WO2011128993A1 - エンジニアリングツールと産業製品とのセキュリティ方法、およびセキュリティシステム - Google Patents
エンジニアリングツールと産業製品とのセキュリティ方法、およびセキュリティシステム Download PDFInfo
- Publication number
- WO2011128993A1 WO2011128993A1 PCT/JP2010/056691 JP2010056691W WO2011128993A1 WO 2011128993 A1 WO2011128993 A1 WO 2011128993A1 JP 2010056691 W JP2010056691 W JP 2010056691W WO 2011128993 A1 WO2011128993 A1 WO 2011128993A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- individual information
- read
- engineering tool
- registered
- industrial product
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
Definitions
- the present invention relates to a security method between an engineering tool and an industrial product, and a security system for applying the method.
- Patent Document 1 proposes a technique that uses a hardware key as an authentication key for the purpose of improving the robustness of user authentication.
- the present invention has been made in view of the above, and an object of the present invention is to obtain a security method and a security system between an engineering tool and an industrial product that can ensure sufficient security.
- the present invention converts a read restriction of a program stored in hardware of an industrial product into a read restriction request from the engineering tool that is the read restriction request source to the industrial product.
- Read restriction setting work to be set in response, and read request work for sending a read request for the program from the engineering tool of the read request source to the industrial product.
- hardware for the industrial product is included.
- the unique individual information held by the hardware or the unique individual information held by the hardware for executing the engineering tool of the read restriction request source is registered as registered individual information. Execute the requesting engineering tool Comparing the unique individual information unique individual information or the industrial products of the hardware's which because of hardware's, and the registration individual information, and wherein the.
- the security method and the security system between the engineering tool and the industrial product according to the present invention have the effect of ensuring sufficient security.
- FIG. 1 is a flowchart illustrating a procedure for setting a program read restriction in the security method between an engineering tool and an industrial product according to Embodiment 1 of the present invention.
- FIG. 2 is a flowchart illustrating a procedure for executing a program read and rejecting a read request in response to a program read request according to the first embodiment.
- FIG. 3 is a diagram for explaining an example of program read execution and read request rejection according to the procedure shown in FIG.
- FIG. 4 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the second embodiment of the present invention.
- FIG. 1 is a flowchart illustrating a procedure for setting a program read restriction in the security method between an engineering tool and an industrial product according to Embodiment 1 of the present invention.
- FIG. 2 is a flowchart illustrating a procedure for executing a program read and rejecting a read request in response to a program read request according to the first embodiment.
- FIG. 5 is a flowchart illustrating a procedure for executing a program read and rejecting a read request in response to a program read request according to the second embodiment.
- FIG. 6 is a diagram for explaining an example of program read execution and read request rejection according to the procedure shown in FIG.
- FIG. 7 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the third embodiment of the present invention.
- FIG. 8 is a flowchart for explaining a procedure for executing a program read and rejecting the read request in response to a program read request according to the third embodiment.
- FIG. 9 is a diagram for explaining an example of program read execution and read request rejection according to the procedure shown in FIG. FIG.
- FIG. 10 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the fourth embodiment of the present invention.
- FIG. 11 is a flowchart for explaining a program read execution and read rejection procedure in response to a program read request according to the fourth embodiment.
- FIG. 12 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the fifth embodiment of the present invention.
- FIG. 13 is a flowchart for explaining a program read execution and read rejection procedure in response to a program read request according to the fifth embodiment.
- FIG. 14 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the sixth embodiment of the present invention.
- FIG. 15 is a flowchart for explaining a program read execution and read rejection procedure in response to a program read request according to the sixth embodiment.
- FIG. 1 is a flowchart illustrating a procedure for setting a program read restriction in the security method between an engineering tool and an industrial product according to Embodiment 1 of the present invention.
- a security system including a personal computer (PC) that is hardware that executes an engineering tool and a sequencer that is hardware of an FA product (industrial product) is taken as an example.
- the present embodiment is characterized in that the reading of a program is restricted by using a MAC address, which is unique individual information held by a PC, for authentication.
- the sequencer performs authentication confirmation of unique individual information.
- step S11 to step S15 which are read limit setting operations, the read limit of the program stored in the sequencer is set according to the read limit request from the engineering tool that is the read limit request source to the FA product.
- the engineering tool acquires the MAC address of the PC in which the engineering tool is installed.
- step S12 the engineering tool transmits the MAC address acquired in step S11 to the sequencer together with the read restriction request.
- the sequencer determines whether the MAC address has already been registered in itself. When the MAC address is not registered in the sequencer (step S13, No), the sequencer writes the MAC address received from the engineering tool in itself (step S14). As a result, the MAC address held by the PC for executing the engineering tool of the read restriction request source is registered in the FA product as registered individual information.
- step S13 when the MAC address is already registered in the sequencer (step S13, Yes), the sequencer rejects the program read restriction request by the engineering tool (step S15). Thereby, when the read restriction is already set, the read restriction is protected.
- FIG. 2 is a flowchart illustrating a procedure for executing reading of a program and rejecting the read request in response to a program read request.
- the engineering tool of the read request source acquires the MAC address (owned individual information) of the PC in which it is installed.
- step S22 which is a read request operation, the engineering tool transmits the MAC address acquired in step S21 to the sequencer together with the read request.
- step S23 the sequencer determines whether or not the MAC address has already been registered in itself.
- step S23 When the MAC address is not registered in the sequencer (step S23, No), the sequencer executes reading of the program in response to the read request (step S24). If the MAC address is not registered, the read restriction is not set. In this case, the program is permitted to be read.
- step S23 When the MAC address is registered in the sequencer (step S23, Yes), the sequencer registers the MAC address registered in itself (registered individual information) and the MAC address received from the engineering tool in step S22 (held individual information). To determine whether or not they match (step S25). If the MAC address registered in the sequencer matches the MAC address received by the sequencer (Yes in step S25), the sequencer executes reading of the program (step S24).
- step S25 if the MAC address registered in the sequencer and the MAC address received by the sequencer do not match (No in step S25), the sequencer rejects the program read request (step S26). Further, in step S27, the sequencer outputs a warning that reading is impossible.
- the warning is output, for example, as a message display or voice. The warning that reading is impossible may be due to message display and / or sound, or may not be performed.
- FIG. 3 is a diagram for explaining an example of program read execution and read request rejection according to the procedure shown in FIG. It is assumed that the FA product sequencer 1 is connected to the PC 2 and PC 3 via a network. In the read limit setting operation, it is assumed that the user sets the read limit of the program 10 stored in the sequencer 1 using the PC 2.
- the engineering tool 20 of the read restriction request source transmits the MAC address 21 of the PC 2 to the sequencer 1 together with the read restriction request.
- the MAC address 21 of the PC 2 is registered in the sequencer 1 by setting the read restriction by the user.
- a user having access authority requests reading of the program 10 using the PC 2.
