WO2019138668A1 - 遠隔サービスシステム - Google Patents
遠隔サービスシステム Download PDFInfo
- Publication number
- WO2019138668A1 WO2019138668A1 PCT/JP2018/041065 JP2018041065W WO2019138668A1 WO 2019138668 A1 WO2019138668 A1 WO 2019138668A1 JP 2018041065 W JP2018041065 W JP 2018041065W WO 2019138668 A1 WO2019138668 A1 WO 2019138668A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- change
- signature
- information
- remote service
- data
- Prior art date
Links
- 238000004891 communication Methods 0.000 claims abstract description 107
- 230000008859 change Effects 0.000 claims description 963
- 238000012795 verification Methods 0.000 claims description 44
- 238000009434 installation Methods 0.000 abstract description 18
- 238000012790 confirmation Methods 0.000 description 302
- 238000012508 change request Methods 0.000 description 137
- 230000006870 function Effects 0.000 description 88
- 238000012545 processing Methods 0.000 description 88
- 238000000034 method Methods 0.000 description 59
- 230000008569 process Effects 0.000 description 39
- 230000004048 modification Effects 0.000 description 31
- 238000012986 modification Methods 0.000 description 31
- 238000010586 diagram Methods 0.000 description 28
- 238000010248 power generation Methods 0.000 description 21
- 230000005540 biological transmission Effects 0.000 description 10
- 230000004044 response Effects 0.000 description 10
- 239000000725 suspension Substances 0.000 description 10
- 238000007792 addition Methods 0.000 description 8
- 230000015654 memory Effects 0.000 description 7
- 238000013523 data management Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- VEMKTZHHVJILDY-UHFFFAOYSA-N resmethrin Chemical compound CC1(C)C(C=C(C)C)C1C(=O)OCC1=COC(CC=2C=CC=CC=2)=C1 VEMKTZHHVJILDY-UHFFFAOYSA-N 0.000 description 4
- 230000008520 organization Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/12—Arrangements for remote connection or disconnection of substations or of equipment thereof
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/418—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM]
- G05B19/4185—Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS] or computer integrated manufacturing [CIM] characterised by the network communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04Q—SELECTING
- H04Q9/00—Arrangements in telecontrol or telemetry systems for selectively calling a substation from a main station, in which substation desired apparatus is selected for applying a control signal thereto or for obtaining measured values therefrom
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/30—Nc systems
- G05B2219/31—From computer integrated manufacturing till monitoring
- G05B2219/31105—Remote control of network controller
Definitions
- a control device that controls each equipment changes a parameter value set in the equipment.
- the service staff of the service provider dispatched to the site changes the parameter value set in the control equipment, changes the setting of the equipment, etc. while confirming the person in charge of the plant etc.
- the work of changing the setting conditions of equipment in the plant is a work that takes time and costs. From this, it is possible to change the setting conditions of the equipment in the plant, that is, change or adjust the parameter values set in the equipment by the control equipment, change the setting of the equipment, etc. from a remote place using a network such as the Internet It is desired.
- a technology of a remote service system using a network in a plant such as Patent Document 1
- a controller that controls a field device operates by mutual authentication with a remote device connected via a network.
- a certificate issued by a security organization is used for mutual authentication between the controller and the remote device.
- At least one embodiment of the present invention is made based on the above-mentioned problem, and when changing the setting condition of plant equipment from a remote place, the setting level is properly maintained while maintaining the security level of the setting data.
- the purpose is to provide a remote service system that can make changes.
- One aspect of the present invention is the above-described remote service system, wherein the first computer terminal transmits a control information representing control content to be applied to equipment with a first signature attached thereto, and the control information And a second computer terminal for applying the control content to the equipment, wherein the first computer terminal and the second computer terminal are connected by a first communication network, and the second computer terminal is connected to the second computer terminal.
- the computer terminal and the facility are remote service systems connected by a second communication network.
- the remote service system described above wherein the first signature connected to the first communication network, the first signature added to the control information is a correct signature, and the control information is the first signature
- a third computer terminal that adds a second signature to the control information and transmits the control information when the control content is applicable to equipment.
- the first computer terminal receives the change content for the equipment, and the first signature is used as the change information representing the received change content.
- the third computer terminal transmits the first signature added to the change information as the correct signature, and the change information applies to the facility.
- the second content is added to the change information and transmitted, and the second computer terminal sends the change content represented by the change information to the facility. It may be applied to
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal is configured to transmit the first signature added to the change information and the second signature as a correct signature.
- the content of the change represented by the change information may be applied to the facility.
- the change information may include facility identification information that identifies the facility to which the change content is to be applied.
- control information is instruction information representing instruction content for instructing execution or stop of an additional function in the facility
- first computer terminal is The first signature may be added to the instruction information and transmitted, and the second computer terminal may apply the instruction content represented by the instruction information to the facility.
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal is configured to indicate the indication information when the first signature added to the indication information is a correct signature.
- the instruction content may be applied to the facility.
- Another aspect of the present invention is the above-mentioned remote service system, which is connected to the first communication network, receives a request for execution of the additional function in the facility, and receives request information representing the received request. And a third computer terminal for transmitting with the second signature added, wherein the first computer terminal is such that the second signature added to the request information is a correct signature, and the request information is the The instruction information may be transmitted when the request is applicable to the facility.
- the remote service system described above, wherein the first communication network may be a public communication network, and the second communication network may be a dedicated communication line.
- the remote service system described above, wherein the first communication network is a communication network in which a block chain is constructed, and the second communication network is a dedicated communication line. May be
- Another aspect of the present invention is the remote service system described above, wherein the first signature may be verified by a signature verification processing program executed by the block chain to determine whether the first signature is a correct signature.
- the remote service system described above, wherein the first communication network is a communication network in which a block chain is constructed, and the second communication network is directly connected to the facility. May be a dedicated communication line.
- Another aspect of the present invention is the remote service system described above, wherein the instruction information is paired with a first predetermined key corresponding to the facility to which the instruction content is applied. It may be encoded using two keys.
- Another aspect of the present invention is the remote service system described above, wherein the indication information may be encoded by an encoding processing program executed by the block chain.
- Another aspect of the present invention is the remote service system described above, wherein the encoding processing program transmits a character string to the facility, and the facility adds the character string to the string using the first key. By checking the signature sent back using the second key, it may be checked whether the first key and the second key match.
- Another aspect of the present invention is the remote service system described above, wherein the coding processing program codes the instruction information before the second computer terminal applies the instruction contents to the target facility. May be
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal may transmit the application result transmitted from the facility to which the control content is applied.
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal transmits the application result transmitted from the facility via a data diode that performs only one-way communication. It is also good.
- Another aspect of the present invention is the remote service system described above, wherein the application result may be added a signature representing the facility to which the control content is applied.
- Another aspect of the present invention is the remote service system described above, wherein the application result may include data for calculating the efficiency of the facility.
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal may add a third signature to the application result and transmit it.
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal may transmit log information indicating that the control content has been transmitted to the facility.
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal may add a third signature to the log information and transmit it.
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal may add information on the date and time when the application result was transmitted from the facility and transmit it.
- Another aspect of the present invention is the remote service system described above, wherein the second computer terminal may transmit the log information to which information of the date and time of transmission of the control content to the facility is added.
- Another aspect of the present invention is the remote service system described above, wherein the first computer terminal is based on information of date and time added to the log information and information of date and time added to the application result. The delay time until the control content is applied to the equipment may be confirmed.
- FIG. 5 is a sequence diagram showing the flow of processing and work in the remote service system of the first embodiment. It is the block diagram which showed schematic structure of the remote service system in 2nd Embodiment. It is the sequence figure which shows the flow of processing and work in the remote service system of 2nd execution form. It is the sequence diagram which showed the flow of the processing and work in the remote service system of the modification of 2nd Embodiment. It is the block diagram which showed schematic structure of the remote service system in 3rd Embodiment. It is the sequence figure which shows the flow of processing and work in the remote service system of 3rd execution form.
- the remote service system according to the first embodiment is a system that remotely changes the setting conditions of equipment disposed in a plant such as a power plant.
- the remote service system of the first embodiment is described as being applied to a power plant.
- FIG. 1 is a block diagram showing a schematic configuration of a remote service system in the first embodiment.
- the remote service system 1 is configured to include the change request device 100, the change confirmation device 200, the change execution device 210, and the plant network device 300.
- each of the change request device 100, the change confirmation device 200, and the change performing device 210 is connected to the network 10.
- FIG. 1 also shows the constituent elements of the power plant that require the remote service system 1 to change the setting conditions. More specifically, the firewall 310 and the plant control system 320 are shown together.
- FIG. 1 shows the case where the firewall 310 is located between the plant network device 300 and the plant control system 320
- the firewall 310 is different from the change execution device 210 and the plant control system 320. If it is between, it may be in any position. That is, the firewall 310 may be located between the change implementation device 210 and the plant network device 300. Also, the firewall 310 may be located at both the position between the change execution device 210 and the plant network device 300 and the position between the plant network device 300 and the plant control system 320.
- the network 10 is a public communication network such as the Internet.
- Each of the change request device 100, the change confirmation device 200, and the change execution device 210 is a computer terminal operated by a user who uses the remote service system 1.
- Each of the change request device 100, the change confirmation device 200, and the change execution device 210 stores, for example, a processing device such as a central processing unit (CPU) and programs, applications, and data required to operate the processing device.
- a processing device such as a central processing unit (CPU) and programs, applications, and data required to operate the processing device.
- CPU central processing unit
- ROM read only memory
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 functions by executing the stored program or application.
- any one or more of the change request device 100, the change confirmation device 200, or the change execution device 210 may be configured as a dedicated computer terminal used by each user.
- any one or more of the change request device 100, the change confirmation device 200, or the change execution device 210 may be a personal computer (PC) used by each user or a personal digital assistant (Personal Digital Assistant). : May be configured by a so-called portable terminal device such as a tablet terminal provided with the function of PDA).
- PC personal computer
- Personal digital assistant Personal Digital Assistant
- the change request device 100 is, for example, a computer terminal operated by a service representative of a service provider who provides electric power generated in a power generation plant or the like to request a change in setting conditions of facilities disposed in the power generation plant. .
- service provider S When change content for changing the setting condition of the facility is input as control content by the service representative S of the service provider (hereinafter, referred to as service provider S), the change request device 100 controls the input change content Information (hereinafter, referred to as change information) is transmitted to the change confirmation device 200 via the network 10.
- the change confirmation device 200 is a target when, for example, a person in charge of managing the setting conditions of each facility disposed in the power generation plant changes the setting conditions according to the change content requested by the service provider S. It is a computer terminal operated to confirm the contents of changes, including problems that may occur in equipment and related equipment.
- the change confirmation device 200 receives the change information transmitted from the change request device 100, and the person C in charge of confirming the received change information with the change content of the setting condition of the facility requested by the service provider S ( Hereinafter, it is presented to the change content checker C).
- the change confirmation device C 200 receives information indicating that the received change information has been confirmed to be correct (can be applied without any problem) to the equipment by the change confirmation device C. , And transmits the confirmed change information to the change implementation device 210 via the network 10.
- the change confirmation device 200 confirms the change information transmitted from the change request device 100 and transmits the change information to the change execution device 210.
- a predetermined condition such as an emergency situation.
- the change content such as the setting condition of the facility input to the change confirmation device 200 by the change content checker C may be transmitted as change information.
- the change confirmation device 200 may transmit the change information directly to the change performing device 210 (or the plant network device 300). Further, the change confirmation device 200 transmits the change information to the change request device 100, and after confirmation by the change request device 100, ie, confirmation by the service provider S, the change execution device 210 (or the plant network device 300) It may be sent directly to
- the change execution device 210 is, for example, a person in charge of a site who actually operates each of the facilities disposed in the power generation plant, etc., the change contents for the facilities confirmed by the change details checker C (request from service provider S This is a computer terminal that is operated to reflect (implement) the setting conditions of the target equipment to the actual equipment).
- the change execution device 210 receives the confirmed change information transmitted from the change confirmation device 200, and the person in charge of actually operating the equipment with the change content of the facility indicated by the received confirmed change information (eg, Hereinafter, it will be presented to the change implementer I).
- the change executor 210 when the change executor 210 inputs, by the change executor I, information indicating that the content of the change indicated by the received confirmed change information is input, the change performing device 210 performs the change information (parameter value of the facility) It transmits to the plant network apparatus 300 via a line of a dedicated communication standard determined with the plant network apparatus 300 (hereinafter referred to as a dedicated communication line).
- a dedicated communication line a line of a dedicated communication standard determined with the plant network apparatus 300
- the communication standard of the dedicated communication line determined between the change implementation device 210 and the plant network device 300 is not particularly defined.
- the change implementation device 210 in the remote service system 1 is not an essential component. That is, the remote service system 1 may not have the change execution device 210.
- the change confirmation device 200 directly transmits, to the plant network device 300, the change information (the parameter value of the facility) to be implemented.
- the plant network apparatus 300 in the remote service system 1 in this case is in a state of being connected to the network 10.
- the plant network apparatus 300 is a computer terminal connected to the entrance of a dedicated communication network (hereinafter referred to as a plant network) built in a power plant that receives a change in setting conditions from the remote service system 1.
- the plant network apparatus 300 transmits the to-be-implemented change information (equipment parameter value) transmitted from the change implementation apparatus 210 via the dedicated communication line to the plant network.
- the configuration of the plant network apparatus 300 is not particularly defined.
- the plant network apparatus 300 may be configured as a personal computer connected to a plant network built in a power generation plant.
- the plant network apparatus 300 may be configured as a router apparatus connected to a plant network built in a power generation plant.
- the communication standard of the plant network built in the power plant is not particularly defined.
- the communication line between the change execution device 210 and the plant network device 300 is not limited to the dedicated communication line. That is, in the present disclosure, the communication line between the change execution device 210 and the plant network device 300 may be a general-purpose communication line.
- the firewall 310 is a network defense function for securing security in a plant network built in a power plant.
- the configuration and method for realizing the function of the firewall 310 are not particularly defined.
- the firewall 310 may be configured as a router device together with the plant network device 300.
- the plant control system 320 is a control device that controls the respective facilities disposed in the power plant.
- the plant control system 320 sets a parameter value corresponding to the setting condition of the facility to be changed by the remote service system 1 in the target facility.
- the configuration of the plant control system 320, the control method of equipment by the plant control system 320, and the setting method of parameter values are not particularly defined.
- the requested change content is applied to the target facility for which the service provider S has requested the change of the setting condition.
- the plant network apparatus 300 transmits the parameter value of the facility transmitted from the change execution apparatus 210 to the firewall 310, whereby the power plant receives the parameter value transmitted from the plant network apparatus 300. , And transmitted to the plant control system 320 by the plant network. Then, in the power generation plant, the plant control system 320 applies the parameter value transmitted from the plant network apparatus 300 via the firewall 310 to the target facility.
- the plant control system 320 transmits the result of applying the setting conditions of the facility changed by the remote service system 1 to the plant network apparatus 300 via the firewall 310, and the plant network apparatus 300.
- the configuration information may be transmitted to the change execution device 210, the change confirmation device 200, and the change request device 100 as a result of applying the setting conditions of the facility.
- each of the change execution device 210, the change confirmation device 200, and the change request device 100 that is, the change implementer I, the change content confirmer C, and the service provider S correctly apply the setting conditions requested to the facility It can be checked whether it has been done or not.
- the remote service system 1 of this configuration it is possible to monitor the operating state of the facility.
- the result of the plant control system 320 applying the setting conditions is the change execution device 210, the change confirmation device Since it is transmitted to each of 200 and the change request apparatus 100, monitoring of the change of the setting condition of the facility by the impersonation to the user by the third party or the falsification of the change information in the middle of the route transmitting the change information Can be used to
- FIG. 2 is a sequence diagram showing the flow of processing and work (processing sequence) in the remote service system 1 of the first embodiment.
- FIG. 2 shows an example of the process flow of each of the change request device 100, the change confirmation device 200, and the change execution device 210, which are connected to the network 10, and the plant network device 300, which constitute the remote service system 1. It shows.
- the process of the plant control system 320 which sets the change content from the remote service system 1 to the object installation is shown as a process of the plant network apparatus 300. Further, FIG.
- each of the change request device 100, the change confirmation device 200, and the change performing device 210 transmits and receives change information via the network 10.
- the service provider S operates the change request apparatus 100, and includes identification information (for example, a device ID, hereinafter referred to as equipment identification information) of a facility whose setting condition is to be changed, a parameter value of the facility, etc.
- identification information for example, a device ID, hereinafter referred to as equipment identification information
- the change information is input to the change request device 100 (step S100).
- the service provider S operates the change request device 100 to add a signature. Thereafter, the service provider S adds, to the change request device 100, the change information input by the service provider S and the signature added by the service provider S (hereinafter referred to as a provider signature (or a first signature)). It instructs transmission, and requests the change content checker C to confirm the change information (step S101).
- a provider signature or a first signature
- the change request device 100 transmits data of “change information + company signature” in which the change information input by the service provider S and the company signature are linked to the change confirmation device 200 via the network 10.
- the change request apparatus 100 encodes the company signature using a predetermined key of the service company S (public key, secret key, common key, etc.), and then “change information + company signature "" Is transmitted to the change confirmation apparatus 200.
- the change confirmation device 200 presents, to the change content confirmer C, the change information included in the received data of “change information + company signature” and the company signature.
- the change confirmation device 200 uses the carrier signature included in the received data of “change information + carrier signature” as a key (public key, secret key, common key, etc.) of the service provider S obtained in advance.
- the change information and the company signature including the result of comparing the hash value of the change information included in the "business operator signature" with the hash value of the received "change information", using the Present to the verifier C.
- the change content confirmer C confirms the change information presented to the change confirmation device 200 and the company signature (including the comparison result of the hash values) (step S103).
- the change confirmation device 200 is operated to add a signature.
