Control device and computer-readable recording medium
The control device automates the verification of passwords within setting change warning data files, addressing the challenge of manual input and enabling efficient, automated batch setting of target data in industrial machines.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- FANUC LTD
- Filing Date
- 2025-01-07
- Publication Date
- 2026-07-16
AI Technical Summary
Existing control devices for industrial machines face challenges in automating the batch setting of setting change warnings due to the need for manual password entry, hindering efficient automation of setting changes.
A control device with a data file acquisition, analysis, and authentication system that automates the verification of passwords within setting change warning data files, enabling automated batch setting of target data without manual intervention.
Enables efficient and automated batch setting of setting change warnings, reducing user effort and enhancing security by eliminating the need for manual password input.
Smart Images

Figure JP2025000234_16072026_PF_FP_ABST
Abstract
Description
Control Device and Computer-Readable Recording Medium
[0001] The present disclosure relates to a control device and a computer-readable recording medium.
[0002] Control devices that control industrial machines such as robots and machine tools installed at manufacturing sites protect parameters, ladder programs, and C language executor programs related to control (hereinafter referred to as "target data") and have a setting change warning function for detecting unauthorized changes to them. In the setting change warning function, for each target data on the setting screen, settings such as "whether to perform change monitoring", "whether to output an alarm when a change is detected", and "whether to display a check code on the screen" can be changed. When changing important settings in such a control device, it is necessary to manually enter a password to解除 the prohibition of setting operations on the setting screen for security reasons (for example, Patent Document 1, etc.). The解除 of the operation prohibition by this password is performed for each target data.
[0003] When making settings related to target data using the setting change warning function, a setting change warning data file can be used. The setting change warning data file is a file in which values related to each setting item are described for each target data. For example, when mass-producing machines at a machine manufacturer, the settings of the setting change warning function can be made by file input using the setting change warning data file.
[0004] Japanese Unexamined Patent Application Publication No. 2021-081947
[0005] When making a setting change related to the setting change warning function for the control device, it is necessary to manually enter a password on the setting screen of the control device to解除 the prohibition of setting operations and then read the setting change warning data file. Therefore, for example, even if an external application or the like is used to read the setting change warning data file from a management server or the like for each of a plurality of control devices and enable automatic batch setting, the input of the password becomes a bottleneck and automation is difficult. At the production site, a mechanism for easily performing batch setting of the setting change warning function is desired.
[0006] The control device disclosed herein solves the above problem by verifying the password of each target data using the password written in the setting change warning data file, thereby enabling the input of setting data.
[0007] One aspect of the present disclosure is a control device comprising: a data file acquisition unit that acquires at least one data file; a data file analysis unit that analyzes the data file; a target data determination unit that determines at least one type of target data to be set based on the results of the analysis; an authentication unit that performs authentication for each of the target data using authentication information contained in the data file based on the results of the analysis; a release state setting unit that enables the release of the setting change prohibition related to the type of target data for the type of target data for which the authentication has been successful; a target data setting unit that performs settings related to the type of target data for which the release of the setting change prohibition is effective based on the results of the analysis; and a release state reset unit that disables the release of the setting change prohibition related to the type of target data when a predetermined condition is met.
[0008] This is a schematic hardware configuration diagram of the control device according to the first embodiment. This is a block diagram showing the schematic functions of the control device according to the first embodiment. This is a schematic diagram showing an example of the format of a data file. This is a schematic diagram showing an example of a data file containing specific values. This is a block diagram showing the schematic functions of the control device according to the second embodiment. This is a block diagram showing the schematic functions of the control device according to the third embodiment.
[0009] The embodiments of this disclosure will be described below with reference to the drawings. [First Embodiment] Figure 1 is a schematic hardware configuration diagram showing the main parts of a control device according to one embodiment of this disclosure. The control device 1 of this disclosure can be implemented as a control device for controlling industrial machinery such as machine tools and robots.
[0010] The CPU 11 in the control device 1 of this disclosure is a processor that controls the control device 1 as a whole. The CPU 11 reads a system program stored in the ROM 12 via the bus 22 and controls the entire control device 1 according to the system program. The RAM 13 temporarily stores temporary calculation data, display data, and various data input from external sources.
