KR101721000B1 - Plant data transmission managing device and method - Google Patents

Plant data transmission managing device and method Download PDF

Info

Publication number
KR101721000B1
KR101721000B1 KR1020150086435A KR20150086435A KR101721000B1 KR 101721000 B1 KR101721000 B1 KR 101721000B1 KR 1020150086435 A KR1020150086435 A KR 1020150086435A KR 20150086435 A KR20150086435 A KR 20150086435A KR 101721000 B1 KR101721000 B1 KR 101721000B1
Authority
KR
South Korea
Prior art keywords
data
factory
equipments
public key
unique identification
Prior art date
Application number
KR1020150086435A
Other languages
Korean (ko)
Other versions
KR20160149457A (en
Inventor
오영규
현동근
이형대
김평중
홍성웅
Original Assignee
주식회사 에이치오텍
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 에이치오텍 filed Critical 주식회사 에이치오텍
Priority to KR1020150086435A priority Critical patent/KR101721000B1/en
Publication of KR20160149457A publication Critical patent/KR20160149457A/en
Application granted granted Critical
Publication of KR101721000B1 publication Critical patent/KR101721000B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • G06F17/30
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An apparatus and method for managing plant facility data transmission and reception are disclosed. An apparatus and method for managing plant facility data transmission and reception according to the present invention receives a public key corresponding to a private key generated in each apparatus from a plurality of factory apparatuses and stores the public key corresponding to a unique identification number of each apparatus on a key database When the combination data in which the unique identification number of each device and the device operation data are combined is encrypted and received from each device with the private key generated in each device, the encrypted combination data is transmitted to the public keys stored in the key database Decrypts the decrypted data by checking whether decrypted data including a unique identification number that matches one of the unique identification numbers stored in the key database exists, Wherein the combination data is stored in the plurality of factory apparatuses Of help to distinguish whether the data transferred from one plant and equipment, and support to help strengthen the security of the device management data.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a plant management system,

The present invention relates to an apparatus and method for managing plant facility data transmission and reception for receiving device operation data generated from operation of each device from a plurality of factory facility devices installed in the factory and transmitting the data to the administrator client terminal .

2. Description of the Related Art [0002] In recent years, a factory automation management system has been introduced, which enables various factory equipment installed in a factory to be connected to a network by a network technology so that control or status monitoring of the factory equipment can be performed remotely.

Such a factory automation management system includes factory facility devices such as generators and the like and a factory facility data transmission / reception management device connected to the network, so that the factory facility data transmission / reception management device receives device operation data from each factory equipment, When the data is transmitted to the terminal, the administrator can confirm the device operation data generated in each factory equipment through the client terminal.

Herein, the device operation data refers to data generated by each plant equipment when the device operation is performed. For example, in the case of an electric power generator, information on the amount of electric power generated by performing electric power generation, Etc., which means data generated according to such device operation.

In this factory automation management system, since the factory facility data transmission / reception management device receives the device operation data from each factory equipment through the network and transmits the device operation data to the administrator client terminal through the network, It is one of the important problems.

If the equipment operation data transmitted by the third party through the network is exposed, there may be a great deal of disruption to the operation of the plant. If the factory is a national important facility such as a nuclear power plant, Which can cause enormous problems.

In addition, there may be various factory facilities in a factory. When a plurality of device operation data are collected from the factory facility devices by the factory facility data transmission / reception management apparatus, it is determined whether the device operation data is transmitted from which factory facility apparatus It is difficult to distinguish between the two.

Therefore, in the factory automation management system, the data transmission / reception which enhances the security of the device operation data transmitted from each factory equipment and clarifies the distinction as to whether the device operation data is transmitted from which factory equipment Research on management techniques is needed.

An apparatus and method for managing plant facility data transmission and reception according to the present invention receives a public key corresponding to a private key generated in each apparatus from a plurality of factory apparatuses and stores the public key corresponding to a unique identification number of each apparatus on a key database When the combination data in which the unique identification number of each device and the device operation data are combined is encrypted and received from each device with the private key generated in each device, the encrypted combination data is transmitted to the public keys stored in the key database Decrypts the decrypted data by checking whether decrypted data including a unique identification number that matches one of the unique identification numbers stored in the key database exists, Wherein the combination data is stored in the plurality of factory apparatuses Of help to distinguish whether any factory data transmitted from the facility device, and to help strengthen the security of the device management data.

The apparatus data transmission / reception management apparatus according to an embodiment of the present invention includes identification information of a plurality of factory apparatuses connected to a network and identification information of each of the plurality of factory apparatuses, A database, a public key request unit for transmitting a public key issue request for data encryption / decryption to the plurality of factory equipments, a plurality of factory equipments each corresponding to a private key for data encryption / decryption and the private key And the public key generated by each of the plurality of factory equipments is received from the plurality of factory equipments by the unique identification number of each of the plurality of factory equipments and the public key generated by each of the plurality of factory equipments, Storing the unique identification number of each of the plurality of factory equipments and the public key in correspondence with each other Wherein the device operation data for each of the plurality of factory equipments from the plurality of factory equipments is stored in a key storage unit, Means for generating a plurality of pieces of combined data having a unique identification number of each of the plurality of factory equipments and a plurality of pieces of data having been encrypted with the private key generated by each of the plurality of factory equipments When the first combination data, which is encrypted by the first private key generated in the first factory facility, is received from the first factory facility among the plurality of factory equipments, Based on the public key generated by each of the plurality of factory equipments stored in the storage unit, And decrypts the decrypted data of the first combination data by using the decrypted data of the first decryption data that includes data matching the first unique identification number of the first factory equipments stored in the key database among the decrypted data of the first combination data Extracts first device operation data for the first plant facility from the first decoded data, and extracts, from the identification information database, identification for the first plant facility corresponding to the first unique identification number An information extracting unit for extracting information, and a data transmitting unit for transmitting the identification information of the first factory equipment and the first device operation data to an administrator client terminal connected to the network.

