JP2006031097A - Communication system, communication terminal used therefor, authentication information management method, authentication information management program, and storage medium storing authentication information management program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication terminal capable of reducing the probability of wrong deletion of authentication information. <P>SOLUTION: In this communication terminal, a storage part 101 stores a management table 102 for managing authentication information for every communication terminal. An authentication relationship control part 103 determines whether the number of authentication information recorded exceeds a predetermined storage number or not in reference to the management table 102. The predetermined storage number is a number smaller than the maximum storage number of authentication information which can be stored by the communication terminal. When the storage number of authentication information exceeds the predetermined storage number, the authentication relationship control part 103 confirms whether a communication terminal recorded in the management table 102 exists or not, and records it as a deletion candidate in the management table 102 if its existence cannot be confirmed. The authentication relationship control part 103 deletes authentication information for at least one communication terminal among the communication terminals registered as deletion candidates from the management table 102. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a communication system that communicates with each other via a network, a communication terminal used therefor, an authentication information management method, an authentication information management program, and a recording medium that stores the authentication information management program, and more specifically, an authentication technique. And a communication terminal used therefor, an authentication information management method, an authentication information management program, and a recording medium storing the authentication information management program.

  In recent years, IP (Internet Protocol) networks centering on the Internet are rapidly spreading. For example, in a home, various home appliances such as a personal computer (PC) or an AV device having a communication function, a surveillance camera, and an IP phone are connected to an IP network and communicate with each other. Hereinafter, home appliances having a personal computer and a communication function are collectively referred to as a communication terminal.

  When communication terminals communicate via a network, threats such as impersonation and intrusion from the outside must be dealt with. As one of security techniques for protecting information from these threats, there is a technique in which a communication terminal that has received a message authenticates (device authentication) that the communication terminal that sent the message is a valid communication partner. . Each legitimate communication terminal connected to the network holds authentication information for authenticating each other.

  As a method for managing authentication information, for example, there is a method in which a management device such as an authentication server is provided, and the management device centrally manages authentication information of each communication terminal existing in the network. There is also a method in which communication terminals individually manage each other's authentication information in an authentication system in which each communication terminal connected to the network directly communicates one-on-one without using a server.

  Here, there is a case where the authentication information regarding the communication terminal becomes unnecessary because the communication terminal connected to the network is discarded. At this time, if unnecessary authentication information is not deleted, unnecessary information is accumulated in the memory, which may cause a shortage of memory capacity.

  As a method for deleting unnecessary authentication information, a method in which a user deletes desired authentication information by using an input unit provided in a management apparatus or a communication terminal can be considered. However, an inexpensive communication terminal may not include an input unit for deleting authentication information. Therefore, there is a possibility that the authentication information cannot be deleted completely.

  As a method of deleting authentication information under such restrictions, the communication terminal transmits a packet for confirming the existence of the communication partner (hereinafter referred to as a keep alive packet) to the communication partner at regular intervals, and sends a response. There is a method of deleting authentication information of a communication partner who does not reply. Here, that the communication partner is “alive” means that the communication partner is operating normally and can communicate. The communication terminal that has received the key alive packet returns a response indicating that the terminal is operating normally to the source of the keep alive packet. If the communication terminal that is the transmission source of the key alive packet does not receive a response within the specified time, the communication terminal determines that the communication partner is stopped and deletes the authentication information of the communication partner from the memory.

  However, if a packet transmission delay occurs due to temporary network congestion or the keep-alive packet is lost in the middle of the network, the communication terminal that sent the keep-alive packet responds within the specified time. I can't receive it. In this case, the communication terminal that has transmitted the keepalive packet deletes the authentication information of the communication partner that does not respond, although the communication partner is actually alive. In order to communicate again with a communication terminal whose authentication information has been deleted, it is necessary to reset the authentication information, which is troublesome.

  Patent Document 1 describes an authentication information deletion method for solving such a problem. In the conventional authentication information deletion method described in Patent Document 1, the security gateway (corresponding to the management device) and the communication terminal hold information (address and authentication information) necessary for authenticating each other as session information. To do. Hereinafter, storing the session information transmitted from the communication terminal in the memory of the security gateway is referred to as “setting a session”. The maximum number of session information that can be stored in the memory by the security gateway is limited in advance. If the number of session information held by the security gateway has reached the maximum storage number and it cannot accept the request for setting a new session, the security gateway confirms the existence of the communication terminal that previously set the session and is not required. Session information is deleted.

