Control device for industrial machine
The control device for industrial machines optimizes encryption decisions based on security evaluation, reducing CPU load and improving communication speed by automatically determining secure communication paths.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- FANUC LTD
- Filing Date
- 2024-12-24
- Publication Date
- 2026-07-02
AI Technical Summary
Existing control devices for industrial machines require manual user judgment for encryption decisions, leading to unnecessary encryption that increases CPU load and decreases communication speed, especially when security risks are low.
A control device that determines the security level of communication paths based on preset or calculated safety evaluation values, automatically deciding whether to encrypt or communicate in plain text based on the security level, reducing CPU load and improving communication speed.
The control device reduces CPU load and enhances communication speed by optimizing encryption decisions based on the security level of the communication path without user intervention.
Smart Images

Figure JP2024045599_02072026_PF_FP_ABST
Abstract
Description
Control device for industrial machines
[0001] The present disclosure relates to a control device for industrial machines that communicates with external devices via a communication path.
[0002] In general, encryption of a communication path is a necessary measure for improving security. On the other hand, encryption increases the load on the CPU (Central Processing Unit) and decreases the communication speed. Therefore, when the risk of security infringement is low, it is useful to communicate in plain text. For example, when providing information requested by an information request to the information requester via a public network, the information is sent in an encrypted state. When providing the requested information to the information requester via a network that ensures confidentiality, a technique of sending the information in plain text is known. For example, see Patent Document 1. Conventionally, the application of encryption in the communication path between the control device of industrial machines and external devices has been selected fixedly or manually.
[0003] Japanese Patent Application Laid-Open No. 2000-138703
[0004] Until now, since the user judged the security risk and set it manually, the judgment was not appropriate, and there were cases where encrypted communication was performed unnecessarily, resulting in a decrease in the communication speed.
[0005] Therefore, it is desired to reduce the load on the CPU and improve the communication speed by communicating in plain text when the risk of security infringement is low according to the security level of the communication path without depending on the user's judgment.
[0006] One embodiment of a control device for industrial machinery according to the present disclosure is a control device for industrial machinery that connects to an external device via a communication channel, comprising: a communication unit for communicating with the external device; a communication channel determination unit that determines the security level of the communication channel based on a safety evaluation value obtained by acquiring or calculating a safety evaluation value of the communication channel based on a preset safety evaluation value or method for calculating a safety evaluation value of the communication channel, depending on the configuration of the communication channel between the control device and the external device; and an encryption determination unit that determines whether or not to encrypt based on the determined security level, wherein the communication unit performs the communication either encrypted or in plain text based on the determination.
[0007] This figure shows an example of the configuration of a machine tool according to the first embodiment. This is a flowchart explaining the communication processing of the control device. This figure shows an example of the configuration of a machine tool according to the second embodiment. This is a flowchart explaining the communication processing of the control device.
[0008] <First Embodiment> The control device for industrial machinery according to the first embodiment will be described in detail below with reference to the figures. First, an outline of this embodiment will be given. In this embodiment, the control device for industrial machinery determines the security level of the communication path based on a preset security evaluation value of the communication path, depending on the configuration of the communication path with an external device, determines whether to encrypt the communication based on the determined security level, and performs communication in either encrypted or plain text based on the determination result. Thus, according to this embodiment, without requiring user judgment, when the risk of security breach is low, communication is performed in plain text depending on the security level of the communication path, thereby reducing the CPU load and improving the communication speed. The above is an outline of this embodiment.
[0009] Figure 1 shows an example of the configuration of a machine tool according to the first embodiment. Here, the machine tool controlled by the control device is an industrial machine, and the display device that displays data such as machine tool commands output from the control device is an external device. The present invention is also applicable to robots and the like as industrial machines, and to peripheral devices such as robots and conveyors that cooperate with industrial machines as external devices. As shown in Figure 1, the machine tool 1 has a control device 10 and an external device 20. The control device 10 and the external device 20 may be directly connected to each other by a cable (communication path) via a connection interface (not shown). Although the external device 20 is shown as a separate device from the control device 10, it may be included in the control device 10.