[0011] The non-volatile memory 14 is composed of, for example, a memory backed up by a battery (not shown) or an SSD (Solid State Drive), and its stored state is maintained even when the power to the control device 1 is turned off. The non-volatile memory 14 stores control programs and data read from an external device 72 via the interface 15, data and control programs input via the input device 71, and various data acquired from the industrial machine 3. The control programs and data stored in the non-volatile memory 14 may be expanded into the RAM 13 when executed or used. In addition, various system programs, such as known analysis programs, are pre-written in the ROM 12.
[0012] Interface 15 is an interface for connecting the CPU 11 of the control device 1 to an external device 72 such as a USB memory, CompactFlash®, or SD card. The external device 72 can read control programs and various data used to control the industrial machine 3, for example. Control programs and various data edited within the control device 1 can also be stored in the external device 72. The PLC (Programmable Logic Controller) 16 controls the industrial machine 3 and its peripheral devices (for example, tool changers, actuators such as robots, sensors attached to the industrial machine 3, etc.) by outputting signals via the I / O unit 17 according to the sequence program built into the control device 1. The PLC 16 also receives signals from various switches on the control panel and peripheral devices located on the main body of the industrial machine 3, performs the necessary signal processing, and then passes the signals to the CPU 11.
[0013] The display device 70 displays data loaded into memory, data obtained as a result of the execution of control programs and system programs, etc., which are output via the interface 18. In addition, the input device 71, which consists of a keyboard and a pointing device, transmits commands and data based on the operator's operations to the CPU 11 via the interface 19.
[0014] Interface 20 is an interface for connecting the CPU 11 of the control device 1 to a wired or wireless network 5. The network 5 may communicate using technologies such as serial communication (RS-485, for example), Ethernet® communication, optical communication, wireless LAN, Wi-Fi®, Bluetooth®, etc. At least one computer 4, fog computer 6, cloud server 7, etc. are connected to the network 5 and exchange data with the control device 1.
[0015] The axis control circuit 30, which controls the drive shafts of the industrial machine 3, receives a position command for the drive shaft from the CPU 11 and outputs a command for the drive shaft to the servo amplifier 40. The servo amplifier 40 receives this command and drives the servo motor 50, which is the drive shaft, to move each part of the industrial machine 3 along its respective axis. Each servo motor 50 has a built-in position sensor and feeds back the position feedback signal from this position sensor to the axis control circuit 30. The axis control circuit 30 performs feedback control of the servo motor 50 based on this position feedback signal. In the hardware configuration diagram of Figure 1, only one axis control circuit 30, servo amplifier 40, and servo motor 50 are shown, but in reality, as many as the number of axes on the industrial machine 3 to be controlled are provided. For example, when controlling a machine tool with a typical linear three-axis system, three sets of axis control circuits 30, servo amplifiers 40, and servo motors 50 are provided to move the spindle to which the tool is attached and the workpiece relative to each other in the linear three-axis direction (X axis, Y axis, Z axis).
[0016] The spindle control circuit 60 receives a spindle rotation command and outputs a spindle speed signal to the spindle amplifier 61. The spindle amplifier 61 receives this spindle speed signal and rotates the spindle motor 62 of the industrial machine 3 at the commanded rotational speed, thereby driving the spindle. A position coder 63 is coupled to the spindle motor 62. The position coder 63 outputs a feedback pulse synchronized with the rotation of the spindle, and this feedback pulse is read by the CPU 11.
[0017] Figure 2 is a schematic block diagram showing the functions of the control device 1 according to the first embodiment of this disclosure. Each function of the control device 1 according to this embodiment is realized by the CPU 11 of the control device 1 shown in Figure 1 executing a system program and controlling the operation of each part of the control device 1.
[0018] The control device 1 of this embodiment includes a data file acquisition unit 100, a data file analysis unit 110, a target data determination unit 120, an authentication unit 130, a release state setting unit 140, a target data setting unit 150, and a release state reset unit 160. In addition, the RAM 13 to non-volatile memory 14 of the control device 1 is pre-prepared with a target data setting storage unit 210, which is an area that stores settings related to target data such as parameters related to control, ladder programs, and C language executor programs.
[0019] The data file acquisition unit 100 acquires at least one data file. The data file acquisition unit 100 may acquire at least one data file from, for example, an external device 72. Alternatively, it may acquire at least one data file from an external computer such as a computer 4, a fog computer 6, or a cloud server 7 via the network 5. The data file acquisition unit 100 may also acquire other information provided together with the data file. The data file acquisition unit 100 may acquire data files based on user operations or based on requests from external applications. The data file acquisition unit 100 outputs the acquired at least one data file to the data file analysis unit 110.
