application description 10/2014 user login with rfid … · application description 10/2014 user...
TRANSCRIPT
http://support.automation.siemens.com/WW/view/en/99808171
Application Description 10/2014
User Login with RFID Card Reader Basic Panels / Comfort Panels / WinCC V13
Warranty and Liability
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 2
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
Warranty and Liability
Note The Application Examples are not binding and do not claim to be complete regarding the circuits shown, equipping and any eventuality. The Application Examples do not represent customer-specific solutions. They are only intended to provide support for typical applications. You are responsible for ensuring that the described products are used correctly. These Application Examples do not relieve you of the responsibility to use safe practices in application, installation, operation and maintenance. When using these Application Examples, you recognize that we cannot be made liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these Application Examples at any time without prior notice. If there are any deviations between the recommendations provided in these Application Examples and other Siemens publications – e.g. Catalogs – the contents of the other documents have priority.
We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of the examples, information, programs, engineering and performance data etc., described in this Application Example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of a condition which goes to the root of the contract (“wesentliche Vertragspflichten”). The damages for a breach of a substantial contractual obligation are, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change of the burden of proof to your detriment. Any form of duplication or distribution of these Application Examples or excerpts hereof is prohibited without the expressed consent of Siemens Industry Sector.
Security informa-tion
Siemens provides products and solutions with industrial security functions that support the secure operation of plants, solutions, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens’ products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates.
For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit http://www.siemens.com/industrialsecurity.
To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit https://support.industry.siemens.com.
Table of Contents
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 3
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
Table of Contents Warranty and Liability ................................................................................................. 2
1 Task ..................................................................................................................... 4 2 Solution............................................................................................................... 5
2.1 Overview............................................................................................... 5 2.2 Hardware and software components ................................................... 6 2.2.1 Validity .................................................................................................. 6 2.2.2 Components used ................................................................................ 6 2.3 Alternative hardware configurations ..................................................... 8 2.3.1 RFID Reader with communication module (RF120C) direct on
S7-1200 ................................................................................................ 8 2.3.2 Integrating RFID reader via IO Link (ET200) ....................................... 9
3 Basics ............................................................................................................... 10
4 Configuration and Settings............................................................................. 11
4.1 Hardware configuration ...................................................................... 11 4.2 Configuring S7 blocks ........................................................................ 12 4.3 Creating UID string in the control program ......................................... 17 4.4 Configuring user login in WinCC ........................................................ 18 4.5 Adding user for WinCC configuration ................................................. 20
5 Installation and Commissioning .................................................................... 22
5.1 Installing the hardware ....................................................................... 22 5.2 Commissioning ................................................................................... 23
6 Operating the Application ............................................................................... 24
6.1 Overview............................................................................................. 24 6.2 Reading out transponder UID ............................................................ 25 6.3 Log in with UID ................................................................................... 26
7 Further Notes, Tips & Tricks, etc. .................................................................. 27
7.1 Adding “Ident Profile” library in the TIA Portal .................................... 27 8 References ....................................................................................................... 29
9 History............................................................................................................... 29
1 Task
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 4
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
1 Task Introduction
A plant with different plant components is to be operated and configured using one or several SIMATIC HMI Panels. Different user authorizations are required, depending on whether a user operates, maintains or configures the plant. So far, the user logged on to the operator panel by manually entering the user name and the corresponding password. This type of login is now to be realized by a wireless “card reading system”. There are no particular requirements to the data security. The required information for the authentication of the user (authorization level) is not to be stored locally on the RFID card but on the HMI device. The authentication is to be carried out based on a user ID, which is to be saved on the card.
Overview of the automation task The figure below provides an overview of the automation task. Figure 1-1
Logging on„User 3“
User 2
User 3
User 4
User n
2 Solution 2.1 Overview
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 5
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
2 Solution 2.1 Overview
Schematic layout The figure below shows a schematic overview of the most important components of the solution: Figure 2-1
S7 CPU HMI Panel Comm. module
RFID Reader
Structure The S7-1500 CPU, the operator panel and the RFID card reader are to be connected with each other with Profinet or Profibus. This makes the use of the reader possible, irrespective from the place of installation of the SIMATIC CPU. (This means the controller can also be located in a different control cabinet or part of the building.)
Advantages The solution presented here, offers you the following advantages: • A user login via RFID facilitates the login process, since the user does not
have to enter name or password first. • Logins of this type are normally always unique, free from incorrect entries and
(depending on application), and unique throughout the system (meaning no login data is used several times).
Delimitation This application does not contain a description of the installation of the SIMATIC TIA Portal software. Basic knowledge of this subject is assumed.
