CN101697188A - PLC program protection method, access method and device thereof - Google Patents
PLC program protection method, access method and device thereof Download PDFInfo
- Publication number
- CN101697188A CN101697188A CN200910104018A CN200910104018A CN101697188A CN 101697188 A CN101697188 A CN 101697188A CN 200910104018 A CN200910104018 A CN 200910104018A CN 200910104018 A CN200910104018 A CN 200910104018A CN 101697188 A CN101697188 A CN 101697188A
- Authority
- CN
- China
- Prior art keywords
- access
- program
- plc
- user
- plc program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
- Programmable Controllers (AREA)
Abstract
The invention discloses a PLC program protection method, an access method and a device thereof. The PLC program protection method comprises the following: step A, creating users and setting user access management mechanisms; step B, programming and setting program access management mechanisms; step C, setting encryption modes; and step D, saving programs. The invention also discloses a device for implementing the PLC program protection method. The device comprises an embedded microprocessor connected with a communication bus, a memory, an extraction device for personal biological unique identification codes, a USB interface circuit and an auxiliary circuit. The invention can provide security protection for PLC programs and prevent the illegal access of unauthorized people to the programs. Due to hardware devices and symmetric encryption-decryption algorithms, the programs are not easy to crack and can be further protected.
Description
Technical field
The present invention relates to the software protection field, relate in particular to guard method, access method and the device thereof of a kind of PLC (Programmable Logic Controller) program.
Background technology
Along with the develop rapidly of automatic technology, PLC is widely used in industry-by-industry, as chemical industry, metallurgy, machinery, tobacco, automobile etc.PLC software is used to finish the real-time control of basic automatization, is the core in the industrial automation control.But concerning the PLC program, there is not a kind of good safeguard measure, the protection that PLC manufacturing company only provides PLC to develop software, as adopt modes such as soft mandate (as authorization code, authority etc.) or Dongle.But for the arduous PLC program that develops of individual and company, lack effective salvo,, just can realize reading arbitrarily, revise, duplicate, writing the PLC program once obtained the PLC program by the stranger.Like this, concerning factory, not only the security of control system is affected, and also there is the possibility of leakage in production technology; And for the developer of PLC application program, his achievement can not get protection, is obtained by the rival easily, and enterprises and individuals's interests all can be encroached on.
Different with general computer software: the PLC program is to finish software development and modification on computers, but operates on the PLC; The processing power of PLC is not so good as computing machine, but only moves special software, its reliability height.At present, a lot of both at home and abroad for the method for software cryptography, deciphering, but for the guard method of PLC program seldom.Part producer has released the fingerprint recognition type USB flash disk, is used for the file to the protection USB flash disk, but does not relate to the protection of the PLC program among computing machine and the PLC, does not also have user access mechanism and routine access mechanism.U.S. Pat 20040260954A1, name is called the control subsystem that a kind of automated system of " biometry PLC access control system and method " middle proposition is used to insert PLC.But this scheme just can allow user capture or refusing user's visit PLC, to the source code protection of control program, does not also have user access mechanism and routine access mechanism.Chinese patent application number is 200710111294.5, name be called " encrypt, decryption method, and the PLC system of using said method " in propose the information in the storer is encrypted, deciphered.This method can be protected the PLC program to a certain extent, but has the following disadvantages: only considered programmed protection in the storer, do not related to PLC programmed protection in the computing machine; Its access control is at single control program, not to partial content in the program, such as the access control of function program, program segment, functional block etc., does not have functions such as Visitor Logs, multi-user visit simultaneously, graded encryption, stack encryption.
Summary of the invention
An object of the present invention is to provide a kind of PLC program protection method, can protect the PLC program among computing machine and the PLC, and user capture administrative mechanism and routine access administrative mechanism are provided, protect the PLC program's source code better.
