A safety communication method and system for a numerical control machine tool

By using a front-end processor and a network gateway to isolate the CNC programming device from the host in CNC machine tools, and by using virtual machine tools to simulate operation and modify timestamps, combined with identifier authentication, secure communication of CNC machine tools is achieved, eliminating the risk of virus and Trojan infection and improving the operational safety and communication stability of CNC machine tools.

CN122268619APending Publication Date: 2026-06-23BEIJING SECURITY UNION IT CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING SECURITY UNION IT CO LTD
Filing Date
2026-03-03
Publication Date
2026-06-23

Smart Images

  • Figure CN122268619A_ABST
    Figure CN122268619A_ABST
Patent Text Reader

Abstract

The application discloses a kind of safety communication method and system for numerical control machine tool, wherein the system includes front-end machine, net lock and server, numerical control programming equipment is connected with front-end machine and server communication respectively, and front-end machine is connected with server communication and is connected with numerical control machine tool host computer communication through net lock.The application uses front-end machine to carry out information security processing to numerical control machine tool file, avoids the numerical control machine tool file infected by Trojan and virus to enter numerical control machine tool host computer, simultaneously uses net lock and front-end machine to isolate numerical control machine tool host computer and numerical control programming equipment, avoids numerical control machine tool host computer to be infected by Trojan, virus from numerical control programming equipment, also can avoid numerical control machine tool host computer to be attacked by network attack through numerical control programming equipment, ensures the safe operation of numerical control machine tool.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of CNC machine tool technology. Specifically, it relates to a secure communication method and system for CNC machine tools. Background Technology

[0002] With the continuous development of information technology and the increasing demand for automated production, networking CNC machine tools has become commonplace. To fully leverage the efficiency of CNC programming and equipment, CNC programming and equipment control are typically separated. The CNC programming device and the CNC machine then interact via a network to improve equipment utilization. However, CNC programming devices are susceptible to malware and virus infections, as well as network attacks, which can lead to information leaks and tampering with the control commands of the CNC program. Therefore, it is crucial to eliminate risky CNC programs before they are input into the CNC machine tool host, making secure communication between the CNC programming device and the CNC machine tool host paramount. Summary of the Invention

[0003] Therefore, the technical problem to be solved by the present invention is to provide a secure communication method and system for CNC machine tools. This method utilizes a front-end processor to perform information security processing on CNC machine tool files, preventing files infected with Trojans and viruses from entering the CNC machine tool host. Simultaneously, a network gateway and the front-end processor isolate the CNC machine tool host from the CNC programming equipment, preventing the CNC machine tool host from being infected by Trojans and viruses originating from the CNC programming equipment. It also prevents the CNC machine tool host from being attacked through network attacks via the CNC programming equipment, ensuring the safe operation of the CNC machine tool.

[0004] To solve the above-mentioned technical problems, the present invention provides the following technical solution:

[0005] A secure communication method for CNC machine tools includes the following steps:

[0006] S1) Input the CNC machine tool file into the isolation partition of the front-end machine and use the data information security unit in the front-end machine to perform information security processing on the CNC machine tool file;

[0007] S2) Copy the CNC machine tool file, which has undergone information security processing, into three or more copies. Then, use a timestamp modification tool to modify the timestamps of the copies of the CNC machine tool file.

[0008] S3) Utilize the virtual machine tool within the isolation partition of the front-end machine to run the copy of the CNC machine tool file whose timestamp has been modified in step S2). If the copy of the CNC machine tool file whose timestamp has been modified runs normally and the running result meets the machining requirements, then the CNC machine tool file that has undergone information security processing is sent to the CNC machine tool host through the network gateway. Conversely, if the running result of the copy of the CNC machine tool file whose timestamp has been modified does not meet the machining requirements, then the CNC machine tool file that has undergone information security processing is discarded. If the virtual machine tool is infected when the copy of the CNC machine tool file whose timestamp has been modified is running, then the virtual machine tool and the corresponding copy of the CNC machine tool file are immediately discarded.

[0009] The aforementioned secure communication method for CNC machine tools assigns an identifier issued by the server to the CNC machine tool file using an identification module when generating the file. Before performing information security processing on the CNC machine tool file, the data information security unit compares the identifier read from the CNC machine tool file with the identifier in the mapping table issued by the server. If the identifier read from the CNC machine tool file is the same as the identifier in the mapping table issued by the server, the CNC machine tool file is processed for information security; otherwise, the CNC machine tool file is discarded.

