WO2022269734A1 - Relay and manufacturing information management system - Google Patents
Relay and manufacturing information management system Download PDFInfo
- Publication number
- WO2022269734A1 WO2022269734A1 PCT/JP2021/023504 JP2021023504W WO2022269734A1 WO 2022269734 A1 WO2022269734 A1 WO 2022269734A1 JP 2021023504 W JP2021023504 W JP 2021023504W WO 2022269734 A1 WO2022269734 A1 WO 2022269734A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- address
- repeater
- manufacturing
- upstream
- Prior art date
Links
- 238000004519 manufacturing process Methods 0.000 title claims abstract description 171
- 238000004891 communication Methods 0.000 claims abstract description 96
- 238000011144 upstream manufacturing Methods 0.000 claims abstract description 84
- 230000005540 biological transmission Effects 0.000 claims abstract description 13
- 238000003860 storage Methods 0.000 claims description 22
- 238000009826 distribution Methods 0.000 claims description 8
- 238000007726 management method Methods 0.000 description 29
- 238000012545 processing Methods 0.000 description 27
- 238000000034 method Methods 0.000 description 15
- 230000005021 gait Effects 0.000 description 14
- 238000012544 monitoring process Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 238000012827 research and development Methods 0.000 description 8
- 238000013474 audit trail Methods 0.000 description 7
- 230000000694 effects Effects 0.000 description 7
- 238000011143 downstream manufacturing Methods 0.000 description 5
- 238000011194 good manufacturing practice Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 239000003814 drug Substances 0.000 description 3
- 238000012806 monitoring device Methods 0.000 description 3
- 239000000126 substance Substances 0.000 description 3
- 230000004913 activation Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000003745 diagnosis Methods 0.000 description 2
- 230000003183 myoelectrical effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000033228 biological regulation Effects 0.000 description 1
- 230000037237 body shape Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011109 contamination Methods 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000007905 drug manufacturing Methods 0.000 description 1
- 230000006698 induction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 239000000843 powder Substances 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
Definitions
- the present invention relates to repeaters that are attached one by one to devices that have not been connected to a network or devices that have been connected only to a local LAN.
- the present invention relates to a repeater capable of relaying information to a network, and a manufacturing information management system capable of centrally managing manufacturing information.
- downstream devices can be easily relayed to a LAN controlled by a single server computer (hereinafter referred to as a server), and external information such as user information can be sent upstream or downstream of the network from the relay.
- the present invention relates to a repeater and a manufacturing information management system capable of interrupting a network and relaying processing information, manufacturing information, etc. processed on the upstream side or downstream side of a network based on external information.
- Login of manufacturing equipment driven by a programmable logic controller, etc., which was used independently of the network (hereafter referred to as PLC manufacturing equipment), and manufacturing equipment, etc. for which spoofing authentication was possible due to unauthorized use of IC cards is guaranteed to be a genuine login based on the user's biometric information, and is suitable for a manufacturing information management system that is required to centrally manage authentication information, manufacturing information, etc. as data for audit trails.
- the present invention relates to a repeater capable of easily adding a biometric authentication device even to a manufactured device that cannot be connected to a server with a general-purpose OS hereinafter.
- the intra-premises LAN refers to a network constructed for a limited range.
- IP addresses are assigned to devices connected to the same network so that they can identify each other.
- IPv4 communication standard which is one of the communication standards
- an IP address consists of four segments, with 0 to 255 as one segment, and only when the upper first to third segments are common. Communication is possible. That is, if the first to third segments are common, communication is possible with an upper limit of 256 units that differ only in the fourth segment.
- a DNS Domain Name System
- OA devices are assigned domain names different from IP addresses.
- the manufacturing equipment with unique addresses that make up the manufacturing line connected to the premises LAN cannot be assigned domain names and managed by a DNS server that operates only with a general-purpose OS. Therefore, it has been difficult to connect all devices to one network and centrally manage authentication information on a server.
- Patent Literature 1 discloses technology for a repeater that adds a user authentication function to manufacturing equipment. According to the technique described in this document, a user authentication server and a plurality of manufacturing devices are communicated via a repeater called a proxy, and an access request for user authentication is issued to the repeater. Sometimes they relay that information to a server. Then, the server performs user authentication, and if the user is determined to be an authorized user, the result of the authentication is relayed from the repeater to the manufacturing equipment, and the manufacturing equipment is operated.
- the technique described in this document is a technique of simply adding a repeater to a device that constitutes a conventional network. It was necessary to reassign IP addresses downstream of the device. Further, according to the configuration of this technology, since a plurality of manufacturing devices are connected downstream of the repeater, even if the server grants access rights, the access rights are not granted to all of the plurality of downstream manufacturing devices. There was a problem that it was not possible to identify which manufacturing equipment was granted access rights.
- Patent Document 2 discloses a plant management technique in which a monitoring terminal for remotely controlling local equipment is connected to a server via a monitoring LAN, while an operator verification unit for login authentication is connected to a server via an authentication LAN.
- an authentication information acquisition device is attached to each local facility, and login authentication information is relayed from the authentication information acquisition device to a server from an operator verification unit connected to an authentication LAN.
- operation information and the like are relayed to the server from a monitoring terminal connected to a monitoring LAN different from the authentication LAN.
- the authentication information and the operation information are relayed to the server by separate LANs, and the authentication LAN and the monitoring LAN coexist.
- an IP address is required for each, which makes it difficult to introduce biometric authentication equipment into existing facilities.
- Patent Document 3 the present applicant does not modify the monitoring equipment applied to the manufacturing equipment, and makes the existing monitoring equipment function only in a state where genuine login authentication is guaranteed, and the monitoring target equipment.
- a technique for monitoring support equipment is disclosed that stores records, login authentication information, and operation information together with time information, and guarantees the authenticity of electronic data output by existing monitoring equipment.
- the function of the operation means is activated so that the operation means of the monitoring equipment can be operated only when the authenticator determination means validates the login authentication.
- the authenticator determination means validates the login authentication.
- the inventors of the present application have found that even if a biometric information acquisition device is added to a device that has been authenticated by spoofing or a PLC manufacturing device, the biometric information acquisition device can be easily introduced and connected to the PLC manufacturing device or the local LAN.
- Patent Document 1 JP-A-2006-99777
- Patent Document 2 JP-A-2012-194762
- Patent Document 3 Japanese Patent Application No. 2020-161581
- the problem to be solved by the present invention is to allow external information such as user information to be interrupted upstream or downstream of the network from a repeater, even if it is a PLC manufacturing device or a device connected only to a local LAN.
- a repeater capable of relaying processing information, manufacturing information, etc. processed on the upstream side or downstream side of a network based on the above, guaranteeing authentic login authentication, and allowing operation information, etc. after login authentication It is to provide a manufacturing information management system that manages at the location.
- a downstream device in which a downstream communication identifier is set in advance for communication with a repeater and an upstream device connected to an upstream network are communicated with each other, and external information interrupting means includes A connectable repeater comprising a first communication means, a first address, a second communication means, a second address, and an address setting means, wherein the first communication means is connected to an upstream network.
- the second communication means is connected to the downstream device, the first address differs only in the individual identifier part that distinguishes it from the upstream distribution credit identifier of another device connected to the upstream network, and the second address is the downstream device setting means for connecting the downstream device to the upstream network through only one line, and setting means for causing the address setting means to set the communication identifier of the transmission source.
- the first address is set to the upstream distribution credit identifier of the repeater and transmitted, and the first information is transmitted to the downstream side.
- the second address is set to the identifier for downstream communication of the repeater and transmitted to the other side.
- a repeater is arranged between an upstream device connected to an upstream network, such as a server, and a downstream device to which a downstream communication identifier has been assigned in advance, such as a drug manufacturing device.
- the communication standard of the network to which the repeater is connected is not limited, and the communication standard of the upstream network may be different from the communication standard of the downstream device and the repeater.
- the upstream network may adopt a communication system based on the IPv6 communication standard
- the downstream device and the repeater may adopt a communication system based on the IPv4 communication standard.
- the individual identifier part that identifies the device is the fourth segment in the case of the communication system based on the IPv4 communication standard, and either four digits of Roman letters or numbers that identify the device in the case of the communication system based on the IPv6 communication standard. It is a part consisting of If a new network standard is developed, it may be the individual identifier part that identifies the device in that standard.
- the external information interrupting means is a device connected to the repeater.
- it may be a non-contact electromagnetic wave reader connected to the repeater via a USB connection, but is not limited.
- the external information may be, for example, user authentication information acquired by the non-contact electromagnetic wave reader, error diagnosis information of downstream equipment, maintenance diagnosis information, and the like.
- the repeater is provided with address setting means, and when data is transmitted from the source and communicated with the upstream device through the upstream network, the data is given a first address and communicated with the downstream device. When communicating, the data is given a second address and communicated.
- the downstream device communicates with the upstream network through only one line and there are no duplicate communication paths between the downstream device and the upstream network, the information sent and received between the downstream device and the upstream device is It becomes unique information, and it is guaranteed that the information is authentic.
- the repeater properly uses two addresses, the repeater and the downstream device are associated on a one-to-one basis, the external information is transmitted upstream or downstream through the repeater, and the repeater When incorporating into a network, there is an advantageous effect that has never existed in the past that address setting is easy.
- the first address is for upstream distribution of other devices.
- the identifier is an IP address that is different only in the fourth segment
- the second address is an IP address that is different only in the fourth segment from the identifier for downstream communication of the downstream device.
- the downstream communication identifier assigned in advance will be An arbitrarily set IP address consisting of four segments (hereinafter referred to as an independent IP address) will suffice. Any address (hereinafter referred to as a local IP address) may be used.
- the first address may be an IP address that differs from other devices connected to the upstream network only in the fourth segment.
- the address may be an IP address that differs from the downstream device only in the fourth segment.
- the first address is an address that differs from other equipment connected to the network only in the fourth segment
- the second address is an arbitrary independent IP address. and the fourth segment should have different addresses.
- the same IP address as the on-premises IP address is given to the first address of the repeater, and the on-premises IP address is given to the second address. It is sufficient to assign an address that is different only in the IP address and the fourth segment, and address setting is very easy.
- the first address of the repeater is set to an address that differs from other devices connected to the new network only in the fourth segment. Just do it.
- the IP address of the device connected to the local LAN may be left unchanged, and the second address may be an address that differs from the local IP address only in the fourth segment.
- the repeater of the second invention can be easily incorporated in the communication standard that has been widely applied in the past, and the external information can be transmitted upstream or downstream through the repeater. It has no beneficial effect.
- a third aspect of the present invention is the repeater according to the first or second aspect, wherein the address setting means uses an upstream device as a transmission source, which is generated according to the first information transmitted to the upstream side.
- the second information is characterized in that the second address is set in the downstream communication identifier of the repeater and transmitted to the downstream device.
- the repeater not only causes the external information interrupting means to transmit the external information, but also causes the upstream device to transmit the first information transmitted to the upstream side, for example, the user information.
- the second information such as login information, operation authority, operation contents according to the authority level, etc., is transmitted to the downstream device.
- important information such as user identification information, operation authority, and operation details according to the authority level can be collectively stored only in the upstream device, and transmitted according to external information.
- important information such as user identification information, operation authority, and operation details according to the authority level can be collectively stored only in the upstream device, and transmitted according to external information.
- the address setting means sets the first address to the upstream distribution credit identifier of the repeater for the third information whose transmission source is the downstream device. It is characterized by transmitting to the upstream device.
- the third information originating from the downstream device can be transmitted to the upstream device via the repeater.
- the third information is information generated in the downstream equipment, for example, defective product occurrence information, manufacturing condition change information, operator information, operation time information, manufacturing equipment error information, consumption This is information such as product replacement timing information. According to the fourth invention, there is an effect that the information generated in the downstream device is transmitted upstream and collectively managed.
- the downstream device is a manufacturing device
- the upstream device is a server
- the first information is user information
- the second information is login authentication.
- information the third information is manufacturing information
- user information, login authentication information, and manufacturing information are stored only in the server together with time information.
- user information, login authentication information, and manufacturing information are collectively managed by the server together with time information.
- time information As a result, even if an audit trail associated with manufacturing is required, it is possible to extract genuine information that has not been tampered with from the server.
- a sixth invention of the present invention is a manufacturing information management system including the repeater of the fifth invention and a biological information acquisition device, wherein the external information interrupting means is a non-contact electromagnetic wave reader.
- the biometric information acquisition device includes biometric information acquisition means, storage means, determination means, and communication means; When it is determined that the user determination information stored in the means matches, the user information is generated by electromagnetic waves by the communication means, and the user information received by the external information interruption means is It is characterized in that it is relayed to the server and login authentication is performed in the server.
- the biometric information acquisition device acquires the user's biometric information, and when it is determined that the biometric information matches the user determination information, the user information is generated by electromagnetic waves.
- the biometric information of the user is not limited, and biometric information unique to the user such as fingerprint, iris, pulse wave, gait, face, myoelectric potential, voiceprint, etc. may be used.
- the biometric information acquisition device is not limited to a wearable terminal device, and may be a device that acquires a user's unique face, voiceprint, or the like, or an IC card that stores a user's fingerprint.
- the user information is not limited to a personal ID identifying the user, and may be a device ID generated by the biometric information acquisition device only when a specific user is identified.
- the electromagnetic wave from the biometric information acquisition device is relayed to the server as the first information by a non-contact electromagnetic wave reader, for example, an RFID reader, which serves as external information interrupting means, and the user information is authenticated by the server.
- a non-contact electromagnetic wave reader for example, an RFID reader, which serves as external information interrupting means
- the user information is authenticated by the server.
- a seventh aspect of the present invention is the manufacturing information management system according to the sixth aspect, wherein the biometric information acquisition device acquires two types of biometric information of the user, and the user determination information is also the biometric information.
- the user information is generated when the determining means determines that both of the biometric information match the biometric information for determination. It is characterized by
- the biometric information acquisition device only needs to acquire two types of biometric information of the user, and the type of biometric information is not limited. Since user information is generated by judging the match between two types of biometric information, the authenticity of user information is guaranteed, spoofing authentication can be reliably eliminated, and the authenticity of login authentication processing on the server is ensured. can be guaranteed.
- An eighth invention of the present invention is the manufacturing information management system of the sixth or seventh invention, wherein the server is a virtual computer by a cloud computing service, and the repeater and the virtual computer are public It is characterized by being connected by a virtual private network that allows the line to be used as a virtual leased line.
- the repeater and the virtual computer are connected by a virtual private network that virtually uses a public line as a dedicated line.
- the repeater uses two addresses properly, the repeater and the downstream device are associated on a one-to-one basis, the external information is transmitted upstream or downstream through the repeater, and the repeater is connected to the network. It has an advantageous effect that has never existed in the past that address setting is easy when it is incorporated into a system.
- a repeater can be easily incorporated in a communication standard that has been widely applied in the past, and external information can be transmitted upstream or downstream through the repeater, which is unprecedented in the past. have a beneficial effect.
- important information can be collectively stored only in the upstream device and transmitted according to external information. It has an advantageous effect of preventing occurrence of unification and occurrence of troublesome labor.
- the fourth invention there is an effect that the information generated in the downstream device can be transmitted upstream and managed.
- the fifth invention even if an audit trail accompanying manufacturing is required, it is possible to extract genuine information that has not been falsified from the server.
- the sixth invention since the user information is generated by reading the user's biometric information, there is an effect that the possibility that the user information is genuine is extremely high.
- the authenticity of user information is guaranteed, spoofing authentication can be reliably eliminated, and the authenticity of login authentication processing in the server can be reliably guaranteed.
- spoofing authentication can be reliably eliminated, and the authenticity of login authentication processing in the server can be reliably guaranteed.
- the eighth invention even when manufacturing pharmaceuticals, it is possible to collectively manage manufacturing data of dispersed factories while complying with "good manufacturing practices for pharmaceutical manufacturing". Even in the event of a disaster, loss of manufacturing data can be prevented.
- FIG. 10 is a flow chart for setting a first address and a second address (Example 1); Explanatory drawing of the whole manufacturing information management system (Example 1). Explanatory drawing of a biometric information acquisition device (Example 1). Explanatory drawing of the other example of a biometric information acquisition device (Example 1). Explanatory drawing of interrupt processing and relay processing in a repeater (Example 1).
- FIG. 2 is a flow diagram up to driving of the manufacturing information management system (Example 1).
- FIG. 2 is a flow chart after driving the manufacturing information management system (Example 1).
- Example 1 the IPv4 communication standard is used as an example to explain the individual identifier that identifies the device.
- the repeater 1 of the first embodiment is connected to a downstream device having an IP address set in advance and an upstream device connected to an upstream network based on the IPv4 communication standard, and external information interrupting means can be connected.
- the downstream equipment is connected to the upstream network through only one line.
- the repeater has a first communication means and a first address for communicating with the upstream device, a second communication means and a second address for communicating with the downstream device, and an address setting means. Two addresses are selectively used by the address setting means so that the external information transmitted from the external information interrupting means, such as data such as user information, can be relayed to either the upstream device or the downstream device.
- the repeater is associated with the downstream device on a one-to-one basis, making it easy to set the IP address.
- FIG. 1(A) shows a device layout diagram before applying the repeater of the present invention in a manufacturing plant.
- FIG. 1(B) shows a device layout diagram to which the present invention is applied.
- FIG. 2A shows a schematic diagram of a repeater.
- FIG. 2B shows a block diagram of the repeater.
- FIG. 3 shows a flow chart for setting the first address and the second address.
- FIG. 4 shows an explanatory diagram of the entire manufacturing information management system.
- FIG. 5(A) shows an example of a biometric information acquisition device that acquires two types of biometric information.
- FIG. 5B shows a block diagram of a biometric information acquisition device that acquires two types of biometric information.
- FIG. 6A shows an example of an IC card type biometric information acquisition device for acquiring one type of biometric information.
- FIG. 6B shows a block diagram of the biometric information acquisition device.