  FIG. 25 is a sequence diagram showing a rough flow of the conventional authentication information deleting method described in Patent Document 1.

  First, the communication terminal 100a transmits a session setting request to the security gateway 200 (step S1201). The security gateway 200 determines whether or not the session information held by the own device has reached the maximum storage number. Here, it is assumed that the maximum number of stored sessions is 2. Since no session information is stored in the memory, the security gateway 200 sets a session for the communication terminal 100a and transmits a notification indicating that the session has been set to the communication terminal 100a (step S1202).

  Next, when a session setting request is transmitted from the communication terminal 100b (step S1203), the security gateway 200 sets a session for the communication terminal 100b (step S1204).

  However, when a session setting request is transmitted from the communication terminal 100c (step S1205), since two pieces of session information are already stored in the memory, the security gateway 200 sets the session of the communication terminal 100c. I can't.

  First, the security gateway 200 selects a communication terminal (communication terminal 100a) in which a session is first set as a deletion candidate. The security gateway 200 transmits a status confirmation message for confirming the existence of the communication terminal 100a (step S1206). Since there was a response from the communication terminal 100a (step S1207), the security gateway 200 next transmits a status confirmation message to the communication terminal 100b (step S1209). Since the communication terminal 100b is out of service area (step S1208), it cannot respond (step S1210). The security gateway 200 determines that the connection of the communication terminal 100b is disconnected. And the security gateway 200 deletes the session information of the communication terminal 100b, and sets the session of the communication terminal 100c (step S1211).

As described above, according to the method described in Patent Document 1, it is possible to reduce the possibility of deleting the session information of the alive communication terminal by mistake.
JP 2001-69175 A (page 12, FIG. 1)

  However, in the conventional authentication information deletion method described in Patent Document 1, the security gateway transmits a status confirmation message to the communication terminal only once. For this reason, when the status confirmation message is transmitted, for example, the user temporarily turns off the power of the communication terminal to save energy, or the communication terminal is turned on / off at regular intervals such as one day or one week. If the power is accidentally turned off when the status confirmation message is transmitted, the communication terminal cannot return a response. Therefore, when a communication terminal that is not always turned on is connected to the network, the security gateway erroneously deletes the session information of the “live” communication terminal. There is a fear.

  In addition, when there is a response from all the communication terminals that transmitted the status confirmation message, the security gateway does not delete the session information. In this case, since the number of pieces of session information held by the security gateway remains the maximum stored number, a new mobile terminal cannot be connected to the network. In addition, since session information is deleted only when the number of stored session information reaches the maximum number, all communication terminals that have requested it when there are continuous session setting requests from multiple communication terminals You may not be able to set up your session.

  Moreover, in the conventional authentication information deletion method described in Patent Document 1, the security gateway is a server and centrally manages session information of each mobile terminal. However, in a home network such as a home network, communication terminals may directly communicate with each other, such as peer-to-peer communication. In this case, each communication terminal communicates by managing authentication information. However, since the case where each communication terminal communicates directly is not described in Patent Document 1, unnecessary authentication information cannot be deleted when communication terminals communicate directly.

  Therefore, an object of the present invention is to store a communication system capable of reducing the possibility of erroneous deletion of authentication information, a communication terminal used therefor, an authentication information management method, an authentication information management program, and an authentication information management program. It is to provide a recording medium.

  Another object of the present invention is to prevent a shortage of memory capacity when the communication terminal is a terminal with a small memory capacity such as a network-compatible home appliance or a mobile phone with a small memory capacity. A communication terminal, an authentication information management method, an authentication information management program, and a recording medium for storing the authentication information management program are provided.

  A communication terminal that communicates with a valid other communication terminal via the network after determining whether the other communication terminal connected via the network is valid. Management information storage means for storing management information for managing the authentication information used for determining whether or not the communication terminal to be used is valid for each communication terminal, and the management information is referred to. The number of stored authentication information is determined by the stored number determining means and the stored number determining means to determine whether the number of authentication information recorded in the table exceeds the predetermined stored number. If it is determined that there is a communication terminal whose existence cannot be confirmed by the existence confirmation means for confirming whether another valid communication terminal is alive, and the existence confirmation means, Deletion candidate registration means for registering in the management information as a deletion candidate, and authentication information deletion means for deleting at least one communication terminal authentication information from the management information among the communication terminals registered as deletion candidates by the deletion candidate registration means The predetermined number of storages is smaller than the maximum number of stored authentication information that can be stored in the communication terminal.