[0010] In the aforementioned secure communication method for CNC machine tools, the identifier is generated by the server using the CNC machine tool document generation time and the device number used to generate the CNC machine tool document as input.

[0011] The aforementioned secure communication method for CNC machine tools assigns an identifier issued by the server to the CNC machine tool file using an identification module, and encapsulates the identifier in the data packet header of the CNC machine tool file; when comparing the identifier read from the CNC machine tool file with the identifier in the mapping table issued by the server, if the two identifiers are different, the corresponding data packet is discarded.

[0012] In the aforementioned secure communication method for CNC machine tools, the virtual machine tool in the isolation partition of the front-end machine is set in an isolation sub-partition within the isolation partition of the front-end machine. When the copy file of the CNC machine tool file whose timestamp is modified in step S2) is run using the virtual machine tool in the isolation partition of the front-end machine, the isolation sub-partition where the virtual machine tool is located is in an offline running state.

[0013] The aforementioned secure communication method for CNC machine tools modifies the timestamps of a copy of a CNC machine tool file using a timestamp modification tool according to the following strategy:

[0014] R1) When the number of copy files is less than or equal to 5, the time difference between the timestamps of two adjacent copy files after modification is greater than or equal to 7 days and less than or equal to 30 days.

[0015] R2) When the number of replica files is greater than or equal to 6, the time difference between the modified timestamps of two adjacent replica files satisfies the following formula:

[0016] ;

[0017] In the formula, Let i be the timestamp of the modified i-th copy file, where i is a natural number greater than 2; This is represented by the timestamp of the (i-1)th copy file after modification; This indicates rounding down to the nearest integer.

[0018] The above-mentioned secure communication method for CNC machine tools, in step S3), when using a virtual machine tool within the isolation partition of the front-end machine to run a copy of the CNC machine tool file whose timestamp was modified in step S2), is performed in the following manner:

[0019] After opening a copy of the CNC machine tool file with a modified timestamp using a virtual machine tool within the isolated partition of the front-end machine, the file is then run for a random duration. R Then, the operation is stopped, interrupted, or halted, and then resumed or the copy of the CNC machine tool file with the modified timestamp is reopened and run, and at least once the copy file is fully run.

[0020] The above-mentioned secure communication method for CNC machine tools has a random duration (Time). R The relationship between Time0 and the time required for the complete execution of a copy of the CNC machine tool file with modified timestamps is as follows:

[0021] Time R ≤0.75×Time0.

[0022] A system for communication using the above-mentioned secure communication method for CNC machine tools includes:

[0023] The front-end machine is used to perform information security verification processing on the files used by CNC machine tools. The front-end machine is equipped with an isolation area, which is further divided into isolation partitions. The isolation partitions include a data information security processing partition with a pre-set data information security unit, a data storage partition, a data information modification partition with a pre-set timestamp modification tool, and a virtual machine tool setting area with a pre-set virtual machine tool.

[0024] Network gateway, used by the front-end machine to transmit CNC machine tool files to the CNC machine tool host;

[0025] The front-end machine is connected to the CNC machine tool host via a network gateway; communication between isolated zones is unidirectional.

[0026] The aforementioned system also includes a server for providing identifiers.

[0027] The technical solution of the present invention achieves the following beneficial technical effects:

[0028] 1. This invention utilizes a front-end processor and a network gateway to isolate the CNC programming equipment (office network) from the CNC machine tool host. The front-end processor performs information security processing on CNC machine tool files, completing the detection and removal of Trojans and viruses in the CNC machine tool files and simulating their operation. This effectively blocks potentially risky CNC machine tool files from the CNC machine tool host as much as possible, thereby improving the operational safety of the CNC machine tool.

[0029] 2. Using identifiers to mark files for CNC machine tools improves the efficiency of data file screening and can also prevent antivirus software from missing infected files because a virus is not recorded in the virus database.

[0030] 3. By modifying the timestamps of CNC machine tool files, some dormant and hidden viruses are triggered, causing the virus to be activated and run when the CNC machine tool files are run, exposing its behavior and facilitating the investigation of CNC machine tool files infected by the virus.