- the engineering tool 20 of the read request source transmits the MAC address 21 of the PC 2 to the sequencer 1 together with the read request.
- the sequencer 1 permits a read request by a user having access authority.
- the sequencer 1 requests the engineering tool 30 that is the read request source to transmit the MAC address 31 that is the retained individual information.
- the engineering tool 30 of the read request source transmits the MAC address 31 of the PC 3 to the sequencer 1 together with the read request. Since the MAC address 21 registered in the sequencer 1 and the MAC address 31 transmitted from the engineering tool 30 do not match, the sequencer 1 rejects a read request by a malicious person.
- the unique individual information used for authentication is not limited to the MAC address held by the PC.
- the individual information may be any information as long as it is unique information that can be identified by the hardware for executing the engineering tool and that can identify the hardware of the read restriction request source.
- the unique individual information held by the engineering tool may be used for authentication.
- an installation serial number of the engineering tool may be used as individual information possessed by the engineering tool.
- FIG. FIG. 4 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the second embodiment of the present invention.
- the present embodiment is characterized in that the reading of a program is restricted by using a serial number, which is unique individual information held by a sequencer, for authentication.
- the sequencer performs authentication confirmation of unique individual information. The description overlapping with that in Embodiment 1 will be omitted as appropriate.
- step S31 to step S36 which are read limit setting operations, the read limit of the program stored in the sequencer is set according to the read limit request from the engineering tool that is the read limit request source to the FA product.
- the engineering tool transmits a read restriction request to the sequencer.
- step S32 the sequencer determines whether or not the read restriction has already been set for itself.
- step S32 If the read restriction is already set in the sequencer (step S32, Yes), the sequencer rejects the program read restriction request from the engineering tool (step S36). Thereby, when the read restriction is already set, the read restriction is protected.
- step S32 when the read restriction is not set in the sequencer (step S32, No), the sequencer transmits its serial number to the engineering tool (step S33). In step S ⁇ b> 34, the sequencer writes information indicating that the read restriction has been set to itself. Note that the order of step S33 and step S34 is arbitrary and may be simultaneous.
- step S35 The engineering tool writes the received serial number in the recording area of the PC in which it is installed (step S35).
- the serial number held by the sequencer is registered in the PC as registered individual information. Note that the order of step S34 and step S35 is arbitrary and may be simultaneous.
- FIG. 5 is a flowchart for explaining a program read execution and read request rejection procedure for a program read request.
- the engineering tool acquires data registered in the PC as a serial number (registration individual information).
- step S42 which is a read request operation, the engineering tool transmits the data acquired in step S41 to the sequencer together with the read request.
- step S43 the sequencer determines whether the read restriction has already been set for itself. Whether or not the read restriction has been set is determined by the presence or absence of information to be written in step S34.
- step S43, No the sequencer executes reading of the program in response to the read request (step S44). If no read restriction is set, program read is permitted. Note that even if no valid data as a serial number is transmitted in step S42 because no individual registration information is registered in the PC, and the read restriction is not set in the sequencer, the sequencer Allow reading of.
- the sequencer receives the data received as the serial number (registered individual information) from the engineering tool in step S42 and the serial number (owned individual information) held by itself. To determine whether or not they match (step S45). When the data received by the sequencer matches the serial number held by the sequencer (step S45, Yes), the sequencer reads the program in response to the read request (step S44).
- step S45 when the data received by the sequencer does not match the serial number held by the sequencer (No in step S45), the sequencer rejects the program read request (step S46). Further, in step S47, the sequencer outputs an unreadable warning.
- the warning is output, for example, as a message display or voice. The warning that reading is impossible may be due to message display and / or sound, or may not be performed. Note that even if no valid data as a serial number is transmitted in step S42 because no registered individual information is registered in the PC, and the read restriction is set in the sequencer, the sequencer Reject reading of.
- FIG. 6 is a diagram for explaining an example of program read execution and read request rejection according to the procedure shown in FIG. It is assumed that the FA product sequencer 1 is connected to the PC 2 and PC 3 via a network. In the read limit setting operation, it is assumed that the user sets the read limit of the program 10 stored in the sequencer 1 using the PC 2. The serial number 11 of the sequencer 1 is registered in the PC 2 for executing the engineering tool 20 of the read restriction request source by setting the read restriction by the user.
- a user having access authority requests reading of the program 10 using the PC 2.
- the engineering tool 20 of the read request source transmits the serial number 11 registered in the PC 2 to the sequencer 1 together with the read request.
- the sequencer 1 permits a read request by a user having access authority.
- the sequencer 1 requests the engineering tool 30 that is the read request source to transmit the serial number 11 that is the registered individual information. Since the valid data as the serial number 11 is not transmitted from the engineering tool 30 of the read request source, the sequencer 1 rejects the read request. In this way, the sequencer 1 rejects the read request by the Service-to-Self.
- the unique individual information used for authentication is not limited to the serial number held by the sequencer.
- the individual information may be any information as long as it is unique information that can be identified by the hardware of the industrial product and can identify the hardware of the industrial product.
- FIG. 7 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the third embodiment of the present invention.
- the present embodiment is characterized in that the reading of the program is restricted by using the MAC address of the PC and the serial number of the sequencer for authentication.
- the sequencer performs authentication confirmation of unique individual information. The description overlapping with Embodiments 1 and 2 will be omitted as appropriate.
- step S51 to step S57 which are read limit setting operations, the read limit of the program stored in the sequencer is set according to the read limit request from the engineering tool that is the read limit request source to the FA product.
- the engineering tool acquires the MAC address of the PC in which the engineering tool is installed.
- step S52 the engineering tool transmits the MAC address acquired in step S51 to the sequencer together with the read restriction request.
- the sequencer determines whether or not the MAC address has already been registered in itself. When the MAC address is already registered in the sequencer (step S53, Yes), the sequencer rejects the program read restriction request from the engineering tool (step S57). Thereby, when the read restriction is already set, the read restriction is protected.
- step S53 when the MAC address is not registered in the sequencer (step S53, No), the sequencer writes the MAC address received from the engineering tool in itself (step S54).
- the MAC address held by the PC for executing the engineering tool of the read restriction request source is registered in the FA product as the first registered individual information.
- the sequencer transmits its serial number to the engineering tool (step S55).
- the engineering tool writes the received serial number in the recording area of the PC in which it is installed (step S56).
- the serial number held by the sequencer is registered as second registration individual information in the PC for executing the engineering tool of the read restriction request source.
- FIG. 8 is a flowchart for explaining a program read execution and read request rejection procedure in response to a program read request.
- the engineering tool of the read request source acquires the MAC address (first possessed individual information) of the PC in which it is installed.
- the engineering tool acquires data registered in the PC as a serial number (second registered individual information).
- step S63 which is a read request operation, the engineering tool transmits the MAC address acquired in step S61 and the data acquired in step S62 to the sequencer together with the read request.