In order to realize above purpose, the present invention has adopted following technical scheme:
A kind of PLC program protection method: may further comprise the steps:
Steps A: create the user, the user capture administrative mechanism is set;
Step B: programming, setting program Access Management Access mechanism;
Step C: cipher mode is set;
Step D: save routine.
Wherein: what the user capture administrative mechanism in the steps A was concrete organizes for setting up personal user or user, adopts autonomous access control policy, forces access control policy, role access mechanism policy.Routine access administrative mechanism among the step B comprises program authorization administrative mechanism, Visitor Logs mechanism, while access mechanism.Cipher mode among the step C adopts symmetric encipherment algorithm to encrypt for adopting individual biology unique identification sign indicating number as key, and the form of encryption can and/or superpose for graded encryption and encrypt.Wherein individual biology unique identification sign indicating number can be fingerprint, palmmprint, DNA, iris.Wherein symmetric encipherment algorithm can be DES, 3DES, aes algorithm.
Another object of the present invention provides a kind of access method of using the PLC program of above-mentioned guard method protection, in order to achieve this end, adopts following scheme: said method comprising the steps of: steps A ': open PROGRAMMED REQUESTS; Step B ': user identity is identified, if coupling then allows to open program, otherwise refusal is opened program; Step C ': access program request; Step D ': the routine access authority relatively if mate, then allows access program, otherwise refuses this visit; Step e ': access program, carry out the reading of program, revise, upload, download, operation such as mandate; Step F ': save routine, carry out authority setting and encryption, otherwise do not preserve by the user and routine access administrative mechanism, the cipher mode that are provided with;
Another object of the present invention provides a kind of device that is used to realize the PLC program protection method, in order to reach this purpose, adopt following technical scheme: this device comprises embedded microprocessor, storer, individual biology unique identification sign indicating number extraction element, usb circuit and the auxiliary circuit that links to each other with communication bus; Wherein embedded microprocessor be used to realize to encrypt, the calculating of decipherment algorithm, and the management of user access mechanism, routine access mechanism; Storer is used to store ephemeral data, user capture administrative mechanism information, routine access administrative mechanism information, key, encrypting and decrypting algorithm and PLC program, and the storer that relates to has EPROM, RAM, ROM, flash memory etc.; Individual's biology unique identification sign indicating number extraction element is used to extract individual biology unique identification sign indicating number; Usb circuit is the USB transceiver, and public mouth links to each other with USB interface on the computing machine, female mouth is encrypted with other, the public mouth of decryption device links to each other, the communication between implement device and computing machine or device; Auxiliary circuit comprises clock, electrify restoration circuit, timer, is used to support the power supply of whole device and basic control.
Beneficial effect:
The present invention can provide safeguard protection to the PLC program, prevents the unauthorized access of unauthorized people to program; The unique mark code of individual's biology is as key, convenient and reliable; Adopt hardware unit and symmetric cryptography decipherment algorithm, be difficult for being cracked; Adopt user access mechanism and routine access mechanism, further improve protection program.
Description of drawings
Fig. 1 is user capture administrative mechanism of the present invention, routine access administrative mechanism synoptic diagram;
Fig. 2 is a kind of PLC programmed protection schematic representation of apparatus among the present invention;
Fig. 3 is a kind of PLC programmed protection process flow diagram among the present invention;
Fig. 4 uses the process flow diagram of the PLC program of guard method protection shown in Figure 3 for visit.
Embodiment
Below in conjunction with drawings and Examples the present invention is done detailed description:
Embodiment 1: as Fig. 1, shown in Figure 3, a kind of PLC program protection method may further comprise the steps:
Steps A: create the user, the user capture administrative mechanism is set;
The user capture administrative mechanism is meant a kind of user management mechanism, sets up personal user or user group, adopts autonomous access control policy, forces access strategies such as access control policy, role access mechanism policy.Autonomous access control policy is an Access Control service, and it executes a safety policy based on the mandate of system entity identity and their access system resources.Forcing access control policy is that " forcing " gives the visit main body, and promptly system forces main body to obey the access control policy.The role access mechanism policy is to authorize different authorities according to role's division.