[0020] The data file analysis unit 110 analyzes the data file acquired by the data file acquisition unit 100. The data file contains at least commands for setting important settings related to each type of target data, and authentication information for enabling the removal of the restriction on changing the important settings related to the type of target data. The data file analysis unit 110 analyzes the data file and extracts the commands for setting important settings related to each type of target data and the authentication information for enabling the removal of the restriction on changing those settings. It then outputs the extracted commands to the target data determination unit 120 and the target data setting unit 150. It also outputs the extracted authentication information to the authentication unit 130.
[0021] Figure 3 is a schematic diagram showing an example of a data file format. The data file format illustrated in Figure 3 is in a format where multiple blocks are separated by semicolons. The data file format illustrated in Figure 3 includes a command for setting up a setting change warning function as an example of important settings. It also includes an authentication password as an example of authentication information. In the example in Figure 3, "%" is a symbol indicating the start and end of the data file. "G10L99" is a command indicating that the following block is a block for setting up a setting change warning function for the target data. "N1" is a command that specifies an authentication password to enable the removal of the setting change restriction for the setting change warning function for the target data type "control parameters". "N2" is a command that specifies an authentication password to enable the removal of the setting change restriction for the setting change warning function for the target data type "ladder program". Furthermore, "N3" is a command that specifies an authentication password to enable the removal of the setting change restriction for the setting change warning function for the target data type "C language executor program". Furthermore, "N101" is a command for setting the setting change warning function for a target data type called "control parameters". Also, "N102" is a command for setting the setting change warning function for a target data type called "ladder program". In addition, "N103" is a command for setting the setting change warning function for a target data type called "C language executor program". In each setting, you can set whether or not to perform change monitoring by placing a logical value (0 or 1) after address "A", whether or not to output an alarm when a change is detected by placing a logical value (0 or 1) after address "B", and whether or not to display a check code on the screen by placing a logical value (0 or 1) after address "C". "G11" is a command indicating that the block related to data setting has ended. Note that the format of the data file is not limited to the format exemplified in Figure 3, and other formats may be used.Furthermore, the important settings related to the type of data being targeted are not limited to those exemplified in Figure 3; any setting that requires some form of authentication to be changed is acceptable. In addition, authentication information other than an authentication password may be used.
[0022] Figure 4 is a schematic diagram showing an example of a data file containing specific values. In the example in Figure 4, the authentication password to enable the removal of the setting change restriction for the target data type "Control-related parameters" is set to "foo". The authentication password to enable the removal of the setting change restriction for the target data type "Ladder program" is set to "bar". Furthermore, the authentication password to enable the removal of the setting change restriction for the target data type "C language executor program" is set to "baz". For the target data type "Control-related parameters", change monitoring is performed, an alarm is output when a change is detected, and the check code is not displayed on the screen. For the target data type "Ladder program", change monitoring is not performed, an alarm is not output when a change is detected, and the check code is not displayed on the screen. Furthermore, for the target data type "C language executor program", change monitoring is performed, an alarm is output when a change is detected, and the check code is displayed on the screen.
[0023] The target data determination unit 120 determines at least one type of target data to be set based on the results of the analysis by the data file analysis unit 110. The analysis results by the data file analysis unit 110 include commands for making important settings related to each type of target data. The target data determination unit 120 refers to these commands and determines which type of target data is to be set by the data file. The target data determination unit 120 outputs the determined type of target data to the release state setting unit 140.
[0024] The authentication unit 130 performs authentication using authentication information for each type of target data based on the results of the analysis by the data file analysis unit 110. The authentication performed by the authentication unit 130 is, for example, authentication using an authentication password. In this case, a matching password for each type of target data may be stored in advance on the RAM 13 or non-volatile memory 14 of the control device 1, and authentication may be performed by comparing it with the authentication password obtained from the data file analysis unit 110. In addition, other authentication methods such as authentication using biometric information or authentication using a public key may be used. Furthermore, authentication using authentication information may be requested from another computer, such as a fog computer 6 or a cloud server 7. The authentication unit 130 outputs the authentication result for each type of target data to the deactivation state setting unit 140.