- step S64 the sequencer determines whether or not the MAC address has already been registered in itself.
- the sequencer executes reading of the program in response to the read request (step S65). If the MAC address is not registered, the read restriction is not set. In this case, the program is permitted to be read.
- step S66 the sequencer receives the MAC address (first registered individual information) registered in itself and the engineering tool in step S63.
- the MAC address (first possessed individual information) is compared to determine whether or not they match.
- step S66 the sequencer compares the data received as the serial number (second registered individual information) from the engineering tool in step S63 with the serial number (second stored individual information) held by itself. , It is determined whether or not they match.
- step S65 When the MAC address registered in the sequencer matches the MAC address received by the sequencer, and the data received by the sequencer as the serial number matches the serial number held by the sequencer (Yes in step S66), The sequencer executes reading of the program in response to the read request (step S65).
- step S66 the sequencer reads the program The request is rejected (step S67). Further, in step S68, the sequencer outputs a warning that reading is impossible.
- the warning is output, for example, as a message display or voice. The warning that reading is impossible may be due to message display and / or sound, or may not be performed.
- FIG. 9 is a diagram for explaining an example of program read execution and read request rejection according to the procedure shown in FIG. It is assumed that the FA product sequencer 1 is connected to the PC 2 and PC 3 via a network. In the read limit setting operation, it is assumed that the user sets the read limit of the program 10 stored in the sequencer 1 using the PC 2.
- the read restriction request source engineering tool 20 transmits the MAC address 21 of the PC 2 to the sequencer 1 together with the read restriction request.
- the MAC address 21 of the PC 2 is registered in the sequencer 1 by setting the read restriction by the user. Further, the serial number 11 of the sequencer 1 is registered in the PC 2 for executing the engineering tool 20 that is the source of the read restriction request by setting the read restriction by the user.
- a user having access authority requests reading of the program 10 using the PC 2.
- the engineering tool 20 of the read request source transmits the MAC address 21 of the PC 2 and the serial number 11 registered in the PC 2 to the sequencer 1 together with the read request.
- the sequencer 1 permits a read request by a user having access authority.
- the sequencer 1 requests the engineering tool 30 of the read request source in this case to transmit the MAC address 31 that is the first held individual information and the serial number 11 that is the second registered individual information.
- the engineering tool 30 of the read request source transmits the MAC address 31 of the PC 3 to the sequencer 1 together with the read request.
- the sequencer 1 rejects the read request. In this way, the sequencer 1 rejects the read request by the Service-to-Self.
- the unique individual information used for authentication is not limited to the MAC address held by the PC or the serial number held by the sequencer, and may be any information.
- FIG. 10 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the fourth embodiment of the present invention.
- unique individual information held by a PC for example, a MAC address is used for authentication, and program reading is restricted.
- a PC that is hardware for executing an engineering tool performs authentication confirmation of unique individual information.
- the read restriction of the program stored in the sequencer is set according to the read restriction request from the engineering tool that is the read restriction request source to the FA product.
- the engineering tool acquires the MAC address of the PC in which it is installed (step S71).
- the engineering tool transmits an acquisition request for acquiring the MAC address of the PC from the sequencer to the sequencer (step S72).
- the sequencer transmits information held by itself to the engineering tool (step S73).
- the engineering tool compares the MAC address acquired from the PC with the information received from the sequencer, and determines whether the MAC address of the PC has already been registered in the sequencer (step S74). For example, if the MAC address is not registered in the sequencer, the registration status is determined only by referring to the information of the area, such as storing a specific initial value in the area for storing the MAC address of the PC. Make it possible.
- step S74 When the MAC address of the PC is registered in the sequencer (step S74, Yes), the engineering tool rejects the program read restriction request (step S77).
- step S74 when the MAC address is not registered in the sequencer (step S74, No), the engineering tool sends a read restriction request to the sequencer with the MAC address of the PC in which the tool is installed (step S75). The sequencer registers the MAC address received from the engineering tool in itself (step S76). As a result, the MAC address held by the PC for executing the engineering tool of the read restriction request source is registered in the FA product as registered individual information.
- FIG. 11 is a flowchart for explaining a program read execution and read rejection procedure in response to a program read request.
- the engineering tool of the read request source acquires the MAC address (owned individual information) of the PC in which it is installed (step S81).
- the engineering tool transmits an acquisition request for acquiring the MAC address of the PC from the sequencer to the sequencer (step S82).
- the sequencer transmits the information held by itself to the engineering tool (step S83).
- the engineering tool compares the MAC address acquired from the PC with the information received from the sequencer, and determines whether or not the MAC address of the PC has already been registered in the sequencer (step S84). If the MAC address is not registered in the sequencer (step S84, No), the engineering tool transmits a program read request to the sequencer (step S85). The sequencer executes reading of the program in response to the read request (step S86).
- the engineering tool uses the MAC address (owned individual information) acquired from the PC and the MAC address (registered individual information) received from the sequencer in response to the acquisition request. Compare (step S87). If the MAC address acquired from the PC matches the MAC address received from the sequencer (step S87, Yes), the engineering tool transmits a program read request to the sequencer (step S85). The sequencer executes reading of the program in response to the read request (step S86).
- the engineering tool rejects reading of the program (step S88). Further, the engineering tool outputs a warning that reading is impossible (step S89).
- the warning is output, for example, as a message display or voice. The warning that reading is impossible may be due to message display and / or sound, or may not be performed.
- the unique individual information used for authentication is not limited to the case where it is a MAC address held by the PC.
- the individual information may be any information as long as it is unique information that can be identified by the hardware for executing the engineering tool and that can identify the hardware of the read restriction request source.
- the hardware for executing the engineering tool can be specified by the individual information held by the engineering tool
- the unique individual information held by the engineering tool may be used for authentication.
- individual information possessed by the engineering tool for example, an installation serial number of the engineering tool may be used.
- FIG. FIG. 12 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the fifth embodiment of the present invention.
- unique individual information held by the sequencer such as a serial number
- program reading is limited.
- a PC that is hardware for executing an engineering tool performs authentication confirmation of unique individual information.
- the read limit of the program stored in the sequencer is set according to the read limit request from the engineering tool that is the read limit request source to the FA product.
- the engineering tool transmits an acquisition request for acquiring read restriction setting state information to the sequencer (step S91).
- the sequencer transmits read restriction setting state information to the engineering tool (step S92).
- the read restriction setting state information is information indicating whether or not the program read restriction in the sequencer is set.
- the engineering tool determines whether the read restriction has already been set in the sequencer from the read restriction setting state information received from the sequencer (step S93). If the read restriction has already been set in the sequencer (step S93, Yes), the engineering tool rejects the program read restriction request (step S98).
- the engineering tool transmits an acquisition request for acquiring the serial number of the sequencer to the sequencer (step S94).
