JP2001016273A - Monitor for automatic unit, automatic unit and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To secure the security while reducing the running cost of a communication channel. SOLUTION: In a system where an automatic unit 8 and a monitor 2 for an automatic unit are interconnected via a meter rate charging packet exchange network 6, communication is made by using a transmission control protocol/ Internet protocol TCP/IP protocol text to monitor the automatic unit 8, a gateway means 24A is connected to the monitor 2 and the gateway means 24A is provided with a means that deletes a TCP/IP protocol control text in a text received from the monitor 2 and transmits the resulting text to the automatic unit 8 when the gateway 24A receives the text from the monitor 2, a means that adds a control text of the TCP/IP protocol to the text received from the automatic unit 8 and transmits the resulting text to the monitor 2 in the case of receiving the text and a firewall means that checks the text and interrupts other texts than the text for the purpose of automatic monitoring in the case of receiving the text.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an ATM (Autmatic Tellers Machine) which is installed in a store such as a financial institution and performs a deposit and withdrawal transaction and a CD (Cash Dispenser) which performs a withdrawal transaction based on an operation of an operator such as a customer. ), An automatic machine such as a bookkeeping machine and an automatic contract machine for recording transaction information in a passbook, and an automatic machine monitoring device for monitoring and controlling the automatic machine via a public network having a packet switching network (pay-as-you-go billing). The automatic machine monitoring device communicates with the automatic machine by using a TCP / IP protocol message, and is used in a remote monitoring and control system for monitoring and controlling the automatic machine.
And a recording medium.

In recent years, the automatic machines are operated 24 hours a day due to intensified competition of financial institutions, and the automatic machines are remotely and centrally monitored by services other than business hours, and cooperative services with completely unmanned stores and convenience stores. Requirements are increasing, and there is a great demand for reducing running costs by monitoring and controlling automatic machines. In addition, there is an increasing need for outsourcing (outsourcing of business) for automatic machine monitoring as a means of reducing monitoring costs, and it is necessary to satisfy these demands.

[0003]

2. Description of the Related Art A conventional example will be described below.

§1: Explanation of terms The terms or abbreviations described below are as follows.

(1): X. 25 is an ITU-T recommendation that defines a DTE / DCE interface of a packet mode terminal connected to a packet switching network. It has a three-layer structure corresponding to the three lowest layers of the OSI basic reference model. Level 1 is the physical layer. Apply 21. Level 2 is a data link layer to which HDLC is applied. Level 3 is a packet layer, which defines a protocol for connection-type packet communication. Although there are many types of ITU recommendations related to packet switching, 25 is a typical recommendation.

(2): TCP / IP (Transmission Control)
ol Protocol / Internet Protocol) is a group of protocols developed for the U.S. Department of Defense's ARPANET (network linking laboratories for military purposes) and is currently widely used on the Internet.

(3): INS-P (Information Network)
System-Packet) is a packet switching service of an advanced information communication system.

(4): LAPB (Link Access Procedure-
X. Balanced) is an ITU-T recommendation X.1 which defines "an interface between a data terminal equipment (DTE) and a data circuit-terminating equipment (DCE) for a terminal operating in a packet mode in a public data network". 25.

(5): LAPD (Link Access Procedure)
on the D channel) is a link access procedure on the D channel of the INS, which is defined in ITU-T Recommendation I. 440 and I.P. 4
41.

§2: Description of the system: FIG. 10, FIG.
FIG. 10 is an explanatory diagram (part 1) of a conventional example, and shows a system configuration. FIG. 11 is an explanatory view (part 2) of the conventional example, and shows a detailed configuration of the monitoring center and the automatic machine shown in FIG.

Conventionally, automatic machines 8 have been installed in stores (business offices 7) of banks and other financial institutions, and customers use these automatic machines 8 to make transactions. . In a normal case, a plurality of automatic machines 8 (# 1, # 2,
# 3, etc.), and each of these automatic machines 8 is connected to the automatic machine monitoring device 2 in the remote monitoring center 1 via a public network having a packet switching network 6 (pay-as-you-go). The remote monitoring control is performed by the automatic machine monitoring device 2.

The automatic machine 8 is connected to a host computer (bill-based computer) 4 in a remote computer center via a public network having a packet switching network 6. In this case, a ledger file 5 is provided in the host computer 4, and at the time of a transaction, a transaction is performed based on the data of the ledger file 5. Hereinafter, this will be described in detail with reference to FIG.

As shown in FIG. 11, the automatic equipment monitoring apparatus 2 in the monitoring center 1 has a CPU 11 for performing various controls or processes in the automatic equipment monitoring apparatus 2, a ROM 12 for storing various data, a CPU 11 , A hard disk drive (HDD) 14 for storing programs and various data, and a communication control unit 1 for performing communication control when communicating with an automatic machine 8 at a remote place.
5 and the like, and the communication control unit 15 includes a TCP / I
A TCP / IP communication control unit 22 for controlling communication of a P message is provided.

The communication control unit 15 includes the monitoring center 1
Is connected to the router 17. X.25 which performs communication control of X.25 25 A communication control unit 28 is provided. The hard disk device 14 has an automatic machine 8
A program for performing remote monitoring and control of the automatic machine 8 is stored and read and executed by the CPU 11 to perform remote monitoring and control of the automatic machine 8.

On the other hand, X.X. Router 17 having communication control unit 28 and TCP / IP communication control unit 2
2 and an automatic machine main controller 31 for performing various controls in the automatic machine 8
Etc. are provided. The router 17 of the automatic machine 8
And the router 17 in the monitoring center 1 are connected to each other via a packet switching network 6 (INS-P packet switching network, X.25).

§3: Description of processing ... see FIG. 12 FIG. 12 is an explanatory diagram of conventional processing. Hereinafter, a conventional process will be described with reference to FIG. In FIG. 12, E
H is an Ethernet (registered trademark) header (Ethern)
et (registered trademark) Header), IH is an IP header (IP Header), TH is a TCP header (TCP Header),
LH is LAPB header (LAPB Header) or LAPD
Header (LAPD Header), NH is X. 25 header (X.25
Header).

When the automatic machine monitoring device 2 performs remote monitoring control of the automatic machine 8, transmission and reception are performed between the automatic machine monitoring device 2 and the automatic machine 8 using a TCP / IP protocol message.
In this case, the automatic machine monitoring apparatus 2 performs an automatic machine monitoring APL (application program read from the hard disk device 14), and the automatic machine 8 performs the monitoring APL.
(Application program in the automatic machine main controller 31) performs the processing.

For example, when a command is sent from the automatic machine monitoring device 2 to the automatic machine 8, messages are sent in the order of the arrows shown in FIG. 12 to reach the monitoring APL of the automatic machine 8. That is, in the automatic machine monitoring device 2, the automatic machine monitoring APL → TC
The message processed in the order of P → IP → Ethernet is sent to the LAN in the monitoring center 1 and received by the router 17. In this case, the data on the LAN has a format of “EH (Ethernet header) + IH (IP header) + TH (TCP header) + data”.

Next, the message received by the router 17 is converted from Ethernet → IP → X. 25 → LAPB or LAPD
And transmitted to the packet switching network 6. In this case, the data on the packet exchange is “LH (LAPB header or LAPD header) + NH (X.25 header) + IH
(IP header) + TH (TCP header) + data ”.

Thereafter, the telegram from the packet switching network 6 is input to the automatic machine 8, in which the LAPB or LA is transmitted.
PD → X. 25 → IP → TCP → monitoring APL, and arrives at the monitoring APL.

In the above communication, when a message passes through the packet switching network 6 (pay-as-you-go billing), the X.400. No charge up to 25, but X.25. 25, TCP / IP is regarded as data and is charged. That is, in a packet switching connection such as INS-P, the TCP / IP protocol is passed as it is, and therefore, the control message of the TCP / IP protocol is charged.

[0022]

The above-mentioned prior art has the following problems.

(1): In a packet switching connection such as INS-P, the TCP / IP protocol is used as it is,
There has been a problem that the control message of the P / IP protocol is charged and the running cost of the communication line increases.

(2): If the connection is made directly by TCP / IP as described above, it is possible to get into the automatic machine, which causes security problems such as cracking. That is, if illegally intruded into an automatic machine such as cracking, data extraction or data destruction may occur, which affects transactions.

The present invention solves such a conventional problem, and an automatic machine monitoring device and an automatic machine connected via a pay-as-you-go packet switching network communicate using a TCP / IP protocol message. An object of the present invention is to reduce the running cost of a communication line in such a case and to ensure security.

[0026]

FIG. 1 is a diagram illustrating the principle of the present invention. In FIG. 1, 2 is an automatic machine monitoring device, 21 is an automatic machine monitoring mechanism, 22 is a TCP / IP communication control unit, 24
A is a gateway means, 28 is X. 25 communication control units, 6
Is a public network having a packet switching network (pay-as-you-go), 8 is an automatic machine, and 30A is a monitoring means. The present invention is configured as follows to achieve the above object.

(1): An automatic machine 8 for performing automatic transactions and an automatic machine monitoring apparatus 2 for remotely monitoring and controlling the automatic machine 8 are connected via a public network having a packet switching network 6 (pay-as-you-go).
When the automatic machine monitoring device 2 communicates with the automatic machine 8 using a TCP / IP protocol message, the automatic machine monitoring device of the system that monitors and controls the automatic machine 8 (for example, a remote monitoring control system). 24A (gateway device 2) between the device monitoring device 2 and the public network.
3), the gateway means 24
A is connected to the automatic device monitoring device 2 (for example, connected via a LAN), and the gateway 24A receives the message from the automatic device monitoring device 2 when receiving the message from the automatic device monitoring device 2.
A first message control means for deleting the / IP protocol control message and transmitting the message to the automatic machine 8, and a control message of the TCP / IP protocol added to the message when a message from the automatic machine 8 is received. Second message control means for transmitting to the monitoring device 2 and firewall means (means provided in the gateway device 23) for checking the message when receiving the message and cutting off the message other than for the purpose of automatic machine monitoring. Have.

(2): In the automatic device monitoring device of the above (1), the gateway means 24A includes a conversion table in which a DTE (data terminal device) address, an IP address, and a port number are associated with each other. The first and second message control means refer to the conversion table to obtain the T
It is configured to delete or add a CP / IP protocol control message.

(3): The packet exchange network 6 connects the automatic machine 8 that performs automatic transactions and the automatic machine monitoring device 2 that monitors the automatic machine 8.
The automatic machine monitoring device 2 is connected via a public network having a communication system, and communicates with the automatic machine 8 using a TCP / IP protocol message. The gateway unit 24A is provided in the machine 8, and the gateway unit 24A, when receiving a message from the automatic machine monitoring device 2, adds a TCP / I
First, a P-protocol control message is added and transmitted to the monitoring means 30A in the automatic machine 8 (for example, the main control unit of the automatic machine 8).
And a second message control unit that, when receiving a message from the monitoring unit 30A in the automatic machine 8, deletes the TCP / IP protocol control message of the message and transmits the message to the automatic machine monitoring device 2. And, when a message is received, a firewall means for checking the message and blocking the message other than for the purpose of automatic machine monitoring is provided.

(4): In the automatic machine of (3), the gateway means 24A includes a conversion table in which a DTE (data terminal) address, an IP address, and a port number are associated with each other, and , The second message control means refers to the conversion table, and
/ IP protocol control message is configured to be deleted or added.

(5): The packet exchange network 6 connects the automatic machine 8 that performs the automatic transaction and the automatic machine monitoring device 2 that monitors the automatic machine 8.
Is connected via a public network having
By communicating with the automatic machine 8 using a CP / IP protocol message, the gateway unit 24A connected to the automatic machine monitoring device 2 of the system for monitoring the automatic machine 8 transmits
When a message from the automatic machine monitoring device 2 is received, the T
A procedure for deleting the CP / IP protocol control message and transmitting the message to the automatic machine 8, and when a message from the automatic machine 8 is received, a TCP / IP protocol control message is added to the message and sent to the automatic machine monitoring apparatus 2. A computer-readable recording medium in which a program for executing a transmitting procedure and a procedure for checking a telegram when a telegram is received and cutting off the telegram for purposes other than automatic machine monitoring is recorded.

(Operation) The operation of the present invention based on the above configuration will be described with reference to FIG.

(A): The gateway means 24A of the above (1)
Then, when the first message control means receives a message from the automatic machine monitoring device 2, the first message control means deletes the TCP / IP protocol control message of the message and transmits the message to the automatic machine 8. Further, the second message control unit, when receiving a message from the automatic machine 8, performs control of adding a control message of the TCP / IP protocol to the message and transmitting the message to the automatic machine monitoring device 2. Further, when the message is received, the firewall unit checks the message and performs control to cut off the message other than for the purpose of automatic machine monitoring.

As described above, the automatic machine monitoring device 2 and the automatic machine 8
The message transmitted and received between the gateway means 24A
When passing through, the TCP / IP protocol control message is deleted or added, so that the message is not charged in the public network. Therefore, it is possible to reduce the amount of billing and the running cost by the control message of the TCP / IP protocol. In addition, since a message other than for the purpose of automatic machine monitoring can be cut off by the control of the firewall means, security can be ensured.

(B): In the gateway means of the above (2),
Since a conversion table in which a DTE address, an IP address, and a port number are associated with each other is provided, the first and second message control means refer to the conversion table when receiving a message, and / Delete / add protocol control message. In this way, the TCP / IP protocol control message can be deleted,
Alternatively, an addition can be made.

(C): In the gateway means of (3),
The first message control means, when receiving a message from the automatic device monitoring apparatus 2, performs control for adding a TCP / IP protocol control message to the message and transmitting the message to the monitoring means 30A in the automatic device. Further, when receiving the message from the monitoring unit in the automatic machine 8, the second message control unit deletes the control message of the TCP / IP protocol of the message and transmits the message to the automatic machine monitoring device 2. . Then, when the message is received, the firewall unit checks the message and performs control to cut off the message other than for the purpose of automatic machine monitoring.

As described above, the automatic machine monitoring device 2 and the automatic machine 8
The message transmitted / received between the server and the server is deleted from or added to the TCP / IP protocol control message when passing through the gateway means 24A in the automatic machine 8, so that the message is excluded from billing in the public network. Therefore, it is possible to reduce the amount of billing and the running cost by the control message of the TCP / IP protocol. In addition, the control by the firewall means can cut off a message other than for the purpose of automatic machine monitoring, thereby ensuring security.

(D): The gateway means of the above (4) is D
Since there is provided a conversion table in which a TE address, an IP address, and a port number are associated with each other, the first and second message control means refer to the conversion table to generate a TCP / IP protocol control message. Delete and add. By doing so, the TCP can be controlled by simple control.
/ IP protocol control message can be deleted or added.

(E): The gateway means of (5) reads out and executes the program on the recording medium,
When a message from the automatic machine monitoring device 2 is received, the T
A control for deleting the CP / IP protocol control message and transmitting the message to the automatic machine 8, and when a message from the automatic machine 8 is received, a control message of the TCP / IP protocol is added to the message and sent to the automatic machine monitoring device 2. The transmission control and the control of checking the electronic message when receiving the electronic message and interrupting the electronic message other than the purpose of automatic machine monitoring are performed.

As described above, the automatic machine monitoring device 2 and the automatic machine 8
The message transmitted and received between the gateway means 24A
When passing through, the TCP / IP protocol control message is deleted or added, so that the message is not charged in the public network. Therefore, it is possible to reduce the amount of billing and the running cost by the control message of the TCP / IP protocol. In addition, since messages other than those for the purpose of automatic machine monitoring can be blocked, security can be ensured.

[0041]

Embodiments of the present invention will be described below in detail with reference to the drawings. In this embodiment,
The conventional system configuration diagram shown in FIG. 10 and the configuration of the packet switching network 6 are the same.

§1: Description of System Configuration—See FIG. 2 FIG. 2 is a detailed diagram of the system configuration. The present invention incorporates a gateway mechanism (corresponding to the gateway means 24A) between the automatic machine monitoring device 2 and the automatic machine 8, and incorporates a firewall unit 27 in the gateway mechanism, so that the running cost of the communication line is reduced. And a highly secure device and system.

As shown in FIG. 2, the monitoring center includes an automatic machine monitoring device 2 for performing remote monitoring control of the automatic machine 8.
And a gateway device 23, and these devices are LA
Connect by N. The automatic machine monitoring device 2 includes an automatic machine monitoring mechanism (mechanism realized by executing a program) 21 for performing remote monitoring control of the automatic machine 8, and a TCP /
An IP communication control unit 22 is provided.

The gateway device 23 has a TCP
/ IP communication control unit 22, a gateway mechanism (a mechanism realized by executing a program) 24, 25, a communication control unit 28 is provided, and the gateway mechanism 24 is provided with a control table 26 and a firewall unit (realized by executing a program) 27.

On the other hand, X.X. 25, a communication control unit 28, a TCP / IP communication control unit 22, a gateway mechanism 24, and a monitoring mechanism (a mechanism realized by executing a program) 30 are provided. The gateway mechanism 24 is provided with a control table 26 and a firewall unit 27. The monitoring mechanism 30 is, for example, an automatic machine main controller 31.
It consists of. Then, the gateway device 23 in the monitoring center and the automatic machine 8 are connected and operated by a public network having the packet switching network 6 (pay-as-you-go).

In this case, the automatic machine 8 is an ATM (automatic teller machine), a CD (automatic teller machine), or the like. The automatic machine monitoring device 2 monitors the state of the automatic machine 8 such as the suspension, handling, and service items of the automatic machine 8, and displays the information on the screen of the disk array device, and resets the automatic machine 8. This is a device capable of issuing a processing command or the like to the device 8 (a device for performing remote monitoring control).

The gateway device 23 in the monitoring center
The function of deleting the control message of the TCP / IP protocol from the message received from the automatic machine monitoring device 2 and transmitting the message to the automatic machine 8 or the function of automatically adding the control message of the TCP / IP protocol to the message received from the automatic machine 8 This is a device having a function of transmitting to the device monitoring device 2. In addition, the gateway device 23 has a firewall function of checking a message and blocking a message other than for monitoring purposes.

The gateway device 23 in the automatic machine 8
Indicates that the message received from the automatic device monitoring device 2
The control message is added to the protocol control message and transmitted to the monitoring mechanism 30. At this time, the received message is checked and a firewall function is provided to cut off messages other than monitoring. Further, a function is provided for deleting the control message of the TCP / IP protocol from the message received from the monitoring mechanism 30 and transmitting the message to the automatic device monitoring apparatus 2 in the monitoring center.

The control table 26 of the gateway mechanism 24 and the control table 26 of the automatic machine 8 respectively include
Set the conversion table and security table,
The gateway mechanism 24 realizes a function of deleting or adding a control message of the TCP / IP protocol by referring to the conversion table.
Implements the firewall function by referring to the security table. In this case, in the conversion table, data in which a DTE address, an IP address, and a port number are associated are set, and in the security table, the number of bytes from the head and a permitted data string are set.

According to the above-described system, when a control message of the TCP / IP protocol is sent from the automatic machine monitoring device 2 or the automatic machine 8 to the packet switching network, the T
Since the transmission is performed without the CP / IP protocol layer, there is no need to charge a control message of the TCP / IP protocol in the packet switching network.

Therefore, it is possible to reduce the amount of billing by the control message of the TCP / IP protocol and the running cost of the communication line. In addition, by blocking access other than the purpose of monitoring by the firewall unit 27, it is possible to prevent illegal intrusion, and to ensure security.

The firewall unit 27 has a firewall (fire wall) function.
This firewall is one of the network security measures, and in computer systems,
It refers to a "system provided to block unauthorized access from outside" to a network system such as an in-house LAN connected to an external network such as the Internet.

The gateway device 23 or the gateway mechanism 24 is a conversion device for connecting a plurality of different LANs in all seven layers of the OSI (Open System Interconnection) basic reference model. The main conversion items are format conversion of messages and character codes, conversion of an address structure different for each network, and conversion of a protocol used in each layer.

The gateway mechanism 24 in the gateway device 23 and the gateway mechanism 24 in the automatic machine 8 are mechanisms realized by executing programs.
In this case, the gateway device 23 in the monitoring center is constituted by, for example, a communication server. Then, the program stored in the recording medium of the hard disk device provided in the communication server is read and executed by the internal CPU, whereby the processing of the gateway mechanism 24 is executed.

The gateway mechanism 24 in the automatic machine 8
The internal CPU reads out and executes a program stored in a recording medium of a hard disk device provided in the automatic machine 8 to execute the processing of the gateway mechanism 24.

§2: Description of processing at the time of automatic monitoring control ...
Referring to FIG. 2, the processing at the time of the automatic monitoring control will be described based on FIG. There is only one TCP connection between the automatic machine monitoring device 2 and the automatic machine 8 between the automatic machine monitoring APLs (application programs), and there is no need for multiplexing. That is, the IP connection and the TCP connection between the automatic monitoring device 2 and the automatic machine 8 correspond one to one. Also, the IP connection and X. The 25 network connections also correspond one-to-one.

Therefore, if there is correspondence information (table information set in the control table 26), the corresponding X.P. 25 network connections can be identified. X. The corresponding TCP connection can be identified from the 25 network connections.

For example, the automatic machine monitoring mechanism 2 in the monitoring center
It is assumed that a command (command by a control message) is issued from 1 to the automatic machine 8. This command is transmitted to the TC
The control message of the TCP / IP protocol is added by the P / IP communication control unit 22 and sent to the LAN in the monitoring center. In this case, by setting the default gateway to the gateway device 23, the gateway device 23
The message is notified to the gateway mechanism 24 in the inside.

At this time, since the gateway mechanism 24 in the gateway device 23 is located in the upper layer of TCP / IP, the control message of the TCP / IP protocol is not notified in the notified message. Then, the gateway mechanism 24
X. in the monitoring center X.25 communication control unit 28,
A transmission request is sent to the corresponding automatic machine 8 of the 25th layer. 25 Transmission from the communication control unit 28 to the automatic machine 8 is performed. in this case,
IP address of automatic machine 8 and DTE of packet-switched line
The correspondence with the address is set in the control table 26 in the gateway mechanism 24 in advance.

The corresponding message transmitted from the gateway device 23 of the monitoring center in this manner is transmitted to the packet switching network 6.
Is transmitted to the automatic machine 8 via the. Then, when the message reaches the corresponding automatic machine 8, X.X. 2
5 The communication control unit 28 notifies the gateway mechanism 24. The firewall unit 27 of the gateway mechanism 24 analyzes the data in the notified message, determines whether the message is for monitoring, and discards the message if the message is not for monitoring.

However, if the message is for monitoring, the message is sent to the monitoring mechanism 30 via the TCP / IP communication control unit 22. When the monitoring mechanism 30 receives the message,
The message is processed. In this process, the firewall unit 27 of the automatic machine 8 determines whether the message is a monitoring target message by referring to the control table 26.

That is, when the gateway device 23 in the monitoring center receives a message from the automatic device monitoring device 2, the gateway device 23 deletes the TCP / IP protocol control message of the message and transmits the message to the automatic device 8. Further, when a message from the automatic machine 8 is received, a control message of the TCP / IP protocol is added to the message and transmitted to the automatic machine monitoring apparatus 2. Then, when the gateway device 23 receives the message, the firewall unit 27 checks the received message by referring to the information in the control table, and performs control to cut off the message other than for the purpose of automatic machine monitoring.

As described above, the automatic machine monitoring device 2 and the automatic machine 8
When passing through the gateway mechanism 24, the message transmitted / received between the TCP / IP protocol control message is deleted,
Alternatively, since the addition is performed, it is excluded from the billing target in the public network. Therefore, it is possible to reduce the amount of billing and the running cost by the control message of the TCP / IP protocol. In addition, since a message other than for the purpose of automatic machine monitoring can be cut off under the control of the firewall unit 27, security can be ensured.

The control table 26 in the gateway device 23 includes a DTE (data terminal device) address,
Since a conversion table in which the IP address is associated with the port number is set in advance, the gateway mechanism 24
When a message is received, the TCP / IP protocol control message is deleted or added by referring to the conversion table. By doing so, the T can be controlled by a simple control.
CP / IP protocol control messages can be deleted and added.

On the other hand, in the automatic machine 8, the gateway mechanism 2
4 receives a message from the automatic machine monitoring apparatus 2, adds a TCP / IP protocol control message to the message and adds the message to the automatic machine 8.
Control to be transmitted to the monitoring mechanism 30 in the inside. Further, when the gateway mechanism 24 in the automatic machine 8 receives a message from the monitoring mechanism 30, the gateway mechanism 24 deletes the control message of the TCP / IP protocol of the message and transmits the message to the automatic machine monitoring apparatus 2. Then, upon receiving the message, the firewall unit 27 checks the message and performs control to block (discard) the message other than for the purpose of automatic machine monitoring.

As described above, the automatic machine monitoring device 2 and the automatic machine 8
When passing through the gateway mechanism 24 in the automatic machine 8, the message transmitted / received between them is deleted or added to the TCP / IP protocol control message, so that the message is excluded from billing in the public network. Therefore, it is possible to reduce the amount of billing and the running cost by the control message of the TCP / IP protocol. In addition, since a message other than for the purpose of automatic machine monitoring can be cut off (discarded) under the control of the firewall means, security can be ensured.

The gateway mechanism 24 in the automatic machine 8
In the control table 26 provided in, a conversion table in which a DTE (data terminal device) address, an IP address, and a port number are associated is set in advance, so that when the gateway mechanism 24 receives a message, By referring to the conversion table, the TCP / IP protocol control message is deleted and added. In this way, the TCP / IP protocol control message can be deleted,
And additions can be made.

When a message (for example, a response message) is sent from the automatic machine 8 to the automatic machine monitoring mechanism 21 in the monitoring center, the message is sent along the reverse route (the route in the direction opposite to the arrow shown). In this case, in the automatic machine 8, the monitoring mechanism 3
0 for the message sent from
The control message of the CP / IP protocol is deleted and sent to the packet switching network 6. Then, the gateway mechanism 24 of the monitoring center that has received this message transmits the received message with TCP
/ IP protocol control message added and automatic machine monitoring mechanism 2
Send to 1.

When the gateway mechanism 24 receives a message other than for the purpose of monitoring, it interrupts (or discards) the message. Therefore, also in this case, when passing through the gateway mechanism 24, the TCP / IP protocol control message is deleted or added, so that the message is excluded from the billing target in the public network. Therefore, it is possible to reduce the amount of billing and the running cost by the control message of the TCP / IP protocol.

§3: Description of Control by Control Sequence Diagram—See FIG. 3 FIG. 3 is a control sequence diagram, FIG. 3A is an original control sequence diagram, and FIG. 3B is a control sequence diagram after omitting a control message. . Hereinafter, a control sequence example in a case where a command is issued from the automatic machine monitoring device 2 to the automatic machine 8 will be described with reference to FIG. In the abbreviations in the figure, SYN (Synchronous) indicates a connection establishment request (synchronization of a connection request and a sequence number), ACK (Acknowledgement) indicates a positive acknowledgment, and PSH (Push Function) indicates a reception process as soon as possible. Indicates that data will be sent, and FIN (Fi
nish) indicates the end of transmission.

In the control sequence diagram shown in FIG.
The dotted line is necessary only in the original sequence, and the solid line is the original sequence and the sequence required in the present invention. In this control sequence, commands are transmitted and received between the automatic equipment monitoring device 2 and the automatic equipment 8 via a packet switching line (packet switching network 6), and the contents of the commands are also shown.

(1): Original Control Sequence The original control sequence is as shown in FIG. 3A. The dotted line is a sequence unnecessary in the present invention, and the solid line is a sequence required in the present invention. In this control sequence, control is performed as follows.

First, the automatic machine monitoring device 2 sends a SYN command for a connection establishment request to the automatic machine 8, and then the automatic machine 8 sends the connection monitoring request ACK. The SYN command is sent, and the acknowledgment ACK command is sent from the automatic machine monitoring device 2 to the automatic machine 8.

Next, the automatic machine monitoring device 2 sends an ACK. PSH command, and then send an ACK command for acknowledgment and ACK. Send FIN command. afterwards,
The automatic machine 8 sends an acknowledgment AC to the automatic machine monitoring device 2.
K command and ACK. FIN
Send a command. Subsequently, the automatic machine monitoring device 2 sends the automatic machine 8
Sends an ACK command for acknowledgment, and terminates.

(2): Control sequence after omitting the control message First, the automatic machine monitoring device 2 sends an ACK. Send a PSH command and end. Thus, the present invention requires only a very simple control sequence.

§4: Hierarchy comparison and description of message sequence example ... refer to FIG. 4 FIG. 4 is a processing explanatory diagram (No. 1), and FIG.
FIG. 4 shows a hierarchical comparison between P-LAN and packet switching, and FIG. B shows a general model using the TCP / IP protocol on packet switching. Note that the circles in the figure indicate application processes, and the circles indicate TCP connections.

As shown in FIG. 4A, the application layer, the transport layer, the network layer, and the link layer of the OSI reference model correspond to the LAN application, TCP, IP, and Ethernet, respectively. Further, the application layer and the transport layer of the OSI reference model correspond to the application of the packet switching line, and the network layer of the OSI reference model corresponds to the X.509 of the packet switching line. 25, the link layer of the OSI reference model is a packet-switched line LAPB (LinkAccess P
rocedure-Balanced) / LAPD (Link Access Procedu)
re on the D channel).

In the general model using the TCP / IP protocol on the packet exchange, when communication is performed between the apparatus A and the apparatus B, as shown in FIG. A plurality of IP connections can be set on 25 connections. Also, T on the IP connection
A plurality of CP connections can be set.

In this case, the TCP connection and the application process correspond one-to-one. Also, TCP
The connection is identified by “IP connection + port number”. The 25 connections are identified by a “DTE address”. As described above, the automatic machine monitoring system uses the TCP connection: IP connection: X. 25
Connection = 1: 1: 1.

§5: Description of control sequence example... FIG.
FIG. 5 is an explanatory diagram (part 2) of the processing, and the automatic machine monitoring device 2
An example of a control sequence between the gateway 8, the gateway device 23, and the automatic machine 8 will be described. As described above, a system for monitoring an automatic machine includes a TCP connection: an IP connection: X. 2
5 connections = 1: 1: 1. Therefore, D
If a correspondence table of a TE (data terminal device) address and an IP address + port number is set in the control table 26 in the gateway mechanism 24, a route indicated by an arrow in FIG. 5 can be selected.

Also, the IP protocol and X. The 25 protocols are located in the same network layer and work equally. That is, X. 25 connections and TCP
Since the connection is one-to-one, X. It can be replaced by the same function of 25 protocols. In this case, the operation of the TCP protocol is: order control: sequence number ,: flow control: window control ,: ensuring reliability: ACK
(Positive acknowledgment).

For example, automatic machine monitoring A of the automatic machine monitoring device 2
The command from the PL (application program) is sent to the automatic machine monitoring device 2 by the automatic machine monitoring APL →
LA in the monitoring center in the order of TCP → IP → Ethernet
N to the gateway device 23. In this case, the data on the LAN is “EH (Ethernet header) + IH (IP header) + TH (TCP header) + data”.

Thereafter, the gateway device 23 is connected from the LAN.
Is input in the gateway device 23 from the Ethernet → IP → TCP → Gateway APL.
(Gateway application) from the gateway APL to X. 25 → LAPB, transmitted to the external packet switching network 6, and received by the automatic machine 8. In this case, the data on the packet switched line is "LH
(LAPB / LAPD header) + NH (X.25 header) + data ", and the IH (IP header) and TH
(TCP header) has been deleted.

Then, in the automatic machine 8, LAPB / LA
PD → X. 25 → gateway APL (gateway application) → TCP → IP → monitoring APL (monitoring application), and arrive at the monitoring APL.

§6: Description of processing of gateway mechanism ...
6 and 7 are explanatory diagrams of the processing (part 3), and FIG. 25 is a processing flowchart for setting a connection, FIG. B is a processing flowchart for setting a TCP connection, and FIG. C is a conversion table. FIG. 7 is an explanatory diagram (part 4) of the process. FIG. 7A is a flowchart of a process for ensuring security when receiving data, and FIG. 7B is a filter table. Hereinafter, processing of the gateway mechanism will be described with reference to FIGS. In addition, S1 to S24 indicate each processing step.

(1): X. 25 Connection Setting Processing A gateway mechanism 24 is provided in each of the gateway device 23 in the monitoring center and the automatic machine 8, and a control table 26 is provided in the gateway mechanism 24. Therefore, a conversion table as shown in FIG. 6C is set in the control table 26, and conversion table data in which DTE addresses, IP addresses, and port numbers are associated with each other is set in the conversion table. . Thereafter, the following processing is performed using this conversion table.

In this process, when a TCP / IP connection request is received (S1), a conversion table in the control table 26 is searched based on the IP address and port number of the partner device, and it is determined whether there is corresponding data. (S2). As a result, if there is data corresponding to the conversion table, the X.D. 25 connections are made (S3). However, if there is no corresponding data in the conversion table, the request is rejected (S4). Thus, X. 25 Connection setting processing is performed.

(2): TCP connection setting processing In this processing, 25 connection setting reception (S1
According to 1), the conversion table is searched from the DTE address of the connection partner, and it is determined whether or not there is corresponding data (S12). As a result, if there is corresponding data, a TCP connection connection is made from the IP address and port number of the connection partner obtained from the conversion table (S13). However, if there is no corresponding data, the communication is disconnected (S1).
4) End. Thus, the TCP connection setting process is performed.

The conversion table can be simplified by embedding an IP address and a port number in the data portion.

(3): Processing for Ensuring Security at the Time of Receiving Data A gateway mechanism 24 is provided in each of the gateway device 23 in the monitoring center and the automatic machine 8, and the gateway mechanism 24 has a control table 26 Is provided. Therefore, a filter table as shown in FIG. 7B is set in the control table 26, and data in which the number of bytes from the head and the permitted data string are set in the filter table are set. deep. Then, the following processing is performed using this filter table.

In this process, when data is received (S2
1) Search the filter table and determine whether the permitted data has been confirmed (S22). as a result,
When the authorized data is confirmed, monitor the data APL
(If the gateway mechanism 24 of the automatic machine 8 is used,
If it is the monitoring mechanism in the gateway device 24 in the gateway device 23, it notifies the automatic machine monitoring mechanism 21) in the automatic machine monitoring device 2 (S23). However, if the permitted data is not confirmed, the communication is disconnected (S24),
finish. This processing realizes a firewall function and improves security.

§7: Description of TCP / IP protocol header--see FIG. 8 FIG. 8 is an explanatory diagram of the TCP / IP protocol header.
Figure A is IP header, Figure B is UDP header, Figure C is TCP
Indicates the header. Note that the IP header indicates an IP protocol header, the UDP header indicates a UDP protocol header, and the TCP header indicates a TCP protocol header. In this case, UDP (User Datagram Protocol) is a transport protocol of the Internet, and supports connectionless IP datagram communication.

The IP header (20 bytes) contains the source I
Header information including information such as a P address, a destination IP address, and a total data length is set, and data is added to this IP header. In the UDP header (8 bytes), header information including information such as a source port number, a destination port number, a UDT data length, and a UDT checksum is set.
Data is added to the DP header. In the TCP header, the source port number, destination port number, sequence number,
Acknowledgment number, URG, ACK, PSH, PST, SY
N, FIN and other commands, a TCP checksum, an urgent pointer, and other header information are set.
Add data to the header.

§8: Explanation of packet format ...
FIG. 9 is an explanatory diagram of the packet format, and FIG.
R (call request) / CN (incoming) packet format,
FIG. B shows a CA (call reception) / CC (connection completed) packet format. GFI is a general format identifier, LCGN is a logical channel group number, LC
N indicates a logical channel number.

In the CR (call request) / CN (call) packet format, GFI, LCGN, LCN, packet type identifier, call DTE address length, call DTE address length, call DTE address, call DTE address ,
Information such as facility length, facility, and call user data is set.

In the CA (call reception) / CC (connection completed) packet format, GFI, LCGN, L
CN, packet type identifier, calling DTE address length,
Incoming DTE address length, incoming DTE address, outgoing DT
Information such as an E address, a facility length, a facility, and user data is set.

§9: Description of Recording Medium and Program Processing performed by the gateway mechanism 24 is based on the CP in the apparatus.
U (or MPU) is a hard disk drive or ROM
This is realized by reading and executing the program stored in the. In this case, the gateway device 23 in the monitoring center is constituted by, for example, a communication server.
The internal CPU reads out and executes a program stored in a recording medium of a hard disk device provided in the communication server, thereby executing the gateway mechanism 24.
Execute the processing of

The gateway mechanism 24 in the automatic machine 8
The internal CPU reads out and executes a program stored in a recording medium of a hard disk device provided in the automatic machine 8 to execute the processing of the gateway mechanism 24. In this case, the program recorded on the recording medium of the hard disk device is recorded (stored) as follows.
It is possible to

A program (program data created by another device) stored in a flexible disk (floppy disk) is read by the server or a floppy disk drive (FDD) provided in the automatic machine 8 and the hard disk device is read. On a recording medium (hard disk).

: Magneto-optical disk or CD-ROM
The data stored in a storage medium such as the server,
Alternatively, the data is read by a drive device (such as a CD-ROM drive) provided in the automatic machine 8 and stored in a recording medium (hard disk) of the hard disk device.

[0100] Data such as a program transmitted from another device via a communication line such as a LAN is transmitted to the server,
Alternatively, the data is received via a communication control unit provided in the automatic machine 8, and the data is stored in a recording medium (hard disk) of the hard disk device.

[0102]

As described above, the present invention has the following effects.

(1): When the gateway means connected to the automatic monitoring apparatus in the monitoring center receives a message from the automatic monitoring apparatus, it deletes the TCP / IP protocol control message of the electronic message and deletes the automatic transmission. And when a message from the automatic machine is received, a control message of the TCP / IP protocol is added to the message and transmitted to the automatic machine monitoring device. Also, when the firewall means receives the message,
The electronic message is checked, and control for interrupting electronic messages other than for the purpose of automatic machine monitoring is performed.

In this way, when a message transmitted / received between the automatic machine monitoring apparatus and the automatic machine passes through the gateway means, a TCP / IP protocol control message is deleted or added. Therefore, since the TCP / IP protocol control message is deleted from the message transmitted to the packet switching network (pay-as-you-go billing), the message is excluded from the charging target in the packet switching network. Accordingly, the running cost of the communication line and the amount charged by the control message of the TCP / IP protocol can be reduced. In addition, since a message other than for the purpose of automatic machine monitoring can be cut off by the control of the firewall means, security can be ensured.

(2): The gateway means connected to the automatic device monitoring device in the monitoring center uses the DTE address and the I
Since there is provided a conversion table in which P addresses and port numbers are associated with each other, the first and second message control means
When the message is received, the TCP / IP protocol control message is deleted and added by referring to the internal conversion table. By doing so, the T can be controlled by a simple control.
It is possible to delete or add a CP / IP protocol control message.

(3): When the gateway means in the automatic machine receives the message from the automatic machine monitoring device, the gateway means adds the TCP to the message.
/ IP protocol control message is added and transmitted to the monitoring means in the automatic machine. When a message from the monitoring means in the automatic machine is received, the control message of the TCP / IP protocol of the message is deleted to monitor the automatic machine. Controls transmission to the device. Further, when the message is received, the firewall unit checks the message and performs control to cut off the message other than for the purpose of automatic machine monitoring.

As described above, when a message transmitted and received between the automatic machine monitoring apparatus and the automatic machine passes through the gateway means in the automatic machine, the TCP / IP protocol control message is deleted or added. Therefore, since the TCP / IP protocol control message is deleted from the message transmitted to the packet switching network (pay-as-you-go billing), the message is excluded from the charging target in the packet switching network. Accordingly, the running cost of the communication line and the amount charged by the control message of the TCP / IP protocol can be reduced. In addition, since a message other than for the purpose of automatic machine monitoring can be cut off by the control of the firewall means, security can be ensured.

(4): The gateway means in the automatic machine is D
Since there is provided a conversion table in which a TE address, an IP address, and a port number are associated with each other, the first and second message control means refer to the conversion table to generate a TCP / IP protocol control message. Delete or add. By doing so, the TC can be controlled by a simple control.
P / IP protocol control messages can be deleted or added.

(5): The gateway means connected to the automatic monitoring apparatus in the monitoring center reads out and executes the program on the recording medium. A control for deleting a TCP / IP protocol control message and transmitting the message to the automatic machine, and a control for adding a control message of the TCP / IP protocol to the message when receiving a message from the automatic machine and transmitting the message to the automatic machine monitoring device. Then, upon receiving the message, the firewall unit checks the message and performs control to cut off the message other than for the purpose of automatic machine monitoring.

In this way, when a message transmitted / received between the automatic machine monitoring apparatus and the automatic machine passes through the gateway means, the TCP / IP protocol control message is deleted or added. Therefore, since the TCP / IP protocol control message is deleted from the message transmitted to the packet switching network (pay-as-you-go billing), the message is excluded from the charging target in the packet switching network. Accordingly, the running cost of the communication line and the amount charged by the control message of the TCP / IP protocol can be reduced. In addition, since a message other than for the purpose of automatic machine monitoring can be cut off by the control of the firewall means, security can be ensured.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating the principle of the present invention.

FIG. 2 is a detailed diagram of a system configuration according to the embodiment of the present invention.

FIG. 3 is a control sequence diagram in the embodiment of the present invention.

FIG. 4 is an explanatory diagram (1) of a process according to the embodiment of the present invention.

FIG. 5 is a diagram (part 2) illustrating a process according to the embodiment of the present invention.

FIG. 6 is a diagram (part 3) illustrating a process according to the embodiment of the present invention.

FIG. 7 is a diagram (part 4) illustrating a process according to the embodiment of the present invention.

FIG. 8 is an explanatory diagram of a TCP / IP protocol header according to the embodiment of the present invention.

FIG. 9 is an explanatory diagram of a packet format in the embodiment of the present invention.

FIG. 10 is an explanatory diagram (part 1) of a conventional example.

FIG. 11 is an explanatory view (part 2) of a conventional example.

FIG. 12 is an explanatory diagram of a conventional process.

[Explanation of symbols]

 REFERENCE SIGNS LIST 1 monitoring center 2 automatic machine monitoring device 3 computer center 4 host computer 5 ledger file 6 packet switching network 7 branch office 8 automatic machine 17 router 21 automatic machine monitoring mechanism 22 TCP / IP communication control unit 23 gateway device 24 gateway mechanism 26 control table 27 Firewall part 28 X. 25 communication control unit 30 monitoring mechanism 31 automatic machine main control unit

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 12/56 G06F 15/30 A 5K048 12/22 310 H04Q 9/00 321 H04L 11/00 310D 11/20 102A 11/26 F term (for reference) 5B055 BB01 BB03 CB01 CB03 CB13 EE02 EE07 EE18 EE21 EE27 JJ05 NA01 NA02 NA15 NA16 NB06 NB08 NC00 5B085 AA08 AE06 BG07 5B089 GA01 GA31 HB02 K03KBK13 KB04 KB03 KB HA08 HC01 HC14 HD03 LA10 LE11 5K033 AA04 AA08 BA02 BA08 CC01 DA01 DA06 DB18 EA07 5K048 AA15 BA21 DC07 EB01 FC01 HA01 HA02

Claims (5)

[Claims] An automatic machine for performing an automatic transaction and an automatic machine monitoring device for monitoring and controlling the automatic machine are connected via a public network having a packet switching network, and the automatic machine monitoring device is connected to a TCP / IP.
An automatic machine monitoring device of a system for monitoring and controlling the automatic machine by communicating with the automatic machine using a protocol message, wherein a gateway means is provided between the automatic machine monitoring apparatus and a public network, and the gateway means Is connected to the automatic machine monitoring device, and the gateway means, upon receiving a message from the automatic machine monitoring device,
A first message control means for deleting a P / IP protocol control message and transmitting the message to the automatic machine; and, when a message from the automatic machine is received, the TCP / IP
A second message control unit for adding a control message of a protocol and transmitting the message to the automatic device monitoring apparatus; and a firewall unit for checking the message when receiving the message and blocking the message for purposes other than the automatic device monitoring purpose. An automatic machine monitoring device characterized in that: 2. The gateway means has a conversion table in which a DTE address, an IP address, and a port number are associated with each other, and the first and second message control means refer to the conversion table. And deleting or adding the TCP / IP protocol control message.
The automatic machine monitoring device according to the above. 3. An automatic machine for performing an automatic transaction and an automatic machine monitoring device for monitoring and controlling the automatic machine are connected via a public network having a packet switching network, and the automatic machine monitoring device is connected to a TCP / IP.
In an automatic machine of a system for monitoring and controlling the automatic machine by communicating with the automatic machine using a protocol message, a gateway unit is provided in the automatic machine, and the gateway unit transmits a message from the automatic machine monitoring device. When received, TC
A first message control means for adding a P / IP protocol control message and transmitting the message to the monitoring means in the automatic machine; and, when receiving a message from the monitoring means in the automatic machine, transmitting a control message of the TCP / IP protocol of the message. A second message control means for deleting and transmitting the message to the automatic machine monitoring apparatus, and a firewall means for checking the message when receiving the message and blocking the message for purposes other than the automatic machine monitoring purpose. Automatic machine. 4. The gateway means includes a conversion table in which a DTE address, an IP address, and a port number are associated with each other, and the first and second electronic message control means refer to the conversion table. And deleting or adding the TCP / IP protocol control message.
Automatic machine as described. 5. An automatic machine for performing an automatic transaction and an automatic machine monitoring device for monitoring and controlling the automatic machine are connected via a public network having a packet switching network, and the automatic machine monitoring device is connected to a TCP / IP.
By communicating with the automatic machine by using a protocol message, when a message from the automatic machine monitoring device is received by a gateway unit connected to the automatic machine monitoring device of the system for monitoring and controlling the automatic machine, TC
A procedure for deleting the P / IP protocol control message and transmitting the message to the automatic machine; and, when a message from the automatic machine is received, a TCP / IP message is added to the message.
A program for executing a procedure for adding a control message of the protocol and transmitting the message to the automatic device monitoring device, and a process for checking the message when receiving the message and shutting down the message other than for the purpose of automatic device monitoring are provided. A computer-readable recording medium that has been recorded.