- FIG. 7 shows an explanatory diagram of the interrupt processing of the first information and the relay processing of the second information and the third information.
- FIG. 8 shows a biometric authentication processing flow chart before driving the manufacturing information management system
- FIG. 9 shows a processing flow chart after driving the manufacturing information management system.
- the case where the repeater 1 is introduced into the equipment of a chemical manufacturing plant 1000 is taken as an example, and the upstream equipment is the server 100, and the downstream equipment is the manufacturing equipment 200 or the research and development equipment 210. (See FIG. 1(B)).
- the first information interrupted by the relay device 1 from the external information interrupting means 10 is user information
- the second information relayed from the server 100 to the manufacturing equipment 200 or the like is login authentication information
- the manufacturing equipment 200 or the like is relayed to the server 100.
- the third information will be described as manufacturing information.
- the external information interrupting means 10 a non-contact electromagnetic wave reader that obtains user information by electromagnetic waves by bringing a user's portable object close to it will be described as an example.
- PLC manufacturing equipment In the chemical manufacturing factory 1000, there are independent equipment that has not been connected to a network in the past (hereinafter referred to as PLC manufacturing equipment), PLC manufacturing equipment 201 including a monitoring device, manufacturing equipment 202 that is connected only to the premises LAN 300, and research and development equipment. Groups 210 and the like are arranged to suit the manufacturing process (see FIG. 1(A)).
- the PLC manufacturing equipment 201 is, for example, a tablet manufacturing machine that presses powder to manufacture tablets. It should be noted that the group of equipment surrounded by a frame indicates research and development equipment 210 with high confidentiality.
- the PLC manufacturing equipment 201 including a monitoring device is, for example, a manufacturing device that stores tablets in a PTP sheet, and the monitoring device that is directly connected to the manufacturing equipment inspects for contamination of foreign matter, missing tablets, and the like.
- the group of manufacturing equipment 202 connected only to the on-premises LAN 300 is, for example, a packaging and conveying machine that stacks and wraps PTP sheets. It is connected to the local LAN 300 that is connected to the network.
- An IP address is an address in which one segment is an integer from 0 to 255, and four segments are one unit. For example, [192.168.40.1].
- the fourth segment is assigned a different value in all devices connected to the network. More specifically, the upper three segments have values common to all devices, and the fourth segment is assigned values that do not overlap among all devices.
- this is referred to as "fourth segment difference”.
- a group of manufacturing equipment 202 and a group of research and development equipment 210 connected only to the on-premises LAN 300 or on-premises LAN 302 are managed by on-premises servers 301 and 303, respectively, and are set with on-premises IP addresses that are different from the fourth segment (FIG. 1). (A) see figure). If a plurality of on-premises LANs 300 and 302 are integrated as they are, there is a risk of communication failure occurring due to duplication or inconsistency of on-premises IP addresses. Therefore, it is necessary to reassign IP addresses so that each device is assigned a local IP address that is different from the fourth segment. Moreover, when adding a PLC manufacturing device to the local LAN, it was necessary to search for and assign a local IP address different from the fourth segment as an independent IP address. In either case, the task of re-assigning IP addresses is complicated.
- the general LAN refers to a network constructed over a wider area than the local LAN.
- a single-board computer is a small computer in which only the necessary functional parts are mounted on a single printed circuit board.
- CPU central processing unit
- RAM main memory device
- USB Universal Serial Bus
- the repeater 1 includes a first communication means 30 and a first address for communicating with an upstream device, a second communication means 40 and a second address for communicating with a downstream device, and an address setting means (Fig. 2 (B ) see figure).
- the CPU serves as control means 50 and functions as address setting means.
- the RAM functions as storage means 60 and stores a first address and a second address.
- the storage means 60 also stores an application for driving the control means.
- a LAN cable 31 for communicating with a server as an upstream device and a LAN cable 41 for communicating with a manufacturing device as a downstream device are connected to the two LAN ports so that the first communication means 30 and the second It functions as communication means 40 .
- a USB cable 11 provided in the external information interrupt means 10 can be connected to the USB port 22 serving as an input/output means.
- the external information interrupting means 10 may be a non-contact electromagnetic wave reader, but is not limited to this.
- the other USB port 22 is connected to a notebook-type terminal device 72 (see broken line in FIG. 2(A)) that functions as input means 70 and display means 71, and the like.
- the notebook type terminal device 72 can be connected at the time of initial setting when storing the first address, the second address, and the pre-created application in the storage means. The type terminal device may be removed.
- FIG. 1A also shows the IP addresses of the conventional LANs 300 and 302.
- FIG. 1A shows the IP addresses of the conventional LANs 300 and 302.
- FIG. In order to facilitate understanding, specific values are shown for IP addresses for explanation.
- the group of devices connected to the on-premises LAN 302 surrounded by a frame and the on-premises LAN 300 integrated into the general LAN 400 have the same 10.20.30 from the first segment to the third segment.
- the values of the first to third segments may be different for each local LAN.
- a group of manufacturing equipment 202 connected to a local LAN 300 with the first segment to the third segment set to 10.20.30 is integrated together with the PLC manufacturing equipment 201 into a general LAN 400 that controls the whole.
- a repeater 1 is attached to each piece of equipment (see FIG. 1(B)).
- the group of research and development equipment 210 connected to the on-premises LAN 302 with the first segment to the third segment set to 10.20.30 maintains the on-premises LAN 302 and each device is connected to one repeater. 1 is attached.
- the first address of the repeater 1 that communicates with the upstream is an IP address that is different in the fourth segment from the IP addresses of other devices connected to the upstream network.
- Other devices include not only the server 100 but also other repeaters connected to upstream networks.
- the second address of the repeater that communicates with the downstream device is an IP address that is fourth segment different from the IP addresses of the manufacturing device 200 and the research and development device 210 to which the repeater is attached.
- the manufacturing equipment 200 communicates with other equipment connected to the network only through the repeater 1, even if the IP address of the manufacturing equipment overlaps with that of other manufacturing equipment, network communication failure occurs. never. Therefore, the IP address of the PLC manufacturing equipment 201 can be set arbitrarily, and the manufacturing equipment 202 connected to the premises LAN can use the existing premises IP address as it is, facilitating the IP address setting work (Fig. 1(B) and S110 to S120 of FIG. 3).
- the process proceeds to step 110 (S110). Since the manufacturing equipment connected to the premises LAN has the premises IP address set, the process proceeds to step 120 (S120) (see FIG. 3).
- step 110 set the device address for each downstream device.
- the PLC manufacturing equipment is processed to set an arbitrary unique IP address (S110). For example, [A. B. C. D] is assigned.
- step 120 the manufacturing equipment connected to the local LAN has been previously assigned, for example, [10.20.30. M] is stored (S120) (see FIG. 1(B)).
- a to D are arbitrary integers from 0 to 255.
- step 130 the process proceeds to step 130, where it is selected whether or not to connect the downstream manufacturing device to the general LAN 400 (S130).
- step 140 the process proceeds to step 140 (S140), and as the first address of the repeater, a central IP address different in the fourth segment from the IP address of the server 100, for example, [192.168.30. N (N is an integer from 0 to 255 that is different from other upstream devices)].
- the IP address of the fourth segment different from the device IP address e.g.
- the IP address [10.20.30.0] of the server 301 is assigned, and in the case of the PLC manufacturing equipment 201, [A. B. C. E] is given (S140).
- [A. B. C. E] may be an arbitrary integer from 0 to 255, so for example, the same [10.20.30.0] as the on-premises server 301 may be given.
- step 130 if the repeater 1 is to be connected to the local LAN, proceed to step 150 (S150).
- the first address is the fourth segment for the other equipment connected to the on-premises LAN 302.
- a different local IP address [10.20.30. M].
- a device IP address different in the fourth segment from the downstream device for example, the same IP address [10.20.30.0] as that of the on-premises server 303 is assigned.
- the premises LAN 302 is added to the premises LAN 302, the [A. B. C. E] is given (S150).
- [A. B. C. E] may be an arbitrary integer from 0 to 255, so the same [10.20.30.0] as the local server 303 may be given.
- an IP address in a fourth segment different from that of the server 100 is assigned to the repeater 1, and may be used as the first address, and if the local LAN is to be maintained, the IP address of the original local LAN device may be assigned.
- the IP address assigned to the original local servers 301 and 303 may be set regardless of whether the downstream device is a PLC manufacturing device or a local LAN device, making the address setting work easy. is.
- the manufacturing information management system 2 includes a server 100 serving as an upstream device, a plurality of manufacturing devices 200 (A, B, C, . . . ) serving as downstream devices, and repeaters 1 ( ⁇ , ⁇ , ⁇ . . ), external information interrupting means 10, and a biometric information acquisition device 500 carried by the user.
- manufacturing equipment A is a PLC manufacturing equipment
- manufacturing equipments B and C are manufacturing equipment connected to the same local LAN.
- Each manufacturing equipment 200 is connected to the upstream network, the general LAN 400, via one line via the repeater 1, and is capable of communicating with the server 100.
- the manufacturing equipment 200 is only connected to one repeater 1 through the dedicated second communication means 40, and is independent of other manufacturing equipment.
- the second address of the repeater ⁇ may be an IP address that is different in the fourth segment only from that of the manufactured device A. Even if the second address overlaps with that of the repeater ⁇ or repeater ⁇ , communication failure does not occur.
- the server 100 comprises control means 101, storage means 102, and communication means 103 for communicating with each repeater 1.
- the control means 101 is composed of a central processing unit (CPU), and the user information sent from the intermediary device 1 is collated with the user information for judgment, and the authentication processing means for performing login authentication processing, and the audit for creating an audit trail from the manufacturing information. It functions as a trail creation means.
- the storage means 102 is not limited as long as it is a hard disk, RAM, or the like.
- the storage unit 102 stores in advance user information for determination, user name/authority information linked to the user information, an application that causes the control unit to function, and the like.
- the authentication determining means performs the user login authentication process
- the login authentication information is stored together with the time information as a history of the authentication process.
- the time information of the server may be obtained from the time information obtaining means 104 that obtains the desired standard time through the Internet, GPS, or the like.
- the manufacturing information forming the third information is sent from the manufacturing equipment to the server 100, the manufacturing information is stored together with the time information.
- the audit trail creating means creates an audit trail based on manufacturing information and the like, the audit trail report is stored.
- the information stored in the storage means 102 is not limited to these.
- the server 100 may be provided with a display means 105 and an input means 106 .
- the manufacturing equipment 200 (A, B, C, .
- the control means 220 may be a CPU or the like, and the storage means 221 may be a hard disk or the like.
- the display means 223 and the input means 224 may be touch screen panel devices.
- the control means 220 functions as drive restriction means that prevents the manufacturing equipment 200 from being driven until login authentication information is acquired from the server 100 via the repeater 1 . After the manufacturing equipment is driven, the control means 220 functions as manufacturing information creating means, and every time manufacturing information is created, the updated manufacturing information is transmitted to the server 100 via the repeater 1. function as a means.
- a biometric information acquisition device 500 that acquires two types of biometric information is a combination of a mobile terminal 510 that acquires fingerprint information as biometric information and a shoe insole type gait information acquisition device 520 (FIG. 5A).
- Portable terminal 510 has control means 511 functioning as determination means, storage means 512 , short-range wireless communication means 513 , fingerprint sensor 514 , and electromagnetic wave communication means 515 . It also has a touch screen 516 that functions as display means and input means.
- the storage means 512 stores an application of the control means 511, determination fingerprint information and determination gait information forming determination use biometric information, and user information.
- the short-range wireless communication means 513 is not limited as long as it can communicate with the gait information acquisition device.
- the fingerprint sensor 514 may have a fingerprint authentication function installed in the mobile terminal 510 .
- the electromagnetic wave communication means 515 is not limited as long as it can generate user information by electromagnetic waves and can be read by the non-contact electromagnetic wave reader forming the external information interrupting means 10 . For example, RFID tags and RFID readers are suitable.
- the gait information acquisition device 520 includes a gait acquisition sensor 521 and short-range wireless communication means 522 for sending gait information to the mobile terminal.
- the gait acquisition sensor 521 is attached to the back surface of the insole, and is used by being inserted into the user's shoe together with the insole.
- Gait information refers to characteristic motion information in walking, and refers to general information obtained by estimating sex, age, body shape, step length, etc. from motion.
- the control means 511 When two types of biometric information are acquired and transmitted to the mobile terminal 510, the control means 511 functions as a determination means, the biometric information for determination is read out from the storage means 512, and user determination processing is performed. If it is determined that all of the biometric information matches the biometric information for determination, the operator carrying the biometric information acquisition device 500 is determined to be an authentic person.
- the two types of biometric information are not limited to fingerprints and gait, and may be iris, pulse wave, face, myoelectric potential, voiceprint, etc. Even if the two biometric information acquisition devices are different devices, Of course it is good.
- the portable terminal 510 When the portable terminal 510 is brought close to the non-contact electromagnetic wave reader, the user information is read from the storage means 512 and the user information is generated by the electromagnetic wave communication means 515 by electromagnetic waves.
- the user information whose authenticity is guaranteed is interrupted by the external information interrupting means to the repeater, the repeater transmits the user information to the server, and the server authenticates the user information. This eliminates spoofing authentication and ensures the authenticity of login authentication by the server.
- a non-contact IC card 530 is suitable for a biometric information acquisition device that acquires one type of biometric information (see FIG. 6).
- the contactless IC card 530 has an IC chip 531 on its surface for obtaining biometric information.
- the IC chip 531 includes control means 532 functioning as determination means, storage means 533 , fingerprint sensor 534 , and electromagnetic wave communication means 535 . Since these function in the same manner as the portable terminal described above except that they are integrated into the IC chip 531, the description thereof will be omitted.
- the non-contact IC card 530 When the non-contact IC card 530 is brought close to the non-contact electromagnetic wave reader while the finger registered with the fingerprint is in contact with the IC chip 531 (see FIG. 6A), induction power is generated by the electromagnetic wave. The IC chip is activated. Then, like a normal RFID tag, pre-stored user information is generated by electromagnetic waves, and the user information is read by a non-contact electromagnetic wave reader.
- FIG. 7A shows the flow of the external information interrupt means
- FIG. 7B shows the relay processing of the second information
- FIG. 7C shows the flow of the relay processing of the third information. showing.
- the address setting means sets the first address as the source address in the first information and causes it to be transmitted to the upstream server. (S220). This is the stage before the login determination means is managed by the server, and if the login determination means is held in the manufacturing equipment, the first information is relayed downstream, so that a determination of (No) is made in step 210,
- the second address may be set as the address of the transmission source in the first information and communicated with downstream manufacturing equipment (S230).
- the address setting means changes the second information.
- the second address is set as the address of the transmission source and transmitted to downstream manufacturing equipment (S310).
- the address setting means sets the first address as the transmission source address in the third information, Send it to the upstream server (S410).
- an operator of manufacturing equipment who is a user, wears a biometric information acquisition device (S500).
- “wearing” means, for example, that the operator puts a finger on the fingerprint sensor of the portable terminal or puts on shoes in which the gait information acquisition device is inserted.
- a biometric information acquisition device generates first biometric information (S510).
- the determination means of the biometric information acquisition device collates whether the first biometric information of the operator and the biometric information for determination match, and determines the authenticity of the first biometric information (S520). If it is determined that the first biometric information is not authentic, the biometric authentication is terminated (S530).
- second biometric information of the operator is generated (S540). Authenticity of the second biometric information is determined by the determination means of the biometric information acquisition device in the same manner as the first biometric information (S550). If it is determined that the second biometric information is not authentic, the biometric authentication is terminated (S560). If the second biometric information is also determined to be authentic, the user information stored in the biometric information device is generated by electromagnetic waves (S570). When the biometric information acquisition device is brought close to the non-contact electromagnetic wave reader in this state, the user information forming the first information is acquired (S580).
- system drive processing of the manufacturing information management system is started (S600) (see FIG. 9).
- the processing of the repeater is indicated by enclosing it with a solid line, and the processing of other devices is indicated by enclosing it with a broken line.
- the user information is relayed from the repeater to the server (S610).
- the server acquires the user information
- login authentication processing is performed (S620). If the authentication process succeeds, the server communicates the login authentication information to the repeater (S630).
- the repeater When the repeater acquires the login authentication information, the repeater relays the login authentication information to the manufacturing equipment as a second information relay process (S640).
- the login authentication information is acquired by the manufacturing equipment, the driving regulation of the manufacturing equipment is released, and manufacturing information is generated in the manufacturing equipment (S650). Every time manufacturing information is newly generated, the manufacturing equipment communicates the generated manufacturing information from the manufacturing equipment to the repeater (S660).
- the repeater When the repeater acquires the manufacturing information, the repeater relays the manufacturing information to the server as third information relay processing (S670).
- the server stores the manufacturing information and stores the manufacturing information in such a manner that it can be identified by which manufacturing equipment the manufacturing information was generated (S680).
- FIG. 10A shows an explanatory diagram of a virtual private network.
- FIG. 10B shows a block diagram of a server made up of virtual computers. In FIG. 10B, for easy understanding, the configuration different from that of the server of the first embodiment is enclosed with a thick dashed line.
- the server 110 is a virtual computer based on a cloud computing service, and a virtual private network 111 that uses a public line as a virtual private line connects not only repeaters of a plurality of manufacturing plants 112, 113, and 114 but also the head office building 115. , is also connected to a repeater installed in the branch office building 116 (see FIG. 10(A)).
- the storage means 102 of the server 110 stores the manufacturing information in a state in which each manufacturing plant can be identified, and the management information, which is one of the third information, is stored in a state in which each head office/branch office can be identified. points are different. Specific examples of the management information include, but are not limited to, important information such as order/delivery data, contract data, manufacturing information, and user information.
- one server 110 centrally manages the login authentication processing of a plurality of manufacturing plants, the head office, and branch offices, so it is easy to always keep user information up-to-date, and management effort is reduced. .