- the sequencer transmits the serial number held by itself to the engineering tool (step S95).
- the sequencer registers that the read restriction has been registered as the setting state information of the read restriction held by itself (step S96).
- the order of step S95 and step S96 is arbitrary, and may be simultaneous.
- the engineering tool stores the serial number received from the sequencer in the PC (step S97). As a result, the serial number held by the sequencer is registered in the PC as registered individual information.
- the order of step S96 and step S97 is arbitrary, and may be simultaneous.
- FIG. 13 is a flowchart for explaining a program read execution and read rejection procedure in response to a program read request.
- the engineering tool transmits an acquisition request for acquiring read restriction setting state information to the sequencer (step S101).
- the sequencer transmits read restriction setting state information to the engineering tool (step S102).
- the engineering tool determines whether the read restriction has already been set in the sequencer from the read restriction setting state information received from the sequencer (step S103). If the read restriction is not set in the sequencer (No in step S103), the engineering tool transmits a program read request to the sequencer (step S104). The sequencer executes reading of the program in response to the read request (step S105).
- the engineering tool transmits an acquisition request for acquiring the serial number of the sequencer to the sequencer (step S106).
- the sequencer transmits the serial number held by the sequencer to the engineering tool (step S107).
- the engineering tool compares the serial number (registered individual information) registered in the PC with the serial number (owned individual information) received from the sequencer in response to the acquisition request (step S108). If the serial number registered in the PC matches the serial number received from the sequencer (step S108, Yes), the engineering tool transmits a program read request to the sequencer (step S104). The sequencer executes reading of the program in response to the read request (step S105).
- the engineering tool refuses to read the program (step S109). Further, the engineering tool outputs a warning that reading is impossible (step S110).
- the warning is output, for example, as a message display or voice. The warning that reading is impossible may be due to message display and / or sound, or may not be performed.
- the unique individual information used for authentication is not limited to a serial number held by the sequencer.
- the individual information may be any information as long as it is unique information that can be identified by the hardware of the industrial product and can identify the hardware of the industrial product.
- FIG. 14 is a flowchart illustrating a procedure for setting a program read restriction in the security method between the engineering tool and the industrial product according to the sixth embodiment of the present invention.
- the reading of the program is restricted by using the MAC address of the PC and the serial number of the sequencer for authentication.
- a PC that is hardware for executing an engineering tool performs authentication confirmation of unique individual information.
- the read restriction of the program stored in the sequencer is set according to the read restriction request from the engineering tool that is the read restriction request source to the FA product.
- the engineering tool acquires the MAC address of the PC in which it is installed (step S111).
- the engineering tool transmits an acquisition request for acquiring the MAC address of the PC from the sequencer to the sequencer (step S112).
- the sequencer transmits information held by the sequencer to the engineering tool (step S113).
- the engineering tool compares the MAC address acquired from the PC with the information received from the sequencer, and determines whether the MAC address of the PC has already been registered in the sequencer (step S114). When the MAC address of the PC is registered in the sequencer (step S114, Yes), the engineering tool rejects the program read restriction request (step S119).
- step S114 when the MAC address is not registered in the sequencer (step S114, No), the engineering tool sends a read restriction request to the sequencer with the MAC address of the PC on which the tool is installed (step S115). The sequencer registers the MAC address received from the engineering tool in itself (step S116). As a result, the MAC address held by the PC for executing the engineering tool of the read restriction request source is registered in the FA product as the first registered individual information.
- the sequencer transmits the serial number held by itself to the engineering tool (step S117).
- the engineering tool stores the serial number received from the sequencer in the PC (step S118).
- the serial number held by the sequencer is registered as second registration individual information in the PC for executing the engineering tool of the read restriction request source.
- FIG. 15 is a flowchart for explaining a program read execution and read rejection procedure in response to a program read request.
- the engineering tool acquires the MAC address of the PC in which it is installed (step S121).
- the engineering tool transmits an acquisition request for acquiring the MAC address of the PC from the sequencer to the sequencer (step S122).
- the sequencer transmits information held by the sequencer to the engineering tool (step S123).
- the engineering tool compares the MAC address acquired from the PC with the information received from the sequencer, and determines whether the MAC address of the PC has already been registered in the sequencer (step S124). If the MAC address is not registered in the sequencer (step S124, No), the engineering tool transmits a program read request to the sequencer (step S125). The sequencer executes reading of the program in response to the read request (step S126).
- the engineering tool acquires the MAC address (first possessed individual information) acquired from the PC and the MAC address (first first) received from the sequencer by the acquisition request.
- the registered individual information) is compared (step S127).
- the engineering tool acquires a serial number registered in the PC (step S128). Further, the engineering tool transmits an acquisition request for acquiring the serial number of the sequencer to the sequencer (step S129).
- the engineering tool compares the serial number (second registered individual information) registered in the PC with the serial number (second held individual information) received from the sequencer in response to the acquisition request (step S130). . If the serial number registered in the PC matches the serial number received from the sequencer (step S130, Yes), the engineering tool transmits a program read request to the sequencer (step S125). The sequencer executes reading of the program in response to the read request (step S126).
- the engineering tool refuses to read the program (step S131). Furthermore, the engineering tool outputs a warning that reading is impossible (step S132).
- the warning is output, for example, as a message display or voice. The warning that reading is impossible may be due to message display and / or sound, or may not be performed.
- the unique individual information used for authentication is not limited to the MAC address held by the PC or the serial number held by the sequencer, and may be any information.
- the engineering tool transmits and receives the identification information for identifying the hardware of the FA product.
- a functional relationship (a relationship in which one of them is determined uniquely) is established with the determination information for determining the hardware of the FA product, the following may be performed.