Also, a method of managing plant equipment data transmission / reception according to an embodiment of the present invention includes storing identification information of a plurality of plant equipment connected to a network and unique identification numbers of the plurality of plant equipment devices corresponding to each other The method comprising the steps of: maintaining an identification information database, transmitting a public key issue request for data encryption / decryption to the plurality of factory equipments, each of the plurality of factory equipments includes a private key for data encryption / decryption, And a public key generated by each of the plurality of factory equipments is received from the plurality of factory equipments and transmitted to the key database The public key of the plurality of factory equipments and the unique identification number of each of the plurality of factory equipments Storing device operating data for each of the plurality of factory equipments from the plurality of factory equipments, wherein the device operation data is stored in the plurality of factory equipments as each of the plurality of factory equipments is operated, Means for storing the operation data generated by the plurality of factory equipments and the operation data generated by the facility equipments, and the combination data in which the unique identification numbers of the plurality of factory equipments are combined, When the first combination data, which is encrypted by the first private key generated in the first factory facility, is received from the first factory facility among the plurality of factory equipments, Based on the public key generated by each of the plurality of factory equipments stored in the storage unit, And decrypts the decrypted data of the first combination data by using the decrypted data of the first decryption data that includes data matching the first unique identification number of the first factory equipments stored in the key database among the decrypted data of the first combination data Extracts first device operation data for the first plant facility from the first decoded data, and extracts, from the identification information database, identification for the first plant facility corresponding to the first unique identification number And transmitting the identification information of the first factory facility and the first device operation data to an administrator client terminal connected to the network.

An apparatus and method for managing plant facility data transmission and reception according to the present invention receives a public key corresponding to a private key generated in each apparatus from a plurality of factory apparatuses and stores the public key corresponding to a unique identification number of each apparatus on a key database When the combination data in which the unique identification number of each device and the device operation data are combined is encrypted and received from each device with the private key generated in each device, the encrypted combination data is transmitted to the public keys stored in the key database Decrypts the decrypted data by checking whether decrypted data including a unique identification number that matches one of the unique identification numbers stored in the key database exists, Wherein the combination data is stored in the plurality of factory apparatuses Of help to distinguish whether the data transferred from one plant and equipment, and support to help strengthen the security of the device management data.

FIG. 1 is a block diagram of a plant facility data transmission / reception management apparatus according to an embodiment of the present invention.
2 is a flowchart illustrating a method of managing transmission / reception of factory facility data according to an embodiment of the present invention.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention. Like reference numerals are used for like elements in describing each drawing.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprises" or "having" and the like are used to specify that there is a feature, a number, a step, an operation, an element, a component or a combination thereof described in the specification, But do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries are to be interpreted as having a meaning consistent with the contextual meaning of the related art and are to be interpreted as either ideal or overly formal in the sense of the present application Do not.

Hereinafter, embodiments according to the present invention will be described in detail with reference to the accompanying drawings.

FIG. 1 is a block diagram of a plant facility data transmission / reception management apparatus according to an embodiment of the present invention.

Referring to FIG. 1, a plant facility data transmission / reception management apparatus 110 according to an embodiment of the present invention includes an identification information database 111, a public key request unit 112, a key storage unit 113, a data reception unit 114 An information extracting unit 115, and a data transferring unit 116.

The identification information database 111 is provided with identification information for a plurality of factory apparatuses 131, 132, and 133 connected to the network and unique identification numbers of the plurality of factory apparatuses 131, 132, Is stored.

Here, the plurality of factory equipments 131, 132 and 133 means equipments installed in the factory, and in the case of a power plant, a device such as a generator may be applicable.

The identification information for the plurality of factory equipments 131, 132, and 133 is identification information such as a name arbitrarily given by an administrator to identify each factory equipments, and the plurality of factory equipments 131 132, and 133 is a unique identification number assigned to each factory apparatus such as a MAC (Media Access Control) address assigned to each of the plurality of factory apparatuses 131, 132, and 133 it means.

According to an embodiment of the present invention, information may be stored in the identification information database 111 as shown in Table 1 below.

Factory Equipment Identification information for devices Factory Equipment Unique identification of devices  number Factory Equipment 1 Identification number 1 Factory Equipment 2 Identification number 2 Factory Equipment 3 Identification number 3 ... ...

The identification information of the plurality of factory equipments 131, 132 and 133 and the unique identification numbers of the plurality of factory equipments 131, 132 and 133 are associated with each other on the identification information database 111 The public key request unit 112 transmits a public key issue request for data encryption and decryption to the plurality of factory equipments 131, 132, and 133 in a state of being stored.