  According to the present invention, when the number of pieces of authentication information held by the terminal exceeds the predetermined stored number, the communication terminal confirms the existence of another communication terminal and deletes a communication terminal that is unlikely to be alive. Register as Then, the communication terminal deletes the authentication information of the communication terminal selected from the communication terminals registered as deletion candidates. Thereby, unnecessary authentication information can be deleted.

  Further, according to the present invention, unnecessary authentication information is deleted without the user performing a specific operation. Furthermore, unnecessary authentication information will be deleted before reaching the maximum number of stored authentication information, so even in the case of a terminal with a small memory capacity such as a network-compatible home appliance or a mobile phone with a small memory capacity. Unnecessary authentication information is not stored in the memory. Therefore, it is possible to prevent a shortage of the storage capacity of the memory.

  Preferably, it further includes deletion candidate cancellation means for canceling registration of the accessed communication terminal as a deletion candidate when there is an access from a communication terminal registered as a deletion candidate by the deletion candidate registration means.

  For example, even when a communication terminal that has been temporarily turned off for reasons such as energy saving cannot respond to the survival confirmation, after the communication terminal that has been turned off is turned on, If there is any access to the communication terminal that requested the existence confirmation, the registration as a deletion candidate is canceled. As a result, the possibility of accidentally deleting the authentication information of the communication terminal that is actually alive can be minimized.

  Preferably, it further comprises a survival reconfirmation means for reconfirming the survival of the communication terminal of the deletion candidate registered in the management information by the deletion candidate registration means, and the deletion candidate cancellation means has confirmed the survival by the survival reconfirmation means Registration of deletion candidates for communication terminals may be canceled.

  As a result, the communication terminal confirms again the existence of the communication terminal registered as the deletion candidate. Therefore, it is possible to further reduce the possibility that the authentication information of the alive communication terminal is deleted by mistake.

  In addition, the survival confirmation unit is configured to confirm whether or not another valid communication terminal is alive when the storage number determination unit determines that the authentication information storage number exceeds the predetermined storage number. Whether a survival response message has been sent within a specified time from the survival confirmation message creation and transmission means that creates a survival confirmation message and sends it to the other valid communication terminal and the destination communication terminal of the survival confirmation message A response presence / absence determining means for determining whether or not the communication terminal further receives a survival confirmation message transmitted by another valid communication terminal, creates a survival response message, and transmits the survival confirmation message A survival response message creating / transmitting means for transmitting to the communication terminal may be provided.

  Accordingly, the communication terminal that has transmitted the survival confirmation message can confirm that the communication terminal that has transmitted the survival response message is alive by receiving the survival response message.

  The survival reconfirmation means creates a survival reconfirmation message for reconfirming whether or not the communication terminal that is the deletion candidate is alive, and transmits the message to the communication terminal registered as the deletion candidate. A confirmation message creation and transmission means; and a response presence / absence determination means for determining whether or not a survival response message has been sent within a predetermined time from the communication terminal that is the transmission destination of the survival reconfirmation message. A survival response message creation / transmission unit that creates a survival response message when a survival reconfirmation message transmitted by another communication terminal is received and transmits the survival response message to the communication terminal that is the transmission source of the survival confirmation message. Good.

  Accordingly, the communication terminal that has transmitted the survival reconfirmation message can confirm that the communication terminal that has transmitted the survival response message is alive by receiving the survival response message.

  Further, when the setting of authentication information is requested, the registration information determination means for referring to the management information and determining whether or not the number of authentication information recorded in the management information has reached the maximum storage number; When the registration permission / non-permission determining unit determines that the number of pieces of authentication information recorded in the management information has not reached the maximum storage number, the registration number determination unit includes an authentication information registration unit that registers the requested authentication information. When the authentication information is recorded in the management information by the authentication information registration unit, the determination unit may refer to the management information and determine whether the number of stored authentication information has reached a predetermined number.

