TW201128334A - Control apparatus and management apparatus - Google Patents

Control apparatus and management apparatus Download PDF

Info

Publication number
TW201128334A
TW201128334A TW099118839A TW99118839A TW201128334A TW 201128334 A TW201128334 A TW 201128334A TW 099118839 A TW099118839 A TW 099118839A TW 99118839 A TW99118839 A TW 99118839A TW 201128334 A TW201128334 A TW 201128334A
Authority
TW
Taiwan
Prior art keywords
program
authentication
unit
control program
processing unit
Prior art date
Application number
TW099118839A
Other languages
Chinese (zh)
Other versions
TWI435192B (en
Inventor
Akihiro Miura
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Publication of TW201128334A publication Critical patent/TW201128334A/en
Application granted granted Critical
Publication of TWI435192B publication Critical patent/TWI435192B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Programmable Controllers (AREA)

Abstract

An objective of the present invention is to render a control program only be able to be operated on a specific PLC. In a control apparatus of the present invention, a control program and a random number are inputted into an access requirement-receiving processor 11, a hash calculation is performed with respect to the random number and a unique serial ID of a PLC 200 by a certificate processor 10b, a dedicated device is selected based on the hash value and a certificate ladder showing the selected dedicated device is generated by a certificate ladder-automatically generating processor 13, and the certificate ladder is inserted into the control program and stored by a certificate ladder-inserting processor 14. When performing the control program, a hash calculation is performed with respect to the random number and the serial ID by the certificate processor 10b, a dedicated device is selected based on the hash value and the selected dedicated device is set into ON by a dedicated device-setting section 17, and the control program is executed by a control program execution control section 16. If a dedicated device same as the certificate ladder is ON, the control program would be accurately operated, while if the dedicated device is not ON, the control program would not be operated.

