Method for protecting the production data for producing a product
11662702 · 2023-05-30
Assignee
Inventors
- Omar Belhachemi (Munich, DE)
- Rainer Falk (Poing, DE)
- Christian Peter Feist (Munich, DE)
- Kai Fischer (Baldham, DE)
- Daniela Friedrich (Munich, DE)
- Steffen Fries (Baldham, DE)
- Markus Heintel (Munich, DE)
Cpc classification
H04L9/3066
ELECTRICITY
G05B2219/36542
PHYSICS
International classification
H04L9/00
ELECTRICITY
Abstract
Provided is a method for producing a product by a machine tool, wherein the control information and/or production data of a machine tool, such as a milling machine, injection molding machine, welding robot, laser cutter or 3D printer, is protected or cryptographically encrypted such that unauthorized copying or modifying is prevented, including the steps: producing product by the machine tool taking into consideration control information which controls the production of the product; generating production data by the machine tool during production of the product, wherein the production data describes the production of the product; providing protection information to the machine tool, which indicates which of the production data is to be protected, and defines a protection method for the production data which is protected; and protecting that production data which, according to the protection information, is to be protected, by the protection method defined by the protection information.
Claims
1. A method for the manufacture of a product with a machine tool, comprising: manufacture of the product with the machine tool giving consideration to control information that controls the manufacture of the product; generation of production data by the machine tool during the manufacture of the product, wherein the production data describe the manufacture of the product; provision of protection information to the machine tool indicating which parts of the production data are to be protected and defining a protection method for this production data requiring protection, wherein the protection information defines different protection methods for different production data categories, wherein the protection method determines whether the production data to be protected are to be provided in a restricted manner, are not to be provided, and/or are to be provided in cryptographically encrypted form, and wherein the protection information is modified dynamically; and protection of those parts of the production data that are to be protected in accordance with the protection information with the protection method defined by the protection information.
2. The method as claimed in claim 1, wherein each production data category comprises multiple production data which are at least one of generated during the manufacture of a single product and generated during the manufacture of different products with the machine tool.
3. The method as claimed in claim 1, wherein: provision of the protected production data to at least one of a user, an external device, a memory device, a block chain, a cloud service, an Internet-of-things platform and a network.
4. The method as claimed in claim 1, wherein at least one of the protection information is stored in a memory unit of the machine tool; the protection information is contained at least partially in the control information and is provided to the machine tool together with the control information; and the control information contains a reference for at least one part of the protection information and the at least one part of the protection information is provided to the machine tool via this reference.
5. The method as claimed in claim 1, wherein the control information is encrypted with a public cryptographic key that is used by the machine tool to encrypt production data.
6. The method as claimed in claim 1, wherein decryption data that enable a decryption of protected production data are embedded in the manufactured product.
7. The method as claimed in claim 6, wherein the decryption data are at least one of stored in the manufactured product and determined by or depending on at least one of an encoded mechanical structure of the manufactured product, a printed structure and milled barcode.
8. The machine tool for carrying out the method as claimed in claim 1.
9. A computer program product, comprising a computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, comprising: controlling manufacturing of a product with a machine tool giving consideration to control information that controls the manufacture of the product; generating production data by the machine tool during the manufacture of the product, wherein the production data describe the manufacture of the product; providing protection information to the machine tool indicating which parts of the production data are to be protected and defining a protection method for this production data requiring protection, wherein the protection information defines different protection methods for different production data categories, wherein the protection method determines whether the production data to be protected are to be provided in a restricted manner, are not to be provided, and/or are to be provided in cryptographically encrypted form, and wherein the protection information can be modified dynamically; and protecting those parts of the production data that are to be protected in accordance with the protection information with the protection method defined by the protection information.
10. A machine tool for the manufacture of a product, comprising: a manufacturing unit for manufacturing the product to control information that controls the manufacture of the product; a generation unit for the generation of production data during the manufacture of the product, wherein the production data describes the manufacture of the product; a provision unit for the provision of protection information indicating which parts of the production data are to be protected and defining a protection method for these production data requiring protection, wherein the protection information defines different protection methods for different production data categories, wherein the protection method determines whether the production data to be protected are to be provided in a restricted manner, are not to be provided, and/or are to be provided in cryptographically encrypted form, and wherein the protection information can modified dynamically; and a protection unit for the protection of those parts of the production data that are to be protected in accordance with the protection information with the protection method defined by the protection information.
11. The machine tool as claimed in claim 10 that is a 3D printer.
Description
BRIEF DESCRIPTION
(1) Some of the embodiments will be described in detail, with reference to the following figures, wherein like designations denote like members, wherein:
(2)
(3)
(4)
(5)
DETAILED DESCRIPTION
(6) Elements that are the same or that have the same function are given the same reference signs in the figures unless otherwise stated.
