WO2024079916A1 - 生産システム及び制御装置 - Google Patents

生産システム及び制御装置 Download PDF

Info

Publication number
WO2024079916A1
WO2024079916A1 PCT/JP2022/038490 JP2022038490W WO2024079916A1 WO 2024079916 A1 WO2024079916 A1 WO 2024079916A1 JP 2022038490 W JP2022038490 W JP 2022038490W WO 2024079916 A1 WO2024079916 A1 WO 2024079916A1
Authority
WO
WIPO (PCT)
Prior art keywords
operator
terminal
authority
unit
control device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2022/038490
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
光徳 渡邉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fanuc Corp
Original Assignee
Fanuc Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fanuc Corp filed Critical Fanuc Corp
Priority to PCT/JP2022/038490 priority Critical patent/WO2024079916A1/ja
Priority to JP2024551053A priority patent/JP7835879B2/ja
Publication of WO2024079916A1 publication Critical patent/WO2024079916A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • This disclosure relates to a production system and a control device.
  • the production system disclosed herein solves the above problem by only requesting authorization of authority from the administrator's terminal when an operation that requires administrator authority occurs, and granting authority to the worker based on the response.
  • An aspect of the present disclosure is a production system in which a control device that controls an industrial machine used by an operator for work and a terminal used by an approver that approves operations by the operator related to functions of the control device and the industrial machine are connected via a network, the production system including an authority information storage unit that stores authority information related to the operations and a terminal information storage unit that stores terminal information related to the terminal, the control device including an operation reception unit that receives operations by the operator, an authority processing unit that determines whether the operator may execute the operation based on the authority information stored in the authority information storage unit, a first communication control unit that controls communication with the terminal used by the approver based on the terminal information stored in the terminal information storage unit, and a terminal information storage unit that stores terminal information related to the terminal information.
  • the terminal includes a second communication control unit that controls communication with the control device, and an operation authorization determination unit that determines whether the operator can perform the operation based on the operation of the approver
  • the authority processing unit refers to the authority information storage unit and transmits a request for approval of the execution of the operation by the operator to the terminal via the first communication control unit, and determines that the operator may perform the operation when a response is obtained to the request indicating that the operation by the operator has been approved, and determines that the operator cannot perform the operation when a response is obtained to the request indicating that the operation by the operator has not been approved.
  • FIG. 1 is a schematic hardware configuration diagram of a production system according to a first embodiment of the present disclosure.
  • 1 is a block diagram showing schematic functions of a production system according to a first embodiment of the present disclosure.
  • FIG. 4 is a diagram showing an example of operation information according to the first embodiment.
  • FIG. 4 is a diagram showing an example of authority information according to the first embodiment.
  • FIG. 11 is a diagram showing an example of an operation permission request setting screen according to the first embodiment.
  • FIG. 4 is a diagram showing an example of terminal information according to the first embodiment.
  • FIG. 11 is a block diagram showing schematic functions of a production system according to a second embodiment of the present disclosure.
  • FIG. 13 is a schematic functional block diagram showing a production system according to another embodiment of the present disclosure.
  • FIG. 1 is a schematic hardware configuration diagram showing a main part of a production system according to a first embodiment of the present disclosure.
  • a production system 300 is configured by connecting a control device 1 and a terminal 8 via a network 5.
  • the control device 1 controls an industrial machine 3 installed at a manufacturing site such as a factory based on an operation by an operator.
  • the terminal 8 is, for example, a terminal owned by an administrator who manages the control device 1.
  • the CPU 11 provided in the control device 1 is a processor that controls the entire control device 1.
  • the CPU 11 reads the system program stored in the ROM 12 via the bus 22, and controls the entire control device 1 according to the system program.
  • the RAM 13 temporarily stores temporary calculation data, display data, and various data input from outside.
  • the non-volatile memory 14 is composed of, for example, a memory backed up by a battery (not shown) or an SSD (Solid State Drive), and retains its memory state even when the power to the control device 1 is turned off.
  • the non-volatile memory 14 stores data acquired from the industrial machine 3, programs and data read from the external device 72 via the interface 15, programs and data input via the input device 71, programs and data acquired from other devices via the network 5, etc.
  • the programs and data stored in the non-volatile memory 14 may be expanded into the RAM 13 when executed/used.
