公开(公告)号：US20160277288A1

公开(公告)日：2016-09-22

申请号：US15033670

申请日：2014-09-05

Applicant: HITACHI, LTD.

Inventor： Tatsuya MARUYAMA ,  Tsutomu YAMADA ,  Chikashi KOMATSU ,  Mitsuyasu KIDO ,  Shouji YOSHIDA

IPC: H04L12/721 ,  H04L12/42

CPC classification number: H04L45/34 ,  H04L12/422 ,  H04L12/437 ,  H04L45/28 ,  H04L47/31

Abstract: An object of the present invention is to provide a network system or the like in which the construction cost of a network for a plurality of control systems is suppressed which is excellent in resistance to a network failure. In order to solve the problems, according to the present invention, there is provided a network system including a plurality of communication devices that are disposed in a plurality of bases, and are grouped into predetermined control systems for each of the devices which transmit and receive packets to and from each other so as to monitor or control target equipment, and a plurality of relay devices each of which includes a plurality of communication ports and transmits a packet transmitted by the communication device to another communication device, in which a plurality of communication devices disposed in each base are connected in parallel between the two relay devices, the relay devices disposed in different bases are connected to each other in a ring shape via a network, and a plurality of communication devices disposed in at least one base include communication devices belonging to different control systems.

Abstract translation: 本发明的目的是提供一种网络系统等，其中抑制了多个控制系统的网络的建设成本，其对网络故障的抵抗性优异。 为了解决这些问题，根据本发明，提供了一种网络系统，包括设置在多个基站中的多个通信设备，并且被分组为用于发送和接收的每个设备的预定控制系统 分组到彼此并且用于监视或控制目标设备，以及多个中继设备，每个中继设备包括多个通信端口，并将由通信设备发送的分组发送到另一个通信设备，其中多个通信 设置在每个基座中的装置并联连接在两个中继装置之间，设置在不同基座中的中继装置经由网络以环形方式彼此连接，并且设置在至少一个基座中的多个通信装置包括通信装置 属于不同的控制系统。

公开(公告)号：US20230367884A1

公开(公告)日：2023-11-16

申请号：US18030027

申请日：2021-10-12

Applicant: Hitachi, Ltd.

Inventor： Takashi OGURA ,  Junya FUJITA ,  Tsutomu YAMADA

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/034

Abstract: A method of generating an attack scenario by evaluating an attack strategy and a technique based on a characteristic of an attacker, a target system, and the like, and combining an attack strategy and a technique based on the evaluation. In a method of generating a cyber attack scenario including a combination of attack strategy/technique information configured by a plurality of attack strategies and attack techniques for realizing a threat to a target system, an attack strategy/technique evaluation unit 106 calculates an evaluation point for attack strategy/technique information, and an attack strategy/technique combination determination unit 107 generates a cyber attack scenario by combining the attack strategy/technique evaluation unit 106 based on the evaluation point.

公开(公告)号：US20180278254A1

公开(公告)日：2018-09-27

申请号：US15546694

申请日：2015-01-28

Applicant: Hitachi, Ltd.

Inventor： Teruaki SAKATA ,  Tsutomu YAMADA ,  Teppei HIROTSU

IPC: H03K19/177 ,  G06F11/10 ,  G11C29/52 ,  G01R31/317

Abstract: To realize control of a system for which a high level of safety is demanded by one SRAM-type FPGA, it is to eliminate a possibility that an undesirable control signal is output to the outside of the FPGA because of influence of failure by a soft error and the like and a problem. To solve this problem, there is provided a hard macro having fixed circuitry structure, programmable logic arranged via an interval close to the hard macro and having a changeable circuitry structure, and an I/F circuit which is provided inside the programmable logic and outputs a processing result in the programmable logic to the hard macro. It is a characteristic that the I/F circuit monitors soundness of the programmable logic and stops output of the processing result to be transmitted to the hard macro on the basis of a monitoring result.

公开(公告)号：US20160241247A1

公开(公告)日：2016-08-18

申请号：US15025821

申请日：2013-09-30

Applicant: HITACHI, LTD.

Inventor： Yusuke KANNO ,  Nobuyasu KANEKAWA ,  Kotaro SHIMAMURA ,  Tadanobu TOBA ,  Teppei HIROTSU ,  Tsutomu YAMADA

IPC: H03K19/177 ,  H03K19/21

CPC classification number: H03K19/17764 ,  H03K19/17728 ,  H03K19/1776 ,  H03K19/21

Abstract: An object of the present invention is to provide a high reliable/high safe programmable logic device with high error resistance. The present invention provides a programmable logic device that has a plurality of configuration memories. The configuration memories are divided into a plurality of areas and are arranged and a part of the plurality of areas is set to a high reliable area where reliability for a failure of the configuration memory is higher than reliability in the other area.