- the server 110 is a virtual computer and data is stored on the Internet, even if a large-scale disaster such as an earthquake occurs and the manufacturing plant, head office building, etc. Loss of certain past manufacturing information, user information, management information, etc. can be prevented. Since the server 110 and the repeater communicate with each other through the virtual private network 111, even when manufacturing pharmaceuticals, it is possible to collectively manage the manufacturing data of the dispersed factories while complying with the "Good Manufacturing Practices for Pharmaceutical Manufacturing". can be done.
- the aspect of the biometric information acquisition device is of course not limited to this.
- it may be a wristwatch-type or glasses-type wearable terminal.
- the combination of biometric information to be acquired is also not limited.
- each of the four parts that make up the IP address is called a segment, but it may be called an octet, for example, and the name is of course not limited.
- the communication standard is described as IPv4 both upstream and downstream of the repeater for ease of understanding, but the upstream may be IPv6 and the downstream may be IPv4. Moreover, it goes without saying that the communication standards are not limited to IPv6 and IPv4.
- Communication from the repeater to the upstream network is not limited to wired communication, and may be wireless communication.
- wireless communication it is preferable to use an IC card (also called a SIM card) in which an ID number for identifying a subscriber is recorded for upstream communication from a repeater.
- IC card also called a SIM card
- ID number for identifying a subscriber is recorded for upstream communication from a repeater.
- SIM card also called a SIM card
- Electromagnetic wave communication means 110... server, 111... virtual private network, 112, 113, 114...manufacturing factory, 115...head office building, 116...branch office building
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
[Problem] To provide a relay capable of relaying external information, such as biometric authentication information, upstream or downstream by interrupting the external information even when used with a PLC manufacturing device or a device connected only to a local LAN. [Solution] The connection of external information interruption means to relays allowing communication between downstream devices with preset IP addresses and upstream devices connected to an upstream network is enabled, and the downstream devices are connected to the upstream network through only a single line. The relays have first communication means and first addresses for communicating with the upstream devices, second communication means and second addresses for communicating with the downstream devices, and address setting means. The two addresses are used discriminately by the address setting means, thus making it possible to relay data such as user information having the external information interruption means as a transmission source to either the upstream devices or the downstream devices. Furthermore, the relays are configured to be in one-to-one correspondence with the downstream devices, thus making it easy to set the IP addresses.
Description
本発明は、ネットワークに接続されていなかった機器または構内LANだけに接続されていた機器に一つずつ装着させる中継器に関し、外部情報、例えばログイン認証のためのユーザ情報等を、中継器から割り込ませて、ネットワークに中継させることができる中継器、および、製造情報を統括管理することができる製造情報管理システムに関する。
The present invention relates to repeaters that are attached one by one to devices that have not been connected to a network or devices that have been connected only to a local LAN. The present invention relates to a repeater capable of relaying information to a network, and a manufacturing information management system capable of centrally managing manufacturing information.
詳細には、一つのサーバコンピュータ(以下、サーバという。)により統括されるLANに、下流機器を容易に中継させることができると共に、ユーザ情報等の外部情報を、中継器からネットワークの上流又は下流に割り込ませ、外部情報に基づいてネットワークの上流側又は下流側で処理された処理情報、製造情報等を中継させることができる中継器および製造情報管理システムに関する。
Specifically, downstream devices can be easily relayed to a LAN controlled by a single server computer (hereinafter referred to as a server), and external information such as user information can be sent upstream or downstream of the network from the relay. The present invention relates to a repeater and a manufacturing information management system capable of interrupting a network and relaying processing information, manufacturing information, etc. processed on the upstream side or downstream side of a network based on external information.
ネットワークから独立して使用されていたプログラマブルロジックコントローラ等により駆動されている製造機器(以下、PLC製造機器という。)や、ICカードの不正使用により、なりすまし認証が可能であった製造機器等のログインを、ユーザの生体情報に基づいた真正なログインであることを保証させ、認証情報、製造情報等を監査証跡用のデータとして一元管理することが求められる製造情報管理システムに好適な中継器に関する。
Login of manufacturing equipment driven by a programmable logic controller, etc., which was used independently of the network (hereafter referred to as PLC manufacturing equipment), and manufacturing equipment, etc. for which spoofing authentication was possible due to unauthorized use of IC cards is guaranteed to be a genuine login based on the user's biometric information, and is suitable for a manufacturing information management system that is required to centrally manage authentication information, manufacturing information, etc. as data for audit trails.
具体的には、PLC製造機器や独自に構内LAN用のIPアドレス(以下、独自アドレスという。)が設定された既設の製造機器であり、WINDOWS(登録商標)やLINUX(登録商標)をOS(以下、汎用OSという。)とするサーバには接続できなかった製造機器であっても、生体認証機器を容易に増設することができる中継器に関する。ここで構内LANとは、限定された範囲を対象として構築されたネットワークを称している。
Specifically, it is a PLC manufacturing device or an existing manufacturing device that has a unique IP address for the local LAN (hereinafter referred to as a unique address) set, and WINDOWS (registered trademark) or LINUX (registered trademark) is an OS ( The present invention relates to a repeater capable of easily adding a biometric authentication device even to a manufactured device that cannot be connected to a server with a general-purpose OS hereinafter. Here, the intra-premises LAN refers to a network constructed for a limited range.
医薬品分野の製造機器においては、適正に製造・管理されていたことを保証させるために、製造情報が改ざんできないことが要求されている。ICカードを不正使用した、なりすまし認証を排除し、生体認証に基づいた適正な権限を持った本人によるログインであるという、ログイン認証の真正を保証させ、ログイン後の操作情報等を一箇所で管理することが喫緊の課題となっている。
For manufacturing equipment in the pharmaceutical field, it is required that manufacturing information cannot be tampered with in order to ensure that it has been manufactured and managed properly. Eliminate unauthorized use of IC cards and spoofing authentication, guarantee the authenticity of login authentication that the login is by the person with appropriate authority based on biometric authentication, and manage operation information etc. after login in one place. is an urgent issue.
ところが医薬品の製造機器には、薬品製造データを外部ネットワークにより接続・共有させないとする「医薬品製造の適正製造規範(GMP:グッドマニファクチャリングプラクティス)」があることを背景にして、ネットワークに接続されないで独立したまま使用されているPLC製造機器や、統括したネットワークに接続されないままで構内LANだけに接続されている製造機器が多く残っている。
However, pharmaceutical manufacturing equipment is not connected to the network against the background of "Good Manufacturing Practices (GMP)" that prohibits the connection and sharing of pharmaceutical manufacturing data via external networks. There are still many PLC manufacturing equipment that are used independently in the factory, and manufacturing equipment that is connected only to the local LAN without being connected to the centralized network.
一方、製造機器ごとにユーザの識別情報、操作権限、権限レベルに応じた操作内容が管理されている場合には、ユーザの人事異動、ユーザ権限レベルの変更、権限レベルに応じた操作内容の変更等があるごとに、登録されていたそれらの情報を更新しなければならず、適切な更新管理が面倒であるという課題があった。
On the other hand, if the user's identification information, operation authority, and operation details according to the authority level are managed for each piece of manufacturing equipment, personnel changes of the user, changes in the user authority level, and changes in the operation contents according to the authority level The registered information must be updated each time there is a need to update such information, and there is a problem that appropriate update management is troublesome.
ところで、同一のネットワークに接続された機器には、互いを特定させるように夫々にIPアドレスが付与されている。通信規格の一つであるIPv4通信規格の場合には、IPアドレスは、0から255までを1セグメントとする4つのセグメントからなり、上位の第1セグメントから第3セグメントまでが共通した状態でのみ通信が可能とされている。すなわち第1から第3のセグメントまでが共通であれば、第4セグメントだけが異なる256台を上限として通信が可能とされている。
By the way, IP addresses are assigned to devices connected to the same network so that they can identify each other. In the case of the IPv4 communication standard, which is one of the communication standards, an IP address consists of four segments, with 0 to 255 as one segment, and only when the upper first to third segments are common. Communication is possible. That is, if the first to third segments are common, communication is possible with an upper limit of 256 units that differ only in the fourth segment.
機器数が256台を超える大規模な事業所においては、汎用OSで統合されている多数のパソコン、プリンタ等のOA機器について、IPアドレスの重複を避けるために、DNS(Domain Name System)サーバにより、OA機器にIPアドレスとは異なるドメイン名が付与されて対応されている。
In large-scale offices with more than 256 devices, a DNS (Domain Name System) server is used to avoid duplication of IP addresses for many OA devices such as personal computers and printers that are integrated with a general-purpose OS. , OA devices are assigned domain names different from IP addresses.
しかし、構内LANに接続された製造ラインを構成する独自アドレスが付与された製造機器は、汎用OSだけでしか動作しないDNSサーバによっては、ドメイン名を付与して管理することができない。そのため、一つのネットワークに全ての機器を接続させて、サーバで認証情報を一元管理させることは困難であった。
However, the manufacturing equipment with unique addresses that make up the manufacturing line connected to the premises LAN cannot be assigned domain names and managed by a DNS server that operates only with a general-purpose OS. Therefore, it has been difficult to connect all devices to one network and centrally manage authentication information on a server.
特許文献1には、製造機器にユーザ認証機能を付加させる中継器の技術が開示されている。この文献に記載の技術によれば、ユーザ認証用のサーバと複数の製造機器とを、プロクシと称されている中継器を経由して通信させ、中継器にユーザ認証用のアクセス要求がされたときには、その情報をサーバに中継させている。そして、サーバがユーザ認証を実行し、正当なユーザと判定された場合には、その認証結果が中継器から製造機器に中継され、製造機器を作動させている。
Patent Literature 1 discloses technology for a repeater that adds a user authentication function to manufacturing equipment. According to the technique described in this document, a user authentication server and a plurality of manufacturing devices are communicated via a repeater called a proxy, and an access request for user authentication is issued to the repeater. Sometimes they relay that information to a server. Then, the server performs user authentication, and if the user is determined to be an authorized user, the result of the authentication is relayed from the repeater to the manufacturing equipment, and the manufacturing equipment is operated.
しかし、この文献に記載の技術は、従来のネットワークを構成する機器に中継器を増設するだけの技術であるため、増設させた中継器にも一つのIPアドレスを付与しなければならず、中継器よりも下流においてIPアドレスの振り直しが必要であった。また、この技術の構成によれば、中継器の下流に複数の製造機器が接続されているため、サーバでアクセス権限が付与されたとしても、下流の複数の製造機器全体にアクセス権限が付与されたのか、いずれの製造機器にアクセス権限が付与されたのかが特定できないという課題があった。
However, the technique described in this document is a technique of simply adding a repeater to a device that constitutes a conventional network. It was necessary to reassign IP addresses downstream of the device. Further, according to the configuration of this technology, since a plurality of manufacturing devices are connected downstream of the repeater, even if the server grants access rights, the access rights are not granted to all of the plurality of downstream manufacturing devices. There was a problem that it was not possible to identify which manufacturing equipment was granted access rights.
特許文献2には、ローカル設備を遠隔操作させる監視端末は監視用LANを通してサーバに接続させ、一方ログイン認証をさせる操作員照合部は認証用LANを通してサーバに接続させるプラント管理の技術が開示されている。この文献に記載の技術によれば、ローカル設備ごとに認証情報取得機器を装着させ、ログイン認証の情報は、認証情報取得機器から認証用LANに接続された操作員照合部からサーバに中継されている。一方、操作情報等は、認証用LANとは別の監視用LANに接続された監視端末からサーバに中継されている。
Patent Document 2 discloses a plant management technique in which a monitoring terminal for remotely controlling local equipment is connected to a server via a monitoring LAN, while an operator verification unit for login authentication is connected to a server via an authentication LAN. there is According to the technique described in this document, an authentication information acquisition device is attached to each local facility, and login authentication information is relayed from the authentication information acquisition device to a server from an operator verification unit connected to an authentication LAN. there is On the other hand, operation information and the like are relayed to the server from a monitoring terminal connected to a monitoring LAN different from the authentication LAN.
この技術によれば、認証情報と操作情報等は別々のLANによりサーバに中継され、認証用LANと監視用LANとが混在しているため、一つのネットワークにおいて認証情報取得機器とローカル設備とに、それぞれIPアドレスが必要であり、既設設備への生体認証機器の導入を困難とさせていた。
According to this technology, the authentication information and the operation information are relayed to the server by separate LANs, and the authentication LAN and the monitoring LAN coexist. , an IP address is required for each, which makes it difficult to introduce biometric authentication equipment into existing facilities.
特許文献3には、本出願人による、製造機器に適用される監視機器の改造を伴わないで、既存の監視機器を真正なログイン認証が保証されている状態のみで機能させ、監視対象機器の記録と、ログイン認証情報と、操作情報とを、時刻情報と共に記憶させ、既存の監視機器が出力させる電子データの真正性を保証させる監視支援機器の技術が開示されている。
In Patent Document 3, the present applicant does not modify the monitoring equipment applied to the manufacturing equipment, and makes the existing monitoring equipment function only in a state where genuine login authentication is guaranteed, and the monitoring target equipment. A technique for monitoring support equipment is disclosed that stores records, login authentication information, and operation information together with time information, and guarantees the authenticity of electronic data output by existing monitoring equipment.
この技術によれば、認証者判定手段がログイン認証を有効とさせたときのみに、監視機器の操作手段を操作できるように、操作手段の機能を有効化させている。ところが監視機器を備えていない製造機器には適用できないという課題があった。
According to this technology, the function of the operation means is activated so that the operation means of the monitoring equipment can be operated only when the authenticator determination means validates the login authentication. However, there is a problem that it cannot be applied to manufacturing equipment that does not have monitoring equipment.
そこで本願の発明者は、なりすまし認証ができた機器やPLC製造機器に生体情報取得器を増設する場合であっても、容易に生体情報取得器が導入でき、PLC製造機器や構内LANに接続されていた製造機器であっても汎用OSネットワークに統合できる中継器を発明するに至った。
Therefore, the inventors of the present application have found that even if a biometric information acquisition device is added to a device that has been authenticated by spoofing or a PLC manufacturing device, the biometric information acquisition device can be easily introduced and connected to the PLC manufacturing device or the local LAN. I have invented a repeater that can be integrated into a general-purpose OS network even if the manufacturing equipment that was previously used is integrated.
特許文献1:特開2006-99777号公報
特許文献2:特開2012-194762号公報
特許文献3:特願2020-161581号公報 Patent Document 1: JP-A-2006-99777 Patent Document 2: JP-A-2012-194762 Patent Document 3: Japanese Patent Application No. 2020-161581
特許文献2:特開2012-194762号公報
特許文献3:特願2020-161581号公報 Patent Document 1: JP-A-2006-99777 Patent Document 2: JP-A-2012-194762 Patent Document 3: Japanese Patent Application No. 2020-161581
本発明が解決しようとする課題は、PLC製造機器または構内LANだけに接続されていた機器であっても、ユーザ情報等の外部情報を、中継器からネットワークの上流又は下流に割り込ませ、外部情報に基づいてネットワークの上流側又は下流側で処理された処理情報、製造情報等を中継させることができる中継器を提供すると共に、真正なログイン認証を保証させ、ログイン認証後の操作情報等を一箇所で管理する製造情報管理システムを提供することである。
The problem to be solved by the present invention is to allow external information such as user information to be interrupted upstream or downstream of the network from a repeater, even if it is a PLC manufacturing device or a device connected only to a local LAN. To provide a repeater capable of relaying processing information, manufacturing information, etc. processed on the upstream side or downstream side of a network based on the above, guaranteeing authentic login authentication, and allowing operation information, etc. after login authentication It is to provide a manufacturing information management system that manages at the location.
本発明の第1の発明は、予め中継器との通信用に下流通信用識別子が設定された下流機器と、上流のネットワークに接続された上流機器とを通信させると共に、外部情報割込手段が接続可能とされた中継器であって、第1通信手段と第1アドレスと、第2通信手段と第2アドレスと、アドレス設定手段とを備え、第1通信手段が上流側のネットワークに接続され、第2通信手段が下流機器に接続され、第1アドレスが、上流のネットワークに接続される他の機器の上流通信用識別子とは識別させる個体識別子部分のみが異なり、第2アドレスが、下流機器の下流通信用識別子とは識別させる個体識別子部分のみが異なり、下流機器を、一つの回線のみを通じて上流側のネットワークと接続させ、前記アドレス設定手段が、送信元の通信用識別子を設定させる設定手段として機能され、前記外部情報割込手段を送信元とする第1情報を上流側に送信させる場合には中継器の上流通信用識別子に第1アドレスを設定して送信し、第1情報を下流側に送信させる場合には中継器の下流通信用識別子に第2アドレスを設定して送信することを特徴としている。
According to a first aspect of the present invention, a downstream device in which a downstream communication identifier is set in advance for communication with a repeater and an upstream device connected to an upstream network are communicated with each other, and external information interrupting means includes A connectable repeater comprising a first communication means, a first address, a second communication means, a second address, and an address setting means, wherein the first communication means is connected to an upstream network. , the second communication means is connected to the downstream device, the first address differs only in the individual identifier part that distinguishes it from the upstream distribution credit identifier of another device connected to the upstream network, and the second address is the downstream device setting means for connecting the downstream device to the upstream network through only one line, and setting means for causing the address setting means to set the communication identifier of the transmission source. When the first information whose transmission source is the external information interrupting means is transmitted to the upstream side, the first address is set to the upstream distribution credit identifier of the repeater and transmitted, and the first information is transmitted to the downstream side. The second address is set to the identifier for downstream communication of the repeater and transmitted to the other side.