2 Solution 2.2 Hardware and software components
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 6
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
2.2 Hardware and software components
2.2.1 Validity
This application is valid for • STEP 7 TIA Portal as of V13 • WinCC Advanced/ Comfort as of V13 • S7-1200 • S7-1500 • SIMATIC Comfort Panel • SIMATIC Basic Panels
2.2.2 Components used
The application was created with the following components:
Hardware components Table 2-1
Component No. Article number Note
S7-1500 controller CPU 1516-3 PN/DP
1 6ES7 516-3AN00-0AB0
Comfort Panel TP700 Comfort
1 6AV2 124-0GC01-0AX0 or Basic Panel 700
Communication module RF180C
1 6GT2 002-0JD00
RF180C connection block
1 6GT2 002-1JD00
RFID reader RF260R
1 6GT2 821-6AC10
Transponder MDS D200 (RFID card)
n 6GT2 600-1AD00-0AX0 Depending on the number of users.
Note In addition, suitable power supplies and connecting cables are also required.
See SIMATIC RF Configuration Guide. \3\
Note The readers “RF210R” or “RF220R” are suitable for the installation in a control cabinet. Due to their mechanical structure they are more suitable for an installation. This has no impact on the basic approach.
2 Solution 2.2 Hardware and software components
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 7
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
Software components Table 2-2
Component No. Article number Note
WinCC Comfort V13 1 6AV210.-....3-0 Characteristic depending on the desired variant.
STEP 7 TIA Portal V13
1 6ES7822-1..03-.. Characteristic depending on the desired variant.
Example files and projects The following list includes all files and projects that are used in this example. Table 2-3
Component Note
99808171_UserLogin_RFID_projects.zip This zipped file includes a STEP 7 project with a Basic Panel and a STEP 7 project with a Comfort Panel.
99808171_UserLogin_RFID_en.pdf This document.
2 Solution 2.3 Alternative hardware configurations
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 8
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
2.3 Alternative hardware configurations
Here, other options with alternative hardware configurations are introduced.
2.3.1 RFID Reader with communication module (RF120C) direct on S7-1200
Figure 2-2
Advantage • Lower hardware costs
Disadvantage • Depending on the location of the CPU • Increased cabling effort, if the CPU is not near
2 Solution 2.3 Alternative hardware configurations
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 9
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
2.3.2 Integrating RFID reader via IO Link (ET200)
Figure 2-3
Advantage
• Independence from CPU location • If a distributed I/O is available, no further hardware cost
Disadvantage
• Possibly increased cabling effort, if the CPU is not near the IO Link module
Neutral
• The effort for cabling dependents on the location of the ET200.
Note The hardware configurations mentioned were realized with just one RFID reader as an example. The modules mentioned always support the connection of several RFID readers.
This means, that if several readers are planned in a plant, additional modules may not be required.
For the realisation with an ET200 + link IO it is necessary to use another RFID reader and other blocks. These are not performed in the application example.
3 Basics
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 10
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
3 Basics Transponder data (RFID card)
Data can be stored in the user memory of the transponder. In addition, each transponder has an UID. (UID = unique identification)
Data in the user memory as basis for the user login The data in the user memory can also be changed with products of third party vendors, i.e. processed and copied. This would make simple manipulation possible. It is advisable to use the UID for the user login.
UID as basis for the user login The UID includes the manufacturer code and serial number of the manufacturer and is therefore globally unique. Manipulation requires special hardware and the respective special knowledge. This guarantees a certain basic security.
Note Since both memory areas exist parallel, there is also the option in this application to additionally store process values on the transponder. The further course of this entry now describes the use of the UID.
4 Configuration and Settings 4.1 Hardware configuration
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 11
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
4 Configuration and Settings 4.1 Hardware configuration
Table 4-1
No. 1 Action
1. Download the project into your CPU. The most important steps are explained below.
2. Set the following values in "Device view > Properties > Module parameters" of the RF180C module.
Note Information on the configuration of the communication module can be found in entry 88779859. \4\
3. In the device view you find the input address and the hardware identifier. Note down the selected data. (You will need them in the step Configuring S7 blocks.)
4 Configuration and Settings 4.2 Configuring S7 blocks
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 12
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
4.2 Configuring S7 blocks
For the application to work correctly, the respective parameters have to be transferred to the hardware.
Note Detailed information on the configuration of the Ident blocks can be found in entry 77485950. \6\
Table 4-2
No. Action
4. For this purpose, created a "HW_CONNECT_VAR" tag in a data block. You have already added the "HW_CONNECT_VAR" data type from the library.
5. Enter die following parameters (suitable to your hardware used from step 1).
The LADDR number is always the IO address and the CM_Channel number is the channel number (1 or 2) to which the reader is connected.
4 Configuration and Settings 4.2 Configuring S7 blocks
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 13
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
No. Action
6. Make sure that the reader is correctly installed. • This is achieved via a reset during the CPU startup (OB100/ startup OB). OB100
For this purpose, the respective block in the library has to be called.