Description

201128334 六、發明說明: 【發明所屬之技術領域】 本發明係有關防止程式的非法使用的技術。 更具體而言,本發明係有關防止例如儲存於FA (Factory Automation,工廠自動化)系統的PLC (Programmable Logic Controller,可程式邏輯控制器) 的控制程式(階梯程式,Ladder Program)的非法使用的技 術。 【先前技術】 一般而言於FA系統中’作為防止對於不想對其他公 司(他人)公開的控制程式(階梯程式)等的保護資產的非法 存取的手段’係採用利用密碼的方法或將保護資產加密的 方法。 然而,利用密碼的方法有以下課題:關於建立密碼等 的脆弱性,即使例如對控制程式設定密碼並控制存取,在 其控制程式為由複數個開發者存取的情形,由於在複數個 開發者間設定共通的密碼,故容易被他人所推測。 又,由於控制程式與密碼等用以認證的資訊係各別地 B理,且S忍證處理亦為獨立於控制程式之外另外實現者, 故若與控制程式之間無法賦予關聯,則變得不能對控制程 式控制存取。 疋故,有以下課題:雖然採用了將希望保護的資料本 身加ίίδ的方法,但加密上為了管理金鑰而需要特別的硬體 (hardware),裝置變為複雜而昂貴。 322090 4 201128334 又’於FA系統的控制程式(p皆梯程式)中,係對應裝 置的0N/0FF狀態’使傳至控制機器的控制訊號為0N/0FF, 而在程式的執行中無法執行加密或解密的處理。 由此’以不採用加密而防止竄改或監控(monitor)控 制程式的方法而言,係有針對從監控裝置而來之對控制程 式的存取要求依據預先設定的存取權限限制應答的方法 (例如專利文獻1)。 (先前技術文獻) (專利文獻) 專利文獻1:日本特開2005-135165號公報 【發明内容】 (發明欲解決之課題) 如此根據預先設定的對各控制程式的存取權限,限制 對來自監控裝置的存取要求的庫文的 臣的方法,目的為進行從 而並非進行使控制程式僅能在特定 控二以可從_取 PLC,故可於實施了複製的PLC非法^式可寫入至別的 本發明為有鑑於前述之問題點:制程式。 為實現被許可僅使用切定的控制^者’其主要目的 程式),只能在特定的控制裝置上運;:控制程式(階梯. 被非法利用功能者。 汽現防止控制程式 (解決課題的手段) 322090 5 201128334 關於本發明的控制裝置,係包括·· 特有識別資訊記憶部,係記憶獨一無二地設定在前述 控制裝置的特有識別資訊者; 程式輸入部,係將包含成為前述控制裝置的控制處理 對象的對象裝置的裝置號碼且不允許前述控制裝置以外的 裝置進行使用的階梯程式作為主程式予以輸入者; 認證程式生成部,係根據前述特有識別資訊,將防止 前述控制裝置以外的裝置使用主程式的階梯程式生成作為 認證程式者; 程式合成部,係將主程式!認證程式合成為合成程式 者;以及 記憶部,係記憶前述合成程式;其中, 前述認證程式生成部係進行下述操作: 將使用於認證的複數個認證用裝置的裝置號碼作為 認證用裝置號碼予以管理,其中,前述裝置號碼係為擬似 對象裳置的裝置號碼者;根據前述特有識別資訊,選擇一 個以上的認證用裝置號碼;且將包含所選擇的選擇認證用 裝置號碼的階梯程式予以生成為認證程式,該認證程式在 作為前述合成程式與前述主程式一起同時執行之際,若以 獨立於前述認證程式生成部的選擇動作之外的方式根據前 述特有識別資訊正確地選擇前述選擇認證用裝置號碼,而 對於野應於前述選擇認證用裝置號碼的各個選擇認證用裝 置=仃了預定的設定處理’則正確地動作而使前述主程式 也動作,而在作為前述合成程式與前述主程式一同執 6 322090 201128334 行之際,當對於各個前述選擇認證用裝置未執行前述設定 處理部時,則不會正常的動作,而停止前述主程式的動作。 (發明的效果) 於本發明,在主程式的儲存之際,將包含有根據獨一 無二地設定於控制裝置的特有識別資訊所遂擇的選擇認證 用裝置號碼的階梯程式生成作為認證程式,並將認證程式 合成至主程式,於主程式的執行之際若根據特有識別資訊 正確地選擇選擇認證用裝置號碼,而於選擇認證用裝置進 行有設定處理則主程式正常的運作,而在沒有進行設定處 理的情形則藉認證程式使主程式停止。 是故,於控制裝置可正常的使用主程式的同時,在沒 有許可.使用主程式的裝置,則不能使用主移式,而可防止 主程式的非法使用。 【實施方式】 實施形態一至五係說明防止由於儲存於FA系統的PLC 的控制程式(階梯程式)的非法複製,麥製造PLC的仿造品 的技術。 更具體而言,在將控制程式寫入PLC之際,像用用以 個體識別PLC的序列ID以及在工程環境所生成的亂數生成 認證資訊,進行PLC與控制程式的關聯之建立,並從所生 成的認證資訊自動生成可插入於控制程式的認證階梯並插 入控制程式中。 而且,在控制程式的執行時,藉由確認於所插入的認 證階梯是在進行過建立關聯的PLC上執行,以防止非法的 7 322090 201128334 將控制程式複製至別的uΛ , 製造仿造品等的非法利用。 於此,認證階梯係指柄λ s 曰播入屬於主程式的控制程式的階 梯程式,為認證程式的一例。 更具體而言’於控制程式的執行時為了確認符合特定 的裝置號仙專用裝置成為⑽的狀態,而插入於控制程式 的階梯程式係認證階梯。 於實施形態一至五中,的序列Π)及在工程 壞境側生成的亂數作為輪入而於雜湊(hash)函數(單向函 數)生成認證資訊(雜湊值),'並決定用以根據此認證資訊檢 查專用裝置的酬FF的農置號碼。包含有根據此認證資訊 所決定的裝置號碼的_料軸證階梯。 於此所生成的5忍證資訊,由於係以pLC的序列ID作 為輸入藉由雜凑函數所生成,故每個PIX所生成的認證資 訊係相異》 又’控制程式係包含稱為輸入裝置及輸出裝置的成為 PLC的控制處理的對象的對象裝置的裝置號碼的階梯程 式’且不允許受指定的PLC以外的裝置所進行之使用。 控制程式係主程式的—例。 亦將於控制程式插入有認證程式之後的程式稱作合 成程式。 又’專用裝置係指用以記憶設置於PLC内的控制程式 所使用的資料及⑽/OFF訊號的記憶體,其僅能從PLC的韌 體(firmware)設定,且設為即使使用工程環境使用者亦不 能設定者。 322090 201128334 專用裝置係與對象裝置不同,為為了防止控制程式的 非法使用所特別設置的裝置。對專用裝置係設定為擬似對 象裝置的裝置號碼的裝置號碼。且,專用裝置係認證用裝 置的一例’而專用裝置的裝置號碼係認證用裝置號碼的一 例。 又’使用者使用工程環境作成PLC的控制程式之際, 依每個PLC創建用以管理程式、參數、以及認證資訊等的 專案(project)。 根據以上内容,於以下說明各個實施形態一至五。 (第一實施形態) 第1圖係顯示本實施形態的非法利用防止系統的系統 構成例。 於第1圖所示的非法利用防止系統,係用以使儲存於 PLC的控制系統僅可於特定的PLC上執行的FA機器控制程 式的非法利用防止系統。 本實施形態的非法利用防止系統,係分成工程環境侧 電腦(個人電腦,Personal Computer) 100 及 PLC 200 兩大 類。 工程環境侧電腦100係為一種電腦,包括:CPU(中央 處理器,Central Processing Unit)、R0M(唯讀記憶體, Read Only Memory)、RAM(隨機存取記憶體,Random Access Memory)、磁碟裝置、及通訊埠等。 這種情形,用以實現作為工程環境側電腦100的内部 要素所示的功能(「〜部」)的程式係儲存於例如磁碟裝置, 9 322090 201128334 透過CPU適當地讀取這些程式,以執行各功能。 PLC200係記憶屬於階梯程式的控制程式,而CPU執行 控制程式,並進行機器的控制。 工程環境側電腦100係管理裝置之一例,PLC200係控 制裝置之一例。 其中,關於工程環境側電腦100及PLC200的内部構 成係於後陳述。 又,第2圖係顯示本實施形態的運作例的流程圖。 具體而言,第2圖係顯示在將控制程式寫入PLC之際 進行安全性設定,使控制程式及PLC建立關聯時的處理流 程。 第2圖的處理流程的詳細内容係於後陳述。 又,第3圖係顯示於PLC生成認證階梯,將生成的認 證階梯插入控制程式並於PLC儲存控制程式時的處理流 程。 第3圖的處理流程的詳細内容係於後陳述。 第4圖係根據由認證階梯生成用亂數及pLc的序列❿ 生成的認證資訊所自動生成的認證階梯之例。 第4圖的詳細内容係於後陳述。 第5圖係於PLC的電源投入時韌體的初始化處理中, 根據認證資訊設定了專用裝置之際之一例。 第5圖的詳細内容係於後陳述。 接著’使用第1圖,說明構成FA機器控制裎式的非 法利用防止系統的要素,該非法利用防止系統係在執行已 322090 10 201128334 ' 儲存於PLC的控制程式時,確認是在受許可的PLC上執行 者。 首先,說明工程環境側電腦100的構成要素。 元件符號1係工程環境侧電腦100的使用者利用鍵盤 或滑鼠等進行PLC的控制程式製作或參數設定用的輸入 部。 元件符號2係使用者製作PLC的控制程式的控制程式 製作部。 元件符號3係控制程式記憶部,用以儲存於控制程式 製作部2所製作的控制程式者。 元件符號4係存取要求傳送處理部,將對PLC的存取 要求(如將儲存於控制程式記憶部3的控制程式寫入PLC、 或從PLC讀取等)傳送至PLC者。 元件符號5係控制程式寫入要求部,從輸入部1接收 來自使用者的控制程式的寫入指示,讀取儲存於控制程式 記憶部3的控制程式,而對存取要求傳送處理部4進行寫 入至PLC的寫入要求者。 元件符號6a係安全性設定部,用以對於在工程環境 側電腦100製作的控制程式使安全性設定從無效成為有效 者。 元件符號7係生成亂數的亂數生成處理部。 更具體而言,亂數生成處理部7係在安全性設定部6 的安全性設定從無效設定至有效之時在專案(由以FA機器 為單位製作的控制程式及參數設定等所構成的資訊)中所 11 322090 201128334 特有的,作為認證階梯的生成時的輸入所使用的亂數及在 工程環境及PLC間進行認證之際,生成詰問/回應 (Challenge and Response)認證用的亂數(詰問值)。 元件符號8a係認證階梯生成用亂數記憶部,進行於 將安全性設定設為有效時使屬於控制程式的寫入目標的 PLC與控制程式建立關聯,並儲存為了生成認證階梯而於 亂數生成處理部7所生成的亂數者。 元件符號9a係序列ID記憶部,係儲存於將安全性設 定設為有效時從屬於控制程式的寫入目標的PLC所讀取的 用以個體識別PLC的序列ID(例如,製造號碼等)者。 元件符號l〇a係認證處理部’將在工程環境側電腦joo 側所生成的認證資訊及在PLC2 0 0生成的認證資訊作比較 並進行認證者。 更具體而言’認證處理部10a係於對亂數生成處理部 7進行亂數的生成的要求、以及於安全性設定部6a的安全 性設定為有效的情形,對PLC進行控制程式的寫入/讀取 時,為了確認存取目標的PLC為建立關聯的plc,於每次 的嫁§忍以在亂數生成處理部7生成的亂數、錯存於認證階 梯生成用亂數記憶部8a的亂數、以及儲存於序列id記悚 部9a的序列ID作為輸入,以利用雜湊函數生成的雜湊值 作為認證資訊,將此認證資訊與在PLC測生成的認證資訊 作比較並進行認證者。 接著,說明PLC200的構成要素。 元件符號9b係序列ID記憶部,儲存ριχ製造商於成 322090 12 201128334 ' 品出貨時設定且使用者不能修改之用以個體識別PLC的序 列ID(例如,製造號碼等)者。 序列ID係唯一地設定在PLC200,且為特有識別資訊 的一例。 並且,序列ID記憶部9b係特有識別資訊記憶部的一 例。 元件符號6b係安全性設定部,使得用以對控制程式 進行存取限制的安全性設定為有效用者。 安全性設定部6b係與工程環境側的安全性設定同 步,並接收來自於工程環境側的安全性設定的有效化要求 而進行對於儲存在PLC的控制程式之存取限制。 元件符號8b係認證階梯生成用亂數記憶部,儲存和 安全性設定有效化的要求一起傳送來的亂數者。 儲存於認證階梯生成用亂數記憶部8b的亂數,係於 工程環境側電腦100的亂數生成處理部7生成,且與儲存 於認證階梯生成用亂數記憶部8a的亂數為同樣的亂數。 認證階梯生成用亂數記憶部8 b係亂數記憶部的一例。 元件符號11係存取要求接收處理部,在PLC侧受理 從工程環境的存取要求傳送處理部4所傳送來的存取要 求,而執行對應要求内容之處理者。 又,存取要求接收處理部Π係從工程環境側電腦100 輸入控制程式寫入要求與控制程式(階梯程式)。 控制程式如前文所述,係包含成為PLC200的控制處 理對象的對象裝置的裝置號碼的階梯程式,不允許被指定 13 322090 201128334 的聊以:_卜的裝置所作的使用。控制程式係主程式的-例。 又,存取要求接收處理部u係程式輸入部的一例。 兀件符號⑽係進行雜凑演算㈣演算)的認證處理 認證處理部⑽係將儲存於認證階梯生成用亂數記憶 部8b的乱數、儲存於序歹UD記憶部%的序列 於認證資訊的生成請求時所―同發送來的乳數(詰問值)作 為輸入,使用雜凑函數生成雜凑值(回應)者。 更具體而言’認證處理部1〇b係在安全性設定部卟 的文全性ά定變為有效的情形中,早於認證階梯(認證程式: 的生成,對應來自受理了來自工程環境的認證要求的存取 要求接收處理部Π b的§忍證資訊的生成請求,而生成雜凑 值(回應值)。 認證處理部10b係單向演算部的一例。 元件符號12係控制程式寫入處理部,於已接受來自 存取要求接收處理部11的控制程式的寫入要求時,確認安 全性設定部6b的安全性設定’而在安全性設定為有效的情 形指示進入插入認證階梯的處理,在無效的情形則維持在 不包含認證階梯的原本的狀態下,指示進入將控制程式寫 入PLC内的處理者。 元件符號13係生成認證階梯(認證程式)的認證階梯 自動生成處理部。 認證階梯係可直接插入控制程式的階梯程式,係用以 防止PLC200以外的裝置進行控制程式的使用的階梯程式。 14 322090 201128334 認證階梯自動生成處理部13係於將控制程式儲存於 執行用控制程式記憶冑15時,根據於認證處理部10b產生 的雜湊值選擇專用裝置(認證用裝置)中的特定的裝置的號 瑪,而生成包含有所選擇的特定的裝置的號碼(選擇認證用 裝置號碼)的認證階梯。 並且,透過認證階梯插入處理部14將認證階梯與控 制程式合成,儲存於執行用控制程式記憶部15。 又,詳細内容將於後敘述,於控制程式執行控制部Μ 執行控制程式及認證階梯前,認證處理部⑽係獨立於由 認證階梯自動生成處理部13所進行之認證階梯的生成之 外,另行根據序列ID及亂數生成雜湊值,且專用裝置設定 部17根據雜湊值選擇特定的專用裝置的裝置號碼,對於對 應於所選擇的裝置號碼的專用裝置進行預定的設定處理 (使相應專用裝置從OFF狀態到on狀態的設定處理)。 藉由專用裝置设定部17’正確地選擇與包含於認證階 梯的專用裝置的裝置號碼為同樣的裝·置號碼,於對於對應 於該裝置號碼的專用裝置進行設定處理的情形,在控制程 式執行控制部16執行控制程式及認證階梯之際認證階梯 係正常地運作,於是,控制程式係正常地運作。另一方面, 於沒有選擇正確的裝置號碼,結果沒有對正確的專用震置 進行設定處理的情形中,控制程式執行控制部16於執行控 制程式及認證階梯之際認證階梯不會正常地運作,於是, 控制程式的運作停止。 認證階梯自動生成處理部13係認證程式生成部的— 15 322090 201128334 - 例。 且Μ 卩自梯自動生成處理部13係至少生成以下其 中-者··成為包含所選擇的全部的裝置號碼且配置於控制 程式的開頭的認證階梯(開頭認證程式)、以及包含任-個 所選擇的裝置號碼且插入於控制程式的複數個插入位置而 成的兩個以上的認證階梯(插入認證程式)。 、例如帛4圖(a)係配置於控制程式的開頭的認證階 梯的-例,第4圖(b)係插人於控制程式途中的插入位置的 認證階梯的一例。 元件付號14係認證階梯插入處理部,將於認證階梯 自動生成處理部13自動生成的認證階梯與控制程式合成 者。 μ證階梯插入處理部在於控制程式的開頭配置了 ㈣证Ρ白梯的情形(於第4圖(a)中示例的認證階梯的情形) 係配置於控制程式的開頭’在插入於控制程式的途中的插 入位置的認證階梯的情形(於第4圖(b)中示例的認證階梯 的情形)係插入於指定的插入位置。 認證階梯插入處理部14係程式合成部的一例。 且’控制程式及認證階梯合成後的程式亦稱作合成程 式。 元件符號15係執行用控制程式記憶部,儲存在工程 環境侧所製作的控制程式或於認證階梯插入處理部14認 證階梯被合成後的控制程式(合成程式)者。 執行用控制程式記憶部15係程式記憶部的一例。 16 322090 20112^334 元件符號16彳备〜 執行模式的情形,^制程式執仃控制部’在PLC200變成 的控制程式者。㈣存於執行用控制H記憶部】5 控制各式執行控制 元件符號17在宙 糸轾式執行部的一例。 時在聊内㈣置設定部嗜PLC的電源投入 生成用亂數記憶部:刀始化處理中’從由儲存於認證階梯 的序列ID所生:的亂數及儲存於序列ID記憶部9b 定抽出的裝置—的雜凑值抽出專用裝置的裝置號碼,而設 專用2!:所符合的專用裝置為ON者。 "叹疋部17係設定處理部的一例。 境上的:制第1圖、第2圖及第3圖,說明將工程環 的"以式(階梯程式)寫入至PLC時的動作。 式的^說明關於紅程環境侧電腦⑽上製作控制程 、使用者係使用卫程環境側電腦⑽的輸人部1及控制 :式生成部2進行控制程式的製作,而將所製作的控制程 式儲存於控制程式記憶部3。 、接者,說明將在工程環境側電腦1〇〇上製作的控制程 式寫入PLC200之際的初次登錄時的順序。 使用者係將工程環境侧電腦100與PLC200以USB(通 用串列匯流排’Universal Serial Bus)纜線等連接成網路。 接著,使用存取要求傳送處理部4及存取要求接收處 理部11進行工程環境與PLC間的資料接收傳輸。 在使用者使用輸入部1指示了將儲存於控制程式記憶 17 322090 201128334 部3的控制程式寫入至PLC時(第2圖的S201),控制程式 寫入要求部5係從控制程式記憶部3讀取控制程式(S202)。 控制程式寫入要求部5係對安全性設定部6a確認安 全性設定是有效或無效(S203)。 安全性設定為無效的情形,控制程式寫入要求部5係 詢問使用者是否要使安全性設定變為有效。 接收到了來自使用者保持無效的指示的情形,控制程 式寫入要求部5係指示於存取要求傳送處理部4進行控制 程式寫入處理(S209)。 接收到了使用者將安全性設定設為有效的指示的情 形,控制程式寫入要求部5係設定安全性設定部6a為有效 (S204),而對認證處理部10a要求生成建立控制程式及PLC 的關聯用的認證階梯生成用亂數。 接收了亂數生成的要求的認證處理部l〇a係對亂數生 成處理部7要求亂數的生成。 亂數生成處理部7係生成亂數(S205),並傳遞亂數至 認證處理部10a。 認證處理部10a係送回所接收的亂數至控制程式寫入 要求部5。 控制程式寫入要求部5將從認證處理部10a接收到的 亂數儲存於認證階梯生成用亂數記憶部8a(S206),又,對 存取要求傳送處理部4提出附加認證階梯生成用亂數並將 PLC的安全性設定為有效的要求。 存取要求傳送處理部4係在接收了將PLC的安全性設 18 322090 201128334 定設為有效的要求時,對PLC2〇〇的存取要求接收處理部 11要求安全性设定的有效化,並一起傳送認證階梯生成用 亂數而要求做控制裎式及PIX的關聯建立(S2〇7)。且,在 此時間點,控制程式不會傳輸至PLC2〇〇。 於PLC200中,存取要求接收處理部η係在接收了安 全性設定的有效化的要求時,設定安全性設定部讣為有效 (S210)’對認證處理部1〇b要求儲存在工程環境側電腦1〇〇 生成的認證梯生成用亂數,並要求取得pLC的序列id。 認證處理部l〇b係將認證階梯生成用亂數儲存於認證 階梯生成魏數記憶部8b(S2⑴,讀取儲存於序列㈣ 憶部9b的用以個ϋ識別pLC2〇〇的序列㈣送回至存取要 求接收處理部11。 此序歹UD係於出貨pLC時pLC❸製造商任意地設定 、資訊’且為使用者無法設定/變更的資訊。 當從認證處理#通接收序列⑺時,存取要求接收 外部11則於對於安全性設定的有效化的要求 4^ 於工程環境側電腦⑽,存取要求傳送處理部4係在 答的要求接收處理部u的應答時,將附加於應 制、、列⑺送回至控制程式寫入要求部5,控 9a(S^)8寫^要求部5將該序列ID儲存於序列iD記憶部 於本貝施㈣,藉由儲存於認證階梯生成用亂數記憶 322090 201128334 部8a、8b的認證階梯生成用亂數、以及儲存於序列Π)記 憶部9a、9b的PLC的序列ID建立控制程式及plc間的關 聯,而將由此兩個資訊使用雜湊函數所生成的資訊設為認 證資訊。 控制程式寫入要求部5係對存取要求傳送處理部4要 求控制程式的寫入處理,存取要求傳送處理部4係將寫入 要求及控制程式傳送至PLC的存取要求接收處理部 11(S209)(第 3 圖的 S301)。 於PLC200,存取要求接收處理部I〗係在收到了控制 程式的寫入要求時,指示於控制程式寫入處理部12寫入控 制程式。 控制程式寫人處理部12係在㈣控制程式的寫入指 不時認文全性設定部6b的安全性設定(S3〇2),為無效 的情形時縣触_控制程以原本的狀⑽存至執行 用控制程式記憶部15(S309;)。 在安全性設定為有效的情形時,控制程式寫入處理部 12係對於認證階梯自動生成處理部13指示認證階梯的生 成0 =階梯自動生成處理部13係接收來自控制程式寫 =處==的認證階梯的生成指示,對認證處理部⑽ 指不S忍證資訊的生成。 憶部8b的亂數及儲存於序请二階梯生成用亂 ID 5己憶部gb的序歹 Π)卿、_,對礼數及序㈣使用雜凑錢(翠, 322090 20 201128334 ’ 函數)生成認證資訊(雜凑值)(S3 0 6) ’並將所生成的認證資 訊(雜湊值)送回至認證階梯自動生成處理部13。 認證階梯自動生成處理部13係依據從認證處理部i〇b 接收的認證資訊自動生成認證階梯(以認證為目的的階梯 程式)(S307),而對認證階梯插入處理部14指示將自動生 成的認證階梯插入至控制程式。 認證階梯插入處理部14係在使用者使用工程環境侧 電腦PC100所製作的控制程式之特定位置插入於認證階梯 自動生成處理部13所生成的認證階梯(S308)。 認證階梯插入處理部14係將插入了認證階梯的控制 程式(合成程式)儲存至執行用控制程式記憶部 15(S309) ’控制程式的寫入處理即結束。 又,於本實施形態,雖於認證資訊的生成輸入在工程 環境側電腦100生成的亂數及PLC200的序列ID兩者,惟 在此兩個訊號以外,亦可與例如搭載於pLC2〇〇的CPU的 CPII種類組合而生成認證資訊。 由於此CPU種類係為在工程環境上於選擇屬於控制程 式的寫入目的的PLC200之際所禮定的工程環境内所處理 的貝訊,且亦為於PLC200側預先保持於内部的資訊,故係 不會流通於通訊路徑(工程環境及pLC間)上的資訊,則認 證資訊係難以被推測。 接著,使用第4圖及第5圖,說明根據認證資訊之認 也p自梯的生成與插入、以及於π。的電源投入時在執行的 初始化處理中的專用裝置的設定方法。 21 322090 201128334 • 於此,說明將PLC200的序列ID設為例如 「009910987654321」、將認證階梯生成用亂數設為例如 「1234567890」的情形的認證階梯的生成方法。 又,於認證處理部l〇b將認證階梯生成用亂數及序列 ID作為輸入,而將由雜湊函數所生成的認證資訊設為例如 「EA 082 DFE1CBA7816」。 由雜湊函數所生成的認證資訊係利用PLC200的序列 II)生成,由於在別的PLC其序列ID為相異,故不會生成 相同的認證資訊。 於認證階梯自動生成處理部13,將生成的認證資訊以 一位元組(byte)做劃分,所劃分的值係當作專用裝置的裝 置號碼。 例如,若將最初的一位元組的「EA」當作專用裝置的 裝置號碼(十進位表示)時則成為A234。於此的「A」,係使 其代表專用裝置。 同樣地,將第二位元組、第三位元組當作專用裝置的 裝置號碼時,則成為A8、A45、A254、A28、(以下省略)。 如此所選擇的裝置號碼,係相當於選擇認證用裝置號 碼。 又,雖於PLC200的對象裝置的裝置號碼使用「X」等, 而於控制程式以如「X50」示意對象裝置的裝置號碼,但為 了近似於對象装置的裝置號碼,而於認證階梯將專用裴置 的裝置號碼設為「A234」。如此,於認證階梯,係對對象裝 置的裝置號碼使用擬似的裝置號碼。 r V-Ι- ^ ί 5i 22 322090 201128334 於認證階梯自動生錢料13,健據上述的資訊生 成第4圖所示的認證階梯(階梯程式)。 第4圖(a)係包括所選擇的所有裝置號碼(A234、八8、 A45、A254等)’且為配置於控制程式的開頭而成之認證階 梯的一例。 第4圖(a)的s忍證階梯係於執行時確認專用裝置⑼應 A234及A8等的專用裝置)的⑽/〇FF狀態,只要有一個為 OFF狀態的專用裝置的情形,則將用以停止控制程式的執 行的裝置(於第4圖(a)的例子係E99)設為〇N。 由於在PLC係可對控制程式定義執行形式為僅做一次 的執行,或每個固定週期的執行等,故此認證階梯係設定 為於控制程式的執行時僅實施〜次。 又,認證階梯自動生成處理部13係把在上述生成的 認證階梯的專用裝置的裝置號螞當作控制程式的步驟數, 於控制程式的該步驟數的位置杨入認證階梯。 如第4圖(b)所示,例如在上述的例子中專用裝置a234 的情形,係將裝置號碼234當作步驟數,而於控制程式的 第234步驟插入認證階梯。 不過,於插入時係於將裝复號碼排序之後,從數字小 者依順序將認證階梯插入於控制程式的所符合之步驟數 目。 藉此,即使是控制程式的執行中,亦可確認控制程式 正在建立了關聯的PLC上執行。 例如,於將認證階梯寫入於別的PLC而執行之際,專 322090 23 201128334 用裝置的A234為OFF的情形,於第4圖⑻示意的例子中 插入了認證階梯的輸出部的命令係成為不執行(於圖中右 側記載的Y0不會設定為0N)。 是故’控制程式不能正常地運作,連接於孔(:的以 機益亦為不能正常地控制’故可防止控制程式的非法利用。 在第4圖的例子中為了方便說明於認證階梯自動生成 處理部13生成的認證階梯係以階梯圖的形式表示,但實際 上在PLC2 0 0上所生成的说、證階梯係以執行碼的形式生成。 接著’說明關於在PLC200的電源投入時,於勃體的 初始化處理中設定專用裝置之際的運作。 於韌體的初始化處理’專用裝置設定部17係將專用 裝置清除為0,並確認PLC200的安全性設定部61b是否為 有效。 安全性設定為無效的情形,則不對專用裝置做任何設 定。 安全性設定為有效的情形,專用裝置設定部17係對 認證處理部l〇b要求認證資訊的生成,接到此要求的認證 處理部10b係由儲存於認證階梯生成用亂數記憶部8b的亂 數及儲存於序列ID記憶部9b的PLC的序列ID使用雜湊函 數生成認證資訊(雜凑值)。 專用裝置設定部17係收到於認證處理部10b生成的 認證資訊(雜湊值),並以認證階梯自動生成處理部13生成 專用裝置的裝置號碼的方式將認證資訊以一位元組作劃 分’將經劃分的一位元組的值當作裝置號碼,而設定符合 24 322090 201128334 • 該裝置號碼的專用裝置為ON。 於第5圖中所示的例子,係將A234、A8、、 A28的專用裝置設定為⑽的情形。 在韌體的初始化處理結束,PLC200成為執行模式(控 制程式的執行)的情形,控制程式執行控制部16係執行儲 存於執行用控制程式記憶部15的控制程式,並藉由配置於 控制程式的開頭的認證階梯(第4圖(a)),確認於上述初始 化處理所設定的專用裝置的特定裝置的ON/ofF狀態,只要 有一個成為確認對象的專用裳置為OFF的情形,即判斷屬 於控制程式被非法複製的PLC上的運作,而可停止控制程 式的執行。 又,即使是控制程式的執行中,亦藉由插入於控制程 式中的認證階梯(第4圖(b))確認控制程式的非法利用,且 確認為非法利用時’控制程式不會正常運作,故可防止控 制程式的因非法複製在仿造品上的利用。 又’由於PLC係自動生成認證階梯,且於控制程式的 執行時執行認證階梯以判斷非法利用,故可在不會讓使用 者意識下防止控制程式的非法利用。 受許可使用控制程式的PLC200在使用控制程式的情 形中’因為係使用與認證階梯生成時使用的序列ID及亂數 為相同的序列ID及亂數,故於初始化處理中應當會選擇正 確的裝置號碼(與包含於認證階梯的裝置號碼相同的裝置 號碼),而正確地設定專用裝置。’ 是故,在被許可使用控制程式的PLC200,係總是能使 322090 25 201128334 控制程式正常地運作。 另一方面’未被許可使用控制程式的裝置(pLC2〇〇以 外的裝置),因為無法知悉於§忍證階梯生成時於PLC20 0使 用的序列ID及亂數’故無法於初始化處理選擇正確的裝置 號碼,從而,專用裝置不會被正確地設定。 是故’在未被許可使用控制程式的裝置,控制程式的 運作係停止,而無法使用控制程式。 如此’根據本實施形態,對於儲存於PLC的控制程式, 於製作了 PLC的序列ID及控制程式之際,從在工程環境側 生成的亂數生成證貧訊’攸所生成的認證資訊自動生成 可直接插入於控制程式的認證階梯,而於控制程式的執行 時確認是在事先建立了關聯的PLC上執行,藉此可在不讓 使用者意識到下在控制程式及PLC間進行認證,且因應認 證結果停止控制程式的執行,從而得以防止控制程式的非 法利用。 以上’於本實施形態,係說明了一種Μ機器控制程 式的非法利用防止系統: 係於即使將控制FA機器的控制程式(階梯程式)非法 複製至其他的FA機器,在複製有控制程式的FA機器上亦 使控制程式不能正常地運作的FA機器控制系統的非法利 用防止系統, 藉由根據用以對FA機器進行控制程式及參數等的設 疋及確認的工程環境(應用程式,application)及控制程 式’對應輸入機器的指令訊號的0N/FF使輸出機II為 26 322090 201128334 ΟΝ/OFF ’進行财(sequenee)控制(按照事先設定的順序、 條件’使對象如預想般運作者)的PLC戶斤實現的防止控制程 式的非法利用的裝置,包括: 輸入部,係用以對工程環境指示使用者製作控制程 式、輸入參數等、以及功能的執行者; 控制程式製作部,使用者使用前述輸入部製作在孔c 上執行的控制程式(階梯程式)者; 、 控制程式記憶部,係用以儲存在前述控制程式製作部 製作的PLC用控制程式者; 存取要求傳輸處理部,係用以從工程環境對ρίχ要求 控制程式及參數等的寫入/讀取,且接收其應答者; 控制程式寫入要求部,進行用以將儲存於前述控制程 式記憶部的控制程式寫入至PLC的處理; 安全性設定部’用於僅對在工程環境上所製作的控制 程式的安全功能設定為有效的情形者; 乱數生成處理部,用以生成在於PLC生成認證階梯之 際所使用的亂數、與在控制程式及PLC之間進行認證之際 利用的亂數者; 不 認證處理部,接收來自前述控制程式寫入要求部的亂 數生成要求,對前述亂數生成處理部請求亂數的生成,或 為了在控制程式與PLC之間進行認證而從用以個體識別亂 數及PLC的資訊使用雜凑函數(單向函數)生成認證資訊 者; 認證階梯生成用亂數記憶部’用以儲存於前述亂數生 322090 27 201128334 成處理部生成的絲且於ριχ生成認證階梯之際使用的亂 數; 序列ID記恃、都,田,、,^ 心 用以儲存於實施將儲存於前述控制 程式記憶部的控制程式初次寫入於PLC之際,從PLC抽出 之用以個體識別PLC的序列iD(製造號碼等)者; 存取要求接收處理部1以受理來自工程環境的存取 要求^應此麵要細要求⑽傳送至各處理部者; 安全性設定部,僅在使對於儲存於PLC的控制程式的 t全性功迠為有效的情形時設定者; 認證階構生成魏數記憶部,㈣儲存為了生成認證 ㊆ 匕梯而在工程環境側所生成並傳輸來的亂數者; 序列ID記憶部,儲存用以個體識別PLC的序列ID ; 控制程式寫入處理部,接收來自前述存取要求接收處 理部的控難式之寫人要求,進行㈣彳程摘寫入者; 雜凑值生成處理部,在前述安全性設定部的安全性功 能設定為有效的情形,由儲存於前述認證階梯生成用亂數 記憶部的亂數及儲存於前述序列ID記憶部的序列id,使 用與工程環境側的前述認證處理部相同的演算法生成認證 資訊者; 認證階梯自動生成處理部,於PLC寫入控制程式之 際,根據在前述雜湊值生成處理部所生成的雜湊值自動生 成認證階梯者; 認證階梯插入處理部,將於前述認證階梯自動生成處 理部生成的證階梯插入從工程環境傳送來的控制程式 322090 28 201128334 者: ▲ /亍用控制私式s己憶部,在前述安全性設定部的安全 。力Ια定為無效的情% ’係將從I程環境傳送來的控制 式依.、、、原本的I讀存,或者在前述安全性S定部的安 全,功能設定為有效的情形,於前述贿階獅入處理部 儲存插入了認證階梯的控制程式者; 控制程式執行控制部,PLC在變成執行模式的情形, 執仃儲存於前述執行用控制程式記憶部的控制程式者’·以 及 專用裳置設定部,於在PLC的電源投入時搭载於PLC 的fe;體所執行的初始化處理+,根據從 數及序列ID料㈣喊理賴生成_齡,進H 内的專用裝置的設定者。 (第二實施形態) 在本實施形態中,係說明考慮到於工程環境製作的控 制程式的規模及性能面的影響,調整於認證階梯自動生^ 處理部13自動生成的認證階梯的數量的功能。 第δ圖係考慮到控制程式的規模及性能面的影響,調 整自動插入的認證階梯的數量的FA機器控制程式的3非法 利用防止系統的功能構成。 由於工程環境側電腦100的内部構成係與第1圖的構 成相同,故省略說明。 PLC200於本實施形態’係追加有:執行限制時間記憶 部18、認證階梯性能確認部19及認證階梯插入判斷部 322090 29 201128334 . 上述以外的要素係與第1圖所示者相同。 執行限制時間記憶部18係儲存執行由使用者所設定 的控制程式之際的限制時間。 也就是,執行限制時間記憶部18係將控制程式與認 證階梯合成後的程式(合成程式)的執行所需時間的容許範 圍予以記憶為限制時間(容許時間)° 執行限制時間記憶部18係容許時間記憶部的一例。 認證階梯性能確認部19係計算出儲存於執行限制時 間記憶部18的限制時間與控制程式的執行時間的差,並確 認可插入認證階梯的空檔時間。 也就是,認證階梯性能確認部19係預測控制程式的 執行時間,將預測了的控制程式的執行時間(預測所需要時 間)與限制時間的差作為空檔時間計算出。 認證階梯性能確認部19係所需要時間預測部的一例。 認證階梯插入判斷部20係判斷從工程環境側電腦1〇〇 到PLC200的寫入要求的控制程式的規模(例如步驟數)及 對應於在認證階梯性能確認部19計算出的空檔時間而插 入的認證階梯的數量。 也就是,認證階梯插入判斷部20係根據從認證階梯 性能確認部19所計算出的空檔時間(控制程式的執行時間 與限制時間的差),決定包含於認證階梯的袭置號碼的個 數0 此時,認證階梯自動生成處理部13係選擇由認證階 梯插入判斷部20所決定的個數數量的認證用裝置號碼以 30 322090 201128334 * 生成認證階梯。 又"忍證階梯插入判斷部2〇係判斷控制程式的程式 大小疋否在預定的大小以上,若控制程式的程式大小未達 預疋的尺寸則對認證階梯自動主成處理部13使其保留認 證階梯的生成’若控制程式的程式大小在預定大小以上’ 則對蟲證階梯自動生成處理部13指示認證階梯的生成。 §忍證階梯插人判斷部20係個纟決定部及程式大小判 斷部的一例。 按者 况月關於在將控制程式寫入至PLC200的處理 中考慮到控制程式的規模及性能面,而判斷插入的認證 階梯的數量之際的運作。 儲存於執行限制時間記憶部18的限制時間,係於工 程環境側電腦l〇f)出乂由田& t ' 同地從所歧,與㈣程柄寫入相 J也從工耘裱忧侧電腦100 邳 限制時間記憶部18。 夕 〆·存於執行 此限制時間係指於使用者所指定了的時間以 程式的^非得要終賴時間,例如,在將控制程式控」 仃類型没為固定週期的情形等,於指定了的週工N 程式的執行非得要終結的時間。 ,控1 控制程式寫入處理部12係在接 r時,通知認證階梯性能確認部19控制 認證階梯性能確認部19係提取儲存於 錢部18的限制時間,並從控制程式中的命^^夺間 7默5t戽出 201128334 測執行時間,且確認與從執行限制時間記憶部丨8提取的限 制時間的差。 由於對控制程式的各種命令已決定了執行時間(基 準 >’故認證階梯性能確認部丨9係可計算出預測執行時間。 5忍證階梯性能確s忍部19係由此限制時間與預測執行 時間的差,確認認證階梯可插入的空檔時間,並將此空檔 時間傳遞至認證階梯插入判斷部2〇。 認證階梯插入判斷部20係確認接收了窝入要求的控 制程式的規模’如規权小的情形則中止認證階梯的插入(對 §忍證階梯自動生成處理部13使其保留認證階梯的生成), 而將插入認證階梯前的狀態的控制程式儲存於執行用控制 程式記憶部15。 例如’這係為了使懷有惡意的使用者不容易以下述方 式進行認證階梯的生成方法等之解析,即實行假的控制程 式的寫入要求’以將插入了認證階梯的控制程式讀取至工 程環境側’而生成插入於控制控制程式的認證階梯的方法 等。 以中止認證階梯的插入的基準而言,例如,由於在生 成認證階梯之際係以一位元組劃分認證資訊,故在控制程 式的步驟數在256步驟以下的情形,可判斷為中止於控制 程式插入認證階梯。 入判斷 在足夠規模的控制程式的情形中,認證階梯才f201128334 VI. Description of the Invention: [Technical Field to Which the Invention Is Ascribed] The present invention relates to a technique for preventing illegal use of a program. More specifically, the present invention relates to a technique for preventing illegal use of a control program (Ladder Program) of a PLC (Programmable Logic Controller) stored in a FA (Factory Automation) system, for example. . [Prior Art] Generally, in the FA system, 'the means of preventing unauthorized access to protected assets such as control programs (step programs) that are not intended to be disclosed to other companies (others)' is to use passwords or to protect them. The method of asset encryption. However, the method of using a password has the following problems: in the case of establishing a password or the like, even if, for example, a password is set to the control program and the access is controlled, the control program is accessed by a plurality of developers, because of the plurality of developments. A common password is set between the users, so it is easy to be guessed by others. Moreover, since the information for authentication such as the control program and the password is different, and the S-tolerance process is also implemented independently of the control program, if the association with the control program cannot be assigned, the change is changed. It is not possible to control access to the control program. For the sake of this, there is a problem in that the method of adding the data to be protected is added to the method itself, but the encryption requires a special hardware for managing the key, and the device becomes complicated and expensive. 322090 4 201128334 In the FA system control program (p-stairs program), the 0N/0FF state of the corresponding device is set to 0N/0FF, and the control signal transmitted to the control device is 0N/0FF, and encryption cannot be performed during program execution. Or decryption processing. Thus, in the method of preventing tampering or monitoring of the control program without using encryption, there is a method for restricting the response to the control program from the monitoring device according to the preset access authority ( For example, Patent Document 1). (Prior Art Document) (Patent Document) Patent Document 1: JP-A-2005-135165 SUMMARY OF INVENTION [Problem to be Solved by the Invention] Thus, according to a predetermined access authority to each control program, the restriction is from the monitoring. The method of accessing the device requires the method of the library to be performed so that the control program can only be used to control the program, so that the PLC can be written to the PLC. Other inventions have been made in view of the aforementioned problems: programming. In order to be licensed to use only the determined control device's main purpose program, it can only be shipped on a specific control device;: Control program (step.  Those who are illegally using the function. The steam emission prevention control program (means for solving the problem) 322090 5 201128334 The control device according to the present invention includes a unique identification information storage unit that stores a unique identification information uniquely set in the control device; The ladder program that is the device number of the target device to be controlled by the control device and that does not allow the device other than the control device to be used is input as a main program; the authentication program generation unit is based on the unique identification information. It will prevent the device other than the above control device from using the ladder program of the main program to generate the authentication program; the program synthesis unit will be the main program! The authentication program is synthesized as a composition program; and the memory unit stores the synthesis program; wherein the authentication program generation unit performs the following operation: the device number of the plurality of authentication devices used for authentication is used as the authentication device number Management, wherein the device number is a device number that is intended to be a target object; one or more authentication device numbers are selected based on the unique identification information; and a ladder program including the selected device for selecting the authentication device is generated as In the authentication program, when the combination program is executed simultaneously with the main program, the selection authentication device is correctly selected based on the unique identification information independently of the selection operation of the authentication program generation unit. In the case of selecting the authentication device for each of the above-mentioned selection authentication device numbers, the predetermined setting process is performed, and the main program is also operated correctly, and the synthesis program is used together with the main program. On the occasion of 6 322090 201128334 When the selection for each device when the authentication unit does not perform the setting processing, is not the normal operation, and stops the operation of the main program. (Effect of the Invention) In the present invention, when the main program is stored, a ladder program including a selection authentication device number selected based on the unique identification information uniquely set in the control device is generated as an authentication program, and The authentication program is synthesized into the main program, and when the main program is executed, if the authentication device number is correctly selected based on the unique identification information, the main device is normally operated when the authentication device is selected, and the setting is not performed. In the case of processing, the main program is stopped by the authentication program. Therefore, the control device can use the main program normally without permission. Device using the main program, You cannot use the main shift, It can prevent illegal use of the main program.  [Embodiment] Embodiments 1 to 5 describe the prevention of illegal copying of a control program (step program) of a PLC stored in the FA system. The technology of the imitation of the wheat manufacturing PLC.  More specifically, When writing the control program to the PLC, The authentication information is generated using the sequence ID used for the individual identification PLC and the random number generated in the engineering environment. Establish the association between the PLC and the control program, The authentication ladder that can be inserted into the control program is automatically generated from the generated authentication information and inserted into the control program.  and, When controlling the execution of the program, By confirming that the inserted authentication ladder is executed on the PLC that has been associated, To prevent illegal 7 322090 201128334 copy the control program to another uΛ,  Illegal use of counterfeit goods, etc.  herein, The authentication ladder is the step ladder λ s 曰 broadcast into the control program belonging to the main program. An example of a certification program.  More specifically, in order to confirm that the specific device number is in the state of (10) when the control program is executed, The ladder program inserted in the control program is the certification ladder.  In Embodiments 1 to 5, The sequence Π) and the random number generated on the engineering environment side are used as rounds to generate authentication information (a hash value) in a hash function (a one-way function). 'And determine the farmer's number used to check the rewards of the dedicated device based on this certification information. Contains the ladder of the device number determined by this certification information.  The five forbearing information generated here, Since the sequence ID of the pLC is used as an input, it is generated by a hash function. Therefore, the authentication information generated by each PIX is different. The control program includes a ladder program of the device number of the target device that is the target of the control processing of the PLC, which is called the input device and the output device, and is not allowed to be designated. Use by devices other than PLC.  