中継器は、上流のネットワークに接続された上流機器、例えばサーバと、予め下流通信用識別子が付与された下流機器、例えば薬品製造装置との間に配設される。中継器が接続されるネットワークの通信規格は限定されず、上流側のネットワークの通信規格と、下流機器と中継器の通信規格は異なっていてもよい。例えば、上流側のネットワークがIPv6通信規格に基づく通信方式であってもよく、下流機器と中継器がIPv4通信規格に基づく通信方式であってもよく限定されない。
A repeater is arranged between an upstream device connected to an upstream network, such as a server, and a downstream device to which a downstream communication identifier has been assigned in advance, such as a drug manufacturing device. The communication standard of the network to which the repeater is connected is not limited, and the communication standard of the upstream network may be different from the communication standard of the downstream device and the repeater. For example, the upstream network may adopt a communication system based on the IPv6 communication standard, and the downstream device and the repeater may adopt a communication system based on the IPv4 communication standard.
機器を識別させる個体識別子部分とは、IPv4通信規格に基づく通信方式の場合には第4セグメントであり、IPv6通信規格に基づく通信方式の場合には機器を識別させる4桁のローマ字又は数字のいずれかからなる部分である。新たなネットワークの規格が開発された場合には、その規格において機器を識別させる個体識別子部分であればよい。
The individual identifier part that identifies the device is the fourth segment in the case of the communication system based on the IPv4 communication standard, and either four digits of Roman letters or numbers that identify the device in the case of the communication system based on the IPv6 communication standard. It is a part consisting of If a new network standard is developed, it may be the individual identifier part that identifies the device in that standard.
外部情報割込手段は、中継器に接続される機器であり、例えば、USB接続により中継器に接続される非接触式電磁波読取機であればよいが限定されない。外部情報とは、例えば、非接触式電磁波読取機が取得したユーザの認証情報、下流機器のエラー診断情報、メンテナンス診断情報等であればよい。
The external information interrupting means is a device connected to the repeater. For example, it may be a non-contact electromagnetic wave reader connected to the repeater via a USB connection, but is not limited. The external information may be, for example, user authentication information acquired by the non-contact electromagnetic wave reader, error diagnosis information of downstream equipment, maintenance diagnosis information, and the like.
中継器にはアドレス設定手段が備えられ、送信元からデータが送信される際に、上流のネットワークを通じて上流機器と通信する際には、データに第1アドレスが付与されて通信し、下流機器と通信する際にはデータに第2アドレスが付与されて通信する。
The repeater is provided with address setting means, and when data is transmitted from the source and communicated with the upstream device through the upstream network, the data is given a first address and communicated with the downstream device. When communicating, the data is given a second address and communicated.
下流機器を一つの回線のみを通じて、上流のネットワークに通信させており、下流機器と上流のネットワークとの間に重複した通信経路がないため、下流機器と上流機器との間で送受信される情報が一意な情報となり、情報が真正であることが担保される。
Since the downstream device communicates with the upstream network through only one line and there are no duplicate communication paths between the downstream device and the upstream network, the information sent and received between the downstream device and the upstream device is It becomes unique information, and it is guaranteed that the information is authentic.
第1の発明の中継器によれば、中継器が2つのアドレスを使い分け、中継器と下流機器とが一対一で対応付けられ、外部情報が中継器を通して上流又は下流に送信され、しかも中継器をネットワークに組み込む際に、アドレス設定が容易であるという従来にはない有利な効果を奏する。
According to the repeater of the first invention, the repeater properly uses two addresses, the repeater and the downstream device are associated on a one-to-one basis, the external information is transmitted upstream or downstream through the repeater, and the repeater When incorporating into a network, there is an advantageous effect that has never existed in the past that address setting is easy.
本発明の第2の発明は、第1の発明の中継器において、第1通信手段と第2通信手段が、IPv4通信規格に基づく場合には、第1アドレスが、他の機器の上流通信用識別子とは第4セグメントのみが異なるIPアドレスとされ、第2アドレスが、下流機器の下流通信用識別子とは第4セグメントのみが異なるIPアドレスとされていることを特徴としている。
According to a second aspect of the present invention, in the repeater according to the first aspect, when the first communication means and the second communication means are based on the IPv4 communication standard, the first address is for upstream distribution of other devices. The identifier is an IP address that is different only in the fourth segment, and the second address is an IP address that is different only in the fourth segment from the identifier for downstream communication of the downstream device.
中継器の上流の通信規格が、IPv4通信規格に基づく場合には、予め付与された下流通信用識別子は、従来ネットワークに接続されていなかった独立機器(以下、PLC製造機器という。)については、4つのセグメントからなる任意に設定されたIPアドレス(以下、独立IPアドレスという。)であればよく、構内LANに接続されていた製造機器については、構内LANに接続されていた状態のままのIPアドレス(以下、構内IPアドレスという。)であればよい。
If the upstream communication standard of the repeater is based on the IPv4 communication standard, the downstream communication identifier assigned in advance will be An arbitrarily set IP address consisting of four segments (hereinafter referred to as an independent IP address) will suffice. Any address (hereinafter referred to as a local IP address) may be used.
中継器の上流の通信規格が、IPv4通信規格に基づく場合には、第1アドレスは、上流のネットワークに接続される他の機器とは第4セグメントのみが異なるIPアドレスであればよく、第2アドレスは、下流機器とは第4セグメントのみが異なるIPアドレスであればよい。
If the upstream communication standard of the repeater is based on the IPv4 communication standard, the first address may be an IP address that differs from other devices connected to the upstream network only in the fourth segment. The address may be an IP address that differs from the downstream device only in the fourth segment.
ネットワークに中継器を介してPLC製造機器を接続する場合には、第1アドレスはネットワークに接続されている他の機器と第4セグメントのみが異なるアドレスとされ、第2アドレスは任意の独立IPアドレスと第4セグメントのみが異なるアドレスとされればよい。
When connecting PLC manufacturing equipment to the network via a repeater, the first address is an address that differs from other equipment connected to the network only in the fourth segment, and the second address is an arbitrary independent IP address. and the fourth segment should have different addresses.
構内LANのエリアを変えないで、構内LANと下流機器の間に中継器を増設する場合には、中継器の第1アドレスに構内IPアドレスのままのIPアドレスを付与し、第2アドレスに構内IPアドレスと第4セグメントのみが異なるアドレスが付与されればよく、アドレス設定が非常に容易である。
If a repeater is added between the on-premises LAN and the downstream device without changing the on-premises LAN area, the same IP address as the on-premises IP address is given to the first address of the repeater, and the on-premises IP address is given to the second address. It is sufficient to assign an address that is different only in the IP address and the fourth segment, and address setting is very easy.
構内LANに接続されていた機器を、新たなネットワークに接続する場合には、中継器の第1アドレスが、新たなネットワークに接続されている他の機器と第4セグメントのみが異なるアドレスとされればよい。構内LANに接続されていた機器のIPアドレスは変えないで、構内IPアドレスのままとしておき、第2アドレスが構内IPアドレスと第4セグメントのみが異なるアドレスとされればよい。
When a device connected to a local LAN is connected to a new network, the first address of the repeater is set to an address that differs from other devices connected to the new network only in the fourth segment. Just do it. The IP address of the device connected to the local LAN may be left unchanged, and the second address may be an address that differs from the local IP address only in the fourth segment.
第2の発明の中継器によれば、従来、多く適用されている通信規格において、中継器を容易に組み込むことができ、外部情報を中継器を通して上流又は下流に送信させることができるという従来にはない有利な効果を奏する。
According to the repeater of the second invention, the repeater can be easily incorporated in the communication standard that has been widely applied in the past, and the external information can be transmitted upstream or downstream through the repeater. It has no beneficial effect.
本発明の第3の発明は、第1又は第2の発明の中継器において、前記アドレス設定手段が、上流側に送信された第1情報に応じて生成された、上流機器を送信元とする第2情報に、中継器の下流通信用識別子に第2アドレスを設定して、下流機器に送信させることを特徴としている。
A third aspect of the present invention is the repeater according to the first or second aspect, wherein the address setting means uses an upstream device as a transmission source, which is generated according to the first information transmitted to the upstream side. The second information is characterized in that the second address is set in the downstream communication identifier of the repeater and transmitted to the downstream device.
第3の発明によれば、中継器は外部情報割込手段からの外部情報を送信させるだけでなく、上流側に送信させた第1情報、例えばユーザ情報を上流機器に送信させ、それに応じて第2情報、例えばログイン情報、操作権限、権限レベルに応じた操作内容等を下流機器に送信させることとしている。
According to the third invention, the repeater not only causes the external information interrupting means to transmit the external information, but also causes the upstream device to transmit the first information transmitted to the upstream side, for example, the user information. The second information, such as login information, operation authority, operation contents according to the authority level, etc., is transmitted to the downstream device.
これにより、ユーザの識別情報、操作権限、権限レベルに応じた操作内容等の重要情報を上流機器だけに一括して記憶させておき、外部情報に応じて送信させることができ、重要情報を一括して管理させることにより、重要情報の不統一の発生や煩雑な手間の発生が防止できるという有利な効果を奏する。
As a result, important information such as user identification information, operation authority, and operation details according to the authority level can be collectively stored only in the upstream device, and transmitted according to external information. By managing the information as such, it is possible to prevent the occurrence of inconsistency of important information and the occurrence of troublesome labor.
本発明の第4の発明は、第3の発明の中継器において、前記アドレス設定手段が、下流機器を送信元とする第3情報は、中継器の上流通信用識別子に第1アドレスを設定して上流機器に送信させることを特徴としている。
According to a fourth aspect of the present invention, in the repeater according to the third aspect, the address setting means sets the first address to the upstream distribution credit identifier of the repeater for the third information whose transmission source is the downstream device. It is characterized by transmitting to the upstream device.
第4の発明によれば、下流機器を発信元とする第3情報を、中継器を介して上流機器に送信させることができる。第3情報は、下流機器において生成される情報であり、例えば製造作業に伴って発生される、不良品発生情報、製造条件変更情報、操作者情報、操作時刻情報、製造機器のエラー情報、消耗品の交換時期情報等である。第4の発明によれば、下流機器において生成される情報が上流に送信されて一括管理可能とされるという効果を奏する。
According to the fourth invention, the third information originating from the downstream device can be transmitted to the upstream device via the repeater. The third information is information generated in the downstream equipment, for example, defective product occurrence information, manufacturing condition change information, operator information, operation time information, manufacturing equipment error information, consumption This is information such as product replacement timing information. According to the fourth invention, there is an effect that the information generated in the downstream device is transmitted upstream and collectively managed.
本発明の第5の発明は、第4の発明の中継器において、前記下流機器が製造機器とされ、前記上流機器がサーバとされ、第1情報がユーザ情報とされ、第2情報がログイン認証情報とされ、第3情報が製造情報とされ、ユーザ情報とログイン認証情報と製造情報とが、時刻情報と共に前記サーバだけに記憶されることを特徴としている。
According to a fifth aspect of the present invention, in the repeater according to the fourth aspect, the downstream device is a manufacturing device, the upstream device is a server, the first information is user information, and the second information is login authentication. information, the third information is manufacturing information, and user information, login authentication information, and manufacturing information are stored only in the server together with time information.
第5の発明によれば、ユーザ情報とログイン認証情報と製造情報とが、時刻情報と共にサーバに一括管理される。これにより、製造に伴う監査証跡が必要な場合であっても、改ざんがされていない真正な情報をサーバから抽出することができるという効果を奏する。
According to the fifth invention, user information, login authentication information, and manufacturing information are collectively managed by the server together with time information. As a result, even if an audit trail associated with manufacturing is required, it is possible to extract genuine information that has not been tampered with from the server.
本発明の第6の発明は、第5の発明の中継器と、生体情報取得器とを含んだ製造情報管理システムであって、前記外部情報割込手段が、非接触式電磁波読取機とされ、前記生体情報取得器が、生体情報取得手段と記憶手段と判定手段と通信手段とを含み、前記生体情報取得手段によりユーザの生体情報を取得させ、前記判定手段により、前記生体情報と前記記憶手段に記憶されているユーザ判定情報とが一致していると判定させた場合には、前記通信手段により、電磁波により前記ユーザ情報を発生させ、前記外部情報割込手段が受信した前記ユーザ情報が前記サーバに中継されて、サーバにおいてログイン認証されることを特徴としている。
A sixth invention of the present invention is a manufacturing information management system including the repeater of the fifth invention and a biological information acquisition device, wherein the external information interrupting means is a non-contact electromagnetic wave reader. the biometric information acquisition device includes biometric information acquisition means, storage means, determination means, and communication means; When it is determined that the user determination information stored in the means matches, the user information is generated by electromagnetic waves by the communication means, and the user information received by the external information interruption means is It is characterized in that it is relayed to the server and login authentication is performed in the server.
第6の発明では、生体情報取得器がユーザの生体情報を取得し、前記生体情報がユーザ判定情報と一致していると判定された場合には、ユーザ情報を電磁波により発生させる。ユーザの生体情報は限定されず、指紋、虹彩、脈波、歩容、顔、筋電位、声紋等、ユーザに固有の生体情報であればよい。生体情報取得器は、ウェアラブル端末機器に限定されず、ユーザに固有な顔、声紋等を取得する機器又はユーザの指紋を記憶したICカードであってもよく限定されない。ユーザ情報は、ユーザが誰であるかという個人IDを特定したものに限定されず、特定のユーザを識別したときのみに生体情報取得器が発生させる機器IDであってもよい。
In the sixth invention, the biometric information acquisition device acquires the user's biometric information, and when it is determined that the biometric information matches the user determination information, the user information is generated by electromagnetic waves. The biometric information of the user is not limited, and biometric information unique to the user such as fingerprint, iris, pulse wave, gait, face, myoelectric potential, voiceprint, etc. may be used. The biometric information acquisition device is not limited to a wearable terminal device, and may be a device that acquires a user's unique face, voiceprint, or the like, or an IC card that stores a user's fingerprint. The user information is not limited to a personal ID identifying the user, and may be a device ID generated by the biometric information acquisition device only when a specific user is identified.
生体情報取得器からの電磁波を、外部情報割込手段をなす非接触式電磁波読取機、例えばRFIDリーダが受信したユーザ情報が第1情報としてサーバに中継され、サーバにおいて認証処理させている。第6の発明によれば、ユーザの生体情報を読み取って、ユーザ情報を発生させているため、ユーザ情報が真正である可能性が極めて高いという効果を奏する。
The electromagnetic wave from the biometric information acquisition device is relayed to the server as the first information by a non-contact electromagnetic wave reader, for example, an RFID reader, which serves as external information interrupting means, and the user information is authenticated by the server. According to the sixth aspect, since the user information is generated by reading the user's biometric information, there is an effect that the possibility that the user information is genuine is extremely high.
本発明の第7の発明は、第6の発明の製造情報管理システムであって、前記生体情報取得器が、ユーザの2種類の生体情報を取得し、前記ユーザ判定情報も、前記生体情報の種類に応じた2種類の判定用生体情報とされ、前記判定手段が、前記生体情報のいずれもが前記判定用生体情報と一致していると判定させた場合に、前記ユーザ情報が発生されることを特徴としている。
A seventh aspect of the present invention is the manufacturing information management system according to the sixth aspect, wherein the biometric information acquisition device acquires two types of biometric information of the user, and the user determination information is also the biometric information. The user information is generated when the determining means determines that both of the biometric information match the biometric information for determination. It is characterized by
第7の発明の製造情報管理システムでは、生体情報取得器が、ユーザの2種類の生体情報を取得すればよく、生体情報の種類は限定されない。2つの種類の生体情報の一致を判定してユーザ情報を発生させているため、ユーザ情報の真正が保証され、なりすまし認証を確実に排除させることができ、サーバでのログイン認証処理の真正を確実に保証させることができる。
In the manufacturing information management system of the seventh invention, the biometric information acquisition device only needs to acquire two types of biometric information of the user, and the type of biometric information is not limited. Since user information is generated by judging the match between two types of biometric information, the authenticity of user information is guaranteed, spoofing authentication can be reliably eliminated, and the authenticity of login authentication processing on the server is ensured. can be guaranteed.
本発明の第8の発明は、第6又は第7の発明の製造情報管理システムであって、前記サーバが、クラウドコンピューティングサービスによる仮想コンピュータとされ、前記中継器と前記仮想コンピュータとが、公衆回線を仮想的な専用回線として使用させる仮想プライベートネットワークにより接続されることを特徴としている。
An eighth invention of the present invention is the manufacturing information management system of the sixth or seventh invention, wherein the server is a virtual computer by a cloud computing service, and the repeater and the virtual computer are public It is characterized by being connected by a virtual private network that allows the line to be used as a virtual leased line.
第8の発明によれば、公衆回線を仮想的に専用回線として使用させる仮想プライベートネットワークにより、中継器と仮想コンピュータとを接続させている。これにより、医薬品を製造する場合でも、「医薬品製造の適正製造規範」に則りつつ、分散した工場の製造データを一括して管理することができ、震災等の大規模災害が発生した場合であっても、製造データの喪失を防止することができる。
According to the eighth invention, the repeater and the virtual computer are connected by a virtual private network that virtually uses a public line as a dedicated line. As a result, even when manufacturing pharmaceuticals, it is possible to collectively manage manufacturing data from dispersed factories while complying with "Good Manufacturing Practices for Pharmaceutical Manufacturing". Even if there is, the loss of manufacturing data can be prevented.
・第1の発明によれば、中継器が2つのアドレスを使い分け、中継器と下流機器とが一対一で対応付けられ、外部情報が中継器を通して上流又は下流に送信され、しかも中継器をネットワークに組み込む際に、アドレス設定が容易であるという従来にはない有利な効果を奏する。
・第2の発明によれば、従来、多く適用されている通信規格において、中継器を容易に組み込むことができ、外部情報を中継器を通して上流又は下流に送信させることができるという従来にはない有利な効果を奏する。 According to the first invention, the repeater uses two addresses properly, the repeater and the downstream device are associated on a one-to-one basis, the external information is transmitted upstream or downstream through the repeater, and the repeater is connected to the network. It has an advantageous effect that has never existed in the past that address setting is easy when it is incorporated into a system.
