The global orientation of today's machine manufacturers with worldwide located customers/machine operators requires being able to perform maintenance, fault diagnosis and also repairs of the machines and machine controllers not only directly on site, but more and more frequently by remote access.
Machine controllers are electronic data processing apparatuses, for example an industrial PC, on which are often installed conventional operating systems and software for intervention in the machine. Such machine controllers are exposed to comparable risks as conventional electronic data processing apparatuses, for example by malicious software such as computer viruses or worms, stealth software (e.g. “rootkits”) and software allowing unauthorized access to the system (e.g. “Trojan horses”). Moreover, such machine controllers are subject to comparable maintenance requirements as conventional electronic data processing devices, e.g., the necessity of installing system updates, of evaluating and testing software functionality and of general software installations.
Besides the direct dial-in formerly commonly used for the remote maintenance from a service computer via an analog modem or an ISDN connection to the machine, modern communication technologies occur primarily through so-called virtual private networks (VPN), which allow encrypted remote access via wide area networks such as the Internet.
It is problematic that such communication links cause high and error-prone configuration effort, which themselves can already constitute the cause of fault and therefore can impede remedy of the fault by means of remote maintenance. Moreover, there is the risk that malicious software is transmitted from the service computer to the machine controller or from the machine controller to the service computer in case of maintenance in such systems.
EP 1 715 395 A1 discloses a system and a method for remote communication between a service computer and a machine controller. FIG. 1 shows a previously known remote communication system 1 that includes a central computer 5 protected to the outside by a firewall 6. A communication link 8 is established from the central computer 5 to a machine controller 3. A service computer 2 is not directly connected to the machine controller 3, but the connection of the service computer 2 is effected via the central computer 5, which is connected to the service computer 2 via a communication link 9. By means of remote desktop protocols such as RDP, it is accessed to the central computer 5 from the service computer 2, and to the machine controller 3 via it by means of remote desktop protocols such as RDP. If these communication links are available, maintenance works can be performed on the machine controller 3 via the service computer 2 or the central computer 5. In contrast, if the communication links are not available, a case of fault, in particular a faulty configuration of the communication link on the part of the machine controller, is not remediable or with difficultly remotely remediable in many cases.
Since even with available communication links in the above described system, exclusively desktop data such as image data, keyboard input data and mouse operation data are transmitted, capability of mutually compromising the involved systems by malicious software is reduced. The described system is especially conceived to the effect that data transmission of a file or other data between machine controller 3 and central computer 5 or service computer 2 is not required or even possible.
Therefore, it is problematic that direct data access from the central computer 5 or the service computer 2 to data of the machine controller is not possible or only possible with high effort and using additional protocols and communication links for data transmission, the use of which in turn can increase the compromising risk.