Automate Know-How Protection at Scale
Siemens TIA Portal's Know-How Protection locks a block's source code behind a password. The block remains visible in the project tree (name, type, public interface), but its internal logic cannot be read, exported, or modified without the password. T-IA Connect lets you apply this protection programmatically via REST API, MCP tools for AI assistants, or the built-in Copilot - including batch protection for entire projects in seconds.
Prerequisites
- TIA Portal project open in T-IA Connect (V17, V18, V19 or V20)
- PLC blocks compiled without errors (required before protection)
- T-IA Connect server running (any edition)
Step 1: Identify Unprotected Blocks
List all blocks in your PLC device. Each block includes an isKnowHowProtected field showing its current protection status.
curl http://localhost:9000/api/devices/PLC_1/blocks \ -H "X-API-Key: your-api-key"
{
"Success": true,
"Data": [
{
"Name": "FB_Fill",
"Type": "FB",
"Number": 1,
"Language": "SCL",
"IsKnowHowProtected": false
},
{
"Name": "FB_Drain",
"Type": "FB",
"Number": 2,
"Language": "SCL",
"IsKnowHowProtected": false
},
{
"Name": "FC_Recipe_Manager",
"Type": "FC",
"Number": 10,
"Language": "SCL",
"IsKnowHowProtected": false
},
{
"Name": "FB_SafetyMonitor",
"Type": "FB",
"Number": 3,
"Language": "LAD",
"IsKnowHowProtected": true
}
]
}Step 2: Compile the Device
Blocks must be compiled before they can be protected. Compile the entire device to ensure all blocks are in a valid state.
curl -X POST http://localhost:9000/api/devices/PLC_1/actions/compile \ -H "X-API-Key: your-api-key"
{
"Success": true,
"Message": "Compilation completed.",
"Data": {
"Errors": 0,
"Warnings": 2
}
}Step 3: Apply Know-How Protection
Protect a block by providing the device name, block name, and a password. The password is passed securely and never stored by T-IA Connect.
curl -X POST http://localhost:9000/api/devices/PLC_1/blocks/FB_Fill/actions/protect \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"password": "MySecretPassword123"
}'{
"Success": true,
"Message": "Block 'FB_Fill' is now know-how protected.",
"Data": {
"BlockName": "FB_Fill",
"IsKnowHowProtected": true,
"IsProtectable": true
}
}Step 4: Verify Protection Status
Confirm protection was applied correctly by checking the block's detailed status. The response tells you if the block is protected and protectable.
curl http://localhost:9000/api/devices/PLC_1/blocks/FB_Fill/protection \ -H "X-API-Key: your-api-key"
{
"Success": true,
"Data": {
"BlockName": "FB_Fill",
"IsKnowHowProtected": true,
"IsProtectable": true,
"Reason": null
}
}Batch Protection
Protect dozens of blocks in a single API call. The batch endpoint uses best-effort processing and returns a detailed report for each block.
curl -X POST http://localhost:9000/api/devices/PLC_1/blocks/actions/protect-batch \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"blockNames": ["FB_Fill", "FB_Drain", "FC_Recipe_Manager", "DB_Config"],
"password": "MySecretPassword123"
}'{
"Success": true,
"Message": "3/4 blocks protected successfully.",
"Data": {
"TotalRequested": 4,
"Succeeded": 3,
"Failed": 1,
"Details": [
{ "BlockName": "FB_Fill", "IsKnowHowProtected": true, "Reason": null },
{ "BlockName": "FB_Drain", "IsKnowHowProtected": true, "Reason": null },
{ "BlockName": "FC_Recipe_Manager", "IsKnowHowProtected": true, "Reason": null },
{ "BlockName": "DB_Config", "IsKnowHowProtected": true, "Reason": "Already protected." }
]
}
}Know-How Protection is Siemens' native block protection mechanism. It has zero impact on PLC runtime performance. The password is never stored by T-IA Connect - it is passed as a SecureString to the Siemens Openness API and never logged.
Also Available via MCP & Copilot
The same protection features are available as MCP tools for AI assistants (Claude, Gemini, ChatGPT) and in the built-in Copilot. Tools: protect_block, unprotect_block, get_block_protection_status, protect_blocks (batch).