  Thus, when the authentication information is newly set, the communication terminal determines whether or not the authentication information held by the terminal exceeds the predetermined number. Therefore, unnecessary authentication information is deleted before the number of stored authentication information reaches the maximum number of stored information. Therefore, even when there are consecutive requests for setting multiple authentication information, the communication terminal The possibility of rejecting the setting request is reduced.

  In addition, an authentication value that is a value obtained by converting the message by a predetermined method is added to the survival confirmation message, and the received survival confirmation message is transmitted from another valid communication terminal using the authentication value. An authentication means for authenticating whether or not the survival response message creating and transmitting means determines that the survival confirmation message is transmitted from another valid communication terminal by the authentication means; You may create it.

  Thereby, the communication terminal can determine whether or not the received survival confirmation message is valid.

  In addition, an authentication value that is a value obtained by converting the message by a predetermined method is added to the survival response message corresponding to the survival confirmation message, and the received survival response message is transmitted from another valid communication terminal using the authentication value. Authentication means for authenticating whether or not the response has been received, and the response presence / absence determination means determines that the survival response message is received when the authentication means determines that the survival response message is transmitted from another valid communication terminal. It may be determined that there is a response from the communication terminal that is the transmission source of the response message.

  Thereby, the communication terminal can determine whether or not the received survival response message is valid.

  In addition, an authentication value that is a value obtained by converting the message by a predetermined method is attached to the survival reconfirmation message, and the received survival reconfirmation message is transmitted from another valid communication terminal using the authentication value. An authentication means for authenticating whether or not the existence response message creating and sending means is alive when the existence of the survival reconfirmation message is sent from another valid communication terminal by the authentication means. A response message may be created.

  Thereby, the communication terminal can determine whether or not the received survival reconfirmation message is valid.

  In addition, an authentication value, which is a value obtained by converting the message by a predetermined method, is added to the survival response message for the survival reconfirmation message, and the received survival response message is transmitted from another valid communication terminal using the authentication value. An authentication unit that authenticates whether the response message has been received, and the response presence / absence determination unit determines that the survival response message has been transmitted from another valid communication terminal by the authentication unit. It is determined that there is a response from the communication terminal that is the transmission source of the survival response message, and the deletion candidate cancellation unit may cancel the registration of the communication terminal that has been determined to have received a response by the response presence determination unit as a deletion candidate .

  Thereby, the communication terminal can determine whether or not the received survival response message is valid.

  The management information includes a management table in which information necessary for selecting a communication terminal that is least likely to be alive among communication terminals that are deletion candidates, and authentication information deletion means includes: A communication terminal from which authentication information is deleted may be selected with reference to the management table.

  Management information is necessary to select an authentication information management table for managing authentication information for each communication terminal and a communication terminal that is least likely to survive among communication terminals that are candidates for deletion. The authentication information deletion means may select a communication terminal from which authentication information is deleted with reference to the deletion management table.

  Since information about deletion candidates is recorded in the deletion candidate management table, the communication terminal does not need to search for necessary information from all entries recorded in the authentication management table. Therefore, the existence of the communication partner can be confirmed efficiently.

  Furthermore, storage number display means for displaying the number of authentication information stored in the management information may be provided.

  Thereby, the user can confirm visually the number of the authentication information which a communication terminal hold | maintains.

  Furthermore, an update instruction unit that instructs the existence confirmation unit to confirm whether or not a valid communication terminal is alive may be provided, and the update instruction unit may be a switch.

  Thereby, the user can instruct the communication terminal to delete unnecessary authentication information at any time.

  Further, the survival reconfirmation message creation and transmission means may transmit the survival reconfirmation message to one communication partner a predetermined number of times, and the survival reconfirmation message may be transmitted at a predetermined interval. Good.

  Thereby, the communication terminal grasps in advance that the communication partner's power is OFF by grasping the pattern in which the communication partner's power is turned off, so that the communication terminal transmits the survival reconfirmation message in advance. You can avoid overlapping time. Therefore, it is possible to further reduce the possibility that the authentication information of the alive communication terminal is erroneously deleted.

  Further, the predetermined number of times and the predetermined interval may be predetermined for each communication terminal, or may be predetermined for each group to which the communication terminal belongs.