[0010] External device 20 is, for example, a display device such as a liquid crystal display, and displays screens for setup operations for the machine tool 1, and screens for data such as commands to the machine tool 1 output by the control device 10 when it executes a machining program. External device 20 has a processor such as a CPU that controls the entire external device 20. If the command data received from the control device 10 is in plain text, the processor displays the received command data on external device 20. On the other hand, if the command data received from the control device 10 is encrypted, the processor decrypts the received command data and displays it on external device 20.
[0011] The control device 10 is, for example, a numerical control device known to those skilled in the art, which generates commands based on a machining program acquired from a CAD / CAM device (not shown) and outputs the generated commands to the machine tool 1. In this way, the control device 10 controls the operation of the machine tool 1. The control device 10 may also output and display the generated commands to an external device 20. If the industrial machine is a robot, the control device 10 may be a robot control device or the like. The control device 10 is configured, for example, as shown in Figure 1, to include a communication unit 110, a communication path determination unit 111, an encryption determination unit 112, and a device configuration storage unit 120. The control device 10 includes, for example, a CPU or other arithmetic processing unit (not shown) to realize the operation of the functional blocks shown in Figure 1. Furthermore, the control device 10 stores various control programs and includes a ROM (Read Only Memory) including the device configuration storage unit 120, auxiliary storage devices (not shown) such as an SSD (Solid State Drive) and an HDD (Hard Disk Drive), and a main memory (not shown) such as a RAM (Random Access Memory) for storing data temporarily required for the arithmetic processing unit to execute programs.
[0012] Then, in the control device 10, the arithmetic processing unit reads the OS and application software from the auxiliary storage device, and while expanding the read OS and application software into the main memory, performs arithmetic processing based on these OS and application software. Based on the results of this calculation, the control device 10 controls each piece of hardware. In this way, the processing by the functional block in Figure 1 is realized. In other words, the control device 10 can be realized through the cooperation of hardware and software.
[0013] The device configuration storage unit 120 has pre-set and registered safety evaluation values for each communication path, depending on the configuration of the communication path between the control device 10 and each external device, including the external device 20. Specifically, as shown in Figure 1, if the communication path between the control device 10 and the external device 20 is within the housing of the machine tool 1, the communication between the control device 10 and the external device 20 is internal communication, so "100" is set and registered as the safety evaluation value for that communication path. Even if the external device 20 is included in the control device 10, the configuration of the communication path is equivalent to internal communication, so "100" may be set and registered as the safety evaluation value in the device configuration storage unit 120. Furthermore, if the external device 20 is a device different from the machine tool 1 and is directly connected to the control device 10 via the communication unit 110 described later, the device configuration storage unit 120 may set and register "80" as the safety evaluation value for the communication path between the control device 10 and the external device 20. The safety evaluation value may be set in the range of "0" to "100" depending on the communication channel configuration, or it may be set in an arbitrary range of values such as "0" to "1". In addition, although the equipment configuration storage unit 120 is included in the control device 10, as will be described later, it may also be included in the control device 10 as an equipment configuration DB such as a data server, or it may be located outside the machine tool 1 and connected via the communication unit 110 of the control device 10.
[0014] The communication unit 110 is, for example, a known input / output interface, and communicates with each external device, including the external device 20, via a communication path. If the encryption determination unit 112, described later, determines that the communication path with the external device 20 is not secure, the communication unit 110 encrypts the data such as commands that the control device 10 outputs to the external device 20 and communicates with the external device 20. If the encryption determination unit 112 determines that the communication path with the external device 20 is secure, the communication unit 110 communicates the data such as commands that the control device 10 outputs to the external device 20 in plain text.
[0015] The communication path determination unit 111 obtains a safety evaluation value for the communication path by referring to, for example, the equipment configuration storage unit 120, and determines the safety level of the communication path based on the obtained safety evaluation value. Specifically, the communication path determination unit 111 obtains a safety evaluation value for the communication path between the control device 10 and the external device 20 by referring to, for example, the equipment configuration storage unit 120. If the safety evaluation value is "80" or higher, the communication path determination unit 111 determines that the communication path between the control device 10 and the external device 20 is safe. The safety level may be pre-set and registered in the equipment configuration storage unit 120 based on the safety evaluation value. On the other hand, if the safety evaluation value is less than "80", the communication path determination unit 111 determines that the communication path between the control device 10 and the external device 20 is not safe. In addition, the communication path determination unit 111 has a safety evaluation value of "80" set as a threshold for determining whether or not the communication path is safe. However, this value may be set appropriately depending on the environment in which the machine tool 1 is installed and the configuration of the communication path between the control device 10 and the external device 20.
