DE10304877A1 - Procedure for installing a plug-in program - Google Patents

Abstract

The invention relates to a method for installing a plug-in program (426) in a device (400), comprising the following steps: DOLLAR A - transmission of a device identifier (422) of the device from the device to a computer (430), DOLLAR A - Entering a manufacturer ID via a user interface of the computer, DOLLAR A - forming a first key (436) from the device ID and the manufacturer ID, DOLLAR A - reading a second key (428) from a data carrier (424), DOLLAR A - comparing the first and second key, DOLLAR A - if the first and second keys match: transfer of the plug-in program stored on the data carrier to the device.

Description

The present invention relates to a procedure for installing a plug-in program using a disk a plug-in program and an automation system.

Various are from the prior art Software protection concepts known to avoid unauthorized Use of the to be protected Serve software. On the one hand, there are hardware-based solutions.

For hardware-based solutions, for example Connection of a so-called dongle to the computer required about execution the protected Enable software. Such hardware-based Software protection concepts have the disadvantage that they are relatively user-unfriendly are and also for cost reasons often drop out.

On the other hand, it is also known Software with a license number against unauthorized use protect. To do this, one must be provided to the customer when installing the software Purchase of the software license communicated license number in an input window of the set-up program. A disadvantage of such software-based solution is that this does not provide adequate protection against unauthorized Offers use. For example, such a software-based protection concept fails, if the customer has the same license number for multiple installation the software on different computers or even the license number Third party notifies.

Software protection concepts are particularly relevant for like this called open systems. An open system generally exists from at least one basic software, whose interfaces to third-party manufacturers are disclosed, so that third-party interoperable plug-ins for the Can create basic software. Such open system concepts are also used in the area of Automation technology for the implementation of open control architectures based on various hardware and software components Manufacturer used. An example of a corresponding basic software is OpenCNC (http://www.mdsi2.com/deutsch/gerbrochure.html).

The product SIMATIC iMap from the company Siemens AG (http://www.ad.siemens.de/cba/products/html 00 / imap.html) is used for plant-wide and cross-manufacturer merging of distributed Applications. Previously created software components are in SIMATIC iMap imported and stored in a library. About the disclosed interface of SIMATIC iMap, the components can be used as library elements for all PROFInet-capable devices be involved.

For software protection of the basic software open systems and the plug-in programs for the basic software can known software protection concepts can be used. at Use of different hardware and / or software based protection concepts The various software manufacturers can lead to conflicts come between the individual protection concepts.

In some cases, the software protection concepts not compatible with each other, so that sensible combinations of components only because of such intolerance cannot be realized. Even with tolerance The combination of the various protection concepts leads to the combination of the various manufacturer-specific software protection concepts difficult to handle and user-unfriendly systems that too in their flexibility limited are. An agreement between the various software manufacturers on one Uniform software protection concept to avoid these disadvantages is generally not possible because the protection system of the manufacturer of the basic software, for example across from should be disclosed to third party manufacturers.

The invention is therefore the object based, an improved method for installing a plug-in program to create as well as a disk with such a plug-in program and an automation system with a device on which the plug-in program can be installed. In particular, this is intended to be a software protection concept be created that avoids the disadvantages of the prior art.

The basis of the invention Tasks are solved by the features of the independent claims. preferred embodiments of the invention are in the dependent claims specified.

The software protection according to the invention is based on a combination of a device identifier and a manufacturer ID. about the device identifier is a particular device, on which the use of the plug-in program is authorized, clearly identified. For example, the so-called media access control (MAC) address of a device as such a device identifier be used.

This device identifier becomes the software manufacturer of the plug-in program communicated by the user, for example. The manufacturer then creates from this device identifier and its manufacturer ID a key. This key is put together with the plug-in program on a data medium, such as B. a CD-ROM, saved.

The installation of the plug-in program is then carried out as follows, for example: First, the device identifier of the device on which the plug-in program is installed is queried that should. The manufacturer identification of the manufacturer of the plug-in program to be installed is then queried via a user interface.