  As a result, even when the power ON / OFF pattern is different for each type of communication terminal or for each group to which the communication terminal belongs, the communication terminal is turned off at the timing of transmitting the survival reconfirmation message. It can be made not to overlap with the time grasped beforehand. Therefore, it is possible to further reduce the possibility that the authentication information of the alive communication terminal is erroneously deleted.

  The communication terminal that confirms the existence of another valid communication terminal may be a management device that centrally manages authentication information of another valid communication terminal connected to the network.

  The communication terminal may communicate directly with another valid communication terminal connected to the network.

  Furthermore, a deletion candidate notification unit that notifies the communication terminal registered as a deletion candidate by the deletion candidate registration unit to other communication terminals connected to the network may be provided.

  By notifying the other communication terminal of the communication terminal registered as the deletion candidate, the communication terminal that has received the notification can grasp the communication terminal that cannot confirm the existence without performing the existence confirmation by itself. Thereby, unnecessary authentication information can be deleted efficiently.

  Furthermore, when the authentication information is deleted by the authentication information deleting unit, a deletion completion notification unit may be provided that notifies the communication terminal from which the authentication information has been deleted to other communication terminals connected to the network.

  By notifying the other communication terminal of the communication terminal from which the authentication information has been deleted, the communication terminal that has received the notification can grasp the communication terminal that cannot confirm the existence without performing the existence confirmation itself. Thereby, unnecessary authentication information can be deleted efficiently.

  In the present invention, a plurality of communication terminals are connected via a network, and each communication terminal determines whether or not the communication partner to be connected is valid, and then communicates with other communication terminals. Management information for managing, for each communication terminal, authentication information used to determine whether or not each communication terminal connected via the network is valid Management information storage means for storing the authentication information, and when the authentication information setting request is received, the management information is referred to, and the number of authentication information recorded in the management information reaches the maximum number that can be held by the terminal itself. If the number of authentication information recorded in the management information is determined not to reach the maximum storage number by the registration permission determination means and the registration permission determination means for Register information When the authentication information is recorded in the management information by the certificate information registration unit and the authentication information registration unit, the management information is referred to, and the storage number determination unit determines whether or not the number of stored authentication information has reached a predetermined storage number And the number of authentication information stored by referring to the management information and determining whether or not the number of authentication information recorded in the management information has reached a predetermined storage number, When it is determined that the number exceeds the specified number of storages, the existence confirmation means for confirming whether or not the other valid communication terminal is alive and the confirmation of the existence from the other valid communication terminal are requested If it is determined by the survival response means that notifies the terminal that has requested survival confirmation that the terminal is alive and the existence confirmation means that there is a communication terminal that cannot be confirmed, Cannot be confirmed Deletion candidate registration means for registering a terminal as a deletion candidate in management information, and authentication information deletion for deleting authentication information related to at least one communication terminal from the management information among communication terminals registered as deletion candidates by the deletion candidate registration means And the predetermined storage number is smaller than the maximum number of authentication information that can be stored in the communication terminal.

  The present invention also relates to a method for deleting unnecessary authentication information in a communication terminal for registering authentication information for determining whether or not a communication terminal as a communication partner is valid. A step in which the terminal refers to management information for managing authentication information for each communication terminal and determines whether or not the number of authentication information recorded in the management information exceeds a predetermined stored number; If the number of storages exceeds the specified number of storages, there is a step in which the communication terminal confirms whether other valid communication terminals are alive, and if there are other valid communication terminals whose survival cannot be confirmed, The communication terminal registers a communication terminal whose survival cannot be confirmed in the management information as a deletion candidate, and the communication terminal stores authentication information on at least one communication terminal among the communication terminals registered as the deletion candidate. And a step of deleting from the predetermined storage number, characterized in that the communication terminal is less than the maximum number of stored authentication information can be stored.

  The present invention is also a program for causing a communication terminal for registering authentication information for determining whether or not a communication terminal as a communication partner is valid to delete unnecessary authentication information. Making the terminal refer to management information for managing authentication information for each communication terminal, and determining whether or not the number of authentication information recorded in the management information exceeds a predetermined storage number; If the number of storages exceeds the specified number of storages, if there is a step that allows the communication terminal to check whether another valid communication terminal is alive, and if there is another valid communication terminal that cannot be confirmed, A step of causing the communication terminal to register a communication terminal whose survival cannot be confirmed in the management information as a deletion candidate, and authentication information relating to at least one communication terminal among the communication terminals registered as deletion candidates in the communication terminal. And a step of deleting from the management information, a predetermined number of stored is characterized in that the communication terminal is less than the maximum number of stored authentication information can be stored.

