Overview

Control Expert provides a password mechanism to help guard against unauthorized access to the application.

Control Expert uses the password when you:

  • Open the application in Control Expert.

  • Connect to the PAC in Control Expert.

Application protection by a password helps prevent unwanted application modification, download, or opening of application files. The password is stored encrypted in the application.

In addition to the password protection you can encrypt the .STU, .STA and .ZEF files. The file encryption feature in Control Expert helps prevent modifications by any malicious person and reinforces protection against theft of intellectual property. The file encryption option is protected by a password mechanism.

NOTE: When a controller is managed as part of a system project, the application password and file encryption are disabled in Control Expert editor and need to be managed by using the Topology Manager.

Password Construction

The password construction is based on IEEE Standard 1686–2013 recommendations.

A password should contain at least 8 characters and should combine as a minimum one upper-case (A, B, C, …), one lower-case (a, b, c, …), one number, and one non–alphanumeric character (!, $, %, &, …).

NOTE: when exporting a project not encrypted to a .XEF or a .ZEF file, the application password is cleared.

New Project Creation

By default a project is not password protected and application files are not encrypted.

At project creation, the Security enforcement window allows you to:

  • protect your application by a password, or

  • protect your application by a password and apply encryption to your application files. Encryption is also protected by a password and we recommend to enter two different passwords.

If no password is entered, the application protection is disabled and encryption of application files is not possible. In this case, when you next open your Control Expert project, the Password dialog opens. To access your project, enter no password text, thereby accepting the empty string, and click OK. Thereafter, you can follow the steps set forth below to create a new application password and to enable file encryption option.

NOTE: It is possible to create or change an application password at any time.

Protecting your application with a password is mandatory for enabling file encryption option.

When file encryption option is enabled:

  • Changing the application password is allowed.

  • Clearing the application password is not allowed.

Creating an Application Password

Procedure for creating the application protection password:

Step

Action

1

In the project browser right-click Project.

2

Select Properties command from the popup menu.

Result: The Properties of Project window appears.

3

Select Project & Controller Protection tab.

4

In the Application field, click Change password ....

Result: The Modify Password window appears.

5

Enter the new password in the Entry field.

6

Enter the confirmation of the new password in the Confirmation field.

7

Click OK to confirm.

8

Click OK or Apply in the Properties of Project window to confirm all changes.

If you click Cancel in the Properties of Project window, all changes are canceled.

Changing the Application Password

Procedure for changing the application protection password:

Step

Action

1

In the project browser right-click Project.

2

Select Properties command from the popup menu.

Result: The Properties of Project window appears.

3

Select Project & Controller Protection tab.

4

In the Application field, click Change password ....

Result: The Modify Password window appears.

5

Enter previous password in the Old password field.

6

Enter the new password in the Entry field.

7

Enter the confirmation of the new password in the Confirmation field.

8

Click OK to confirm.

9

Click OK or Apply in the Properties of Project window to confirm all changes.

If you click Cancel in the Properties of Project window, all changes are canceled.

Deleting the Application Password

Clearing the application password is not allowed while file encryption is enabled.

Procedure for clearing the application protection password:

Step

Action

1

In the project browser right-click Project.

2

Select Properties command from the popup menu.

Result: The Properties of Project window appears.

3

Select Project & Controller Protection tab.

4

In the Application field, click Clear password....

Result: The Password window appears.

5

Enter the password in the Password field.

6

Click OK to confirm.

7

Click OK or Apply in the Properties of Project window to confirm all changes.

If you click Cancel in the Properties of Project window, all changes are canceled.

Auto-Lock Feature

There is an optional auto-lock feature that limits access to the Control Expert software programming tool after a configured time of inactivity. You can activate the auto-lock feature with the check box Auto-lock and select the time-out for the time of inactivity via Minutes before lock .

The default values are:

  • Auto-lock is not activated

  • Minutes before lock is set to 10 minutes (possible values: 1...999 minutes)

If the auto-lock feature is enabled and the configured inactivity time elapses, a modal dialog box is displayed requiring the entry of the application password. Behind the modal dialog box, all opened editors remain open in the same position. As a result, anybody can read the current content of the Control Expert windows but cannot continue to work with Control Expert.

NOTE: If you have not assigned a password to the project, the modal dialog box is not displayed.

Password Request Condition

Open an existing application (project) in Control Expert:

Password Management

When an application file is opened, an Application Password dialog box opens.

Enter the password.