From the device identifier and the manufacturer identifier a key is again formed using the same encryption method. The key previously created by the manufacturer and stored on the data carrier is then generated by the user during installation key compared. If the two keys match, the transfer is made released the plug-in program to the device, so it can be used there in conjunction with basic software can.

• – Die Basissoftware des offenen Systems kann durch ein proprietäres Schutzkonzept des Herstellers der Basissoftware geschützt werden. Eine Offenlegung dieses proprietären Schutzkonzepts der Basissoftware ist nicht erforderlich, da dieser Mechanismus ausschließlich zum Schutz der Basissoftware genutzt wird.
• – Der Hersteller der Basissoftware bietet eine Softwareunterstützung an, beispielsweise in Form eines so genannten Wizards, um Drittherstellern ein einheitliches, komfortables Software-Schutzkonzept zum Schutz von deren Plug-in-Software zu bieten. Eine solche Softwareunterstützung kann Teil eines Developmentkits sein. Damit werden Unverträglichkeiten zwischen verschiedenen Software-Schutzkonzepten unterschiedlicher Dritthersteller vermieden, da alle Softwarekomponenten mit demselben Mechanismus geschützt werden und die Basissoftware gewährleistet, dass dieses Schutzkonzept mit dem der Basissoftware verträglich ist.

In particular, this procedure offers the possibility of implementing a two-stage software protection concept:

• - The basic software of the open system can be protected by a proprietary protection concept from the manufacturer of the basic software. It is not necessary to disclose this proprietary protection concept of the basic software, since this mechanism is only used to protect the basic software.
• - The manufacturer of the basic software offers software support, for example in the form of a so-called wizard, in order to offer third-party manufacturers a uniform, convenient software protection concept to protect their plug-in software. Such software support can be part of a development kit. This avoids incompatibilities between different software protection concepts from different third-party manufacturers, since all software components are protected with the same mechanism and the basic software ensures that this protection concept is compatible with that of the basic software.

According to a preferred embodiment of the Invention is the device on which the plug-in program to be installed around a so-called intelligent camera. In addition to the actual camera function, an intelligent camera has one Image processing unit with various image processing methods for the extraction of image features. Such intelligent cameras and Image processing programs are inherently state of the art known (compare the product commission from Siemens AG, http://www.ad.siemens.de/machinevision/html_00/produkte/produkte/provis.htm).

In particular, the Program version Provision V2.1 an open interface for integration self-made plug-in test elements, which is exactly like all standard test elements can be used. In this way the test program independently can be conveniently configured from the standard range of functions.

The individual test elements can easily created in the programming language C ++ and used in commission become. This allows the user the convenience of configuration combine with ProVision with the flexibility of high-level language programming. Many SIMATIC Machine Vision partner companies already have such Plug-in test elements developed.

The present invention makes it possible So in a comfortable way, e.g. B. another image processing method for the To provide image processing program as a plug-in, the Authorized use of the plug-in program by the software protection concept according to the invention guaranteed is.

For the installation of the plug-in program is preferred by the device connected to an external computer, in particular a conventional personal computer. This connection can be made via a Network connection or a bus connection of the automation system are produced, e.g. B. about a fieldbus or Profibus. Alternatively, a separate cable or wireless only for installation purposes a local connection is established between the computer and the device. About these Connection becomes the device identifier, in particular the MAC address of the device is queried and / or it is the plug-in program transfer this connection.

According to a preferred embodiment of the Invention becomes implementation a key transformation a so-called hash key from the device identifier and the manufacturer identification. To form this hash key transformation a hash function is used, e.g. B. through the development kit for the Plug-in program is specified.

According to a further preferred embodiment the invention is derived from the device identifier and the manufacturer identification by means of a cyclic redundancy check (CRC) process a key educated.