  • various system programs such as well-known analysis programs are written in advance into the ROM 12.
  • the interface 15 is an interface for connecting the CPU 11 of the control device 1 to an external device 72 such as a USB device.
  • the external device 72 may be an external storage means such as a memory reader that reads and writes recording media such as CompactFlash (registered trademark) and SD cards, or a disk drive that reads and writes recording media such as CDs, DVDs, and BDs.
  • programs and setting data are read from the external device 72.
  • programs and setting data edited within the control device 1 can be stored in the external storage means via the external device 72.
  • the interface 20 is an interface for connecting the CPU 11 of the control device 1 to a wired or wireless network 5.
  • the network 5 is connected to control devices of other industrial machines, a fog computer 6, a cloud server 7, a terminal 8 operated by an administrator, etc., and exchanges data with the control device 1.
  • the display device 70 displays the various data loaded into the memory and the data obtained as a result of executing programs, etc., output via the interface 17.
  • the display device 70 may also be equipped with an LED indicator or warning lamp that shows the state of the machine.
  • the input device 71 which is composed of a keyboard, pointing device, card reader, etc., passes commands and data based on operations by the operator to the CPU 11 via the interface 18.
  • the control device 1 controls the industrial machinery 3 based on a control program, an external signal, an instruction from an operator, etc.
  • the industrial machinery 3 is a machine tool, an electric discharge machine, a robot, etc. that is installed at a manufacturing site such as a factory.
  • the terminal 8 operated by the administrator may be, for example, a personal computer installed remotely from the industrial machine 3 or the control device 1. It may also be a portable device or a wearable terminal carried by the administrator.
  • the terminal 8 exchanges data and programs with the control device 1 at least via the network 5 in response to the administrator's operations.
  • the CPU 811 provided in the terminal 8 is a processor that controls the entire terminal 8.
  • the CPU 811 reads the system program stored in the ROM 812 via the bus 822, and controls the entire terminal 8 in accordance with the system program.
  • the RAM 813 temporarily stores temporary calculation data, display data, and various data input from outside.
  • the non-volatile memory 814 is composed of, for example, a memory backed up by a battery (not shown) or an SSD (Solid State Drive), and the memory state is maintained even when the power supply of the terminal 8 is turned off.
  • the non-volatile memory 814 stores programs and data acquired from the control device 1 or other devices via the network 5, programs and data input via the input device 871, etc.
  • the programs and data stored in the non-volatile memory 814 may be expanded in the RAM 813 when executed/used.
  • various system programs such as well-known image processing programs are written in advance in the ROM 812.
  • the interface 815 is an interface for connecting the CPU 811 of the terminal 8 to an external device 872 such as a USB device.
  • the external device 872 may be an external storage means such as a memory reader for reading and writing recording media such as CompactFlash (registered trademark) and SD cards, or a disk drive for reading and writing recording media such as CDs, DVDs, and BDs.
  • programs and data are read from the external device 872.
  • programs and data created within the terminal 8 can be recorded in the external storage means via the external device 872.
  • the interface 820 is an interface for connecting the CPU 811 of the terminal 8 to the wired or wireless network 5.
  • the network 5 is connected to the control device 1, the industrial machine 3, the fog computer 6, the cloud server 7, etc., and exchanges data with the terminal 8.
  • the display device 870 displays data read into memory, data obtained as a result of executing programs, etc., output via the interface 817.
  • the input device 871 which is comprised of a keyboard, pointing device, touch panel, etc., passes instructions and data based on operations by the operator to the CPU 811 via the interface 818.
  • FIG. 2 is a schematic block diagram showing the functions of the control device 1 and terminal 8 according to this embodiment.
  • the functions of the control device 1 and terminal 8 according to this embodiment are realized by the CPU 11 of the control device 1 and the CPU 811 of the terminal 8 shown in FIG. 1 executing system programs and controlling the operation of each part of the control device 1 and terminal 8.
  • the control device 1 includes an operator authentication unit 100, an operation reception unit 110, an authority processing unit 120, a communication control unit 130, and an operation execution unit 140.
  • an authentication information storage unit 200 which is an area that stores in advance information required to authenticate an operator who operates each function of the control device 1 and the industrial machine 3
  • an authority information storage unit 210 which is an area that stores in advance authority information related to the operation of each function of the control device 1 and the industrial machine 3
  • a terminal information storage unit 220 which is an area that stores information related to the terminal used by the approver.
  • the operator authentication unit 100 authenticates the operator who operates the control device 1. Then, it outputs the identification information of the authenticated operator to the operation reception unit 110.