- the hardware that executes the engineering tool executes read restriction without accessing the FA product hardware by holding any of the above identification information and discrimination information and the read restriction setting status information. It becomes possible to do. Thereby, the frequency
- the security method and the security system between the engineering tool and the industrial product according to the present invention are useful for ensuring the security of the program stored in the hardware of the FA product.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Programmable Controllers (AREA)
- Storage Device Security (AREA)
Abstract
Description
図1は、本発明の実施の形態1に係るエンジニアリングツールと産業製品とのセキュリティ方法において、プログラムの読み出し制限を設定する手順について説明するフローチャートである。本実施の形態は、エンジニアリングツールを実行するハードウェアであるパーソナル・コンピュータ(PC)と、FA製品(産業製品)のハードウェアであるシーケンサと、を備えるセキュリティシステムを例とする。本実施の形態は、PCが保有するユニークな個別情報であるMACアドレスを認証に利用して、プログラムの読み出しを制限することを特徴とする。本実施の形態では、シーケンサが、ユニークな個別情報の認証確認を実施する。
図4は、本発明の実施の形態2に係るエンジニアリングツールと産業製品とのセキュリティ方法において、プログラムの読み出し制限を設定する手順について説明するフローチャートである。本実施の形態は、シーケンサが保有するユニークな個別情報であるシリアル番号を認証に利用して、プログラムの読み出しを制限することを特徴とする。本実施の形態では、シーケンサが、ユニークな個別情報の認証確認を実施する。実施の形態1と重複する説明は、適宜省略するものとする。
図7は、本発明の実施の形態3に係るエンジニアリングツールと産業製品とのセキュリティ方法において、プログラムの読み出し制限を設定する手順について説明するフローチャートである。本実施の形態は、PCのMACアドレスとシーケンサのシリアル番号とを認証に利用して、プログラムの読み出しを制限することを特徴とする。本実施の形態では、シーケンサが、ユニークな個別情報の認証確認を実施する。実施の形態1および2と重複する説明は、適宜省略するものとする。
図10は、本発明の実施の形態4に係るエンジニアリングツールと産業製品とのセキュリティ方法において、プログラムの読み出し制限を設定する手順について説明するフローチャートである。本実施の形態は、PCが保有するユニークな個別情報、例えばMACアドレスを認証に利用して、プログラムの読み出しを制限する。本実施の形態では、エンジニアリングツールを実行するハードウェアであるPCが、ユニークな個別情報の認証確認を実施する。
図12は、本発明の実施の形態5に係るエンジニアリングツールと産業製品とのセキュリティ方法において、プログラムの読み出し制限を設定する手順について説明するフローチャートである。本実施の形態は、シーケンサが保有するユニークな個別情報、例えばシリアル番号を認証に利用して、プログラムの読み出しを制限する。本実施の形態では、エンジニアリングツールを実行するハードウェアであるPCが、ユニークな個別情報の認証確認を実施する。
図14は、本発明の実施の形態6に係るエンジニアリングツールと産業製品とのセキュリティ方法において、プログラムの読み出し制限を設定する手順について説明するフローチャートである。本実施の形態は、PCのMACアドレスとシーケンサのシリアル番号とを認証に利用して、プログラムの読み出しを制限する。本実施の形態では、エンジニアリングツールを実行するハードウェアであるPCが、ユニークな個別情報の認証確認を実施する。
2、3 PC
10 プログラム
11 シリアル番号
20、30 エンジニアリングツール
21、31 MACアドレス
Claims (13)
- 産業製品のハードウェアに格納されたプログラムの読み出し制限を、読み出し制限要求元のエンジニアリングツールから前記産業製品への読み出し制限要求に応じて設定する読み出し制限設定作業と、
読み出し要求元のエンジニアリングツールから前記産業製品へ、前記プログラムの読み出し要求を送信する読み出し要求作業と、
を含み、
前記読み出し制限設定作業では、前記産業製品のハードウェアが保有するユニークな個別情報、あるいは、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報を、登録個別情報として登録し、
前記読み出し要求作業では、前記読み出し要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報あるいは前記産業製品のハードウェアが保有するユニークな個別情報と、前記登録個別情報と、を比較する、
ことを特徴とする、エンジニアリングツールと産業製品とのセキュリティ方法。 - 前記読み出し制限設定作業では、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報を、前記登録個別情報として、前記産業製品に登録し、
前記読み出し要求作業では、前記読み出し要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報である保有個別情報を、前記読み出し要求と併せて送信し、
前記産業製品に登録された前記登録個別情報と、前記読み出し要求元のエンジニアリングツールから送信された前記保有個別情報と、を、前記産業製品において比較し、
前記登録個別情報と前記保有個別情報とが一致する場合に、前記産業製品のハードウェアは、前記読み出し要求に応じて前記プログラムの読み出しを実行し、
前記登録個別情報と前記保有個別情報とが一致しない場合に、前記産業製品のハードウェアは、前記読み出し要求を拒否する、
ことを特徴とする、請求項1に記載のエンジニアリングツールと産業製品とのセキュリティ方法。 - 前記読み出し制限設定作業では、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報を、前記登録個別情報として、前記産業製品に登録し、
前記読み出し要求作業では、前記読み出し要求元のエンジニアリングツールは、前記登録個別情報の取得要求を前記産業製品へ送信し、
前記読み出し要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報である保有個別情報と、前記取得要求により前記産業製品から受信した前記登録個別情報と、を、前記読み出し要求元のエンジニアリングツールにおいて比較し、
前記登録個別情報と前記保有個別情報とが一致する場合に、前記産業製品のハードウェアは、前記読み出し要求元のエンジニアリングツールから送信される前記読み出し要求に応じて、前記プログラムの読み出しを実行し、
前記登録個別情報と前記保有個別情報とが一致しない場合に、前記読み出し要求元のエンジニアリングツールは、前記プログラムの読み出しを拒否する、
ことを特徴とする、請求項1に記載のエンジニアリングツールと産業製品とのセキュリティ方法。 - 前記読み出し制限設定作業では、前記産業製品のハードウェアが保有するユニークな個別情報を、前記登録個別情報として、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアに登録し、
前記読み出し要求作業では、前記読み出し要求元のエンジニアリングツールは、前記読み出し要求と併せて前記登録個別情報を送信し、
前記読み出し要求元のエンジニアリングツールから送信された前記登録個別情報と、前記産業製品のハードウェアが保有する個別情報である保有個別情報と、を前記産業製品において比較し、
前記登録個別情報と前記保有個別情報とが一致する場合には、前記産業製品のハードウェアは、前記読み出し要求に応じて前記プログラムの読み出しを実行し、
前記登録個別情報と前記保有個別情報とが一致しない場合に、前記産業製品のハードウェアは、前記読み出し要求を拒否する、
ことを特徴とする、請求項1に記載のエンジニアリングツールと産業製品とのセキュリティ方法。 - 前記読み出し制限設定作業では、前記産業製品のハードウェアが保有するユニークな個別情報を、前記登録個別情報として、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアに登録し、
前記読み出し要求作業では、前記読み出し要求元のエンジニアリングツールは、前記産業製品のハードウェアが保有する個別情報である保有個別情報の取得要求を前記産業製品へ送信し、
前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアに登録された前記登録個別情報と、前記取得要求により前記産業製品から受信した前記保有個別情報と、を、前記読み出し要求元のエンジニアリングツールにおいて比較し、
前記登録個別情報と前記保有個別情報とが一致する場合には、前記産業製品のハードウェアは、前記読み出し要求元のエンジニアリングツールから送信される前記読み出し要求に応じて、前記プログラムの読み出しを実行し、
前記登録個別情報と前記保有個別情報とが一致しない場合に、前記読み出し要求元のエンジニアリングツールは、前記プログラムの読み出しを拒否する、
ことを特徴とする、請求項1に記載のエンジニアリングツールと産業製品とのセキュリティ方法。 - 前記読み出し制限設定作業では、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報を、第1の登録個別情報として前記産業製品に登録し、かつ、
前記産業製品のハードウェアが保有するユニークな個別情報を、第2の登録個別情報として、前記読み出し制限要求元のエンジニアリングツールに登録し、
前記読み出し要求作業では、前記読み出し要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報である第1の保有個別情報と、前記第2の登録個別情報とを、前記読み出し要求と併せて送信し、