The CRC method is a common method for error detection in digital signal transmission. To carry out a CRC process, a message chain is divided using a keyword. Such a keyword is also called a generator polynomial. The keyword is known to both the sender and the recipient. The remainder of the division forms the so-called checkword, which is used to check that the message transmission is error-free. A CRC procedure is, for example, out US 4,283,787 known.

According to the invention, this CRC method, which is used per se from the prior art for error detection in digital message transmission, is used to implement a software protection concept. For this purpose, the device identifier is linked to the manufacturer identifier to form a string. This concatenation is then divided by a keyword. The remainder of the division serves as Key.

This process is made by the manufacturer applied to the key to generate that on disk is saved. The same procedure is also used by the user with the same keyword carried out, a checkword from the device identifier requested by the device and the one about the To form the user interface entered manufacturer ID. Right that on disk stored checkword matches the checkword created by the user, 'this follows from Authorization to use the plug-in on the device in question.

In the following, preferred exemplary embodiments the invention explained in more detail with reference to the drawings. It demonstrate:

1 2 shows a flowchart for creating a data carrier according to the invention,

2 a flowchart for generating a key for storage on the data carrier,

3 a flowchart of an installation of the plug-in on a device,

4 a block diagram of an automation system with an intelligent camera.

The 1 shows the steps for creating a data carrier with a plug-in for basic software and a software protection mechanism. In step 100, the plug-in program is created. This can be done within a development environment with the help of a so-called development kit, which is made available by the manufacturer of the basic software to the third-party manufacturer of the plug-in. This development kit includes a plug-in wizard with an encryption process. This encryption method is preferably only passed on as binary code in order to ensure the software protection of the plug-in components of the third-party manufacturers.

After programming the plug-in program in step 100 the encryption process of the plug-in wizard started in step 102.

A appears in step 102 Entry window with the request to enter the third-party identification. After this entry, a further input window appears in step 104 with the prompt for a unique device identifier of for the use of the plug-in authorized device. With this device identifier it is preferably the MAC address of the authorized one Device. This is communicated to the third party manufacturer by the user. The Third-party manufacturers enter this MAC address in the input window.

This is followed in step 106 an encryption the MAC address and the manufacturer identification by means of a key transformation the encryption process the plug-in wizard.

In step 108 the plug-in program stored on a data carrier with the key generated in step 106.

The 2 shows an example for the implementation of an encryption method in step 106. To carry out the encryption method, a chain is formed in step 200 from the MAC address and the third-party identification. In step 202, this concatenation is divided using a keyword. The keyword is secret and part of the encryption process of the plug-in wizard. This key word is a so-called generator polynomial, as is known per se from CRC methods.

The remainder of the division of the This is concatenation by the generator polynomial in step 202 Result of the key transformation, d. H. the so-called checkword. This is done in step 204 issued for storage on the data carrier. Of particular The use of this CRC check procedure is particularly advantageous for Applications with high performance requirements, such as in image processing because the CRC check process is particularly fast is working. Alternatively, you can hash methods are also used, which are also fast.

The 3 shows the procedure for installing the plug-in program on a device. In step 300, the data carrier is inserted into a corresponding reading device of a personal computer. Alternatively, e.g. B. over an Internet connection to the disk, for. B. the hard drive of a third-party server can be accessed.

In step 302 the set-up program started to install the plug-in program. Thereupon will in step 304 a connection between the personal computer and the device, on which the plug-in is to be installed.

In step 306, the MAC address of the device queried and about transfer the connection to the personal computer. At step 308 an input window appears on the personal computer screen with the request for the third party identification of the plug-ins to be installed. This third party identification is, for example, via the Keyboard of the personal computer entered by the user.

In step 310, the MAC address queried by the device in step 306 and the third-party identification entered in step 308 are then encrypted. The encryption method used in step 310 is the same as the encryption method in step 106 (compare 1 ).

In step 312 it is checked whether that in step 108 (compare 1 ) key stored on the data carrier with the in the step 310 generated key is identical. If this is not the case, a corresponding message for the user is output in step 314 via the user interface. From there, the sequence control goes back to step 308 in order to grant the user a renewed input attempt for the correct third-party identification.