Click OK.

If the password is correct, the application opens.

If the password is wrong, a message box indicates an incorrect password was entered, and a new Application Password dialog box opens.

If you click Cancel, the application is not opened

Accessing the application in Control Expert after an auto-lock, when Control Expert is not connected to the PAC or when the project in Control Expert is EQUAL to the project in the PAC:

Password Management

When auto-lock time is elapsed, an Application Password dialog box opens:

Enter the password.

Click OK.

If the password is correct, Control Expert becomes active again.

If the password is wrong, a message box indicates an incorrect password was entered, and a new Application Password dialog box opens.

If you click Close, the application is closed without being saved.

Accessing the application in the PAC after an auto-lock, when Control Expert is connected to the PAC and the application in Control Expert is DIFFERENT from the application in the PAC:

Password Management

On connection, if Control Expert software application and the CPU application are not equal, an Application Password dialog box opens:

Enter the password.

Click OK.

If the password is correct, the connection is established.

If the password is wrong, a message box indicates an incorrect password was entered, and a new Application Password dialog box opens.

If you click Cancel, the connection is not established.
NOTE: On connection, if Control Expert software application and the CPU applications are equal, there is no password request. If no password has been initially entered (left empty on project creation), click OK to establish the connection on password prompt.
NOTE: After three attempts with a wrong password, you will have to wait an increasing amount of time between each subsequent password attempt. The wait period increases from 15 seconds to 1 hour, with the wait increment increasing by a factor of 2 after each successive attempt with a wrong password.
NOTE: In case of password loss, refer to the procedure describes in chapter Loss of Password.

Enabling File Encryption Option

NOTE: You need to protect your project with an application password before enabling the file encryption option.

Procedure for enabling the file encryption option:

Step

Action

1

In the project browser right-click Project.

2

Select Properties command from the popup menu.

Result: The Properties of Project window appears.

3

Select Project & Controller Protection tab.

4

Select File encryption active check-box.

Result: The Create Password window appears.

5

Enter the password in the Entry field.

6

Enter the confirmation of the password in the Confirmation field.

7

Click OK to confirm.

8

Click OK or Apply in the Properties of Project window to confirm all changes.

If you click Cancel in the Properties of Project window, all changes are canceled.

Disabling File Encryption Option

Procedure for disabling the file encryption option:

Step

Action

1

In the project browser right-click Project.

2

Select Properties command from the popup menu.

Result: The Properties of Project window appears.

3

Select Project & Controller Protection tab.

4

De-select File encryption active check-box.

Result: The File Encryption Password window appears.

5

Enter the password and click OK to confirm.

NOTE: Application is no longer secured.

6

Click OK or Apply in the Properties of Project window to confirm all changes.

If you click Cancel in the Properties of Project window, all changes are canceled.

Changing the File Encryption Password

Procedure for changing the file encryption password:

Step

Action

1

In the project browser right-click Project.

2

Select Properties command from the popup menu.

Result: The Properties of Project window appears.

3

Select Project & Controller Protection tab.

4

In the File encryption field, click Change password ....

Result: The Modify Password window appears.

5

Enter previous password in the Old password field.

6

Enter the new password in the Entry field.

7

Enter the confirmation of the new password in the Confirmation field.

8

Click OK to confirm.

9

Click OK or Apply in the Properties of Project window to confirm all changes.

If you click Cancel in the Properties of Project window, all changes are canceled.

Clearing the File Encryption Password

Procedure for clearing the file encryption password:

Step

Action

1

In the project browser right-click Project.

2

Select Properties command from the popup menu.

Result: The Properties of Project window appears.

3

Select Project & Controller Protection tab.

4

In the File encryption field, click Clear password....

Result: The Password window appears.

5

Enter the password in the Password field.

6

Click OK to confirm.

7

Click OK or Apply in the Properties of Project window to confirm all changes.

If you click Cancel in the Properties of Project window, all changes are canceled.
NOTE: In case of file encryption password loss, refer to the procedure describes in chapter Loss of Password.

Compatibility Rules

Encrypted application files (.STA, and .ZEF) can not be opened in Control Expert 15.0 Classic or earlier versions and encrypted files (.ZEF) cannot be imported in Control Expert with Topology Manager.

The compatibility rules between application version and Control Expert/Unity Pro version apply to .ZEF files exported without encryption option.

NOTE: When file encryption option in your project is enabled, archived application files (.STA) can not be saved without encryption.