- the business operator signature presented to the change confirmation device 200 is a signature of a formal user of the remote service system 1 capable of changing the setting condition of the facility, and the change information presented to the change confirmation device 200
- the change content checker C received the change confirmation device 200
- a signature added by the change content checker C hereinafter referred to as a checker signature (or a second signature)
- the change content confirmer C instructs the change confirmation device 200 to transmit the received change information, the company signature, and the confirmer signature, and requests the change enforcer I to change the setting condition of the facility ( Step S104).
- the change confirmation device 200 further associates the changer signature with the change information associated with the business owner signature received from the change request device 100 via the network 10, “change information + enterprise signature + confirmation
- the data of “signature” is transmitted to the change performing device 210 via the network 10 (step S105).
- the change confirmation device 200 encodes the confirmer's signature using a predetermined change content confirmer C's key (public key, secret key, common key, etc.), and then “change information + operator
- the data of “signature + verifier signature” is transmitted to the change execution device 210.
- the change implementation device 210 presents, to the change implementer I, the business owner signature and the confirmer signature included in the received data of “change information + enterprise signature + verifier signature”.
- the change execution device 210 decrypts the company signature included in the received data of “change information + company signature + verifier signature” using the key of the service provider S obtained in advance, The hash value of the change information included in the “business operator signature” is compared with the hash value of the “change information”.
- the change implementation device 210 decrypts the “verifier signature” using the key (the public key, the secret key, the common key, etc.) of the change content determiner C obtained in advance, and is included in the verifier signature “ The hash value of the “change information + company signature” is compared with the hash value of the “change information + company signature” received. Then, the change implementation device 210 presents, to the change implementer I, the change information, the provider signature, and the confirmer signature, including the result of comparing the respective signatures. The change implementer I confirms the provider signature and the confirmer signature (including the comparison result of the hash values) presented to the change implementation device 210 (step S106).
- the change implementer I operates the change implementing device 210 to add a signature when the presented operator signature and the confirmer signature are correct. That is, if the business owner signature and the verifier signature presented to the change implementation device 210 are signatures of a formal user of the remote service system 1 capable of changing the setting conditions of the facility, the change implementer I is , And adds the signature of the change implementer I (hereinafter referred to as a performer's signature (or a third signature)) to the change information received by the change implementation device 210.
- a performer's signature or a third signature
- the change implementer I instructs the change implementation apparatus 210 to transmit the received change information, the provider's signature, the confirmer's signature, and the implementer's signature, and the plant network apparatus 300 implements the change of the setting conditions of the facility. Are required (step S107).
- the change execution device 210 further associates the implementer signature with the change information associated with the business owner signature and the confirmer signature received from the change confirmation device 200 via the network 10, “change information + business
- the data of “person signature + verifier signature + implementer signature” is transmitted to the plant network apparatus 300 via the dedicated communication line (step S108).
- plant network apparatus 300 confirms the operator signature, the checker signature, and the performer signature included in the received data of “change information + company signature + verifier signature + implementer signature” (step S109). ).
- the respective signatures of the confirmed service provider S, the change content confirmer C, and the change implementer I are correct, and the order in which the signatures are added is correct, that is, the change information is transmitted.
- the change content is applied to the target facility for which the service provider S has requested the change of the setting condition (step S110). More specifically, plant network apparatus 300 is the facility indicated in the change information included in the data of “change information + operator signature + verifier signature + implementer signature” transmitted from change implementation device 210.
- the plant control system 320 that controls the facility having the identification information transmits the parameter value of the facility indicated in the change information to the plant network via the firewall 310.
- the plant control system 320 changes the parameter value of the facility indicated in the change information to the parameter value of the facility indicated in the change information, and the target for which the service provider S requested the change of the setting condition
- the equipment of is the setting condition requested by the service provider S.
- the plant control system 320 When the plant control system 320 is configured to transmit the result (hereinafter referred to as an application result) of applying the setting condition requested by the service provider S to the target facility, the plant control system 320 The information on the application result is transmitted to the plant network apparatus 300 via the firewall 310. Thus, the plant network device 300 transmits the information on the application result transmitted from the plant control system 320 to the change execution device 210. Then, the change implementation device 210 transmits the information on the application result transmitted from the plant network device 300 to the change confirmation device 200 and the change request device 100.
- the plant network device 300 may be configured to transmit the information on the application result transmitted from the plant control system 320 to each of the change implementation device 210, the change confirmation device 200, and the change request device 100.
- each of the change implementation device 210, the change confirmation device 200, and the change request device 100 that is, the change executor I, the change content confirmer C, and the service provider S are applied from the plant control system 320.
- the process of transmitting the information on the application result transmitted from the plant control system 320 is indicated by a broken line in step S 111 as the transmission process of each of the change execution device 210, the change confirmation device 200 and the change request device 100. .
- each user sequentially adds a signature to the change information at each stage.
- each user's signature is added in a chain.
- the change content which several users confirmed is applied with respect to an installation.
- the plant network apparatus 300 transmits the parameter value of the facility indicated in the change information transmitted through the correct path to the plant network via the firewall 310.
- the plant control system 320 applies the parameter value of the facility to the target facility. Therefore, when the service provider S changes even a part of the change information transmitted by the change request device 100, the service provider S adds the signature again, and each user sequentially adds the signature. It will be done. As a result, users other than the service provider S can not unilaterally change the change information, and the intention of the service provider S can be reflected in the setting conditions of the equipment.
- each of the service provider S, the change content checker C, and the change implementer I operate the corresponding change request device 100, the change confirmation device 200, or the change execution device 210.
- the case where each signature is added (added) is described.
- the method by which each user adds a signature is not limited to the method performed by operating the corresponding computer terminal.
- each function of the change request device 100, the change confirmation device 200, or the change execution device 210 is realized by executing a program or an application. Therefore, by executing the function of adding a signature to the program or application, the addition of the signature by each of the service provider S, the change content checker C, and the change implementer I may be automated.
- the signature of each user automates the addition (addition) of the signature for each user, not the signature for each computer terminal, for example, by using the information when the user logs in to the computer terminal. It is conceivable.
- the remote service system according to the second embodiment is also a system that remotely changes the setting conditions of equipment disposed in a plant such as a power plant.
- the same components as the components of the remote service system 1 of the first embodiment are denoted by the same reference numerals, and the detailed description of the components Is omitted.
- FIG. 3 is a block diagram showing a schematic configuration of the remote service system in the second embodiment.
- the remote service system 2 is configured to include the change request device 100, the change confirmation device 200, the change execution device 210, and the plant network device 300.
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 is connected to the block chain 20.
- FIG. 3 also shows a firewall 310, which is a component of a power generation plant that requires a change in setting conditions by the remote service system 2, and a plant control system 320.
- FIG. 3 also shows a data diode 330 as a component of the power generation plant.
- FIG. 3 also shows the case where the firewall 310 is at a position between the plant network apparatus 300 and the plant control system 320, the firewall 310, like the one shown in FIG. It may be at any position with respect to the plant control system 320. Also, in general, many data diodes 330 also have a firewall function. Therefore, if the data diode 330 has a firewall function, the firewall 310 may not be in the path from the change implementation device 210 to the plant control system 320.
- the block chain 20 is a data management system employing a distributed data management technique in which a block of data is made into one block, and blocks are joined and managed based on a hash value representing data included in the block. It is a built public or private communication network. Since the blocks of data registered in the block chain 20 are linked in time series to the blocks of data registered previously based on the hash value, data can be managed including the information of the history when registered. In addition, falsification of data can be made difficult.
- the block chain 20 is configured to include a plurality of data server devices.
- each data server device confirms the signature added to the data requested to be registered. Check whether the data may be registered or not. Then, in the block chain 20, the requested data is registered when the result of the signature confirmation by each data server device satisfies a predetermined rule.
- a predetermined rule for example, a rule may be provided such that a confirmation result by a majority or 2/3 or more of data servers among all the data servers matches.
- FIG. 3 shows the configuration of a block chain 20 configured to include three data server devices.
- the remote service system 2 it is possible to prevent falsification of the data server apparatus with only one organization by distributing the management authority of each data server apparatus. For example, when the authority of each of the three data server devices is assigned to the service provider S, the change content checker C, and the change implementer I, two or more data server devices are used for the contents of data stored in the data server device. If the contents of the data do not match, and if the new information (block) can not be registered in the block chain 20, the service provider S, the change content confirmer C, and the change executor I are alone. It means that the database can not be falsified. Thus, in the remote service system 2, non-tampering of data can be enhanced.
- the block chain 20 may be configured with more data server devices. Also, each data server device may be a data server device incorporated in a cloud computing system. In the block chain 20, it is not determined in advance which data server device the data of each block is divided and recorded (registered). Accordingly, in the following description, it is assumed that the entire block chain 20 functions as one data server device without specifying the data server devices configuring the block chain 20.
- the data diode 330 is a communication network configured to realize communication in only one direction and physically block communication in the other direction.
- FIG. 3 shows a configuration in which only one-way communication from the power plant to the outside is performed. More specifically, in FIG. 3, communication via data diode 330 is physically limited to one direction from plant network device 300 to change implementation device 210 only.
- the data diode 330 can be provided at the same position also in the power plant to which the remote service system 1 of the first embodiment is applied. That is, even in the power plant to which the remote service system 1 of the first embodiment is applied, it is possible to realize the function using the data diode 330 described later.
- the configuration and method for realizing the function of the data diode 330 are not particularly defined.
- the reason for placing the data diode 330 in the path from the change execution device 210 to the plant control system 320 is as follows.
- data diodes 330 and 330 are used to limit inbound communication, which is access to the network inside the plant from outside.
- a configuration that performs only one-way communication, which is called, may be used.
- the non-contact communication in the plant is physically limited to one-way, i.e., outbound communication from the plant to the outside.
- serial communication and communication with a limited protocol may be performed in order to perform minimum inbound communication while preventing cyber attacks.
- this limited communication path is realized using data diode 330 is shown.
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 logs in to the same communication network system of the block chain 20, and changes the information of each stage of change via the block chain 20.
- Exchange data The operation of each component in the remote service system 2 is the same as the operation in the remote service system 1 except that the operation for exchanging data of change information of each stage is different via the block chain 20. .
- the change request device 100 registers the change information input by the service provider S in the block chain 20 instead of transmitting the change information to the change confirmation device 200 via the network 10.
- the change confirmation device 200 instead of the change confirmation device 200 receiving the change information transmitted from the change request device 100 via the network 10, the change information registered by the change request device 100 in the block chain 20 is Acquire from the block chain 20.
- the change confirmation device 200 registers the change information confirmed by the change content confirmation person C in the block chain 20 instead of transmitting the change information to the change performing device 210 via the network 10.
- the change execution device 210 receiving the confirmed change information transmitted from the change confirmation device 200 via the network 10
- the confirmed change information registered in the block chain 20 by the change confirmation device 200 is used.
- the change implementation device 210 transmits, to the plant network device 300 via the dedicated communication line, the change information (the parameter value of the facility) for which the change implementer I has performed the change content represented by the change information confirmed. .
- the communication line between the change execution device 210 and the plant network device 300 is not limited to the dedicated communication line.
- the communication line between the change execution device 210 and the plant network device 300 may be a serial communication and a communication line performing communication in a limited protocol.
- a method and configuration when realizing the communication line between the change execution device 210 and the plant network device 300 by serial communication and communication of a limited protocol are not particularly defined.
- the requested change content is applied to the target facility for which the service provider S has requested the change of the setting condition.
- the change implementation device 210 is not an essential component. That is, the remote service system 2 may be configured not to include the change execution device 210 as in the remote service system 1.
- the plant network apparatus 300 logs in to the block chain 20, and acquires, from the block chain 20, the change information (the parameter value of the facility) registered in the block chain 20 by the change confirmation apparatus 200. Transmit directly to the network device 300.
- the plant control system 320 indicates the operation state of the facility according to the setting condition of the facility changed by the remote service system 2, that is, the application result of applying the change content represented by the change information
- the data of the change result which is the above is transmitted to the plant network apparatus 300 via the firewall 310.
- the plant network device 300 transmits the data of the modification result transmitted from the plant control system 320 to the modification execution device 210 via the data diode 330.
- the change implementation device 210 adds a signature to the data of the change result transmitted from the plant network device 300 via the data diode 330, and registers it in the block chain 20.
- the plant network apparatus 300 may perform the addition of the signature to the data of a change result. Since the plant network device 300 is protected from the external network by the data diode 330, it is less susceptible to cyber attacks from malicious third parties, and the trust of the secret key held by the plant network device 300 is maintained. It is because sex is high. In the remote service system 2, each of the plant network device 300 and the change execution device 210 may add a signature to the data of the change result.
- the service provider S can confirm the change result of the operation state of the target facility for which the change of the setting condition has been requested. More specifically, the change request device 100 acquires, from the block chain 20, data of the change result registered in the block chain 20 by the change execution device 210, and presents the acquired data to the service provider S. The data of the change result registered by the change implementation device 210 in the block chain 20 can also be acquired from the block chain 20 by the change confirmation device 200. That is, in the power generation plant to which the remote service system 2 is applied, the change content checker C can confirm the change result of applying the confirmed change information to the target facility.
- the change result includes equipment identification information (for example, a device ID) of the equipment, information indicating an operating state, and a parameter value of the changed equipment. Further, the change result may include, for example, data for calculating the efficiency of the operating facility, such as a key performance indicator (KPI).
- KPI key performance indicator
- the change implementation device 210 calculates a KPI based on the change result transmitted from the plant network device 300 via the data diode 330, adds a signature to the calculated KPI data, and registers it in the block chain 20.
- the plant network device 300 calculates a KPI, and further adds a signature representing the plant network device 300 to the calculated KPI data to obtain data of a change result, and directly registers the data in the block chain 20 via the data diode 330. It may be configured.
- FIG. 4 is a sequence diagram showing the flow of processing and work (processing sequence) in the remote service system 2 of the second embodiment.
- the remote service system 2 is configured in each of the block chain 20, the change request device 100 connected to the block chain 20, the change confirmation device 200, the change execution device 210, and the plant network device 300.
- An example of the flow of processing is shown.
- the process of the plant control system 320 for setting the change content from the remote service system 2 to the target facility is shown as the process of the plant network apparatus 300.
- FIG. 4 is a sequence diagram showing the flow of processing and work (processing sequence) in the remote service system 2 of the second embodiment.
- the remote service system 2 is configured in each of the block chain 20, the change request device 100 connected to the block chain 20, the change confirmation device 200, the change execution device 210, and the plant network device 300.
- An example of the flow of processing is shown.
- the process of the plant control system 320 for setting the change content from the remote service system 2 to the target facility is shown as the process of the plant
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 exchanges change information via the block chain 20.
- the service provider S operates the change request apparatus 100 to request change of the equipment identification information (for example, the device ID) of the equipment for which the setting conditions are to be changed, change information including the parameter value of the equipment, etc. It inputs into the apparatus 100 (step S200).
- the equipment identification information for example, the device ID
- change information including the parameter value of the equipment, etc.
- the service provider S operates the change request device 100 to add a signature. Thereafter, the service provider S instructs the change request apparatus 100 to register the input change information and the company signature in the block chain 20 (step S201).
- the change request apparatus 100 registers, in the block chain 20, data of “change information + company signature” in which the change information input by the service provider S and the signature added by the service provider S are linked. (Step S202). At this time, the change request apparatus 100 encodes the company signature using a predetermined key of the service company S (public key, secret key, common key, etc.), and then “change information + company signature Is registered in the block chain 20. Thereby, the facility identification information of the facility and the parameter of the facility included in the data of “change information + company signature” registered by the change request apparatus 100 as data of the first block in the block chain 20, for example. Value data is registered as "content of data", identification information of service provider S (for example, person-in-charge ID), that is, information indicating that it is a service provider is registered as "sender information”, The business operator signature is registered as "signature information”.
- the change content checker C operates the change confirmation device 200 periodically to determine whether or not the data of “change information + company signature” is registered in the block chain 20 by the change request device 100, that is, , It is confirmed whether the data of "change information + company signature” is updated. Then, when data of new “change information + company signature” is registered in the block chain 20 by the change request device 100, the change content checker C operates the change confirmation device 200 to make the block chain 20 The data of the new “change information + company signature” registered is acquired from the block chain 20 (step S203).
- the change confirmation device 200 presents, to the change content confirmer C, the change information included in the acquired data of “change information + company signature” and the company signature.
- the change confirmation device 200 uses the carrier signature included in the acquired data of “change information + carrier signature” as the key (public key, secret key, common key, etc.) of the service provider S obtained in advance.
- the change information and the company signature including the result of comparing the hash value of the change information included in the “business operator signature” with the acquired “change information” hash value, using the Present to the verifier C.
- the change content checker C confirms the change information presented to the change verification device 200 and the business operator signature (including the comparison result of the hash values) (step S204).
- the change confirmation device 200 is operated to add a signature. That is, the business operator signature presented to the change confirmation device 200 is a signature of a formal user of the remote service system 2 capable of changing the setting condition of the facility, and the change information presented to the change confirmation device 200
- the change content checker C has acquired the change confirmation device 200 Add a verifier signature to the change information. Thereafter, the change content confirmer C instructs the change confirmation device 200 to register the acquired change information, the company signature, and the confirmer signature in the block chain 20 (step S205).
- the change confirmation device 200 further associates the data of “change information + company signature + confirmer signature” in which the confirmer signature is linked to the change information associated with the business entity signature acquired from the block chain 20. , And registered in the block chain 20 (step S206).
- the change confirmation device 200 encodes the signature added by the change content confirmer C using a predetermined key of the change content confirmer C (public key, secret key, common key, etc.), and Data of “change information + company signature + verifier signature” is registered in the block chain 20.
- the facility identification information of the facility included in the data of “change information + company signature + verifier signature” registered by the change verification device 200 as data of the second block in the block chain 20, for example.
- the parameter value data of the facility are registered as "data content”, and the identification information (for example, person-in-charge ID of the change content confirmer C), that is, the information indicating that the change content confirmer is "sender's
- the information is registered as "information”
- the business operator signature and the checker signature are registered as "information of signature”.