4 Configuration and Settings 4.2 Configuring S7 blocks
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 14
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
No. Action
7. Reset the error during initialization, if the CPU is switched on by the reader. OB1
Note The status LED of the reader lights up continuously. (A flashing status LED indicates an incorrect initialization.)
4 Configuration and Settings 4.2 Configuring S7 blocks
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 15
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
Figure 4-1
No. Action
8. Read the UID with the read block. (The block is already added to your project.)
• Assign the physical address on the transponder, as of which it is read in the
ADR_TAG. This is necessary for using the UID. (Further information on addressing can be found in entry 77485950 from page 40.) The UID is always read from address FFF0. Independent from which transponder (in accordance to ISO 15693) is used.
• Define the length of the data to be read at the LEN_Data parameter. Eight bytes are sufficient. The length of the UID is always 8 byte, independent from which transponder (in accordance to ISO 15693) is used. Note The execution of a read process in this example is by evaluating “PRESENCE” on the “Read” block:
4 Configuration and Settings 4.2 Configuring S7 blocks
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 16
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
No. Action When a transponder is detected, the output changes its value. This edge can be used for starting the read process.
• The read out UID is then provided in the instance DB (DB3) of the “Read” block.
• At this point, the evaluation des RFID transponders is completed.
Note You can now continue with the processing of the data for the use in HMI.
In principle, you can actually transfer the UID in this form to the panel and convert it into a string in the panel via VBscript. However, this would restrict this example to the operator panels that also support scripts.
In order to be able to use a user login via RFID also on a Basic Panel, the UID string has to be created in the control program.
4 Configuration and Settings 4.3 Creating UID string in the control program
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 17
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
4.3 Creating UID string in the control program The HTA function, for example, offers itself for this (convert hexadecimal number to ASCII string). Subsequently, the strings can be summarized via CONCAT. In the following figure below you can see a program excerpt with the first two hexadecimal numbers. Figure 4-2
Since the temporary string still includes incomplete data during processing, it is moved to a second string after completing the summary. Only this should then be transferred to the operator panel. Figure 4-3
A trigger is also needed so that the HMI panel knows when a new string is available or a new user is to be logged in. The DONE output of the “Read” block offers itself for this.
4 Configuration and Settings 4.4 Configuring user login in WinCC
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 18
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
Note In order to be able to work on the operator panel with the “On exceeding” function, not only a bit should be set but a decimal value >1 should be used.
Note Through the AND operation used here, the trigger can be disabled from the panel if need be. This makes sense, for example, when you only want to read out the UID without logging in a user.
This is where the STEP 7 part of the programming ends.
Note In the example project there are further functions that can be used for expanding the project. For example for writing on a transponder and for reading this data. A RESET was also build in, that can be triggered from the HMI panel and which is used to reset an animation for the read status of the transponder.
4.4 Configuring user login in WinCC
Tags required in the operator panel
Note The description is restricted to the most important aspects. Some tags or animations were added for better understanding and are not mandatory in a real application.
In principle, it is actually only two tags from the controller that are also required in the HMI. • Trigger (Tag name: “HMI_Data_DB_Trigger_Login”) • UID (Tag name “HMI_Data_DB_UID_String”) The trigger, for the operator panel to know when a new user is to be logged in and the string, that includes the UID or (from the view of WinCC) the user password. All other tags have been created for the use of the example application.
4 Configuration and Settings 4.4 Configuring user login in WinCC
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 19
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
Configuration steps in WinCC Table 4-3
No. Action
1. Enable the “Logon only with password” function in the runtime settings of the operator panel.
2. • Configure the “Logon” function on the “On exceeding” function of the trigger
tag. • Transfer the string with the UID as parameter and a “Dummy” (for the user
name not required). • Reset the value of the trigger tag back to “0” with the second function.
3. Define “1” as upper limit value.
4. Change the type of acquisition of the two tags to “Cyclic continuous”. (Thus, the
tags are continuously read even without the use in an image.)
This completes the configuration for the user login with RFID.
4 Configuration and Settings 4.5 Adding user for WinCC configuration
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 20
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
4.5 Adding user for WinCC configuration
UIDs of the transponder unknown The UIDs of the transponder for login on the operator panel are unknown at first. However, they have to be stored in the configuration.
Reading out the transponder UIDs Table 4-4
No. Action
1. Create a watch table to be able to read out the UIDs and display the string of the read UID.
2. Assign the read out UID to a user in the “password” column via the user
administration on the panel or the user administration in WinCC TIA Portal.
Thus, a user is successfully configured for the login with this transponder.
Note An alternative approach to the watch table, is to use the operator panel to read out the UID. See also chapter “Operating the Application”.