・According to the second invention, a repeater can be easily incorporated in a communication standard that has been widely applied in the past, and external information can be transmitted upstream or downstream through the repeater, which is unprecedented in the past. have a beneficial effect.
・第2の発明によれば、従来、多く適用されている通信規格において、中継器を容易に組み込むことができ、外部情報を中継器を通して上流又は下流に送信させることができるという従来にはない有利な効果を奏する。 According to the first invention, the repeater uses two addresses properly, the repeater and the downstream device are associated on a one-to-one basis, the external information is transmitted upstream or downstream through the repeater, and the repeater is connected to the network. It has an advantageous effect that has never existed in the past that address setting is easy when it is incorporated into a system.
・According to the second invention, a repeater can be easily incorporated in a communication standard that has been widely applied in the past, and external information can be transmitted upstream or downstream through the repeater, which is unprecedented in the past. have a beneficial effect.
・第3の発明によれば、重要情報を上流機器だけに一括して記憶させておき、外部情報に応じて送信させることができ、重要情報を一括して管理させることにより、重要情報の不統一の発生や煩雑な手間の発生が防止できるという有利な効果を奏する。
・第4の発明によれば、下流機器において生成される情報が上流に送信されて管理可能とされるという効果を奏する。 - According to the third invention, important information can be collectively stored only in the upstream device and transmitted according to external information. It has an advantageous effect of preventing occurrence of unification and occurrence of troublesome labor.
- According to the fourth invention, there is an effect that the information generated in the downstream device can be transmitted upstream and managed.
・第4の発明によれば、下流機器において生成される情報が上流に送信されて管理可能とされるという効果を奏する。 - According to the third invention, important information can be collectively stored only in the upstream device and transmitted according to external information. It has an advantageous effect of preventing occurrence of unification and occurrence of troublesome labor.
- According to the fourth invention, there is an effect that the information generated in the downstream device can be transmitted upstream and managed.
・第5の発明によれば、製造に伴う監査証跡が必要な場合であっても、改ざんがされていない真正な情報をサーバから抽出することができるという効果を奏する。
・第6の発明によれば、ユーザの生体情報を読み取って、ユーザ情報を発生させているため、ユーザ情報が真正である可能性が極めて高いという効果を奏する。 - According to the fifth invention, even if an audit trail accompanying manufacturing is required, it is possible to extract genuine information that has not been falsified from the server.
- According to the sixth invention, since the user information is generated by reading the user's biometric information, there is an effect that the possibility that the user information is genuine is extremely high.
・第6の発明によれば、ユーザの生体情報を読み取って、ユーザ情報を発生させているため、ユーザ情報が真正である可能性が極めて高いという効果を奏する。 - According to the fifth invention, even if an audit trail accompanying manufacturing is required, it is possible to extract genuine information that has not been falsified from the server.
- According to the sixth invention, since the user information is generated by reading the user's biometric information, there is an effect that the possibility that the user information is genuine is extremely high.
・第7の発明によれば、ユーザ情報の真正が保証され、なりすまし認証を確実に排除させることができ、サーバでのログイン認証処理の真正を確実に保証させることができる。
・第8の発明によれば、医薬品を製造する場合でも、「医薬品製造の適正製造規範」に則りつつ、分散した工場の製造データを一括して管理することができ、震災等の大規模災害が発生した場合であっても、製造データの喪失を防止することができる。 According to the seventh invention, the authenticity of user information is guaranteed, spoofing authentication can be reliably eliminated, and the authenticity of login authentication processing in the server can be reliably guaranteed.
・According to the eighth invention, even when manufacturing pharmaceuticals, it is possible to collectively manage manufacturing data of dispersed factories while complying with "good manufacturing practices for pharmaceutical manufacturing". Even in the event of a disaster, loss of manufacturing data can be prevented.
・第8の発明によれば、医薬品を製造する場合でも、「医薬品製造の適正製造規範」に則りつつ、分散した工場の製造データを一括して管理することができ、震災等の大規模災害が発生した場合であっても、製造データの喪失を防止することができる。 According to the seventh invention, the authenticity of user information is guaranteed, spoofing authentication can be reliably eliminated, and the authenticity of login authentication processing in the server can be reliably guaranteed.
・According to the eighth invention, even when manufacturing pharmaceuticals, it is possible to collectively manage manufacturing data of dispersed factories while complying with "good manufacturing practices for pharmaceutical manufacturing". Even in the event of a disaster, loss of manufacturing data can be prevented.
本発明の理解を容易にするために、実施例1として、機器を識別される個体識別子について、IPv4通信規格を例に説明している。実施例1の中継器1は、予めIPアドレスが設定された下流機器と、上流のIPv4通信規格に基づいたネットワークに接続された上流機器とに接続され、外部情報割込手段が接続可能とされると共に、下流機器を一つの回線のみを通じて上流側のネットワークと接続させている。
In order to facilitate understanding of the present invention, as Example 1, the IPv4 communication standard is used as an example to explain the individual identifier that identifies the device. The repeater 1 of the first embodiment is connected to a downstream device having an IP address set in advance and an upstream device connected to an upstream network based on the IPv4 communication standard, and external information interrupting means can be connected. At the same time, the downstream equipment is connected to the upstream network through only one line.
中継器には、上流機器と通信する第1通信手段と第1アドレスと、下流機器と通信する第2通信手段と第2アドレスと、アドレス設定手段とを備えさせた。アドレス設定手段により2つのアドレスを使い分け、外部情報割込手段が送信元とされた外部情報、例えばユーザ情報等のデータを、上流機器又は下流機器のいずれにも中継できるようにした。また、中継器を下流機器と一対一で対応付けさせ、IPアドレスの設定を容易とさせた。
The repeater has a first communication means and a first address for communicating with the upstream device, a second communication means and a second address for communicating with the downstream device, and an address setting means. Two addresses are selectively used by the address setting means so that the external information transmitted from the external information interrupting means, such as data such as user information, can be relayed to either the upstream device or the downstream device. In addition, the repeater is associated with the downstream device on a one-to-one basis, making it easy to set the IP address.
実施例1においては、中継器1を図1から図9を参照して説明する。図1(A)図は、製造工場における本発明の中継器の適用前の機器配置図を示している。図1(B)図は、本発明を適用させた機器配置図を示している。図2(A)図は、中継器の概要図を示している。図2(B)図は中継器のブロック図を示している。図3は、第1アドレスと第2アドレスの設定フロー図を示している。図4は製造情報管理システム全体の説明図を示している。
In Embodiment 1, the repeater 1 will be described with reference to FIGS. 1 to 9. FIG. FIG. 1(A) shows a device layout diagram before applying the repeater of the present invention in a manufacturing plant. FIG. 1(B) shows a device layout diagram to which the present invention is applied. FIG. 2A shows a schematic diagram of a repeater. FIG. 2B shows a block diagram of the repeater. FIG. 3 shows a flow chart for setting the first address and the second address. FIG. 4 shows an explanatory diagram of the entire manufacturing information management system.
図5(A)図は2種類の生体情報を取得する生体情報取得器の例を示している。図5(B)図は2種類の生体情報を取得する生体情報取得器のブロック図を示している。図6(A)図は1種類の生体情報を取得するICカード型の生体情報取得器の例を示している。図6(B)図は、生体情報取得器のブロック図を示している。図7は、第1情報の割込み処理、第2情報と第3情報の中継処理の説明図を示している。図8は製造情報管理システムを駆動させる前の生体認証の処理フロー図を示し、図9は製造情報管理システムの駆動後の処理フロー図を示している。
FIG. 5(A) shows an example of a biometric information acquisition device that acquires two types of biometric information. FIG. 5B shows a block diagram of a biometric information acquisition device that acquires two types of biometric information. FIG. 6A shows an example of an IC card type biometric information acquisition device for acquiring one type of biometric information. FIG. 6B shows a block diagram of the biometric information acquisition device. FIG. 7 shows an explanatory diagram of the interrupt processing of the first information and the relay processing of the second information and the third information. FIG. 8 shows a biometric authentication processing flow chart before driving the manufacturing information management system, and FIG. 9 shows a processing flow chart after driving the manufacturing information management system.
実施例1においては、理解を容易にするために、薬品製造工場1000の機器に中継器1を導入させる場合を例に、上流機器をサーバ100、下流機器を製造機器200又は研究開発機器210として説明している(図1(B)図参照)。外部情報割込手段10から中継器1に割り込まれる第1情報をユーザ情報、サーバ100から製造機器200等に中継される第2情報をログイン認証情報、製造機器200等からサーバ100に中継される第3情報を製造情報として説明する。また外部情報割込手段10として、ユーザの携帯物を近接させることにより、電磁波によりユーザ情報を取得する非接触式電磁波読取機を例に説明する。
In the first embodiment, for ease of understanding, the case where the repeater 1 is introduced into the equipment of a chemical manufacturing plant 1000 is taken as an example, and the upstream equipment is the server 100, and the downstream equipment is the manufacturing equipment 200 or the research and development equipment 210. (See FIG. 1(B)). The first information interrupted by the relay device 1 from the external information interrupting means 10 is user information, the second information relayed from the server 100 to the manufacturing equipment 200 or the like is login authentication information, and the manufacturing equipment 200 or the like is relayed to the server 100. The third information will be described as manufacturing information. Also, as the external information interrupting means 10, a non-contact electromagnetic wave reader that obtains user information by electromagnetic waves by bringing a user's portable object close to it will be described as an example.
薬品製造工場1000においては、従来ネットワークに接続されていなかった独立機器(以下、PLC製造機器という。)、監視装置を含むPLC製造機器201、構内LAN300だけに接続される製造機器202、研究開発機器210の群などが、製造工程に適するように配置されている(図1(A)図参照)。医薬品製造工場を例に説明すると、PLC製造機器201は、例えば散剤を加圧させて錠剤を製造させる錠剤製造機等である。なお、枠で囲った機器の群は、秘密性の高い研究開発機器210を示している。
In the chemical manufacturing factory 1000, there are independent equipment that has not been connected to a network in the past (hereinafter referred to as PLC manufacturing equipment), PLC manufacturing equipment 201 including a monitoring device, manufacturing equipment 202 that is connected only to the premises LAN 300, and research and development equipment. Groups 210 and the like are arranged to suit the manufacturing process (see FIG. 1(A)). Taking a pharmaceutical manufacturing factory as an example, the PLC manufacturing equipment 201 is, for example, a tablet manufacturing machine that presses powder to manufacture tablets. It should be noted that the group of equipment surrounded by a frame indicates research and development equipment 210 with high confidentiality.
監視装置を含むPLC製造機器201は、例えば錠剤をPTPシートに格納させる製造機器等であり、製造機器に直結された監視装置により異物の混入、錠剤の欠損等が検査されている。構内LAN300だけに接続される製造機器202の群は、例えば、PTPシートを積層させて帯掛けする包装搬送機等であり、ベルトコンベアやPTPシートの積層機を連動させるように構内サーバ301に統括される構内LAN300に接続されている。
The PLC manufacturing equipment 201 including a monitoring device is, for example, a manufacturing device that stores tablets in a PTP sheet, and the monitoring device that is directly connected to the manufacturing equipment inspects for contamination of foreign matter, missing tablets, and the like. The group of manufacturing equipment 202 connected only to the on-premises LAN 300 is, for example, a packaging and conveying machine that stacks and wraps PTP sheets. It is connected to the local LAN 300 that is connected to the network.
PLC製造機器201等は、独立して設置され、IPアドレスが設定されていないこともあり、ネットワークに接続させるには、独立IPアドレスを任意に設定させる必要があった。IPアドレスとは、0から255までの整数を1つのセグメントとし、4つのセグメントを一単位とするアドレスとされる。例えば、[192.168.40.1]等である。機器を通信させるには、そのネットワークに接続される全ての機器において、第4セグメントのみが異なる値が割り当てられる。より詳細には、上位の3つのセグメントは全ての機器で共通した値とされ、第4セグメントは全ての機器で重複しない値が割り当てられている。以下、これを「第4セグメント違い」という。
Since the PLC manufacturing equipment 201 and the like are installed independently and do not have an IP address set, it was necessary to arbitrarily set an independent IP address in order to connect to the network. An IP address is an address in which one segment is an integer from 0 to 255, and four segments are one unit. For example, [192.168.40.1]. In order for devices to communicate, only the fourth segment is assigned a different value in all devices connected to the network. More specifically, the upper three segments have values common to all devices, and the fourth segment is assigned values that do not overlap among all devices. Hereinafter, this is referred to as "fourth segment difference".
構内LAN300又は構内LAN302だけに接続される製造機器202の群,研究開発機器210の群は、それぞれ構内サーバ301,303により管理され、第4セグメント違いの構内IPアドレスが設定されている(図1(A)図参照)。複数の構内LAN300,302をそのまま統合させると、構内IPアドレスの重複や不整合により通信障害が発生するおそれがある。そのため、各々の機器に第4セグメント違いの構内IPアドレスが振られるように、IPアドレスの振り直し作業が必要となる。また、PLC製造機器を構内LANに追加させるときには、独立IPアドレスとして、第4セグメント違いの構内IPアドレスを探して割り当てる必要があった。いずれの場合もIPアドレスの振り直し作業が煩雑となっていた。
A group of manufacturing equipment 202 and a group of research and development equipment 210 connected only to the on-premises LAN 300 or on-premises LAN 302 are managed by on- premises servers 301 and 303, respectively, and are set with on-premises IP addresses that are different from the fourth segment (FIG. 1). (A) see figure). If a plurality of on- premises LANs 300 and 302 are integrated as they are, there is a risk of communication failure occurring due to duplication or inconsistency of on-premises IP addresses. Therefore, it is necessary to reassign IP addresses so that each device is assigned a local IP address that is different from the fourth segment. Moreover, when adding a PLC manufacturing device to the local LAN, it was necessary to search for and assign a local IP address different from the fourth segment as an independent IP address. In either case, the task of re-assigning IP addresses is complicated.
以下、本発明の中継器1の具体的な構成を、図2を参照して説明し、次いで、薬品製造工場1000内の製造機器200には統括LAN400を構築させ、研究開発機器210には構内LAN302を拡張させないで中継器1だけ導入する例を、図1(B)図から図3を参照して説明する。ここで、統括LANとは構内LANよりも広い範囲で構築されたネットワークを称している。
Hereinafter, a specific configuration of the repeater 1 of the present invention will be described with reference to FIG. An example in which only the repeater 1 is introduced without extending the LAN 302 will be described with reference to FIGS. 1(B) to 3. FIG. Here, the general LAN refers to a network constructed over a wider area than the local LAN.
実施例1においては、中継器1がシングルボードコンピュータからなる場合を例に具体的に説明する。シングルボードコンピュータとは、1枚のプリント基板に、必要な機能部品だけを搭載させた小型のコンピュータである。具体的には、中央演算処理装置(以下、CPUという。)と、主記憶装置(以下、RAMという。)と、有線LANの通信規格に基づいた2つのLANポート20,21と、Universal Serial Bus(以下、USBという。)の規格に基づいた複数のUSBポート22と、電源取得手段23を備えている(図2(A)図参照)。
In the first embodiment, a case where the repeater 1 is composed of a single board computer will be specifically described as an example. A single-board computer is a small computer in which only the necessary functional parts are mounted on a single printed circuit board. Specifically, a central processing unit (hereinafter referred to as CPU), a main memory device (hereinafter referred to as RAM), two LAN ports 20 and 21 based on the wired LAN communication standard, and a Universal Serial Bus (hereinafter referred to as USB) and a plurality of USB ports 22 based on the standard, and a power acquisition means 23 (see FIG. 2A).
中継器1は、上流機器と通信する第1通信手段30と第1アドレスと、下流機器と通信する第2通信手段40と第2アドレスと、アドレス設定手段とを備えている(図2(B)図参照)。前記CPUが制御手段50とされ、アドレス設定手段として機能される。前記RAMが記憶手段60として機能され、第1アドレスと第2アドレスとを記憶させている。また、記憶手段60には制御手段を駆動させるアプリケーションも記憶されている。
The repeater 1 includes a first communication means 30 and a first address for communicating with an upstream device, a second communication means 40 and a second address for communicating with a downstream device, and an address setting means (Fig. 2 (B ) see figure). The CPU serves as control means 50 and functions as address setting means. The RAM functions as storage means 60 and stores a first address and a second address. The storage means 60 also stores an application for driving the control means.
2つの前記LANポートに、上流機器をなすサーバと通信されるLANケーブル31、下流機器をなす製造機器と通信されるLANケーブル41が接続されることにより、これらが第1通信手段30、第2通信手段40として機能される。入出力手段をなすUSBポート22には、外部情報割込手段10に備えられるUSBケーブル11が接続可能とされる。外部情報割込手段10は、非接触式電磁波読取機であればよいが、これに限定されない。
A LAN cable 31 for communicating with a server as an upstream device and a LAN cable 41 for communicating with a manufacturing device as a downstream device are connected to the two LAN ports so that the first communication means 30 and the second It functions as communication means 40 . A USB cable 11 provided in the external information interrupt means 10 can be connected to the USB port 22 serving as an input/output means. The external information interrupting means 10 may be a non-contact electromagnetic wave reader, but is not limited to this.
他のUSBポート22には、入力手段70と表示手段71として機能されるノートブック型の端末機器72(図2(A)図破線参照)等が接続される。ノートブック型の端末機器72は、初期設定時に、記憶手段に第1アドレス、第2アドレス、予め作成させたアプリケーションを記憶させる際に接続させればよく、初期設定が完了された後にはノートブック型の端末機器は取り外されればよい。
The other USB port 22 is connected to a notebook-type terminal device 72 (see broken line in FIG. 2(A)) that functions as input means 70 and display means 71, and the like. The notebook type terminal device 72 can be connected at the time of initial setting when storing the first address, the second address, and the pre-created application in the storage means. The type terminal device may be removed.