Step B: programming, setting program Access Management Access mechanism;
The routine access administrative mechanism comprises program authorization administrative mechanism, Visitor Logs mechanism, while access mechanism.The program authorization administrative mechanism is divided into grading authorized administrative mechanism, intersection empowerment management mechanism, authorizes time limit administrative mechanism etc.Grading authorized administrative mechanism can be divided into program whole procedure, function program, program segment, functional block etc. and authorize respectively.The empowerment management mechanism of intersecting be meant the manager of programming can local or by Ethernet with the access rights mandate of program other people, require both sides' encryption, the USB mouth that decryption device all inserts computing machine.The licensing term administrative mechanism is meant and can sets valid period to authorizing, need to authorize again to after date, otherwise its original mandate lost efficacy.The Visitor Logs administrative mechanism is meant the visit of the automatic recording user of software to program, comprises establishment, reads, revises, uploads, downloads, intersects operation and content of operation such as empowerment management mechanism.The mechanism of Access Management Access simultaneously is meant that the multi-user can be simultaneously according to the authority access program of setting.
Organically combine by user capture administrative mechanism and routine access administrative mechanism, the user can not conduct interviews to unauthorized program, can realize the effective management to the PLC program, protects the PLC program better.As shown in Figure 1, wherein program 1 is divided into function program 1 and function program 2.Function program 1 is divided into program segment 11 and program segment 12 again, and then program segment 11 comprises functional block 111 and functional block 112 again, and program segment 12 comprises functional block 121 and functional block 122 again.Equally, function program 2 is divided into program segment 21 and program segment 22 again, and then program segment 21 comprises functional block 211 and functional block 212 again, and program segment 22 comprises functional block 221 and functional block 222 again.Dividing user role is keeper A, one-level developer B, secondary developer C, maintenance person D, group member E.Keeper A is the supvr of whole PLC program 1, has establishment, reads, revises, uploads, downloads, intersects functions such as mandate.One-level developer B is the developer of program 1, has establishment, reads, revises, uploads, function such as download.Secondary developer C1 is that developer, the C2 of function program 1 is the developer of function program 2, have read, revise, upload, function such as download.Maintenance person D is the guardian of whole PLC program, have read, revise, upload, function such as download.Group member E is the visitor of whole procedure 1, and E1 is the visitor of function program 1, and E2 is the visitor of program segment 11, has function such as to read.Like this, secondary developer C1 just can only conduct interviews to function program 1, and can not access function program 2, and does not have and upload, download, intersect the function of authorizing, and other by that analogy.
Step C: cipher mode is set;
Encryption is meant the unique mark code of biology of using the individual as key, and the key here can adopt other mode certainly.Adopt symmetric encipherment algorithm that program is encrypted, wherein symmetric encipherment algorithm can be DES, 3DES, AES etc.The present invention adopts graded encryption mechanism, and degree of secrecy that can follow procedure adopts different encryption methods to different function programs, program segment, functional block, and stackable encryption is to realize the protection to the PLC program.Certainly also can adopt other concrete encrypted form here.With the aes algorithm is example, introduces ciphering process.Encrypted program is divided into 128, carries out iterative computation with a function, initial key is exactly a master key.Enter 10 then and take turns iteration, preceding 9 take turns identical, successively through byte replace, row displacement, row mix, round key adds last and takes turns Exclude Col and mix.
Step D: save routine; Carry out authority setting and encryption by the user and routine access administrative mechanism, the cipher mode that are provided with.