At this time, each of the plurality of factory equipments 131, 132, and 133 generates a private key for data encryption and decryption corresponding to the public key issue request and a public key corresponding to the private key, And stores the public key in the memory of the factory facility devices, and transmits the public key to the facility facility data transmission / reception management device 110.

At this time, when each of the plurality of factory equipments 131, 132, and 133 generates a private key for data encryption and decryption and a public key corresponding to the private key, Receives the public key generated by each of the plurality of factory equipments 131, 132 and 133 from the plurality of factory equipments 131, 132 and 133 The unique identification number of each of the plurality of factory equipments 131, 132, and 133 and the public key may be stored in correspondence with each other on a key database (not shown).

As a result, information may be stored in the key database as shown in Table 2 below.

Factory Equipment Unique identification of devices  number Public keys created by plant facility devices Identification number 1 Public key 1 Identification number 2 Public key 2 Identification number 3 Public key 3 ... ...

After the information is stored on the key database as shown in Table 2, the plurality of factory equipments 131, 132, and 133 are operated by the plurality of factory equipments 131, 132, and 133, After generating device operation data for each of the facility devices 131, 132, and 133, combinatorial data in which the device operation data and the unique identification numbers of the plurality of plant facility devices 131, 132, and 133 are combined is generated can do.

Then, the plurality of factory equipments 131, 132, and 133 perform encryption with the private key generated by each of the plurality of factory equipments 131, 132, and 133 with respect to the combination data, To the factory facility data transmission / reception management apparatus 110.

For example, if the factory apparatus 1 (131) generates the 'apparatus operation data 1', the unique identification number of the factory apparatus 1 (131) is referred to as 'identification number 1' If the private key is 'private key 1', the factory equipment 1 (131) generates 'combination data 1' which is a combination of 'device operation data 1' and 'identification number 1' To the factory facility data transmission / reception management apparatus 110, the 'combination data 1' after the encryption with the 'private key 1' is completed.

At this time, the data receiving unit 114 receives the device operation data for each of the plurality of factory equipments 131, 132, 133 from the plurality of factory equipments 131, 132, 133 and the plurality of factory equipments 131, 132, and 133 may be configured to receive data encrypted with the private key generated by each of the plurality of factory equipments 131, 132, and 133 with respect to the combined data in which unique identification numbers are combined.

If the first combination data, which is encrypted by the first private key generated in the first factory facility, is transmitted from the first factory facility among the plurality of factory facilities 131, 132, and 133 through the data receiving unit 114 The information extracting unit 115 decrypts the first combination data based on the public key generated by each of the plurality of factory equipments 131, 132, and 133 stored on the key database If there is first decoded data including data matching the first unique identification number of the first factory equipments stored in the key database among the decoded data of the first combination data , Extracts first device operation data for the first plant facility from the first decryption data, and extracts, from the identification information database (111) Which extracts the identification information for the first plant equipment.

The data transfer unit 116 transfers the identification information of the first plant facility and the first device operation data to the administrator client terminal 140 connected to the network.

For example, the first factory facility is referred to as a factory facility 1 (131), the factory facility 1 (131) generates 'device operation data 1' and the unique identification number of the factory facility 1 (131) And the public key corresponding to the private key 1 is 'public key 1', as shown in FIG.

At this time, when the 'combination data 1' encrypted by the 'private key 1' generated in the factory facility 1 (131) is received from the factory facility 1 (131) through the data reception unit 114, The unit 115 decrypts the 'combination data 1' based on the public keys generated by the plurality of factory equipments 131, 132, and 133 stored in the key database as shown in Table 2 You can try.

If the decrypted data is decrypted using the public keys stored in the key database for the 'combined data 1', the decrypted decrypted data is' If there is decoded data including data matching the identification number 1 ', the information extraction unit 115 extracts' device operation data 1' for the plant facility 1 (131) from the decoded data, It is possible to extract the identification information for the factory apparatus 1 (131) corresponding to the 'identification number 1' from the server (111).

In this embodiment, since the public key corresponding to the 'private key 1' among the public keys stored in the key database is 'public key 1', when the combination data is decrypted using the 'public key 1' Data corresponding to the 'identification number 1' will exist on the decrypted data, and the information extracting unit 115 extracts the 'device operation data 1' from the decrypted data decrypted with the 'public key 1' You can do it.

When the information extraction unit 115 extracts the identification information for the plant facility 1 131 and the device operation data 1, the data transfer unit 116 transmits the identification information for the plant facility 1 131 And the 'device operation data 1' to the administrator client terminal 140 connected to the network.

The plant facility data transmission / reception management apparatus 110 according to the present invention receives the public key corresponding to the private key generated in each device from the plurality of factory equipments 131, 132, and 133, When the combination data in which the unique identification number of each device and the device operation data are combined is encrypted and received by the private key generated by each device, It is attempted to decode the decrypted data with the public keys stored in the key database to check whether decrypted data including a unique identification number corresponding to one of the unique identification numbers stored in the key database exists, Based on a unique identification number included in the data, May support devices (131, 132, 133) of the support to distinguish whether the transfer from any plant equipment data, and to increase the security for the device management data.