第1アドレスと第2アドレスの設定のフローを、図1(A)図,図1(B)図と図3のフロー図を対比しつつ説明する。図1(A)図には、従来の構内LAN300,302のIPアドレスを付記している。ここでは、理解を容易にするために、IPアドレスに具体値を示して説明する。図上、枠で囲った構内LAN302に留める機器群も、統括LAN400に統合する構内LAN300も、第1セグメントから第3セグメントまでが同一の10.20.30であるとする。構内LAN毎に第1から第3セグメントの値が異なっていてもよいことは勿論のことである。
The flow of setting the first address and the second address will be explained by comparing the flow charts of FIGS. 1(A), 1(B) and 3. FIG. 1A also shows the IP addresses of the conventional LANs 300 and 302. FIG. Here, in order to facilitate understanding, specific values are shown for IP addresses for explanation. In the drawing, it is assumed that the group of devices connected to the on-premises LAN 302 surrounded by a frame and the on-premises LAN 300 integrated into the general LAN 400 have the same 10.20.30 from the first segment to the third segment. Of course, the values of the first to third segments may be different for each local LAN.
第1セグメントから第3セグメントまでが、10.20.30とされた構内LAN300に接続された製造機器202の群は、PLC製造機器201と共に、全体を統括させる統括LAN400に統合させつつ、夫々の機器に一つずつ中継器1を付設させる(図1(B)図参照)。もう一方の、第1セグメントから第3セグメントが10.20.30とされた構内LAN302に接続された研究開発機器210の群は、構内LAN302を維持したまま、夫々の機器に一つずつ中継器1を付設させる。
A group of manufacturing equipment 202 connected to a local LAN 300 with the first segment to the third segment set to 10.20.30 is integrated together with the PLC manufacturing equipment 201 into a general LAN 400 that controls the whole. A repeater 1 is attached to each piece of equipment (see FIG. 1(B)). On the other hand, the group of research and development equipment 210 connected to the on-premises LAN 302 with the first segment to the third segment set to 10.20.30 maintains the on-premises LAN 302 and each device is connected to one repeater. 1 is attached.
上流と通信させる中継器1の第1アドレスは、上流のネットワークに接続される他の機器のIPアドレスとは、第4セグメント違いのIPアドレスとされる。他の機器には、サーバ100だけでなく、上流のネットワークに接続される他の中継器も含まれる。下流機器と通信させる中継器の第2アドレスは、中継器が付設された製造機器200,研究開発機器210のIPアドレスとは、第4セグメント違いのIPアドレスとされる。
The first address of the repeater 1 that communicates with the upstream is an IP address that is different in the fourth segment from the IP addresses of other devices connected to the upstream network. Other devices include not only the server 100 but also other repeaters connected to upstream networks. The second address of the repeater that communicates with the downstream device is an IP address that is fourth segment different from the IP addresses of the manufacturing device 200 and the research and development device 210 to which the repeater is attached.
製造機器200は中継器1を介してしかネットワークに接続された他の機器とは通信しないため、仮に製造機器のIPアドレスが他の製造機器と重複していても、ネットワーク通信に障害が発生することはない。そのため、PLC製造機器201のIPアドレスは任意に設定することができ、構内LANに接続されていた製造機器202は既存の構内IPアドレスをそのまま使用でき、IPアドレスの設定作業が容易となる(図1(B)図、図3のS110からS120参照)。
Since the manufacturing equipment 200 communicates with other equipment connected to the network only through the repeater 1, even if the IP address of the manufacturing equipment overlaps with that of other manufacturing equipment, network communication failure occurs. never. Therefore, the IP address of the PLC manufacturing equipment 201 can be set arbitrarily, and the manufacturing equipment 202 connected to the premises LAN can use the existing premises IP address as it is, facilitating the IP address setting work (Fig. 1(B) and S110 to S120 of FIG. 3).
IPアドレスの設定フロー(図3参照)においては、まず中継器に接続される機器が、IPアドレスを有さない下流機器か否かが判定される(S100)。ここで、下流機器が、IPアドレスが設定されていないPLC製造機器である場合には、ステップ110(S110)に進む。構内LANに接続されていた製造機器は、構内IPアドレスが設定されているため、ステップ120(S120)に進む(図3参照)。
In the IP address setting flow (see FIG. 3), it is first determined whether or not the device connected to the repeater is a downstream device that does not have an IP address (S100). Here, if the downstream device is a PLC manufacturing device with no IP address set, the process proceeds to step 110 (S110). Since the manufacturing equipment connected to the premises LAN has the premises IP address set, the process proceeds to step 120 (S120) (see FIG. 3).
まず、夫々の下流機器に機器アドレスを設定する。PLC製造機器には、ステップ110において、任意の独自IPアドレスを設定する処理がされる(S110)。独自IPアドレスには、例えば[A.B.C.D]が割り当てられる。一方、構内LANに接続されていた製造機器には、ステップ120において、従前から付与されていた、例えば[10.20.30.M]という構内IPアドレスを保持させる(S120)(図1(B)図参照)。なお、AからDは任意の0から255までの整数である。
First, set the device address for each downstream device. In step 110, the PLC manufacturing equipment is processed to set an arbitrary unique IP address (S110). For example, [A. B. C. D] is assigned. On the other hand, in step 120, the manufacturing equipment connected to the local LAN has been previously assigned, for example, [10.20.30. M] is stored (S120) (see FIG. 1(B)). A to D are arbitrary integers from 0 to 255.
機器IPアドレスを設定させてから、ステップ130に進み、下流機器とされる製造機器を統括LAN400に接続するか否かが選択される(S130)。統括LAN400に接続させるときにはステップ140(S140)に進み、中継器の第1アドレスとして、サーバ100のIPアドレスとは第4セグメント違いの統括IPアドレス、例えば[192.168.30.N(Nは上流の他の機器とは異なる0から255までの整数)]が付与される。
After the device IP address is set, the process proceeds to step 130, where it is selected whether or not to connect the downstream manufacturing device to the general LAN 400 (S130). When connecting to the central LAN 400, the process proceeds to step 140 (S140), and as the first address of the repeater, a central IP address different in the fourth segment from the IP address of the server 100, for example, [192.168.30. N (N is an integer from 0 to 255 that is different from other upstream devices)].
第2アドレスについては、下流機器が構内LAN300に接続されていた製造機器202である場合には、機器IPアドレスとは第4セグメント違いのIPアドレス、例えば、元の構内LAN300に接続されていた構内サーバ301のIPアドレス[10.20.30.0]が付与され、PLC製造機器201の場合には、PLC製造機器のIPアドレスとは第4セグメント違いの[A.B.C.E]が付与される(S140)。[A.B.C.E]の夫々は0から255までの任意の整数であればよいので、例えば構内サーバ301と同じ[10.20.30.0]等を付与しておけばよい。
Regarding the second address, when the downstream device is the manufacturing device 202 connected to the local LAN 300, the IP address of the fourth segment different from the device IP address, e.g. The IP address [10.20.30.0] of the server 301 is assigned, and in the case of the PLC manufacturing equipment 201, [A. B. C. E] is given (S140). [A. B. C. E] may be an arbitrary integer from 0 to 255, so for example, the same [10.20.30.0] as the on-premises server 301 may be given.
ステップ130において、中継器1を構内LANに接続する場合にはステップ150に進む(S150)。構内LAN302を維持して中継器1だけを導入する場合(図1(B)図の枠内の機器参照)には、第1アドレスとして、構内LAN302に接続された他の機器とは第4セグメント違いの構内IPアドレス、図1(B)図においては[10.20.30.M]を付与する。
In step 130, if the repeater 1 is to be connected to the local LAN, proceed to step 150 (S150). When only the repeater 1 is introduced while maintaining the on-premises LAN 302 (see the equipment in the frame of FIG. 1B), the first address is the fourth segment for the other equipment connected to the on-premises LAN 302. A different local IP address, [10.20.30. M].
第2アドレスについては、下流機器(研究開発機器210)とは第4セグメント違いの機器IPアドレス、例えば、構内サーバ303と同じIPアドレス[10.20.30.0]が付与され、PLC製造機器を構内LAN302に追加させる場合には、追加させるPLC製造機器とは第4セグメント違いの[A.B.C.E]が付与される(S150)。[A.B.C.E]の夫々は0から255までの任意の整数であればよいので、構内サーバ303と同じ[10.20.30.0]等を付与しておけばよい。
As for the second address, a device IP address different in the fourth segment from the downstream device (research and development device 210), for example, the same IP address [10.20.30.0] as that of the on-premises server 303 is assigned. is added to the premises LAN 302, the [A. B. C. E] is given (S150). [A. B. C. E] may be an arbitrary integer from 0 to 255, so the same [10.20.30.0] as the local server 303 may be given.
換言すれば、第1アドレスについては、複数の構内LANを統括して、新たに統括LAN400を構築する場合には、中継器1にサーバ100とは第4セグメント違いのIPアドレスを付与し、それを第1アドレスとすればよく、構内LANを維持する場合には、元の構内LAN機器のIPアドレスを付与すればよい。また、第2アドレスについては、下流機器がPLC製造機器又は構内LAN機器のいずれであっても、元の構内サーバ301,303に付与されていたIPアドレスを設定すればよく、アドレス設定作業が容易である。
In other words, with respect to the first address, when a plurality of local LANs are integrated and a new integrated LAN 400 is constructed, an IP address in a fourth segment different from that of the server 100 is assigned to the repeater 1, and may be used as the first address, and if the local LAN is to be maintained, the IP address of the original local LAN device may be assigned. As for the second address, the IP address assigned to the original local servers 301 and 303 may be set regardless of whether the downstream device is a PLC manufacturing device or a local LAN device, making the address setting work easy. is.
次に、中継器1を含む製造情報管理システム2全体のうち、統括LAN400により通信される範囲の構成について、図4を参照して説明する。構内LANの範囲を維持し中継器を増設する場合については、中継器の構成・作用は同様であるため、詳細な説明を省略している。製造情報管理システム2は、上流機器をなすサーバ100と、下流機器をなす複数の製造機器200(A,B,C・・・)と、製造機器ごとに付設される中継器1(α,β,γ・・・)と、外部情報割込手段10と、ユーザに携帯される生体情報取得器500とを含んでいる。仮に、製造機器AはPLC製造機器とし、製造機器B,Cは、同じ構内LANに接続されていた製造機器とする。
Next, the configuration of the communication range of the entire manufacturing information management system 2 including the repeater 1 will be described with reference to FIG. Regarding the case where the range of the local LAN is maintained and the repeater is added, the configuration and operation of the repeater are the same, so the detailed description is omitted. The manufacturing information management system 2 includes a server 100 serving as an upstream device, a plurality of manufacturing devices 200 (A, B, C, . . . ) serving as downstream devices, and repeaters 1 (α, β , γ . . ), external information interrupting means 10, and a biometric information acquisition device 500 carried by the user. Assume that manufacturing equipment A is a PLC manufacturing equipment, and manufacturing equipments B and C are manufacturing equipment connected to the same local LAN.
各々の製造機器200は、中継器1を介した一つの回線により上流のネットワークである統括LAN400に接続され、サーバ100と通信が可能とされている。製造機器200は、一つの中継器1と専用の第2通信手段40のみで接続されているだけであり、他の製造機器と相互に独立している。換言すれば、中継器αの第2アドレスは、製造機器Aとだけ第4セグメント違いのIPアドレスであればよく、中継器β又は中継器γと第2アドレスが重複していても、通信障害は発生しない。
Each manufacturing equipment 200 is connected to the upstream network, the general LAN 400, via one line via the repeater 1, and is capable of communicating with the server 100. The manufacturing equipment 200 is only connected to one repeater 1 through the dedicated second communication means 40, and is independent of other manufacturing equipment. In other words, the second address of the repeater α may be an IP address that is different in the fourth segment only from that of the manufactured device A. Even if the second address overlaps with that of the repeater β or repeater γ, communication failure does not occur.
サーバ100は、制御手段101と、記憶手段102と、各々の中継器1と通信される通信手段103とを備えている。制御手段101は中央演算処理装置(CPU)からなり、中継器1から送られるユーザ情報を判定用ユーザ情報と照合判定させて、ログイン認証処理させる認証処理手段、製造情報から監査証跡を作成させる監査証跡作成手段として機能される。
The server 100 comprises control means 101, storage means 102, and communication means 103 for communicating with each repeater 1. The control means 101 is composed of a central processing unit (CPU), and the user information sent from the intermediary device 1 is collated with the user information for judgment, and the authentication processing means for performing login authentication processing, and the audit for creating an audit trail from the manufacturing information. It functions as a trail creation means.
記憶手段102はハードディスク、RAM等であればよく限定されない。記憶手段102には、判定用ユーザ情報、ユーザ情報に紐付けされたユーザの氏名・権限情報、制御手段を機能させるアプリケーション等が予め記憶されている。認証判定手段が、ユーザのログイン認証処理をしたときには、認証処理の履歴としてログイン認証情報が時刻情報と共に記憶される。サーバの時刻情報は、インターネット、GPS等により所望の標準時を取得させる時刻情報取得手段104から取得させればよい。
The storage means 102 is not limited as long as it is a hard disk, RAM, or the like. The storage unit 102 stores in advance user information for determination, user name/authority information linked to the user information, an application that causes the control unit to function, and the like. When the authentication determining means performs the user login authentication process, the login authentication information is stored together with the time information as a history of the authentication process. The time information of the server may be obtained from the time information obtaining means 104 that obtains the desired standard time through the Internet, GPS, or the like.
サーバ100に製造機器から第3情報をなす製造情報が送られたときには、製造情報が時刻情報と共に記憶される。監査証跡作成手段が、製造情報等に基づく監査証跡を作成したときには、監査証跡レポートを記憶させている。記憶手段102に記憶される情報がこれらに限定されないことは勿論のことである。また、サーバ100には表示手段105、入力手段106が備えられてもよいことは勿論のことである。
When the manufacturing information forming the third information is sent from the manufacturing equipment to the server 100, the manufacturing information is stored together with the time information. When the audit trail creating means creates an audit trail based on manufacturing information and the like, the audit trail report is stored. Of course, the information stored in the storage means 102 is not limited to these. Further, it goes without saying that the server 100 may be provided with a display means 105 and an input means 106 .
製造機器200(A,B,C・・・)は、いずれも制御手段220と、記憶手段221と、中継器との通信手段222、表示手段223、入力手段224を含んでいる。制御手段220は、CPU等であればよく、記憶手段221はハードディスク等であればよい。表示手段223、入力手段224は、タッチスクリーンパネル機器であればよい。
The manufacturing equipment 200 (A, B, C, . The control means 220 may be a CPU or the like, and the storage means 221 may be a hard disk or the like. The display means 223 and the input means 224 may be touch screen panel devices.
制御手段220は、サーバ100から中継器1を介してログイン認証情報を取得するまでは、製造機器200を駆動させないようにする駆動規制手段として機能される。制御手段220は製造機器の駆動後には、製造情報作成手段として機能されると共に、製造情報が作成されるごとに、更新された製造情報をサーバ100に中継器1を介して送信する製造情報更新手段として機能される。
The control means 220 functions as drive restriction means that prevents the manufacturing equipment 200 from being driven until login authentication information is acquired from the server 100 via the repeater 1 . After the manufacturing equipment is driven, the control means 220 functions as manufacturing information creating means, and every time manufacturing information is created, the updated manufacturing information is transmitted to the server 100 via the repeater 1. function as a means.
次に、外部情報割込手段10から中継器1にユーザ情報を割り込ませる生体情報取得器500について、図5を参照して説明する。2種類の生体情報を取得させる生体情報取得器500は、生体情報として指紋情報を取得させる携帯端末510と、靴の中敷き型の歩容情報取得器520とを組み合わせている(図5(A)図、(B)図参照)。携帯端末510は、判定手段として機能される制御手段511と、記憶手段512と、近距離無線通信手段513と、指紋センサー514と、電磁波通信手段515とを有している。ほかにも表示手段及び入力手段として機能されるタッチスクリーン516を備えている。
Next, the biometric information acquirer 500 for interrupting user information from the external information interrupting means 10 to the repeater 1 will be described with reference to FIG. A biometric information acquisition device 500 that acquires two types of biometric information is a combination of a mobile terminal 510 that acquires fingerprint information as biometric information and a shoe insole type gait information acquisition device 520 (FIG. 5A). Figure, see Figure (B)). Portable terminal 510 has control means 511 functioning as determination means, storage means 512 , short-range wireless communication means 513 , fingerprint sensor 514 , and electromagnetic wave communication means 515 . It also has a touch screen 516 that functions as display means and input means.
記憶手段512には、制御手段511のアプリケーションと、判定用生体情報をなす判定用指紋情報及び判定用歩容情報と、ユーザ情報とが記憶されている。近距離無線通信手段513は、歩容情報取得器と通信可能であればよく限定されない。指紋センサー514は、携帯端末510に搭載された指紋認証機能であればよい。電磁波通信手段515は、電磁波によりユーザ情報を発生させ、外部情報割込手段10をなす非接触式電磁波読取機により読み取り可能であればよく限定されない。例えば、RFIDタグとRFIDリーダが好適である。
The storage means 512 stores an application of the control means 511, determination fingerprint information and determination gait information forming determination use biometric information, and user information. The short-range wireless communication means 513 is not limited as long as it can communicate with the gait information acquisition device. The fingerprint sensor 514 may have a fingerprint authentication function installed in the mobile terminal 510 . The electromagnetic wave communication means 515 is not limited as long as it can generate user information by electromagnetic waves and can be read by the non-contact electromagnetic wave reader forming the external information interrupting means 10 . For example, RFID tags and RFID readers are suitable.