Bolt down procedure;
Embodiment 2: as shown in Figure 4: a kind of access method of using the PLC program of above-mentioned guard method protection may further comprise the steps:
Steps A ': open PROGRAMMED REQUESTS;
Step B ': user identity identifies that if effectively, then allow to open program, otherwise refusal is opened program;
Step C ': access program request;
Step D ': the routine access authority relatively if mate, then allows access program, otherwise refuses this visit;
Step e ': access program, carry out the reading of program, revise, upload, download, operation such as mandate;
Step F ': save routine, carry out authority setting and encryption, otherwise do not preserve by the user and routine access administrative mechanism, the cipher mode that are provided with; What the mode of Jia Miing adopted here is the cipher mode described in the preamble, is not repeating at this.
Bolt down procedure.
Embodiment 3: as shown in Figure 2: a kind of device that is used to realize the PLC program protection method, and adopt following technical scheme: this device comprises embedded microprocessor, storer, individual biology unique identification sign indicating number extraction element, usb circuit and the auxiliary circuit that links to each other with communication bus; Wherein embedded microprocessor be used to realize to encrypt, the calculating of decipherment algorithm, and the management of user access mechanism, routine access mechanism; Storer is used to store ephemeral data, user capture administrative mechanism information, routine access administrative mechanism information, key, encrypting and decrypting algorithm and PLC program, and the storer that relates to has EPROM, RAM, ROM, flash memory etc.; Individual's biology unique identification sign indicating number extraction element is used to extract individual biology unique identification sign indicating number; Individual's biology unique identification sign indicating number can be selected fingerprint, palmmprint, DNA, iris etc.Usb circuit is the USB transceiver, and public mouth links to each other with USB interface on the computing machine, female mouth is encrypted with other, the public mouth of decryption device links to each other, the communication between implement device and computing machine or device; Auxiliary circuit comprises clock, electrify restoration circuit, timer, is used to support the power supply of whole device and basic control.
The below concrete in conjunction with the accompanying drawings specific embodiment of having described, but any modifications and variations of being done in the claim protection domain all drop within the protection of the present invention.
Claims (11)
1. PLC program protection method is characterized in that: may further comprise the steps:
Steps A: create the user, the user capture administrative mechanism is set;
Step B: programming, setting program Access Management Access mechanism;
Step C: cipher mode is set;
Step D: save routine.
2. PLC program protection method according to claim 1; it is characterized in that: the user capture administrative mechanism in the described steps A is specially: set up personal user or user group, come leading subscriber by autonomous access control policy, pressure access control policy and role access mechanism policy.
3. PLC program protection method according to claim 1 is characterized in that: the routine access administrative mechanism among the described step B comprises program authorization administrative mechanism, Visitor Logs mechanism, while access mechanism.
4. PLC program protection method according to claim 1 is characterized in that: the cipher mode among the described step C adopts symmetric encipherment algorithm to encrypt for adopting individual biology unique identification sign indicating number as key.
5. PLC program protection method according to claim 4 is characterized in that: the form that described cryptographic algorithm is encrypted is that graded encryption and/or stack are encrypted.
6. PLC program protection method according to claim 4 is characterized in that: described symmetric encipherment algorithm is wherein a kind of of DES, 3DES, aes algorithm.
7. PLC program protection method according to claim 4 is characterized in that: described individual biology unique identification sign indicating number is a kind of in fingerprint, palmmprint, DNA, the iris.
8. access method to the PLC program of using the described guard method protection of claim is characterized in that: may further comprise the steps:
Steps A ': open PROGRAMMED REQUESTS;
Step B ': user identity is identified, if coupling then allows to open program, otherwise refusal is opened program;
Step C ': access program request;
Step D ': the routine access authority relatively if mate, then allows access program, otherwise refuses this visit;
Step e ': access program, carry out the reading of program, revise, upload, download, operation such as mandate;
Step F ': save routine, carry out authority setting and encryption, otherwise do not preserve by the user and routine access administrative mechanism, the cipher mode that are provided with.
9. access method according to claim 8 is characterized in that: described step e ' in download be specially: user and routine access administrative mechanism, cipher mode, key are downloaded to the PLC storer; Described uploading is specially: will upload in the computing machine through encrypted program.