  • the operator authentication unit 100 displays a message on the display device 70 prompting the operator to input authentication information.
  • the operator authentication unit 100 may acquire authentication information input from the input device 71 in response to the message, and authenticate the operator based on the acquired authentication information.
  • the authentication information may be information that uniquely identifies the operator and a password corresponding to the identification information.
  • the operator authentication unit 100 that has acquired the authentication information compares the received authentication information with the information stored in the authentication information storage unit 200.
  • the operator authentication unit 100 may also display, for example, on the display device 70 to show a token such as an ID card held by the operator.
  • the operator authentication unit 100 performs a predetermined exchange with the token (such as matching a PIN code), and as a result, acquires information that uniquely identifies the operator from the token via the input device 71. Having acquired the operator's identification information, the operator authentication unit 100 compares the received identification information with the information stored in the authentication information storage unit 200.
  • the operator's identification information is stored in the authentication information storage unit 200, it determines that the operator has been correctly authenticated, and outputs the operator's identification information to the operation reception unit 110.
  • the operator authentication performed by the operator authentication unit 100 may use other known methods as long as the operator can be uniquely authenticated.
  • the operation reception unit 110 creates operation information based on the content of the operation performed by the worker. Then, it outputs the created operation information to the authority processing unit 120.
  • the operation accepted by the operation reception unit 110 includes, for example, an operation by the worker on the input device 71, an operation on an operation panel not shown, an operation request based on an external signal, an operation request from another computer such as the fog computer 6 via the network 5, and the like.
  • the content of the operation accepted by the operation reception unit 110 includes all operations that can be executed by the control device 1, such as operations related to the control of the industrial machine 3, operations related to the reading, writing, editing, execution, etc. of a control program for controlling the industrial machine 3, operations related to the setting of the control device 1, and operations related to maintenance such as data backup and restoration.
  • the operation information created by the operation reception unit 110 includes, for example, information that uniquely identifies the operator and information that specifies the operation content.
  • the information that uniquely identifies the operator included in the operation information may be the identification information of the operator input from the operator authentication unit 100.
  • the information identifying the operation content may include information that uniquely identifies the operation content and auxiliary information according to the operation content.
  • the auxiliary information may include, for example, a target or parameters related to the operation.
  • Figure 3 shows an example of operation information created based on an operator's operation.
  • the name of the operator, "Operator A” is included as information that uniquely identifies the operator.
  • the operation content is "change settings”
  • the auxiliary information includes information that the change target is "machining accuracy setting” and the change content is "change normal setting to emphasis on accuracy.” Note that the operation content does not necessarily need to include auxiliary information. For example, in the example of Figure 3, if there is no need to finely divide authority according to the change target and change content for the operation "change settings,” auxiliary information such as the change target and change content is not required.
  • the authority processing unit 120 judges whether the operator performing the operation has the authority for the operation content based on the operation information input from the operation reception unit 110 and the authority information stored in the authority information storage unit 210.
  • the authority information is information that associates, for each operation that can be performed by the control device 1, authority person identification information, which is information for identifying the person who has the authority to perform the operation, and approver identification information, which is information for identifying the person who approves the execution of the operation.
  • the authority processing unit 120 reads out the authority information corresponding to the operation content from the authority information storage unit 210 based on the operation content included in the operation information.
  • the authority processing unit 120 compares the operator identification information included in the operation information with the authority person identification information included in the read authority information to judge whether the operator has the authority to perform the operation. Then, if it is judged that the operator has the authority to perform the operation, it judges that the operator may perform the operation and instructs the operation execution unit 140 to perform the operation. On the other hand, if it is judged that the operator does not have the authority to perform the operation, it creates an operation permission request to be sent to any approver included in the approver identification information included in the read authority information. This operation permission request may include information that is useful for the approver to determine whether or not to permit the operation.