[0031] 4. Running CNC machine tool files in a virtual machine within an isolated partition can effectively prevent virus-infected CNC machine tool files from infecting other areas of the front-end machine, thus effectively improving the operational safety of the front-end machine. Attached Figure Description

[0032] Figure 1 This is a schematic diagram illustrating the working principle of the safety communication system for CNC machine tools according to the present invention.

[0033] Figure 2 This is a flowchart illustrating secure communication for CNC machine tools in this invention. Detailed Implementation

[0034] The present invention will be further explained below with reference to examples.

[0035] like Figure 1 As shown, the CNC machine tool safety communication system of the present invention includes a front-end machine, a network gateway, and a server. The CNC programming device is connected to the front-end machine and the server for communication. The front-end machine is connected to the server for communication and to the CNC machine tool host through the network gateway.

[0036] The front-end processor is used to perform information security verification processing on CNC machine tool files. It includes an isolation zone, which further comprises isolation partitions. These partitions include a data security processing partition with a pre-installed data security unit, a data storage partition, a data modification partition with a pre-installed timestamp modification tool, and a virtual machine tool setting area with a pre-installed virtual machine tool. Communication between the isolation partitions is unidirectional to prevent virus activation and intrusion into the previous isolation partition. In this invention, the data storage partition is divided into multiple isolated storage areas, each used to store CNC machine tool files and their copies after processing at different stages, thus preventing virus activation from infecting other areas.

[0037] In this invention, a network gate can also be set at the information input end of the front-end machine, which allows information to be input into the front-end machine, but the front-end machine cannot input information into the host computer, thereby further improving the safety of CNC machine tool use.

[0038] The aforementioned secure communication system for CNC machine tools is used in the existing CNC machine tool control system. The front-end machine and the network gateway are connected to the CNC machine tool host, and then secure communication is achieved through the following steps:

[0039] S1) Input the CNC machine tool file into the isolation partition of the front-end machine and use the data information security unit in the front-end machine to perform information security processing on the CNC machine tool file;

[0040] S2) Copy the CNC machine tool file, which has undergone information security processing, into three or more copies. Then, use a timestamp modification tool to modify the timestamps of the copies of the CNC machine tool file.

[0041] S3) Utilize the virtual machine tool within the isolation partition of the front-end machine to run the copy of the CNC machine tool file whose timestamp has been modified in step S2). If the copy of the CNC machine tool file whose timestamp has been modified runs normally and the running result meets the machining requirements, then the CNC machine tool file that has undergone information security processing is sent to the CNC machine tool host through the network gateway. Conversely, if the running result of the copy of the CNC machine tool file whose timestamp has been modified does not meet the machining requirements, then the CNC machine tool file that has undergone information security processing is discarded. If the virtual machine tool is infected when the copy of the CNC machine tool file whose timestamp has been modified is running, then the virtual machine tool and the corresponding copy of the CNC machine tool file are immediately discarded.

[0042] In computer systems, some Trojans and viruses disguise themselves as certain files. When a user clicks to open these files, they are activated, infecting and damaging files inside the computer, thus causing unnecessary losses to the user. Therefore, in this invention, when generating CNC machine tool files, an identifier module is used to assign an identifier issued by the server to the CNC machine tool files. Specifically, when assigning the identifier to the CNC machine tool files using the identifier module, this identifier is encapsulated in the data packet header of the CNC machine tool files. Before performing information security processing on the CNC machine tool files, the data information security unit first compares the identifier read from the CNC machine tool files with the identifier in the mapping table issued by the server. If the identifier read from the CNC machine tool files is the same as the identifier in the mapping table issued by the server, the CNC machine tool files are processed for information security; otherwise, the CNC machine tool files are discarded. If the CNC machine tool files consist of multiple data packets, when comparing the identifier read from the CNC machine tool files with the identifier in the mapping table issued by the server, if the two identifiers are different, the corresponding data packets are discarded. The identifier is generated by the server using the CNC machine tool file generation time and the device number used to generate the CNC machine tool files as input.

[0043] By encapsulating identifiers in the header of data packets to identify whether data packets are safe, it is possible to quickly identify whether a file is a virus or a Trojan disguised as a file, thus reducing the number of files that need to be scanned for viruses and Trojans.