Control program is the main example of the program.  The program after the control program is inserted into the authentication program is also called the synthesizer.  Further, the "dedicated device" refers to a memory for memorizing the data used by the control program installed in the PLC and the (10)/OFF signal. It can only be set from the firmware of the PLC. It is also set to not be configurable even if the user is in the engineering environment.  322090 201128334 The special device is different from the target device. A device specially designed to prevent illegal use of the control program. The dedicated device is set to the device number of the device number of the pseudo-device. And, The dedicated device is an example of the authentication device', and the device number of the dedicated device is an example of the authentication device number.  In addition, when the user uses the engineering environment to create a PLC control program,  Created by each PLC to manage programs, parameter, And a project such as certification information.  Based on the above, Each of the first to fifth embodiments will be described below.  (First Embodiment) Fig. 1 is a view showing an example of a system configuration of an illegal use prevention system according to the present embodiment.  The illegal use prevention system shown in Fig. 1, It is an illegal use prevention system for the FA machine control program that allows the control system stored in the PLC to be executed only on a specific PLC.  The illegal use prevention system of the present embodiment, It is divided into engineering environment side computers (personal computers, Personal Computer) 100 and PLC 200 two categories.  The engineering environment side computer 100 is a computer. include: CPU (central processor, Central Processing Unit), R0M (read only memory,  Read Only Memory), RAM (random access memory, Random Access Memory), Disk device, And communication, etc.  In this case, The program for realizing the function ("~ part") shown as the internal element of the engineering environment side computer 100 is stored in, for example, a disk device.  9 322090 201128334 Read these programs properly through the CPU, To perform each function.  PLC200 is a control program that stores the ladder program. And the CPU executes the control program, And control the machine.  An example of the engineering environment side computer 100 system management device, An example of a PLC200 control device.  among them, The internal structure of the engineering environment side computer 100 and the PLC 200 is described later.  also, Fig. 2 is a flow chart showing an operation example of the embodiment.  in particular, Figure 2 shows the security settings when writing the control program to the PLC. The processing flow when the control program and the PLC are associated.  The details of the processing flow of Fig. 2 are set forth below.  also, Figure 3 shows the authentication ladder generated by the PLC. The process of inserting the generated authentication ladder into the control program and storing the control program in the PLC.  The details of the processing flow of Figure 3 are set forth below.  Fig. 4 is an example of an authentication ladder automatically generated based on authentication information generated by the authentication ladder generation random number and the sequence of pLc.  The details of Figure 4 are set forth below.  Figure 5 is the initialization process of the firmware when the PLC is powered on.  An example of a dedicated device is set based on the authentication information.  The details of Figure 5 are set forth below.  Then, using Figure 1, Explain the elements of the illegal use prevention system that constitutes the FA machine control system. The illegal use prevention system is executed when the control program stored in the PLC is executed 322090 10 201128334 Confirmation is performed on the licensed PLC.  First of all, The components of the engineering environment side computer 100 will be described.  The component symbol 1 is an input unit for controlling the program creation or parameter setting of the PLC by a user of the work environment side computer 100 using a keyboard or a mouse.  The component symbol 2 is a control program creation unit that creates a control program for the PLC.  Component symbol 3 is a control program memory unit. It is stored in the control program created by the control program creation unit 2.  The component symbol 4 is an access request transmission processing unit, The access request to the PLC (such as writing the control program stored in the control program memory unit 3 to the PLC,  Or read from the PLC, etc.) to the PLC.  Component symbol 5 is the control program write request section. Receiving a write instruction from the user's control program from the input unit 1, Reading the control program stored in the control program memory unit 3, On the other hand, the access request transfer processing unit 4 writes a write request to the PLC.  Component symbol 6a is a security setting unit, It is used to make the security setting invalid from the control program created on the engineering environment side computer 100.  The component symbol 7 is a random number generation processing unit that generates a random number.  More specifically, The random number generation processing unit 7 is in the case where the security setting of the security setting unit 6 is from the invalid setting to the valid item (information composed of the control program and parameter setting created by the FA device), 11 322090 201128334 unique, As the random number used for the input of the authentication ladder and the authentication between the engineering environment and the PLC, Generate chaotic (Challenge and Response) authentication random numbers (question value).  The component symbol 8a is a random number memory unit for generating an authentication ladder. When the security setting is enabled, the PLC belonging to the write target of the control program is associated with the control program. The random number generated by the random number generation processing unit 7 for generating the authentication ladder is stored.  Component symbol 9a is a serial ID memory unit, It is stored in the sequence ID for individual identification PLC read by the PLC belonging to the write target of the control program when the security setting is set to valid (for example, Manufacturing number, etc.).  The component symbol l〇a is an authentication processing unit that compares the authentication information generated on the joo side of the engineering environment side with the authentication information generated by the PLC 2000 and authenticates it.  More specifically, the authentication processing unit 10a is a request for generating a random number in the random number generation processing unit 7, And when the security of the security setting unit 6a is set to be valid, When writing/reading the control program to the PLC, In order to confirm that the PLC of the access target is the associated plc, In each of the marriages, the random number generated by the random number generation processing unit 7 is endured. The number of random numbers stored in the random number memory unit 8a for the authentication ladder generation, And the sequence ID stored in the sequence id record portion 9a as an input, Using the hash value generated by the hash function as the authentication information, This certification information is compared with the certification information generated by the PLC measurement and authenticated.  then, The components of the PLC 200 will be described.  Component symbol 9b is a sequence ID memory unit, Storage ριχManufacturer Yu Cheng 322090 12 201128334 'The serial ID of the individual identification PLC that is set at the time of shipment and cannot be modified by the user (for example, Manufacturing number, etc.).  The sequence ID is uniquely set in the PLC 200, It is an example of unique identification information.  and, The sequence ID storage unit 9b is an example of a unique identification information storage unit.  Component symbol 6b is a security setting unit, The security used to restrict access to the control program is set to be effective.  The security setting unit 6b is synchronized with the security setting on the engineering environment side. The access restriction from the control program stored in the PLC is received by receiving the activation request from the security setting on the engineering environment side.  The component symbol 8b is a random number memory unit for generating an authentication ladder. The chaotic number that is transmitted together with the requirements for the storage and security settings.  The random number stored in the random number storage unit 8b for the authentication ladder generation, It is generated by the random number generation processing unit 7 of the engineering environment side computer 100, The random number stored in the random number storage unit 8a for authentication step generation is the same random number.  The authentication ladder generation random number storage unit 8b is an example of a random number storage unit.  The component symbol 11 is an access request receiving processing unit, The PLC side accepts the access request transmitted from the access request processing unit 4 of the engineering environment, And the processor that executes the corresponding content is executed.  also, The access request receiving processing unit inputs a control program writing request and a control program (step program) from the engineering environment side computer 100.  The control program is as described above. A ladder program including a device number of a target device that is a control target of the PLC 200, Chatting with 13 322090 201128334 is not allowed: The use of the device. Control program is the main example of the program.  also, An example of the access request receiving unit u program input unit.  The authentication processing unit (10) is a random number stored in the random number memory unit 8b for authentication step generation, and the authentication processing unit (10) performs the authentication process of the hash calculation (4). The sequence stored in the serial 歹 UD memory part is used as input when the authentication information is generated by the same number of milk (the question value). Use a hash function to generate a hash value (response).  More specifically, the authentication processing unit 1〇b is in the case where the security setting unit 变为 is valid. Earlier than the certification ladder (authentication program:  Generation, Corresponding to the request for the generation of the § forcible information from the access request receiving processing unit Π b that has received the authentication request from the engineering environment, And generate a hash value (response value).  The authentication processing unit 10b is an example of a one-way calculation unit.  The component symbol 12 is a control program writing processing unit. When the write request from the control program of the access request reception processing unit 11 has been accepted, The security setting of the security setting unit 6b is confirmed, and the security setting is valid, and the process of entering the insertion authentication step is performed. In the case of invalidation, it is maintained in the original state without the certification ladder. Instructs to enter the processor that writes the control program into the PLC.  The component symbol 13 is an authentication ladder automatic generation processing unit that generates an authentication ladder (authentication program).  The certification ladder can be directly inserted into the ladder program of the control program. A ladder program for preventing the use of control programs by devices other than PLC200.  14 322090 201128334 The authentication ladder automatic generation processing unit 13 is configured to store the control program in the execution control program memory 胄15. The number of the specific device in the dedicated device (authentication device) is selected based on the hash value generated by the authentication processing unit 10b, The authentication ladder is generated including the number of the selected specific device (the authentication device number is selected).  and, The authentication ladder and the control program are synthesized by the authentication ladder insertion processing unit 14, It is stored in the execution control program storage unit 15.  also, The details will be described later. Before the control program execution control unit executes the control program and the certification ladder, The authentication processing unit (10) is independent of the generation of the authentication ladder by the authentication ladder automatic generation processing unit 13, Generate hash values based on sequence IDs and random numbers. The dedicated device setting unit 17 selects the device number of the specific dedicated device based on the hash value. A predetermined setting process (setting process of the corresponding dedicated device from the OFF state to the on state) is performed for the dedicated device corresponding to the selected device number.  The dedicated device setting unit 17' correctly selects the same device number as the device number of the dedicated device included in the authentication step. In the case of setting processing for a dedicated device corresponding to the device number, The authentication ladder operates normally when the control program execution control unit 16 executes the control program and the authentication ladder. then, The control program works normally. on the other hand,  Did not choose the correct device number, As a result, in the case where the correct dedicated shaking is not set, The control program execution control unit 16 does not operate normally when the control program and the authentication ladder are executed. then,  The operation of the control program stops.  The authentication ladder automatic generation processing unit 13 is an authentication program generation unit - 15 322090 201128334 - an example.  The 自动 卩 automatic generation processing unit 13 generates at least the following: an authentication ladder (starting authentication program) that includes all of the selected device numbers and is placed at the beginning of the control program, And two or more authentication ladders (insertion authentication programs) including any one of the selected device numbers and inserted in a plurality of insertion positions of the control program.  , For example, Figure 4 (a) is an example of an authentication ladder that is placed at the beginning of the control program. Fig. 4(b) is an example of an authentication ladder inserted into the insertion position on the way of the control program.  Component payment number 14 is an authentication ladder insertion processing unit. The authentication ladder and the control program synthesizer automatically generated by the authentication ladder automatic generation processing unit 13 will be generated.  In the case where the syndrome insertion processing unit is configured at the beginning of the control program, (4) the case of the certificate ladder (in the case of the authentication ladder exemplified in Fig. 4(a)) is placed at the beginning of the control program 'inserted in the control program' The case of the authentication step of the insertion position on the way (in the case of the authentication step exemplified in FIG. 4(b)) is inserted at the designated insertion position.  The authentication step insertion processing unit 14 is an example of a program synthesizing unit.  And the program after the control program and the authentication ladder is also called the synthesis program.  The component symbol 15 is a control program memory unit for execution. The control program created in the project environment side or the control program (synthesis program) in which the authentication step insertion processing unit 14 authenticates the ladder is synthesized.  The execution control program storage unit 15 is an example of a program storage unit.  16 322090 20112^334 Component symbol 16 backup ~ Execution mode, The program control unit is a control program that becomes a PLC 200. (4) Execution control H memory unit] 5 Control of each type of execution control The component symbol 17 is an example of the execution unit.  At the time of the chat (4), the setting unit is interested in the power supply of the PLC. In the knife initialization process, 'from the sequence ID stored in the authentication ladder: The random number and the device number of the hash device for extracting the dedicated device stored in the device selected by the sequence ID storage unit 9b, And set a dedicated 2! : The dedicated device that is met is ON.  " The sigh portion 17 is an example of a setting processing unit.  On the ground: The first picture, Figures 2 and 3, Explain the engineering ring's " The action when writing to the PLC in the equation (step program).  The description of the type ^ on the red-process environment side computer (10) on the production control process, The user uses the input unit 1 and control of the computer (10) on the Weijing environment side: The formula generation unit 2 creates a control program. The prepared control program is stored in the control program storage unit 3.  , Receiver, This shows the sequence of the first registration when the control program created on the computer side of the project environment is written to the PLC200.  The user connects the engineering environment side computer 100 and the PLC 200 to a network by a USB (Universal Serial Bus) cable or the like.  then, The access request transmission processing unit 4 and the access request reception processing unit 11 perform data reception and transmission between the engineering environment and the PLC.  When the user uses the input unit 1 to instruct the control program stored in the control program memory 17 322090 201128334 to be written to the PLC (S201 in FIG. 2), The control program write request unit 5 reads the control program from the control program storage unit 3 (S202).  The control program write request unit 5 confirms whether the security setting unit 6b is valid or invalid (S203).  Security is set to invalid, The control program write request unit 5 asks the user whether or not to make the security setting valid.  Received an indication that the user remained inactive, The control program write request unit 5 instructs the access request transfer processing unit 4 to perform control program write processing (S209).  Received an indication that the user has set the security setting to be valid. The control program write request unit 5 sets the security setting unit 6a to be valid (S204). On the other hand, the authentication processing unit 10a is required to generate a random number for generating the authentication ladder for establishing the association between the control program and the PLC.  The authentication processing unit 10a that has received the request for the random number generation requests the random number generation processing unit 7 to generate a random number.  The random number generation processing unit 7 generates a random number (S205), The random number is transmitted to the authentication processing unit 10a.  The authentication processing unit 10a returns the received random number to the control program write request unit 5.  The control program write request unit 5 stores the random number received from the authentication processing unit 10a in the authentication step generation random number storage unit 8a (S206). also, The access request transmission processing unit 4 proposes a random number for generating the authentication ladder and sets the security of the PLC to be effective.  When the access request transmission processing unit 4 receives a request to set the security setting of the PLC to 18 322090 201128334, The access request processing unit 11 requests the access control unit 11 to activate the security setting. In addition, the authentication ladder generation is transmitted together with the random number, and the association establishment of the control scheme and the PIX is required (S2〇7). And, At this point in time, The control program is not transferred to PLC2〇〇.  In PLC200, When the access request reception processing unit η receives the request for the activation of the security setting, The setting security setting unit is enabled (S210)', and the authentication processing unit 1b requests the number of random numbers for generating the authentication ladder generated by the computer on the engineering environment side. And ask for the sequence id of the pLC.  The authentication processing unit 10b stores the authentication step generation random number in the authentication step generation Wei number storage unit 8b (S2(1), The sequence (4) for reading the pLC2 frame stored in the sequence (4) memory portion 9b is read back to the access request reception processing portion 11.  This serial UD is arbitrarily set by the pLC❸ manufacturer when shipping the pLC. Information' is information that cannot be set/changed by the user.  When receiving the sequence (7) from the authentication process #, Access request reception External 11 is required for the validation of security settings 4^ On the engineering environment side computer (10), When the access request transmission processing unit 4 responds to the request reception processing unit u of the answer, Will be attached to the system, , The column (7) is sent back to the control program write requesting section 5, The control 9a (S^) 8 write request unit 5 stores the sequence ID in the sequence iD memory unit in Benbesch (4). By storing in the authentication ladder to generate random memory 322090 201128334 part 8a, 8b's authentication ladder is generated with random numbers, And stored in the sequence Π) memory unit 9a, The serial ID of the 9b PLC establishes the association between the control program and the plc. The information generated by using the hash function of the two pieces of information is set as the authentication information.  The control program write request unit 5 requests the access request transfer processing unit 4 to write the control program. The access request transfer processing unit 4 transmits the write request and control program to the access request reception processing unit 11 of the PLC (S209) (S301 of Fig. 3).  On PLC200, The access request receiving processing unit I is when the writing request of the control program is received, The control program write processing unit 12 is instructed to write the control program.  The control program writer processing unit 12 is configured to secure the security setting (S3〇2) of the text recognition setting unit 6b when the control program writes the finger. When it is invalid, the county touch_control process is stored in the original control state storage unit 15 in the original state (10) (S309; ).  When the security is set to be valid, The control program write processing unit 12 instructs the authentication ladder automatic generation processing unit 13 to instruct the generation of the authentication ladder. The ladder automatic generation processing unit 13 receives the generation instruction of the authentication ladder from the control program write = ==. The authentication processing unit (10) refers to the generation of the S-tolerance information.  