  • the operation permission request may include information that can uniquely identify the industrial machine 3, information that can uniquely identify the operator, the operation content, information related to the current operating state of the industrial machine 3 (alarms, coordinate values, etc.), information related to the operating environment of the industrial machine 3 (ambient temperature, etc.), and comments from the operator.
  • the communication control unit 130 is instructed to transmit the created operation permission request.
  • the unit determines that the operator may execute the operation, and instructs the operation execution unit 140 to execute the operation.
  • the operation permission response is "not permitted” the unit determines that the operator cannot execute the operation, and responds to the operator that the operation cannot be executed, and discards the operation information.
  • FIG. 4 shows an example of authority information stored in the authority information storage unit 210.
  • authorities such as operator D and operator E have the authority to execute the operation. Even if the operation cannot be executed, the operation can be executed by obtaining approval from an approver such as administrator A or administrator B.
  • the authority identification information may be a whitelist that specifies those who have the authority to execute the operation. It may also be a blacklist that specifies those who are prohibited from executing the operation. Furthermore, it may be a combination of these.
  • authority information is prepared for each operation, but for example, multiple operations may be grouped together and authority information may be created for all operations belonging to the group.
  • the authority identification information and approver identification information are created by operator and administrator, but group information that groups operators and administrators into specific groups may be created in advance, and the authority identification information and approver identification information may be created using the group information.
  • FIG. 5 is a diagram illustrating an example of a screen that allows the operator to make the necessary settings when the authority processing unit 120 sends an operation permission request.
  • the authority processing unit 120 sends an operation permission request to the terminal 8 used by the approver, it may display a screen that allows the operator to select the approver, as illustrated in FIG. 5.
  • it may be possible to input the purpose of performing the operation, etc., as a comment.
  • the authority processing unit 120 may discard operation information created based on an operation request from another computer via the network 5, as it is deemed that the operation cannot be executed. For example, even if a direct operation request is received from the terminal 8 owned by the administrator, the operation information relating to that operation may be discarded.
  • the communication control unit 130 transmits an operation permission request to the terminal 8 used by the approver in response to a command from the authority processing unit 120. Then, it receives an operation permission determination, which is a response to the operation permission request, from the terminal 8 used by the approver, and outputs it to the authority processing unit 120.
  • the communication control unit 130 refers to the terminal information storage unit 220 to identify the terminal 8 used by the approver.
  • FIG. 6 is a diagram showing an example of terminal information stored in the terminal information storage unit 220.
  • the terminal information storage unit 220 stores approver terminal information that associates the approver with information that identifies the terminal used by the approver in advance.
  • the terminal identification information may be information that can uniquely identify the terminal 8 used by the approver on the network 5, such as an IP address in a TCP/IP network or a computer name in a Windows network. It may also be an email address or an identification name on a specified SNS.
  • the terminal information stored in the terminal information storage unit 220 may be information related to the terminal 8 used by the administrator that is acquired in advance and stored. In addition, when the administrator changes the terminal 8 being used, the terminal information stored in the terminal information storage unit 220 may be updated based on a terminal information change command sent from the terminal 8.
  • the communication control unit 130 that is sent refers to the terminal information storage unit 220 to identify the terminal 8 being used by the approver included in the operation permission request, and transmits the operation permission request to the identified terminal 8.
  • the communication control unit 130 may be configured to use known techniques such as communication encryption and attachment of a digital signature when communicating with the terminal 8. Basically, it is desirable to make it impossible for anyone, including workers and administrators, to intercept or disguise the content of communications between the communication control unit 130 and the terminal 8.
  • the operation execution unit 140 then executes the operations of the worker based on commands from the authority processing unit 120.