10. device that is used to realize the PLC program protection method, it is characterized in that: described device comprises embedded microprocessor, storer, individual biology unique identification sign indicating number extraction element, usb circuit and the auxiliary circuit that links to each other with communication bus;
Wherein embedded microprocessor be used to realize to encrypt, the calculating of decipherment algorithm, and the management of user access mechanism, routine access mechanism;
Storer is used to store ephemeral data, user capture administrative mechanism information, routine access administrative mechanism information, key, encrypting and decrypting algorithm and PLC program;
Individual's biology unique identification sign indicating number extraction element is used to extract individual biology unique identification sign indicating number;
Usb circuit is the USB transceiver, and public mouth links to each other with USB interface on the computing machine, female mouth is encrypted with other, the public mouth of decryption device links to each other, the communication between implement device and computing machine or device;
Auxiliary circuit comprises clock, electrify restoration circuit, timer, is used to support the power supply of whole device and basic control.
11. PLC programmed protection device according to claim 10 is characterized in that: described storer is a kind of in EPROM, RAM, ROM, the flash memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910104018A CN101697188A (en) | 2009-06-04 | 2009-06-04 | PLC program protection method, access method and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910104018A CN101697188A (en) | 2009-06-04 | 2009-06-04 | PLC program protection method, access method and device thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101697188A true CN101697188A (en) | 2010-04-21 |
Family
ID=42142292
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910104018A Pending CN101697188A (en) | 2009-06-04 | 2009-06-04 | PLC program protection method, access method and device thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101697188A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236765A (en) * | 2010-04-30 | 2011-11-09 | 深圳市合信自动化技术有限公司 | Method and device for protecting programmable logic controller (PLC) safely |
| CN102354142A (en) * | 2011-07-26 | 2012-02-15 | 深圳市麦格米特控制技术有限公司 | Encryption method for programmable logic controller (PLC) |
| CN103258168A (en) * | 2012-02-17 | 2013-08-21 | 西门子公司 | Encryption system and encryption method for programmable logic controller (PLC) |
| CN103269481A (en) * | 2013-05-13 | 2013-08-28 | 广东欧珀移动通信有限公司 | Method and system for encrypting and protecting procedure or file of portable electronic equipment |
| CN104054087A (en) * | 2012-01-12 | 2014-09-17 | 株式会社日立制作所 | Control device monitoring system and monitoring method for control device |
| CN104597833A (en) * | 2015-01-14 | 2015-05-06 | 上海海得控制***股份有限公司 | PLC protection system and method |
| CN105843157A (en) * | 2016-03-30 | 2016-08-10 | 上海云统信息科技有限公司 | PLC system having remote data tracking and capturing function and operating method thereof |
| CN108628242A (en) * | 2018-04-12 | 2018-10-09 | 宇环数控机床股份有限公司 | A kind of machine tool encryption and decryption and authorization method based on PLC control platforms |
| CN111552172A (en) * | 2020-04-27 | 2020-08-18 | 浙江中控技术股份有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN114167804A (en) * | 2021-11-10 | 2022-03-11 | 汤臣智能科技(深圳)有限公司 | Authentication method and system for PLC encryption program |
-
2009
- 2009-06-04 CN CN200910104018A patent/CN101697188A/en active Pending
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236765B (en) * | 2010-04-30 | 2015-04-15 | 深圳市合信自动化技术有限公司 | Method and device for protecting programmable logic controller (PLC) safely |
| CN102236765A (en) * | 2010-04-30 | 2011-11-09 | 深圳市合信自动化技术有限公司 | Method and device for protecting programmable logic controller (PLC) safely |
| CN102354142A (en) * | 2011-07-26 | 2012-02-15 | 深圳市麦格米特控制技术有限公司 | Encryption method for programmable logic controller (PLC) |
| CN104054087A (en) * | 2012-01-12 | 2014-09-17 | 株式会社日立制作所 | Control device monitoring system and monitoring method for control device |