前記産業製品では、前記産業製品に登録された第1の登録個別情報と、前記読み出し制限要求元のエンジニアリングツールから送信された前記第1の保有個別情報と、を比較し、かつ、
前記読み出し要求元のエンジニアリングツールから送信された前記第2の登録個別情報と、前記産業製品のハードウェアが保有する個別情報である第2の保有個別情報と、を比較し、
前記第1の登録個別情報と前記第1の保有個別情報、および、前記第2の登録個別情報と前記第2の保有個別情報、の少なくとも一方が不一致である場合に、前記産業製品のハードウェアは、前記読み出し要求を拒否する、
ことを特徴とする、請求項1に記載のエンジニアリングツールと産業製品とのセキュリティ方法。 - 前記読み出し制限設定作業では、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報を、第1の登録個別情報として前記産業製品に登録し、かつ、
前記産業製品のハードウェアが保有するユニークな個別情報を、第2の登録個別情報として、前記読み出し制限要求元のエンジニアリングツールに登録し、
前記読み出し要求作業では、前記読み出し要求元のエンジニアリングツールは、前記第1の登録個別情報の取得要求を前記産業製品へ送信し、
前記読み出し要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報である第1の保有個別情報と、前記取得要求に応じて前記産業製品から送信された前記第1の登録個別情報と、を、前記読み出し要求元のエンジニアリングツールにおいて比較し、かつ、
前記読み出し要求元のエンジニアリングツールは、前記産業製品のハードウェアが保有する個別情報である第2の保有個別情報の取得要求を前記産業製品へ送信し、
前記読み出し制限要求元のエンジニアリングツールに登録された前記第2の登録個別情報と、前記取得要求に応じて前記産業製品から送信された前記第2の保有個別情報と、を、前記読み出し要求元のエンジニアリングツールにおいて比較し、
前記第1の登録個別情報と前記第1の保有個別情報、および、前記第2の登録個別情報と前記第2の保有個別情報、の少なくとも一方が不一致である場合に、前記読み出し要求元のエンジニアリングツールは、前記プログラムの読み出しを拒否する、
ことを特徴とする、請求項1に記載のエンジニアリングツールと産業製品とのセキュリティ方法。 - 前記エンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報が、MACアドレスであることを特徴とする、請求項2、3、6および7のいずれか一つに記載のエンジニアリングツールと産業製品とのセキュリティ方法。
- 前記産業製品のハードウェアが保有するユニークな個別情報が、シリアル番号であることを特徴とする、請求項4から7のいずれか一つに記載のエンジニアリングツールと産業製品とのセキュリティ方法。
- 前記読み出し制限設定作業において、前記読み出し制限が設定済みである旨の情報を前記産業製品に登録することを特徴とする、請求項4から7および9のいずれか一つに記載のエンジニアリングツールと産業製品とのセキュリティ方法。
- 前記読み出し制限設定作業において、前記登録個別情報が登録済みであることを確認した場合に、前記産業製品のハードウェアあるいは前記読み出し制限要求元のエンジニアリングツールは、前記読み出し制限要求を拒否することを特徴とする、請求項1から10のいずれか一つに記載のエンジニアリングツールと産業製品とのセキュリティ方法。
- 前記産業製品のハードウェアあるいは前記読み出し要求元のエンジニアリングツールが前記プログラムの読み出しを拒否する場合に、読み出し不可の警告を出力することを特徴とする、請求項1から11のいずれか一つに記載のエンジニアリングツールと産業製品とのセキュリティ方法。
- プログラムが格納されたハードウェアを備え、読み出し制限要求元のエンジニアリングツールからの読み出し制限要求に応じて、前記プログラムの読み出し制限を設定可能な産業製品を含み、
前記産業製品のハードウェアが保有するユニークな個別情報、あるいは、前記読み出し制限要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報を、登録個別情報として登録し、
読み出し要求元のエンジニアリングツールから前記産業製品への、前記プログラムの読み出し要求に対して、前記読み出し要求元のエンジニアリングツールを実行するためのハードウェアが保有するユニークな個別情報あるいは前記産業製品のハードウェアが保有するユニークな個別情報と、前記登録個別情報と、を比較する、
ことを特徴とする、セキュリティシステム。
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE112010005484T DE112010005484T5 (de) | 2010-04-14 | 2010-04-14 | Sicherheitsverfahren für Engineering-Tools und Industrieprodukte und Sicherheitssystem |
KR1020127027939A KR101486128B1 (ko) | 2010-04-14 | 2010-04-14 | 엔지니어링 툴과 산업 제품의 시큐리티 방법, 및 시큐리티 시스템 |
US13/639,215 US9672363B2 (en) | 2010-04-14 | 2010-04-14 | Security method for engineering tools and industrial products, and security system |
JP2012510507A JP5551767B2 (ja) | 2010-04-14 | 2010-04-14 | エンジニアリングツールと産業製品とのセキュリティ方法、およびセキュリティシステム |
CN201080066113.1A CN102834833B (zh) | 2010-04-14 | 2010-04-14 | 设计工具和工业产品的安全方法、及安全系统 |
PCT/JP2010/056691 WO2011128993A1 (ja) | 2010-04-14 | 2010-04-14 | エンジニアリングツールと産業製品とのセキュリティ方法、およびセキュリティシステム |
TW099130449A TWI437461B (zh) | 2010-04-14 | 2010-09-09 | 操控工具與產業製品的保全方法及保全系統 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2010/056691 WO2011128993A1 (ja) | 2010-04-14 | 2010-04-14 | エンジニアリングツールと産業製品とのセキュリティ方法、およびセキュリティシステム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011128993A1 true WO2011128993A1 (ja) | 2011-10-20 |
Family
ID=44798386
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/056691 WO2011128993A1 (ja) | 2010-04-14 | 2010-04-14 | エンジニアリングツールと産業製品とのセキュリティ方法、およびセキュリティシステム |
Country Status (7)
Country | Link |
---|---|
US (1) | US9672363B2 (ja) |
JP (1) | JP5551767B2 (ja) |
KR (1) | KR101486128B1 (ja) |
CN (1) | CN102834833B (ja) |
DE (1) | DE112010005484T5 (ja) |
TW (1) | TWI437461B (ja) |
WO (1) | WO2011128993A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013232190A (ja) * | 2012-04-30 | 2013-11-14 | General Electric Co <Ge> | 産業用コントローラのセキュアな動作のためのシステムおよび方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002099344A (ja) * | 2000-07-14 | 2002-04-05 | Mitsubishi Electric Corp | プログラムの不正コピー検出方法及びプログラムの不正コピー検出装置並びにアプリケーションプログラムの記憶媒体及びネットワークプロトコル対応ユニットの記憶媒体 |
JP2003167606A (ja) * | 2001-11-30 | 2003-06-13 | Omron Corp | プログラマブルコントローラまたはプログラマブル表示器およびそのユーザ認証方法 |
JP2005189913A (ja) * | 2003-12-24 | 2005-07-14 | Nec Saitama Ltd | ソフトウェアライセンス管理方法およびプログラム |
JP2007280348A (ja) * | 2006-03-13 | 2007-10-25 | Fuji Electric Fa Components & Systems Co Ltd | プログラマブルコントローラのプログラミング装置 |
JP2008083833A (ja) * | 2006-09-26 | 2008-04-10 | Fuji Electric Fa Components & Systems Co Ltd | プログラマブルコントローラのプログラミング装置、及び、プログラマブルコントローラシステム |
Family Cites Families (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6470386B1 (en) * | 1997-09-26 | 2002-10-22 | Worldcom, Inc. | Integrated proxy interface for web based telecommunications management tools |
US7934251B2 (en) * | 1999-12-02 | 2011-04-26 | Western Digital Technologies, Inc. | Managed peer-to-peer applications, systems and methods for distributed data access and storage |
US7032029B1 (en) * | 2000-07-07 | 2006-04-18 | Schneider Automation Inc. | Method and apparatus for an active standby control system on a network |