  • the operations executed by the operation execution unit 140 include all operations that can be executed by the control device 1, such as operations related to the control of the industrial machine 3, operations related to reading, writing, editing, and executing control programs for controlling the industrial machine 3, and operations related to setting the control device 1.
  • the terminal 8 includes a communication control unit 880 and an operation possibility determination unit 890 .
  • the communication control unit 880 included in the terminal 8 receives the operation permission request transmitted from the control device 1 via the network 5. Then, the communication control unit 880 outputs the received operation permission request to the operation permission determination unit 890.
  • the operation permission determination unit 890 determines whether to grant the operator permission for the operation included in the operation permission request input from the communication control unit 880.
  • the operation permission determination unit 890 may present an operation permission determination screen to the approver, who is the user of the terminal 8, and prompt the approver to input whether or not to permit the operation.
  • FIG. 7 shows an example of the operation permission determination screen. As illustrated in FIG. 7, the operation permission determination screen shows the request contents included in the operation permission request to the approver. The approver selects whether to permit or reject the operation contents of the operator depending on the request contents.
  • the operation permission determination unit 890 creates an operation permission response based on the approver's selection, and outputs the created operation permission response to the communication control unit 880.
  • the communication control unit 880 transmits the operation permission response input from the operation permission determination unit 890 to the control device 1 via the network 5.
  • the communication control unit 880 may be configured to use known techniques such as communication encryption and attachment of a digital signature when communicating with the control device 1. Basically, it is desirable to prevent the content of communication between the communication control unit 880 and the control device 1 from being intercepted or disguised by anyone, including the worker or administrator.
  • FIG. 8 is a flowchart illustrating the flow of processes executed in the production system 300.
  • the operator authentication unit 100 first authenticates the operator as an operator (step SA01).
  • the operation reception unit 110 receives the operator's operation on the control device 1 (step SA02).
  • the authority processing unit 120 determines whether the authenticated operator has authority for the received operation (step SA03). If the operator has authority to perform the operation (step SA03: Yes), the operation execution unit 140 executes the operation (step SA11).
  • step SA03 If the operator does not have the authority to perform the operation (step SA03: No), the authority processing unit 120 creates an operation permission request according to the operator's instructions (step SA04), and the communication control unit 130 sends the created operation permission request to the terminal 8 (step SA05).
  • the operation permission determination unit 890 creates an operation permission response according to the approver's instructions (step SA07).
  • the communication control unit 880 then transmits the created operation permission response to the control device 1 (step SA08).
  • step SA09 the authority processing unit 120 judges whether the operator's operation is permitted or not based on the operation permission response (step SA10). If the operator's operation is permitted (step SA10: Yes), the operation execution unit 140 executes the operation (step SA11). On the other hand, if the operator's operation is not permitted (step SA10: No), the authority processing unit 120 responds to the operator that the operation cannot be executed and discards the operation information (step SA12). Thereafter, steps SA02 to SA12 are repeated while the operator is performing the operation.
  • the production system 300 makes it possible to perform necessary approval processing while reliably preventing the execution of operations unintended by the manager of the industrial machine 3 even when the manager is not near the control device 1.
  • the worker requests approval of an operation from the manager who is not present, and can perform the operation if the manager receives permission.
  • remote operation and information leakage can be prevented by not granting authority to operation requests sent to the control device 1 from an external computer via the network 5.
  • by not transmitting the authentication information of the approver to the worker arbitrary operation by the worker can be prevented.
  • necessary operations can be performed without being affected by the location or status of the manager, which greatly improves convenience and minimizes the downtime of the machine.
  • the authority processing unit 120 may record the time when the operation permission request is sent to the terminal 8. Then, if a predetermined time has elapsed since the operation permission request was sent and no operation permission response has been received, a response may be sent to the operator that the operation in the operation permission request cannot be executed, and the operation information may be discarded. Also, the operator may cancel the operation after the operation permission request is sent but before the operation permission response is received.
