a file is provided. For example, the operation history file 12
The file structure of the operator history file 20 remains the same as that of the first embodiment, and the input / output unit 13 edits the contents of both files 12 and 20 and performs a display as shown in FIG. You may do so. (Third Embodiment of the Invention) In the first embodiment, once the operation qualification authentication unit 16 acquires the ID, the operation input can be accepted until a series of operations is completed. In the embodiment, a system will be described in which an operation in accordance with an operation qualification can be performed only while an ID number is being input from the personal authentication system.

In the human interface operating qualification authentication system according to the present embodiment, the operating qualification authentication unit 16 performs the input from the input device according to the qualification only while the ID number is being input from the personal authentication system 15. The configuration is the same as that of the first or second embodiment, in addition to receiving.

FIG. 9 is a diagram showing a state of operating the human interface operating qualification authentication system according to the third embodiment of the present invention. As shown in the figure, the operator inserts his / her IC card 22 into the personal authentication system 15 and performs an input operation on the monitoring device 2 in this inserted state.

The human interface operating qualification authentication system at this time will be described with reference to FIG. FIG. 10 is a flowchart showing the operation of the human interface operating qualification authentication system of the present embodiment.

First, the ID number is obtained by inserting the IC card 22 into the personal authentication system 15 by the operator. The ID number x obtained at this time is stored in ID1 (ST21).

Next, if any ID number is input to ID1, that is, if ID1 is not 0, step S is executed.
Proceeding to T23, if ID1 = 0, return to step ST1 (ST22).

In step ST23, step ST23 in FIG.
The same processing as in step 4 is executed, and the permission / inhibition information of the operation item is obtained. Then, ID1 is input to a certain input by the operator.
Input is performed with the operation restriction according to (ST
24). Step ST24 is a process similar to step ST6 shown in FIGS.

When the operation input for one item is completed, the ID number is acquired again from the personal authentication system 15 before receiving the next input. I obtained at this time
The D number y is stored in ID2 (ST25).

Next, ID1 and ID2 are compared, and if they are equal, that is, if x = y (ST2
6) Returning to step ST24, the reception of the operation input is continued. Here, in order to continue the operation input, for example, as shown in FIG. 9, it is sufficient that the IC card 22 is still inserted in the personal authentication system 15. Since the IC card 22 is normally always possessed by each operator, it is unlikely that the IC card 22 will leave with the IC card 22 inserted.

On the other hand, if x is not y (ST26), I
D1 = 0 and the state is returned to the initial state.
The process returns to T21 and waits for input of new identification information from the personal authentication system 15.

As a specific usage form, for example, each operator suspends the IC card 22 with a string from his neck, and when performing an operation, inserts the card 22 into the personal authentication system 15 and permits one or more An operation is performed, and after the operation is completed, the IC card is pulled out and another operation is started.

As described above, the human interface operator qualification authentication system according to the embodiment of the present invention has the same configuration as that of the first or second embodiment, and also has the same identification information from the personal authentication system 15. Since the operation can be continuously performed only when is acquired, more advanced and reliable security management can be performed. Further, even when performing a plurality of operations at once, it is possible to easily perform the operations while maintaining the security function. (Fourth Embodiment of the Invention) In this embodiment, a case will be described in which the configuration of the human interface operating qualification authentication system described in each of the above embodiments is applied to a network system and used as a software use qualification authentication system.

FIG. 11 is a configuration diagram showing an example of a network system to which the software use qualification authentication system according to the fourth embodiment of the present invention is applied. The present apparatus is realized by a computer which reads a program recorded on a recording medium such as a magnetic disk and the operation of which is controlled by the program.

In this network system, a personal user terminal 32 is connected to a communication line 31 such as a public line, and a server 3 such as a company or a university that supplies an application program.
3 are connected to each other.

The terminal 32 connects the input device 34 and the personal authentication system 35 and has a communication function and a CPU.
And a memory, etc., and are configured to execute various application programs. However, this terminal 3
2 basically has no application program installed in advance. The terminal 32 transmits the identification information (ID number) obtained by the personal authentication system 35 to the server 33 via a communication line.