(7)
(8) The machine tool 1 comprises a manufacturing unit 2, a generation unit 3, a provision unit 4 and a protection unit 5 that are connected to one another via an internal cable 6.
(9) The machine tool 1 is suitable for manufacturing the product according to a method for manufacturing a product. Such a method is illustrated, for example, in
(10) The method is described below with reference to
(11) The product is manufactured with the machine tool 1 in a step 51. The manufacture of the product takes place with the aid of the manufacturing unit 2 and taking into consideration control information 7 that is stored in the manufacturing unit 2. The control information 7 is stored permanently in the manufacturing unit 2. It specifies what steps, in what sequence and/or with what settings of the machine tool 1 the manufacturing unit 2 must carry out when manufacturing the product.
(12) The control information 7 can, for example, specify that in a first step a left-hand, green spectacles arm is 3D-printed according to a first 3D printing program, that a blue spectacle lens carrier element is then 3D-printed according to a second 3D printing program, and that finally a right-hand, yellow spectacles arm is 3D-printed according to a third 3D printing program. The manufacturing unit 2 manufactures the product (the spectacles) according to the control information 7. The control information 7 is copy-protected by means of DRM.
(13) Production data 8 are generated by the generation unit 3 in a step S2 during the manufacture of the product. The step S2 can be carried out in parallel with the step S1.
(14) The production data 8 are log data that describe the manufacture of the product. This is, for example, temperature data that are acquired by the generation unit 3 during the manufacture of the product and which indicate a temperature of the machine tool, and measurement data that are acquired by the generation unit 3 during the manufacture of the product and which indicate dimensions of the manufactured product. The production data 8 can subsequently be analyzed in order to monitor proper manufacture of the product.
(15) Protection information 9 is provided to the machine tool 1 in a step S3. The protection information 9 is stored in the provision unit 4 of the machine tool 1. The protection information 9 is already specified and stored in the provision unit 4 during an initialization of the machine tool 1. The protection information 9 is here unchangeable.
(16) The protection information 9 indicates for all of the production data 8 generated in step S2 whether they are to be protected and, if relevant, how they are to be protected. How the protection of the production data 8 that are to be protected is to be done is specified according to a protection method defined by the protection information.
(17) The protection information 9 defines different protection methods for different production data categories. The protection method defines that the production data 8 that describe the temperature of the machine tool 1 (first production data category) are to be provided in cryptographically encrypted form. A public cryptographic key for the cryptographic encryption of this production data 8 is provided by the protection information 9. The protection method further defines that the production data 8 that describe the dimensions of the product (second production data category) may not be provided to external devices.
(18) In the step S3, the production data 8 are protected with the protection method giving consideration to the protection information 9. The production data 8 of the first production category are here encrypted with the public cryptographic key. The production data 8 of the second production category are furthermore stored in a protected memory, not illustrated, of the machine tool 1, and only used for internal purposes.
(19) The protected production data 8 of the first production category can only be decrypted by a device that knows the private cryptographic key associated with the public cryptographic key. The protected production data 8 of the second production category are not provided outside the tool device 1. The contents of the production data 8 are thereby protected. It is also not possible for the control information 7 to be derived by unauthorized users from the production data 8, since an unauthorized user could not read the production data 8 at all.
(20)
(21) The machine tool 10 according to the second form of embodiment differs from the machine tool 1 according to the first form of embodiment inter alia in that the control information 7 and the protection information 9 do not have a permanent specification in the machine tool 10, but are first communicated from the marketplace 22.
(22) In addition, the inner structure of the machine tool 10 according to the second form of embodiment is different from that of the machine tool 1 according to the first form of embodiment. The machine tool 10 comprises a communication interface 11, a control information memory unit 12, a manufacturing control unit 13, a plurality of actuators 14, a plurality of sensors 15, a protection information memory 16, a manufacturing acquisition unit 17, a protection unit 18 and a configuration interface 20.
(23) The control information memory unit 12, the manufacturing control unit 13 and the actuators 14 together form a manufacturing unit. The sensors 15 and the manufacturing acquisition unit 17 together form a generation unit. The protection information memory 16 and the configuration interface 20 together form a provision unit.
(24) The machine tool 10 is suitable for carrying out a method for manufacturing a product. Such a method is illustrated, for example, in
(25) The steps S0′, S1′, S2′ and S3′ of the method according to the second form of embodiment correspond essentially to the steps S0, S1, S2 and S3 from the method according to the first form of embodiment. It is above all the differences between the forms of embodiment that are described in what follows.
(26) In a preparation step S0′, the machine tool 10, the analysis device 21 and the marketplace 22 are provided. The analysis device 21 can be considered as a device external to the machine tool 10.
(27) In a step S3′ the machine tool 10 receives the control information 7 and the protection information 9 from the marketplace 22. The marketplace 22 is, in particular, a central device in which control information 7 and protection information for different machine tools 10 are determined and sent to these machine tools 10.