| CN103258168B (en) * | 2012-02-17 | 2016-08-10 | 西门子公司 | The encryption system of programmable logic controller (PLC) and encryption method thereof |
| CN103258168A (en) * | 2012-02-17 | 2013-08-21 | 西门子公司 | Encryption system and encryption method for programmable logic controller (PLC) |
| CN103269481A (en) * | 2013-05-13 | 2013-08-28 | 广东欧珀移动通信有限公司 | Method and system for encrypting and protecting procedure or file of portable electronic equipment |
| CN104597833A (en) * | 2015-01-14 | 2015-05-06 | 上海海得控制***股份有限公司 | PLC protection system and method |
| CN104597833B (en) * | 2015-01-14 | 2017-03-22 | 上海海得控制***股份有限公司 | PLC protection system and method |
| CN105843157A (en) * | 2016-03-30 | 2016-08-10 | 上海云统信息科技有限公司 | PLC system having remote data tracking and capturing function and operating method thereof |
| CN105843157B (en) * | 2016-03-30 | 2018-10-12 | 上海云统信息科技有限公司 | PLC system and its working method with teledata trace trap function |
| CN108628242A (en) * | 2018-04-12 | 2018-10-09 | 宇环数控机床股份有限公司 | A kind of machine tool encryption and decryption and authorization method based on PLC control platforms |
| CN111552172A (en) * | 2020-04-27 | 2020-08-18 | 浙江中控技术股份有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN111552172B (en) * | 2020-04-27 | 2023-12-15 | 浙江中控技术股份有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN114167804A (en) * | 2021-11-10 | 2022-03-11 | 汤臣智能科技(深圳)有限公司 | Authentication method and system for PLC encryption program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101697188A (en) | PLC program protection method, access method and device thereof | |
| CN101329658A (en) | Encryption and decryption method, and PLC system using the same | |
| US20070179891A1 (en) | Security control method for data transmission process of software protection apparatus and apparatus thereof | |
| CN100520671C (en) | Finger print encryption and decryption method of electron decument | |
| US7971017B1 (en) | Memory card with embedded identifier | |
| CN100541443C (en) | The method and system that is used for deal with data | |
| CN108681909B (en) | Intelligent anti-counterfeiting device and source tracing anti-counterfeiting method based on block chain intelligent contract | |
| CN106953724A (en) | The method of dynamic encryption formula fingerprint sensor and dynamic encryption finger print data | |
| CN102427449A (en) | Trusted mobile storage method based on security chips | |
| RU2261315C2 (en) | Key-operated locking device | |
| CN104219044B (en) | A kind of key secret method for being used to encrypt storage device | |
| CN105450419B (en) | Improve the methods, devices and systems of biometric identification security | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| CN102947836A (en) | Storage device, host device, and method for communicating a password between first and second storage devices using a double-encryption scheme | |
| US8522351B2 (en) | Production security control apparatus for software products and control method thereof | |
| US8832446B2 (en) | Secure data transfer in an automation network | |
| CN101004722A (en) | Memory device, memory device,method and computer programme unit for transfer data from the first storage device to the second storage device | |
| CN103093137A (en) | File safe distribution method based on universal series bus (USB) flash disk | |
| CN1254723C (en) | Portable authorization device for authorizing use of protected information and associated method | |
| CN115730339A (en) | Method and system for protecting plug-in code and preventing leakage based on IDE source code | |
| CN100543762C (en) | Computer-aided design data encryption protecting method based on hardware environment | |
| CN111191194B (en) | Off-line use permission system for multi-core processor software integrated development environment | |
| CN103873230A (en) | Single-direction encryption-decryption technology | |
| CN104462932A (en) | Method for generating and verifying maintenance password of embedded device | |
| CN101539979A (en) | Method for controlling and protecting electronic document and device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100421 |