  • This configuration makes it possible to flexibly respond to the situations of the operator and approver, such as when the approver is too busy to respond, when it is no longer necessary to execute the operation for which permission has been requested, or when the approver is changed.
  • the communication control unit 130 may restrict the sending of an operation permission request depending on the connection status of the terminal 8 to the network 5.
  • the terminal information storage unit 220 manages the connection status of the terminal 8 used by each approver to the network 5. Then, if the approver selected by the operator is connected to the network 5 via a provider outside the factory, the operator may be notified to change the settings of the operation permission request since the selected approver is inappropriate as a destination for the operation permission request. By configuring in this way, it becomes possible to achieve security that takes into account the connection status of the terminal 8.
  • the communication control unit 130 may include predetermined code information in the operation permission request sent to the terminal 8. At this time, the communication control unit 130 stores the sent operation permission request.
  • the communication control unit 880 of the terminal 8 includes the same code information included in the operation permission request in the operation permission response corresponding to the operation permission request.
  • the communication control unit 130 of the control device 1 that receives the operation permission response determines whether the code information included in the received operation permission response matches the code information included in the operation permission request stored at the time of transmission. If they do not match, the received operation permission response is discarded. This configuration makes it possible to respond to attacks in which operation permission information is intentionally created and sent.
  • the production system 300 it is possible to treat a person who is determined to have the authority to perform an operation according to the authority identification information as the approver without providing approver identification information in the authority information.
  • a person who has the authority to perform an operation may also work as an approver.
  • by configuring the system so that a person who has the authority to perform an operation can be selected as the approver it is possible to save on the storage area prepared for the authority information storage unit 210 and also to avoid the trouble of setting up a separate approver.
  • control device 1 may be incorporated as a component of the industrial machine 3.
  • each function of the control device 1 is implemented as a component of the industrial machine 3.
  • FIG. 9 is a schematic block diagram showing functions of the control device 1 and the terminal 8 according to the second embodiment.
  • the functions of the control device 1 and the terminal 8 according to this embodiment are realized by the CPU 11 of the control device 1 and the CPU 811 of the terminal 8, shown in FIG. 1, executing system programs and controlling the operation of each part of the control device 1 and the terminal 8.
  • the production system 300 differs from the production system 300 according to the first disclosure in that the authentication information storage unit 200, the authority information storage unit 210, and the terminal information storage unit 220 that were provided in the control device 1 are provided on a higher-level computer such as a fog computer 6.
  • the operator authentication unit 100, the authority processing unit 120, and the communication control unit 130 provided in the control device 1 access the fog computer 6 via the network 5 when accessing the authentication information stored in the authentication information storage unit 200, the authority information stored in the authority information storage unit 210, and the terminal information stored in the terminal information storage unit 220.
  • the access is secure using known encryption and digital signature techniques. Otherwise, it is the same as the production system 300 according to the first disclosure.
  • the production system 300 which has the above configuration, is capable of centrally managing the authentication information stored in the authentication information storage unit 200, the authority information stored in the authority information storage unit 210, and the terminal information stored in the terminal information storage unit 220. In addition, this information can be shared and used by multiple control devices 1. This improves the maintainability of the information that needs to be managed in the production system 300.
  • each function other than the operation reception unit 110, the authority processing unit 120, the communication control unit 130, and the operation execution unit 140 may be provided, for example, on a computer provided alongside the control device 1 or on another computer connected to the control device 1 via a network.
  • the operator authentication unit 100 may also be provided on another computer or a higher-level computer, rather than on the control device 1.
  • the control device 1 transmits the acquired information for identifying the operator and information for authenticating the operator to the operator authentication unit 100 provided on the other computer or the higher-level computer. Then, by receiving a response indicating that the operator has been authenticated, it may be determined that the operator has been correctly authenticated.