(28) The control information 7 and the protection information 9 are provided to the machine tool 10 via its communication interface 11. The control information 7 is stored in the control information memory unit 12. The protection information 9, which comprises a public cryptographic key for encrypting production data 8, is stored in the protection information memory 16.
(29) The product is manufactured with the machine tool 10 in a step S1′. The actuators 14 are driven for this purpose by the manufacturing unit 13 with the aid of the control information 7 from the control information memory unit 12.
(30) Production data 8 are generated by the machine tool 10 during the manufacture of the product in a step S2′. The sensors 15 acquire the manufacturing temperature and dimensions of the manufactured product for this purpose. The manufacturing acquisition unit 17 here drives the sensors 15 and passes the acquired production data 8 on to the protection unit 18.
(31) Whether the production data 8 are to be protected is ascertained in a step S5. The step S5 is carried out with the use of the protection unit 18. The ascertainment of whether the production data 8 are to be protected is performed giving consideration to the protection information 9 stored in the protection information memory 16.
(32) If it is ascertained in the step S5 that the production data 8 are to be protected, the production data 8 are protected in a step S4′. To protect the production data 8 that are to be protected, the protection unit 18 uses the public cryptographic key that was stored in the protection information memory 16 as part of the protection information 9.
(33) The protected production data 8 are then transmitted to the analysis device 21 in a step S6. The machine tool 10 sends the protected production data 8 via the communication interface 11 to the analysis device 21 for this purpose.
(34) The analysis device 21 is a trustworthy device that is permitted to read and analyze the contents of the production data 8. The private key associated with the public cryptographic key is provided to such trustworthy devices. The analysis device 21 thus has the private cryptographic key for decrypting the cryptographically protected production data 8. The analysis device 21 can decrypt the protected production data 8 with this key and use the production data 8 in order to check the proper manufacture of the product by the machine tool 10. Instead of an asymmetric cryptographic method with public encryption key and associated private decryption key, a symmetric cryptographic method that uses the same secret key for encryption and for decryption can be used in another variant. The secret key that is used to encrypt the production data 8 can here be contained in the control information 7. The secret key can be stored in the protection information memory 16.
(35) The protection unit 18 of the machine tool 10 uses the secret key stored in the protection information memory 16 in order to encrypt the production data 8. An analysis device 21 in this case has the same secret key for decrypting the cryptographically protected production data 8.
(36) The private key associated with the public cryptographic key, or the secret key for decrypting the cryptographically protected production data 8, is not provided to an untrustworthy device, i.e. a device that is not explicitly permitted to read and/or analyze the content of the production data 8. Such an untrustworthy device can thereby neither decrypt nor read the production data 8. This makes it impossible for the untrustworthy device to derive the control information 7 from the production data 8 and for the product to be replicated in an unauthorized manner.
(37) A key market (not illustrated), from which an authorized analysis device 21 can request a private cryptographic key or secret cryptographic key used for the protection of production data 8, is provided in one variant. The analysis device 21 authenticates itself for this purpose to the key market 23 using a cryptographic authentication key or authentication token. The key market 23 checks whether the authenticated analysis device 21 is authorized to receive a requested cryptographic key for the decryption of cryptographically protected production data 8. If this is the case, the key market 23 provides the requested cryptographic key for the decryption of cryptographically protected production data 8 to the analysis device 21.
(38) If it is ascertained in the step S5 that the production data 8 are not to be protected, the production data 8 are sent in the step S6 to the analysis device 21 in an unprotected form.
(39) A dynamic updating of the control information 7 and/or of the protection information 9 takes place in a step S7. The marketplace 22 here transmits updated versions of the control information 7 and/or the protection information 9 to the machine tool 10.
(40) In one form of embodiment, only a part of the protection information 9 is active at any one time. The active part of the protection information 9 can be determined by a user of the machine tool 10 through use of the configuration interface 19.
(41) In a further form of embodiment, information regarding a current manufacturing step can be incorporated in the activation of the protection information 9 and/or in the protection of the production data 8.
(42) Although embodiments of the present invention has been described on the basis of exemplary embodiments, it can be modified in diverse ways. Different keys can, for example, be used for the protection of different production data 8. The machine tools 1, 10 can, for example, also be milling machines or the like. The protection information 9 can also be provided to the marketplace 22 through a reference to the machine tool 1. The protected production data 8 can also be embedded in the product, for example as a barcode. The individual method steps can also take place in parallel with one another or in a sequence other than the one described.
(43) Although the present invention has been disclosed in the form of preferred embodiments and variations thereon, it will be understood that numerous additional modifications and variations could be made thereto without departing from the scope of the invention.
(44) For the sake of clarity, it is to be understood that the use of “a” or “an” throughout this application does not exclude a plurality, and “comprising” does not exclude other steps or elements.