The personal authentication system 35 has the same configuration as the personal authentication system 15 described in the first to third embodiments. The server 33 as a whole functions as a hard disk of the terminal 32 in which various application programs are installed. In this case, the communication line 31 corresponds to a data transmission line to the hard disk.

The server 33 responds to a request received from the terminal 32 via the communication section 41 and receives a qualification data file 42
The software use qualification authentication unit 43 authenticates the qualification based on the content of the information and the transmitted identification information, and transmits the application program 45 stored in the application software file 44 to the terminal 32 via the software execution unit 46 and the communication unit 41. It is supposed to.

The qualification data file 42 has the same configuration as the qualification data file 17 described in the first to third embodiments, and information on which application program is permitted to be used according to the ID number is provided. Has been saved. This application use permission is given, for example, by a contract between the user and the company.

The use qualification authentication unit 43 is configured similarly to the operation qualification authentication unit 16 described in the first to third embodiments, and receives an ID number and an application start request or a program / data transfer request from the terminal 32. Then, the qualification data file 42 is searched, and if the operation of the application is permitted, an application start request or a program / data transfer request is transferred to the software execution unit 46.

The use qualification authenticating section 43 stores the application program 45 to be used and the history of the user in the user history file 47. The software execution unit 46 transfers the program to the terminal 32 via the communication unit 41 in order to start the application program 45 requested from the application software file 44 in response to the request from the terminal 32. When the application program operating in the terminal 32 requests a subprogram, data, and the like, the data and the like are transferred to the terminal 32.

The application software file 44 is
Many application programs 45 are installed in advance. Next, the operation of the software use qualification authentication system configured as described above according to the embodiment of the present invention will be described.

First, when the application user selects a server to be accessed, and further selects an application to be used, the ID acquired by the personal authentication system 35
The terminal 32 sends an application use request to the communication line 31 together with the number.

This use request is received by the communication unit 41 in the server 33 of the communication destination, and the software use qualification authentication unit 4
3 is input. In the software use qualification authentication unit 43, the ID
Based on the number and the contents of the qualification data file 42, if the requesting terminal 32 is qualified to use the application, the use request is delivered to the software execution unit 46.

The program required to activate the corresponding application program is executed by the software execution unit 4.
6 to the terminal 32. When the sub-programs and data need to be further operated by the terminal 32 for the application once activated, the data transfer request from the terminal 32 is sent to the server 3.
3 This data transfer request also includes the ID number, and the server transmits the requested data to the terminal according to the same procedure as at the time of startup. This allows
A state as if the server 33 was the hard disk of the terminal 32 is realized, and the application is executed only to a person who has a legitimate use right.

As described above, in the software use qualification authentication system according to the embodiment of the present invention, the server 33 is provided with the software use qualification authentication unit 43, and obtained by the personal authentication system 35 notified via the network. Based on the ID number, the application program is provided from the qualification data file 42 to the terminal 32 according to the application use permission corresponding to the ID. Therefore, the type of application use permission can be set for each user, and the flexibility of use restriction can be set. And a system with an extremely high security function for use management.

Thus, the company providing the server 33 can easily and flexibly restrict the use of the application provision according to the contents of the contract with the user.
In addition, since the user of the application and the usage status can be stored in the user history file 47, various managements can be performed, and, for example, statistics can be taken to investigate the frequency of use for each application. Can be.

Although the present embodiment has been described in connection with a so-called network computer via a public line, the software use qualification authentication system according to the present invention is not applied only in such a case. For example, in the case of a large computer or a workstation, for example, when one computer is shared by a plurality of persons,
The present invention can also be applied to a case where a common server is provided in N or the like.

The present invention is not limited to the above embodiments, but can be variously modified without departing from the scope of the invention. In addition, the method described in the embodiment includes, for example, a magnetic disk (floppy disk, hard disk, etc.), an optical disk (CD-ROM, DVD
Etc.), stored in a storage medium such as a semiconductor memory, or transmitted and distributed via a communication medium. A computer that implements the present apparatus reads a program recorded on a storage medium, and executes the above-described processing by controlling the operation of the program.