  • the production system 300 makes it possible to carry out the necessary approval process while reliably preventing the manager of the industrial machine 3 from performing operations unintended by the manager, even if the manager is not near the control device 1.
  • a production system (300) includes a control device (1) that controls an industrial machine (3) used by an operator for work, a terminal (8) that is connected to the control device (1) via a network (5) and is used by an approver who approves operations by the operator related to functions of the control device (1) and the industrial machine (3), an authority information storage unit (210) that stores authority information related to the operations, and a terminal information storage unit (220) that stores terminal information related to the terminal (8).
  • the control device (1) includes an operation reception unit (110) that receives operations by the operator, an authority processing unit (120) that determines whether the operator is allowed to execute the operations based on the authority information stored in the authority information storage unit (210), and a first communication control unit (130) that controls communication between the control device (1) and the terminal (8) used by the approver based on the terminal information stored in the terminal information storage unit (220).
  • the terminal (8) comprises a second communication control unit (880) that controls communication with the control device (1), and an operation feasibility determination unit (890) that determines whether the operator can perform the operation based on the operation of the approver, and the authority processing unit (120) refers to the authority information storage unit (210) and, if the operator has authority for the operation, or sends a request for approval of the execution of the operation by the operator to the terminal (8) via the first communication control unit (130), and, if a response is obtained in response to the request indicating that the operation by the operator has been approved, determines that the operator may perform the operation, and if a response is obtained in response to the request indicating that the operation by the operator has not been approved, determines that the operator cannot perform the operation.
  • the authority processing unit (120) further determines that the operation cannot be executed if the operation was obtained via a network (5).
  • the terminal information stored in the terminal information storage unit (220) is further updated when there is a change in the terminal (8) used by the approver.
  • the authority processing unit (120) further determines that the operation cannot be executed if the response is not obtained within a predetermined period of time after sending the request.
  • the authority processing unit (120) further notifies an operator of information regarding the connection state to the terminal (8) attempting to transmit the request.
  • the first communication control unit (130) further includes predetermined code information in the request to be sent to the terminal (8), and when a response to the request is received, if the code information included in the response does not match the response included in the request, the received response is discarded.
  • a control device (1) includes an operation receiving unit (110) that receives an operation by an operator, an authority processing unit (120) that refers to an authority information storage unit (210) that stores authority information related to the operation and determines whether the operator is allowed to execute the operation, a first communication control unit (130) that refers to a terminal information storage unit (220) that stores terminal information related to the terminal (8) used by an approver who approves the operation by the operator related to functions of the control device (1) and the industrial machine (3) to be controlled, and controls communication between the terminal (8) used by the approver, and based on the result of the determination by the authority processing unit (120), and an operation execution unit (140) that executes the operation based on the authority information stored in the authority information storage unit (210), and the authority processing unit (120) refers to the authority information storage unit (210) and, if the operator has the authority for the operation, or sends a request for approval of the execution of the operation by the operator to the terminal (8) via the first communication control unit (
  • Reference Signs List 1 Control device 3 Industrial machine 5 Network 6 Fog computer 7 Cloud server 8 Terminal 11 CPU 12 ROM 13 RAM 14 Non-volatile memory 15, 17, 18, 20 Interface 22 Bus 70 Display device 71 Input device 72 External device 100 Operator authentication unit 110 Operation reception unit 120 Authorization processing unit 130 Communication control unit 140 Operation execution unit 200 Authentication information storage unit 210 Authorization information storage unit 220 Terminal information storage unit 300 Production system 811 CPU 812 ROM 813 RAM 814 Non-volatile memory 815, 817, 818, 820 Interface 822 Bus 870 Display device 871 Input device 872 External device 880 Communication control unit 890 Operation possibility determination unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Safety Devices In Control Systems (AREA)
  • General Factory Administration (AREA)
PCT/JP2022/038490 2022-10-14 2022-10-14 生産システム及び制御装置 Ceased WO2024079916A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2022/038490 WO2024079916A1 (ja) 2022-10-14 2022-10-14 生産システム及び制御装置
JP2024551053A JP7835879B2 (ja) 2022-10-14 2022-10-14 生産システム及び制御装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/038490 WO2024079916A1 (ja) 2022-10-14 2022-10-14 生産システム及び制御装置