Abstract translation: 本发明的目的是提供一种具有高抗错误性的高可靠/高安全性的可编程逻辑器件。 本发明提供一种具有多个配置存储器的可编程逻辑器件。 配置存储器被分成多个区域并且被布置，并且多个区域的一部分被设置为高可靠性区域，其中配置存储器的故障的可靠性高于其他区域中的可靠性。

公开(公告)号：US20170094375A1

公开(公告)日：2017-03-30

申请号：US15182692

申请日：2016-06-15

Applicant: Hitachi, Ltd.

Inventor： Hiromichi YAMADA ,  Tsutomu YAMADA ,  Tatsuya MARUYAMA

IPC: H04Q3/56 ,  H04L12/815 ,  H04L12/741 ,  H04L29/06 ,  H04L12/931

CPC classification number: H04Q3/56 ,  H04L45/745 ,  H04L47/23 ,  H04L49/351 ,  H04L69/22 ,  H04Q2213/13322

Abstract: Provided are a communication processing device and a communication system, capable of securely updating a communication protocol process with a simple configuration and technique, while continuing communication. A communication processing device, which is connected to a communication network, includes a programmable logic device in which partial rewriting of a logic circuit is possible, during an operation of a host device in the communication network, in which the programmable logic device includes at least two communication processing circuits of which each performs a communication protocol process, and in which one communication processing circuit is operable due to switching, a first communication processing circuit performs communication, and a second communication processing circuit is on standby, updating means for downloading logic circuit data of an updated communication protocol process, from the communication network, and performing a circuit configuration for the second communication processing circuit, a flag that indicates whether or not the circuit configuration for the second communication processing circuit is finished, and by which a circuit configuration state is able to be read to the host device side through communication, and a register that is intended for switching to any one communication processing circuit to be used, and is writable from the host device side through communication.

公开(公告)号：US20140098706A1

公开(公告)日：2014-04-10

申请号：US14044895

申请日：2013-10-03

Applicant: Hitachi, Ltd.

Inventor： Tatsuya MARUYAMA ,  Tsutomu YAMADA ,  Mitsuyasu KIDO ,  Shoji YOSHIDA

IPC: H04J3/06

CPC classification number: H04J3/0638 ,  H04J3/0667 ,  H04L47/30

Abstract: Communication control equipment is connected to a plurality of communication control equipment via a network and is configured to be time-synchronized with the plurality of communication control equipment by using a time synchronization procedure using a communication including at least request packets and acknowledgement packets. The communication control equipment includes a receiving-interval measurement section configured to measure a receiving interval of request packets from the plurality of communication control equipment; and a queuing-occurrence determination section configured to detect conflict of the request packets from any of the plurality of communication control equipment on a basis of the receiving interval of the request packets measured by the receiving-interval measurement section. The communication control equipment is configured to determine whether to transmit an acknowledgement packet to the communication control equipment that has transmitted the request packets based on a detection result of the queuing-occurrence determination section.

Abstract translation: 通信控制设备经由网络连接到多个通信控制设备，并且被配置为通过使用至少包括请求分组和确认分组的通信的时间同步过程与多个通信控制设备进行时间同步。 通信控制设备包括接收间隔测量部分，被配置为测量来自多个通信控制设备的请求分组的接收间隔; 以及排队发生判定部，其基于由所述接收间隔测量部测量出的所述请求分组的接收间隔来检测来自所述多个通信控制设备中的任一个的所述请求分组的冲突。 通信控制设备被配置为基于排队发生确定部分的检测结果来确定是否向已发送请求分组的通信控制设备发送确认分组。

公开(公告)号：US20130212681A1

公开(公告)日：2013-08-15

申请号：US13767336

申请日：2013-02-14

Applicant: Hitachi, Ltd.

Inventor： Hiromichi ENDOH ,  Tsutomu YAMADA ,  Junya FUJITA ,  Satoshi OKUBO

IPC: H04L29/06

CPC classification number: H04L63/1416

Abstract: The objective of the present invention is to provide a security monitoring system and a security monitoring method which is capable of a quick operation when an unauthorized access, a malicious program, and the like are detected, while the normal operation of the control system is not interrupted by an erroneous detection. The security monitoring system 100 obtains communication packets in segments 3 which constitutes a control system 1, and extracts a communication packet which has a characteristic value different from a normal value among the obtained communication packets to generate communication event information 150. The security monitoring system 100 predicts a degree of influence on the control system 1 by the communication packet extracted as the communication event information 150 by verifying the communication event information 150 with event patterns which indicate characteristics of the unauthorized access and the like.