[0025] The release status setting unit 140 enables the release of the setting change restriction related to important settings for target data types for which authentication by the authentication unit 130 has been successful. The release status setting unit 140 then notifies the target data setting unit 150 of the target data types for which the setting change restriction related to important settings has been released. The release status setting unit 140 may also enable the release of the setting change restriction related to important settings only for target data types that the target data determination unit 120 has determined to be subject to settings, among the target data types for which authentication by the authentication unit 130 has been successful. This prevents other malicious programs from changing the settings related to target data types that are not subject to settings if the setting change restriction is released based solely on successful authentication.
[0026] The target data setting unit 150 performs important settings related to the type of target data based on the analysis results by the data file analysis unit 110. When performing important settings related to the type of target data, the target data setting unit 150 determines whether the release status setting unit 140 has enabled the release of the setting change prohibition related to the important settings for that type of target data. Then, it performs settings only for the type of target data for which it has enabled. The target data setting unit 150 may output an alert if an attempt is made to set a type of target data for which it has not enabled. This alert may be displayed on the display device 70, for example, or recorded as a log on the RAM 13 or non-volatile memory 14 of the control device 1. Furthermore, it may be transmitted to other computers managing the control device 1 via the network 5.
[0027] The release state reset unit 160 disables the release of the setting change prohibition related to the type of target data when a predetermined condition is met. This predetermined condition may be, for example, when the command for setting data by data file is completed (in the example of Figures 3 and 4, when the processing of the "G11" command is completed). Alternatively, it may be a condition that a predetermined release state retention time has elapsed since the release state setting unit 140 enabled the release of the setting change prohibition related to important settings related to the type of target data. The release state reset unit 160 may also disable the release of the setting change prohibition for each type of target data. The release state reset unit 160 notifies the target data setting unit 150 that the release of the setting change prohibition related to important settings has been disabled.
[0028] The control device 1 according to this embodiment, with the above configuration, can centrally manage authentication information and configuration data on other computers such as the fog computer 6 and the cloud server 7. Furthermore, since there is no need to manually input authentication information, it becomes possible to automate changes to important settings related to the target data using external applications such as the FOCAS app, thereby reducing the effort required for user configuration work. Such effects are particularly noticeable, for example, during the mass production of machines by machine manufacturers.
[0029] [Second Embodiment] The control device according to the second embodiment will be described below. The control device 1 according to this embodiment has the same hardware configuration as the control device 1 according to the first embodiment.
[0030] Figure 5 is a schematic block diagram showing the functions of the control device 1 according to the second embodiment of this disclosure. Each function of the control device 1 according to this embodiment is realized, similar to the control device 1 according to the first embodiment, by the CPU 11 of the control device 1 shown in Figure 1 executing a system program and controlling the operation of each part of the control device 1.
[0031] The control device 1 of this embodiment includes a data file acquisition unit 100, a data file analysis unit 110, a target data determination unit 120, an authentication unit 130, a release state setting unit 140, a target data setting unit 150, and a release state reset unit 160, as well as a data file decoding unit 105. Furthermore, the RAM 13 to non-volatile memory 14 of the control device 1 is pre-configured with a target data setting storage unit 210, which stores settings related to target data such as control parameters, ladder programs, and C language executor programs.
[0032] The data file analysis unit 110, target data determination unit 120, authentication unit 130, release state setting unit 140, target data setting unit 150, and release state reset unit 160 in this embodiment each have the same functions as the data file analysis unit 110, target data determination unit 120, authentication unit 130, release state setting unit 140, target data setting unit 150, and release state reset unit 160 in the first embodiment.
[0033] The data file acquisition unit 100 acquires at least one data file. The data file acquired by the data file acquisition unit 100 according to this embodiment is encrypted by a predetermined encryption means. The data file may be encrypted only with respect to authentication information. Alternatively, the entire data file may be encrypted. The data file may be encrypted with a predetermined symmetric key, a public key, or other encryption methods. The data file acquisition unit 100 outputs the acquired data file to the data file decryption unit 105.
[0034] The data file decryption unit 105 decrypts the encrypted data file acquired by the data file acquisition unit 100. For example, the RAM 13 or non-volatile memory 14 of the control device 1, or a security device such as a hardware security module (not shown), is pre-configured with information necessary to decrypt the encrypted data file (e.g., a common key or a secret key). The data file decryption unit 105 then uses this information to decrypt the encrypted data file. The data file decryption unit 105 outputs the decrypted data file to the data file analysis unit 110.
[0035] The control device 1 according to this embodiment, which has the above configuration, allows the user to perform tasks using an encrypted data file. Therefore, for example, the user cannot read the authentication information contained in the data file, thus preventing the leakage of authentication information when the person who sets the data file and the operator who inputs the data file into the control device 1 are different people.