Recalling the random number of the part 8b and storing it in the order of the second step, generating the chaotic ID 5, the order of the part gb Π Π) _, Use hash money for the number of rituals and preface (four) (Cui,  322090 20 201128334 'Function) generates authentication information (a hash value) (S3 0 6) ' and sends the generated authentication information (a hash value) back to the authentication ladder automatic generation processing unit 13.  The authentication ladder automatic generation processing unit 13 automatically generates an authentication ladder (a ladder program for authentication) based on the authentication information received from the authentication processing unit i〇b (S307), The authentication ladder insertion processing unit 14 instructs the automatic generation of the authentication ladder to be inserted into the control program.  The authentication step insertion processing unit 14 is inserted into the authentication step generated by the authentication ladder automatic generation processing unit 13 at a specific position of the control program created by the user using the engineering environment side computer PC 100 (S308).  The authentication step insertion processing unit 14 stores the control program (composite program) in which the authentication step is inserted, and the write processing of the control program storage unit 15 (S309)' control program is completed.  also, In this embodiment, Although the generation of the authentication information is input to both the random number generated by the engineering environment side computer 100 and the serial ID of the PLC 200, Only outside these two signals, It is also possible to generate authentication information in combination with, for example, a CPII type of a CPU mounted on a pLC2.  Since this type of CPU is the Beckun processed in the engineering environment ceremoniously selected in the engineering environment for selecting the PLC 200 for the purpose of writing the control program, It is also information that is pre-held in the PLC200 side. Therefore, the information does not flow through the communication path (between the engineering environment and the pLC). It is difficult to guess the information.  then, Using Figures 4 and 5, Description According to the identification of the certification information, the generation and insertion of the ladder, And at π. The method of setting the dedicated device in the initialization process that is executed when the power is turned on.  21 322090 201128334 • Here, The sequence ID of the PLC 200 is set to, for example, "009910987654321", A method of generating an authentication ladder in the case where the authentication ladder generation random number is, for example, "1234567890".  also, The authentication processing unit 10b inputs the authentication ladder generation random number and the sequence ID as input. The authentication information generated by the hash function is set to, for example, "EA 082 DFE1CBA7816".  The authentication information generated by the hash function is generated using the sequence II) of the PLC200. Since the serial IDs are different in other PLCs, Therefore, the same authentication information will not be generated.  The authentication ladder automatically generates the processing unit 13, The generated authentication information is divided into one byte (byte). The divided values are treated as the device number of the dedicated device.  E.g, If the "EA" of the first one of the tuples is regarded as the device number (decimal) of the dedicated device, it becomes A234. "A" here, It is made to represent a dedicated device.  Similarly, Will be the second byte, When the third byte is used as the device number of the dedicated device, Then become A8, A45, A254, A28, (Omitted below).  The device number chosen so, This is equivalent to selecting the device number for authentication.  also, The device number of the target device of the PLC 200 uses "X" or the like.  The control program indicates the device number of the target device as "X50". However, in order to approximate the device number of the target device, In the authentication ladder, the device number of the dedicated device is set to "A234". in this way, On the certification ladder, Use the device number of the device number for the object device.  r V-Ι- ^ ί 5i 22 322090 201128334 Automatically generate money on the certification ladder 13, According to the above information, the authentication ladder (step program) shown in Fig. 4 is generated.  Figure 4 (a) includes all the selected device numbers (A234, Eight 8,  A45, A254, etc.) is an example of a certification ladder that is placed at the beginning of the control program.  The severance ladder of Fig. 4(a) confirms the (10)/〇FF state of the dedicated device (9) for dedicated devices such as A234 and A8 when executed. As long as there is a dedicated device that is in the OFF state, Then, the device for stopping the execution of the control program (the example E99 in Fig. 4(a)) is set to 〇N.  Since the PLC system can define the execution form of the control program to be executed only once, Or each fixed cycle of execution, etc. Therefore, the authentication ladder is set to be implemented only once in the execution of the control program.  also, The authentication ladder automatic generation processing unit 13 sets the number of steps of the device number of the dedicated device of the generated authentication step as the control program.  Enter the authentication ladder at the position of the number of steps in the control program.  As shown in Figure 4(b), For example, in the case of the dedicated device a234 in the above example, The device number 234 is taken as the number of steps. In the second step of the control program, the authentication ladder is inserted.  but, After inserting, after sorting the loaded numbers, The number of steps that the authentication ladder inserts into the control program in order from the number of users.  With this, Even if the control program is executed, It can also be confirmed that the control program is being executed on the associated PLC.  E.g, When the certification ladder is written to another PLC and executed, Special 322090 23 201128334 When the A234 of the device is OFF, In the example illustrated in Fig. 4 (8), the command for inserting the output portion of the authentication step is not executed (Y0 described on the right side of the figure is not set to 0N).  Therefore, the control program does not work properly. Connected to the hole (: The use of the machine is also unable to control properly, thus preventing the illegal use of the control program.  In the example of Fig. 4, the authentication ladder generated by the authentication ladder automatic generation processing unit 13 is shown in the form of a ladder diagram for convenience of explanation. But actually generated on PLC2 0 0, The certification ladder is generated in the form of an execution code.  Next, the description about the power input to the PLC 200, The operation of the dedicated device is set in the initialization process of the body.  The initialization process of the firmware is performed by the dedicated device setting unit 17 to clear the dedicated device to 0. It is checked whether or not the security setting unit 61b of the PLC 200 is valid.  Security is set to invalid, No settings are made for the dedicated device.  When security is set to be valid, The dedicated device setting unit 17 requests the authentication processing unit 10b to generate authentication information. The authentication processing unit 10b that has received the request generates the authentication information (a hash value) using the hash number stored in the random number storage unit 8b for authentication step generation and the sequence ID of the PLC stored in the sequence ID storage unit 9b.  The dedicated device setting unit 17 receives the authentication information (a hash value) generated by the authentication processing unit 10b. And the authentication information is generated by dividing the authentication information by a one-tuple by the authentication step automatic generation processing unit 13 to generate the device number of the dedicated device, and the value of the divided one-tuple is regarded as the device number. And set the special device that meets 24 322090 201128334 • The device number is ON.  In the example shown in Figure 5, Will be A234, A8, ,  The case where the dedicated device of A28 is set to (10).  At the end of the initialization process of the firmware, The PLC 200 becomes the execution mode (execution of the control program). The control program execution control unit 16 executes a control program stored in the execution control program storage unit 15. And by the authentication ladder at the beginning of the control program (Fig. 4(a)), Confirming the ON/ofF state of the specific device of the dedicated device set by the initialization process described above, As long as there is a case where the dedicated skirt to be confirmed is OFF, That is, it is judged that the operation on the PLC that the control program is illegally copied, It is possible to stop the execution of the control program.  also, Even if the control program is executed, The illegal use of the control program is also confirmed by the authentication ladder (Fig. 4(b)) inserted in the control program. And when it is confirmed that it is illegally used, the control program will not operate normally. Therefore, the use of the illegal copying of the control program on the counterfeit product can be prevented.  And because the PLC system automatically generates the certification ladder, And performing an authentication ladder at the execution of the control program to determine illegal use, Therefore, the illegal use of the control program can be prevented without the user's consciousness.  The PLC 200 that is permitted to use the control program uses the same sequence ID and random number as the sequence ID and random number used in the generation of the authentication ladder. Therefore, the correct device number (the same device number as the device number included in the authentication ladder) should be selected in the initialization process. And set the dedicated device correctly. ‘It’s true, In PLC200 that is licensed to use the control program, The system always works with the 322090 25 201128334 control program.  On the other hand, a device that is not licensed to use the control program (a device other than pLC2), Since it is impossible to know the sequence ID and random number used by the PLC 20 0 when the § forcible ladder is generated, it is impossible to select the correct device number in the initialization process. thereby, The dedicated device will not be set correctly.  It is a device that is not licensed to use the control program. The operation of the control program is stopped. The control program cannot be used.  Thus, according to the embodiment, For the control program stored in the PLC,  When the serial ID and control program of the PLC were created, The authentication information generated from the random number generated by the chaotic number generated on the engineering environment side is automatically generated and can be directly inserted into the authentication ladder of the control program. In the execution of the control program, the confirmation is performed on the PLC that has established the association in advance. In this way, authentication can be performed between the control program and the PLC without realizing the user's awareness. And stop the execution of the control program in response to the certification result. This prevents the illegal use of the control program.  The above is in this embodiment, It describes an illegal use prevention system for machine control:  Even if the control program (step program) that controls the FA machine is illegally copied to another FA machine, In the FA machine on which the control program is copied, the illegal use prevention system of the FA machine control system in which the control program cannot operate normally,  An engineering environment (application, based on the design and validation of control programs and parameters for the FA machine, The application and control program '0N/FF corresponding to the command signal of the input device causes the output machine II to be 26 322090 201128334 ΟΝ/OFF ’ for sequenee control (in the order set in advance,  The device that prevents the control program from being illegally used by the PLC of the condition of the object as expected. include:  Input department, Used to instruct the user to create control procedures for the engineering environment, Input parameters, etc. And the performer of the function;  Control program production department, The user uses the aforementioned input unit to create a control program (step program) executed on the hole c;  ,  Control program memory, For storing a PLC control program created by the control program creation unit;  Access request transmission processing unit, It is used to write/read the control program and parameters from the engineering environment. And receiving their responders;  The control program is written to the request department. Performing a process for writing a control program stored in the control program memory unit to the PLC;  The security setting unit ’ is used to set only the security function of the control program created in the engineering environment to be valid;  a random number generation processing unit, Used to generate the random number used by the PLC to generate the authentication ladder, a random number used when authentication is performed between the control program and the PLC;  Not certified by the processing department, Receiving a random number generation request from the aforementioned control program write request section, The random number generation processing unit requests generation of a random number, Or use the hash function (one-way function) to generate authentication information from the information used to identify the random number and the PLC for the purpose of authenticating between the control program and the PLC;  The authentication ladder generation random number memory unit ′ is used to store the random number generated by the processing unit generated by the random number 322090 27 201128334; and the random number used when the authentication step is generated by ριχ;  Sequence ID record, All, field, , , ^ Heart is stored in the implementation of the control program stored in the control program memory unit for the first time written in the PLC, a sequence iD (manufacturing number, etc.) for personally identifying the PLC extracted from the PLC;  The access request receiving processing unit 1 accepts an access request from the engineering environment, and the request is sent to each processing unit in detail (10);  Security setting department, Set only when the operation of the control program stored in the PLC is valid;  The authentication hierarchy generates the Wei number memory, (4) storing the chaotic number generated and transmitted on the engineering environment side in order to generate the certification ladder;  Sequence ID memory, Store the serial ID used to identify the PLC;  The control program is written to the processing unit, Receiving a request from the aforementioned access request receiving department to control the difficulty of the writer, Carry out (4) the process of extracting the writer;  a hash value generation processing unit, In the case where the security function of the aforementioned security setting section is set to be effective, The random number stored in the random number memory unit of the authentication ladder generation and the sequence id stored in the sequence ID memory unit, Generating authentication information using the same algorithm as the aforementioned authentication processing unit on the engineering environment side;  The authentication ladder automatically generates a processing unit, When the PLC writes the control program, Automatically generating an authentication ladder based on the hash value generated by the hash value generation processing unit;  The authentication ladder is inserted into the processing unit, The control ladder generated from the above-mentioned certification ladder automatic generation processing department is inserted into the control program transmitted from the engineering environment. 322090 28 201128334 By:  ▲ / 亍 use control private s remember, Security in the aforementioned security setting section. The force Ι α is determined to be invalid. ’ is the control type that will be transmitted from the I-process environment. , or the original I read, or in the case where the security of the security S is set and the function is set to be effective, the control program in which the authentication ladder is inserted in the bribe-throwing processing unit; the control program execution control unit When the PLC is in the execution mode, the control program stored in the execution control program memory unit and the dedicated device setting unit are executed in the PLC when the power of the PLC is turned on. Initialization processing +, according to the number and sequence ID material (4), the generation of the _ age, into the setter of the dedicated device in H. (Second Embodiment) In the present embodiment, the function of adjusting the number of authentication steps automatically generated by the authentication ladder automatic generation processing unit 13 in consideration of the influence of the scale and performance surface of the control program created in the engineering environment will be described. . The δ image is a functional component of the 3 illegal use prevention system of the FA machine control program that adjusts the number of the automatic insertion of the authentication ladder in consideration of the influence of the size and the performance of the control program. Since the internal configuration of the engineering environment side computer 100 is the same as that of Fig. 1, the description thereof will be omitted. In the present embodiment, the PLC 200 includes an execution limit time memory unit 18, an authentication step performance checking unit 19, and an authentication step insertion determining unit 322090 29 201128334.  The elements other than the above are the same as those shown in Fig. 1. The execution limit time storage unit 18 stores the limited time when the control program set by the user is executed. In other words, the execution limit time storage unit 18 stores the allowable range of the time required for execution of the program (composite program) in which the control program and the authentication ladder are combined as the limited time (allowable time). An example of a time memory unit. The authentication step performance checking unit 19 calculates the difference between the limited time stored in the execution limit time storage unit 18 and the execution time of the control program, and confirms the neutral time in which the authentication step is inserted. That is, the authentication step performance checking unit 19 predicts the execution time of the control program, and calculates the difference between the predicted execution time of the control program (the time required for prediction) and the limited time as the neutral time. The authentication step performance confirmation unit 19 is an example of a required time prediction unit. The authentication step insertion determination unit 20 determines the scale (for example, the number of steps) of the control program for writing the request from the engineering environment side computer 1 to the PLC 200, and inserts the corresponding time corresponding to the neutral time calculated by the authentication step performance checking unit 19. The number of certification ladders. In other words, the authentication step insertion determining unit 20 determines the number of the hit numbers included in the authentication step based on the neutral time (the difference between the execution time and the limited time of the control program) calculated from the authentication step performance checking unit 19. In this case, the authentication step automatic generation processing unit 13 selects the number of authentication device numbers determined by the authentication step insertion determination unit 20 to generate an authentication ladder with 30 322090 201128334 *. Further, the "stiffness ladder insertion determination unit 2" determines whether the program size of the control program is equal to or greater than a predetermined size, and if the program size of the control program does not reach the predetermined size, the authentication step automatic main processing unit 13 The generation of the authentication ladder is retained. If the program size of the control program is greater than or equal to the predetermined size, the automatic generation of the authentication ladder 13 is instructed to generate the authentication ladder. § The forcible ladder insertion determination unit 20 is an example of a determination unit and a program size determination unit. In the process of writing the control program to the PLC 200, the operation of the control program is considered in consideration of the scale and performance of the control program, and the number of inserted authentication steps is determined. The limit time stored in the execution limit time memory unit 18 is based on the engineering environment side computer l〇f) from the field & t 'the same place from the disambiguation, and the (four) handle is written to the phase J also from the work side The computer 100 limits the time memory unit 18. 〆 〆 存 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行 执行The execution of the weekly work N program has to end. When the control program write processing unit 12 is connected to r, the notification authentication step performance checking unit 19 controls the authentication step performance checking unit 19 to extract the limited time stored in the money unit 18, and the life in the control program is ^^ The execution time is measured and the difference from the limited time extracted from the execution limit time memory unit 8 is confirmed. Since the various commands to the control program have determined the execution time (reference>> the authentication step performance confirmation unit 丨9 can calculate the predicted execution time. 5 The forbearance ladder performance is determined by the sacred 19 system, thereby limiting the time and prediction. The difference in execution time is confirmed, and the neutral time at which the authentication step can be inserted is confirmed, and the neutral time is transmitted to the authentication step insertion determining unit 2A. The authentication step insertion determining unit 20 confirms the size of the control program that has received the nesting request' If the authority is small, the insertion of the authentication ladder is aborted (the § forcible ladder automatic generation processing unit 13 is made to retain the generation of the authentication ladder), and the control program for inserting the state before the authentication ladder is stored in the execution control program memory. For example, 'this is to make it impossible for a malicious user to perform the analysis of the authentication step generation method or the like in the following manner, that is, to execute the dummy control program write request 'to insert the authentication ladder into the control program. A method of reading the authentication ladder inserted into the control program by reading to the engineering environment side. To suspend the insertion of the authentication ladder. For example, since the authentication information is divided into one tuple at the time of generating the authentication ladder, it is judged that the control program is inserted into the authentication ladder when the number of steps of the control program is 256 or less. In the case of a control program of sufficient scale, the authentication ladder is f