- the change implementer I operates the change implementation device 210 periodically, and the data of “change information + business company signature + verifier signature” is registered in the block chain 20 by the change confirmation device 200. In other words, it is checked whether the data of “change information + company signature + verifier signature” is updated. Then, when data of new “change information + company signature + verifier signature” is registered in the block chain 20 by the change confirmation device 200, the change implementer I operates the change execution device 210 to block Data of new “change information + company signature + verifier signature” registered in the chain 20 is acquired from the block chain 20 (step S207).
- the change implementation device 210 presents, to the change implementer I, the business owner signature and the confirmer signature included in the acquired data of “change information + enterprise signature + verifier signature”.
- the change execution device 210 decrypts the business operator signature included in the acquired data of “change information + business company signature + verifier signature” using the key of the service business operator S obtained in advance, The hash value of the change information included in the user signature is compared with the hash value of the acquired change information.
- the change execution device 210 is a key (a public key, a secret key, etc.) of the change content confirmer C obtained in advance, which is acquired in advance of the confirmer signature included in the acquired data of The common key or the like is used for decryption, and the hash value of “change information + company signature” included in the checker signature is compared with the acquired “change information + company signature” hash value. Then, the change implementation device 210 presents, to the change implementer I, the change information, the provider signature, and the confirmer signature, including the result of comparing the respective signatures. The change implementer I confirms the provider signature and the confirmer signature (including the comparison result of the hash values) presented to the change implementation device 210 (step S208).
- a key a public key, a secret key, etc.
- the change implementer I operates the change implementing device 210 to add a signature when the presented operator signature and the confirmer signature are correct. That is, if the business owner signature and the verifier signature presented to the change implementation device 210 are the signature of a formal user of the remote service system 2 capable of changing the setting conditions of the facility, the change implementer I is , And adds a implementer's signature to the change information acquired by the change execution device 210. After that, the change implementer I instructs the change implementation apparatus 210 to transmit the acquired change information, the provider's signature, the confirmer's signature, and the implementor's signature, and the plant network apparatus 300 implements the change of the setting condition of the facility. Are required (step S209).
- the change implementation device 210 further associates the implementer's signature with the change information in which the business owner's signature registered by the change confirmation device 200 and the confirmer's signature are linked to the block chain 20.
- Data of “signature + verifier signature + implementer signature” is transmitted to the plant network apparatus 300 via the dedicated communication line (step S210).
- the plant network apparatus 300 receives the data of “modification information + operator signature + verifier signature + implementer signature” transmitted from the modification execution device 210 via the dedicated communication line, the “modification” is received.
- the operator's signature, the checker's signature, and the performer's signature included in the data of “information + company's signature + verifier's signature + operator's signature” are confirmed (step S211).
- the respective signatures of the confirmed service provider S, the change content confirmer C, and the change implementer I are correct, and the order in which the signatures are added is correct, that is, the change information is transmitted.
- the change content is applied to the target equipment for which the service provider S has requested the change of the setting condition (step S212). More specifically, plant network apparatus 300 is the facility indicated in the change information included in the data of “change information + operator signature + verifier signature + implementer signature” transmitted from change implementation device 210.
- the plant control system 320 that controls the facility having the identification information transmits the parameter value of the facility indicated in the change information to the plant network via the firewall 310.
- the plant control system 320 changes the parameter value of the facility indicated in the change information to the parameter value of the facility indicated in the change information, and the target for which the service provider S requested the change of the setting condition
- the equipment of is the setting condition requested by the service provider S.
- the plant control system 320 transmits, to the plant network apparatus 300 via the firewall 310, data of a change result representing the operating state according to the changed parameter value of the facility.
- the plant network device 300 transmits the data of the change result transmitted from the plant control system 320 to the change implementation device 210 via the data diode 330 (step S213).
- the plant network device 300 adds a signature (hereinafter referred to as a plant signature) representing the plant control system 320 or the plant network device 300 to the data of the change result transmitted from the plant control system 320, “change result + plant
- a signature hereinafter referred to as a plant signature
- the “signature” data may be transmitted to the change implementation device 210 via the data diode 330 as the change result data transmitted from the plant control system 320.
- the plant network device 300 may directly register data of “change result + plant signature” in the block chain 20 via the data diode 330.
- the change implementation device 210 presents the received change result data to the change implementer I.
- the change implementer I confirms the data of the change result presented to the change implementation device 210 and operates the change implementation device 210 to add a signature.
- the change implementer I instructs the change implementation device 210 to register the received data of the change result and the signature of the change implementer I in the block chain 20 (step S214).
- the change implementation device 210 blocks chained data of “change result + implementer signature” in which the signature added by the change implementer I is linked to the data of the change result transmitted from the plant network device 300. 20 is registered (step S215). At this time, the change implementation device 210 encodes the implementer's signature using a predetermined change implementer I's key (public key, secret key, common key, etc.), and then “change result + implementer signature Is registered in the block chain 20.
- a predetermined change implementer I's key public key, secret key, common key, etc.
- the data of the change result included in the data of “the change result + the implementer's signature” registered by the change performing device 210 as the data of the third block in the block chain 20 is “the content of the data Identification information of the change implementer I (for example, person-in-charge ID), that is, information indicating that it is the change implementer is registered as "sender information”, and the signature of the change implementer I is " Registered as "Signature information”.
- the change implementation device 210 adds information on the date and time when the plant network device 300 transmits the data of the change result. It is also good.
- the service provider S periodically operates the change request apparatus 100 to check whether the data of “change result + implementer signature” is registered in the block chain 20 by the change execution apparatus 210. If the data of "change result + implementer's signature" is registered, it is possible to confirm the change result of the operation state of the target facility for which the change of the setting condition is requested.
- the change content confirmation person C also operates the change confirmation device 200 periodically to confirm whether the data registered in the block chain 20 is updated or not, so that the change execution device 210 executes the block chain. It is possible to manage the setting conditions of the facility and the operating state of the facility based on the data of “change result + operator signature” registered in 20.
- each of the change request device 100 and the change confirmation device 200 determines the implementer's signature included in the data of “change result + implementer's signature” registered in the block chain 20 by the change implementer I Decrypt using a key (public key, secret key, common key, etc.), and compare the hash value of the modification result contained in the “implementer signature” with the hash value of the “modification result” obtained from the block chain 20 Check the change enforcer I.
- a key public key, secret key, common key, etc.
- each user sequentially adds a signature to the change information in each step and registers it in the block chain 20. Go. That is, the signature of each user is added in a chained manner (time series) to the data of the change information registered in the block chain 20. And the change content which several users confirmed is applied with respect to an installation. Thereby, the same effect as the remote service system 1 can be obtained.
- the remote service system 2 a data management method that makes it difficult to falsify data is adopted, and the change information of each stage can be managed via the block chain 20 that can manage the history of registered data in time series. Exchange data.
- each information of the change information, the service provider S, the change content checker C, and the change implementer I and the change result included in the data registered in the block chain 20 it is possible to prevent tampering with the third party and / or tampering with change information by a third party at a higher security level than the remote service system 1.
- FIG. 5 is a sequence diagram showing the flow of processing and work (processing sequence) in the remote service system 2 of the modification of the second embodiment. 5, the block chain 20, the change request device 100 connected to the block chain 20, the change confirmation device 200, the change execution device 210, and the plant network, which constitute the remote service system 2, as in FIG. An example of the flow of processing in each of the apparatuses 300 is shown. Also in FIG. 5, similarly to FIG. 4, the process of the plant control system 320 for setting the change content from the modification of the remote service system 2 to the target facility is shown as the process of the plant network apparatus 300. Further, FIG. 5 also shows the operations of the service provider S, the change content checker C, and the change executor I, respectively.
- the change performing device 210 registers, in the block chain 20, information indicating that the plant network device 300 has been requested to perform the change of the setting condition of the facility. Therefore, in the sequence diagram of the modified example of the remote service system 2 shown in FIG. 5, a change execution device that registers in the block chain 20 information representing that the plant network device 300 has been requested to perform the change of the setting condition of the facility. 210 processes have been added.
- the flow of other processing and work in the modification of the remote service system 2 is the same as that of the remote service system 2. Therefore, in FIG. 5, the same step numbers are assigned to the same processes and work flows as those of the remote service system 2 to simplify the description, and emphasis will be placed on different work flows.
- the change request device 100 registers, in the block chain 20, data of “change information + company signature” in which the change information input by the service provider S is linked to the company signature.
- data of the first block is registered in the block chain 20.
- the change confirmation device 200 further adds a confirmer signature to the change information associated with the business owner signature acquired from the block chain 20.
- "Change information + enterprise signature + confirmation The data of “signature” is registered in the block chain 20.
- data of the second block is registered in the block chain 20.
- the change performing device 210 further associates the implementer's signature with the change information in which the service provider S and the confirmer's signature obtained from the block chain 20 are associated.
- the data of “business operator signature + verifier signature + implementer signature” is transmitted to the plant network apparatus 300 via the dedicated communication line.
- the change implementer I transmits to the change implementation device 210 an execution log representing that the data of “change information + business operator signature + verifier signature + implementer signature” has been transmitted to the plant network apparatus 300, It instructs to register in the block chain 20 with the implementer's signature (step S301).
- the implementation log information on the date and time sent to the plant network device 300, change information (equipment identification information of equipment and parameter value of equipment), information of the change implementer I, etc.
- “Change information + operator signature + confirmation The information and data when the data of “person signature + implementer signature” is transmitted to the plant network device 300 are included.
- the change implementation device 210 registers data of “implementation log + implementer signature” in which the practitioner log is associated with the practitioner log in the block chain 20 (step S302). At this time, the change implementation device 210 encodes the implementer's signature using a predetermined change implementer I's key (public key, secret key, common key, etc.), and then “enforcement log + implementer signature Is registered in the block chain 20.
- a predetermined change implementer I's key public key, secret key, common key, etc.
- the service provider S periodically operates the change request device 100 to check whether the data of “execution log + implementer signature” is registered in the block chain 20 by the change execution device 210. If the data of “implementation log + implementer signature” is registered, it can be confirmed that the change of the setting condition in the requested target equipment has been implemented. Similarly, the change content confirmer C can also confirm that the change of the setting condition of the confirmed equipment has been implemented by operating the change confirmation device 200 periodically.
- step S211 to S213 the plant network device 300 and the plant control system 320 have transmitted the change execution device 210 via the dedicated communication line in step S210.
- the setting condition of the facility is changed based on the data of “signature”, and the data of the change result is transmitted to the change implementation device 210 via the data diode 330.
- the change performing device 210 associates data of “change result + implementer signature” in which the implementer signature is associated with the data of the change result transmitted from the plant network device 300, Register in block chain 20.
- the change implementation device 210 adds information of the date and time when the plant network device 300 has transmitted the data of the change result. Thereby, for example, data of “change result + implementer signature” is registered in the block chain 20 as the data of the fourth block.
- the service provider S can check the change result of the operation state of the target facility for which the change of the setting condition has been requested by operating the change request device 100 periodically.
- the service provider S has data of “implementation log + implementer signature” registered in the block chain 20 (for example, data of the third block) and data of “change result + implementer signature” For example, based on the difference between the “date and time” of the fourth block of data), the time difference from when the setting condition of the requested facility is changed to when the operating condition of the facility is actually changed (delay You can also check the time).
- the change content checker C also operates the change confirmation device 200 periodically to check the respective data registered in the block chain 20, thereby managing the setting conditions of the facility and the operating state of the facility.
- each of the change request device 100 and the change confirmation device 200 checks the block chain 20 in the same manner as confirming the change enforcer I based on the implementer signature included in the data of “change result + implementer signature”.
- the change enforcer I is confirmed on the basis of the implementer signature included in the data of “implementation log + implementer signature” registered in More specifically, each of the change request device 100 and the change confirmation device 200 changes the implementer's signature included in the data of “implementation log + implementer's signature” registered in the block chain 20 with the change implementation acquired in advance.
- the hash value of the implementation log included in the “performer's signature” and the hash value of the “implementation log” obtained from the block chain 20 are decrypted using the key of the party I (public key, secret key, common key, etc.) To confirm the change implementer I.
- the change performing device 210 has transmitted the data of “change information + business operator signature + verifier signature + implementer signature” to the plant network device 300.
- the implementation log is also registered in the block chain 20. That is, in the modification of the remote service system 2, an implementation log that is difficult to tamper is also registered as data of the block chain 20.
- the remote service system 2 (including a modification of the remote service system 2 in the second embodiment, which is the same as in the second embodiment or the remote service system 2 in the following description) is also applicable. Similar to the remote service system 1 of the first embodiment, the plant network device 300 transmits the parameter value of the facility indicated in the change information added (added) by each user via the firewall 310. Transmit to the plant network. Thereby, also in a power plant, the plant control system 320 applies the parameter value of the facility to the target facility.
- the service provider S when the service provider S changes even a part of the change information registered in the block chain 20 by the change request device 100, the service provider S adds a signature again and blocks After registering in the chain 20, each user confirms the change information registered in the block chain 20 and sequentially adds signatures.
- users other than the service provider S can not unilaterally change the change information, and the intention of the service provider S can be reflected in the setting conditions of the equipment.
- the method for each user to add (add) the signature is not limited to the method performed by operating the corresponding computer terminal, and executes the program or application.
- the signature may be added automatically.
- the remote service system according to the third embodiment is also a system for changing the setting conditions of equipment disposed in a plant such as a power plant from a remote place, as in the above-described embodiments.
- the same components as the components of the remote service system 2 are denoted by the same reference numerals, and the detailed description of the components is omitted.
- FIG. 6 is a block diagram showing a schematic configuration of the remote service system in the third embodiment.
- the remote service system 3 is configured to include the change request device 100, the change confirmation device 200, the change execution device 210, and the plant network device 300.
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 is connected to the block chain 20.
- the firewall 310, the plant control system 320, and the data diode 330 which are components of a power plant requiring change of setting conditions by the remote service system 3, are combined. Is shown.
- FIG. 6 also shows a state in which the execution log indicating that the change execution device 210 has requested the plant network device 300 to carry out the change of the setting condition of the facility is registered in the block chain 20 together.
- FIG. 6 also shows the case where the firewall 310 and the data diode 330 exist in the path from the modification execution device 210 to the plant control system 320 as in FIG.
- the firewall 310 may not be present in the path from the change implementation device 210 to the plant control system 320.
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 uses a user key (public key, secret key, common key, etc.) obtained in advance.
- the signature of each user who registered the data in the block chain 20 was confirmed by comparing the hash value of the data.
- a program for automatically executing the processing of confirming the signature of the user is registered in the block chain 20 in advance.
- the signature verification processing program is called a smart contract code or simply a smart contract. In the following description, it is described as "smart contract code”. That is, in the signature verification processing program registered in the block chain 20, data of related programs are connected based on the hash value as in the case of data. For this reason, the confirmation processing program registered in the block chain 20 can also make tampering difficult, and can prevent unauthorized processing. That is, the signature confirmation processing program can prevent, for example, the third party's signature from being confirmed as the correct user's signature.
- FIG. 6 shows a state in which the signature verification processing program (signature verification processing program 20a to signature verification processing program 20c) is registered in each of the three data server devices constituting the block chain 20.
- the signature verification processing program registered in each server device constituting the block chain 20 is not limited to only one program, and a plurality of signature verification processing programs may be registered. In addition, it is not determined in advance which of the data server devices constituting the block chain 20 the signature confirmation processing program is divided and recorded (registered). Therefore, in the following description, the data server apparatus that configures the block chain 20 in which the signature verification processing program is registered is not identified, and the signature verification processing program is registered in the entire block chain 20. It explains as a thing.
- the signature verification processing program is automatically executed by designating a signature verification processing program for verifying the signature of the user when each user registers data in the block chain 20.
- the specification of the signature confirmation processing program is, for example, a user who sets information for identifying the signature confirmation processing program, information of an address of a storage area in the data server apparatus in which the signature confirmation processing program is registered, blocks, etc. This is done by registering the signed data in the block chain 20, that is, transmitting the data to the block chain 20.
- the signature verification processing program compares the hash values of the data to be registered with the user's key (public key, private key, common key, etc.) obtained in advance, and the data signature is , Check whether the signature of the correct user.
- the signature confirmation processing program registers the data to be registered only when it is confirmed that the signature is the correct user's signature. More specifically, in the signature verification processing program, each data server device verifies the signature of the data to be registered, and for example, more than half of the data server devices have verified that the signature is the correct user signature. The data to be registered is registered only when the predetermined rule of is satisfied. That is, in the remote service system 3, only the data to which the correct user's signature is added is registered in the block chain 20.
- the data acquired from the block chain 20 by each user who uses the remote service system 3 is the data registered by the correct user. Therefore, when each of the change request device 100, the change confirmation device 200, and the change execution device 210 constituting the remote service system 3 acquires data from the block chain 20 according to the operation of the corresponding user, As in the above-described embodiments, it is not necessary to compare hash values of user signatures included in data. For this reason, it is not necessary for each user of the remote service system 3 to confirm the signature of the data. That is, in the remote service system 3, there is no need to have the public key of another user in order to confirm the signature of the user contained in the data, and it becomes unnecessary to manage the public key.
- Each operation of the change request device 100, the change confirmation device 200, and the change execution device 210 in the remote service system 3 includes data of each stage (change information, execution log and data of change result) in the block chain 20.
- the operation is the same as that of the remote service system 2 of the second embodiment, except that the corresponding signature confirmation processing program is specified and executed when registering.
- a signature confirmation process is performed to confirm the provider signature.
- the program for example, the signature confirmation processing program 20a
- the block chain 20 registers only the data of the change information to which the correct signature of the service provider S is added.
- a signature confirmation processing program e.g. The confirmation processing program 20 b
- the block chain 20 registers only the data of the change information after the confirmation in which the correct signatures of the service provider S and the change content confirmer C have been added (added).