According to an embodiment of the present invention, the data transfer unit 116 receives an administrator ID and an administrator password of an administrator using the administrator client terminal 140 from the administrator client terminal 140, Encrypts the first part data by using the data for the manager ID as the first secret key after dividing the operation data into the first part data and the second part data and uses the data on the manager secret as the second secret key And transmit the encrypted first part data and the second part data to the administrator client terminal 140. [

At this time, when the encrypted first part data and the second part data are received, the administrator client terminal 140 decrypts the first part data using the data for the manager ID as the first secret key, It is possible to decrypt the second part data by using the data on the password as the second secret key, and to reconstruct the first device operation data by combining the decrypted first part data and the second part data.

That is, when transmitting the first device operation data to the administrator client terminal 140, the factory facility data transmission / reception management device 110 divides the first device operation data into two pieces of data, The data is encrypted and transmitted to the administrator client terminal 140, thereby further enhancing data security.

According to an embodiment of the present invention, the public key request unit 112 transmits a public key issue request for data encryption / decryption to a plurality of plant equipments 131, 132, and 133 at predetermined period intervals Lt; / RTI >

At this time, the plurality of factory equipments 131, 132, and 133 access the private key and the private key for the data encryption decryption in the predetermined period interval corresponding to the public key issue request received at the predetermined period interval. Lt; RTI ID = 0.0 > public key < / RTI >

Through this, the plant facility data transmission / reception management apparatus 110 according to the present invention can change the private key and the public key used for encryption / decryption in data transmission / reception with a plurality of plant facility devices 131, 132, and 133 , Can further enhance data security.

According to an embodiment of the present invention, the public key request unit 112 transmits a public key issue request for data encryption / decryption to the plurality of factory equipments 131, 132, and 133 at the predetermined period intervals 132, and 133 on the device operation data of each of the plurality of factory equipments 131, 132, and 133, Data insertion position information can be transmitted.

At this time, a plurality of factory equipments 131, 132, and 133 are installed on the plurality of factory equipments 131, 132, and 133 on the basis of the data insertion position information, The combination data can be generated by inserting the unique identification numbers of the first, second, and third storage units 131, 132, and 133, respectively.

At this time, the information extracting unit 115 extracts information from the first factory facility among the plurality of factory equipments 131, 132, and 133 by using the first private key generated in the first factory facility, When the first combination data is received, attempts to decrypt the first combination data based on the public key generated by each of the plurality of factory equipments (131, 132, 133) stored on the key database, Extracting data on a position at which the unique identification number is inserted from the decoded data for the first combination data based on the data insertion position information and storing the decoded data for the first combination data in the key database If there is the first decoded data including data matching the first unique identification number for the first factory equipment, Extracting the first device operation data for the first plant facility from the data and extracting the identification information for the first plant facility corresponding to the first unique identification number from the identification information database 111 have.

Hereinafter, the operations of the public key request unit 112, the plurality of factory equipments 131, 132, and 133, and the information extraction unit 115 will be described in detail, for example.

First, the public key request unit 112 transmits a public key issue request for data encryption / decryption to the plurality of factory equipments 131, 132, and 133 at the predetermined period intervals, The third bit value in the bit stream of the device operation data is set to the position where the unique identification number of each of the plurality of factory equipments 131, 132, 133 is inserted on the device operation data for each of the devices 131, 132, Next, data insertion position information for inserting a data bit value for the unique identification number can be generated and transmitted to the plurality of factory equipments 131, 132, and 133.

In this case, the plurality of factory equipments 131, 132, and 133 select the third bit from the bit stream of the device operation data for each of the plurality of factory equipments 131, 132, and 133, Value, the unique identification number of each of the plurality of factory equipments 131, 132, and 133 may be inserted to generate the combination data.

The combination data 1 'generated by combining the' device operation data 1 'and the' identification number 1 'from the factory facility 1 (131) through the data reception unit 114 is encrypted with the' private key 1 ' When data is received, the information extracting unit 115 extracts the 'combination' based on the public key generated by each of the plurality of factory equipments 131, 132, and 133 stored in the key database as shown in Table 2 Extracts data located after the third bit value from the decoded data for the 'first combination data' based on the data insertion position information, extracts data from the extracted data, It is possible to judge whether there is data matching the unique identification number stored in the database.

If there is decoded data including data matching 'identification number 1' which is a unique identification number of the factory apparatus 1 (131), the information extracting unit (115) extracts the decoded data From the identification information database 111 and extracts identification information for the plant facility 1 (131) corresponding to the identification number 1 from the identification information database 111, extracts the device operation data 1 from the plant facility 1 (131) can do.

As a result, the plant facility data transmission / reception management apparatus 110 according to the present invention requests a plurality of factory facility devices 131, 132, and 133 to issue a public key for data encryption / decryption at predetermined intervals, And transmits data insertion position information for a position at which a unique identification number is to be inserted on the operation data, so that a plurality of factory equipments 131, 132, and 133 transmit data insertion position information on the device operation data By inserting the unique identification number, the data combination method for the combination data received from the plurality of factory equipments 131, 132, and 133 can be changed every cycle, thereby further enhancing data security.

According to an embodiment of the present invention, the plant facility data transmission / reception management apparatus 110 may further include an authority class database 117, a security class database 118 and a class table holding section 119, The transmitting unit 116 may include a security class extracting unit 120, an authority class extracting unit 121, and a transmitting unit 122.

Different privilege classes for data access are stored corresponding to the unique identification numbers of each of the plurality of factory equipments 131, 132, 133 in the authority class database 117.