[0016] The encryption determination unit 112 determines whether to encrypt the communication based on the security level determined by the communication channel determination unit 111. Specifically, for example, if the encryption determination unit 112 determines that the communication channel is secure, it determines that communication between the control device 10 and the external device 20 will be conducted in plain text. On the other hand, if the encryption determination unit 112 determines that the communication channel is not secure, it determines that communication between the control device 10 and the external device 20 will be conducted using encryption. The encryption determination unit 112 may, for example, select stronger encrypted communication for communication channels with lower security evaluation values and weaker encrypted communication for communication channels with higher security evaluation values when it determines that the communication channel is not secure. That is, for example, the encryption determination unit 112 may select weaker encrypted communication when the security evaluation value is "60" or more and less than "80", and select stronger encrypted communication when the security evaluation value is less than "60". By doing so, the control device 10 can reduce the CPU load and improve the communication speed by performing security communication according to the safety evaluation value.
[0017] <Communication Processing of Control Device 10> Next, the flow of communication processing of the control device 10 will be explained with reference to Figure 2. Figure 2 is a flowchart explaining the communication processing of the control device 10.
[0018] In step S11, the communication path determination unit 111 refers to the equipment configuration storage unit 120 to obtain a safety evaluation value for the communication path between the control device 10 and the external device 20.
[0019] In step S12, the communication path determination unit 111 determines whether the communication path between the control device 10 and the external device 20 is safe or unsafe based on the safety evaluation value obtained in step S11. If the communication path is determined to be safe, the process proceeds to step S13. On the other hand, if the communication path is determined to be unsafe, the process proceeds to step S14.
[0020] In step S13, the communication unit 110 communicates between the control device 10 and the external device 20 in plain text.
[0021] In step S14, the communication unit 110 encrypts the communication between the control device 10 and the external device 20.
[0022] As described above, the control device 10 for industrial machinery according to the first embodiment can reduce the CPU load and improve the communication speed by communicating in plain text when the risk of security breach is low, without requiring user judgment, depending on the security level of the communication channel. The first embodiment has now been described.
[0023] <Second Embodiment> Next, a second embodiment will be described. The first and second embodiments are similar in that the control device for industrial machinery determines the security level of the communication path based on a security evaluation value corresponding to the configuration of the communication path with external equipment, determines whether to encrypt based on the determined security level, and performs communication in either encrypted or plain text based on the determination result. However, in the first embodiment, the control device 10 for industrial machinery determined the security level of the communication path based on a security evaluation value of the communication path that was pre-set in the equipment configuration storage unit 120. In contrast, the second embodiment differs from the first embodiment in that the control device 10A for industrial machinery determines the security level of the communication path based on a security evaluation value obtained by calculating the security evaluation value of the communication path based on a method for calculating the security evaluation value of the communication path that was pre-set in the equipment configuration storage unit 120. As a result, according to the second embodiment, the control device 10A for industrial machinery can reduce the CPU load and improve the communication speed by communicating in plain text when the risk of security breach is low, without requiring user judgment, depending on the security level of the communication path. The second embodiment will be described below.
[0024] Figure 3 shows an example of the configuration of a machine tool 1A according to the second embodiment. Elements having the same functions as those of the machine tool 1 in Figure 1 are denoted by the same reference numerals, and detailed explanations are omitted. As shown in Figure 3, the machine tool 1A includes a control device 10A and an external device 20. The control device 10A and the external device 20 may be directly connected to each other by a cable (communication path) via a connection interface (not shown). The external device 20 has the same functions as the external device 20 of the first embodiment.