部20係依據在認證階梯性能確認部19計算出的空 判斷可插入的認證階梯的數量。 S 322〇9〇 32 201128334 又,在控制程式的規模大的情形中,由於控制程式的 插入位置集中於前半部份(到255步驟為止),故認證階梯 插入判斷部20為了使認證階梯插入至整體控制程式,而對 應控制程式的規模決定步驟數的計算方法。 例如於第一實施形態,係將認證資訊以一位元組劃分 的值當作步魏’惟也可考慮對應於㈣程式的規模以兩 位元組、三位元組將認證資訊劃分的值當作步驟數的方法。 如此,在第4圖(b)中所示例的將認證階梯插入控制 程式的情形中,在按照預定的插入位置決定演算法(例如, 於第一實施形態所示的將認證資訊以ϋ組的單位劃分 的演异法)所決定的插入位置係集中於控制程式的特定部 分的情形’認證階梯插入判斷部2〇係按照該插入位置決定 演算法以外的演算法,且為令認證階梯的插入位置在控制 程式中更加为散的演算法(例如以兩位元組單位、三位元組 單位劃分認證資訊的演算法)決定插入位置。 又,認證階梯插入判斷部20係將可插入於控制程式 的認證階梯的數目及插入認證階梯的步驟數的計算演算法 通知至認證階梯自動生成處理部13。 認證階梯自動生成處理部13係按照來自認證階梯插 入判斷部20所指示的演算法,生成來自認證階梯插入判斷 部20所指示的個數數量的裝置號碼的認證階梯。 且’由5忍證階梯自動生成處理部13所進行的認證階 梯的生成順序本身,係與第一實施形態相同。 如此,根據本實施形態,透過考慮控制程式執行時對 33 322090 201128334 性能面的影響而調整認證階梯的插入數目,可在不妨礙控 制程式的實際運作下防止控制程式的非法利用。 又’透過對應控制程式的規模變更插入階梯之位置, 可使懷有惡意的使用者難以做解析,而可檢測出廣範圍下 執行中的控制程式的非法利用。 以上’於本實施形態,係說明了一種FA機器控制程 式程式的非法利用防止系統,其包括: 執行限制時間記憶部,考慮在於認證階梯自動生成處 理部生成認證階梯之際對性能面,的影響,而儲存由使用者 設定的控制程式的執行時間的限制時間者: 認證階梯性能確認部,計算出儲存於前述執行限制時 間記憶部的限制時間與使用者製作的控制程式的執行時間 的差’並確認可插入認證階梯的空檔時間者;以及 認證階梯插入判斷部,於自動生成認證階梯之際,對 應於控制程式的規模及於前述認證階梯性能確認部所計算 出的空權時間’判斷插入的認證階梯的數目者。 (第三實施形態) 在本實施形態中,係說明為了使插入於從PLC讀取了 的控制程式的認證階梯不讓使用者看到而過濾(flitering) 認證階梯的同時,對使用者編輯後的控制程式配合根據認 證資訊所計算出的步驟數,調整認證階梯的插入位置的功 能。 第7圖係顯示關於本實施形態的非法利用防止系統的 功能構成。 r ηThe part 20 judges the number of authentication steps that can be inserted based on the null calculated by the authentication step performance checking unit 19. S 322〇9〇32 201128334 Further, in the case where the size of the control program is large, since the insertion position of the control program is concentrated in the first half (up to step 255), the authentication step insertion determining unit 20 inserts the authentication step into The overall control program, and the size of the corresponding control program determines the number of steps. For example, in the first embodiment, the value of the authentication information divided into one tuple is regarded as the step Wei', but the value corresponding to the size of the (4) program may be considered to divide the authentication information by two-tuple and three-tuple. As a method of the number of steps. Thus, in the case of inserting the authentication ladder into the control program as illustrated in FIG. 4(b), the algorithm is determined according to the predetermined insertion position (for example, the authentication information is grouped as shown in the first embodiment). In the case where the insertion position determined by the unit division method is concentrated on a specific portion of the control program, the authentication step insertion determination unit 2 determines an algorithm other than the algorithm according to the insertion position, and inserts the authentication step. A more discrete algorithm in the control program (for example, an algorithm that divides authentication information in two-tuple units and three-tuple units) determines the insertion position. Further, the authentication step insertion determining unit 20 notifies the authentication ladder automatic generation processing unit 13 of the calculation algorithm of the number of authentication steps that can be inserted into the control program and the number of steps inserted into the authentication step. The authentication ladder automatic generation processing unit 13 generates an authentication ladder from the number of device numbers instructed by the authentication step insertion determination unit 20 in accordance with the algorithm instructed from the authentication step insertion determination unit 20. The order of generation of the authentication steps by the five-pass test ladder automatic generation processing unit 13 is the same as that of the first embodiment. Thus, according to the present embodiment, the number of insertions of the authentication ladder can be adjusted by considering the influence of the control program on the performance surface of 33 322090 201128334, thereby preventing the illegal use of the control program without hindering the actual operation of the control program. Further, by inserting the position of the ladder through the scale change of the corresponding control program, it is difficult for the malicious user to analyze, and the illegal use of the control program under execution in a wide range can be detected. In the present embodiment, an illegal use prevention system for the FA device control program is described, which includes: an execution limit time storage unit, which is considered to affect the performance surface when the authentication ladder automatic generation processing unit generates the authentication ladder. And the time limit for storing the execution time of the control program set by the user: the authentication step performance checking unit calculates the difference between the limited time stored in the execution limit time memory unit and the execution time of the control program created by the user' And confirming that the slot time of the authentication step can be inserted; and the authentication step insertion determining unit determines the size of the control program and the air time calculated by the authentication step performance confirmation unit when the authentication step is automatically generated. The number of authentication ladders inserted. (Third Embodiment) In the present embodiment, in order to filter the authentication ladder so that the authentication ladder inserted into the control program read from the PLC does not allow the user to see it, the user is edited. The control program adjusts the insertion position of the authentication ladder in accordance with the number of steps calculated based on the authentication information. Fig. 7 is a view showing the functional configuration of the illegal use prevention system of the present embodiment. r η