For example, information may be stored in the rights class database 117 as shown in Table 3 below.

Factory Equipment Unique identification of devices  number Permission rating Identification number 1 Authorization level 1 Identification number 2 Authorization level 1 Identification number 3 Authorization level 3 ... ...

The security level database 118 stores a plurality of administrator IDs and different selected security levels corresponding to the plurality of administrator IDs.

For example, the security level database 118 may store information as shown in Table 4 below.

Admin ID Security rating Manager 1 Security Level 1 Manager 2 Security Level 1 Manager 3 Security Level 2 ... ...

The rating table maintenance unit 119 stores and maintains a rating table in which at least one security level included in each privilege level is recorded in association with each of a plurality of privilege levels.

For example, information may be recorded in the rating table as shown in Table 5 below.

Permission rating At least one security class Authorization level 1 Security Level 1 Authority level 2 Security level 1, security level 2 Authorization level 3 Security level 1, security level 2, security level 3 ... ...

At this time, the security class extracting unit 120 receives the manager ID of the manager using the manager client terminal 140 from the manager client terminal 140, and obtains the security level corresponding to the manager ID from the security level database 118 .

The authority class extracting unit 121 extracts the authority class corresponding to the first unique identification number from the authority class database 117. [

If the extracted security level is recorded in correspondence with the extracted security level in the rating table, the transmitting unit 122 transmits the identification information of the first factory equipment and the first device operation data to the manager To the client terminal (140).

For example, when the manager ID of the manager received from the manager client terminal 140 is 'manager 2', the security class extracting unit 120 receives 'manager 2' from the security level database 118 as shown in Table 4 The security level 1 can be extracted as the security level.

If it is assumed that the first unique identification number is 'identification number 1', the authority class extracting unit 121 extracts an authority class corresponding to 'identification number 1' from the authority class database 117 as shown in Table 3 'Permission level 1' can be extracted.

At this time, since the 'security level 1' corresponds to the 'security level 1' on the level table as shown in Table 5, the transmitting unit 122 notifies the administrator client terminal 140 of the ' And transmits the first device operation data.

As a result, the plant facility data transmission / reception management device 110 according to the present invention assigns different security levels according to the IDs of the administrators, assigns different rights classes for data access according to the factory equipments, Only when the security level is matched to the authority level of the factory facility apparatus, the device operation data and the identification information of the factory facility apparatus are transmitted to the administrator client terminal 140, thereby separating the data access authority according to the security level of the manager .

2 is a flowchart illustrating a method of managing transmission / reception of factory facility data according to an embodiment of the present invention.

In step S210, an identification information database is stored, in which identification information for a plurality of factory equipment connected to the network and unique identification numbers of the plurality of factory equipment devices correspond to each other.

In step S220, a public key issue request for data encryption / decryption is transmitted to the plurality of factory equipments.

In step S230, when each of the plurality of factory equipments generates a private key for decrypting data and a public key corresponding to the private key, the plurality of factory equipments from each of the plurality of factory equipments And the public key generated by each of the plurality of factory equipments, and stores the unique identification number of each of the plurality of factory equipments and the public key in correspondence with each other on the key database.

In step S240, device operation data for each of the plurality of factory equipments is transmitted from the plurality of factory equipments to the plurality of factory equipments in accordance with the operation of each of the plurality of factory equipments The data being encrypted with the private key generated by each of the plurality of factory equipments with respect to the combined data in which the unique identification numbers of the plurality of factory equipments are combined, .

In step S250, when the first combination data, which is encrypted by the first private key generated in the first factory facility, is received from the first factory facility among the plurality of factory equipments, And decrypts the first combination data based on the public key generated by each of the plurality of factory equipments which are stored in the key database among the decrypted data for the first combination data Extracting first device operation data for the first plant facility from the first decoded data if there is first decoded data including data matching the first unique identification number for the first plant facility, An identification database for identifying the first plant facility corresponding to the first unique identification number from the identification information database, The extracts.

In step S260, the identification information on the first plant facility and the first device operation data are transmitted to the network client client terminal.

At this time, according to an embodiment of the present invention, in step S220, a public key issue request for data encryption / decryption may be transmitted to the plurality of factory equipments at predetermined period intervals.

At this time, the plurality of factory equipments transmits the public key corresponding to the private key and the private key for data encryption decryption at the predetermined period interval in response to the public key issuance request received at the predetermined period interval Can be generated.

At this time, according to an embodiment of the present invention, in step S220, a public key issue request for data encryption / decryption is transmitted to the plurality of factory equipments in the predetermined period intervals, It is possible to transmit data insertion position information on a position at which a unique identification number of each of the plurality of factory equipments is to be inserted on the apparatus operation data for each of the facility apparatuses.

At this time, the plurality of factory equipments insert the unique identification number of each of the plurality of factory equipments on the apparatus operation data for each of the plurality of factory equipments based on the data insertion position information, Lt; / RTI >

At this time, when the first combination data, which is encrypted by the first private key generated in the first factory facility, is received from the first factory facility among the plurality of factory equipments in step S250, The method comprising: attempting to decrypt the first combination data based on the public key generated by each of the plurality of factory equipments stored on the key database; Extracting data on a location at which a unique identification number is inserted from the decrypted data for the first combination facility and extracting the first unique identification number for the first factory equipment stored in the key database among the decoded data for the first combination data If there is the first decoded data including the data corresponding to the first decoded data Group may first extract the first device operational data for the plant system, and extracts identification information on the first plant equipment corresponding to said first unique identification code from the identification information database.