- a signature verification processing program for example, a signature verification processing program (for example, a processor for verifying the implementer's signature) when the modification execution device 210 registers the implementation log and data of the modification result transmitted from the plant network device 300 in the block chain 20 , And execute the signature confirmation processing program 20c).
- the block chain 20 registers only the implementation log to which the correct signature of the change implementer I is added and the data of the change result.
- the requested change content is applied to the target facility for which the service provider S has requested the change of the setting condition.
- the service provider S can check the change result of the operation state of the requested target equipment, and the change content checker C makes the checked change information the target equipment. You can check the applied changes.
- the service provider S or the change content checker C confirms the execution log for which the change execution device 210 has requested the plant network device 300 to perform the change of the setting condition of the facility. can do.
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 does not have to perform the process of confirming the signature included in the data acquired from the block chain 20, and each data is Since it is guaranteed that the data is not tampered with because it is managed by the block chain 20, it is possible to change the setting of the facility from a remote place by being able to prove that it is a correct change request. become.
- the change implementation device 210 is not an essential component. That is, the remote service system 3 may be configured not to include the change implementation device 210 as in the remote service system 2.
- a signature confirmation processing program e.g. Execute the processing program 20c.
- FIG. 7 is a sequence diagram showing a processing sequence in the remote service system 3 of the third embodiment.
- 7 is a sequence diagram in the case where the change implementation device 210 registers the implementation log in the block chain 20, as in FIG. 7, the block chain 20, the change request device 100 connected to the block chain 20, the change confirmation device 200, the change performing device 210, and the plant network device 300, which constitute the remote service system 3, are shown.
- An example of the flow of processing is shown.
- the process of the plant control system 320 for setting the change content from the remote service system 3 to the target facility is shown as the process of the plant network apparatus 300.
- FIG. 7 also shows the operations of the service provider S, the change content checker C, and the change executor I, respectively.
- the user's signature included in the data that each of the change request device 100, the change confirmation device 200, and the change execution device 210 is about to register is registered in the block chain 20 Registration is performed after the corresponding signature confirmation processing program has confirmed.
- each user's signature is added to data encoded using a predetermined user key (public key, secret key, common key, etc.) and obtained in advance It is decrypted and confirmed using the key of the user (public key, secret key, common key, etc.).
- a predetermined user key public key, secret key, common key, etc.
- the description of the processing content of encoding and decoding of the user's signature is omitted, and the description is simply as “adding (adding)” or “confirming” the signature.
- the signature confirmation processing program 20a shown in the data server device constituting the block chain 20 is a signature confirmation processing program for performing processing for confirming the carrier signature
- the signature confirmation processing program 20b is a business.
- the signature confirmation processing program is a signature confirmation processing program that carries out processing for confirming a person signature and a confirmer signature
- the signature confirmation processing program 20c is a signature confirmation processing program that carries out processing for confirming a practitioner signature.
- the service provider S operates the change request apparatus 100 to request change of the equipment identification information (for example, the device ID) of the equipment for which the setting conditions are to be changed, change information including the parameter value of the equipment, etc. It inputs into the apparatus 100 (step S400).
- the equipment identification information for example, the device ID
- change information including the parameter value of the equipment, etc.
- the service provider S operates the change request device 100 to add a signature. Thereafter, the service provider S designates the signature confirmation processing program 20a, and instructs the change request device 100 to register the input change information and the operator signature in the block chain 20 (step S401).
- the change request device 100 associates the data of “change information + company signature” in which the change information input by the service provider S and the signature added by the service provider S are linked, and the signature confirmation processing program 20 a.
- Identification information (such as an address, hereinafter referred to as program identification information) to be designated is transmitted to the block chain 20 (step S402).
- the block chain 20 executes the signature verification processing program 20a indicated by the received program identification information. Then, the block chain 20 confirms the enterprise signature included in the received data of “change information + business enterprise signature” by the signature verification processing program 20a.
- the signature verification processing program 20a confirms that the enterprise signature verified by each data server device is, for example, more than a half of the data server devices as the correct enterprise signature.
- Data of “change information + company signature” is registered (step S403).
- the received data of “change information + company signature” is registered in the block chain 20 as, for example, data of the first block.
- the change content confirmer C operates the change confirmation device 200 periodically, and whether or not the data of “change information + business person signature” including the correct business person signature is registered in the block chain 20 That is, it is confirmed whether the data of "change information + business operator signature" is updated. Then, when data of new “change information + company signature” is registered in the block chain 20 by the change request device 100, the change content checker C operates the change confirmation device 200 to make the block chain 20 The data of the new “change information + company signature” registered is acquired from the block chain 20 (step S404).
- the change confirmation apparatus 200 presents, to the change content confirmer C, the change information included in the acquired data of “change information + company signature”.
- the change confirmation device 200 does not decrypt the provider signature included in the acquired data of “change information + company signature” and does not present the result of comparison of the hash values to the change content confirmer C. This is because, as described above, it is determined that the data of “change information + company signature” registered in the block chain 20 is already the data registered by the correct service provider S.
- the change content checker C makes a change if the presented change information is correct (can be applied without any problem) to the facility for which the service provider S is to change the setting conditions.
- the confirmation apparatus 200 is operated to further add a confirmer signature to the data of “change information + company signature”.
- the change content confirmer C designates the signature confirmation processing program 20b that performs processing to confirm the company signature and the confirmer signature, and the block chain 20 receives the acquired change information and the company signature, the confirmer signature, Command to register in the block chain 20 (step S405).
- the change confirmation apparatus 200 further adds data of “change information + company signature + confirmer signature” in which the confirmer signature is linked to the change information linked with the business entity signature acquired from the block chain 20,
- the program identification information specifying the signature confirmation processing program 20b is transmitted to the block chain 20 (step S406).
- the block chain 20 activates the signature verification processing program 20b indicated by the received program identification information. Then, the block chain 20 confirms, by the signature confirmation processing program 20b, the carrier signature and the checker signature included in the received data of “change information + carrier signature + verifier signature”.
- the signature verification processing program 20b determines that the business owner signature and the verifier signature verified by each data server device are, for example, the correct enterpriser signature and the verifier signature with a majority or more of the data server devices. If confirmed, the received data of “change information + company signature + verifier signature” is registered (step S407). As a result, the received data of “change information + company signature + verifier signature” is registered in the block chain 20 as, for example, data of the second block.
- the change implementer I operates the change implementing device 210 regularly to obtain the data of “change information + enterprise signature + confirmer signature” including the correct operator signature and the confirmer signature as a block chain 20. It is checked whether or not the data of “change information + company signature + verifier signature” is updated. Then, when data of new “change information + company signature + verifier signature” is registered in the block chain 20 by the change confirmation device 200, the change implementer I operates the change execution device 210 to block Data of new “change information + company signature + verifier signature” registered in the chain 20 is acquired from the block chain 20 (step S408).
- the change implementation device 210 presents, to the change implementer I, the change information included in the acquired data of “change information + company signature + verifier signature”.
- the change execution device 210 changes the result of comparing the hash value without decrypting the business owner signature and the confirmer signature included in the acquired data of “change information + business operator signature + verifier signature”. Do not present to person I. This is that, as described above, the data of “change information + company signature + verifier signature” registered in the block chain 20 is also data that has already been confirmed and registered by the correct change content checker C. It is because it is decided.
- the change implementer I operates the change implementation device 210 to further add the implementer's signature to the data of “change information + company signature + verifier signature”.
- the change implementer I instructs the change implementation apparatus 210 to transmit the acquired change information, the provider's signature, the confirmer's signature, and the implementor's signature, and the plant network apparatus 300 implements the change of the setting condition of the facility. Are required (step S409).
- the change implementation device 210 further associates the implementer's signature with the change information associated with the business owner's signature and the confirmer's signature acquired from the block chain 20, “change information + enterprise's signature + confirmer's signature
- the data of the “implementer signature” is transmitted to the plant network apparatus 300 via the dedicated communication line (step S410).
- the communication line between the change execution device 210 and the plant network device 300 is not limited to the dedicated communication line.
- the change implementer I operates the change implementation device 210 and signs an implementation log representing that the data of “change information + business operator signature + verifier signature + implementer signature” is transmitted to the plant network apparatus 300.
- the change implementer I designates the signature confirmation processing program 20c for performing the process of confirming the implementor signature, and instructs the change implementation device 210 to register the implementation log and the implementor signature in the block chain 20 ( Step S411).
- the change implementation device 210 transmits, to the block chain 20, data of “implementation log + implementer signature” in which the practitioner log is linked to the practitioner log, and the program identification information specifying the signature confirmation processing program 20c. (Step S412).
- the block chain 20 receives the data of “implementation log + implementer signature” and the program identification information transmitted from the modification execution device 210, the signature verification processing program 20c instructed by the received program identification information Start up (execute) Then, the block chain 20 confirms the practitioner signature included in the received data of “implementation log + performer signature” by the signature verification processing program 20 c.
- the signature verification processing program 20c confirms that the implementer's signature confirmed by each data server is, for example, a correct implementer's signature by a majority or more of the data servers
- Data of “implementation log + implementer signature” is registered (step S413). Thereby, the received data of “implementation log + implementer signature” is registered in the block chain 20 as, for example, data of the third block.
- the service provider S periodically operates the change request device 100 to check whether the data of “execution log + implementer signature” is registered in the block chain 20 by the change execution device 210. If the data of “implementation log + implementer signature” is registered, it can be confirmed that the change of the setting condition in the requested target equipment has been implemented. Similarly, the change content confirmer C can also confirm that the change of the setting condition of the confirmed equipment has been implemented by operating the change confirmation device 200 periodically.
- the change request device 100 and the change confirmation device 200 do not decrypt the implementer's signature included in the acquired “implementation log + implementer's signature” data, but the acquired “implement log + implementer signature”
- the implementation log included in the data is presented to the service provider S and the change content checker C. This is because, as described above, the data of “implementation log + implementer signature” registered in the block chain 20 is already determined to be the data registered by the correct changer I.
- the plant network apparatus 300 confirms the carrier signature, the checker signature, and the performer signature included in the received data of “change information + carrier signature + verifier signature + implementer signature” (step S 414). .
- plant network apparatus 300 the respective signatures of the confirmed service provider S, the change content confirmer C, and the change implementer I are correct, and the order in which the signatures are added is correct, that is, the change information is transmitted. If the selected route is the correct route, the change content is applied to the target equipment for which the service provider S has requested the change of the setting condition (step S415). More specifically, plant network apparatus 300 is the facility indicated in the change information included in the data of “change information + operator signature + verifier signature + implementer signature” transmitted from change implementation device 210. The plant control system 320 that controls the facility having the identification information transmits the parameter value of the facility indicated in the change information to the plant network via the firewall 310.
- the plant control system 320 changes the parameter value of the facility indicated in the change information to the parameter value of the facility indicated in the change information, and the target for which the service provider S requested the change of the setting condition
- the setting conditions of the equipment of are the setting conditions requested by the service provider S.
- the plant control system 320 transmits, to the plant network apparatus 300 via the firewall 310, data of a change result representing the operating state according to the changed parameter value of the facility.
- the plant network device 300 transmits the data of the change result transmitted from the plant control system 320 to the change implementation device 210 via the data diode 330 (step S416).
- the plant network apparatus 300 adds a plant signature representing the plant control system 320 or the plant network apparatus 300 to the data of the change result transmitted from the plant control system 320, and adds the data of "change result + plant signature",
- the change result data transmitted from the plant control system 320 may be transmitted to the change implementation device 210 via the data diode 330.
- the change implementation device 210 presents the received change result data to the change implementer I.
- the change implementer I confirms the data of the change result presented to the change implementation device 210 and operates the change implementation device 210 to add a signature.
- the change implementer I designates the signature confirmation processing program 20c, and instructs the change performing device 210 to register the received data of the change result and the implementer's signature in the block chain 20 (step S417).
- the change implementation device 210 designates the data of “change result + implementer signature” in which the implementer signature is linked to the data of the change result transmitted from the plant network device 300, and the signature verification processing program 20c.
- the program identification information is sent to the block chain 20 (step S418).
- the change execution device 210 transmits, to the block chain 20, data of “change result + implementer signature” to which the information of the date and time when the plant network device 300 transmitted the data of the change result is added and the program identification information. You may
- the block chain 20 activates the signature verification processing program 20c indicated by the received program identification information. Then, the block chain 20 confirms the implementer's signature included in the received data of “change result + implementer's signature” by the signature confirmation processing program 20 c.
- the signature verification processing program 20c confirms that the implementer's signature confirmed by each data server is, for example, a correct implementer's signature by a majority or more of the data servers.
- Data of "change result + implementer's signature” is registered (step S419). Thereby, the received data of “change result + implementer signature” is registered in the block chain 20 as, for example, data of the fifth block.
- the plant network apparatus 300 adds a plant signature representing the plant control system 320 or the plant network apparatus 300 to the data of the change result transmitted from the plant control system 320, and adds the data of "change result + plant signature", Directly transmitted to the block chain 20 via the data diode 330 together with program identification information specifying a signature confirmation processing program (not shown) that performs processing of confirming a plant signature as data of a change result transmitted from the plant control system 320 You may In this case, the block chain 20 activates the signature confirmation processing program (not shown) indicated by the program identification information transmitted from the plant network apparatus 300 together with the data of “change result + plant signature” to “change”. Confirm the signature of the plant signature included in the data of “Result + Plant Signature”.
- the plant signature confirmed by each data server apparatus by the signature confirmation processing program is, for example, a plant signature that is correct with a majority or more of data servers (plant control system 320 or plant network apparatus If it can be confirmed that the signature is 300), for example, the received data of "change result + plant signature" is registered as data of the fourth block.
- the service provider S periodically operates the change request apparatus 100 to check whether the data of “change result + implementer signature” is registered in the block chain 20 by the change execution apparatus 210. If the data of "change result + implementer's signature" is registered, it is possible to confirm the change result of the operation state of the target facility for which the change of the setting condition is requested.
- the change content confirmation person C also operates the change confirmation device 200 periodically to confirm whether the data registered in the block chain 20 is updated or not, so that the change execution device 210 executes the block chain. It is possible to manage the setting conditions of the facility and the operating state of the facility based on the data of “change result + operator signature” registered in 20.
- the change request device 100 and the change confirmation device 200 do not decrypt the implementer's signature included in the acquired data of the “change result + implementer's signature”, but the acquired “change result + implementer's signature”.
- the change result included in the data is presented to the service provider S or the change content checker C. This is because, as described above, the data of “change result + implementer signature” registered in the block chain 20 is already determined to be the data registered by the correct changer I.
- each user adds a signature to data (change information, implementation log, change result) at each stage.
- data change information, implementation log, change result
- the data is sent to the block chain 20 by specifying a signature confirmation processing program for confirming its own signature.
- the designated signature confirmation processing program is automatically executed, and the transmitted data is transmitted only when it is confirmed that the signature is the correct user signature based on the predetermined rule.
- Register in block chain 20 As a result, in the block chain 20, data in which respective signatures of the correct users are added in a chained manner (time series) is registered. And the change content which the several user confirmed can be applied with respect to an installation similarly to each above-mentioned embodiment, and the same effect can be acquired.
- a signature confirmation processing program for performing processing of confirming the signature of the user is registered in advance in the block chain 20.
- the remote service system 3 it is possible to prevent falsification of the signature verification processing program registered in the block chain 20 at a high security level.
- the signature verification processing program registered in the block chain 20 verifies the signature of the user contained in each data in the block chain 20. Then, only the data determined to have the correct user signature attached is registered in the block chain 20. Thereby, each of the change request device 100, the change confirmation device 200, and the change execution device 210, and each of the service provider S, the change content confirmer C, and the change implementer I have signed the user of the previous stage. There is no need to check. Thereby, the setting conditions of equipment can be changed more easily than the above-mentioned each embodiment.
- the remote service system adds (adds) a signature to the change information in a chain (time series) at each stage. And the change content which several users confirmed sequentially is applied with respect to an installation.
- the setting conditions of the facility can be maintained while maintaining the security level of the setting data even when the setting conditions of the facility of the plant are changed from a remote location. It is possible to change the setting for changing properly.
- the time required for the work of changing the setting conditions of the equipment without the intermediate processing such as the approval procedure at the plant and the adjustment work at the site, which was conventionally required Cost can be reduced.
- each user communicates with each other via a block chain in the remote service system.
- the data exchanged by each user is managed by agreement formation in the block chain (for example, the result of confirmation of a signature by a majority or more of the data server devices agrees with each other). Therefore, the data registered in the block chain becomes data of high security level.
- a signature verification processing program for performing processing of verifying the signature of each user in the remote service system can be automatically executed in the block chain.
- the signature verification processing program is managed by a block chain.
- the signature verification processing program registered in the block chain is a program guaranteed at a high security level. That is, the signature verification processing program registered in the block chain is a program with high tamper resistance.
- the block chain 20 manages the program change request and approval of the setting condition for the equipment and its signature. It is guaranteed that the equipment has not been tampered with, and equipment settings can be changed from a remote location.
- the configuration for applying the change of the setting condition of the facility after confirming the change content of the setting condition of the facility in two steps has been described. More specifically, for example, in the configuration of the remote service system 1, the change content checker C confirms the change of the setting condition of the facility requested by the service provider S in the first step, and the change is implemented in the second step
- the configuration in which the change implementer I applies the change of the setting condition of the equipment after the confirmation by the person I has been described.
- the step of confirming the contents of the change of the setting condition of the equipment in each of the remote service systems described above is not limited to the two steps shown in each embodiment.
- the number of persons in charge of confirming the change information is increased in the same manner as the change content confirmer C, and each person in charge confirms and signs the change using the corresponding computer terminal.
- adding (adding) them in a chained manner (time series) it is possible to further increase the number of steps for confirming the change contents of the setting conditions of the facility.