I 34 322090 201128334 於第7圖所示的非法利用防止系統,係為了使插入於 控制程式㈣證階料讓使转看到而對認證階梯做過遽 處理,並於控制程式的編輯後調整認證階梯的插入位置。 於工程環境侧電腦100,係追加有控制程式讀取要求 部2卜認證階梯過遽處理部22、認證階梯插入位置調整處 理部23及顯示部30。 其他的要素係與第1圖所示者相同。 且’於本貫施形態’存取要求傳送處理部4係將插入 有認證階梯的控制程式(合成程式)從PLC2〇〇輸入。 於本實施形態,存取要求傳送處理部4係程式輸入部 的一例。 且,與第一貫施形態同樣地,控制程式在pLC2〇〇以 外的使用係不被允許。 又,認證階梯係與第一實施形態所示者相同。 又,認證階梯生成用亂數記憶部8a係記憶於第一實 施形態所說明的認證階梯生成用亂數的亂數記憶部的一 例。 又,序列ID s己憶部9a係記憶於第一實施形態所說明 的PLC200的序列ID,而為特有識別資訊記憶部的一例。 控制程式讀取要求部21係接收來自使用者的控制程 式的讀取指示,對存取要求傳送處理部4要求控制程式的 讀取。 認證階梯過濾處理部22係根據在認證處理部l〇a生 成的認證資訊,將從PLC200讀取的控制程式内的認證階梯 322090 201128334 的插入位置予以特定,在於控制程式生成部2將控制程式 顯示於顯示部30之•際,為了不讓使用者看到認證階梯而進 行控制程式的過濾(不顯示設定)。 也就是,認證階梯過濾處理部22係根據對為認證階 梯生成用亂數記憶部8a的亂數及序列ID記憶部9a的序列 ID的雜湊值的認證資訊,按照與pLC2〇〇的認證階梯的插 入位置決定演算法相同的演算法,判別各個認證階梯的位 置,對各個認證階梯進行不顯示設定。 認證階梯過濾處理部22係不顯示設定部的一例。 顯示部3 0係根據由認證階梯過慮處理部2 2所致的不 顯示設定’不顯示認證資料,僅顯示控制程式。 認證階梯插入位置調整處理部2 3係在於控制程式製 作部2進行控制程式的編輯之後,將根據認證資訊所計算 出的認證階梯的插入位置(步驟數),調整成使其插入原本 的步驟數的位置。 也就是,在控制程式被編輯而控制程式受更新的結 果’其中任一個的認證階梯的配置變動了的情形中,認證 階梯插入位置調整處理部23係將該認證階梯的位置回復 為變動前的位置。 例如,第4圖(b)的例子中,在使用者編輯了控制程 式的結果,第234步驟的A234往後偏離一個至第235步驟 的位置的情形中,認證階梯插入位置調整處理部23係將 A234回復至原本的第234步驟的位置(使其在X5〇之前的 位置)。 36 322090 201128334 認證階梯插入位置調整處理部23係位置調整部的 例。 於PLC200,係追加有控制程式讀取處理部24。 控制程式讀取處理部24係從執行用控制程式記憶部 15讀取控制程式(合成程式)。 又,於本實施形態’存取要求接收處理部11係將藉 控制程式讀取處理部24所讀取的控制程式輸出至工程银 境側電腦10(^ 於本實施形態,存取要求接收處理部11及控制程式 讀取處理部24係相當於程式輸出部。 且’於第7圖,於PLC200與本實施形態的運作沒有 直接關係的要素係省略其圖示。 然而,PLC200係包含控制程式寫入處理部12、認證 階梯自動生成處理部13、認證階梯插入處理部14、控制程 式執行控制部16、專用裝置設定部17等在第一實施形態 及第二實施形態說明過的要素者。 接著,說明關於安全性設定部6a的安全性設定變為 有效的情形中,於提出控制程式的讀取要求的情形中所執 行的認證。 當控制程式讀取要求部21從輸入部丨接收儲存於 PLC200的控制程式的讀取要求時,確認安全性設定部 的安全性設定,於安全性設定為有欵的情形中,為了實施 與PLC200之間的结問/回應,要求於認證處理部1 生成 詰問值(亂數)。 37 322090 201128334 認證處理部l〇a係對亂數生成處理部7要求亂數的生 成,並將收到的亂數送回至控制程式讀取要求部21。 控制程式讀取要求部21係對存取要求傳送處理部4 要求在與PLC2GG之間進行詰問/回應的認證。 存取要求傳送處理部4係對存取要求接收處理部傳送 認證要求及结問值(I數)。 .j μ仔取要衣接收處理部u,係剩6松姐 處理部10b傳遞收到的語問值,並指示回應㈣生成。 認證處理部10a係接收回應值生成要求, ㈣纽财得相1d記憶 詰問值而所收到的絲作為輸 回存取嶋)’所蝴回應值送 至存:=:=了,=广二:7的回應值送回 處理^將嘛如_蝴2=刚送 收到二 傳送所 存於序列心憶部9a的序t,^ 的亂數、儲 作為輸人於雜凑函數中,先前生成的詰問值 將比較結果通知控制程式魏要求部^與回應值做比較, 控制程式讀取要求部2] 形中止控制裎式的讀取處理,並二了果為不-致的情I 34 322090 201128334 The illegal use prevention system shown in Fig. 7 is used to make the authentication ladder be processed in order to make it inserted into the control program (4), and adjust the authentication after editing the control program. The insertion position of the ladder. The engineering environment side computer 100 is provided with a control program reading request unit 2, an authentication step processing unit 22, an authentication step insertion position adjustment unit 23, and a display unit 30. The other elements are the same as those shown in Fig. 1. In the present embodiment, the access request transfer processing unit 4 inputs a control program (synthesis program) in which the authentication ladder is inserted from the PLC 2A. In the present embodiment, the access request transfer processing unit 4 is an example of a program input unit. Further, as in the first embodiment, the use of the control program other than pLC2 is not permitted. Further, the authentication ladder is the same as that shown in the first embodiment. Further, the authentication step generation random number storage unit 8a is an example of a random number storage unit that stores the random number of the authentication ladder generation described in the first embodiment. Further, the sequence ID s memory unit 9a is an example of a unique identification information storage unit which is stored in the sequence ID of the PLC 200 described in the first embodiment. The control program reading request unit 21 receives a read instruction from the user's control program, and requests the access request transfer processing unit 4 to read the control program. The authentication step filter processing unit 22 specifies the insertion position of the authentication step 322090 201128334 in the control program read from the PLC 200 based on the authentication information generated by the authentication processing unit 10a, and the control program generation unit 2 displays the control program. In the display unit 30, the control program is filtered (not displayed) in order to prevent the user from seeing the authentication ladder. In other words, the authentication step filter processing unit 22 is based on the authentication information for the hash value of the random number of the authentication step generation random number storage unit 8a and the sequence ID of the sequence ID storage unit 9a, in accordance with the authentication ladder of pLC2〇〇. The insertion position determines the algorithm with the same algorithm, determines the position of each authentication step, and does not display settings for each authentication step. The authentication step filter processing unit 22 does not display an example of the setting unit. The display unit 30 displays only the control program based on the non-display setting by the authentication step over-treatment processing unit 2, without displaying the authentication data. The authentication step insertion position adjustment processing unit 2 is configured to adjust the insertion position (number of steps) of the authentication step calculated based on the authentication information to the original number of steps after the control program creation unit 2 edits the control program. s position. In other words, when the control program is edited and the result of the update of the control program is changed, the authentication step insertion position adjustment processing unit 23 restores the position of the authentication step to the pre-change state. position. For example, in the example of FIG. 4(b), in the case where the user edits the result of the control program, and the A234 of the 234th step deviates from the position to the 235th step, the authentication step insertion position adjustment processing unit 23 is used. Return A234 to the original position of step 234 (make it in front of X5〇). 36 322090 201128334 The authentication step insertion position adjustment processing unit 23 is an example of a position adjustment unit. In the PLC 200, a control program reading processing unit 24 is added. The control program reading processing unit 24 reads the control program (compositing program) from the execution control program storage unit 15. Further, in the present embodiment, the access request receiving processing unit 11 outputs the control program read by the borrowing control program reading processing unit 24 to the engineering bank side computer 10 (in the present embodiment, the access request receiving process) The unit 11 and the control program reading processing unit 24 correspond to the program output unit. Further, in the seventh diagram, the elements that are not directly related to the operation of the PLC 200 in the present embodiment are omitted. However, the PLC 200 includes the control program. The elements described in the first embodiment and the second embodiment, such as the write processing unit 12, the authentication step automatic generation processing unit 13, the authentication step insertion processing unit 14, the control program execution control unit 16, and the dedicated device setting unit 17, are described. Next, in the case where the security setting of the security setting unit 6a becomes effective, the authentication performed in the case where the reading request of the control program is requested is explained. When the control program reading requesting unit 21 receives the storage from the input unit 丨When the reading request of the control program of the PLC 200 is requested, the security setting of the security setting unit is confirmed. In the case where the security is set to be defective, the PLC 20 is implemented. The question/response between 0 is required to generate an interrogation value (random number) in the authentication processing unit 1. 37 322090 201128334 The authentication processing unit l〇a requests the random number generation processing unit 7 to generate a random number and will receive it. The random number is sent back to the control program reading request unit 21. The control program reading request unit 21 requests the access request transfer processing unit 4 to perform authentication and response authentication with the PLC 2GG. The access request transfer processing unit 4 The access request receiving processing unit transmits an authentication request and a question value (I number). The .j μ picks up the clothing receiving processing unit u, and the remaining 6 Songsie processing unit 10b transmits the received language value and indicates The response (4) is generated. The authentication processing unit 10a receives the response value generation request, and (4) the New York received the 1d memory question value and the received silk as the return access 嶋)'s response value is sent to the memory: =:= , = Guang 2: 7 response value sent back to the processing ^ will be like _ butterfly 2 = just sent the second transmission stored in the sequence of the heart of the memory part 9a order t, ^ the random number, stored as a loss in the hash function In the middle, the previously generated question value will be compared with the result notification control program Wei request unit ^ and the response value , The reading control program portions in claim 2] Formula shaped aborted take off clothes reading control process, and if not the two - consistent love