According to another aspect of the present invention, there is provided a method for managing plant equipment data transmission and reception, comprising the steps of: Maintaining a rating database, maintaining a security rating database in which a plurality of administrator IDs and a different predetermined security rating corresponding to each of the plurality of administrator IDs are stored, and for each of a plurality of rating classes, And storing and maintaining a class table in which at least one security class included in each privilege class is associated and recorded.

In this case, in step S260, an administrator ID of an administrator using the administrator client terminal is received from the administrator client terminal, and a security level corresponding to the administrator ID is extracted from the security level database. Extracting an authorization level corresponding to the first unique identification number, and if the extracted security level is recorded corresponding to the extracted authorization level in the rating table, And transmitting the first device operation data to the administrator client terminal.

According to an embodiment of the present invention, in step S260, an administrator ID and an administrator password of the administrator using the manager client terminal are received from the manager client terminal, and the first device operation data is stored in the first part Encrypting the first part data by using the data for the manager ID as a first secret key, and using the data for the manager password as a second secret key to divide the second part data And transmit the encrypted first part data and the second part data to the administrator client terminal.

In this case, when the encrypted first part data and the second part data are received, the administrator client terminal decrypts the first part data using the data for the manager ID as the first secret key, The second part data may be decrypted using the second part data as the second secret key, and the first part data and the second part data may be decrypted to restore the first device operation data.

The method of managing transmission / reception of factory facility data according to an embodiment of the present invention has been described above with reference to FIG. Here, the method of managing plant equipment data transmission / reception according to an embodiment of the present invention may correspond to the configuration of the operation of the plant equipment data transmission / reception management apparatus 110 described with reference to FIG. 1, .

The method for managing plant equipment data transmission and reception according to an embodiment of the present invention can be implemented by a computer program stored in a storage medium for execution through a combination with a computer.

In addition, the method of managing plant facility data transmission / reception according to an embodiment of the present invention may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and configured for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

As described above, the present invention has been described with reference to particular embodiments, such as specific constituent elements, and limited embodiments and drawings. However, it should be understood that the present invention is not limited to the above- And various modifications and changes may be made thereto by those skilled in the art to which the present invention pertains.

Accordingly, the spirit of the present invention should not be construed as being limited to the embodiments described, and all of the equivalents or equivalents of the claims, as well as the following claims, belong to the scope of the present invention .

110: Factory facility data transmission / reception management device
111: Identification information database 112: Public key request unit
113: Key storage unit 114: Data receiving unit
115: information extracting unit 116:
117: authority class database 118: security class database
119: rating table holding unit 120: security rating extracting unit
121: authority class extracting unit 122:
131, 132, 133: a plurality of factory equipment devices
140: Administrator client terminal

Claims (12)