Abstract translation: 本发明的目的是提供一种安全监控系统和安全监控方法，当检测到未经授权的访问，恶意程序等时，能够快速操作，而控制系统的正常操作不是 被错误检测中断。 安全监视系统100获取构成控制系统1的段3中的通信分组，并且提取具有与所获得的通信分组中的正常值不同的特征值的通信分组，以生成通信事件信息150.安全监视系统100 通过用作为通信事件信息150提取的通​​信分组来检测对控制系统1的影响程度，通过用指示未授权访问等的特征的事件模式来验证通信事件信息150。

公开(公告)号：US20180113757A1

公开(公告)日：2018-04-26

申请号：US15737549

申请日：2015-06-22

Applicant: Hitachi, Ltd.

Inventor： Teruaki SAKATA ,  Tsutomu YAMADA

IPC: G06F11/08 ,  H03K19/177 ,  G01R31/3185

CPC classification number: G06F11/085 ,  B61L5/18 ,  G01R31/318519 ,  H03K19/173 ,  H03K19/17728 ,  H03K19/17744 ,  H03K19/1776 ,  H03K19/17776

Abstract: An object of the invention is to provide a field programmable gate array which is able to prevent an inappropriate value from being output to the outside of an FPGA even when an SRAM-based programmable logic portion is out of order and to secure safety of a system. The field programmable gate array of the invention includes a hard macro CPU in which a circuit structure is fixed, a programmable logic in which a circuit structure is changeable, a diagnosis circuit which diagnoses an abnormality of the programmable logic, and a fail-safe interface circuit which is able to control an external output from the programmable logic to a safe side, and the hard macro CPU outputs a fail-safe signal which is an output of a safe side to the fail-sate interface circuit when an error is detected by the diagnosis circuit.

公开(公告)号：US20160239662A1

公开(公告)日：2016-08-18

申请号：US15025591

申请日：2014-09-05

Applicant: HITACHI, LTD.

Inventor： Hiromichi ENDOH ,  Tsutomu YAMADA ,  Satoshi OHKUBO

IPC: G06F21/55

CPC classification number: G06F21/55 ,  G06F21/12 ,  G06F21/44 ,  G06F21/554 ,  H04L63/10

Abstract: Provided are a control system and an authentication device capable of detecting abnormality of a development device for distributing a control program and of preventing destruction and tampering of the program caused by the abnormality. To solve the above problem, there is provided: a control device that controls a controlled object; a development device that manages a plurality of control programs executed by the control device and sends the predetermined control program and information accompanying the control program to the network; and an authentication device having an authentication list storing the information accompanying the control program in association with the control program. Upon receiving the control program and the information accompanying the control program from the development device, the authentication device performs authentication whether or not the development device is normal by checking the accompanying information received from the development device with the information stored in the authentication list.

Abstract translation: 提供一种能够检测用于分发控制程序的显影装置的异常并且防止由异常引起的程序的破坏和篡改的认证装置。 为了解决上述问题，提供：控制受控对象的控制装置; 管理由控制装置执行的多个控制程序并将预定控制程序和伴随控制程序的信息发送到网络的显影装置; 以及具有与控制程序相关联地存储伴随控制程序的信息的认证列表的认证装置。 一旦从开发设备接收到控制程序和伴随控制程序的信息，认证设备通过使用存储在认证列表中的信息来检查从开发设备接收到的附带信息来进行认证，无论开发设备是否正常。

公开(公告)号：US20180165153A1

公开(公告)日：2018-06-14

申请号：US15317230

申请日：2014-06-18

Applicant: Hitachi, Ltd.

Inventor： Hiromichi YAMADA ,  Tsutomu YAMADA

IPC: G06F11/10 ,  G11C29/52 ,  G11C11/4076 ,  G11C11/409

CPC classification number: G06F11/1068 ,  G06F11/1048 ,  G06F11/18 ,  G06F12/16 ,  G11C11/4076 ,  G11C11/409 ,  G11C29/52 ,  G11C29/702 ,  G11C29/74 ,  G11C2029/0409 ,  G11C2029/0411

Abstract: Provided is an integrated circuit or the like capable of rapidly correcting erroneous data write and making contents of the RAMs that are in the multiple modular redundancy coincident in a case where a logic circuit performs the erroneous data write to the RAMs while operating logic circuits and RAMs at a high speed. In order to solve the problem, the integrated circuit including logic circuits and RAMs for which data write and data read are performed by the logic circuits includes a multiple modular redundancy logic circuits, a plurality of RAMs respectively connected to the multiple modular redundancy logic circuits, and a RAM access correction unit which compares access signals from the multiple modular redundancy logic circuit to the RAMs to detect an erroneous data write and corrects an error of the RAM.