Search

EP-3998542-B1 - CONTROL SYSTEM AND CONTROL METHOD

EP3998542B1EP 3998542 B1EP3998542 B1EP 3998542B1EP-3998542-B1

Inventors

  • NISHIYAMA, YOSHIHIDE
  • NAGATA, YUTA

Dates

Publication Date
20260513
Application Date
20200305

Claims (6)

  1. A control system (2) comprising a plurality of units, wherein the plurality of units comprise a master unit (300) connected to an internal bus (10), and a slave unit (200) connected to the internal bus (10) and configured to communicate with the master unit (300) via the internal bus (10), the master unit (300) comprises a nonvolatile memory (308) configured to store first security information (330) as information to be concealed, the first security information including at least account information of a user, the slave unit (200) comprises a volatile memory (206), and the slave unit (200) is configured to receive the first security information (330) from the master unit (300) at a predetermined timing and store the first security information (330) in the volatile memory (206), wherein in response to reception of a request for data access to the slave unit (200) from an external device (500) configured to be communicable with the slave unit (200), the slave unit (200) requests the external device (500) to input account information, in a case where the account information input to the external device (500) is registered in the first security information (330) stored in the volatile memory (206), the slave unit (200) allows data access to the slave unit (200) by the external device (500), the slave unit (200) further comprises a nonvolatile memory (208) configured to store second security information (230) as information to be concealed, the second security information including at least one of account information of a user or a digital certificate, and in a case where there is conflicting information between information included in the first security information (330) and information included in the second security information (230), the slave unit (200) determines which of the conflicting information to prioritize in accordance with a predetermined rule.
  2. The control system according to claim 1, wherein the predetermined timing includes a timing at which power of the control system (2) is turned on.
  3. The control system according to claim 1 or 2, wherein the first security information (330) further includes a digital certificate, and in response to reception of a request for acquisition of data stored in the slave unit (200) from the external device (500) configured to be communicable with the slave unit (200), the slave unit (200) sends the digital certificate stored in the volatile memory (206) to the external device (500).
  4. The control system according to claim 1, wherein the master unit (300) is configured to receive the second security information (230) from the slave unit (200) at the predetermined timing and store the second security information (230) in the volatile memory (306) of the master unit (300).
  5. The control system according to any one of claims 1 to 4, wherein the slave unit (200) comprises a control unit (100) that controls a drive device.
  6. A control method of a control system (2) including a plurality of units, the plurality of units comprising a master unit (300) connected to an internal bus (10), and a slave unit (200) connected to the internal bus (10) and configured to communicate with the master unit (300) via the internal bus (10), the control method comprising the steps of: storing, by the master unit (300), first security information (330) as information to be concealed in a nonvolatile memory (308) of the master unit (300), the first security information including at least account information of a user; receiving, by the slave unit (200), the first security information (330) from the master unit (300) at a predetermined timing; storing, by the slave unit (200), the first security information (330) received from the master unit (300) in a volatile memory (206) of the slave unit (200), in response to reception of a request for data access to the slave unit (200) from an external device (500) configured to be communicable with the slave unit (200), requesting, by the slave unit (200), the external device (500) to input account information, in a case where the account information input to the external device (500) is registered in the first security information (330) stored in the volatile memory (206), allowing, by the slave unit (200), data access to the slave unit (200) by the external device (500), storing, by the slave unit (200), second security information (230) as information to be concealed in a nonvolatile memory (208) of the slave unit (200), the second security information including at least one of account information of a user or a digital certificate, and in a case where there is conflicting information between information included in the first security information (330) and information included in the second security information (230), determining, by the slave unit (200), which of the conflicting information to prioritize in accordance with a predetermined rule.

Description

TECHNICAL FIELD The present disclosure relates to a technique for managing security information in a control system including a plurality of units. BACKGROUND ART At production sites using factory automation (FA), control units such as programmable logic controllers (PLCs) are used to control various devices. In recent years, control units that are connectable to external devices have become widespread. Regarding such a control unit, PTL 1 (Japanese Patent Laying-Open No. 2016-194808) discloses a PLC configured to access a database of an external device. EP3951629A1 discloses a control system and control method. US2015/046710A1 discloses industrial control system redundant communications/control modules authentication. EP3241304 discloses systems and methods of industrial network certificate recovery. DRIAS ZAKARYA ET AL: "Analysis of cyber security for industrial control systems", 2015 INTERNATIONAL CONFERENCE ON CYBER SECURITY OF SMART CITIES, INDUSTRIAL CONTROL SYSTEM AND COMMUNICATIONS (SSIC), IEEE, 5 August 2015, pages 1-8, discloses an analysis of cyber security for industrial control systems. JP2018128722A discloses a programmable logic controller. JP2010079354A discloses a distributed PLC system. CITATION LIST PATENT LITERATURE PTL 1: Japanese Patent Laying-Open No. 2016-194808 SUMMARY OF INVENTION The present invention is defined in the appended independent claims to which reference should be made. Advantageous features are set out in the appended dependent claims. TECHNICAL PROBLEM Various functional units may be connected to the control unit. Various applications can be installed in each functional unit. Users can add functional units and install applications as needed. Each functional unit is independent of other functional units, and it is necessary to manage information such as account information and digital certificates (hereinafter, also referred to as "security information") for each functional unit. Thus, with an increasing number of functional units, the user may set an easy password or forget the password, and management of security information becomes complicated. Therefore, a technique for centrally managing security information in a control system including a plurality of units is desired. SOLUTION TO PROBLEM In one example of the present disclosure, a control system as specified in claim 1 is provided. In the present disclosure, the slave unit stores security information received from the master unit in the volatile memory. As a result, the security information disappears from the master unit each time power supply to the control system is stopped. On the other hand, security information stored in the nonvolatile memory of the master unit does not disappear even when the power supply to the control system is stopped. As a result, the security information can be centrally managed. In one example of the present disclosure, the predetermined timing includes a timing at which power of the control system is turned on. In the present disclosure, the slave unit receives security information from the master unit each time the power of the control system is turned on, and thus the security information can be kept updated. In the present invention, the first security information includes account information of a user. In response to reception of a request for data access to the slave unit from an external device configured to be communicable with the slave unit, the slave unit requests the external device to input account information, and in a case where the account information input to the external device is registered in the first security information stored in the volatile memory, the slave unit allows data access to the slave unit by the external device. In the present disclosure, the slave unit can authenticate the user on the basis of the account information received from the master unit. In one example of the disclosure, the first security information includes a digital certificate. The first security information includes a digital certificate, and in response to reception of a request for acquisition of data stored in the slave unit from the external device configured to be communicable with the slave unit, the slave unit sends the digital certificate stored in the volatile memory to the external device. In the present disclosure, the slave unit can communicate with the external device on the basis of the digital certificate received from the master unit. In the present invention, the slave unit further includes a nonvolatile memory that stores second security information as information to be concealed. In a case where there is conflicting information between information included in the first security information and information included in the second security information, the slave unit determines which of the conflicting information to prioritize in accordance with a predetermined rule. The present disclosure resolves information conflict between the first security information and t