[0025] The control device 10A is a numerical control device known to those skilled in the art, similar to the control device 10 of the first embodiment. It generates commands based on a machining program acquired from a CAD / CAM device (not shown) and outputs the generated commands to the machine tool 1A. In this way, the control device 10A controls the operation of the machine tool 1A. The control device 10A may also output and display the generated commands to an external device 20. If the industrial machine is a robot, the control device 10A may be a robot control device or the like. The control device 10A is configured to include, for example, a communication unit 110a, a communication path determination unit 111a, an encryption determination unit 112, and a device configuration storage unit 120a, as shown in Figure 3. The control device 10A includes, for example, a arithmetic processing unit (not shown), such as a CPU, to realize the operation of the functional block shown in Figure 3. Furthermore, the control device 10A stores various control programs and includes a ROM containing the device configuration storage unit 120a, auxiliary storage devices such as SSDs and HDDs (not shown), and main memory devices such as RAM for storing data temporarily required for the arithmetic processing unit to execute programs (not shown).
[0026] Then, in the control device 10A, the arithmetic processing unit reads the OS and application software from the auxiliary storage device, and while expanding the read OS and application software into the main storage device, performs arithmetic processing based on these OS and application software. Based on the results of this calculation, the control device 10A controls each piece of hardware. This realizes the processing by the functional block in Figure 3. In other words, the control device 10A can be realized through the cooperation of hardware and software. The encryption determination unit 112 has the same function as the encryption determination unit 112 of the first embodiment.
[0027] The device configuration storage unit 120a has pre-set and registered safety evaluation values and methods for calculating safety evaluation values for each communication path, depending on the configuration of the communication path between the control device 10A and each external device, including the external device 20. Specifically, for example, in the device configuration storage unit 120a, as in the first embodiment, if the configuration of the communication path between the control device 10A and the external device 20 is within the housing of the machine tool 1, the communication between the control device 10A and the external device 20 is internal communication, so "100" is pre-set and registered as the safety evaluation value for the communication path. Even if the external device 20 is included in the control device 10A, the configuration of the communication path is equivalent to internal communication, so "100" may be set as the safety evaluation value and registered in the device configuration storage unit 120a. Furthermore, if the external device 20 is a device different from the machine tool 1 and is directly connected to the control device 10A via the communication unit 110, "80" may be set and registered as the safety evaluation value for the communication path between the control device 10A and the external device 20 in the device configuration storage unit 120a.
[0028] Furthermore, the device configuration storage unit 120a may have pre-registered methods for calculating the safety evaluation value of the communication path between the control device 10A and the external device 20. Specifically, a method for calculating the safety evaluation value of a communication path may be registered in the device configuration storage unit 120a, in which, if at least one of the noise or latency of the communication path between the control device 10A and the external device 20 is below a predetermined threshold, the safety evaluation value of the communication path is set to the safety evaluation value of internal communication (i.e., "100", etc.). Alternatively, a method for calculating the safety evaluation value of a communication path may be registered in the device configuration storage unit 120a, in which, when the external device 20 and the control device 10A are directly connected, the safety evaluation value is set to "80", and when an intermediate device (not shown) is included in the communication path of the network configuration between the control device 10A and the external device 20, the safety evaluation value of the communication path is set to a value obtained by subtracting a pre-set value (e.g., "10", etc.) and the number of intermediate devices from the safety evaluation value "80".
[0029] Although the equipment configuration storage unit 120a is included in the control device 10A, as will be described later, it may also be included in the control device 10A as an equipment configuration DB such as a data server, or it may be located outside the machine tool 1A and connected via the communication unit 110 of the control device 10A.
[0030] The communication unit 110a is, for example, a known input / output interface, similar to the communication unit 110 in the first embodiment, and communicates with each external device, including the external device 20, via a communication path. The communication unit 110a outputs information about the communication path from the external device 20, etc., to the communication path determination unit 111a, which will be described later. Furthermore, if the encryption determination unit 112 determines that the communication path with the external device 20 is not secure, the communication unit 110a encrypts the data such as commands that the control device 10A outputs to the external device 20 and communicates with the external device 20. Furthermore, if the encryption determination unit 112 determines that the communication path with the external device 20 is secure, the communication unit 110a communicates the data such as commands that the control device 10A outputs to the external device 20 in plain text with the external device 20.