[0044] When using a virtual machine tool to simulate the operation of CNC machine tool files, the virtual machine tool settings are divided into multiple isolated sub-partitions. The virtual machine tool is then set within each isolated sub-partition, ensuring that any two isolated sub-partitions are mutually isolated. Simultaneously, when running a copy of the CNC machine tool file (with modified timestamps) using the virtual machine tool within the front-end machine's isolated partition, the isolated sub-partition containing that virtual machine tool is in an offline running state. This ensures that if a virus or Trojan is activated when the copy of the CNC machine tool file is run, it can only spread within the isolated sub-partition containing that virtual machine tool, effectively preventing the virus or Trojan from spreading outwards.

[0045] Some Trojans and viruses hide for a period of time before entering a pending or activated state to evade antivirus software detection. Therefore, this invention uses a timestamp modification tool to modify the timestamps of copies of CNC machine tool files. This is to prevent Trojans or viruses from misinterpreting the file timestamps and prematurely entering a pending or activated state, thus facilitating the identification and removal of viruses or Trojans hidden in CNC machine tool files. When modifying the timestamps of copies of CNC machine tool files using a timestamp modification tool, the following strategy is followed:

[0046] R1) When the number of copy files is less than or equal to 5, the time difference between the timestamps of two adjacent copy files after modification is greater than or equal to 7 days and less than or equal to 30 days.

[0047] R2) When the number of replica files is greater than or equal to 6, the time difference between the modified timestamps of two adjacent replica files satisfies the following formula:

[0048] ;

[0049] In the formula, Let i be the timestamp of the modified i-th copy file, where i is a natural number greater than 2; This is represented by the timestamp of the (i-1)th copy file after modification; This indicates rounding down to the nearest integer.

[0050] When modifying the timestamps of copies of CNC machine tool files, if there are many copies, the formula in Strategy R2 is used to modify the timestamps of copies of CNC machine tool files with adjacent numbers. This can be used to obtain the incubation period of latent viruses or Trojans, so as to add the characteristics of new latent viruses or Trojans to the data information security unit, thereby improving the efficiency of the data information security unit in detecting and killing viruses and Trojans.

[0051] Meanwhile, in step S3), when running a copy of the CNC machine tool file whose timestamp was modified in step S2) using a virtual machine tool within the isolation partition of the front-end machine, the following method is used:

[0052] After opening a copy of the CNC machine tool file with a modified timestamp using a virtual machine tool within the isolated partition of the front-end machine, the file is then run for a random duration. R The process is then paused, interrupted, or stopped, and then resumed or the copy of the CNC machine tool file with the modified timestamp is reopened and run, with at least one complete run of the copy file. The random duration is specified in the Time parameter. R The relationship between Time0 and the time required for the complete execution of a copy of the CNC machine tool file with modified timestamps is as follows:

[0053] Time R ≤0.75×Time0.

[0054] The present invention utilizes a virtual machine tool to run a copy of a CNC machine tool file with a modified timestamp. This method can be used to trigger latent viruses or Trojans, thereby detecting latent viruses or Trojans in the CNC machine tool file. It can also verify the stability of the CNC machine tool file operation.

[0055] This invention utilizes the setting of isolation partitions in the front-end machine and performs different data information processing in different isolation partitions. This not only effectively prevents viruses or Trojans from infecting files and infecting CNC programming equipment, CNC machine tool hosts, and other areas of the front-end machine, but also improves the communication security of transmitting CNC machine tool files from the host computer to the CNC machine tool host by modifying the timestamp of the copy file and using a stop-start mechanism during the execution of the copy file, as well as detecting the running stability of the CNC machine tool files. Furthermore, by utilizing the one-way transmission characteristic of the network gateway, it can prevent unauthorized access to the host computer through the CNC machine tool host.

[0056] Obviously, the above embodiments are merely illustrative examples for clear explanation and are not intended to limit the implementation. Those skilled in the art will recognize that other variations or modifications can be made based on the above description. It is neither necessary nor possible to exhaustively list all possible implementations here. However, obvious variations or modifications derived therefrom are still within the scope of protection of the claims of this patent application.