If determined in step 312 is that the key are indeed identical, a transmission takes place in step 316 of the plug-in program from the data carrier to the device, so that the Plug-in program in the device can be used in conjunction with the basic software.

The 4 shows a block diagram of an automation system. The automation system has an intelligent camera 400 with a CCD camera module 402 for the delivery of image data 404 ,

The camera module 402 is with an image processing unit 406 connected which in the intelligent camera 400 is integrated. In the image processing unit 406 is an image processing program 408 Installed. With the image processing program 408 it is basic software developed by the manufacturer of the intelligent camera 400 is included.

The image processing methods are already included in the scope of this basic software 410 . 412 , ... for common image processing applications. For example, the image processing method is used 410 to recognize a barcode. The image processing method 412 is used, for example, to identify a fill level and to compare the detected fill level with a target fill level.

As a result of the image processing, the image processing unit returns 406 image features 414 via an interface 416 , e.g. B. to a network 418 of the automation system, so that the image features 414 to an automation component 420 can be transferred.

If the image processing method 410 is used, it concerns the image features 414 for example, the recognized barcode. In the case of the image processing method 412 on the other hand, it is the information as to whether the level detected is in a target range or whether the level is above or below the target range. The automation component can use this information 420 arrange for a corresponding readjustment.

The intelligent camera 400 also has a memory 422 , in which the MAC address as the device identifier of the intelligent camera 400 is saved.

In the event that the basic scope of the image processing program 408 included image processing methods 410 . 412 , ... are not sufficient for the user, he can buy a specialized image processing method for a special application from a third party manufacturer. For example, a data carrier is supplied by the third-party manufacturer 424 delivered on which a specialized image processing method 426 in the form of a plug-in for the image processing program 408 is saved. It is also on the disk 424 a key 428 saved. The disk 424 is, for example, after the in the 1 shown procedure created by the third party manufacturer.

To install the image processing system 426 is a personal computer 430 intended. On the personal computer 430 is running a set-up program 432 which, for example, from the data carrier 424 in the personal computer 430 has been loaded. The set-up program 432 includes a program module 434 with a sequential control system to implement an installation wizard. Furthermore, the set-up program 432 an encryption module 436 to implement encryption, which is also used to generate the key 428 has been used. Furthermore, the set-up program 432 a comparison module 438 , Via a user interface 440 , e.g. B. via a keyboard, the user can use a third-party recognition 442 enter.

To install the image processing system 426 on the smart camera 400 the procedure is as follows:
The user places the disk 424 into an appropriate reader on the personal computer 430 on. Alternatively, a data connection between the PC 430 and Z. B. a third-party server built to from the PC 430 on a data carrier on the server side with the image processing method 426 and the key 428 to be able to access.

For example, from the disk 424 the set-up program 432 loaded and on the personal computer 430 started. The user is then prompted through the user interface 440 identify the device of the automation system on which the additional plug-in program is to be installed. In the example case considered here, the user gives z. B. graphically interactive the intelligent camera 400 on. For this purpose, for example, a block diagram of the automation system can be displayed on the user interface. B. Click to select the device on which the plug-in is to be installed.

The set-up program 432 then asks the MAC address of the device of the automation system selected by the user, ie in the case considered here by the intelligent camera 400 , The image processing unit intervenes on the basis of this query 406 on the store 422 reads the MAC address from the memory 422 and transmits them via the interface 416 and the network 418 to the personal computer 430 ,

Via the user interface 440 demands the set-up program 432 the user to enter the third party identification 442 of that third party stellers, the image processing method 426 created on. With the help of third party identification 442 and the MAC address from the memory 422 is by means of the encryption module 436 through the set-up program 432 performed a key transformation.

