One of the growing needs is more help to protect themselves from reverse-engineering, piracy, sabotage and other infringements on their intellectual property.
Opto 22 is offering just such help. The company released its Secure Strategy Distribution System, as part of PAC Project version 8.2, the companys flagship automation software suite, to give industrial machine builders the ability to encrypt both firmware and control programs so they can only be uploaded or downloaded to a controller via use of a secure encryption key.
The Secure Strategy Distribution System feature helps alleviate some of our OEM customer concerns, particularly as they ship their machines abroad. says Nick Riley, senior project engineer at Opto 22. It was designed specifically to protect the intellectual property of OEMs by safeguarding the control program embedded in their machines. This effectively prevents unauthorized users from accessing, downloading or running control code without a shared encryption key and offers a method for updating machines in the field, confident their code will be protected.
If control programs or firmware on machines in the field need updating, says Riley, the OEM can create a controller download file, encrypt it and then distribute it to customers. Because these field controllers were encrypted through the Secure Strategy Distribution System, they only will accept files that have a digital signature that matches the OEMs private key, he adds. This guarantees that the firmware or control program update is authentic and has not been modified.
The company says this is what its customers want. Increasingly, our machine builder customers tell us how theyve spent considerable time and money developing and testing state-of-the-art, Opto 22-based control systems, only to discover their efforts suspiciously replicated in products brought to market by other manufacturers abroad, adds Opto 22 CEO Mark Engman. The Secure Strategy Distribution System addresses this issue head on.
Using this feature, the machine builder secures a program on a SNAP PAC controller by generating a pair of encrypted keysone public, one privateusing a utility built in to the PAC Project suite. The private key is programmed into the controller, effectively switching the controller into secure mode. Using PAC Projects PAC Control, a controller download file (CDF) is generated from a completed control strategy and encrypted with the public key to create a Secure Strategy download (SSD) file, using the same utility, says Riley. The encrypted program then can be downloaded to the secured controller, which will confirm a match between the programs public key and the controllers private key.
If the encryptions dont match, the controller will reject the SSD file and return an error message. Otherwise, the controller will accept the encrypted file and compile and load the control program into memory, ready to run.
Controller firmware updates are handled in a similar way, says Riley. This feature provides a second level of defense against a rogue user attempting to circumvent the encryption built in to the firmware, and subsequently downloading firmware that lacks the encryption feature, he adds. The result is an encryption mechanism that operates at both a firmware and hardware level, providing peace of mind to machine builders that their intellectual property is truly safeguarded.