[0031] The communication path determination unit 111a, for example, refers to the equipment configuration storage unit 120a to obtain a safety evaluation value for the communication path or calculates a safety evaluation value for the communication path based on a method for calculating safety evaluation values, and determines the safety level of the communication path. Specifically, the communication path determination unit 111a analyzes the communication between the control device 10A and the external device 20 and measures at least one of noise or latency in the communication path. The communication path determination unit 111a determines whether the measured value is below a predetermined threshold. If the measured value is below the predetermined threshold, the communication path determination unit 111a sets the safety evaluation value of the communication path between the control device 10A and the external device 20 to a safety evaluation value corresponding to the internal communication of the machine tool 1A (or control device 10A), i.e., "100". It is preferable that the predetermined threshold is set appropriately according to the environment in which the machine tool 1A is installed and the configuration of the communication path between the control device 10A and the external device 20.
[0032] On the other hand, if the measured value is greater than a predetermined threshold, the communication path determination unit 111a sets the safety evaluation value to "80" if the external device 20 and the control device 10A are directly connected. The communication path determination unit 111a then analyzes the communication between the control device 10A and the external device 20 using, for example, SNMP (Simple Network Management Protocol). The communication path determination unit 111a uses SNMP to determine whether or not an intermediate device (not shown), such as a hub or router, is included in the communication path of the network configuration between the control device 10A and the external device 20. If the communication path determination unit 111a determines that an intermediate device is included, it calculates the safety evaluation value of the communication path registered in the equipment configuration storage unit 120a using the following formula (1): Subtract a preset value from the safety evaluation value "80" for the case where the control device 10A and the external device 20 are directly connected, according to the number of intermediate device stages n, to obtain the safety evaluation value SV of the communication path (n is an integer of 0 or more). SV = 80 - 10 * n ... (1) Here, the preset value is set to "10", but it is preferable to set it appropriately according to the environment in which the machine tool 1A is installed and the configuration of the communication path between the control device 10A and the external device 20.
[0033] The communication path determination unit 111a may, instead of SNMP, determine whether the control device 10A and the external device 20 are directly connected based on the signal characteristics of the physical layer. Furthermore, even if the communication path between the control device 10A and the external device 20 is not internal communication, if the communication path is completely enclosed within the machine tool 1A, the communication path determination unit 111a may add, for example, "10" to the safety evaluation value SV using equation (2). SV = SV + 10 ... (2) However, although the value added in equation (2) is "10", it is preferable to set it appropriately depending on the environment in which the machine tool 1A is installed and the configuration of the communication path between the control device 10A and the external device 20. This process may also be implemented by pre-registering the fact that it is enclosed within the machine tool 1A in the equipment configuration storage unit 120a, and the communication path determination unit 111a searching for it.
[0034] <Communication Processing of Control Device 10A> Next, the flow of communication processing of the control device 10A will be explained with reference to Figure 4. Figure 4 is a flowchart explaining the communication processing of the control device 10A. The processing in steps S29 and S30 is the same as the processing in steps S13 and S14 in Figure 2, so the explanation will be omitted.
[0035] In step S21, the communication channel determination unit 111a measures at least one of noise or latency in the communication channel.
[0036] In step S22, the communication channel determination unit 111a determines whether the communication channel is an internal communication channel by determining whether the value measured in step S21 is below a predetermined threshold. If the measured value is below the predetermined threshold, the communication channel determination unit 111a determines that the communication channel is an internal communication channel, and the process proceeds to step S23. On the other hand, if the measured value is greater than the predetermined threshold, the communication channel determination unit 111a determines that the control device 10A and the external device 20 are directly connected, and the process proceeds to step S24.
[0037] In step S23, the communication path determination unit 111a sets the safety evaluation value SV of the communication path between the control device 10A and the external device 20 to "100".
[0038] In step S24, the communication path determination unit 111a sets the safety evaluation value SV of the communication path between the control device 10A and the external device 20 to "80".
[0039] In step S25, if the communication path determination unit 111a determines by SNMP that an intermediate device such as a hub or router is included in the communication path of the network configuration between the control device 10A and the external device 20, it calculates the communication path safety evaluation value SV using formula (1) by subtracting a preset value "10" and the number of intermediate devices n from the safety evaluation value SV when the control device 10A and the external device 20 are directly connected.
[0040] In step S26, the communication path determination unit 111a determines whether the communication path between the control device 10A and the external device 20 is in-machine communication where the communication path is completely closed within the machine tool 1A, even if it is not internal communication. In the case of in-machine communication, the process proceeds to step S27. On the other hand, if it is not in-machine communication, the process proceeds to step S28.