Claims

1. A secure communication method for CNC machine tools, characterized in that, Includes the following steps: S1) Input the CNC machine tool file into the isolation partition of the front-end machine and use the data information security unit in the front-end machine to perform information security processing on the CNC machine tool file; S2) Copy the CNC machine tool file, which has undergone information security processing, into three or more copies, and then use a timestamp modification tool to modify the timestamps of the copies of the CNC machine tool file; S3) Utilize the virtual machine tool within the isolation partition of the front-end machine to run the copy of the CNC machine tool file whose timestamp has been modified in step S2). If the copy of the CNC machine tool file whose timestamp has been modified runs normally and the running result meets the machining requirements, then the CNC machine tool file that has undergone information security processing is sent to the CNC machine tool host through the network gateway. Conversely, if the running result of the copy of the CNC machine tool file whose timestamp has been modified does not meet the machining requirements, then the CNC machine tool file that has undergone information security processing is discarded. If the virtual machine tool is infected when the copy of the CNC machine tool file whose timestamp has been modified is running, then the virtual machine tool and the corresponding copy of the CNC machine tool file are immediately discarded.

2. The secure communication method for CNC machine tools according to claim 1, characterized in that, When generating CNC machine tool files, the identification module assigns an identifier issued by the server to the CNC machine tool files. Before performing information security processing on the CNC machine tool files, the data information security unit compares the identifier read from the CNC machine tool files with the identifier in the mapping table issued by the server. If the identifier read from the CNC machine tool files is the same as the identifier in the mapping table issued by the server, the CNC machine tool files are processed for information security; otherwise, the CNC machine tool files are discarded.

3. The secure communication method for CNC machine tools according to claim 2, characterized in that, The identifier is generated by the server using the file generation time for CNC machine tools and the device number used to generate the file for CNC machine tools as input.

4. The secure communication method for CNC machine tools according to claim 2, characterized in that, When assigning an identifier issued by the server to a file for CNC machine tools using the identification module, the identifier is encapsulated in the header of the data packet in the file for CNC machine tools. When comparing the identifier read from the file for CNC machine tools with the identifier in the mapping table issued by the server, if the two identifiers are different, the corresponding data packet is discarded.

5. The secure communication method for CNC machine tools according to claim 1, characterized in that, The virtual machine tool in the front-end isolation partition is set in the isolation sub-partition of the front-end isolation partition, and when the copy file of the CNC machine tool file whose timestamp is modified in step S2) is run using the virtual machine tool in the front-end isolation partition, the isolation sub-partition where the virtual machine tool is located is in an offline running state.

6. The secure communication method for CNC machine tools according to claim 1, characterized in that, When modifying the timestamp of a copy of a file used for CNC machine tools using a timestamp modification tool, the following strategy should be followed: R1) When the number of copy files is less than or equal to 5, the time difference between the timestamps of two adjacent copy files after modification is greater than or equal to 7 days and less than or equal to 30 days. R2) When the number of replica files is greater than or equal to 6, the time difference between the modified timestamps of two adjacent replica files satisfies the following formula: ; In the formula, Let i be the timestamp of the modified i-th copy file, where i is a natural number greater than 2; This is represented by the timestamp of the (i-1)th copy file after modification; This indicates rounding down to the nearest integer.

7. The secure communication method for CNC machine tools according to claim 4, characterized in that, In step S3), when running a copy of the CNC machine tool file whose timestamp was modified in step S2) using a virtual machine tool within the isolation partition of the front-end machine, the following method is used: After opening a copy of the CNC machine tool file with a modified timestamp using a virtual machine tool within the isolated partition of the front-end machine, the file is then run for a random duration. R Then, the operation is stopped, interrupted, or halted, and then resumed or the copy of the CNC machine tool file with the modified timestamp is reopened and run, and at least once the copy file is fully run.

8. The secure communication method for CNC machine tools according to claim 7, characterized in that, Random duration Time R The relationship between Time0 and the time required for the complete execution of a copy of the CNC machine tool file with modified timestamps is as follows: Time R ≤0.75×Time0。 9. A system for communication using the secure communication method for CNC machine tools as described in claim 1, characterized in that, include: The front-end processor is used to perform information security verification processing on documents used in CNC machine tools; The front-end machine is equipped with an isolation zone, which is further divided into isolation partitions. The isolation partitions include a data security processing partition with a pre-installed data security unit, a data storage partition, a data modification partition with a pre-installed timestamp modification tool, and a virtual machine bed setting area with a pre-installed virtual machine bed. Network gateway, used by the front-end machine to transmit CNC machine tool files to the CNC machine tool host; The front-end machine is connected to the CNC machine tool host via a network gateway; communication between isolated zones is unidirectional.

10. The system according to claim 9, characterized in that, It also includes servers used to provide identifiers.