- the step of confirming the change contents of the setting condition of the facility in the remote service system 1 may be reduced, for example, the change content checker C may double as the change implementer I. In this case, the change contents (change information) of the setting condition of the facility requested by the service provider S can be applied to the target facility more quickly.
- the change execution device 210 or the plant network device 300 responds to the changed setting condition of the facility.
- the configuration for registering the change result representing the operating state of the equipment in the block chain 20 has been described.
- the change result may include data for calculating the efficiency of the operating facility, such as KPI.
- KPI the efficiency of the operating facility
- the change execution device 210 or the plant network device 300 performs the KPI based on the same data as the change result transmitted every predetermined period.
- the effect of improving the efficiency of equipment can be considered to be used as data for obtaining compensation for changing the setting conditions of equipment (for example, charging to the request source that requested the change of the setting conditions of equipment).
- the remote service system in each of the above-described embodiments as a configuration for obtaining compensation for changing the setting condition of the equipment.
- the plant side such as the change executor I
- the person in charge confirms the effect of improving the efficiency of the facility, determines the amount to be charged, and for example, the person in charge of checking the amount to be charged on the plant side such as the change content checker C confirms the determined amount.
- the person in charge requests the side (request source) who requested the change of the setting condition of the facility such as the service provider S. It is possible to realize a configuration in which the determined amount is presented to actually obtain the compensation.
- rule of charging according to KPI is also stored in block chain 20 (for example, stored as a program of smart contract code) Can automatically process the charge.
- the rule of charging is a rule agreed upon between the service provider S and the change content checker C, confirmation of the charging rule is unnecessary each time charging processing is performed, and the charging rule is not falsified. As this is proved, both the service provider S and the change content checker C can efficiently provide and use the service.
- the charging rule is updated, the charging rule in which the service provider S and the change content checker C make an agreement again is registered in the block chain 20.
- the remote service system of the second embodiment and the third embodiment is not limited to application to a system that changes parameter values to be set to equipment. More specifically, it is also conceivable to use a remote service system to control use permission or stop of use of services such as additional functions performed by a plant control system that controls each facility in the plant. In this case, the service provider who provides the remote service system of each embodiment controls the use of services such as additional functions in the plant control system, contrary to the order described in each embodiment.
- the remote service system 2 when service provision is requested from the plant side, use of services such as additional functions in the plant control system by allowing the service provider to permit (approve) the request from the plant side Is started. Also, for example, when it is necessary to stop the provided service for some reason, the service provider alone instructs the stop of the service without obtaining approval from the plant side, and the plant control system It may stop services such as additional functions in Here, as a reason why it is necessary to stop the service provided by the service provider, for example, from the plant side as the end of the period of use of the provided service or as compensation for the provided service. Non-payment of service fee paid to the service provider side or delay of payment may be considered.
- the service provider side obtains information on the payment status of the service fee from the plant side from a charging system (not shown) other than the remote service system 2 or the like. Then, in the remote service system 2, the service provider records the service usage fee payment status by registering the information (data) of the service usage fee payment status (not shown) obtained from the charging system etc. in the block chain. Can manage the usage permission and the use suspension of the provided service. Therefore, the remote service system 2 registers, in the block chain, information (data) of the payment status of the service usage fee obtained from a charging system (not shown) or the like. Note that the service provider may register information (data) of the payment status of the service usage fee in the block chain, or a charging system (not shown) may be performed.
- the remote service system according to the fourth embodiment is a system in which a service provider performs control such as use permission or stop of use of a provided service from a remote location.
- the remote service system of the fourth embodiment is an example of a configuration for controlling the use permission or stop of use of a service in the remote service system 2.
- information (data) of the payment status of the service usage fee is registered in the block chain at predetermined time intervals, and the payment status of the service usage fee from the power plant The history of is managed.
- the service provider controls the usage permission or the usage suspension of the service to be provided based on the history of information (data) of the payment status information (data) of the service usage fee, which is difficult to tamper with the block chain can do.
- the components of the remote service system of the fourth embodiment are the same as the components shown in FIG.
- confirmation by a person in charge (a change implementer I) who actually operates the facility in the power generation plant is not performed. It is necessary to confirm this because the usage request for the additional function service executed by the plant control system is a request issued from a person in charge at the same power plant side as the person in charge of actually operating the facility in the power plant Because there is no Moreover, the purpose of stopping the use of the additional function service executed by the plant control system is to prevent the person in charge of actually operating the facility in the power plant from being blocked.
- FIG. 8 is a block diagram showing a schematic configuration of the remote service system in the fourth embodiment.
- the remote service system 4 includes the change request device 100, the change confirmation device 200, and the change execution device 210.
- the change request device 100, the change confirmation device 200, and the change execution device 210 are connected to the block chain 20, respectively.
- the change executor I relating to the actual operation of the facility in the power generation plant and the plant network apparatus 300 are omitted. Further, in FIG. 8, the data diode 330 is also omitted.
- the service provider of the remote service system 4 executes a function executed by the plant control system 320 to acquire and transmit the data of the change result for calculating the KPI of the changed facility. It demonstrates as a service of the additional function of the plant control system 320 provided to the power plant side from the side.
- the person on the power plant side who requests use of the service provided in the remote service system 4 is the change content checker C, and the use of the service is permitted.
- the person in charge (approval) of the service provider side, that is, the approver of the service is described as the service provider S.
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 exchanges respective information (data) via the block chain 20.
- the operations of the change request device 100, the change confirmation device 200, and the change execution device 210 in the remote service system 4 are the same as the operations in the remote service system 2.
- information (data) of the payment status of the service usage fee on the power plant side for the service of the additional function of the plant control system 320 to be provided is at predetermined time intervals (for example, every month) ) Are registered in chronological order in the block chain 20, and are managed as a history that is difficult to falsify.
- a method for registering payment data in the block chain 20 is not particularly defined.
- the service provider S confirms the service usage fee payment status data (hereinafter referred to as payment data) registered in the block chain 20 to permit the use of the provided service or Decide to stop using it. Then, in the remote service system 4, the service provider S registers, in the block chain 20, data of availability information representing the result of determining the usage permission and the usage suspension of the service to be provided.
- the availability information includes, as control content, an instruction to execute or stop the service according to the usage permission or the usage suspension of the service determined by the service provider S, and represents the control content (instruction content). It is control information (instruction information).
- the data of the availability information of the service usage determined by the service provider S and registered in the block chain 20 is transmitted to the plant control system 320, and execution of additional functions in the plant control system 320, That is, the permission and the stop of use of the provided service are controlled.
- the change content checker C registers the data of information (hereinafter referred to as request information) for requesting the use of the service in the block chain 20 to provide the service.
- request information data of information
- the business operator S (approver) is requested to provide the service of the additional function executed by the plant control system 320.
- the service provider S confirms the payment data registered in the block chain 20, and requests for use of the service from the change content checker C (requester). Decide whether to permit (approve) or not.
- the remote service system 4 when the service provider S permits (approves) the use request of the service from the change content checker C (requester), instructs the execution of the additional function in the plant control system 320.
- the additional function in the plant control system 320 is executed by registering the data of the availability information in the block chain 20. Thereby, in the remote service system 4, the service of the additional function which the plant control system 320 performs is provided to the power plant side.
- the remote service system 4 when the service provider S does not permit (deny) the use request for the service from the change content confirmer C (requester), or, for example, the end of the service use period, Addition of plant control system 320 by registering, in block chain 20, data of availability information that instructs stopping of additional functions in plant control system 320 when nonpayment of service usage fee or payment delay is confirmed. Function execution is stopped. Thereby, in the remote service system 4, the provision of the service of the additional function executed by the plant control system 320 is stopped without obtaining the approval of the power plant side.
- the change execution device 210 uses whether or not the service provider S has approved the request for use of the service from the change content checker C registered in the block chain 20. Do not check the data of the availability information. Therefore, in the remote service system 4, the change implementation device 210 directly transmits the data of the availability information registered in the block chain 20 by the change request device 100 to the plant control system 320 via the firewall 310. At this time, the change execution device 210 transmits data of availability information to the plant control system 320 via a line of a dedicated communication standard determined with the plant control system 320 (hereinafter referred to as a direct communication line). Do.
- the direct communication line may be a line of the same communication standard as the dedicated communication line shown in the remote service system of each embodiment, or may be a line of a different communication standard. Also, the direct communication line may be a communication line including the data diode 330.
- the firewall 310 may not be included in the direct communication line when the data diode 330 has a firewall function.
- the plant control system 320 applies the instruction according to the availability information registered and transmitted to the block chain 20, and the execution state of the additional function and the result of the executed additional function (hereinafter referred to as application The data of the result) is transmitted to the change implementation device 210 via the firewall 310. Then, in the remote service system 4, the change implementation device 210 registers the application result data transmitted from the plant control system 320 in the block chain 20.
- the service provider S confirms the execution state of the additional function by the plant control system 320, that is, the result of controlling the execution or stop of the provided service. it can.
- the change request device 100 acquires, from the block chain 20, data of the application result registered in the block chain 20 by the change execution device 210, and executes the additional function of the plant control system 320 included in the acquired application result data.
- the change content checker C can check the data of the result by the additional function executed by the plant control system 320.
- the change confirmation device 200 acquires, from the block chain 20, data of the application result registered by the change implementation device 210 in the block chain 20, and executes the additional function of the plant control system 320 included in the acquired application result data.
- the result is presented to the change content checker C (requester).
- the block chain 20 changes the data of the availability information registered by the change request device 100. It may be configured to transmit directly to the plant control system 320 via a communication line without passing through the implementation device 210. Thus, in the power generation plant to which the remote service system 4 is applied, the plant control system 320 executes an additional function according to the data of the availability information registered in the block chain 20. Further, when the plant control system 320 is configured to exchange data with the block chain 20, the plant control system 320 does not pass the application result data via the change execution device 210. It may be configured to be directly transmitted and registered to the block chain 20 via the communication line.
- FIG. 9 is a sequence diagram showing the flow of processing and work in the remote service system 4 of the fourth embodiment.
- FIG. 9 determines whether or not the service provider S (approver) permits (approves) the use of the service in response to the service usage request issued by the change content checker C (requester). It is a processing sequence of the case.
- each of the block chain 20, the change request device 100 connected to the block chain 20, the change confirmation device 200, the change execution device 210, and the plant control system 320 which constitute the remote service system 4 are shown.
- An example of the flow of processing is shown.
- FIG. 9 as in FIG. 4, the operations (operations on the change request device 100 and the change confirmation device 200) of the service provider S (approver) and the change content confirmer C (requester) are also included Is shown.
- the change execution device 210 automatically exchanges data with the plant control system 320.
- the change execution device 210 automatically performs processing such as processing for confirming a signature and processing for adding a signature. Good. More specifically, the process for the change execution device 210 to confirm the signature attached to the data of the availability information acquired from the block chain 20, and the application result transmitted from the plant control system 320 registered in the block chain 20.
- Each process of the process of adding a signature to may be performed automatically. However, in the following description, in order to facilitate the description, the detailed description of each processing of signature confirmation and addition by the change performing device 210 will be omitted.
- the change content checker C operates the change verification device 200, inputs a request for using the service of the additional function executed by the plant control system 320 into the change verification device 200, and adds a signature. Thereafter, the change content confirmer C operates the change confirmation device 200 to block the service usage request (request information) and the signature of the change content confirmer C (requester's signature) (hereinafter referred to as requester's signature) The registration to the chain 20 is instructed (step S501).
- the change confirmation device 200 blocks data of “request information + requester's signature” in which the request information of service usage input by the change content confirmer C and the signature added by the change content confirmer C are linked. It registers in the chain 20 (step S502). At this time, the change confirmation device 200 encodes the requester's signature using a predetermined change content confirmer C's key (public key, secret key, common key, etc.), and then “request information + requester”. The data of “signature” is registered in the block chain 20. The data of “request information + requester signature” registered in the block chain 20 by the change confirmation apparatus 200 is managed as a history of service use requests by the change content confirmer C.
- the service provider S operates the change request apparatus 100 periodically to determine whether data of “request information + requester signature” is registered in the block chain 20 by the change confirmation apparatus 200, that is, It is checked whether the change content checker C requests the use of the service. Then, when the data of “request information + requester signature” is registered in the block chain 20 by the change confirmation device 200, the service provider S operates the change request device 100 to be registered in the block chain 20. The data of “request information + requester signature” is acquired from the block chain 20 (step S503).
- the block chain 20 may be configured to notify the change request device 100 that the data of “request information + requester signature” has been registered by the change confirmation device 200.
- the service provider S operates the change request device 100, and “request information + requester signature” registered by the change content checker C in the block chain 20. Data may be acquired.
- the change request apparatus 100 presents, to the service enterpriser S, request information for use of the service and the requester's signature included in the acquired data of “request information + requester's signature”.
- the change request apparatus 100 uses the key (public key, secret key, common key, etc.) of the change content determiner C, which is acquired in advance, of the requester's signature included in the acquired “request information + requester signature” data.
- the requester's signature is confirmed using the above-mentioned decryption method, and the request information and the requester's signature are presented to the service provider S, including the confirmation result.
- the service provider S confirms the request information and the requester signature presented to the change request device 100 (step S504).
- the service provider S operates the change request apparatus 100 and is registered in the block chain 20 when the presented requester signature is correct and the service requested by the presented request information can be provided.
- the history of information (data) of the payment status of the service usage fee from the change content checker C is acquired from the block chain 20 (step S505). That is, the requester's signature presented to the change request apparatus 100 is the signature of a formal user of the remote service system 4 that can use the service, and the service indicated in the request information can be provided.
- the service provider S acquires, from the block chain 20, the history of the service usage fee payment status from the power plant side to which the change content checker C belongs.
- the change request apparatus 100 presents the service provider S with a history of the acquired payment status of the service usage fee.
- the service provider S checks the history of the payment status of the service usage fee presented to the change request device 100. Then, whether the service provider S permits the request for use of the service from the change content confirmer C based on the history of payment status of the service usage fee confirmed, that is, availability of the requested service It determines (step S506).
- the service provider S operates the change request apparatus 100, inputs a result indicating availability of the service of the additional function executed by the plant control system 320 into the change request apparatus 100, and adds a signature. Thereafter, the service provider S operates the change request apparatus 100 to block the availability information indicating the result of availability of the service and the signature of the service provider S (approver) (hereinafter referred to as an approver signature). The registration to the chain 20 is instructed (step S507).
- the change request apparatus 100 registers, in the block chain 20, data of “usability information + approver signature” in which the service availability information inputted by the service provider S is associated with the approver signature ((1) Step S508).
- the change request device 100 encodes the approver signature using a predetermined key of the service provider S (public key, secret key, common key, etc.), and The data of “signature” is registered in the block chain 20.
- the data of "usability information + approver signature" registered in the block chain 20 by the change request apparatus 100 is the availability determined by the service provider S in response to the request for use of the service from the change content checker C. It is managed as a history.
- the block chain 20 may be configured to notify the change confirmation device 200 that the data of “usability information + approver signature” has been registered by the change request device 100.
- the change content confirmer C operates the change confirmation device 200 to register “usability information + approver signature” registered by the service provider S in the block chain 20. Data, that is, the result of availability of the requested service can be confirmed.
- the change content confirmer C determines that the service provider S can not use the service (e.g., denied) as a result of the service availability by the service provider S, the reason (e.g., the end of the service usage period or the service)
- the service provider S (the service provider side) can be inquired about nonpayment of usage fee, delay of payment, etc.
- the change execution device 210 determines whether or not the data of “usability information + approver signature” is registered in the block chain 20 by the change request device 100, that is, the service provider S executes (also continues the service). Periodically check whether or not an instruction to stop is issued. Then, when the data of “usability information + approver signature” is registered in the block chain 20 by the change request device 100, the change execution device 210 is “usability information + approver” registered in the block chain 20. Data of “signature” is acquired from the block chain 20 (step S509).
- the change execution device 210 When the block chain 20 is configured to notify the change execution device 210 that the data of “usability information + approver signature” has been registered, the change execution device 210 responds to the notification from the block chain 20. Alternatively, data of “usability information + approver signature” registered in the block chain 20 may be acquired.
- the change implementation device 210 transmits the availability information included in the acquired data of “availability information + approver signature” to the plant control system 320 via the direct communication line (step S510).
- the change execution device 210 automatically confirms the approver signature included in the acquired data of “usability information + approver signature”, and when the confirmed approver signature is correct, the acquired availability information is used as a plant. It may be transmitted to the control system 320. At this time, the change execution device 210 acquires the approver signature included in the acquired data of “usability information + approver signature” with the key (public key, secret key, common key, etc.) of the service provider S obtained in advance. Decrypt automatically to confirm the approver's signature.
- the plant control system 320 instructs to execute or stop the service included in the received data of the availability information. Is applied to the execution of the additional function (step S511). More specifically, when the instruction included in the data of availability information indicates the execution of the additional function, the plant control system 320 executes (including continuation) the additional function and executes the additional function. If a stop is indicated, execution of the additional function is stopped.
- the service provider S controls the execution of the service provided by the additional function of the plant control system 320.
- the plant control system 320 transmits the data of the application result indicating the execution state of the additional function by applying the instruction included in the data of the availability information to the change execution device 210 directly via the communication line (step S512).
- the plant control system 320 changes the data of the result of the additional function that has been executed into the data of the application result. It may be transmitted to the device 210. Further, the plant control system 320 may automatically add a plant control system 320 signature (plant signature) to the data of the application result transmitted to the change implementation device 210 and transmit the data to the change execution device 210.
- the change implementation device 210 registers the received application result data in the block chain 20 (step S513).
- the change execution device 210 automatically adds a signature representing the change execution device 210 to the data of the application result registered in the block chain 20, and a predetermined key of the change execution device 210 (public key, secret key , The common key, etc., and then the data of “application result + signature” may be registered in the block chain 20.
- the service provider S periodically operates the change request apparatus 100 to check whether the data of the application result is registered in the block chain 20 by the change execution apparatus 210, and the registered application is performed. From the data of the result, the execution state of the additional function in the plant control system 320 can be confirmed.