4 Configuration and Settings 4.5 Adding user for WinCC configuration
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 21
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
Note Further information on user administration Detailed information on creating and managing users, as well as exporting and importing passwords, can be found in the help of the WinCC TIA Portal. “Manual WinCC -> Visualizing processes (advanced) > Configuring user administration > Building up and structuring user administration > Administering users in Runtime“
An alternative to the user administration is described in WinCC in entry 57251548,
Archiving or central administration of users For archiving or the central administration of users, you can work with libraries.
For this purpose, create a new global library and drag the desired users into it via drag & drop.
Now you can also change these users with a different engineering PC, edit them if required and insert back into the current project.
Exchanging users via the HTML A further possibility is the exchange of users via the HTML pages of the operator panel (as of Comfort Panel).
5 Installation and Commissioning 5.1 Installing the hardware
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 22
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
5 Installation and Commissioning 5.1 Installing the hardware
The figure below shows the hardware setup of the application. Figure 5-1
S7 CPU HMI Panel Comm. module
RFID Reader
Note In order to use this example project correctly, it is necessary to switch on the RFID reader before the CPU. If the RFID reader has been switched off in the meantime, you can reinitialize it with a positive edge on the “Reset_RFID200.EXECUTE” input.
5 Installation and Commissioning 5.2 Commissioning
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 23
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
5.2 Commissioning
Table 5-1
Process Description
1. Downloading project Download the “99808171_RFID_Comfort_Panel_V13.zap13” project archive
2. Retrieving the project Open the SIMATIC TIA Portal and retrieve the “99808171_RFID_Comfort_Panel_V13.zap13” project archive included
3. Adjusting devices Open the “Device configuration” and, if required, exchange the S7-1516-3 PN/DP and the SIMATIC Comfort Panel TP1200 with your hardware used.
4. Loading devices Download the respective program to the CPU and the Comfort Panel.
6 Operating the Application 6.1 Overview
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 24
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
6 Operating the Application 6.1 Overview
Figure 6-1
6 Operating the Application 6.2 Reading out transponder UID
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 25
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
6.2 Reading out transponder UID Figure 6-2
By setting the switch to “Reading”, you can read out the UID of any transponder (card). Hold the transponder/card to the RFID reader to read out the UID. This is now displayed in the RFID reader as string.
6 Operating the Application 6.3 Log in with UID
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 26
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
6.3 Log in with UID
Figure 6-3
By setting the switch to “Log In”, you can login with the help of the transponder UID (card). For this purpose, it is required that the transponder UID is assigned to a user of the user administration. See chapter Configuring user login in WinCC Hold the transponder/card to the RFID reader to log in. This is now displayed in the RFID reader as string and the logged on user name can be seen under user.
7 Further Notes, Tips & Tricks, etc.
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 27
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
7 Further Notes, Tips & Tricks, etc. 7.1 Adding “Ident Profile” library in the TIA Portal
Table 7-1
No. Action
1. Load the Ident Profile library from entry 109476945 for the TIA Portal and include it in your project as global library. \5\
2. Select the S7-1500 object described below and copy the objects into your project:
• S7-1500 program blocks • PLC tags • PLC data types Note The “Write” block is only needed when you also want to write data onto the transponder.
7 Further Notes, Tips & Tricks, etc.
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 28
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
No. Action
Then compile the S7-1500.
8 References
Benutzeranmeldung am Bediengerät via RFID Entry-ID: 99808171, 10, 10/2014 29
S
iem
ens
AG C
opyr
ight
201
4 Al
l rig
hts
rese
rved
8 References Table 8-1
Topic Title
\1\ Siemens Industry Online Support
https://support.industry.siemens.com
\2\ Download page of the entry
https://support.industry.siemens.com/cs/ww/en/view/99808171
\3\ SIMATIC RF Configuration Guide
https://support.industry.siemens.com/cs/ww/en/view/67384964
\4\ Configuring the communication module
How do you configure the module parameters and address the HW_CONNECT variable to connect the RF180C/ ASM456 to the S7-1200/ S7-1500 CPU with the "Ident Instructions" block library? https://support.industry.siemens.com/cs/ww/en/view/88779859
\5\ Ident Profile Library for the TIA Portal
https://support.industry.siemens.com/cs/ww/en/view/109476945
\6\ Manual SIMATIC Ident RFID systems Communications module RF120C with application blocks for S7-1200 and S7-1500 https://support.industry.siemens.com/cs/ww/en/view/77485950
\7\ FAQ How do you create a protected service site in WinCC (TIA Portal) without using user administration? https://support.industry.siemens.com/cs/ww/en/view/57251548
9 History Table 9-1
Version Date Modifications
V1.0 10/2014 First version