An identification information database in which identification information for a plurality of factory apparatuses connected in a network and unique identifiers of respective ones of the plurality of factory apparatuses correspond to each other;
A public key request unit for transmitting a public key issue request for data encryption / decryption to the plurality of factory equipments;
When each of the plurality of factory equipments generates a private key for decrypting data and a public key corresponding to the private key, the unique identification number of each of the plurality of factory equipments from the plurality of factory equipments, A key storage unit receiving the public key generated by each of the plurality of factory equipments and storing the unique identification number of each of the plurality of factory equipments in the key database in correspondence with the public key;
The device operation data for each of the plurality of factory equipments from the plurality of factory equipments, and the device operation data is data for each of the plurality of factory equipments generated in the plurality of factory equipments And a data receiving unit for receiving data encrypted with the private key generated by each of the plurality of factory equipments with respect to the combined data in which the unique identification numbers of the plurality of factory equipments are combined, ;
When the first combination data, which is encrypted by the first private key generated in the first factory facility, is received from the first factory facility among the plurality of factory facilities, The method comprising: attempting to decrypt the first combination data based on the public key generated by each of the factory equipments, and to decrypt the decrypted data of the first combination data, Extracts first device operation data for the first plant facility from the first decoded data if there is first decoded data including data matching the first unique identification number for the device, For extracting the identification information for the first factory equipment corresponding to the first unique identification number A beam extractor; And
A data transmission unit for transmitting identification information of the first factory facility and the first device operation data to an administrator client terminal connected to the network,
Lt; / RTI >
The data transfer unit
And an administrator ID and an administrator password of an administrator using the manager client terminal from the manager client terminal, divides the first device operation data into first part data and second part data, Encrypts the first part data and the second part data by encrypting the second part data by using the data for the administrator password as a second secret key, To the manager client terminal,
The manager client terminal
When the encrypted first part data and the second part data are received, decrypting the first part data by using the data for the manager ID as the first secret key, and transmitting the data for the manager password to the second secret key And restores the first device operation data by decoding the first part data and the second part data using the decoded first part data and the second part data. The method according to claim 1,
The public key request part
Transmitting a public key issue request for data encryption / decryption to the plurality of factory equipments at predetermined cycle intervals,
The plurality of factory equipments
And generates the public key corresponding to the private key and the private key for data encryption decryption at the predetermined periodic interval in response to the public key issue request received at the predetermined periodic interval. 3. The method of claim 2,
The public key request part
Transmitting a public key issue request for data encryption / decryption to the plurality of factory equipments at the predetermined periodic intervals, and transmitting the public key issuance request to the plurality of factory equipments Transmits data insertion position information for a position at which a unique identification number of each of the devices is to be inserted,
The plurality of factory equipments
Generating the combined data by inserting a unique identification number of each of the plurality of factory equipments on the device operation data for each of the plurality of factory equipments based on the data insertion position information,
The information extracting unit
When the first combination data encrypted by the first private key generated in the first factory facility is received from the first factory facility among the plurality of factory facility equipments, And decrypts the first combination data on the basis of the public key generated by each of the plurality of factory equipments, and extracts, from the decrypted data for the first combination data, Wherein the data on the location where the number is inserted is extracted and the data corresponding to the first unique identification number for the first plant facility stored on the key database among the decoded data for the first combination data is included If the first decoded data exists, extracting, from the first decoded data, And extracts identification information for the first plant facility corresponding to the first unique identification number from the identification information database. The method according to claim 1,
An authority class database in which different selected authority classes for data access are stored corresponding to unique ID numbers of the plurality of factory equipments;
A security level database in which a plurality of administrator IDs and different selected security levels corresponding to the plurality of administrator IDs are stored; And
A rating table storage unit for storing and maintaining a rating table in which at least one security level included in each privilege level is recorded in association with each of a plurality of privilege levels,
Further comprising:
The data transfer unit
A security class extraction unit that receives an administrator ID of an administrator using the administrator client terminal from the administrator client terminal and extracts a security level corresponding to the administrator ID from the security level database;
An authorization class extractor for extracting an authorization class corresponding to the first unique identification number from the authorization class database; And
When the extracted security level is recorded in correspondence with the extracted security level in the rating table, transmits the identification information on the first factory equipment and the first device operation data to the administrator client terminal [0050]
The plant facility data transmission / reception management apparatus comprising: delete The method comprising the steps of: maintaining an identification information database in which an identification information database holding unit stores identification information for a plurality of factory equipment connected to a network and unique identification numbers of the plurality of factory equipment;
The public key requesting unit transmitting a public key issue request for data encryption / decryption to the plurality of factory equipments;
When each of the plurality of factory equipments generates a private key for data encryption and decryption and a public key corresponding to the private key, the key storage unit stores the unique key of each of the plurality of factory equipments from the plurality of factory equipments, Receiving an identification number and the public key generated by each of the plurality of factory equipments, storing the unique identification number of each of the plurality of factory equipments and the public key in correspondence with each other on a key database;
Wherein the data receiving unit receives, from the plurality of plant equipments, device operation data for each of the plurality of factory equipments, and the device operation data is transmitted to the plurality of factory equipments Means for receiving data encrypted with the private key generated by each of the plurality of factory equipments with respect to the combined data in which the unique identification numbers of the plurality of factory equipments are combined, ;
When the information extraction unit receives the first combination data encrypted by the first private key generated in the first factory facility apparatus from the first factory facility apparatus among the plurality of factory facility apparatuses, And a decryption unit operable to decrypt the first combination data based on the public key generated by each of the plurality of factory equipments and to decrypt the decrypted data for the first combination data, Extracting first device operation data for the first plant facility from the first decoded data if first decoded data including data matching the first unique identification number exists for the first plant facility, From the identification information database, identification information for the first plant facility corresponding to the first unique identification number ; And
The data transferring unit transmits the identification information of the first factory facility and the first device operation data to the administrator client terminal connected to the network
Lt; / RTI >
The step of transmitting to the administrator client terminal
Wherein the data transferring unit receives the manager ID and the manager password of the manager using the manager client terminal from the manager client terminal and divides the first device operation data into the first part data and the second part data, Encrypts the first part data by using the data for the ID as the first secret key, encrypts the second part data by using the data for the administrator password as the second secret key, 2 part data to the manager client terminal,
The manager client terminal
When the encrypted first part data and the second part data are received, decrypting the first part data by using the data for the manager ID as the first secret key, and transmitting the data for the manager password to the second secret key And decrypting the second part data using the second part data and combining the decrypted first part data and the second part data to restore the first device operation data. The method according to claim 6,
The step of transmitting the public key issue request
Wherein the public key request unit transmits a public key issue request for data encryption / decryption to the plurality of factory equipments at a predetermined cycle interval,
The plurality of factory equipments
And generating the public key corresponding to the private key and the private key for data encryption decryption at the predetermined periodic interval in response to the public key issue request received at the predetermined periodic interval. 8. The method of claim 7,
The step of transmitting the public key issue request
Wherein the public key request unit transmits a public key issue request for data encryption / decryption to the plurality of factory equipments at the predetermined periodic interval, and transmits the public key issue request to the plurality of factory equipments A data insertion position information for a position at which a unique identification number of each of the plurality of factory equipments is to be inserted,
The plurality of factory equipments
Generating the combined data by inserting a unique identification number of each of the plurality of factory equipments on the device operation data for each of the plurality of factory equipments based on the data insertion position information,
The step of extracting the identification information
When the first combination data, which is encrypted by the first private key generated in the first factory facility, is received from the first factory facility among the plurality of factory equipments, And decrypts the first combination data based on the data insertion position information based on the public key generated by each of the plurality of factory equipments stored in the decrypted data Extracts data on a position at which a unique identification number is inserted from among the decrypted data for the first combination data and extracts data corresponding to the first unique identification number for the first factory equipment stored in the key database When there is the first decoded data including the data, A plant facility data transmission / reception management method for extracting the first device operation data for a first plant facility and extracting identification information for the first plant facility corresponding to the first unique identification number from the identification information database . The method according to claim 6,
Maintaining an authority class database in which an authority class database maintaining unit associates and stores different selected authority classes for data access to unique identification numbers of each of the plurality of factory equipments;
Maintaining a security class database in which a plurality of administrator IDs and a different predetermined security class corresponding to each of the plurality of administrator IDs are stored; And
Storing a rating table in which at least one security level included in each privilege class is recorded in association with each of a plurality of privilege classes,
Further comprising:
The step of transmitting to the administrator client terminal
Receiving a manager class ID of a manager using the manager client terminal from the manager client terminal and extracting a security class corresponding to the manager ID from the security class database;
Extracting an authorization class corresponding to the first unique identification number from the authorization class database; And
When the transmitting unit records the extracted security level corresponding to the extracted authorization level in the rating table, the identification information for the first factory equipment and the first device operation data are transmitted to the administrator client terminal Steps to transfer
Wherein the plant equipment data is transmitted and received. delete A computer-readable non-transitory recording medium recording a program for performing the method of any one of claims 6 to 9. A computer program stored in a non-volatile storage medium for executing the method of any one of claims 6 to 9 through a combination with a computer.
KR1020150086435A 2015-06-18 2015-06-18 Plant data transmission managing device and method KR101721000B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150086435A KR101721000B1 (en) 2015-06-18 2015-06-18 Plant data transmission managing device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150086435A KR101721000B1 (en) 2015-06-18 2015-06-18 Plant data transmission managing device and method