[0085]

As described above in detail, according to the present invention, a human interface operating qualification authentication system, a software usage qualification authentication system and a program thereof having high flexibility of operation / use restriction and security function of operation / use management. A recording medium can be provided.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration example of a monitoring and control device to which a human interface operation qualification authentication system according to a first embodiment of the present invention is applied.

FIG. 2 is an exemplary view illustrating the contents of a qualification data file in the embodiment.

FIG. 3 is a flowchart showing an operation of the human interface operating qualification authentication system of the embodiment.

FIG. 4 is a flowchart showing an operation restriction process in the human interface operating qualification authentication system of the embodiment.

FIG. 5 is an exemplary view exemplifying the contents of an operator history file stored by an operating qualification authentication unit of the embodiment;

FIG. 6 is an exemplary view exemplifying the contents of an operation history file according to the embodiment;

FIG. 7 is a configuration diagram showing a monitoring device to which a human interface operation qualification authentication system according to a second embodiment of the present invention is applied.

FIG. 8 is a view exemplifying the contents of an operation operator history file according to the embodiment;

FIG. 9 is a diagram showing a state of operating a human interface operating qualification authentication system according to a third embodiment of the present invention.

FIG. 10 is a flowchart showing the operation of the human interface operating qualification authentication system of the embodiment.

FIG. 11 is a configuration diagram showing an example of a network system to which a software use qualification authentication system according to a fourth embodiment of the present invention is applied.

FIG. 12 is a diagram showing a switch configuration for performing a conventional operation restriction method.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Data transmission line 2 ... Monitoring device 3 ... Controller 4 ... Plant main body 5 ... Controlled equipment 11 ... CRT 12 ... Operation history file 13 ... Input / output unit 14 ... Human interface operator qualification authentication system main body 15 ... Personal authentication system 16 ... Operating qualification authentication unit 17… qualification data file 18… touch panel 19… keyboard 20… operator history file 21… operation operator history file 22… IC card 31… communication line 32… terminal 33… server 34… input device 35… personal authentication System 42: Qualification data file 43: Software use qualification authentication unit 44: Application software file 45: Application program 46: Software execution unit 47: User history file

Claims (5)

[Claims] 1. A human interface operation qualification authentication system for restricting operation processing on a device according to an operation qualification, an input means for inputting an operation to a device, and a personal authentication for acquiring identification information for identifying an operator. Means, corresponding to each operator, qualification data storage means for storing information of the permitted operation type, searching the qualification data storage means based on the identification information, information of the permitted operation type And an operation qualification authentication means for transferring the operation input to the operation processing only when the operation input from the input means is the permissible operation type. Authentication system. 2. The human interface operator qualification authentication system according to claim 1, wherein the operator qualification authentication unit saves an operator history at least when an operation input is passed to the device. 3. A process for taking in identification information for identifying an operator, obtained by the personal authentication means, from the personal authentication means, and searching the qualification data storage means based on the identification information, thereby obtaining the qualification information. A process of extracting information of an operation type permitted according to the identification information from the data storage unit, and an operation process of executing a process on the device only when the operation input corresponds to any of the permitted operations. A computer-readable program recording medium on which a program for executing the process of delivering the operation input is recorded. 4. A software use qualification authentication system for restricting use of a program according to use qualification, an input means, a personal authentication means for acquiring identification information for identifying a user, and A qualification data storage unit for storing information on a program type permitted to be used; searching the qualification data storage unit based on the identification information to extract the information on the permitted program type; A software use qualifying means for transferring an input from the input means to a program starting or processing part only when the program use request from the program is a permitted program. Eligibility certification system. 5. A process for acquiring identification information for identifying a user, which is obtained by the personal authentication means, from the personal authentication means, and searching the qualification data storage means based on the identification information, thereby obtaining the qualification information. A process of retrieving information on a program type permitted to be used in accordance with the identification information from the data storage unit; and inputting from the input unit only when the program use request corresponds to any of the programs permitted to be used. A computer-readable program recording medium on which a program for executing a process of starting or delivering a program to a processing portion is recorded.