歩容情報取得器520は、歩容取得センサー521と携帯端末に歩容情報を送る近距離無線通信手段522とを備えている。歩容取得センサー521は、中敷きの裏面に添着され、中敷きごとユーザの靴に挿入されて使用される。歩容情報とは、歩行における特徴的な動作情報をいい、動作から性別、年齢、体形、歩幅等を推定させることにより得られる情報全般をいう。
The gait information acquisition device 520 includes a gait acquisition sensor 521 and short-range wireless communication means 522 for sending gait information to the mobile terminal. The gait acquisition sensor 521 is attached to the back surface of the insole, and is used by being inserted into the user's shoe together with the insole. Gait information refers to characteristic motion information in walking, and refers to general information obtained by estimating sex, age, body shape, step length, etc. from motion.
携帯端末510に、2種類の生体情報が取得・送信されると、制御手段511が判定手段として機能され、記憶手段512から判定用生体情報が読み出されてユーザの判定処理がされ、2種類の生体情報のいずれもが判定用生体情報と一致していると判定された場合には、生体情報取得器500を携行する操作者が真正な者とされる。なお、2種類の生体情報は指紋、歩容に限定されず、虹彩、脈波、顔、筋電位、声紋等であってもよく、2つの生体情報取得器が別の機器とされていてもよいことは勿論のことである。
When two types of biometric information are acquired and transmitted to the mobile terminal 510, the control means 511 functions as a determination means, the biometric information for determination is read out from the storage means 512, and user determination processing is performed. If it is determined that all of the biometric information matches the biometric information for determination, the operator carrying the biometric information acquisition device 500 is determined to be an authentic person. The two types of biometric information are not limited to fingerprints and gait, and may be iris, pulse wave, face, myoelectric potential, voiceprint, etc. Even if the two biometric information acquisition devices are different devices, Of course it is good.
携帯端末510を非接触式電磁波読取機に近接させると、記憶手段512からユーザ情報が読み出され、電磁波通信手段515により電磁波でユーザ情報が発生される。真正が保証されたユーザ情報が、外部情報割込手段により中継器に割り込まれ、中継器がユーザ情報をサーバに送信し、サーバで認証処理がされる。これにより、なりすまし認証が排除され、サーバによるログイン認証の真正を保証させることができる。
When the portable terminal 510 is brought close to the non-contact electromagnetic wave reader, the user information is read from the storage means 512 and the user information is generated by the electromagnetic wave communication means 515 by electromagnetic waves. The user information whose authenticity is guaranteed is interrupted by the external information interrupting means to the repeater, the repeater transmits the user information to the server, and the server authenticates the user information. This eliminates spoofing authentication and ensures the authenticity of login authentication by the server.
1種類の生体情報を取得させる生体情報取得器の場合には、非接触ICカード530が好適である(図6参照)。非接触ICカード530は、表面に生体情報を取得させるICチップ531を備えている。ICチップ531は、判定手段として機能される制御手段532と、記憶手段533と、指紋センサー534と、電磁波通信手段535を備えている。これらは、ICチップ531に集約されている点以外は前記の携帯端末と同様に機能されるため説明を省略する。
A non-contact IC card 530 is suitable for a biometric information acquisition device that acquires one type of biometric information (see FIG. 6). The contactless IC card 530 has an IC chip 531 on its surface for obtaining biometric information. The IC chip 531 includes control means 532 functioning as determination means, storage means 533 , fingerprint sensor 534 , and electromagnetic wave communication means 535 . Since these function in the same manner as the portable terminal described above except that they are integrated into the IC chip 531, the description thereof will be omitted.
指紋を登録した指をICチップ531に接触させた状態で(図6(A)図参照)、非接触ICカード530を非接触式電磁波読取機に近接させると、電磁波により誘導電力が発生してICチップが作動される。そうすると、通常のRFIDタグと同様に、予め記憶されたユーザ情報が電磁波で発生され、非接触式電磁波読取機にユーザ情報が読取られる。
When the non-contact IC card 530 is brought close to the non-contact electromagnetic wave reader while the finger registered with the fingerprint is in contact with the IC chip 531 (see FIG. 6A), induction power is generated by the electromagnetic wave. The IC chip is activated. Then, like a normal RFID tag, pre-stored user information is generated by electromagnetic waves, and the user information is read by a non-contact electromagnetic wave reader.
ここで、第1情報の割込み処理と、アドレス設定手段の処理と、第2情報・第3情報の中継処理について、図7を参照して簡単に説明する。図7(A)図は、外部情報割込手段のフローを示し、図7(B)図は第2情報の中継処理を示し、図7(C)図は第3情報の中継処理のフローを示している。外部情報割込手段から第1情報、例えばユーザ情報が中継器に送られたときには、中継器が第1情報の割込み処理を開始する(S200)。次に、第1情報を上流に中継するかが判定される(S210)。
Here, the interrupt processing of the first information, the processing of the address setting means, and the relay processing of the second and third information will be briefly described with reference to FIG. 7A shows the flow of the external information interrupt means, FIG. 7B shows the relay processing of the second information, and FIG. 7C shows the flow of the relay processing of the third information. showing. When first information such as user information is sent from the external information interrupt means to the repeater, the repeater starts interrupt processing for the first information (S200). Next, it is determined whether to relay the first information upstream (S210).
ここで、第1情報を上流に中継する(Yes)と判定された場合には、アドレス設定手段が、第1情報に送信元のアドレスとして第1アドレスを設定して、上流のサーバに送信させる(S220)。ログイン判定手段がサーバに統括される前の段階であり、製造機器にログイン判定手段を保持させている場合には、第1情報を下流に中継するため、ステップ210において(No)と判定させ、第1情報に送信元のアドレスとして第2アドレスを設定して、下流の製造機器に通信させればよい(S230)。
Here, if it is determined that the first information is to be relayed upstream (Yes), the address setting means sets the first address as the source address in the first information and causes it to be transmitted to the upstream server. (S220). This is the stage before the login determination means is managed by the server, and if the login determination means is held in the manufacturing equipment, the first information is relayed downstream, so that a determination of (No) is made in step 210, The second address may be set as the address of the transmission source in the first information and communicated with downstream manufacturing equipment (S230).
中継器に、上流のサーバを送信元とし、第1情報をなすユーザ情報に応じて生成された第2情報、例えばログイン認証情報が通信されると(S300)、アドレス設定手段が第2情報に送信元のアドレスとして第2アドレスを設定して、下流の製造機器に送信させる(S310)。
When the second information generated according to the user information forming the first information, such as login authentication information, is communicated to the repeater with the upstream server as the transmission source (S300), the address setting means changes the second information. The second address is set as the address of the transmission source and transmitted to downstream manufacturing equipment (S310).
中継器に、下流の製造機器を送信元とし、第3情報をなす製造情報が取得されると(S400)、アドレス設定手段が第3情報に送信元のアドレスとして第1アドレスを設定して、上流のサーバに送信させる(S410)。
When the repeater acquires the manufacturing information forming the third information with the downstream manufacturing equipment as the transmission source (S400), the address setting means sets the first address as the transmission source address in the third information, Send it to the upstream server (S410).
次に、製造情報管理システムのシステム駆動までの制御を、図8のフロー図を参照して説明し、システム駆動後の制御を図9のフロー図を参照して説明する。まず、ユーザである製造機器の操作者が生体情報取得器を装着する(S500)。ここで装着とは、例えば操作者が前記の携帯端末の指紋センサーに指をあてたこと、歩容情報取得器が挿入された靴を履いたことである。生体情報取得器が第1生体情報を発生させる(S510)。生体情報取得器の判定手段により操作者の第1生体情報と判定用生体情報とが一致しているかが照合されて、第1生体情報の真正が判定される(S520)。第1生体情報が真正でないと判定された場合には、生体認証が終了される(S530)。
Next, the control up to system activation of the manufacturing information management system will be described with reference to the flowchart of FIG. 8, and the control after system activation will be described with reference to the flowchart of FIG. First, an operator of manufacturing equipment, who is a user, wears a biometric information acquisition device (S500). Here, "wearing" means, for example, that the operator puts a finger on the fingerprint sensor of the portable terminal or puts on shoes in which the gait information acquisition device is inserted. A biometric information acquisition device generates first biometric information (S510). The determination means of the biometric information acquisition device collates whether the first biometric information of the operator and the biometric information for determination match, and determines the authenticity of the first biometric information (S520). If it is determined that the first biometric information is not authentic, the biometric authentication is terminated (S530).
第1生体情報が真正である場合には、操作者の第2生体情報が発生される(S540)。生体情報取得器の判定手段により、第2生体情報の真正が、第1生体情報と同様に判定される(S550)。第2生体情報が真正でないと判定された場合には、生体認証が終了される(S560)。第2生体情報も真正であると判定された場合には、生体情報機器に記憶されたユーザ情報が電磁波により発生される(S570)。この状態で生体情報取得器を非接触式電磁波読取機に近接させると、第1情報をなすユーザ情報が取得される(S580)。
If the first biometric information is authentic, second biometric information of the operator is generated (S540). Authenticity of the second biometric information is determined by the determination means of the biometric information acquisition device in the same manner as the first biometric information (S550). If it is determined that the second biometric information is not authentic, the biometric authentication is terminated (S560). If the second biometric information is also determined to be authentic, the user information stored in the biometric information device is generated by electromagnetic waves (S570). When the biometric information acquisition device is brought close to the non-contact electromagnetic wave reader in this state, the user information forming the first information is acquired (S580).
続いて、製造情報管理システムのシステム駆動処理が開始される(S600)(図9参照)。図9においては、理解を容易にするため、中継器の処理を実線で囲って示し、他の機器の処理を破線で囲って示している。まず、第1情報の割込み処理として、中継器からサーバにユーザ情報を中継処理させる(S610)。サーバがユーザ情報を取得するとログイン認証処理がされる(S620)。認証処理が成功すると、サーバから中継器にログイン認証情報を通信させる(S630)。
Subsequently, system drive processing of the manufacturing information management system is started (S600) (see FIG. 9). In FIG. 9, for ease of understanding, the processing of the repeater is indicated by enclosing it with a solid line, and the processing of other devices is indicated by enclosing it with a broken line. First, as an interrupt process for the first information, the user information is relayed from the repeater to the server (S610). When the server acquires the user information, login authentication processing is performed (S620). If the authentication process succeeds, the server communicates the login authentication information to the repeater (S630).
中継器にログイン認証情報が取得されると、第2情報の中継処理として、中継器から製造機器にログイン認証情報を中継処理させる(S640)。製造機器にログイン認証情報が取得されると、製造機器の駆動規制が解除され、製造機器において製造情報が発生される(S650)。製造機器は新たに製造情報が発生されるごとに、発生された製造情報を製造機器から中継器に通信させる(S660)。中継器に製造情報が取得されると、第3情報の中継処理として、中継器からサーバに製造情報を中継処理させる(S670)。サーバに製造情報が取得されると、サーバで製造情報を記憶処理させ、いずれの製造機器で発生された製造情報かが識別できる状態で記憶される(S680)。
When the repeater acquires the login authentication information, the repeater relays the login authentication information to the manufacturing equipment as a second information relay process (S640). When the login authentication information is acquired by the manufacturing equipment, the driving regulation of the manufacturing equipment is released, and manufacturing information is generated in the manufacturing equipment (S650). Every time manufacturing information is newly generated, the manufacturing equipment communicates the generated manufacturing information from the manufacturing equipment to the repeater (S660). When the repeater acquires the manufacturing information, the repeater relays the manufacturing information to the server as third information relay processing (S670). When the server acquires the manufacturing information, the server stores the manufacturing information and stores the manufacturing information in such a manner that it can be identified by which manufacturing equipment the manufacturing information was generated (S680).
実施例2においては、サーバがクラウドコンピューティングサービスによる仮想コンピュータとされる製造情報管理システム3を、図10を参照して説明する。図10(A)図は、仮想プライベートネットワークの説明図を示している。図10(B)図は、仮想コンピュータからなるサーバのブロック図を示している。図10(B)図においては、理解を容易にするため、実施例1のサーバと相違する構成を太枠破線で囲って示している。
In the second embodiment, the manufacturing information management system 3 in which the server is a virtual computer provided by a cloud computing service will be described with reference to FIG. FIG. 10A shows an explanatory diagram of a virtual private network. FIG. 10B shows a block diagram of a server made up of virtual computers. In FIG. 10B, for easy understanding, the configuration different from that of the server of the first embodiment is enclosed with a thick dashed line.
サーバ110は、クラウドコンピューティングサービスによる仮想コンピュータとされ、公衆回線を仮想的な専用回線として使用させる仮想プライベートネットワーク111により、複数の製造工場112,113,114の中継器だけでなく、本社ビル115、支社ビル116に配設された中継器にも接続されている(図10(A)図参照)。サーバ110の記憶手段102は、製造情報を製造工場ごとに識別できる状態で記憶させている点、第3情報の一つとされる管理情報を、本社・支社ごとに識別できる状態で記憶させている点が異なっている。管理情報の具体例としては、発注・納品データ、契約データ、製造情報、ユーザ情報等の重要情報であればよいが限定されない。
The server 110 is a virtual computer based on a cloud computing service, and a virtual private network 111 that uses a public line as a virtual private line connects not only repeaters of a plurality of manufacturing plants 112, 113, and 114 but also the head office building 115. , is also connected to a repeater installed in the branch office building 116 (see FIG. 10(A)). The storage means 102 of the server 110 stores the manufacturing information in a state in which each manufacturing plant can be identified, and the management information, which is one of the third information, is stored in a state in which each head office/branch office can be identified. points are different. Specific examples of the management information include, but are not limited to, important information such as order/delivery data, contract data, manufacturing information, and user information.
製造情報管理システム3においては、一つのサーバ110が、複数の製造工場と本社と支社のログイン認証処理を統括管理させているため、ユーザ情報を常に最新に保ちやすく、管理の手間が低減される。また遠隔地にある複数の製造工場に跨った全ての製造情報を統括管理させることも、更に、本社・支社における管理情報も一つのサーバに集約することができる。
In the manufacturing information management system 3, one server 110 centrally manages the login authentication processing of a plurality of manufacturing plants, the head office, and branch offices, so it is easy to always keep user information up-to-date, and management effort is reduced. . In addition, it is possible to centralize and manage all manufacturing information across multiple manufacturing plants in remote locations, and to integrate management information in the head office and branch offices into one server.
また、サーバ110は仮想コンピュータであり、インターネット上にデータが記憶されているため、震災等の大規模災害が発生し、製造工場・本社ビル等が被災した場合であっても、重要情報である過去の製造情報、ユーザ情報、管理情報等の喪失を防ぐことができる。サーバ110と中継器とは、仮想プライベートネットワーク111により通信されるため、医薬品を製造する場合でも、「医薬品製造の適正製造規範」に則りつつ、分散した工場の製造データを一括して管理することができる。
In addition, since the server 110 is a virtual computer and data is stored on the Internet, even if a large-scale disaster such as an earthquake occurs and the manufacturing plant, head office building, etc. Loss of certain past manufacturing information, user information, management information, etc. can be prevented. Since the server 110 and the repeater communicate with each other through the virtual private network 111, even when manufacturing pharmaceuticals, it is possible to collectively manage the manufacturing data of the dispersed factories while complying with the "Good Manufacturing Practices for Pharmaceutical Manufacturing". can be done.
(その他)
・実施例1においては、携帯端末と歩容情報取得器による例、ICカードの例を示したが、生体情報取得器の態様は、これに限定されないことは勿論のことである。例えば、腕時計型、眼鏡型のウェアラブル端末であってもよい。取得される生体情報の組み合わせも限定されない。
・実施例1において、IPアドレスを構成する4つのパートの夫々をセグメントと称しているが、例えばオクテットと称されてもよく、名称は限定されないことは勿論のことである。
・実施例1において、理解を容易にするため、通信規格を中継器の上流・下流ともIPv4として説明しているが、上流がIPv6、下流がIPv4とされてもよい。また通信規格が、IPv6、IPv4に限定されないのは勿論のことである。 (others)
- In the first embodiment, an example using a portable terminal and a gait information acquisition device, and an example using an IC card were shown, but the aspect of the biometric information acquisition device is of course not limited to this. For example, it may be a wristwatch-type or glasses-type wearable terminal. The combination of biometric information to be acquired is also not limited.
- In the first embodiment, each of the four parts that make up the IP address is called a segment, but it may be called an octet, for example, and the name is of course not limited.
- In the first embodiment, the communication standard is described as IPv4 both upstream and downstream of the repeater for ease of understanding, but the upstream may be IPv6 and the downstream may be IPv4. Moreover, it goes without saying that the communication standards are not limited to IPv6 and IPv4.
・実施例1においては、携帯端末と歩容情報取得器による例、ICカードの例を示したが、生体情報取得器の態様は、これに限定されないことは勿論のことである。例えば、腕時計型、眼鏡型のウェアラブル端末であってもよい。取得される生体情報の組み合わせも限定されない。
・実施例1において、IPアドレスを構成する4つのパートの夫々をセグメントと称しているが、例えばオクテットと称されてもよく、名称は限定されないことは勿論のことである。
・実施例1において、理解を容易にするため、通信規格を中継器の上流・下流ともIPv4として説明しているが、上流がIPv6、下流がIPv4とされてもよい。また通信規格が、IPv6、IPv4に限定されないのは勿論のことである。 (others)
- In the first embodiment, an example using a portable terminal and a gait information acquisition device, and an example using an IC card were shown, but the aspect of the biometric information acquisition device is of course not limited to this. For example, it may be a wristwatch-type or glasses-type wearable terminal. The combination of biometric information to be acquired is also not limited.
- In the first embodiment, each of the four parts that make up the IP address is called a segment, but it may be called an octet, for example, and the name is of course not limited.
- In the first embodiment, the communication standard is described as IPv4 both upstream and downstream of the repeater for ease of understanding, but the upstream may be IPv6 and the downstream may be IPv4. Moreover, it goes without saying that the communication standards are not limited to IPv6 and IPv4.