GB2369202B (en) * | 2000-08-31 | 2003-03-19 | Sun Microsystems Inc | Computer system and method of operating a computer system |
AU2001292672A1 (en) * | 2000-09-15 | 2002-03-26 | Wind River Systems, Inc. | System and method for communicating software debug, diagnostic and maintenance information between devices |
US6961633B1 (en) * | 2000-11-13 | 2005-11-01 | Schneider Automation Inc. | Remote monitoring of factory automation users |
JP2003162461A (ja) | 2001-11-28 | 2003-06-06 | Landec Corp | インターネット網におけるフィルタリング方法およびそのプログラム |
JP2003218873A (ja) * | 2002-01-24 | 2003-07-31 | Fujitsu Ltd | 通信監視装置及び監視方法 |
US7308580B2 (en) * | 2002-04-23 | 2007-12-11 | International Business Machines Corporation | System and method for ensuring security with multiple authentication schemes |
US20040002877A1 (en) * | 2002-06-28 | 2004-01-01 | Angelo Michael F. | Method and apparatus for using a MAC address as a unique machine parameter to identify equipment |
US7640324B2 (en) * | 2003-04-15 | 2009-12-29 | Microsoft Corporation | Small-scale secured computer network group without centralized management |
JP2007535718A (ja) * | 2003-07-07 | 2007-12-06 | クリプターグラフィー リサーチ インコーポレイテッド | 海賊行為を規制し、インタラクティブコンテンツを使用可能にするための再プログラマブルなセキュリティ |
US20050256939A1 (en) * | 2004-05-03 | 2005-11-17 | Schneider Automation Sas | Automatic Configuration of Network Automation Devices |
US7739532B2 (en) * | 2004-06-07 | 2010-06-15 | Intel Corporation | Method, apparatus and system for enhanced CPU frequency governers |
US7607166B2 (en) * | 2004-07-12 | 2009-10-20 | Cisco Technology, Inc. | Secure manufacturing devices in a switched Ethernet network |
US7314169B1 (en) * | 2004-09-29 | 2008-01-01 | Rockwell Automation Technologies, Inc. | Device that issues authority for automation systems by issuing an encrypted time pass |
US8429393B1 (en) * | 2004-09-30 | 2013-04-23 | Rockwell Automation Technologies, Inc. | Method for obscuring a control device's network presence by dynamically changing the device's network addresses using a cryptography-based pattern |
JP2006146566A (ja) | 2004-11-19 | 2006-06-08 | Yaskawa Electric Corp | 遠隔保守システム |
US7865908B2 (en) * | 2005-03-11 | 2011-01-04 | Microsoft Corporation | VM network traffic monitoring and filtering on the host |
JP2006259938A (ja) | 2005-03-15 | 2006-09-28 | Omron Corp | 設定ツール装置 |
US20060230454A1 (en) * | 2005-04-07 | 2006-10-12 | Achanta Phani G V | Fast protection of a computer's base system from malicious software using system-wide skins with OS-level sandboxing |
JP3781764B1 (ja) | 2005-04-14 | 2006-05-31 | Necアクセステクニカ株式会社 | 通信端末の遠隔制御システムおよび方法 |
JP2006302030A (ja) | 2005-04-21 | 2006-11-02 | Mitsubishi Electric Corp | コンテンツ入出力制御装置および車載システム |
US8184641B2 (en) * | 2005-07-20 | 2012-05-22 | Verizon Business Global Llc | Method and system for providing secure communications between proxy servers in support of interdomain traversal |
US7600264B2 (en) * | 2005-07-30 | 2009-10-06 | Microsoft Corporation | Desktop security |
US8118677B2 (en) * | 2005-09-07 | 2012-02-21 | Bally Gaming International, Inc. | Device identification |
US8156232B2 (en) * | 2005-09-12 | 2012-04-10 | Rockwell Automation Technologies, Inc. | Network communications in an industrial automation environment |
JP4607080B2 (ja) | 2005-09-27 | 2011-01-05 | オムロン株式会社 | プログラマブル・コントローラ・システム |
US20070101422A1 (en) * | 2005-10-31 | 2007-05-03 | Carpenter Michael A | Automated network blocking method and system |
US20070204323A1 (en) * | 2006-02-24 | 2007-08-30 | Rockwell Automation Technologies, Inc. | Auto-detection capabilities for out of the box experience |
US7835805B2 (en) * | 2006-09-29 | 2010-11-16 | Rockwell Automation Technologies, Inc. | HMI views of modules for industrial control systems |
CN101196966B (zh) * | 2006-12-08 | 2010-05-19 | 华为技术有限公司 | 许可证交互及其中断后恢复的方法及数字版权管理系统 |
CN101231682B (zh) | 2007-01-26 | 2011-01-26 | 李贵林 | 计算机信息安全的方法 |
US7991351B2 (en) * | 2007-02-28 | 2011-08-02 | Kuban Paul A | Extension of wired controller area networks to wireless personal area networks |
JP5167679B2 (ja) | 2007-04-17 | 2013-03-21 | 富士ゼロックス株式会社 | 遠隔操作システム、サーバ、クライアント及び遠隔操作プログラム |
JP4865634B2 (ja) | 2007-05-14 | 2012-02-01 | 株式会社キーエンス | プログラム編集支援装置、コンピュータプログラム、プログラム編集支援方法及びplcシステム |
US7853992B2 (en) | 2007-05-31 | 2010-12-14 | Microsoft Corporation | Configuring security mechanisms utilizing a trust system |
US8782771B2 (en) * | 2007-06-19 | 2014-07-15 | Rockwell Automation Technologies, Inc. | Real-time industrial firewall |
KR20090043823A (ko) * | 2007-10-30 | 2009-05-07 | 삼성전자주식회사 | 외부 공격을 감지할 수 있는 메모리 시스템 |
US8132008B2 (en) * | 2008-02-12 | 2012-03-06 | Utc Fire & Security Americas Corporation, Inc. | Method and apparatus for communicating information between a security panel and a security server |