並對使用者通知無法從PLC 201128334 的控制程式的讀取。 比較結果一致了的情形,控制程式讀取要求部21係 對存取要求傳送處理部4指示控制程式的讀取要求。 存取要求接收處理部11係在接收了控制程式讀取要 求後對控制程式讀取處理部24指示控制程式的讀取。 控制程式讀取處理部24係從執行用控制程式記憶部 15讀取控制程式,送回至存取要求接收處理部11。 控制程式讀取要求部21係將從PLC200讀取了的控制 程式儲存於控制程式記憶部3。 . 如此,在安全性設定為有效的情形中,係使用控制程 式與PLC的建立關聯的資訊進行認證,於未具有同樣的建 立關聯的資訊的專案及PLC之間係控制成使控制程式不能 進行寫入及讀取處理。 此係為了使儲存於PLC的控制程式不會輕易的被讀取 至外部並製作非法的備份。 且’於本實施形態設成:在控制程式的讀取時係實施 了認證處理,而實施控制程式的寫入處理的情形亦使其同 樣地進行認證處理。 又,於本實施形態,雖僅從工程環境側進行認證要 求,然於PLC200側對執行用控制程式記憶部15有存取要 求的情形,亦可向工程環境側電腦1〇〇要求認證。 接著說明關於為了不讓使用者看到插入於從pLC讀取 了的控制程式的認證階梯的過濾處理。 使用者使用輸入部1提出儲存於控制程式記憶部3的 322090 39 201128334 控制程式的顯示/編輯的指示之際,認證階梯過濾處理部 22係取得在認證處理部l〇a生成的認證資訊,並根據所取 得的認證資訊於認證階梯插入處理部14確認插入於控制 程式的認證階梯的插入位置(由認證資訊計算出步驟數,以 掌握認證階梯的插入位置)。 認證階梯過濾處理部22係從控制程式記憶部3讀取 控制程式,並對設定使其僅執行一次的認證階梯(示例於第 4圖(a)的認證階梯)及位於前述計算出的步驟數的認證階 梯(插入於控制程式中特定的步驟數的認證階梯:示例於第 4圖(b)的認證階梯)進行不顯示設定。 控制程式製作部2係在顯示收到的來自於認證階梯過 濾處理部22的控制程式之際,確認被設定不顯示設定的位 置,進行不顯示經不顯示設定的位置的認證階梯的控制並 輪出於顯示部30,顯示部3〇係不顯示認證階梯而僅顯示 控制程式。 。又,認證階梯插入位置調整處理部23係對於在控制 矛式裝作。卩2 $編輯後的控制程式,根據於在認證處理部 ^生成的認證資訊,將因由使用者追加或刪除命令所產 生的認證階梯插入位置(步驟數)回復至原本的位置之後, 將控制程式儲存於控制程式記憶部3。 如此,根據本實施形態,藉由不讓❹者看到認證階 =防止了正規的使用者錯刪除錢更認證階梯,且可使 有惡意的使用者做的非法利用防止方法的解析變得因 難’以防止控制程式的非法利用。 322090 40 201128334 以上,於本實施形態,係說明了一種以機器控制程 式的非法利用防止系統,包括: 控制程式讀取要求部,從工程環境接收儲存於PLC的 執行用控制程式記憶部的控制程式的讀取要求,而對存取 要求傳送處理部下達控制程式的讀取指示,將所讀取的控 制程式儲存於控制程式記憶部者; 認證階梯過濾處理部,在使用者顯示/編輯插入有認 證階梯的控制程式的情形’為了讓使用者看不到認證階梯 而施加過濾者; ό忍證階梯插入位置調整處理部,於使用者在控制程式 製作部編輯了控制程式的情形,進行將原本配合認證資訊 而插入的認證階梯回復到原本的位置的處理者;以及 控制程式讀取處理部’進行從執行用控制程式記憶部 讀取控制程式的處理省· ° (第四實施形態) 於本實施形態,係說明以下功能:為了不讓使用者清 楚專用裝置的存在,對於從PLC讀取的控制程式’將於認 證階梯插人處理部14插人的㈣階梯的專用裝置替換為 既存的裝置。 第8圖係顯示關於本實施形態之非法利用防土系統的 功能構成。 於第8圖的非法利用防止系 '统’係按照事先設定於轉 換表的轉換腳於控制㈣的認證階梯的專用裝置 的號碼置換為既存的装置的號碼。 41 322090 201128334 工程環境側電腦100的各個構成要素,係已於第一至 第三實施形態說明過者,故省略其說明。 於PLC200,係在第7圖的構成追加了認證階梯轉換表 記憶部25及認證階梯轉換處理部26。 且’第8圖’於PLC200亦省略與本實施形態的運作 沒有直接關係的要素的圖示。 然而於PLC200,係設成使其包含控制程式寫入處理 部12、Ά梯自動生成處理部13、認證階梯插入處理部 14、控制程式執行控· 16、及相裝置設定部17等在 第一及第二實施形態已說明過的要素。 認證階梯轉換細·_ 25係儲存在有來自工程環境 側電腦100的控制程式的讀取要求的情形,將插入於控制 程式中的認證阳,的專用裝置_轉換為既存的裝置號碼 之際所利用的轉換表。 認證階梯轉換處理部26係❹儲存於織階梯轉換 表記憶部25的轉換表’騎將專时置號碼置換為既存的 裝置號碼的處理。 如前文所述,專用装置的裝置號碼,係與對象裝置的 裝置號碼的號碼㈣相異(於第—實施形態的例子,專用裝 置的號碼是以「Α」開碩,對象裝置的號碼是以「χ」、「γ」、 「Ε」開頭)。 是故,在有來自於工程環境側電腦1〇〇的儲存於執行 用控制程式記憶部15的控制程式(合成程式)的輸出指示 的情形’認證階梯轉換處理部26係將認證階梯的專用裝置 322090 42 201128334 號碼變更為與對象裝置號碼相同的號碼體系(使專用I 號碼以例如「X」開頭)。 & 認證階梯轉換處理部26係裝置號碼變更部的—例 又’於本實施形態,存取要求接收處理部u(程式輪 出部)係將包含有透過認證階梯轉換處理部26變更後的^ 用裝置號碼的控制程式(合成程式)輸出至工程環境侧電腦 100。 接著,說明關於在安全性設定變為有效的情形,在實 施控制程式的讀取之際將認證階梯的專用裝置號码置換為 既存的裝置號褐的處理。 控制程式讀取處理部24在從工程環境侧電腦i〇0收 到了控制程式的讀取要求時’控制程式讀取處理部24係確 認安全性設定部6b的安全性設定’於安全性設定為有效的 情形’請求認證階梯轉換處理部26將插入於從執行用控制 程式記憶部15讀取的控制程式之認證階梯的專用裝置替 換為既存的裝置。_ 收到了將專用裝置變換到既存裝置的要求的認證階 梯轉換處理部26,係根據設定在認證階梯轉換表記憶部25 的轉換表,實施把在認證階梯使用的專用裝置換為既存的 裝置(X裝置或Y裝置)。 例如,專用裝置A234係變更為既存的裝置X234。 在轉換為既存裝置的情形,並不必需要變換為X裝 置’只要是既存的裝置即可。 又’關於裝置號碼亦沒有使其與專用裝置相同的必 43 322090 201128334 要’只要是可以使用在替換的既存裝置的裝置號碼即可。 且,在讀取了將專用裝置替換為既存裝置的控制程式 的工程環境側,係如同於第三實施形態所記載的,由於對 認證階梯施以過濾而不讓使用者看見認證階梯,故不需要 轉換表。 如此’根據本實施形態,藉由將插入於在工程環境側 讀取的控制程式的認證階梯的專用裝置置換為既存的裝 置,例如在懷有惡意的使用者將讀取的控制程式在以用以 解析二進位編輯器(binary editor)或程式碼的程式工具 (tool)打開之際,可使其不會輕易的知道這是使用了在以 往的控制程式中沒有使用的裝置,而可使得認證處理的機 制難以被解析。 也就是,根據第三實施形態,雖為了不顯示認證階 梯,而不顯示專用裝置的號碼,但使用了如上述的工具時, 即使設定為不顯示,但仍有專用裝置號碼的存在為人所知 的情形。於本實施形態,即使在使用這樣的工具的情形, 由於專用裝置的號碼變成為與通常的裝置號碼相同的號瑪 體系’故可避免專用裝置的號碼被識別。 以上’於本實施形態,係說明了一種FA機器控制程 式的非法利用防止系統,包括: 認證階梯轉換處理部,在有來自於工程環境的要求控 制程式的讀取之際,接受來自控制程式讀取處理部的指 示,將認證階梯的專用裝置替換為既存的裝 置者;以及 #忍^•階梯轉換表記憶部,用以儲存在藉由認證階梯轉 44 322090 201128334 換處理部將認證階梯的專用裝置替換為既存的裝置之際所 利用的轉換表者。 (第五貫施形遙) 於本實施形態,係說明以下功能:每當從PLC進行控 制程式之讀取時使用設於PLC的計數(counter)值重新生 成認證資訊,並亦再度生成認證階梯,而在實施與已插入 於控制程式中的認證階梯的替換之後傳送至工程環境側。 第9圖係顯示關於本實施形態的非法利用防止系統的 功能構成。 ;第9圖的非法利用防止糸統,係在每當從pLc〗〇〇 進行控制程式的讀取時,根據使用設於PLC2〇〇的計數值所 再度生成的認證資訊進行認證階梯的再度生成,並進行與 已插入於控制程式的認證階梯的替換。 記憶=圖的工程環境側電腦刚,係一 上使用者= 存有在工程環境側電腦100 顿錯誤資=:容執行時的時間戮記(- :作,己憶部27係輸入次數計數部的-例。 的構成要素作:二St:卜的工程環⑽^ 略說明。 、第至第二貫施形態所說明過者,故省 但於上的空間問題顯示部30係省略圖示, 圖的工程環境側電腦刚係存在顯示部30 L S} 322090 45 201128334 PLC200係迨加有認證階梯·除處理部28及計數器處 理部29。 認證階梯刪除處理部28_除插人雜制程式的認 證階梯。 更具體而s,在有來自作為外部裝置的工程環境侧電 腦100的插入有認證階梯的控制程式(合成程式)的輸出指 示的情形,存取要求接收處理部u(程式輸出部)雖將控制 程式(合成程式)輸出至工程環境側電腦1〇〇,但在每次往 工程環境側電腦100的輸出時,係從控制程式(合成_程式) 刪除認證階梯。 認證階梯刪除處理部28係刪除處理部的一例。 计數裔處理部29係在每當受理了來自工程環境的控 制程式的讀取要求,將設於PLC200的計數值遞增計數 (count up)並記錄遞增計數完的值。 也就疋,每當從存取要求接收處理部11輸出控制程 式(合成程式)至工程環境側電腦1〇〇,即計數輸出次數。 计數盗處理部29係輸出次數計數部。 並且,於本實施形態,認證階梯自動生成處理部13(認 證程式生成部),係每當從存取要求接收處理部n輸出控 希!1程式(合成程式)至工程環境側電腦丨〇〇時,根據序列ID 記憶部9b的序列ID、計數器處理部29的計數值及認證階 梯生成用亂數記憶部8b的亂數,重新選擇專用裝置的裝置 號碼,並生成包含有新的專用裝置號碼的新的認證階梯, 依所生成的新的認證階梯決定認證階梯刪除處理部28所 322090 46 201128334 刪除處理後的控制程式内的新的插入位置。 於是,認證階梯插入處理部14(程式合成部),係於由 認證階梯自動生成處理部13所决定的新的插人位置將各 個新的認證階梯插人於控制程式以作為新的合成程式。 且,於第9圖,於plc200與本實施形態的運作沒有 直接關係的要素係省略其圖示。 然而,於PLC200,係使其包含有控制程式寫入處理部 12、控制程式執行控制部16、專用裝置設定部17等在第 一至第三實施形態已說明的要素。. 接著,說明關於本實施形態的運作。 首先’說明PLC200側的運作。 於第-實施形態,係在控制程式的對ρ[χ的初次寫入 之際,將於工程環境側電腦丨⑽生成聽數及PL·的序 列Π)的2^1貝訊作為輸人於雜凑函數生成認證資訊。 於本貝施形恶,係進行在前述兩個資訊以外,亦使用 4數盗處理部29的計數值生核、證資訊,而賴生成的認 證資訊生成認證階梯。 汁數器處理邛29的汁數,係在每當收到來自工程環 境側電腦1GG的控制程式的讀取要求賴增計數。 此计數值係在控制程式的初次寫入時設定初始值為 〇,初次寫入時生成認證資訊之際的計數值使用〇。 在此之後,當收到了來自工程環境侧電腦1〇〇的控制 程式的讀取要求時,腿階梯自動生歧料⑴卩對計數 器處理部29指示遞增計數’而藉由該指示計數器處理部 322090 47 201128334 • 29係將計數值做一次的遞增計數。 收到了來自工程環境侧電腦1 〇〇的控制程式讀取要求 的控制程式讀取處理部24係對認證階梯自動生成處理部 13指示認證階梯的再度生成。 認證階梯自動生成處理部13接收認證階梯的再度生 成要求而對認證處理部1 〇b指示認證資訊的生成。 於認證處理部1 Ob係對儲存於認證階梯生成用亂數記 憶部8b的亂數、儲存於序列id記憶部9b的序列ID及儲 存於計數器處理部29的計數值進行雜湊演算以生成認證 資訊,並送回認證階梯自動生成處理部13。 認證階梯自動生成處理部13係將收到了的認證資訊 及認證程式傳遞至認證階梯刪除處理部28。 認證階梯刪除處理部28係根據收到了的認證資訊, 特定現在插入於控制程式内的認證階梯的插入位置並刪除 認證階梯,而將刪除了認證階梯的控制程式送回認證階梯 自動生成處理部13。 認證階梯自動生成處理部13係對計數器處理部29下 達遞增計數的指示’而計數器處理部29係將計數值遞增計 數並保持。 認證階梯自動生成處理部13係再度對認證處理部i〇b 要求認證資訊的生成,而認證處理部1〇b係用遞增計數了 的計數值進行認證資訊的再度生成,並將再度生成了的認 證資訊送回至認證階梯自動生成處理部13。 s忍祖階梯自動生成處理部13係從再度生成的認證資 322090 48 201128334 訊自動生成認證階梯(特定各認證階梯的插入位置),並將 所生成的認證階梯、以及於認證階梯刪除處理部28刪除了 認證階梯的控制程式傳遞至認證階梯插入處理部14。 然後,認證階梯自動生成處理部13係指示再度生成 了的認證階梯再度插入至控制程式,並於認證階梯插入處 理部14再度插入認證階梯。 控制程式讀取處理部2 4係將再度插入有認證階梯的 控制程式經由存取要求接收處理部11傳輸至工程環境。 接著,說明關於在工程環境侧電腦100側的運作。 收到控制程式的控制程式讀取要求部21係將控制程 式儲存於控制程式記憶部3。 在使用者使用輸入部1下達了顯示/編輯儲存於控制 程式記憶部3的控制程式的指示之際,認證階梯過濾處理 部2 2係對認證處理部1 〇 a清求生成5忍證貧訊。 接到認證資訊的生成要求認證處理部1 〇a係從儲存於 操作履歷記憶部27的操作履歷計算出執行了來自PLC200 的控制程式的讀取處理的次數(僅讀取成功的情形之次 數)。 接著,認證處理部1 〇a係由計算出的值(此值係與保 持於PLC的計數器處理部29之計數器的值相同)、儲存於 認證階梯生成用亂數記憶部8a的亂數及儲存於序列id記 憶部9a的序列ID計算出認證資訊,並送回認證階梯過濾 處理部22。 於認證階梯過濾處理部22係根據取得的認證資訊於 49 322090 201128334 認證階梯插入處理部14確認插入於控制程式之認證階梯 的插入位置(由認證資訊計算出步驟數並掌握認證階梯的 插入位置)。 認證階梯過濾處理部22係從控制程式記憶部3讀取 控制程式’並對設定使其僅執行一次的認證階梯(示例於第 4圖(a)的認證階梯)、與位於前述計算出的步驟數的認證 階梯(插入於控制程式中特定的步驟數的認證階梯;示例於 第4圖(b)的認證階梯)進行不顯示設定。 控制程式製作部2係在顯示從認證階梯過濾處理部22 收到的控制程式之際,確認受不顯示設定的位置,將受不 顯示設定的位置的認證階梯進行不顯示設定的控制並輸出 至顯示部30 ’顯示部30係不顯示認證階梯而僅顯示控制 程式。 又’認證階梯插入位置調整處理部23(位置調整部) 係對於在控制程式製作部2被編輯後的控制程式,根據在 認證處理部10a生成的認證資訊將藉由由使用者命令的追 加及刪除所產生的認證階梯插入位置(步驟數),回到原本 的位置之後,將控制程式儲存於控制程式記憶部3。 如此’於本實施形態’每當接收了儲存於執行用控制 程式記憶4 15 #控制程式的讀取要求則將計數器遞增計 數’並使用此計數器的值再度生成認證資訊及根據此認證 資訊的認贿梯,於㈣程式+與6插人完成的認證階梯 進行替換。 藉由這些處理’由於在工程環境側電腦1〇〇讀取的控 50 322090 201128334 制程式每次皆為相異,故可使懷有惡意的使用者所做的認 證處理的解析變得困難。 並且,即使懷有惡意的使用者縱然將控制程式複製至 別的PLC,亦因為每個PLC使用特有的計數器值生成認證 資訊,故可進一步防止控制程式的非法利用。 且,通常,由於將控制程式寫入PLC並確認實際的運 作,且對應此結果實施一邊與在工程環境之間反覆進行控 制程式等的寫入/讀取,一邊調整程式或參數設定的作業, 故與其他的PLC的計數器值變得相同的可能性應為低。 以上,於本實施形態,係說明了一種FA機器控制程 式的非法利用防止系統,包括: 操作履歷記憶部,儲存使用者在工程環境上所執行的 功能的操作履歷者; 認證階梯刪除處理部,為了將業經插入於控制程式的 認證階梯再予以插入,而暫時將其從控制程式刪除者; 計數器處理部,每當接收了來自工程環境的控制程式 的讀取要求,遞增計數計數器並儲存經遞增計數的值者。 【圖式簡單說明】 第1圖係為示意第一實施形態的系統構成例的圖。 第2圖係為示意第一實施形態的運作例的流程圖。 第3圖係為示意第一實施形態的運作例的流程圖。 第4圖(a)及(b)係為示意第一實施形態的認證階梯例 的圖。 第5圖係為示意第一實施形態的專用裝置的設定例的 51 322090 201128334 圖。 第6圖係為示意第二實施形態的系統構成例的圖。 第7圖係為示意第三實施形態的系統構成例的圖。 第8圖係為示意第四實施形態的系統構成例的圖。 第9圖係為示意第五實施形態的系統構成例的圖。 【主要元件符號說明】 1 輸入部 2 .控制程式製作部 3 控制程式記憶部 4 存取要求傳送處理部 5 控制程式寫入要求部 6(6a、 6b) 安全性設定部 7 亂數生成處理部 8(8a、 8b) 認證階梯生成用亂數記憶部 9(9a、 9b) 序列ID記憶部 10(10a .、10b) 認證處理部 11 存取要求接收處理部 12 控制程式寫入處理部 13 認證階梯自動生成處理部 14 認證階梯插入處理部 15 執行用控制程式記憶部 16 控制程式執行控制部 17 專用裝置設定部 18 執行限制時間記憶部 52 322090The user is notified that it cannot be read from the control program of PLC 201128334. When the comparison result is satisfied, the control program reading requesting unit 21 instructs the access request transmission processing unit 4 to instruct the reading of the control program. The access request receiving processing unit 11 instructs the control program reading processing unit 24 to read the control program after receiving the control program reading request. The control program reading processing unit 24 reads the control program from the execution control program storage unit 15 and returns it to the access request reception processing unit 11. The control program reading request unit 21 stores the control program read from the PLC 200 in the control program storage unit 3. In this case, in the case where the security setting is valid, the information is authenticated by using the information associated with the establishment of the control program, and the control program cannot be controlled between the project and the PLC that do not have the same associated information. Write and read processing. This is to make the control program stored in the PLC not easily read to the outside and make an illegal backup. Further, in the present embodiment, the authentication process is performed when the control program is read, and the authentication process is performed in the same manner as the write process of the control program. Further, in the present embodiment, the authentication request is performed only from the engineering environment side. However, when the PLC 200 side has an access request to the execution control program storage unit 15, it is possible to request authentication from the engineering environment side computer. Next, a filtering process for not allowing the user to see the authentication step inserted in the control program read from the pLC will be described. When the user inputs the instruction to display/edit the 322090 39 201128334 control program stored in the control program storage unit 3, the authentication step filter processing unit 22 acquires the authentication information generated by the authentication processing unit 10a, and The authentication step insertion processing unit 14 confirms the insertion position of the authentication step inserted in the control program based on the acquired authentication information (the number of steps is calculated from the authentication information to grasp the insertion position of the authentication step). The authentication step filter processing unit 22 reads the control program from the control program storage unit 3, and sets an authentication step (exemplified in the authentication step of FIG. 4(a)) that is executed only once, and the number of steps calculated as described above. The authentication ladder (the authentication ladder inserted in the specific number of steps in the control program: the authentication ladder illustrated in Fig. 4(b)) performs the non-display setting. When the control program from the authentication step filter processing unit 22 is displayed, the control program creation unit 2 confirms that the position where the setting is not to be displayed is set, and the control step of not displaying the position where the setting is not displayed is performed. In the display unit 30, the display unit 3 displays only the control program without displaying the authentication ladder. . Further, the authentication step insertion position adjustment processing unit 23 is installed in the control spear type.卩2 $ The edited control program returns the authentication ladder insertion position (the number of steps) generated by the user addition or deletion command to the original position based on the authentication information generated by the authentication processing unit ^, and then the control program It is stored in the control program storage unit 3. As described above, according to the present embodiment, by preventing the latter from seeing the authentication step = preventing the regular user from deleting the money and the authentication step, the analysis of the illegal use prevention method by the malicious user can be caused. Difficult to prevent illegal use of control programs. 322090 40 201128334 In the above embodiment, an illegal use prevention system for a device control program is described, including: a control program reading request unit, and a control program for receiving an execution control program memory unit stored in the PLC from the engineering environment. The reading request is sent to the access request transfer processing unit to give a read instruction to the control program, and the read control program is stored in the control program memory unit; the authentication step filter processing unit is displayed/edited by the user. In the case of the control program of the authentication ladder, the filter is applied to the user in order to prevent the user from seeing the authentication ladder. The user is forced to enter the position adjustment processing unit. When the user edits the control program in the control program creation unit, the original The processing step in which the authentication ladder inserted in conjunction with the authentication information is returned to the original location; and the control program reading processing unit 'processes the control program from the execution control program memory unit. ・ (Fourth embodiment) The embodiment describes the following functions: in order not to let the user know the storage of the dedicated device , The control program read from the PLC 'will replace the private authentication apparatus stepped insertion section 14 inserted in the process step (iv) of the existing apparatus. Fig. 8 is a view showing the functional configuration of the illegal use of the anti-soil system of the present embodiment. The illegal use prevention system in Fig. 8 is replaced with the number of the existing device in accordance with the number of the dedicated device of the authentication step set in the conversion table of the conversion table (4). 41 322090 201128334 Each component of the engineering environment side computer 100 has been described in the first to third embodiments, and thus the description thereof will be omitted. In the PLC 200, the authentication step conversion table storage unit 25 and the authentication step conversion processing unit 26 are added to the configuration of Fig. 7. Further, in the "Fig. 8", the PLC 200 also omits illustration of elements that are not directly related to the operation of the embodiment. However, the PLC 200 is provided to include the control program writing processing unit 12, the ladder automatic generation processing unit 13, the authentication step insertion processing unit 14, the control program execution control unit 16, and the phase device setting unit 17, etc. And the elements already described in the second embodiment. In the case where there is a reading request from the control program of the computer 100 on the engineering environment side, the authentication step conversion _ is stored in the control program, and the dedicated device _ inserted into the control program is converted to the existing device number. The conversion table utilized. The authentication step conversion processing unit 26 is a process of replacing the time-stamped number with the existing device number by the conversion table stored in the knitting step conversion table storage unit 25. As described above, the device number of the dedicated device is different from the device number (4) of the target device. (In the example of the first embodiment, the number of the dedicated device is "Α", and the number of the target device is "χ", "γ", "Ε" at the beginning). In the case where there is an output instruction from the control program (synthesis program) stored in the execution control program storage unit 15 from the computer on the engineering environment side, the authentication step conversion processing unit 26 is a dedicated device for the authentication step. 322090 42 201128334 The number is changed to the same number system as the target device number (the private I number starts with, for example, "X"). The authentication step conversion processing unit 26 is an example of the device number changing unit. In the present embodiment, the access request receiving processing unit u (program wheeling unit) includes the changed transmission authentication step conversion processing unit 26 ^ The control program (composite program) of the device number is output to the engineering environment side computer 100. Next, in the case where the security setting is enabled, the process of replacing the dedicated device number of the authentication step with the existing device number brown when the control program is read is explained. When the control program reading processing unit 24 receives the reading request of the control program from the engineering environment side computer i〇0, the control program reading processing unit 24 confirms the security setting of the security setting unit 6b. In the case where it is effective, the request authentication step conversion processing unit 26 replaces the dedicated device inserted in the authentication step of the control program read from the execution control program storage unit 15 with the existing device. _ The authentication step conversion processing unit 26 that has received the request to convert the dedicated device to the existing device, and replaces the dedicated device used in the authentication step with the existing device based on the conversion table set in the authentication step conversion table storage unit 25 ( X device or Y device). For example, the dedicated device A234 is changed to the existing device X234. In the case of conversion to an existing device, it is not necessary to convert to an X device as long as it is an existing device. Further, the device number is not required to be the same as that of the dedicated device, as long as it is a device number that can be used in the replacement existing device. Further, in the engineering environment side in which the control program for replacing the dedicated device with the existing device is read, as described in the third embodiment, since the authentication step is filtered so that the user does not see the authentication ladder, A conversion table is required. As described above, according to the present embodiment, the dedicated device inserted into the authentication ladder of the control program read on the engineering environment side is replaced with the existing device, for example, the control program to be read by a malicious user is used. When the tool that parses the binary editor or the code is opened, it is not easy to know that it is a device that is not used in the previous control program, but can make the authentication The mechanism of processing is difficult to resolve. That is, according to the third embodiment, the number of the dedicated device is not displayed in order not to display the authentication step. However, when the tool as described above is used, even if the display is not displayed, the presence of the dedicated device number is still present. Know the situation. In the present embodiment, even in the case of using such a tool, since the number of the dedicated device becomes the same number as the normal device number, the number of the dedicated device can be prevented from being recognized. In the present embodiment, an illegal use prevention system for the FA machine control program is described, including: an authentication ladder conversion processing unit that accepts reading from a control program when reading from a request control program from an engineering environment Taking the instruction of the processing unit, replacing the dedicated device of the authentication step with the existing device; and the #忍^•step conversion table memory unit for storing the authentication ladder by the authentication step 44 322090 201128334 The device is replaced with a conversion table utilized by the existing device. (Fifth Aspect Shift) In the present embodiment, the following functions are described: each time a control program is read from the PLC, the authentication information is regenerated using the counter value set in the PLC, and the authentication ladder is again generated. And transferred to the engineering environment side after the replacement with the authentication ladder inserted into the control program is implemented. Fig. 9 is a view showing the functional configuration of the illegal use prevention system of the present embodiment. The illegal use prevention system of Fig. 9 is to regenerate the authentication ladder based on the authentication information regenerated by using the count value set in PLC2〇〇 every time the control program is read from pLc. And perform a replacement with the authentication ladder that has been inserted into the control program. Memory = diagram of the engineering environment side of the computer just, the user on the system = stored in the engineering environment side of the computer 100 errors =: the time of the implementation of the memory (-: work, the memory of the 27-series input count section The constituent elements of the example are: the engineering ring (10) of the second St: Bu. The description is given by the second to the second embodiment, and the spatial problem display unit 30 is omitted. The engineering environment side computer of the figure is displayed on the display unit 30 LS} 322090 45 201128334 The PLC200 system is provided with an authentication step, the division processing unit 28, and the counter processing unit 29. The authentication ladder deletion processing unit 28_ is authenticated by the insertion program. More specifically, in the case where there is an output instruction from a control program (composite program) in which the authentication step is inserted from the engineering environment side computer 100 as an external device, the access request receiving processing unit u (program output unit) is The control program (composite program) is output to the computer on the engineering environment side, but the authentication ladder is deleted from the control program (synthesis_program) each time the output to the computer 100 on the engineering environment side is performed. An example of the 28-series deletion processing unit is a count-receiving unit 29 that counts up the count value set in the PLC 200 and counts up the count every time the read request from the control program of the engineering environment is accepted. In other words, the control program (compositing program) is outputted from the access request receiving processing unit 11 to the engineering environment side computer 1 to count the number of output times. The counting and stealing processing unit 29 outputs the number counting unit. In the present embodiment, the authentication ladder automatic generation processing unit 13 (authentication program generation unit) transmits the control program 1 (composite program) to the project environment side computer every time from the access request reception processing unit n. The device ID of the dedicated device is reselected based on the sequence ID of the sequence ID storage unit 9b, the count value of the counter processing unit 29, and the random number of the authentication step generation random number storage unit 8b, and a new dedicated device number is generated. The new authentication step determines the authentication ladder deletion processing unit 28 according to the new authentication ladder generated. 322090 46 201128334 Deletes the new insertion position in the processed control program. Then, the authentication step insertion processing unit 14 (programming unit) inserts each new authentication step into the control program as a new composition program at the new insertion position determined by the authentication ladder automatic generation processing unit 13. In addition, in FIG. 9, the elements which are not directly related to the operation of the present embodiment in the plc200 are not shown. However, the PLC 200 includes the control program writing processing unit 12 and the control program execution control unit. 16. The components described in the first to third embodiments, such as the dedicated device setting unit 17, etc. Next, the operation of the present embodiment will be described. First, the operation on the PLC 200 side will be described. In the first embodiment, in the case of the first writing of the control program, the 2^1 beacon of the operating environment side computer (10) generates the sequence of the listener and the PL· as the input. The hash function generates authentication information. In addition to the above two pieces of information, the number of the number of the pirate processing unit 29 is used to generate the nucleus and the certificate information, and the authentication information generated by the reliance generation generates the authentication ladder. The number of juices processed by the juice counter is counted every time a read request from the control program of the engineering environment side computer 1GG is received. This count value is set to 初始 when the control program is first written, and is used when the authentication information is generated at the time of initial writing. After that, when the reading request from the control program of the engineering environment side computer 1 is received, the leg step automatic ambiguity (1) 指示 instructs the counter processing unit 29 to increment the count ' by the instruction counter processing unit 322090 47 201128334 • 29 is an incremental count of the count value. The control program reading processing unit 24 that has received the control program reading request from the engineering environment side computer 1 instructs the authentication ladder automatic generation processing unit 13 to instruct the re-generation of the authentication step. The authentication ladder automatic generation processing unit 13 receives the re-generation request of the authentication step and instructs the authentication processing unit 1b to generate the authentication information. The authentication processing unit 1 Ob performs a hash calculation on the random number stored in the authentication step generation random number storage unit 8b, the sequence ID stored in the sequence id storage unit 9b, and the count value stored in the counter processing unit 29 to generate authentication information. And sent back to the authentication ladder automatic generation processing unit 13. The authentication ladder automatic generation processing unit 13 transmits the received authentication information and authentication program to the authentication ladder deletion processing unit 28. The authentication step deletion processing unit 28 specifies the insertion position of the authentication step currently inserted in the control program and deletes the authentication step based on the received authentication information, and returns the control program in which the authentication step is deleted to the authentication step automatic generation processing unit 13 . The authentication ladder automatic generation processing unit 13 issues an instruction to increment the count by the counter processing unit 29, and the counter processing unit 29 counts and holds the count value. The authentication step automatic generation processing unit 13 requests the authentication processing unit i〇b to request the generation of the authentication information again, and the authentication processing unit 1〇b performs the re-generation of the authentication information by the counted count value, and regenerates the generated information. The authentication information is sent back to the authentication ladder automatic generation processing unit 13. The safari step automatic generation processing unit 13 automatically generates an authentication ladder (the insertion position of each authentication step) from the re-generated authentication capital 322090 48 201128334, and generates the generated authentication ladder and the authentication ladder deletion processing unit 28 The control program in which the authentication ladder is deleted is passed to the authentication step insertion processing unit 14. Then, the authentication step automatic generation processing unit 13 instructs the re-generated authentication step to be reinserted into the control program, and the authentication step insertion processing unit 14 reinserts the authentication step. The control program reading processing unit 24 transfers the control program in which the authentication step is inserted again to the engineering environment via the access request receiving processing unit 11. Next, the operation on the side of the computer 100 on the engineering environment side will be described. The control program reading request unit 21 that has received the control program stores the control program in the control program storage unit 3. When the user uses the input unit 1 to issue an instruction to display/edit the control program stored in the control program storage unit 3, the authentication step filter processing unit 2 checks and writes the authentication processing unit 1 〇a to generate 5 tortuous messages. . The authentication request processing unit 1 receives the authentication information, and the authentication processing unit 1 calculates the number of times the reading process of the control program from the PLC 200 is executed from the operation history stored in the operation history storage unit 27 (the number of cases in which only the reading is successful) . Next, the authentication processing unit 1a is a random number stored in the authentication step generation random number storage unit 8a and stored in the calculated value (this value is the same as the value of the counter held by the counter processing unit 29 of the PLC). The authentication information is calculated in the sequence ID of the sequence id memory unit 9a, and sent back to the authentication step filter processing unit 22. The authentication step filter processing unit 22 confirms the insertion position of the authentication step inserted in the control program based on the acquired authentication information at 49 322090 201128334 (the number of steps is calculated from the authentication information and the insertion position of the authentication step is grasped). . The authentication step filter processing unit 22 reads the control program from the control program storage unit 3 and sets the authentication step to be executed only once (exemplified in the authentication step of FIG. 4(a)) and the above-described calculated step. The number of authentication ladders (the authentication ladder inserted in a specific number of steps in the control program; the authentication ladder illustrated in FIG. 4(b)) is not displayed. When the control program received from the authentication step filter processing unit 22 is displayed, the control program creation unit 2 checks the position where the setting is not displayed, and controls the authentication step of the position where the setting is not displayed, and outputs the control to the non-display setting. The display unit 30' display unit 30 displays only the control program without displaying the authentication ladder. Further, the authentication step insertion position adjustment processing unit 23 (position adjustment unit) is based on the addition of the user command to the control program edited by the control program creation unit 2 based on the authentication information generated by the authentication processing unit 10a. The generated authentication step insertion position (the number of steps) is deleted, and after returning to the original position, the control program is stored in the control program storage unit 3. Thus, in the present embodiment, the counter is incremented every time the read request stored in the execution control program memory 4 15 # control program is received, and the authentication information is regenerated using the value of the counter and the authentication information is recognized based on the authentication information. The bribe ladder is replaced by the (4) program + the certification ladder completed with 6 inserts. With these processes, the programs that are read by the computer on the engineering environment side are different each time, making it difficult to analyze the authentication process by malicious users. Moreover, even if a malicious user copies the control program to another PLC, since each PLC uses the unique counter value to generate the authentication information, the illegal use of the control program can be further prevented. In addition, in general, the program is written to the PLC and the actual operation is confirmed, and the program or parameter setting operation is adjusted while the control program is written or read repeatedly in the engineering environment in response to the result. Therefore, the possibility that the counter value of the other PLC becomes the same should be low. As described above, in the present embodiment, an illegal use prevention system for the FA device control program includes an operation history storage unit that stores an operation history of a function executed by the user in the engineering environment, and an authentication ladder deletion processing unit. In order to insert the authentication ladder inserted into the control program and temporarily delete it from the control program; the counter processing unit receives the read request from the control program of the engineering environment, increments the counter and stores the increment. The value of the count. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a view showing an example of a system configuration of a first embodiment. Fig. 2 is a flow chart showing an operation example of the first embodiment. Fig. 3 is a flow chart showing an operation example of the first embodiment. Fig. 4 (a) and (b) are diagrams showing an example of the authentication ladder of the first embodiment. Fig. 5 is a diagram showing 51 322090 201128334 showing a setting example of the dedicated device of the first embodiment. Fig. 6 is a view showing an example of a system configuration of the second embodiment. Fig. 7 is a view showing an example of a system configuration of the third embodiment. Fig. 8 is a view showing an example of a system configuration of the fourth embodiment. Fig. 9 is a view showing an example of a system configuration of the fifth embodiment. [Description of main component symbols] 1 Input unit 2 Control program creation unit 3 Control program storage unit 4 Access request transmission processing unit 5 Control program write request unit 6 (6a, 6b) Security setting unit 7 Random number generation processing unit 8 (8a, 8b) Authentication step generation random number storage unit 9 (9a, 9b) Sequence ID storage unit 10 (10a, 10b) Authentication processing unit 11 Access request reception processing unit 12 Control program write processing unit 13 authentication Step automatic generation processing unit 14 Authentication step insertion processing unit 15 Execution control program storage unit 16 Control program execution control unit 17 Dedicated device setting unit 18 Executes the limited time storage unit 52 322090