Publications (1)

Publication Number Publication Date
WO2024079916A1 true WO2024079916A1 (ja) 2024-04-18

Family

ID=90669289

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/038490 Ceased WO2024079916A1 (ja) 2022-10-14 2022-10-14 生産システム及び制御装置

Country Status (2)

Country Link
JP (1) JP7835879B2 (https=)
WO (1) WO2024079916A1 (https=)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002163016A (ja) * 2000-11-27 2002-06-07 Canon Inc 産業用機器の管理システム及び管理方法
JP2008189261A (ja) * 2007-02-07 2008-08-21 Quality Kk 車両管理システムおよび資格管理プログラム
JP2019102046A (ja) * 2017-12-06 2019-06-24 新東工業株式会社 産業機械起動制御システム、起動制御方法、及びプログラム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002163016A (ja) * 2000-11-27 2002-06-07 Canon Inc 産業用機器の管理システム及び管理方法
JP2008189261A (ja) * 2007-02-07 2008-08-21 Quality Kk 車両管理システムおよび資格管理プログラム
JP2019102046A (ja) * 2017-12-06 2019-06-24 新東工業株式会社 産業機械起動制御システム、起動制御方法、及びプログラム

Also Published As

Publication number Publication date
JP7835879B2 (ja) 2026-03-25
JPWO2024079916A1 (https=) 2024-04-18

Similar Documents

Publication Publication Date Title
CN110083129B (zh) 工业控制器模块、实现其安全性的方法和计算机可读介质
JP7710835B2 (ja) 構成エンジニアリングおよびランタイムアプリケーションの人プロファイルおよび指紋認証
CN1737719B (zh) 用于工业自动化系统的安全系统与方法
US8670868B2 (en) System and a method for providing safe remote access to a robot controller
US8989386B2 (en) Method and device for providing at least one secure cryptographic key
US10075450B2 (en) One time use password for temporary privilege escalation in a role-based access control (RBAC) system
EP3036928B1 (en) Mobile device authentication
CN102742243B (zh) 检查用于ied的配置修改的方法及装置
EP3920060A1 (en) User security credentials as an element of functional safety
CN112769808B (zh) 用于工业局域网的移动堡垒机及其运维方法、计算机设备
JP6457471B2 (ja) 操作者識別システム
JP6640802B2 (ja) エッジサーバ及びアプリケーションセキュリティ管理システム
CN116360300A (zh) 工业功能安全系统、方法及介质
EP3667526B1 (en) Rapid file authentication on automation devices
US20080201582A1 (en) Method for Setting an Electrical Field Device
KR102137309B1 (ko) 원격 접속 제어 기반 기기 통합 모니터링 시스템
US12155758B2 (en) Safety system and maintenance method
EP3920063B1 (en) Safety system and maintenance method
CN117763525A (zh) 一种移动终端信息安全防护系统和方法
JP7835879B2 (ja) 生産システム及び制御装置
CN114491433A (zh) 用于工程设备的控制方法、处理器及云服务器
US20220092011A1 (en) Usb connection management
CN108268796B (zh) 一种基于离线密码的离线管理方法及装置
US20250238021A1 (en) Method for Operating a Networked IoT Device in an Automation Network, IoT Device, and Automation Network
KR102855023B1 (ko) IoT 장치 제어 방법 및 그 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22962133

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2024551053

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22962133

Country of ref document: EP

Kind code of ref document: A1