EP2279465B1 (en) * | 2008-04-17 | 2014-04-02 | Siemens Aktiengesellschaft | Method and system for cyber security management of industrial control systems |
US8635670B2 (en) * | 2008-05-16 | 2014-01-21 | Microsoft Corporation | Secure centralized backup using locally derived authentication model |
CA2725065A1 (en) * | 2008-05-20 | 2009-11-26 | Live Meters, Inc. | Remote monitoring and control system comprising mesh and time synchronization technology |
JP5262353B2 (ja) | 2008-06-30 | 2013-08-14 | 富士通株式会社 | 通信システム、通信装置及び通信方法 |
-
2010
- 2010-04-14 WO PCT/JP2010/056691 patent/WO2011128993A1/ja active Application Filing
- 2010-04-14 JP JP2012510507A patent/JP5551767B2/ja not_active Expired - Fee Related
- 2010-04-14 CN CN201080066113.1A patent/CN102834833B/zh not_active Expired - Fee Related
- 2010-04-14 US US13/639,215 patent/US9672363B2/en not_active Expired - Fee Related
- 2010-04-14 DE DE112010005484T patent/DE112010005484T5/de not_active Ceased
- 2010-04-14 KR KR1020127027939A patent/KR101486128B1/ko not_active IP Right Cessation
- 2010-09-09 TW TW099130449A patent/TWI437461B/zh not_active IP Right Cessation
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002099344A (ja) * | 2000-07-14 | 2002-04-05 | Mitsubishi Electric Corp | プログラムの不正コピー検出方法及びプログラムの不正コピー検出装置並びにアプリケーションプログラムの記憶媒体及びネットワークプロトコル対応ユニットの記憶媒体 |
JP2003167606A (ja) * | 2001-11-30 | 2003-06-13 | Omron Corp | プログラマブルコントローラまたはプログラマブル表示器およびそのユーザ認証方法 |
JP2005189913A (ja) * | 2003-12-24 | 2005-07-14 | Nec Saitama Ltd | ソフトウェアライセンス管理方法およびプログラム |
JP2007280348A (ja) * | 2006-03-13 | 2007-10-25 | Fuji Electric Fa Components & Systems Co Ltd | プログラマブルコントローラのプログラミング装置 |
JP2008083833A (ja) * | 2006-09-26 | 2008-04-10 | Fuji Electric Fa Components & Systems Co Ltd | プログラマブルコントローラのプログラミング装置、及び、プログラマブルコントローラシステム |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013232190A (ja) * | 2012-04-30 | 2013-11-14 | General Electric Co <Ge> | 産業用コントローラのセキュアな動作のためのシステムおよび方法 |
US9935933B2 (en) | 2012-04-30 | 2018-04-03 | General Electric Company | Systems and methods for secure operation of an industrial controller |
US10419413B2 (en) | 2012-04-30 | 2019-09-17 | General Electric Company | Systems and methods for secure operation of an industrial controller |
Also Published As
Publication number | Publication date |
---|---|
US9672363B2 (en) | 2017-06-06 |
DE112010005484T5 (de) | 2013-01-24 |
KR101486128B1 (ko) | 2015-01-23 |
JP5551767B2 (ja) | 2014-07-16 |
TW201135514A (en) | 2011-10-16 |
TWI437461B (zh) | 2014-05-11 |
CN102834833B (zh) | 2015-06-03 |
KR20130025887A (ko) | 2013-03-12 |
CN102834833A (zh) | 2012-12-19 |
JPWO2011128993A1 (ja) | 2013-07-11 |
US20130031603A1 (en) | 2013-01-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4656161B2 (ja) | 認証装置、印刷装置、認証印刷システム、認証データ入力装置およびそれらの方法 | |
JP2008512891A5 (ja) | ||
CN107231231B (zh) | 一种终端设备安全接入物联网的方法及系统 | |
JP2006279848A (ja) | 通信装置、通信システム及びプログラム | |
CN102792313A (zh) | 对数据的基于证书的访问 | |
US10956618B2 (en) | ID token having a protected microcontroller | |
JP4960023B2 (ja) | 画像読取装置、認証方法、評価システム、評価方法およびプログラム | |
JP5779996B2 (ja) | 無線通信システム | |
KR102192330B1 (ko) | 보안단말기를 이용한 저장장치의 데이터 보안 관리 시스템 및 방법 | |
JP2010182070A (ja) | 情報処理装置及び情報処理方法及びプログラム | |
JP5551767B2 (ja) | エンジニアリングツールと産業製品とのセキュリティ方法、およびセキュリティシステム | |
KR101457131B1 (ko) | 본인인증을 수행하는 디지털 시스템, 인증 시스템, 및 그 제공방법 | |
JP2005304093A5 (ja) | ||
WO2009005296A2 (en) | System and method for processing certification of digital contents and computer-readable medium having thereon program performing function embodying the same | |
KR102256063B1 (ko) | 선 페어링되지 않은 블루투스 환경에서 보안성을 향상시키기 위한 슬레이브 기기 및 슬레이브 기기의 마스터 기기와의 연결 제어 방법 | |
JP5322788B2 (ja) | 情報処理装置及び情報処理方法及びプログラム | |
JP2008004065A (ja) | 半導体装置、電子機器及び機器認証プログラム | |
JP4103995B2 (ja) | Icチップ制御システム、通信端末及びコンピュータプログラム | |
JP6138599B2 (ja) | 認証システム及び認証方法 | |
TWI556666B (zh) | 無線感測裝置登錄服務網路的方法 | |
JP7045124B2 (ja) | 無線ネットワークセキュリティ診断システム、セキュリティ診断サーバ、及びプログラム | |
JP7430397B2 (ja) | Wipsセンサ、無線通信システム、無線侵入防止方法及び無線侵入防止プログラム | |
KR102310912B1 (ko) | 생체 측정 식별 시스템 및 작동 방법 | |
US20160078205A1 (en) | Displacement signatures | |
JP7020190B2 (ja) | 画像処理装置、画像処理システム、画像処理方法およびプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080066113.1 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10849831 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012510507 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13639215 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1120100054843 Country of ref document: DE Ref document number: 112010005484 Country of ref document: DE |
|
ENP | Entry into the national phase |
Ref document number: 20127027939 Country of ref document: KR Kind code of ref document: A |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10849831 Country of ref document: EP Kind code of ref document: A1 |