201128334 * 19 認證階梯性能確認部 20 認證階梯插入判斷部 21 控制程式讀取要求部 22 認證階梯過濾處理部 23 認證階梯插入位置調整處理部 24 控制程式讀取處理部 25 認證階梯轉換表記憶部 26 認證階梯轉換處理部 27 操作履歷記憶部 28 認證階梯刪除處理部 29 計數器處理部 30 顯示部 100 工程環境側電腦 200 PLC 53 322090201128334 * 19 certification step performance checking unit 20 authentication step insertion determining unit 21 control program reading request unit 22 authentication step filtering processing unit 23 authentication step insertion position adjustment processing unit 24 control program reading processing unit 25 authentication step conversion table storage unit 26 Authentication ladder conversion processing unit 27 Operation history storage unit 28 Authentication ladder deletion processing unit 29 Counter processing unit 30 Display unit 100 Engineering environment side computer 200 PLC 53 322090

Claims (1)

201128334 ’ 七、申請專利範圍: 1. 一種控制裝置,包括: 特有識別資訊記憶部,係記憶獨一無二地設定在前 述控制裝置的特有識別資訊者; 程式輸入部,係將包含成為前述控制裝置的控制處 理對象的對象裝置的裝置號碼且不允許前述控制裝置 以外的裝置進行使用的階梯程式作為主程式予以輸入 者; 認證程式生成部,係根據前述特有識別資訊,將防 止前述控制裝置以外的裝置使用主程式的階梯程式生 成作為認證程式者; 程式合成部,係將主程式及認證程式合成為合成程 式者;以及 記憶部,係記憶前述合成程式;其中’ 前述認證程式生成部係進行下述操作: 將使用於認證的複數個認證用裝置的裝置號碼作 為認證用裝置號碼予以管理,其中,前述裝置號碼係為 擬似對象裝置的裝置號碼者; 根據前述特有識別資訊,選擇一個以上的認證用裝 置號碼; 將包含所選擇的選擇認證用裝置號碼的階梯程式 予以生成為認證程式,前述階梯程式在作為前述合成程 式與前述主程式一起同時執行之際,若以獨立於前述認 證程式生成部的選擇動作之外的方式根據前述特有識 54 322090 201128334 別資訊正確地選擇前述選擇認證用裝置號碼,而對於對 應於前述選擇認證用裝置號碼的各個選擇認證用裝置 進行了預定的設定處理,則正確地動作而使前述主程式 正常地動作;而在作為前述合成程式與前述主程式一同 執行之際’當對於各個前述選擇認證用裝置未執行前述 设定處理部時則不會正常的動作’而停止前述主程式的 動作。 2. 如申請專利範圍第1項所述之控制裝置,其中,前述控 制裝置復包括: 設定處理部,係使前述複數個認證用裝置與各個認 證用裝置號碼建立對應關係而予以管理,並在執行儲存 於前述程式記憶部的合成程式之際,以獨立於前述認證 程式生成部的選擇動作之外的方式根據前述特有識別 資訊選擇一個以上的認證用裝置號碼,對於對應於所選 擇的選擇認證用裝置號碼的各個選擇認證用裝置進行 預定的設定處理者;以及 程式執行部,係在透過前述設定處理部對各個前述 選擇認證用裝置進行了設定處理後,執行記憶於前述程. 式記憶部的合成程式。 3. 如申請專利範圍第2項所述之控制裝置,其中,前述控 制裝置復包括: 亂數記憶部,係記憶亂數,以及 單向演算部,係於前述認證程式生成部生成s忍證程 式之前,對記憶於前述亂數s己憶部的亂數及s己憶於削述 55 322090 201128334 特有識別資訊記憶部的特有識別資訊進行單向演算;在 前述設定處理部做設定處理之前’對記憶於前述亂數記 憶部的亂數及記憶於前述特有識別資訊記憶部的特有 識別資訊進行單向演算者; 前述認證程式生成部係根據前述單向演算部所獲 得的單向演算值,選擇一個以上的認證用裝置號碼,並 生成包含所選擇的選擇認證用裝置號碼的認證程式; 前述設定處理部係根據前述單向演算部所獲得的 單向演算值,選擇一個以上的認證用裝置號碼,對於對 應於所選擇的選擇認證用裝置號碼之各個選擇認證用 裝置進行預定的設定處理者。 4.如申請專利範圍第2項或第3項所述之控制裝置,其 中,前述認證程式生成部係將下述階梯程式作為認證程 式予以生成者,該階梯程式係進行下述操作:若進行了 使選擇認證用裝置從OFF狀態變為0N狀態的設定處理 則正常的動作,而使前述主程式正常地動作,·而在沒有 .進行使選擇認證用裝置從OFF狀態變為0N狀態的設定 處理的情形則不會正常的動作,而停止前述主程式的動 作; 前述設定處理部係進行將選擇認證用裝置從OFF. 狀態設為⑽狀態的設定處理。 5.如申請專利範圍第1項至第4項中任一項所述之控制裝 置,其中’前述認證程式生成部係選擇兩個以上的認證 用裝置號碼’並生成下列者之至少任一者:開頭認證程 56 322090 201128334 式,係包含所選擇的全部選擇認證用裝置號碼,且配置 於前述主程式的開頭;以及2個以上的插入認證程式, 係分別包含選擇認證用裝置號碼的其中任一個並插入 於前述主程式内的複數個插入位置而成者; 前述程式合成部係將前述開頭認證程式配置於前 述主程式的開頭,將前述2個以上的插入認證程式插入 前述主程式内的複數個插入位置。 6. 如申請專利範圍第1項至第5項中任一項所述之控制裝 置,其中,前述控制裝置復包括: 容許時間記憶部,係將主程式及認證程式所合成的 合成程式的執行所需時間的容許範圍作為容許時間予 以記憶者; 所需時間預測部,係預測從前述程式輸入部所輸入 的主程式的執行所需時間者;以及 個數決定部,係根據由前述所需時間預測部所預測 的預測所需時間及前述容許時間,決定包含於前述認證 程式的認證用裝置號碼的個數者;而 前述認證程式生成部係選擇由前述個數決定部所 決定的個數數量的認證用裝置號碼者。 7. 如申請專利範圍第1項至第6項中任一項所述之控制裝 置,其中,前述控制裝置復包括: 程式大小判斷部,係判斷從前述程式輸入部所輸入 的主程式的程式大小是否在預定大小以上,若前述主程 式的程式大小未達前述預定大小,則使前述認證程式生 57 322090 201128334 成部保留認證程式的生成,若前述主程式的程式大小為 前述預定大小以上,則對前述認證程式生成部指示認證 程式的生成者。 8.如申請專利範圍第7項所述之控制裝置,其中,前述認 證程式生成部,係選擇兩個以上的認證用裝置.號碼,並 生成兩個以上分別包含選擇認證用裝置號碼的任一個 的插入認證程式,按照預定的插入位置決定演算法按各 個插入認證程式決定前述主程式内的插入位置; 前述程式合成部係於由前述認證程式生成部所決 定的插入位置將各個插入認證程式插入於前述主程式; 前述程式大小判斷部係在由前述認證程式生成部 生成插入認證程式之前,根據前述主程式的程式大小, 判斷按照前述插入位置決定演算法所決定的插入認證 程式的插入位置是否集中於前述主程式的特定部分,並 且 在插入認證程式的插入位置集中於前述主程式的 特定部分的情形,按照屬於前述插入位置決定演算法以 外的演算法且為使插入認證程式的插入位置在前述主 程式内更分散的演算法,決定插入認證程式的插入位 置,俾以對前述認證程式生成部下指示者。 9.如申請專利範圍第1項至第8項中任一項所述之控制裝 置,其中,前述認證程式生成部係生成包含與前述對象 .裝置的號碼體系為相異的認證用裝置號碼的認證用程 式; 58 322090 201128334 ' 前述控制裝置復包括: 裝置號碼變更部,在記憶於前述程式記憶部的合成 程式的輸出指示為來自外部裝置時,將包含於前述合成 程式中的認證程式的選擇認證用裝置號碼,變更為與前 述對象裝置的裝置號碼為相同號碼體系的裝置號碼;以 及 程式輸出部,係將於認證程式包含有由前述裝置號 碼變更部所變更後的裝置號碼的合成程式輸出至前述 外部裝置者。 10.如申請專利範圍第1項至第9項中任一項所述之控制裝 置,其中,前述認證程式生成部係選擇兩個以上的認證 用裝置號碼;且生成分別含有選擇認證用裝置號碼的任 一個的兩個以上的插入認證程式,並依各插入認證程式 決定前述主程式内的插入位置; 前述程式合成部係於由前述認證程式生成部所決 定的插入位置將各個插入認證程式插入於主程式以作 成合成程式; 前述控制裝置復包括: 程式輸出部,在前述合成程式的輸出指示係來自外 部裝置時,將前述合成程式輸出至前述外部裝置者; 刪除處理部,每當由前述程式輸出部將前述合成程 式輸出至前述外部裝置時,從前述合成程式刪除前述兩 個以上的插入認證程式;以及 輸出次數計數部,每當由前述程式輸出部將前述合 59 322090 201128334 成程式輸出至前述外部裝置時,計數輸出次數者; 前述認證程式生成部係每當由前述程式輸出部將 前述合成程式輸出至前述外部裝置時,根據前述特有識 別資訊及前述輸出次數計數部的計數值,重新選擇兩個 以上的認證用裝置號碼,並生成分別包含新選擇認證用 裝置號碼的任一個的兩個以上的新插入認證程式,且依 各個生成的新插入認證程式決定由前述刪除處理部所 做的删除除理後的主程式内的新插入位置; 前述程式合成部係在由前述認證程式生成部所決 定的新插入位置將各個新插入認證程式插入於前述主 程式使其成為合成程式。 11. 一種管理裝置,係管理控制裝置者,包括: 程式輸入部,將由主程式與認證程式所合成的合成 程式由前述控制裝置輸入者,前述主程式不允許前述控 制裝置以外的裝置使用,而使用於前述控制裝置的控 制,而前述認證程式係為了防止前述控制裝置以外的裝 置使用主程式而在前述控制裝置中所生成者; 不顯示設定部,係從前述合成程式之中抽出前述認 證程式,並對前述認證程式進行不顯示設定者;以及 顯示部,係根據前述不顯示設定部所作的不顯示設 定,不顯示前述認證程式,而僅顯示前述主程式。 12. 如申請專利範圍第11項所述之管理裝置,其中,前述 管理裝置復包括: 特有識別資訊記憶部,係記錄獨一無二地設定於前 60 322090 201128334 • 述控制裝置的特有識別資訊;以及 亂數記憶部’係記憶亂數; 前述程式輸入部係輪入將複數個認證程式的各個 配置於前述主程式内的預定位置的合成程式,前述合成 程式係為於前述控制裝置中依據預定的決定演算法使 用前述特有識別資訊及前述亂數’於依每個認證程式所 決定的位置,配置有各個認證程式的合成程式; 前述不顯示設定部係按照與前述控制裝置相同的 決定演算法,使用前述特有識別資訊記憶部的前述特有 識別資訊及前述亂數記憶部的前述亂數判別各個認證 / •程式的位置,對各個認證程式進行不顯示設定。 13.如令請專利範圍第11項所述之管理裝置,其中,前述 管理裝置復包括: 特有識別資訊記憶部,係記錄獨一無二地設定在前 述控制裝置的特有識別資訊; 乱數記憶部,係記憶亂數;以及 入輸入次數計數部,係每當從前述控制裝置輸入前述 5成程式時’計數輸入次數; 剷述程式輸入部係輸入將複數個認證程式的各個 配置於前述主程式内的預定位置的合成程式,該合成種 j係為在前述控制裝置中依據預定的決定演算法使用 :述特有識別資訊、前述亂數、以及從前述控制裝置對 則述官理裝置的合成程式的輸出次數,於依每個認證程 式所決定的位置,配置有各個認證程式的合成程式; 322090 61 201128334 前述不顯示設定部係按照與前述控制裝置相同的 決定演算法,使用前述特有識別資訊記憶部的前述特有 識別資訊、前述亂數記憶部的前述亂數、以及由前述輸 入次數計數部所得的計數值判別各個認證程式的位 置,對各個認證程式進行不顯示設定。 14.如申請專利範圍第12項或第13項所述之管理裝置,其 中,前述管理程式復包括: 位置調整部,於前述管理裝置中前述合成程式被更 新後的結果,任一個的認證程式的配置有變動的情形 中,將該認證程式的位置回復到變動前的位置。 62 322090201128334 ' VII. Patent application scope: 1. A control device comprising: a unique identification information storage unit, which is uniquely set to uniquely identify the information of the control device; the program input unit includes control to be the aforementioned control device The ladder program of the target device of the target device is not allowed to be input as a main program by the device other than the control device; the authentication program generating unit prevents the device other than the control device from being used based on the unique identification information. The ladder program of the main program is generated as an authentication program; the program synthesizing unit synthesizes the main program and the authentication program into a synthesizer; and the memory unit memorizes the synthesizer; wherein the 'authentication program generation unit performs the following operations : The device number of the plurality of authentication devices used for authentication is managed as the device number of the authentication device, wherein the device number is the device number of the pseudo-target device; and one or more authentications are selected based on the unique identification information. a device number; the ladder program including the selected device for selecting the authentication device is generated as an authentication program, and the ladder program is executed independently of the authentication program generation unit when the synthesis program is simultaneously executed as the main program In addition to the selection operation, the selection authentication device number is correctly selected based on the above-mentioned unique knowledge 54 322090 201128334, and the predetermined setting processing is performed for each of the selection authentication devices corresponding to the selection authentication device number. When the combination program is executed together with the main program, when the combination program is executed, it is not normal operation when the setting processing unit is not executed for each of the selection authentication devices. Stop the action of the aforementioned main program. 2. The control device according to claim 1, wherein the control device further includes: a setting processing unit that manages the plurality of authentication devices in association with each authentication device number, and When the composition program stored in the program storage unit is executed, one or more authentication device numbers are selected based on the unique identification information, in addition to the selection operation of the authentication program generation unit, for the selected selection authentication. The program selection unit performs a predetermined setting process by the device for selecting the authentication device, and the program execution unit performs the setting process on each of the selection authentication devices by the setting processing unit, and then executes the memory in the program memory. Synthetic program. 3. The control device according to claim 2, wherein the control device further comprises: a random number memory unit, a memory random number, and a one-way calculation unit, wherein the authentication program generation unit generates a s. Before the program, the one-way calculation is performed on the random number of the memory of the above-mentioned random number and the unique identification information of the unique identification information memory unit of the 55 322090 201128334; before the setting processing unit performs the setting processing' Performing a one-way calculation on the random number stored in the random number memory unit and the unique identification information stored in the unique identification information storage unit; the authentication program generation unit is based on the one-way calculation value obtained by the one-way calculation unit. One or more authentication device numbers are selected, and an authentication program including the selected device for selecting the authentication device is generated. The setting processing unit selects one or more authentication devices based on the one-way calculation value obtained by the one-way calculation unit. The number is predetermined for each of the selection authentication devices corresponding to the selected device for selecting the authentication device number. Handler. 4. The control device according to claim 2, wherein the authentication program generating unit generates the following ladder program as an authentication program, and the ladder program performs the following operations: In the setting process of the selection authentication device from the OFF state to the ON state, the normal operation is performed, and the main program is normally operated, and the setting of the selection authentication device from the OFF state to the ON state is not performed. In the case of the processing, the operation of the main program is stopped, and the setting processing unit performs setting processing for setting the selection authentication device from the OFF state to the (10) state. 5. The control device according to any one of claims 1 to 4, wherein the 'the authentication program generating unit selects two or more authentication device numbers' and generates at least one of the following: : The first certification process 56 322090 201128334 includes all selected authentication device numbers and is arranged at the beginning of the main program; and two or more insertion authentication programs respectively include the selection of the authentication device number. a plurality of insertion positions inserted in the main program; the program synthesizing unit is configured to arrange the first authentication program at the beginning of the main program, and insert the two or more insertion authentication programs into the main program. Multiple insertion positions. 6. The control device according to any one of claims 1 to 5, wherein the control device further comprises: an allowable time memory unit that performs execution of a synthesized program synthesized by the main program and the authentication program The allowable range of the required time is stored as the allowable time; the required time prediction unit predicts the time required for execution of the main program input from the program input unit; and the number determination unit is based on the required The time required for the prediction predicted by the time prediction unit and the allowable time are determined by the number of the authentication device numbers included in the authentication program, and the authentication program generation unit selects the number determined by the number determining unit. The number of authentication device numbers. 7. The control device according to any one of claims 1 to 6, wherein the control device further includes: a program size determining unit that determines a program of the main program input from the program input unit Whether the size of the main program is less than the predetermined size, and if the program size of the main program does not reach the predetermined size, the authentication program generates 57 322090 201128334 to maintain the authentication program. If the program size of the main program is greater than the predetermined size, Then, the certifier generating unit instructs the creator of the authentication program. 8. The control device according to claim 7, wherein the authentication program generation unit selects two or more authentication device numbers, and generates two or more of each of the selected authentication device numbers. The insertion authentication program determines an insertion position in the main program for each insertion authentication program according to a predetermined insertion position determination algorithm; and the program synthesis unit inserts each insertion authentication program at an insertion position determined by the authentication program generation unit. The program size determining unit determines whether the insertion position of the insertion authentication program determined by the insertion position determination algorithm is based on the program size of the main program before the authentication program generation unit generates the insertion authentication program. Concentrating on a specific part of the aforementioned main program, and in the case where the insertion position of the insertion authentication program is concentrated on a specific portion of the aforementioned main program, the algorithm other than the insertion position determination algorithm is determined so that the insertion position of the insertion authentication program is More in the above main program Algorithms, authentication program decides to insert the insertion position, serve to generate an indication of the underlying program's authentication. 9. The control device according to any one of claims 1 to 8, wherein the authentication program generating unit generates an authentication device number that is different from a number system of the object and device. Authentication program; 58 322090 201128334 ' The control device includes: a device number changing unit that selects an authentication program included in the composition program when an output instruction of a composition program stored in the program memory unit is an external device The authentication device number is changed to a device number having the same number system as the device number of the target device, and the program output unit is a composite program output including the device number changed by the device number changing unit in the authentication program. To the aforementioned external device. The control device according to any one of the preceding claims, wherein the authentication program generation unit selects two or more authentication device numbers; and generates a device number for selecting the authentication device. Two or more insertion authentication programs of any one of them, and determining an insertion position in the main program according to each insertion authentication program; the program synthesizing unit inserts each insertion authentication program into an insertion position determined by the authentication program generation unit The main control program is configured to be a composite program; the control device further includes: a program output unit that outputs the synthesis program to the external device when the output instruction of the synthesis program is from an external device; and the deletion processing unit When the program output unit outputs the synthesizing program to the external device, the two or more insertion authentication programs are deleted from the synthesizing program, and the output count unit is configured to output the program 59 322090 201128334 by the program output unit. When the external device is used, the number of output times is counted; When the program output unit outputs the combination program to the external device, the authentication program generation unit reselects two or more authentication device numbers based on the unique identification information and the count value of the output count unit. Two or more newly inserted authentication programs each including a newly selected authentication device number are generated, and a new insertion authentication program generated by each of the deletion processing units is determined to be new in the main program after deletion by the deletion processing unit. The program insertion unit inserts each newly inserted authentication program into the main program at a new insertion position determined by the authentication program generation unit to form a composition program. 11. A management device, comprising: a program input unit, wherein a synthesis program synthesized by a main program and an authentication program is input by the control device, and the main program does not allow use of devices other than the control device; In the control of the control device, the authentication program is generated by the control device in order to prevent the device other than the control device from using the main program; and the authentication program is not extracted from the synthesis program. And the display program is not displayed in the authentication program; and the display unit displays only the main program without displaying the authentication program based on the non-display setting by the non-display setting unit. 12. The management device according to claim 11, wherein the management device comprises: a unique identification information storage unit, which records the unique identification information uniquely set in the first 60 322090 201128334 • the control device; The number memory unit is a memory random number; the program input unit is a combination program for arranging each of the plurality of authentication programs at a predetermined position in the main program, and the combination program is determined by the control device according to a predetermined decision. The algorithm uses the unique identification information and the random number ' at a position determined by each authentication program, and a combination program for each authentication program is arranged; the non-display setting unit is used according to the same determination algorithm as the control device. The unique identification information of the unique identification information storage unit and the random number of the random number storage unit determine the position of each authentication/program, and the display is not displayed for each authentication program. The management device according to claim 11, wherein the management device includes: a unique identification information storage unit that records unique identification information uniquely set in the control device; And the input number counting unit is configured to count the number of input times each time the above-mentioned control device inputs the 50% program; and the program input unit inputs each of the plurality of authentication programs in the main program. a synthesis program of a predetermined position, wherein the synthesis device j is used by the control device according to a predetermined determination algorithm: the unique identification information, the random number, and the output from the control device to the synthesis program of the official device The number of times, a composition program for each authentication program is arranged at a position determined by each authentication program; 322090 61 201128334 The non-display setting unit uses the unique identification information storage unit according to the same determination algorithm as the control device. The unique identification information, the random number of the random number memory unit, and The resulting count value of the input times counting unit determines the position of each authentication program, the authentication program for each setting is not displayed. 14. The management device according to claim 12, wherein the management program includes: a position adjustment unit, wherein the combination program is updated in the management device, and any one of the authentication programs In the case where the configuration is changed, the location of the authentication program is returned to the position before the change. 62 322090
TW099118839A 2010-02-12 2010-06-10 Control apparatus and management apparatus TWI435192B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010028793A JP5404463B2 (en) 2010-02-12 2010-02-12 Control device and management device

Publications (2)

Publication Number Publication Date
TW201128334A true TW201128334A (en) 2011-08-16
TWI435192B TWI435192B (en) 2014-04-21

Family

ID=44438332

Family Applications (1)

Application Number Title Priority Date Filing Date
TW099118839A TWI435192B (en) 2010-02-12 2010-06-10 Control apparatus and management apparatus

Country Status (4)

Country Link
JP (1) JP5404463B2 (en)
KR (1) KR101252918B1 (en)
CN (1) CN102156840B (en)
TW (1) TWI435192B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI476551B (en) * 2012-07-26 2015-03-11 Mitsubishi Electric Corp Programmable logic controller
TWI512416B (en) * 2012-11-22 2015-12-11 Mitsubishi Electric Corp Apparatus for supporting the preparation of a program, method thereof, and a recording medium

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5756412B2 (en) * 2012-01-12 2015-07-29 株式会社日立製作所 Monitoring method and monitoring system
JP5900143B2 (en) * 2012-05-15 2016-04-06 富士電機株式会社 Control system, control device, and program execution control method
JP5836504B2 (en) * 2012-12-20 2015-12-24 三菱電機株式会社 Control system, program transmission device, authentication server, program protection method, program transmission method, and program for program transmission device
WO2014125639A1 (en) * 2013-02-18 2014-08-21 三菱電機株式会社 Control program management apparatus, controller apparatus, and control system
JP6045986B2 (en) * 2013-06-27 2016-12-14 富士電機株式会社 Software development support apparatus, software development support method, and software development support program
JP2015200971A (en) * 2014-04-04 2015-11-12 富士電機株式会社 Control system equipped with falsification detection function
DE112014006740T5 (en) 2014-06-11 2017-05-11 Mitsubishi Electric Corporation Program processing device, program management device, and program management program
KR101539253B1 (en) * 2014-06-17 2015-07-28 주식회사 엔에스이 A PLC device provided with a function for managing program quality
EP3380899B1 (en) * 2016-01-11 2020-11-04 Siemens Aktiengesellschaft Program randomization for cyber-attack resilient control in programmable logic controllers
JP6325630B2 (en) * 2016-10-28 2018-05-16 ファナック株式会社 Ladder library management device
KR102052489B1 (en) * 2017-06-23 2019-12-05 미쓰비시덴키 가부시키가이샤 Ladder program unauthorized-use prevention system, ladder program unauthorized-use prevention method, and engineering tool
JP2019159752A (en) * 2018-03-13 2019-09-19 オムロン株式会社 Controller, license management method, and license management program
JP6836549B2 (en) * 2018-05-31 2021-03-03 ファナック株式会社 Ladder display device
CN109756483B (en) * 2018-12-12 2021-05-25 杭州华威信安科技有限公司 Safety protection method aiming at MELASEC protocol
JP7227015B2 (en) * 2019-01-24 2023-02-21 ファナック株式会社 LADDER PROGRAM EDITING SYSTEM, SERVER, TERMINAL DEVICE, LADDER PROGRAM EDITING METHOD AND PROGRAM
JP6766917B1 (en) * 2019-04-25 2020-10-14 オムロン株式会社 Control system and control method
US11703833B2 (en) 2020-02-14 2023-07-18 Mitsubishi Electric Corporation Program providing device, program providing method, and program providing system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3729421B2 (en) * 1994-03-18 2005-12-21 富士通株式会社 Unauthorized use prevention method and unauthorized use prevention system
JP3289521B2 (en) * 1994-10-31 2002-06-10 健稔 岡本 Software Copyright Protection Methods
JPH11194937A (en) * 1997-12-26 1999-07-21 Orix Rentec Kk Rent control system for electronic computer program
JP4203232B2 (en) 2001-05-11 2008-12-24 株式会社エヌ・ティ・ティ・ドコモ Communication terminal and communication control program
JP2003330564A (en) * 2002-05-17 2003-11-21 Canon Inc Function-in-device usage limiting method
JP4497450B2 (en) * 2003-12-10 2010-07-07 独立行政法人科学技術振興機構 Program authentication system
CN1328632C (en) * 2004-09-23 2007-07-25 艾默生网络能源有限公司 Method and system for changing ladder diagram program into instruction listing program
JP4607080B2 (en) * 2005-09-27 2011-01-05 オムロン株式会社 Programmable controller system
JP2008293468A (en) * 2007-04-26 2008-12-04 Oki Electric Ind Co Ltd Method for manufacturing motherboard
JP2009070144A (en) * 2007-09-13 2009-04-02 Omron Corp Programming method in plc
CN101364098B (en) * 2008-09-12 2010-07-28 南京航空航天大学 Method and system for conversing trapezoidal pattern to be instruction catalogue program, and interpretation execution method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI476551B (en) * 2012-07-26 2015-03-11 Mitsubishi Electric Corp Programmable logic controller
US9542574B2 (en) 2012-07-26 2017-01-10 Mitsubishi Electric Corporation Programmable logic controller
TWI512416B (en) * 2012-11-22 2015-12-11 Mitsubishi Electric Corp Apparatus for supporting the preparation of a program, method thereof, and a recording medium

Also Published As

Publication number Publication date
TWI435192B (en) 2014-04-21
CN102156840A (en) 2011-08-17
KR20110093561A (en) 2011-08-18
CN102156840B (en) 2014-09-17
JP2011165041A (en) 2011-08-25
JP5404463B2 (en) 2014-01-29
KR101252918B1 (en) 2013-04-09

Similar Documents

Publication Publication Date Title
TW201128334A (en) Control apparatus and management apparatus
TWI741041B (en) Unified programming environment for programmable devices
US8600064B2 (en) Apparatus, method, and computer program product for processing information
JP4906854B2 (en) Information processing apparatus, information recording apparatus, information processing system, program update method, program, and integrated circuit
CN109313690A (en) Self-contained encryption boot policy verifying
CN102025716B (en) Method for updating seeds of dynamic password token
US7953972B2 (en) System and method for managing files
JP2016520230A (en) Secure approval system and method
JP5335072B2 (en) Key implementation system
US11314847B2 (en) Method for electronically documenting license information
JPWO2012049757A1 (en) Content data reproducing apparatus, update management method, and update management program
JP2015143988A (en) Secure accessing method and secure access unit for application program
KR20140043809A (en) License management device, license management system, license management method, and program
US20220043434A1 (en) Method for Managing a Production Process
WO2012165061A1 (en) Information processing device, information processing method and program
US20210029123A1 (en) Access control for digital assets
JP2006146744A (en) Removable medium information management method and system
JP5997604B2 (en) Information processing apparatus having software illegal use prevention function, software illegal use prevention method and program
WO2020058192A1 (en) Sensor data assembly and manufacturing device
JPH0332813B2 (en)
KR20160037415A (en) Method for preventing illegal copying software
Usama et al. Software Copy Protection and Licensing based on XrML and PKCS# 11
CN116127500A (en) File management and control method, system and medium for mobile storage medium under Linux
KR20170004043A (en) System for preventing illegal copying software
JP2014225138A (en) Numerical control device and numerical control device authentication system