Publications (2)

Publication Number Publication Date
KR20160149457A KR20160149457A (en) 2016-12-28
KR101721000B1 true KR101721000B1 (en) 2017-03-29

Family

ID=57724191

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150086435A KR101721000B1 (en) 2015-06-18 2015-06-18 Plant data transmission managing device and method

Country Status (1)

Country Link
KR (1) KR101721000B1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101971538B1 (en) * 2017-09-04 2019-04-23 수상에스티(주) Management method for industrial cloud connector and computer readable record medium on which a program therefor is recorded
KR102089085B1 (en) * 2018-02-21 2020-03-16 주식회사 에이피씨테크 Secure communication device including cryptographic module and communications module for industrial control system
CN108846296B (en) * 2018-07-12 2021-03-19 深圳市雷赛信息科技有限公司 Data encryption method and device, computer equipment and readable storage medium
KR102420741B1 (en) * 2021-08-18 2022-07-14 (주)한컴인텔리전스 Scrubber monitoring data collection apparatus that can collect monitoring data for monitoring of the scrubber and transmit it to an authorized control terminal, and the operating method thereof

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR950012736B1 (en) * 1992-12-29 1995-10-20 재단법인한국전자통신연구소 Terminal security level
KR20120050364A (en) * 2010-11-10 2012-05-18 숭실대학교산학협력단 Security system and method for data communication in factory
KR102008945B1 (en) * 2013-04-26 2019-08-08 에스케이플래닛 주식회사 System and method for public terminal security

Also Published As

Publication number Publication date
KR20160149457A (en) 2016-12-28

Similar Documents

Publication Publication Date Title
CN100380274C (en) Method and system for backup and restore of a context encryption key
CN109040090B (en) A kind of data ciphering method and device
US8661259B2 (en) Deduplicated and encrypted backups
US9020149B1 (en) Protected storage for cryptographic materials
KR101721000B1 (en) Plant data transmission managing device and method
CN104657630A (en) Integrated circuit provisioning using physical unclonable function
CN104636444B (en) A kind of encryption and decryption method and device of database
CN111104691A (en) Sensitive information processing method and device, storage medium and equipment
KR101103403B1 (en) Control method of data management system with emproved security
CN105915502A (en) Method and system for facilitating network joining
CN110768787A (en) Data encryption and decryption method and device
CN112653556B (en) TOKEN-based micro-service security authentication method, device and storage medium
CN101877702A (en) Method and system for activating and authenticating an internet protocol television client
CN110971593B (en) Database secure network access method
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN113489710B (en) File sharing method, device, equipment and storage medium
CN113079001B (en) Key updating method, information processing apparatus, and key updating device
KR101580514B1 (en) Method and apparatus for managing a password by using the seed key and computer readable recording medium applying the same
CN103745164A (en) File secure storage method and system thereof based on environmental identification
CN104506504A (en) Security mechanism and security device for confidential information of card-free terminal
CN111435390A (en) Safety protection method for operation and maintenance tool of power distribution terminal
US9571273B2 (en) Method and system for the accelerated decryption of cryptographically protected user data units
CN111435389A (en) Power distribution terminal operation and maintenance tool safety protection system
CN113886793A (en) Device login method, device, electronic device, system and storage medium
CN117118972A (en) Method, device, equipment and medium capable of recording file circulation process

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant