Tutorials

IP Protection & Know-How Security

Encrypt and protect your PLC code blocks to prevent reverse engineering and intellectual property theft.

T
T-IA Connect Team
10 min read
Updated Mar 12, 2026

Beyond Native Know-How Protection

TIA Portal's built-in Know-How Protection is a first line of defense, but it can be bypassed by specialized tools. For OEMs delivering machines with years of embedded R&D, T-IA Connect offers banking-grade RSA4096 encryption and advanced obfuscation that makes your logic truly unreadable.

Prerequisites

  • Open TIA Portal project with SCL blocks
  • Active T-IA Connect server (Professional edition)
  • Blocks compiled without errors

Step 1: Analyze Exposed Blocks

Start by identifying which blocks in your project are currently unprotected. The API returns the protection status of each block.

curl — GET /api/blocks
curl http://localhost:9000/api/blocks
Response
{
  "blocks": [
    {
      "name": "FB_Fill",
      "type": "FunctionBlock",
      "language": "SCL",
      "knowHowProtected": false,
      "size": 2048
    },
    {
      "name": "FB_Drain",
      "type": "FunctionBlock",
      "language": "SCL",
      "knowHowProtected": false,
      "size": 1536
    },
    {
      "name": "FB_SafetyMonitor",
      "type": "FunctionBlock",
      "language": "SCL",
      "knowHowProtected": true,
      "size": 4096
    }
  ],
  "total": 3,
  "unprotected": 2
}

Step 2: Apply RSA4096 Encryption

Protect your critical blocks with RSA4096 encryption and advanced obfuscation. Protection is applied at the source code level while maintaining 100% functional execution.

curl — POST /api/blocks/protect
curl -X POST http://localhost:9000/api/blocks/protect \
  -H "Content-Type: application/json" \
  -d '{
    "blockName": "FB_Fill",
    "level": "maximum",
    "obfuscate": true
  }'
Response
{
  "success": true,
  "block": "FB_Fill",
  "protection": {
    "encrypted": true,
    "algorithm": "RSA4096",
    "obfuscated": true,
    "level": "maximum",
    "appliedAt": "2026-03-12T14:32:01.000Z"
  }
}

Step 3: Verify Protection Status

Confirm that protection has been correctly applied by querying the detailed block status.

curl — GET /api/blocks/FB_Fill/protection
curl http://localhost:9000/api/blocks/FB_Fill/protection
Response
{
  "block": "FB_Fill",
  "protection": {
    "encrypted": true,
    "algorithm": "RSA4096",
    "keyLength": 4096,
    "obfuscated": true,
    "level": "maximum",
    "appliedAt": "2026-03-12T14:32:01.000Z",
    "fingerprint": "a3:f2:9b:...:c8:41"
  },
  "reverseEngineering": {
    "readable": false,
    "decompilable": false,
    "estimatedBreakTime": "> 10^15 years"
  }
}

Protection is applied at compile time and has zero impact on PLC runtime performance. The code remains 100% functional.

Your Know-How Is Your Capital

Don't leave your years of R&D exposed to reverse engineering. Protect every critical block with banking-grade encryption.

Download T-IA Connect Professional to access IP protection features.