[0036] [Third Embodiment] The control device according to the third embodiment will be described below. The control device 1 according to this embodiment has the same hardware configuration as the control device 1 according to the first embodiment.
[0037] Figure 6 is a schematic block diagram showing the functions of the control device 1 according to the third embodiment of this disclosure. Each function of the control device 1 according to this embodiment is realized, similar to the control device 1 according to the first embodiment, by the CPU 11 of the control device 1 shown in Figure 1 executing a system program and controlling the operation of each part of the control device 1.
[0038] The control device 1 of this embodiment includes a data file acquisition unit 100, a data file analysis unit 110, a target data determination unit 120, an authentication unit 130, a release state setting unit 140, a target data setting unit 150, and a release state reset unit 160, as well as an authentication lock unit 135 and an authentication setting unit 138. Furthermore, the RAM 13 to non-volatile memory 14 of the control device 1 is pre-configured with a target data setting storage unit 210, which stores settings related to target data such as control parameters, ladder programs, and C language executor programs.
[0039] The data file acquisition unit 100, data file analysis unit 110, target data determination unit 120, release state setting unit 140, target data setting unit 150, and release state reset unit 160 in this embodiment each have the same functions as the data file acquisition unit 100, data file analysis unit 110, target data determination unit 120, release state setting unit 140, target data setting unit 150, and release state reset unit 160 in the first embodiment.
[0040] The authentication unit 130 in this embodiment performs authentication processing in the same manner as the authentication unit 130 in the first embodiment, and outputs the result of the performed authentication to the authentication lock unit 135. Furthermore, when the authentication lock unit 135 notifies the authentication unit 130 that it will lock the authentication, the authentication unit 130 locks the authentication process until the authentication lock is released.
[0041] The authentication lock unit 135 locks authentication by the authentication unit 130 for a predetermined lock time if the authentication unit 130 fails to authenticate a predetermined number of times within a predetermined authentication period. The authentication lock unit 135 records the results of authentication performed by the authentication unit 130. Based on the recorded authentication results, the authentication lock unit 135 counts the number of authentication failures within the set authentication period. When the number of authentication failures within the authentication period exceeds the set number of authentication attempts, the authentication lock unit 135 notifies the authentication unit 130 to lock the authentication process. When the set lock time has elapsed since the authentication lock was initiated, the authentication lock unit 135 notifies the authentication unit 130 to release the authentication lock. Parameters related to authentication lock, such as the authentication period, the number of authentication attempts, and the lock time, may be set by the authentication setting unit 138. These settings may be made possible, for example, by displaying a user interface for setting on the display device 70 and allowing the user to set them by operation using the input device 71. Furthermore, the system may be configured via the network 5 from external computers such as computer 4, fog computer 6, and cloud server 7.
[0042] The control device 1 according to this embodiment, having the above configuration, can lock authentication and prevent changes to settings if authentication fails a predetermined number of times within a short period of time. If manual input of authentication information is no longer required, a malicious application could attempt multiple password combinations within a short period of time. The control device 1 of this embodiment makes it possible to prevent such a situation.
[0043] As described above in detail regarding the embodiments of the present disclosure, the present disclosure is not limited to the individual embodiments described above. These embodiments can be variously added, replaced, changed, partially deleted, etc., without departing from the gist of the invention or without departing from the idea and spirit of the present disclosure derived from the content described in the claims and its equivalents. For example, in the above-described embodiments, the order of each operation and the order of each process are shown as an example and are not limited thereto. The same applies when numerical values or mathematical formulas are used in the description of the above-described embodiments.
[0044] The following shows an appended note according to an embodiment of the present disclosure. (Appended Note 1) A control device (1) according to an aspect of the present disclosure includes a data file acquisition unit (100) that acquires at least one data file, a data file analysis unit (110) that analyzes the data file, a target data determination unit (120) that determines at least one type of target data to be set based on the result of the analysis, an authentication unit (130) that performs authentication using authentication information included in the data file for each type of the target data based on the result of the analysis, a release state setting unit (140) that enables the release of the prohibition on setting change for the type of target data for which the authentication has succeeded, a target data setting unit (150) that performs setting for the type of target data for which the release of the prohibition on setting change is effective based on the result of the analysis, and a release state reset unit (160) that invalidates the release of the prohibition on setting change for the type of target data when a predetermined condition is satisfied.