- the change content checker C also operates the change confirmation device 200 periodically to check whether the data of the application result is registered in the block chain 20 by the change execution device 210, thereby making the requested addition It is possible to check the data of the service execution result of the function.
- the block chain 20 may be configured to notify the change request device 100 or the change confirmation device 200 that the data of the application result is registered by the change implementation device 210.
- the service provider S (approver) can block availability information for instructing to execute or stop the service. Control the execution of additional functions of the plant control system 320.
- the data of the availability information registered in the block chain 20 by the approver is directly transmitted to the plant control system 320, and the plant control system 320 is included in the transmitted data of the availability information.
- the remote service system 4 adopts a data management method that makes it difficult to falsify data and manages the history of registered payment data in time series, the service provided by the approver is It is possible to present the requester with a clear reason for controlling the use permission or the use suspension. For example, in the remote service system 4, even when instructing the use stop of the provided service, the requester is presented with the application result determined based on the history of payment data managed at a high security level. can do. That is, the remote service system 4 can prove that both the approver and the requester have a decision result without any doubt.
- step S 504 in the sequence diagram shown in FIG. 9 the processes after step S 504 in the sequence diagram shown in FIG. 9 are performed. Detailed description of the processing sequence in this case is omitted.
- control in the remote service system 4 is not limited to the use permission or the use stop of the service to be provided.
- the service provider side can independently control the change of the parameter value in the additional function executed by the plant control system 320, the setting change, the initialization, and the like based on the same idea. In this case, whether the parameter value is changed or the setting is changed or the initialization can be determined, for example, based on whether or not the parameter value can be properly adopted.
- the service provider side controls the program performance update such as high performance (program upgrade) and standard performance improvement (program degradation) of additional functions executed by the plant control system 320. can do. Whether or not the program can be updated in this case is determined, for example, based on whether or not the program can be overwritten.
- the configuration in which the block chain 20 is adopted as a data management method that makes it difficult to falsify data has been described. Therefore, by registering in the block chain a program (smart contract code) that executes processing in accordance with a predetermined rule set by the service provider side and the plant side, the service provider S (approver) It can also be configured to perform processing and work automatically. That is, it is also possible to adopt a configuration in which the determination and the response regarding the provision of the service in the remote service system 4 are automatically performed by the program of the smart contract code.
- the program of this smart contract code is a program that can not be changed (including impersonation or falsification to a user by a third party) independently by the service provider side or the plant side. Both the service provider side and the plant side result in no doubt.
- a program for a smart contract code it is provided when the service usage period ends, or there is a non-payment of service usage fee from the plant side to the service provider side or a payment delay. It is conceivable to register in the block chain a program that specifies that the use of services be suspended. In this case, even if the result of the determination and the response by the program of the smart contract code is the result of the stop of the service, for example, due to the non-payment of the service fee, it is determined in advance by the service provider side and the plant side. It can be said that it is the result of the correct decision and response according to the regulations.
- the plant control system 320 may control a plurality of facilities disposed in the power plant. Therefore, in the remote service system 4, the additional functions executed by the plant control system 320 may be additional functions corresponding to the respective facilities or different additional functions depending on the respective facilities. In this case, in the remote service system 4, it is necessary to control the usage permission or the usage suspension of the service to be provided for each additional function corresponding to each facility.
- the remote service system 4 the case of controlling the use permission or the use stop of the provided service for each additional function corresponding to each facility executed by the plant control system 320 is described as the fifth embodiment. Do. In the following description, it is assumed that the remote service system 5 is configured to control the use permission and the use stop of the service provided for each additional function corresponding to each facility executed by the plant control system 320. It explains as ".
- FIG. 10 is a block diagram showing a schematic configuration of the remote service system in the fifth embodiment.
- the remote service system 5 includes the change request device 100, the change confirmation device 200, and the change execution device 210.
- each of the change request device 100, the change confirmation device 200, and the change execution device 210 is connected to the block chain 20.
- the change executor I, the plant network apparatus 300, and the data diode 330, which are involved in the actual operation of the facility in the power generation plant, are omitted.
- the remote service system 5 is different in that the plant control system 320 shown in FIG. 8 is a control device that controls a plurality of facilities. More specifically, different from the plant control system 320 in the remote service system 4, the plant control system 320 in the remote service system 5 executes additional functions corresponding to each of the three facilities of the facilities 320a to 320c. . Therefore, for each of the three facilities (facility 320a to facility 320c) controlled by the plant control system 320, the usage permission or the usage stop is controlled for the service of the additional function to be executed.
- other configurations in the remote service system 5 are similar to the configurations of the remote service system 4.
- remote service system 5 in order to distinguish additional functions corresponding to respective facilities controlled by plant control system 320, a predetermined disclosure is made between change request device 100 and respective facilities controlled by plant control system 320.
- the key and the secret key are used to control the execution of additional functions corresponding to each facility. That is, in the remote service system 5, the availability information is encoded and transmitted using the public key of the corresponding facility, and the transmitted availability information is decrypted using the private key of the corresponding facility, and then each of them is transmitted. Execute additional functions corresponding to the equipment.
- the remote service system 5 only the corresponding availability information is applied to each facility, and the additional function is executed.
- the availability information is applied only to the facility 320b.
- the change request apparatus 100 registers the availability information encoded by the public key 51 b in the block chain 20.
- the availability information is applied only to the facility 320b which can decrypt the availability information by the secret key 52b. Be done.
- the availability information corresponding to the facility 320b transmitted by the change execution device 210 can not be decrypted by the secret key 52a or the secret key 52c, and thus is not applied to the facility 320a or the facility 320c.
- the change request apparatus 100 is encoded by the public key 51c, the availability information corresponding to the facility 320a encoded by the public key 51a, the availability information corresponding to the facility 320b encoded by the public key 51b, and the public key 51c.
- Each of the availability information corresponding to the facility 320 c is registered in the block chain 20.
- the availability information corresponding to the facility 320a that can be decrypted by the secret key 52a is applied only to the facility 320a.
- the availability information corresponding to the installation 320b that can be decrypted by the secret key 52b is applied only to the installation 320b.
- the availability information corresponding to the installation 320c that can be decrypted by the secret key 52c is applied only to the installation 320c. That is, the respective availability information transmitted by the change execution device 210 is applied only to the corresponding equipment.
- the correct availability information is applied to each of the facilities controlled by the plant control system 320 by using the public key and the secret key corresponding to each facility.
- the change implementation device 210 does not need to transmit the availability information after recognizing the equipment to be applied, and can easily control the transmission of the availability information to the plant control system 320.
- FIG. 11 is a sequence diagram showing the flow of processing and work in the remote service system 5 of the fifth embodiment.
- the remote control system 5 includes the block chain 20, the change request device 100 connected to the block chain 20, the change confirmation device 200, the change execution device 210, and the plant control system 320.
- An example of the flow of processing is shown. Note that the operations (operations on the change request device 100 and the change confirmation device 200) of the service provider S (approver) and the change content checker C (requester) are also shown.
- the change request device 100 encodes the availability information using the public key predetermined between the change request device 100 and each of the facilities controlled by the plant control system 320, and then blocks. Register in chain 20. Therefore, in FIG. 11, when the change request apparatus 100 registers the availability information in the block chain 20, a process of encoding the availability information using the corresponding public key is added. Further, in FIG. 11, when the change confirmation apparatus 200 applies the transmitted availability information, a process of decrypting the availability information using the corresponding private key is added.
- the flow of other processing and work in the remote service system 5 is the same as that of the remote service system 4. Therefore, in FIG. 11, the same process steps and work flows as those of the remote service system 4 are given the same step numbers to simplify the description, and emphasis will be placed on different work flows.
- the change confirmation device 200 associates the request (request information) for use of the service corresponding to each facility input by the change content confirmer C with the requester signature “request information + request
- the data of “signature” is registered in the block chain 20.
- the change request apparatus 100 acquires data of “request information + requester signature” registered in the block chain 20, and further, pays the service usage fee from the change content confirmer C. Get the history of status information (data). Then, the service provider S determines the availability of the service corresponding to each facility requested by the change content checker C, operates the change request device 100, and determines the service corresponding to each determined facility. A result (usability information) indicating availability is input to the change request apparatus 100.
- the service provider S operates the change request apparatus 100 to instruct encoding using the public key of the availability information indicating the result of availability of the service (step S601). More specifically, the service provider S instructs the encoding using the public key 51a of the availability information indicating the result of availability of the service corresponding to the facility 320a. In addition, the service provider S instructs the encoding using the public key 51b of the availability information indicating the result of availability of the service corresponding to the facility 320b. In addition, the service provider S instructs the encoding using the public key 51c of the availability information indicating the result of availability of the service corresponding to the facility 320c. Thereby, the change request apparatus 100 encodes each of the availability information using the corresponding public key.
- the result of availability of service corresponding to each facility requested by the change content checker C is a result determined for each facility controlled by the plant control system 320. Because of this, the content of the same instruction for instructing the execution of the corresponding additional function is not necessarily the same.
- the service provider S may input, to the change request apparatus 100, only the availability information as a result different from that in the past. Then, the service provider S may instruct the change request apparatus 100 to encode only the availability information as a result different from before using the corresponding public key.
- the change request device 100 links the use availability information corresponding to each facility inputted by the service provider S with the signature of the service provider S (approver), “use availability information + Data of approver signature is registered in the block chain 20.
- the change execution device 210 acquires data of "usability information + approver signature" registered in the block chain 20, and acquires data of "usability information + approver signature" acquired.
- the respective availability information contained in is transmitted to the plant control system 320 via the direct communication line.
- the plant control system 320 uses the respective private availability information corresponding to the received availability information. And decrypt (step S602).
- the availability information transmitted from the change execution device 210 does not necessarily include availability information corresponding to all the facilities controlled by the plant control system 320. Then, it may be considered that the availability information transmitted from the change execution device 210 is not distinguished as to which equipment each availability information corresponds to. In this case, the plant control system 320 decrypts the respective availability information with each secret key corresponding to the equipment to be controlled. Then, if the plant control system 320 can decrypt the usage information, it recognizes that the usage information is the availability information of the facility corresponding to the secret key used for the decryption.
- the plant control system 320 applies the instruction from the service provider S included in the decrypted data of each availability information to the corresponding facilities, and the respective availability information Is transmitted to the change implementation device 210 through a direct communication line.
- the service provider S controls the execution of the services provided by the respective facilities controlled by the plant control system 320.
- step S513 the change implementation device 210 registers the application result data transmitted from the plant control system 320 in the block chain 20.
- the service provider S can check the application result data registered in the block chain 20 by the change execution device 210, and check the service execution status of each facility controlled by the plant control system 320.
- the change content checker C can check the data of the application result registered in the block chain 20 by the change execution device 210, and check the data of the execution result of the service corresponding to each requested facility.
- the service provider S (approver) is a service of the respective facilities.
- the availability information for instructing execution or stop is encoded using the public key of the corresponding facility and registered in the block chain 20.
- the plant control system 320 decrypts the transmitted availability information using the corresponding facility's private key, and then executes the service of the additional function corresponding to each facility. That is, by using the public key and the secret key corresponding to each facility, it is possible to prevent application of erroneous availability information to each facility controlled by the plant control system 320. Thereby, the same effect as the remote service system 4 can be obtained.
- the remote service system 5 also adopts a data management method that makes it difficult to falsify data, both the service provider S (approver) and the change content checker C (requester) are questionable. Instead, it is possible to control the usage permission or the usage suspension of the service provided by the service provider S (approver).
- the service provider S decides to permit or discontinue use of the service in response to the service usage request issued by the change content checker C (requester)
- the change content checker C requester
- the parameter value change, setting change, initialization, program update, etc. in the additional functions executed corresponding to the respective facilities controlled by the plant control system 320 are also based on the same concept.
- the service provider side can control independently.
- the service provider S can be registered by registering in the block chain a program (smart contract code) that executes processing according to the predetermined rules on the service provider side and the plant side.
- the configuration may also be such that the processing or work by (the approver) is performed automatically.
- encoding of availability information using the public key of the corresponding facility can also be automatically performed by a program of a smart contract code registered in the block chain, such as an encoding processing program.
- the service provider S erroneously instructs to encode the availability information, or the third party misrepresents the usage authorization information due to impersonation or falsification of the user by the third party. It can be prevented.
- the change confirmation device 200 associates data of “request information + requester signature” in which a request (request information) for use of the service corresponding to the facility 320a input by the change content confirmer C is linked to the requester signature. , Register in the block chain 20. At this time, the change confirmation device 200 registers the request information in the block chain 20 without encoding. This is because if the service provider S, that is, the change request device 100 or the block chain 20 does not have the secret key 52a corresponding to the facility 320a, the request information is encoded and registered in the block chain 20. This is because the service provider S can not decrypt the request information and can not confirm the content of the request information.
- the service provider S operates the change request apparatus 100 to confirm the content of the request information, and the use availability information corresponding to the facility 320a is linked with the signature of the service provider S (approver)
- the data of the permission information + approver signature ”and the information specifying the encoding processing program are transmitted to the block chain 20.
- the service provider S gives the encoding processing program that it is "equipment 320a" as an argument.
- the block chain 20 automatically encodes the received “availability information” data using the public key 51 a of the facility 320 a by the encoding processing program, and registers the data in the block chain 20.
- encoding is performed when the signature confirmation processing program confirms that the approver signature confirmed by each data server device is, for example, a correct approver signature by a majority or more of the data server devices.
- the processing program encodes and registers the received "availability information" data using the public key 51a of the facility 320a.
- the coding processing program when the coding processing program is registered in the block chain 20 as the smart contract code program in the remote service system 5, the coding processing program is used after the service provider S approves the availability information. After encoding using the public key of the corresponding facility, the availability information is registered in the block chain 20. In other words, when the coding processing program is registered in the block chain 20 as the smart contract code program in the remote service system 5, the coding processing program finally causes the change execution device 210 to use the availability information in the plant. Before transmission to the control system 320, the availability information is encoded using the public key of the corresponding facility and registered in the block chain 20.
- the change performing device 210 transmits the encoded availability information registered in the block chain 20 to the plant control system 320 as it is. That is, the change execution device 210 sends the plant control system 320 the availability information after encoding registered in the block chain 20 without checking the signature of the service provider S (approver signature) or the like. Transmit
- the service provider S that is, the change request apparatus 100 codes an argument representing the facility to be controlled.
- the availability information can be automatically encoded and registered in the block chain 20 by being provided to the processing program.
- the availability information for the service provider S (approver) to instruct execution or stop of the service in each facility May be encoded using the public key of the corresponding facility and then transmitted to the plant control system 320.
- the plant control system 320 decrypts the transmitted availability information using the private key of the corresponding facility, and then executes the service of the additional function corresponding to each facility.
- the third party prevents the third party from impersonating or tampering with the user. be able to.
- the secret key used by the plant control system 320 to decrypt the availability information is not registered in the block chain 20, it is conceivable that a third party may impersonate or falsify the user. Then, if the private key used by the plant control system 320 to decrypt the availability information is altered due to falsification, the service provider S does not correctly apply the service execution or stop instruction to the plant control system 320. It will be.
- the plant control system 320 has a mechanism for confirming whether the secret key used to decrypt the availability information and the public key used to encode the availability information match. Conceivable. In other words, it is considered desirable to have a mechanism capable of detecting the presence or absence of tampering of the private key.
- the remote service is provided with a mechanism that can detect the presence or absence of tampering of the private key of the plant control system 320, that is, can check whether the public key and the private key match.
- the system is described as "remote service system 6".
- a program for executing processing for confirming the agreement between the secret key and the public key corresponding to the respective facilities controlled by the plant control system 320 has been previously described. It is registered in the block chain 20. Then, the remote service system 6 automatically executes the secret key confirmation processing program registered in the block chain 20 at predetermined time intervals, so that the public key and the secret key match each other? Whether or not to detect regularly. Therefore, in the process of confirming whether the public key and the secret key match, the process by the change request device 100 or the change confirmation device 200, that is, the operation by the service provider S or the change content confirmer C is required. And not.
- FIG. 12 is a block diagram showing a schematic configuration of the remote service system in the sixth embodiment.
- the remote service system 6 is configured by a block chain 20 in which a secret key confirmation processing program is registered.
- FIG. 12 shows a state in which the secret key confirmation processing program 20 d is registered in the block chain 20. Further, the block chain 20 is connected to a change execution device 210 for transmitting data with the plant control system 320.
- the block diagram shown in FIG. 12 is a configuration for confirming the agreement between the public key and the secret key. More specifically, FIG. 12 shows the configuration in the case where the presence or absence of tampering of the secret key 52a corresponding to the facility 320a controlled by the plant control system 320 is detected. 12, the change request device 100 and the service provider S, and the change confirmation device 200 and the change content confirmation person C are omitted from FIG. 10 regardless of the process of confirming the agreement between the public key and the secret key. doing.
- the other configuration of the remote service system 6 shown in FIG. 12 is the same as the configuration of the remote service system 4 or the remote service system 5. Therefore, in the following description, the detailed description regarding the same configuration and operation as the remote service system 4 and the remote service system 5 is omitted, and the configuration for confirming the agreement between the public key and the secret key in the remote service system 6 And focus on the operation.
- the secret key confirmation processing program 20d registered in the block chain 20 is automatically executed at predetermined time intervals, thereby matching the public key with the secret key. Confirm.
- the secret key confirmation processing program 20d is a smart contract code program. That is, the secret key confirmation processing program 20d is a program that can make it difficult to falsify the program and, for example, can not be illegally executed by a third party.
- the secret key confirmation processing program may be a part of the function of the encoding processing program described in the remote service system 5 for encoding the availability information using the public key of the corresponding facility. Also, conversely, part of the functions of the secret key confirmation processing program may be the encoding processing program described in the remote service system 5.