・中継器から上流のネットワークへの通信は有線通信に限定されず、無線通信であってもよい。無線通信による場合には、中継器から上流への通信は、加入者を特定するためのID番号が記録されたICカード(SIMカードとも称されている。)でも通信されると好適であるが限定されない。
・今回開示された実施の形態はすべての点で例示であって、制限的なものではないと考えられるべきである。本発明の技術的範囲は、上記した説明に限られず特許請求の範囲によって示され、特許請求の範囲と均等の意味および範囲内でのすべての変更が含まれることが意図される。 - Communication from the repeater to the upstream network is not limited to wired communication, and may be wireless communication. In the case of wireless communication, it is preferable to use an IC card (also called a SIM card) in which an ID number for identifying a subscriber is recorded for upstream communication from a repeater. Not limited.
- The embodiments disclosed this time are illustrative in all respects and should be considered not restrictive. The technical scope of the present invention is not limited to the above description, but is indicated by the scope of claims, and is intended to include all modifications within the scope and meaning equivalent to the scope of claims.
・今回開示された実施の形態はすべての点で例示であって、制限的なものではないと考えられるべきである。本発明の技術的範囲は、上記した説明に限られず特許請求の範囲によって示され、特許請求の範囲と均等の意味および範囲内でのすべての変更が含まれることが意図される。 - Communication from the repeater to the upstream network is not limited to wired communication, and may be wireless communication. In the case of wireless communication, it is preferable to use an IC card (also called a SIM card) in which an ID number for identifying a subscriber is recorded for upstream communication from a repeater. Not limited.
- The embodiments disclosed this time are illustrative in all respects and should be considered not restrictive. The technical scope of the present invention is not limited to the above description, but is indicated by the scope of claims, and is intended to include all modifications within the scope and meaning equivalent to the scope of claims.
1…中継器、2,3…製造情報管理システム、
10…外部情報割込手段、100…サーバ、200…製造機器、
300…構内LAN、400…統括LAN、500…生体情報取得器、
1000…薬品製造工場、
11…USBケーブル、
20,21…LANポート、22…USBポート、23…電源取得手段、
30…第1通信手段、31…LANケーブル、
40…第2通信手段、41…LANケーブル、
50…制御手段、60…記憶手段、
70…入力手段、71…表示手段、72…ノートブック型の端末機器、
101…制御手段、102…記憶手段、103…通信手段、
104…時刻情報取得手段、105…表示手段、106…入力手段、
201…PLC製造機器、202…製造機器、210…研究開発機器、
220…制御手段、221…記憶手段、222…通信手段、
223…表示手段、224…入力手段、
301,303…構内サーバ、302…構内LAN、
510…携帯端末、511…制御手段、512…記憶手段、
513…近距離無線通信手段、514…指紋センサー、
515…電磁波通信手段、516…タッチスクリーン、
520…歩容情報取得器、521…歩容取得センサー、
522…近距離無線通信手段、530…非接触ICカード、
531…ICチップ、532…制御手段、
533…記憶手段、534…指紋センサー、535…電磁波通信手段、
110…サーバ、111…仮想プライベートネットワーク、
112,113,114…製造工場、115…本社ビル、116…支社ビル 1... repeater, 2, 3... manufacturing information management system,
10... External information interrupting means, 100... Server, 200... Manufacturing equipment,
300... Premises LAN, 400... Overall LAN, 500... Biometric information acquisition device,
1000... Chemical manufacturing factory,
11...USB cable,
20, 21 LAN port, 22 USB port, 23 power acquisition means,
30... First communication means, 31... LAN cable,
40... second communication means, 41... LAN cable,
50... Control means, 60... Storage means,
70... input means, 71... display means, 72... notebook type terminal device,
101... Control means, 102... Storage means, 103... Communication means,
104... time information acquisition means, 105... display means, 106... input means,
201 ... PLC manufacturing equipment, 202 ... manufacturing equipment, 210 ... research and development equipment,
220... Control means, 221... Storage means, 222... Communication means,
223 ... display means, 224 ... input means,
301, 303... local server, 302... local LAN,
510... Portable terminal, 511... Control means, 512... Storage means,
513... short-range wireless communication means, 514... fingerprint sensor,
515... Electromagnetic wave communication means, 516... Touch screen,
520... Gait information acquisition device, 521... Gait acquisition sensor,
522... short-range wireless communication means, 530... non-contact IC card,
531 ... IC chip, 532 ... control means,
533... Storage means, 534... Fingerprint sensor, 535... Electromagnetic wave communication means,
110... server, 111... virtual private network,
112, 113, 114...manufacturing factory, 115...head office building, 116...branch office building
10…外部情報割込手段、100…サーバ、200…製造機器、
300…構内LAN、400…統括LAN、500…生体情報取得器、
1000…薬品製造工場、
11…USBケーブル、
20,21…LANポート、22…USBポート、23…電源取得手段、
30…第1通信手段、31…LANケーブル、
40…第2通信手段、41…LANケーブル、
50…制御手段、60…記憶手段、
70…入力手段、71…表示手段、72…ノートブック型の端末機器、
101…制御手段、102…記憶手段、103…通信手段、
104…時刻情報取得手段、105…表示手段、106…入力手段、
201…PLC製造機器、202…製造機器、210…研究開発機器、
220…制御手段、221…記憶手段、222…通信手段、
223…表示手段、224…入力手段、
301,303…構内サーバ、302…構内LAN、
510…携帯端末、511…制御手段、512…記憶手段、
513…近距離無線通信手段、514…指紋センサー、
515…電磁波通信手段、516…タッチスクリーン、
520…歩容情報取得器、521…歩容取得センサー、
522…近距離無線通信手段、530…非接触ICカード、
531…ICチップ、532…制御手段、
533…記憶手段、534…指紋センサー、535…電磁波通信手段、
110…サーバ、111…仮想プライベートネットワーク、
112,113,114…製造工場、115…本社ビル、116…支社ビル 1... repeater, 2, 3... manufacturing information management system,
10... External information interrupting means, 100... Server, 200... Manufacturing equipment,
300... Premises LAN, 400... Overall LAN, 500... Biometric information acquisition device,
1000... Chemical manufacturing factory,
11...USB cable,
20, 21 LAN port, 22 USB port, 23 power acquisition means,
30... First communication means, 31... LAN cable,
40... second communication means, 41... LAN cable,
50... Control means, 60... Storage means,
70... input means, 71... display means, 72... notebook type terminal device,
101... Control means, 102... Storage means, 103... Communication means,
104... time information acquisition means, 105... display means, 106... input means,
201 ... PLC manufacturing equipment, 202 ... manufacturing equipment, 210 ... research and development equipment,
220... Control means, 221... Storage means, 222... Communication means,
223 ... display means, 224 ... input means,
301, 303... local server, 302... local LAN,
510... Portable terminal, 511... Control means, 512... Storage means,
513... short-range wireless communication means, 514... fingerprint sensor,
515... Electromagnetic wave communication means, 516... Touch screen,
520... Gait information acquisition device, 521... Gait acquisition sensor,
522... short-range wireless communication means, 530... non-contact IC card,
531 ... IC chip, 532 ... control means,
533... Storage means, 534... Fingerprint sensor, 535... Electromagnetic wave communication means,
110... server, 111... virtual private network,
112, 113, 114...manufacturing factory, 115...head office building, 116...branch office building
Claims (8)
- 予め中継器との通信用に下流通信用識別子が設定された下流機器と、上流のネットワークに接続された上流機器とを通信させると共に、外部情報割込手段が接続可能とされた中継器であって、
第1通信手段と第1アドレスと、第2通信手段と第2アドレスと、アドレス設定手段とを備え、
第1通信手段が上流側のネットワークに接続され、第2通信手段が下流機器に接続され、
第1アドレスが、上流のネットワークに接続される他の機器の上流通信用識別子とは識別させる個体識別子部分のみが異なり、
第2アドレスが、下流機器の下流通信用識別子とは識別させる個体識別子部分のみが異なり、
下流機器を、一つの回線のみを通じて上流側のネットワークと接続させ、
前記アドレス設定手段が、送信元の通信用識別子を設定させる設定手段として機能され、前記外部情報割込手段を送信元とする第1情報を上流側に送信させる場合には中継器の上流通信用識別子に第1アドレスを設定して送信し、第1情報を下流側に送信させる場合には中継器の下流通信用識別子に第2アドレスを設定して送信する、
ことを特徴とする中継器。 A repeater that allows communication between a downstream device, in which a downstream communication identifier is set in advance for communication with the repeater, and an upstream device connected to an upstream network, and is connectable to external information interrupt means. hand,
A first communication means, a first address, a second communication means, a second address, and an address setting means,
a first means of communication is connected to an upstream network and a second means of communication is connected to a downstream device;
The first address differs only in the individual identifier portion that distinguishes it from the upstream distribution credit identifier of other devices connected to the upstream network,
The second address differs only in the individual identifier part that distinguishes it from the identifier for downstream communication of the downstream device,
Connect the downstream device to the upstream network through only one line,
The address setting means functions as setting means for setting the communication identifier of the transmission source, and is for upstream distribution of the repeater when the first information whose transmission source is the external information interrupting means is transmitted to the upstream side. setting the first address to the identifier and transmitting, and setting the second address to the downstream communication identifier of the repeater and transmitting the first information to the downstream side;
A repeater characterized by: - 第1通信手段と第2通信手段が、IPv4通信規格に基づく場合には、
第1アドレスが、他の機器の上流通信用識別子とは第4セグメントのみが異なるIPアドレスとされ、
第2アドレスが、下流機器の下流通信用識別子とは第4セグメントのみが異なるIPアドレスとされている、
ことを特徴とする請求項1に記載の中継器 When the first communication means and the second communication means are based on the IPv4 communication standard,
The first address is an IP address that differs only in the fourth segment from the upstream distribution credit identifier of another device,
the second address is an IP address that differs from the downstream communication identifier of the downstream device only in the fourth segment;
The repeater according to claim 1, characterized in that - 前記アドレス設定手段が、
上流側に送信された第1情報に応じて生成された、上流機器を送信元とする第2情報に、中継器の下流通信用識別子に第2アドレスを設定して、下流機器に送信させる、
ことを特徴とする請求項1又は請求項2に記載の中継器。 The address setting means
setting the second address to the downstream communication identifier of the repeater in the second information generated in accordance with the first information transmitted to the upstream side and having the upstream device as the transmission source, and causing the downstream device to transmit the information;
3. The repeater according to claim 1 or 2, characterized by: - 前記アドレス設定手段が、
下流機器を送信元とする第3情報は、中継器の上流通信用識別子に第1アドレスを設定して上流機器に送信させる、
ことを特徴とする請求項3に記載の中継器。 The address setting means
The third information originating from the downstream device is transmitted to the upstream device by setting the first address to the upstream distribution credit identifier of the repeater.
4. The repeater according to claim 3, characterized by: - 前記下流機器が製造機器とされ、前記上流機器がサーバとされ、第1情報がユーザ情報とされ、第2情報がログイン認証情報とされ、第3情報が製造情報とされ、ユーザ情報とログイン認証情報と製造情報とが、時刻情報と共に前記サーバだけに記憶される、
ことを特徴とする請求項4に記載の中継器。 The downstream device is a manufacturing device, the upstream device is a server, first information is user information, second information is login authentication information, third information is manufacturing information, user information and login authentication. information and manufacturing information are stored only on the server along with time information;
5. The repeater according to claim 4, characterized by: - 請求項5に記載の中継器と、生体情報取得器とを含んだ製造情報管理システムであって、
前記外部情報割込手段が、非接触式電磁波読取機とされ、
前記生体情報取得器が、生体情報取得手段と記憶手段と判定手段と通信手段とを含み、
前記生体情報取得手段によりユーザの生体情報を取得させ、
前記判定手段により、前記生体情報と前記記憶手段に記憶されているユーザ判定情報とが一致していると判定させた場合には、前記通信手段により、電磁波により前記ユーザ情報を発生させ、
前記外部情報割込手段が受信した前記ユーザ情報が前記サーバに中継されて、サーバにおいてログイン認証される、
ことを特徴とする製造情報管理システム。 A manufacturing information management system comprising the repeater according to claim 5 and a biometric information acquisition device,
the external information interrupting means is a non-contact electromagnetic wave reader,
The biometric information acquisition device includes biometric information acquisition means, storage means, determination means, and communication means,
causing the biometric information acquiring means to acquire the biometric information of the user;
if the determination means determines that the biometric information and the user determination information stored in the storage means match, the communication means generates the user information using electromagnetic waves;
the user information received by the external information interrupting means is relayed to the server, and login authentication is performed at the server;
A manufacturing information management system characterized by: - 前記生体情報取得器が、ユーザの2種類の生体情報を取得し、
前記ユーザ判定情報も、前記生体情報の種類に応じた2種類の判定用生体情報とされ、
前記判定手段が、前記生体情報のいずれもが前記判定用生体情報と一致していると判定させた場合に、前記ユーザ情報が発生される、
ことを特徴とする請求項6に記載の製造情報管理システム。 The biometric information acquisition device acquires two types of biometric information of the user,
The user determination information is also two types of biometric information for determination according to the type of the biometric information,
The user information is generated when the determining means determines that any of the biometric information matches the biometric information for determination.
7. The manufacturing information management system according to claim 6, characterized by: - 前記サーバが、クラウドコンピューティングサービスによる仮想コンピュータとされ、
前記中継器と前記仮想コンピュータとが、公衆回線を仮想的な専用回線として使用させる仮想プライベートネットワークにより接続される、
ことを特徴とする請求項6又は請求項7に記載の製造情報管理システム。 The server is a virtual computer by a cloud computing service,
The repeater and the virtual computer are connected by a virtual private network that uses a public line as a virtual private line,
8. The manufacturing information management system according to claim 6 or 7, characterized by:
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021559204A JP7015086B1 (en) | 2021-06-22 | 2021-06-22 | Repeater and manufacturing information management system |
PCT/JP2021/023504 WO2022269734A1 (en) | 2021-06-22 | 2021-06-22 | Relay and manufacturing information management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2021/023504 WO2022269734A1 (en) | 2021-06-22 | 2021-06-22 | Relay and manufacturing information management system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022269734A1 true WO2022269734A1 (en) | 2022-12-29 |
Family
ID=80815881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2021/023504 WO2022269734A1 (en) | 2021-06-22 | 2021-06-22 | Relay and manufacturing information management system |
Country Status (2)
Country | Link |
---|---|
JP (1) | JP7015086B1 (en) |
WO (1) | WO2022269734A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002016000A1 (en) * | 2000-08-23 | 2002-02-28 | Access Co.,Ltd. | Electronic toy, user registration method therefor, information terminal, and toy service server |
JP2006099777A (en) * | 2004-09-28 | 2006-04-13 | Rockwell Automation Technologies Inc | Centrally managed proxy-based security for legacy automation systems |
JP2012194762A (en) * | 2011-03-16 | 2012-10-11 | Toshiba Corp | Management controller |
-
2021
- 2021-06-22 WO PCT/JP2021/023504 patent/WO2022269734A1/en active Application Filing
- 2021-06-22 JP JP2021559204A patent/JP7015086B1/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002016000A1 (en) * | 2000-08-23 | 2002-02-28 | Access Co.,Ltd. | Electronic toy, user registration method therefor, information terminal, and toy service server |
JP2006099777A (en) * | 2004-09-28 | 2006-04-13 | Rockwell Automation Technologies Inc | Centrally managed proxy-based security for legacy automation systems |
JP2012194762A (en) * | 2011-03-16 | 2012-10-11 | Toshiba Corp | Management controller |
Non-Patent Citations (1)
Title |
---|
ANONYMOUS: "Ethernet LAN-Router", 18 May 2012 (2012-05-18), XP093020206, Retrieved from the Internet <URL:http://www.infraexpert.com/study/ethernet10.html> [retrieved on 20230202] * |
Also Published As
Publication number | Publication date |
---|---|
JPWO2022269734A1 (en) | 2022-12-29 |
JP7015086B1 (en) | 2022-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7308572B2 (en) | Method of printing a document | |
US7457950B1 (en) | Managed authentication service | |
EP2913776B1 (en) | Facility management device, facility management system and program | |
US8854177B2 (en) | System, method and database for managing permissions to use physical devices and logical assets | |
US20130214902A1 (en) | Systems and methods for networks using token based location | |
US8032756B2 (en) | Information processing system | |
CN102714591A (en) | Proximity based biometric identification systems and methods | |
CN100419717C (en) | IC card and authority transfer control method | |
US20130194064A1 (en) | Universal validation module for access control systems | |
CN109327429B (en) | Authentication system, device management system and method thereof | |
KR20020081306A (en) | A system for providing medical service using electronic cards and a method thereof | |
US20190372977A1 (en) | System and a method for granting ad-hoc access and controlling privileges to physical devices | |
US11159332B2 (en) | Low friction device enrollment | |
JP2019219782A (en) | Service providing system and service providing method | |
US9769164B2 (en) | Universal validation module for access control systems | |
CN100574315C (en) | Be used for the authentication of operating unit and the method and apparatus that the transmission authentication information is given operating unit | |
KR20230092607A (en) | Private Blockchain Based Decentralized Identifiers System | |
WO2022269734A1 (en) | Relay and manufacturing information management system | |
EP1851698B1 (en) | Acces monitoring and management system, related method and informatics product | |
KR20220074009A (en) | Online drug distribution system based on blockchain and method thereof | |
KR20160102948A (en) | 2-channel authentication system and method for a financial transfer | |
WO2022196850A1 (en) | Method and system for issuing and certifying digital vaccination certificate | |
JP2003224554A (en) | Communication connection system, method and program and electronic voting system | |
JP6776689B2 (en) | Information processing equipment, security systems and programs | |
KR20050078483A (en) | System and method for providing manless medical acceptance and information using fingerprint recognition |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2021559204 Country of ref document: JP Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21947022 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21947022 Country of ref document: EP Kind code of ref document: A1 |