[0041] In step S27, since the communication path between the control device 10A and the external device 20 is in-machine communication, the communication path determination unit 111a adds "10" to the safety evaluation value SV using equation (2).
[0042] In step S28, the communication path determination unit 111a determines whether the safety evaluation value SV is 80 or more. If the safety evaluation value SV is 80 or more, the process proceeds to step S29. On the other hand, if the safety evaluation value SV is less than 80, the process proceeds to step S30.
[0043] As described above, the control device 10A of the industrial machine according to the second embodiment can reduce the load on the CPU and improve the communication speed by communicating in plain text when the risk of security infringement is low according to the safety level of the communication path, without the user's judgment. The second embodiment has been described above.
[0044] As described in the first embodiment and the second embodiment above, the control devices 10 and 10A of the industrial machines of the present disclosure can reduce the load on the CPU and improve the communication speed by communicating in plain text when the risk of security infringement is low according to the safety level of the communication path, without the user's judgment.
[0045] <Modification Example 1> In the first embodiment and the second embodiment, the external device 20 is included in the machine tool 1 and 1A, but is not limited thereto. For example, the external device 20 may be arranged outside the machine tool 1 and 1A and connected via the communication unit 110 of the control devices 10 and 10A.
[0046] <Modified Example 2> Also, for example, in the above-described embodiment, the device configuration storage units 120 and 120a are included in the control devices 10 and 10A, but are not limited thereto. For example, the device configuration storage units 120 and 120a may be included in the control devices 10 and 10A as a device configuration DB such as a data server, or may be arranged outside the machine tools 1 and 1A and connected via the communication units 110 of the control devices 10 and 10A.
[0047] Each function included in the control devices 10 and 10A of the industrial machine in the first embodiment and the second embodiment can be realized by hardware, software, or a combination thereof. Here, being realized by software means being realized by a computer reading and executing a program.
[0048] The program can be stored using various types of non-transitory computer-readable media and supplied to the computer. Non-transitory computer-readable media include various types of tangible recording media. Examples of non-transitory computer-readable media include magnetic recording media (e.g., flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (e.g., magneto-optical disks), CD-ROM (Read Only Memory), CD-R, CD-R / W, semiconductor memories (e.g., mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM). Also, the program may be supplied to the computer by various types of transitory computer-readable media. Examples of transitory computer-readable media include electrical signals, optical signals, and electromagnetic waves. The transitory computer-readable media can supply the program to the computer via wired communication paths such as electric wires and optical fibers, or wireless communication paths.
[0049] Furthermore, the step of executing the program recorded on the recording medium includes not only processes that are performed chronologically in that order, but also processes that are not necessarily performed chronologically, but are executed in parallel or individually. In addition, the step of writing the program may be performed using cloud computing.
[0050] While this disclosure has been described in detail, it is not limited to the individual embodiments described above. These embodiments can be added, replaced, modified, partially deleted, etc., in any way that does not depart from the gist of this disclosure or from the spirit of this disclosure derived from the claims and their equivalents. Furthermore, these embodiments can be implemented in combination. For example, the order of operations and processes in the embodiments described above are shown as examples only and are not limited thereto. The same applies when numerical values or mathematical formulas are used in the description of the embodiments described above.