- the secret key confirmation processing program 20d stores a public key predetermined between each of the facilities controlled by the plant control system 320. That is, the secret key confirmation processing program 20d stores a public key paired with a secret key corresponding to each facility controlled by the plant control system 320. 12, the secret key confirmation processing program 20d includes a public key 51a corresponding to the facility 320a controlled by the plant control system 320, a public key 51b corresponding to the facility 320b, and a public key 51c corresponding to the facility 320c. The state which memorizes each is shown. Then, when the secret key confirmation processing program 20 d is automatically executed at predetermined time intervals, the secret key corresponding to each facility possessed by the plant control system 320 and each stored key are stored. Confirm the agreement with the public key corresponding to the equipment.
- the secret key confirmation plaintext is a character string (text) created by the secret key confirmation processing program 20d.
- the secret key confirmation plaintext may be a predetermined character string or an arbitrary (random) character string.
- the plant control system 320 adds a signature to the secret key confirmation plaintext transmitted from the secret key confirmation processing program 20d using the secret key it holds, and sends it back to the secret key confirmation processing program 20d.
- the secret key confirmation processing program 20d confirms the signature added to the secret key confirmation plaintext returned from the plant control system 320.
- the secret key confirmation processing program 20d determines whether or not a pair of the secret key corresponding to each facility possessed by the plant control system 320 matches the stored public key.
- the plant control system 320 encodes the plaintext for secret key confirmation using the private key it holds, and encodes the plaintext for secret key confirmation (hereinafter referred to as a secret key confirmation code text) as a secret key confirmation processing program. You may reply to 20d. That is, the plant control system 320 is configured to process the secret key confirmation code program in which the same character string as the character string of the plaintext for secret key confirmation transmitted from the secret key confirmation processing program 20 d is encoded. You may reply to In this case, the secret key confirmation processing program 20d uses the stored public key to decrypt the secret key confirmation code sentence returned from the plant control system 320.
- the secret key confirmation processing program 20 d compares the decrypted secret key confirmation code text (hereinafter referred to as a secret key confirmation decrypted text) with the secret key confirmation plain text transmitted to the plant control system 320. It is determined whether a pair of a secret key and a public key is identical.
- the change execution device 210 automatically performs transmission of the secret key confirmation plaintext 21d to the plant control system 320, reception of the secret key confirmation codetext 22d, and registration in the block chain 20.
- FIG. 13 is a sequence diagram showing the flow of processing in the remote service system 6 of the sixth embodiment.
- the processing sequence illustrated in FIG. 13 is a processing sequence in the case where the agreement between the public key and the secret key is confirmed. More specifically, in FIG. 13, it is confirmed whether or not the public key 51a stored in the secret key confirmation processing program 20d and the secret key 52a possessed by the plant control system 320 match. It is a processing sequence.
- FIG. 13 shows an example of the process flow in each of the block chain 20 constituting the remote service system 6, the change execution device 210 connected to the block chain 20, and the plant control system 320.
- the processing of the secret key confirmation processing program 20 d is shown as processing of the block chain 20.
- the public key corresponding to each facility controlled by the plant control system 320 is already stored in the secret key confirmation processing program 20d. That is, the public key 51a corresponding to the facility 320a, the public key 51b corresponding to the facility 320b, and the public key 51c corresponding to the facility 320c are already stored in the secret key confirmation processing program 20d.
- the plant control system 320 sends back a secret key confirmation code sentence obtained by encoding a secret key confirmation plain text to the secret key confirmation processing program 20 d will be described.
- the secret key confirmation processing program 20d creates the secret key confirmation plain text 21d.
- the data is temporarily stored (step S701).
- the secret key confirmation plaintext 21d created by the secret key confirmation processing program 20d also includes information indicating that it is the secret key confirmation plaintext 21d for any equipment controlled by the plant control system 320. Therefore, the secret key confirmation plaintext 21d created by the secret key confirmation processing program 20d in step S701 includes information indicating that it is the secret key confirmation plaintext 21d for the facility 320a.
- the secret key confirmation processing program 20d outputs the data of the created secret key confirmation plaintext 21d to the change performing device 210 (step S702).
- the change implementation device 210 transmits the data of the secret key confirmation plaintext 21d output from the secret key confirmation processing program 20d to the plant control system 320 via the direct communication line (step S703).
- the plant control system 320 when the plant control system 320 receives the data of the secret key confirmation plaintext 21d transmitted from the modification execution device 210 directly through the communication line, the plant control system 320 applies to any of the facilities included in the received secret key confirmation plaintext 21d. Information representing that it is the secret key confirmation plaintext 21d is confirmed. Thereafter, the plant control system 320 encodes the received data of the secret key confirmation plaintext 21d using the corresponding equipment's private key (step S704). More specifically, the plant control system 320 confirms that the received secret key confirmation plaintext 21d is the secret key confirmation plaintext 21d for the facility 320a. Then, the plant control system 320 encodes the received data of the secret key confirmation plaintext 21d using the secret key 52d corresponding to the facility 320a to create a secret key confirmation code sentence 22d.
- the plant control system 320 transmits the encoded plaintext data for secret key confirmation, that is, the code sentence for secret key confirmation, to the change execution device 210 via the direct communication line (step S705). More specifically, the plant control system 320 transmits the data of the created secret key confirmation code sentence 22d to the change execution device 210 through the direct communication line. The plant control system 320 automatically adds a plant control system 320 signature (plant signature) to the data of the secret key confirmation code sentence 22d to be transmitted to the change execution device 210, and transmits it to the change execution device 210. It is also good.
- plant signature plant signature
- the change performing device 210 registers the received data of the secret key confirmation code sentence in the block chain 20 (step S706). ).
- the secret key confirmation code sentence 22 d is registered in the block chain 20.
- the change execution device 210 automatically adds a signature representing the change execution device 210 to the data of the secret key confirmation code to be registered in the block chain 20, and a predetermined key of the change execution device 210 (public key , “Secret key confirmation code sentence + signature” data may be registered in the block chain 20 after encoding using a secret key, a common key, and the like.
- the secret key confirmation processing program 20d receives the data of the registered secret key confirmation code sentence. And decrypt using the public key of the corresponding facility (step S 707). More specifically, in step S701, the secret key confirmation processing program 20d creates a secret key confirmation plain text 21d for the facility 320a. Therefore, the secret key confirmation processing program 20d decrypts the data of the secret key confirmation code sentence 22d registered in the block chain 20 using the public key 51a corresponding to the facility 320a, and obtains the secret key confirmation decrypted text. create.
- the secret key confirmation processing program 20d matches the secret key 52a corresponding to the facility 320a possessed by the plant control system 320 with the stored public key 51a based on the created secret key confirmation decryption text. (Step S708). More specifically, the secret key confirmation processing program 20d compares the character string of the created secret key confirmation decrypted text with the transmitted character string of the secret key confirmation plain text, and the respective character strings match. Check if it is If the character string of the secret key confirmation decrypted text matches the character string of the secret key confirmation plain text, the secret key confirmation processing program 20 d determines that the secret key 52 a is not falsified. Can. On the other hand, when the character string of the secret key confirmation decrypted text and the character string of the secret key confirmation plain text do not match, the secret key confirmation processing program 20 d determines that the secret key 52 a is falsified. Can.
- the secret key confirmation processing program 20d sequentially executes the processing of steps S701 to S708 described above for each of the facilities controlled by the plant control system 320. Thereby, the agreement between the secret key corresponding to all the facilities controlled by the plant control system 320 and the stored public key is confirmed. Thereby, the presence or absence of falsification of the secret key can be confirmed (judged) for each of the facilities controlled by the plant control system 320.
- the remote service system 6 is smart to execute processing for confirming the agreement between the secret key and the public key corresponding to each facility controlled by the plant control system 320.
- a secret key confirmation processing program 20d which is a program of contract code, is registered in the block chain 20. Then, by automatically executing the secret key confirmation processing program 20d at predetermined time intervals, it is periodically confirmed whether the public key and the secret key coincide with each other.
- the availability of the service corresponding to each of the facilities controlled by the plant control system 320 and the availability information for controlling the suspension of use are not correctly applied to the facilities of the target, etc. It is possible to prevent a failure that may occur due to the mismatch.
- the secret key confirmation processing program 20d by periodically checking the agreement between the public key and the secret key by the secret key confirmation processing program 20d, it is possible to periodically detect the presence or absence of tampering of the secret key possessed by the plant control system 320. This makes it possible to prevent third parties from tampering with the secret key (including replacement of the secret key) at a high security level.
- the confirmation of the agreement between the public key and the secret key in the remote service system 6 is not limited to being performed periodically.
- the service provider S operates the change request device 100 to confirm the secret key. It may be performed irregularly by executing the processing program 20d.
- the public key and the secret may not be correctly applied to the target facility, such as availability permission information for controlling the usage permission and the usage suspension of the service corresponding to each facility controlled by the plant control system 320.
- the presence or absence of tampering with the private key can be detected at any time.
- the remote service system 6 the case of detecting the presence or absence of tampering with the secret key used for decryption of the availability information applied to each of the facilities controlled by the plant control system 320 has been described.
- the concept of detecting the presence or absence of tampering with the key is not limited to the secret key used for decryption of the availability information.
- it is used when adding a signature to change information representing the change content of the parameter value of each facility or the change content of the setting of the facility.
- the same concept as the remote service system 6 may be applied to the detection of the presence or absence of tampering with the secret key.
- the remote service system 6 the case where the presence or absence of tampering of the private key possessed by the plant control system 320 is detected by the private key confirmation processing program 20d has been described. However, if the reliability of the private key possessed by the plant control system 320 is high, that is, it is confirmed that the private key has not been falsified, the public key and the private key by the private key confirmation processing program 20d The process of confirmation of the match may be used to detect whether the public key has been tampered with. As an example in which the public key may be falsified, it is not the direct falsification of the public key registered in the block chain 20, but the falsification after the public key is taken out of the block chain 20, etc. Conceivable. The process of confirming the agreement between the public key and the secret key by the secret key confirmation processing program 20d may be used to detect the presence or absence of tampering of each key.
- the availability information for instructing the execution or stop of the service such as the additional function from the service provider side providing the remote service system.
- the availability information registered in the block chain is directly transmitted to the component (plant control system 320) to be controlled.
- the use permission or the use stop of the provided service can be obtained without obtaining the approval of the plant receiving the provided service.
- the service provider side can control independently.
- the availability information for instructing the execution or stop of the service in each facility is Encode using the public key of the corresponding facility and register in the block chain.
- each component plant control system
- each component plant control system
- the service is executed in each of the facilities controlled by 320).
- the availability information registered in the block chain by the service provider is erroneously applied to different components, that is, It is possible to prevent the service from being executed due to an incorrect component.
- a smart for executing processing for confirming the agreement between the secret key and the public key corresponding to the component to be controlled (the facility 320a controlled by the plant control system 320) based on the availability information
- the contract code program secret key confirmation processing program 20d
- the contract code program is registered in the block chain.
- by executing the program of the smart contract code periodically or irregularly it is confirmed whether the public key and the secret key match. That is, in the sixth embodiment, it is determined whether or not the secret key used to decrypt the availability information applied to the component to be controlled matches the public key used to encode the availability information. Confirm regularly or irregularly.
- the remote service system of the sixth embodiment it is possible to prevent such a problem that the availability information registered in the block chain by the service provider is not correctly applied due to the mismatch between the public key and the secret key. be able to.
- the presence or absence of tampering of the key possessed by each component is detected by periodically or irregularly checking the agreement between the public key and the secret key by the program of the smart contract code. can do. This makes it possible to prevent tampering of the key by a third party at a high security level.
- the remote service system adds (adds) a signature to change information in a chained manner (time series) in each step. Apply the changes to the equipment, which have been sequentially confirmed by multiple users.
- data used to provide facility operation (operation) and services such as change information, availability information, and keys, are maintained at a high security level by various methods.
- each remote service system has been described as being applied to a power plant.
- the plant to which the remote service system of the present invention is applied is not limited to the power plant, and can be applied to various plants.
- the concept of the remote service system according to the present invention is not limited to application to a plant, and it is possible to remotely change, for example, change or adjustment of parameter values set for equipment or change of equipment settings.
- the control system can be applied to various control systems. For example, even in the case of updating parameter values in a control system of equipment installed in a conflict zone, or a control system installed in a place where people are hard to go out (for example, an offshore wind turbine etc.) The idea of can be applied.
- a program for realizing processing by each component for realizing the function of the remote service system such as the change request device 100, the change confirmation device 200, and the change execution device 210 provided in the remote service system 1
- the above-described various processes related to the remote service system according to each embodiment of the present invention are performed by recording the program in a computer readable recording medium, reading the program recorded in the recording medium, and executing the program.
- the “computer system” referred to here may include an OS and hardware such as peripheral devices.
- the "computer system” also includes a homepage providing environment (or display environment) if the WWW system is used.
- “computer readable recording medium” refers to flexible disks, magneto-optical disks, ROMs, writable nonvolatile memories such as flash memories, portable media such as CD-ROMs, hard disks incorporated in computer systems, etc. Storage devices.
- the “computer-readable recording medium” is a volatile memory (for example, DRAM (Dynamic Memory) inside a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line).
- DRAM Dynamic Memory
- the program which holds the program for a fixed time is included.
- the program may be transmitted from a computer system in which the program is stored in a storage device or the like to another computer system via a transmission medium or by transmission waves in the transmission medium.
- the “transmission medium” for transmitting the program is a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
- the program may be for realizing a part of the functions described above.