The resulting key is used by the comparison module 438 with the key 428 of the disk 424 compared. If both keys match, then the image processing method is used 426 as a plug-in of the image processing program 408 on the smart camera 400 authorized and the corresponding plug-in, ie the image processing method, is then transferred 426 from the personal computer 430 over the network 418 to the intelligent camera 400 , There the image processing method 426 as a plug-in for the image processing program 408 can be used for the special application desired by the user.

This process can be repeated for different Image processing methods or other plug-ins for implementation Repeat from special applications, providing the highest level of flexibility for customization of the automation system to new applications.

Claims (17)

Procedure for installing a plug-in program ( 426 ) in one device ( 400 ), with the following steps: - Transmission of a device identifier ( 422 ) the device from the device to a computer ( 430 ), - Enter a manufacturer ID ( 442 ) via a user interface ( 440 ) of the computer, - formation of a first key ( 436 ) from the device identifier ( 422 ) and the manufacturer identification ( 442 ), - read a second key ( 428 ) from a data carrier ( 424 ), - comparison of the first and second keys, - if the first and second keys match: transmission of the plug-in program stored on the data carrier to the device ( 400 ). The method of claim 1, wherein the device is an intelligent camera with an image processing program ( 408 ), whereby the plug-in program is intended for the image processing program. The method of claim 1 or 2, wherein it is the plug-in program is an image processing method. Method according to one of the preceding claims 1, 2 or 3, where the device identifier is the Media Access Control (MAC) address of the device is. Method according to one of the preceding claims 1 to 4, wherein the transmission of the device identifier and / or the transmission of the plug-in program via a network connection ( 418 ) or there is a bus connection, especially via a Profibus or fieldbus. Method according to one of the preceding claims 1 to 5, the first key being a hash key. Method according to one of the preceding claims 1 to 6, the first key is formed after a cyclic redundancy check (CRC) process. A method according to claim 7, wherein for performing the CRC method the device identifier ( 422 ) and the manufacturer ID are linked together and the chaining is divided by a keyword, the result of the division being the first keyword ( 436 ) acts. Data carrier with a plug-in program ( 426 ) and a key ( 428 ), where the key comes from a device identifier ( 422 ) and a manufacturer ID is formed. disk The claim 9, wherein the key is a hash key. disk according to claim 9, wherein the key is the checkword of a Cyclic Redundancy Check (CRC) procedure. Data carrier according to claim 9, 10 or 11, with an installation program for performing the following steps: - Querying a device identifier ( 422 ) from a device ( 400 ), - Entering a manufacturer ID via a user interface ( 440 ), - formation of a key ( 436 ) from the device identifier and the manufacturer identifier, - comparison (438) of the key with the key stored on the data carrier, - transmission ( 418 ) of the plug-in program stored on the data medium for the device. disk according to one of the preceding claims 9 to 12, wherein it is in device identification the media access control (MAC) identifier of the device, for the the plug-in program is provided acts. Data carrier according to one of the preceding claims 9 to 13, wherein the plug-in program is an image processing method ( 428 ) for an image processing program ( 408 ) of the device. Automation system with one device ( 400 ), which is a device identifier ( 422 ), wherein the device means ( 406 ) to execute a program ( 408 ) and with a computer that can be connected to the device ( 430 ) with means for reading a data carrier ( 424 ), with a plug-in ( 426 ) for the program ( 408 ) is saved, and with an installation program ( 432 ) to carry out the following steps: - transmission of a device identifier ( 422 ) the device from the device to a computer ( 430 ), - entering a manufacturer ID via a user interface of the computer, - forming a first key ( 436 ) from the device identifier and the manufacturer identifier, - reading a second key ( 428 ) from a data carrier ( 424 ), - comparison of the first and second keys, - if the first and second keys match: transmission of the plug-in program stored on the data carrier to the device. Automation system according to claim 15, wherein the device is an intelligent camera ( 400 ) acts. Automation system according to claim 15 or 16 with a network ( 418 ) or a bus system for transferring the device ID and / or the plug-in program.