[0051] The following additional information is disclosed regarding the above embodiments and modifications. (Addendum 1) The control device (10) for industrial machinery is connected to an external device (20) via a communication path and includes a communication unit (110) for communicating with the external device (20), a communication path determination unit (111) which determines the security level of the communication path based on a safety evaluation value obtained by acquiring or calculating a safety evaluation value of the communication path based on a preset safety evaluation value of the communication path or a method for calculating a safety evaluation value, depending on the configuration of the communication path between the control device (10) and the external device (20), and an encryption determination unit (112) which determines whether or not to encrypt based on the determined security level, and the communication unit (110) performs communication in either encrypted or plaintext form based on the determination. (Note 2) In the control device (10) of the industrial machine described in Note 1, a device configuration storage unit (120) is provided in which a preset safety evaluation value for the communication path or a method for calculating the safety evaluation value is registered, depending on the configuration of the communication path between the control device (10) and the external device (20). The communication path determination unit (111) refers to the device configuration storage unit (120) to obtain the safety evaluation value for the communication path or calculate the safety evaluation value for the communication path based on the method for calculating the safety evaluation value to determine the safety level of the communication path. (Note 3) In the control device (10A) of the industrial machine described in Note 1 or Note 2, as a method for calculating the safety evaluation value for the communication path, when at least one of the noise or latency of the communication path between the control device (10A) and the external device (20) is below a predetermined threshold, the safety evaluation value for the communication path is set to the safety evaluation value corresponding to the internal communication of the control device (10A). (Note 4) In the control device (10A) of any of the industrial machines described in Notes 1 to 3, when an intermediate device is included in the communication path of the network configuration between the control device (10A) and the external device (20), the safety evaluation value of the communication path is obtained by subtracting a predetermined value according to the number of intermediate devices from the safety evaluation value when the external device (20) and the control device (10A) are directly connected. (Note 5) In the control devices (10, 10A) of any of the industrial machines described in Notes 1 to 4, the safety level is determined to be safe if the safety evaluation value is equal to or greater than a predetermined threshold, and unsafe if the safety evaluation value is less than a predetermined threshold.(Note 6) In the control device (10, 10A) of the industrial machine described in Note 5, the encryption determination unit (112) determines that a communication channel is not secure, and selects strong encrypted communication for the communication channel with a lower security evaluation value, and weak encrypted communication for the communication channel with a higher security evaluation value. (Note 7) In any of the control devices (10, 10A) of the industrial machine described in Notes 1 to 6, the external device (20) is a display device that displays information related to the control device (10, 10A).
[0052] 1, 1A Machine tool 10, 10A Control device 110 Communication unit 111, 111a Communication path determination unit 112 Encryption determination unit 120, 120a Equipment configuration storage unit 20 External equipment
Claims
1. A control device for an industrial machine that connects to an external device via a communication channel, comprising: a communication unit for communicating with the external device; a communication channel determination unit that determines the security level of the communication channel based on a safety evaluation value obtained by acquiring or calculating a safety evaluation value of the communication channel based on a preset safety evaluation value or method for calculating a safety evaluation value of the communication channel, depending on the configuration of the communication channel between the control device and the external device; and an encryption determination unit that determines whether or not to encrypt based on the determined security level, wherein the communication unit performs the communication in either encrypted or plaintext form based on the determination.
2. The control device for an industrial machine according to claim 1, comprising a device configuration storage unit in which a preset safety evaluation value for a communication path or a method for calculating the safety evaluation value for a communication path is registered according to the configuration of the communication path between the control device and the external device, wherein the communication path determination unit refers to the device configuration storage unit to obtain the safety evaluation value for the communication path or calculates the safety evaluation value for the communication path based on the method for calculating the safety evaluation value to determine the safety level of the communication path.
3. A control device for an industrial machine according to claim 1 or 2, wherein, as a method for calculating the safety evaluation value of the communication channel, when at least one of the noise or latency of the communication channel between the control device and the external device is below a predetermined threshold, the safety evaluation value of the communication channel is set to a safety evaluation value corresponding to the internal communication of the control device.
4. A control device for an industrial machine according to any one of claims 1 to 3, wherein, as a method for calculating the safety evaluation value of the communication path, when an intermediate device is included in the communication path of the network configuration between the control device and the external device, the safety evaluation value of the communication path is obtained by subtracting a predetermined value according to the number of intermediate devices from the safety evaluation value when the external device and the control device are directly connected.
5. The control device for an industrial machine according to any one of claims 1 to 4, wherein the communication channel determination unit determines the degree of safety if the safety evaluation value is equal to or greater than a preset threshold, and determines that the system is not safe if the safety evaluation value is less than a preset threshold.
6. The control device for an industrial machine according to claim 5, wherein, when the encryption determination unit determines that the communication channel is not secure, it selects strong encrypted communication for the communication channel with a lower security evaluation value and weak encrypted communication for the communication channel with a higher security evaluation value.
7. The control device for an industrial machine according to any one of claims 1 to 6, wherein the external device is a display device that displays information relating to the control device.