- it may be a so-called difference file (difference program) that realizes the above-described functions in combination with a program already recorded in the computer system.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Automation & Control Theory (AREA)
- Quality & Reliability (AREA)
- Manufacturing & Machinery (AREA)
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
- Selective Calling Equipment (AREA)
Abstract
Description
本願は、2018年01月15日に、日本に出願された特願2018-004430号に基づき優先権を主張し、その内容をここに援用する。
以下、本発明の実施形態について、図面を参照して説明する。第1の実施形態の遠隔サービスシステムは、発電プラントなどのプラント内に配置された設備の設定条件の変更を、遠隔地から行うシステムである。以下の説明においては、第1の実施形態の遠隔サービスシステムが、発電プラントに適用されているものとして説明する。そして、以下の説明においては、第1の実施形態の遠隔サービスシステムが、発電プラントに配置された設備の設定条件を変更するために、設備を制御する制御機器が設備に対して設定するパラメータ値を変更するものとして説明する。
次に、第2の実施形態について説明する。第2の実施形態の遠隔サービスシステムも、発電プラントなどのプラント内に配置された設備の設定条件の変更を、遠隔地から行うシステムである。
次に、第2の実施形態の変形例について説明する。第2の実施形態の変形例では、遠隔サービスシステム2を構成する変更実施装置210が、プラントネットワーク装置300に設備の設定条件の変更の実施を要求したことを表す情報を、ブロックチェーン20に登録することが、第2の実施形態の遠隔サービスシステム2の動作と異なる。従って、以下の説明においては、第2の実施形態の遠隔サービスシステム2の動作と異なる変形例の動作のみを説明する。
次に、第3の実施形態について説明する。第3の実施形態の遠隔サービスシステムも、上述の各実施形態と同様に、発電プラントなどのプラント内に配置された設備の設定条件の変更を、遠隔地から行うシステムである。
ここで、第4の実施形態について説明する。第4の実施形態の遠隔サービスシステムは、サービス事業者が、提供するサービスの利用許可や利用停止などの制御を遠隔地から行うシステムである。なお、第4の実施形態の遠隔サービスシステムは、遠隔サービスシステム2においてサービスの利用許可や利用停止などを制御する構成の一例である。
ここで、遠隔サービスシステム4において、プラント制御システム320が実行するそれぞれの設備に対応した付加機能ごとに、提供するサービスの利用許可や利用停止の制御をする場合を、第5の実施形態として説明する。なお、以下の説明においては、プラント制御システム320が実行するそれぞれの設備に対応した付加機能ごとに提供するサービスの利用許可や利用停止の制御をする構成の遠隔サービスシステムを、「遠隔サービスシステム5」として説明する。
ここで、遠隔サービスシステム5において、プラント制御システム320が利用可否情報の復号化に用いる秘密鍵の改ざんの有無を検出する仕組みを、第6の実施形態として説明する。なお、以下の説明においては、プラント制御システム320の秘密鍵の改ざんの有無を検出する、つまり、公開鍵と秘密鍵とが一致しているか否かを確認することができる仕組みを備えた遠隔サービスシステムを、「遠隔サービスシステム6」として説明する。
また、本発明は前述した説明によって限定されることはなく、添付のクレームの範囲によってのみ限定される。
10 ネットワーク
20 ブロックチェーン
20a,20b,20c 署名確認処理プログラム
20d 秘密鍵確認処理プログラム
21d 秘密鍵確認用平文
22d 秘密鍵確認用符号文
100 変更要求装置
200 変更確認装置
210 変更実施装置
300 プラントネットワーク装置
310 ファイヤーウォール
320 プラント制御システム
320a、320b,320c 設備
330 データダイオード
51a,51b,51c 公開鍵
52a,52b,52c 秘密鍵
Claims (25)
- 設備に対して適用する制御内容を表す制御情報に第1の署名を付加して送信する第1のコンピュータ端末と、
前記制御情報が表す前記制御内容を前記設備に対して適用させる第2のコンピュータ端末と、
を備え、
前記第1のコンピュータ端末と前記第2のコンピュータ端末とは、
第1の通信ネットワークによって接続され、
前記第2のコンピュータ端末と前記設備とは、
第2の通信ネットワークによって接続されている、
遠隔サービスシステム。 - 前記第1の通信ネットワークに接続され、前記制御情報に付加された前記第1の署名が正しい署名であり、前記制御情報が前記設備に対して適用することができる前記制御内容を表している場合に、前記制御情報にさらに第2の署名を追加して送信する第3のコンピュータ端末、
をさらに備え、
前記制御情報は、
前記設備の設定条件を変更する変更内容を表す変更情報であり、
前記第1のコンピュータ端末は、
前記設備に対する前記変更内容を受け付け、受け付けた前記変更内容を表す前記変更情報に前記第1の署名を付加して送信し、
前記第3のコンピュータ端末は、
前記変更情報に付加された前記第1の署名が正しい署名であり、前記変更情報が前記設備に対して適用することができる前記変更内容を表している場合に、前記変更情報にさらに前記第2の署名を追加して送信し、
前記第2のコンピュータ端末は、
前記変更情報が表す前記変更内容を前記設備に対して適用させる、
請求項1に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記変更情報に付加された前記第1の署名および前記第2の署名が正しい署名である場合に、前記変更情報が表す前記変更内容を前記設備に対して適用させる、
請求項2に記載の遠隔サービスシステム。 - 前記変更情報は、
前記変更内容を適用させる前記設備を識別する設備識別情報が含まれている、
請求項2または請求項3に記載の遠隔サービスシステム。 - 前記制御情報は、
前記設備における付加機能の実行または停止を指示する指示内容を表す指示情報であり、
前記第1のコンピュータ端末は、
前記指示情報に前記第1の署名を付加して送信し、
前記第2のコンピュータ端末は、
前記指示情報が表す前記指示内容を前記設備に対して適用させる、
請求項1に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記指示情報に付加された前記第1の署名が正しい署名である場合に、前記指示情報が表す前記指示内容を前記設備に対して適用させる、
請求項5に記載の遠隔サービスシステム。 - 前記第1の通信ネットワークに接続され、前記設備における前記付加機能の実行の要求を受け付け、受け付けた前記要求を表す要求情報に第2の署名を付加して送信する第3のコンピュータ端末、
をさらに備え、
前記第1のコンピュータ端末は、
前記要求情報に付加された前記第2の署名が正しい署名であり、前記要求情報が前記設備に対して適用することができる前記要求である場合に、前記指示情報を送信する、
請求項6に記載の遠隔サービスシステム。 - 前記第1の通信ネットワークは、
公共の通信ネットワークであり、
前記第2の通信ネットワークは、
専用の通信回線である、
請求項1から請求項4のいずれか1項に記載の遠隔サービスシステム。 - 前記第1の通信ネットワークは、
ブロックチェーンが構築された通信ネットワークであり、
前記第2の通信ネットワークは、
専用の通信回線である、
請求項1から請求項7のいずれか1項に記載の遠隔サービスシステム。 - 前記第1の署名は、
前記ブロックチェーンが実行する署名確認処理プログラムによって、正しい署名であるか否かが確認される、
請求項9に記載の遠隔サービスシステム。 - 前記第1の通信ネットワークは、
ブロックチェーンが構築された通信ネットワークであり、
前記第2の通信ネットワークは、
前記設備と直接接続される専用の通信回線である、
請求項5から請求項7のいずれか1項に記載の遠隔サービスシステム。 - 前記指示情報は、
前記指示内容を適用する対象の前記設備に対応する予め定められた第1の鍵と組になっている第2の鍵を用いて符号化される、
請求項11に記載の遠隔サービスシステム。 - 前記指示情報は、
前記ブロックチェーンが実行する符号化処理プログラムによって符号化される、
請求項12に記載の遠隔サービスシステム。 - 前記符号化処理プログラムは、
文字列を前記設備に送信し、前記設備が前記第1の鍵を用いて前記文字列に追加して返信してきた署名を前記第2の鍵を用いて確認することにより、前記第1の鍵と前記第2の鍵とが一致しているか否かを確認する、
請求項13に記載の遠隔サービスシステム。 - 前記符号化処理プログラムは、
前記第2のコンピュータ端末が前記指示内容を対象の前記設備に適用させる前に、前記指示情報を符号化する、
請求項13または請求項14に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記制御内容を適用した前記設備から伝送された適用結果を送信する、
請求項1から請求項15のいずれか1項に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
一方向の通信のみを行うデータダイオードを介して前記設備から伝送された前記適用結果を送信する、
請求項16に記載の遠隔サービスシステム。 - 前記適用結果は、
前記制御内容を適用した前記設備を表す署名が付加されている、
請求項16または請求項17に記載の遠隔サービスシステム。 - 前記適用結果は、
前記設備の効率を算出するためのデータが含まれている、
請求項16から請求項18のいずれか1項に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記適用結果に第3の署名を付加して送信する、
請求項16から請求項19のいずれか1項に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記制御内容を前記設備に伝送したことを表すログ情報を送信する、
請求項16から請求項20のいずれか1項に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記ログ情報に第3の署名を付加して送信する、
請求項21に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記設備から前記適用結果が伝送された日時の情報を付加して送信する、
請求項21または請求項22に記載の遠隔サービスシステム。 - 前記第2のコンピュータ端末は、
前記制御内容を前記設備に伝送した日時の情報を付加した前記ログ情報を送信する、
請求項23に記載の遠隔サービスシステム。 - 前記第1のコンピュータ端末は、
前記ログ情報に付加された日時の情報と、前記適用結果に付加された日時の情報とに基づいて、前記設備に前記制御内容が適用されるまでの遅延時間を確認する、
請求項24に記載の遠隔サービスシステム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/961,456 US11275358B2 (en) | 2018-01-15 | 2018-11-05 | Remote service system |
CN201880086310.6A CN111630812B (zh) | 2018-01-15 | 2018-11-05 | 远程服务系统 |
EP18899908.0A EP3726773B1 (en) | 2018-01-15 | 2018-11-05 | Remote service system |
KR1020207019697A KR102422352B1 (ko) | 2018-01-15 | 2018-11-05 | 원격 서비스 시스템 |
JP2019564311A JP6997217B2 (ja) | 2018-01-15 | 2018-11-05 | 遠隔サービスシステム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2018004430 | 2018-01-15 | ||
JP2018-004430 | 2018-01-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019138668A1 true WO2019138668A1 (ja) | 2019-07-18 |
Family
ID=67218695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2018/041065 WO2019138668A1 (ja) | 2018-01-15 | 2018-11-05 | 遠隔サービスシステム |
Country Status (6)
Country | Link |
---|---|
US (1) | US11275358B2 (ja) |
EP (1) | EP3726773B1 (ja) |
JP (1) | JP6997217B2 (ja) |
KR (1) | KR102422352B1 (ja) |
CN (1) | CN111630812B (ja) |
WO (1) | WO2019138668A1 (ja) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2020028052A (ja) * | 2018-08-14 | 2020-02-20 | 株式会社Skill | データ管理方法 |
US10921786B2 (en) | 2018-06-13 | 2021-02-16 | Mitsubishi Heavy Industries, Ltd. | Information relay device, remote service system, information relay method, and non-transitory computer readable medium |
US20210046842A1 (en) * | 2019-08-14 | 2021-02-18 | Honda Motor Co., Ltd. | Systems and methods for chaining data between electric vehicles and electric vehicle stations |
JP2021077223A (ja) * | 2019-11-12 | 2021-05-20 | 富士通株式会社 | 通信プログラム、通信方法および通信装置 |
JP2022008173A (ja) * | 2020-06-24 | 2022-01-13 | アクシス アーベー | ファクトリデフォルト設定へのリモート再設定の方法及びデバイス |
WO2022210167A1 (ja) * | 2021-03-31 | 2022-10-06 | 三菱パワー株式会社 | 制御システム、処理装置および制御方法 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220114193A1 (en) * | 2018-12-10 | 2022-04-14 | Cambridge Blockchain, Inc. | Systems and methods for data management |
CN114019810A (zh) * | 2021-11-04 | 2022-02-08 | 安天科技集团股份有限公司 | 智能家居路由防入侵方法、智能控制终端及智能家居设备 |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1125196A (ja) * | 1997-07-08 | 1999-01-29 | Nippon Telegr & Teleph Corp <Ntt> | 計算機カードを利用した電子印鑑システム及び決裁方法 |
US20050165939A1 (en) * | 2002-05-30 | 2005-07-28 | Metso Automation Oy | System, communication network and method for transmitting information |
JP2005339312A (ja) * | 2004-05-28 | 2005-12-08 | Konica Minolta Business Technologies Inc | 被管理装置及びその遠隔処理方法 |
JP2011527806A (ja) * | 2008-07-11 | 2011-11-04 | ローズマウント インコーポレイテッド | プロセス計器から得て安全に改ざん防止したデータを供給する方法 |
JP2013232192A (ja) | 2012-04-30 | 2013-11-14 | General Electric Co <Ge> | コントローラを保護するためのシステムおよび方法 |
US20150046697A1 (en) * | 2013-08-06 | 2015-02-12 | Bedrock Automation Platforms Inc. | Operator action authentication in an industrial control system |
JP2017059873A (ja) * | 2015-09-14 | 2017-03-23 | ネットワンシステムズ株式会社 | 遠隔制御装置、及び制御システム |
US20170163733A1 (en) * | 2015-12-02 | 2017-06-08 | Olea Networks, Inc. | System and method for data management structure using auditable delta records in a distributed environment |
JP2018004430A (ja) | 2016-07-01 | 2018-01-11 | セイコーエプソン株式会社 | ガスセルの製造方法、磁気計測装置の製造方法、およびガスセル |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPS4714582Y1 (ja) | 1964-11-05 | 1972-05-25 | ||
CA2612872C (en) * | 1999-07-23 | 2010-01-26 | Avocent Redmond Corp. | Method and system for intelligently controlling a remotely located computer |
DE10005798A1 (de) * | 2000-02-10 | 2001-08-30 | Siemens Ag | Verfahren zum Steuern zusätzlicher Leistungsfunktionen sowie zugehöriges Kommunikationsnetz und zugehöriges Programm |
WO2002078199A2 (en) * | 2001-03-22 | 2002-10-03 | Beepcard Incorporated | A method and system for remotely authenticating identification devices |
ATE523820T1 (de) | 2003-10-17 | 2011-09-15 | Trinary Anlagenbau Gmbh | Computerprogramm zur durchführung eines verfahrens zur vermeidung einer fehlansteuerung einer werkzeugmaschine |
KR100752630B1 (ko) * | 2005-07-11 | 2007-08-30 | 주식회사 로직플랜트 | 저속통신망과 저사양 개인용통신단말기에 최적화된 컴퓨터원격제어방법 및 그 시스템 |
JP4987820B2 (ja) * | 2008-08-11 | 2012-07-25 | 日本電信電話株式会社 | 認証システム、接続制御装置、認証装置および転送装置 |
US8225182B2 (en) * | 2009-10-04 | 2012-07-17 | Mellanox Technologies Ltd. | Processing of block and transaction signatures |
US20140346222A1 (en) * | 2010-12-29 | 2014-11-27 | Justin P. Mastykarz | System and method for management of collected field samples |
JP2013219535A (ja) * | 2012-04-09 | 2013-10-24 | Hitachi Ltd | 遠隔制御管理装置、システム、管理方法、およびプログラム |
US20150213568A1 (en) * | 2014-01-29 | 2015-07-30 | Adobe Systems Incorporated | Location aware selection of electronic signatures |
US11153091B2 (en) * | 2016-03-30 | 2021-10-19 | British Telecommunications Public Limited Company | Untrusted code distribution |
US10270762B2 (en) * | 2016-04-28 | 2019-04-23 | SSenStone Inc. | User authentication method for enhancing integrity and security |
EP3482543B1 (en) * | 2016-07-05 | 2022-01-19 | Innogy Innovation GmbH | Observation system |
-
2018
- 2018-11-05 JP JP2019564311A patent/JP6997217B2/ja active Active
- 2018-11-05 KR KR1020207019697A patent/KR102422352B1/ko active IP Right Grant
- 2018-11-05 WO PCT/JP2018/041065 patent/WO2019138668A1/ja unknown
- 2018-11-05 CN CN201880086310.6A patent/CN111630812B/zh active Active
- 2018-11-05 EP EP18899908.0A patent/EP3726773B1/en active Active
- 2018-11-05 US US16/961,456 patent/US11275358B2/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1125196A (ja) * | 1997-07-08 | 1999-01-29 | Nippon Telegr & Teleph Corp <Ntt> | 計算機カードを利用した電子印鑑システム及び決裁方法 |
US20050165939A1 (en) * | 2002-05-30 | 2005-07-28 | Metso Automation Oy | System, communication network and method for transmitting information |
JP2005339312A (ja) * | 2004-05-28 | 2005-12-08 | Konica Minolta Business Technologies Inc | 被管理装置及びその遠隔処理方法 |
JP2011527806A (ja) * | 2008-07-11 | 2011-11-04 | ローズマウント インコーポレイテッド | プロセス計器から得て安全に改ざん防止したデータを供給する方法 |
JP2013232192A (ja) | 2012-04-30 | 2013-11-14 | General Electric Co <Ge> | コントローラを保護するためのシステムおよび方法 |
US20150046697A1 (en) * | 2013-08-06 | 2015-02-12 | Bedrock Automation Platforms Inc. | Operator action authentication in an industrial control system |
JP2017059873A (ja) * | 2015-09-14 | 2017-03-23 | ネットワンシステムズ株式会社 | 遠隔制御装置、及び制御システム |
US20170163733A1 (en) * | 2015-12-02 | 2017-06-08 | Olea Networks, Inc. | System and method for data management structure using auditable delta records in a distributed environment |
JP2018004430A (ja) | 2016-07-01 | 2018-01-11 | セイコーエプソン株式会社 | ガスセルの製造方法、磁気計測装置の製造方法、およびガスセル |
Non-Patent Citations (1)
Title |
---|
See also references of EP3726773A4 |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10921786B2 (en) | 2018-06-13 | 2021-02-16 | Mitsubishi Heavy Industries, Ltd. | Information relay device, remote service system, information relay method, and non-transitory computer readable medium |
JP2020028052A (ja) * | 2018-08-14 | 2020-02-20 | 株式会社Skill | データ管理方法 |
US20210046842A1 (en) * | 2019-08-14 | 2021-02-18 | Honda Motor Co., Ltd. | Systems and methods for chaining data between electric vehicles and electric vehicle stations |
US11584252B2 (en) * | 2019-08-14 | 2023-02-21 | Honda Motor Co., Ltd. | Systems and methods for chaining data between electric vehicles and electric vehicle stations |
JP2021077223A (ja) * | 2019-11-12 | 2021-05-20 | 富士通株式会社 | 通信プログラム、通信方法および通信装置 |
JP7273312B2 (ja) | 2019-11-12 | 2023-05-15 | 富士通株式会社 | 通信プログラム、通信方法および通信装置 |
JP2022008173A (ja) * | 2020-06-24 | 2022-01-13 | アクシス アーベー | ファクトリデフォルト設定へのリモート再設定の方法及びデバイス |
JP7142128B2 (ja) | 2020-06-24 | 2022-09-26 | アクシス アーベー | ファクトリデフォルト設定へのリモート再設定の方法及びデバイス |
WO2022210167A1 (ja) * | 2021-03-31 | 2022-10-06 | 三菱パワー株式会社 | 制御システム、処理装置および制御方法 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2019138668A1 (ja) | 2021-01-14 |
CN111630812B (zh) | 2023-03-28 |
KR20200096611A (ko) | 2020-08-12 |
CN111630812A (zh) | 2020-09-04 |
JP6997217B2 (ja) | 2022-01-17 |
EP3726773A4 (en) | 2021-02-24 |
US11275358B2 (en) | 2022-03-15 |
EP3726773B1 (en) | 2023-03-15 |
US20210080935A1 (en) | 2021-03-18 |
EP3726773A1 (en) | 2020-10-21 |
KR102422352B1 (ko) | 2022-07-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019138668A1 (ja) | 遠隔サービスシステム | |
KR101979586B1 (ko) | 블록 체인 기반으로 관리되는 사물 인터넷 디바이스 및 그 시스템 및 방법 | |
US10249114B2 (en) | System and method for access control using context-based proof | |
JP6524347B2 (ja) | 情報共有システム | |
US11470158B2 (en) | Systems and methods for asynchronous API-driven external application services for a blockchain | |
CN101202762B (zh) | 用于存储和检索身份映射信息的方法和系统 | |
CN108432180A (zh) | 用于基于pki的认证的方法和系统 | |
CA2948239A1 (en) | Systems and methods for detecting and resolving data inconsistencies among networked devices using hybrid private-public blockchain ledgers | |
CN110679113A (zh) | 使用区块链进行访问控制的工业网络以及访问控制方法 | |
CN104021333A (zh) | 移动安全表袋 | |
CN102077506A (zh) | 用于对等存储系统的安全结构 | |
KR102227578B1 (ko) | 블록체인 네트워크를 이용한 영지식 증명 기반의 인증서 서비스 방법, 이를 이용한 인증 지원 서버 및 사용자 단말 | |
CN110535807B (zh) | 一种业务鉴权方法、装置和介质 | |
US20150304329A1 (en) | Method and apparatus for managing access rights | |
US11275865B2 (en) | Privacy friendly decentralized ledger based identity management system and methods | |
CN112801664B (zh) | 基于区块链的智能合约供应链可信服务方法 | |
US20230259899A1 (en) | Method, participant unit, transaction register and payment system for managing transaction data sets | |
US11924348B2 (en) | Honest behavior enforcement via blockchain | |
JP2022525551A (ja) | データレコードのコピーの分散型台帳システムへの誤伝送の防止 | |
WO2023047136A1 (en) | A security system | |
KR20160006318A (ko) | 전자문서 제공 서비스를 위한 인증방법, 전자문서 제공 서비스 방법 및 시스템 | |
US20240086905A1 (en) | Mitigation of cryptographic asset attacks | |
KR20110087885A (ko) | 서비스 보안시스템 및 그 방법 | |
KR20230011801A (ko) | 실시간 위치 증명 기반 블록체인 인증을 이용한 사용자 인증 시스템 및 이체 시스템 | |
US20180332028A1 (en) | Method For Detecting Unauthorized Copies Of Digital Security Tokens |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18899908 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2019564311 Country of ref document: JP Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 20207019697 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2018899908 Country of ref document: EP Effective date: 20200713 |