[0045] (Note 2) The release state reset unit (160) of the control device (1) according to another aspect of the present disclosure disables the release of the setting change prohibition for the type of target data when the setting for the target data by the data file is completed. (Note 3) The release state reset unit (160) of the control device (1) according to another aspect of the present disclosure disables the release of the target data after a predetermined release state retention time has elapsed since the release became effective. (Note 4) The control device (1) according to another aspect of the present disclosure further comprises a data file decryption unit (105) for decrypting the encrypted data file.
[0046] (Note 5) A control device (1) according to another aspect of the present disclosure further comprises an authentication lock unit (135) that locks the authentication for a predetermined authentication lock time if the authentication fails a predetermined number of times within a predetermined authentication period. (Note 6) A control device (1) according to another aspect of the present disclosure further comprises an authentication setting unit (138) that sets at least one of the authentication period, the number of authentication attempts, and the authentication lock time.
[0047] (Note 7) A computer-readable recording medium according to one aspect of the present disclosure records a program that causes the computer to operate as: a data file acquisition unit (100) that acquires at least one data file; a data file analysis unit (110) that analyzes the data file; a target data determination unit (120) that determines at least one type of target data to be set based on the results of the analysis; an authentication unit (130) that performs authentication for each of the target data using authentication information contained in the data file based on the results of the analysis; a release state setting unit (140) that enables the release of the setting change prohibition related to the type of target data for the type of target data for which the authentication has been successful; a target data setting unit (150) that performs settings related to the type of target data for which the release of the setting change prohibition is effective based on the results of the analysis; and a release state reset unit (160) that disables the release of the setting change prohibition related to the type of target data when a predetermined condition is met.
[0048] 1 Control device 3 Industrial machine 4 Computer 5 Network 6 Fog computer 7 Cloud server 11 CPU 12 ROM 13 RAM 14 Non-volatile memory 15, 18, 19, 20 Interface 16 PLC 17 I / O unit 22 Bus 30 Axis control circuit 40 Servo amplifier 50 Servo motor 60 Spindle control circuit 61 Spindle amplifier 62 Spindle motor 63 Position coder 70 Display device 71 Input device 72 External device 100 Data file acquisition unit 105 Data file decoding unit 110 Data file analysis unit 120 Target data determination unit 130 Authentication unit 135 Authentication lock unit 138 Authentication setting unit 140 Release state setting unit 150 Target data setting unit 160 Release state reset unit 210 Target data setting storage unit
Claims
1. A control device comprising: a data file acquisition unit that acquires at least one data file; a data file analysis unit that analyzes the data file; a target data determination unit that determines at least one type of target data to be set based on the results of the analysis; an authentication unit that performs authentication using authentication information contained in the data file for each type of target data based on the results of the analysis; a release state setting unit that enables the release of the setting change prohibition related to the type of target data for the type of target data for which the authentication has been successful; a target data setting unit that performs settings related to the type of target data for which the release of the setting change prohibition is effective based on the results of the analysis; and a release state reset unit that disables the release of the setting change prohibition related to the type of target data when a predetermined condition is met.
2. The control device according to claim 1, wherein the release state reset unit disables the release of the setting change prohibition related to the type of target data when the setting related to the target data by the data file is completed.
3. The control device according to claim 1, wherein the release state reset unit invalidates the release of the target data after a predetermined release state holding time has elapsed since the release became effective.
4. The control device according to claim 1, further comprising a data file decryption unit for decrypting the encrypted data file.
5. The control device according to claim 1, further comprising an authentication lock unit that locks the authentication for a predetermined authentication lock time if the authentication fails a predetermined number of times within a predetermined authentication period.
6. The control device according to claim 5, further comprising an authentication setting unit for setting at least one of the authentication period, the number of authentication attempts, and the authentication lock time.
7. A computer-readable recording medium that records a program causing a computer to operate as: a data file acquisition unit that acquires at least one data file; a data file analysis unit that analyzes the data file; a target data determination unit that determines at least one type of target data to be set based on the results of the analysis; an authentication unit that performs authentication for each of the target data using authentication information contained in the data file based on the results of the analysis; a release state setting unit that enables the release of the setting change prohibition related to the type of target data for the type of target data for which the authentication has been successful; a target data setting unit that performs settings related to the type of target data for which the release of the setting change prohibition is effective based on the results of the analysis; and a release state reset unit that disables the release of the setting change prohibition related to the type of target data when a predetermined condition is met.