  The present invention also provides a recording medium recording a program for deleting unnecessary authentication information in a communication terminal that registers authentication information for determining whether or not a communication terminal as a communication partner is valid. Then, the communication terminal is caused to refer to management information for managing authentication information for each communication terminal, and to determine whether or not the number of authentication information recorded in the management information exceeds a predetermined storage number. If the number of stored authentication information exceeds the predetermined number, the step of making the communication terminal check whether or not the other valid communication terminal is alive, and the other valid communication that cannot be confirmed. When there is a terminal, at least one communication among a communication terminal registered as a deletion candidate in the communication terminal and a step of registering in the management information as a deletion candidate a communication terminal whose survival cannot be confirmed And a step of deleting the authentication information about the end of the management information, a predetermined number of stored a program, wherein the communication terminal is less than the maximum number of stored authentication information that can be stored is stored.

  According to the present invention, a communication system capable of reducing the possibility of erroneous deletion of authentication information, a communication terminal used therefor, an authentication information management method, an authentication information management program, and a recording medium storing an authentication information management program Will be provided. Further, according to the present invention, when the communication terminal is a terminal with a small memory capacity such as a network-compatible home appliance or a mobile phone with a small memory capacity, a communication capable of preventing a shortage of memory capacity. A terminal, an authentication information management method, an authentication information management program, and a recording medium for storing the authentication information management program are provided.

(First embodiment)
FIG. 1 is a block diagram showing a configuration of a communication system according to the first embodiment of the present invention. In FIG. 1, the communication system includes communication terminals 10a to 10c.

  The communication terminals 10a to 10c are connected to each other via the network 9 so that they can communicate with each other. The communication terminals 10a to 10c communicate directly without using a server, for example, peer-to-peer communication. The network 9 is typically an IP network, but may be a network using a protocol other than IP. The transmission method of the network 9 is typically Ethernet (registered trademark) or a wireless LAN, but may be other transmission methods such as PLC (Power Line Communication). In FIG. 1, three communication terminals 10a to 10c are connected to the network 9, but two or less communication terminals may be connected to the network 9, or four or more communication terminals. May be connected to the network 9.

  The communication terminals 10a to 10c have a communication function and transmit / receive data to / from each other. When a message is sent from another communication terminal connected to the network 9, the communication terminals 10 a to 10 c are sent from a communication terminal legitimately connected to the network 9. It is determined whether or not. Hereinafter, the process of determining whether or not the sent message is sent from a valid communication terminal is referred to as an authentication process. The communication terminal that has sent the message and the communication terminal that receives the message and determines whether the message is from a valid communication terminal are said to be in an authentication relationship.

  Note that the communication terminal may confirm once whether or not it is in an authentication relationship with another communication terminal when it is first connected to the network 9, or may confirm periodically. Moreover, you may confirm for every communication message (IP packet etc.) transmitted / received.

  When the communication terminals 10a to 10c determine that the message is a message sent from a valid communication terminal by the authentication process, the communication terminals 10a to 10c execute a necessary process based on the message. On the other hand, if the communication terminals 10a to 10c determine that the message is a message sent from an unauthorized communication terminal in the authentication process, the communication terminals 10a to 10c discard the data.

  The authentication process used in the present embodiment may be any process as long as it can determine whether the data is sent from a valid communication terminal.

  For example, as a method of authentication processing, there is a method of using a message authentication code (MAC). In this method, two communication devices in an authentication relationship have the same keyed hash function. The hash function refers to a one-way function that converts a message into a constant length value and guarantees that the original message cannot be obtained from the constant length value.

  The first communication terminal on the message transmitting side converts the message to which the key has been added using a keyed hash function possessed by the second communication terminal of the transmission destination. The first communication terminal converts the keyed message with a hash function, and uses the obtained value as the message authentication code. The first communication terminal attaches the message authentication code to the message and transmits it to the second communication terminal. The second communication terminal adds the key stored in its own terminal to the sent message (excluding the message authentication code portion) and converts it using the hash function. If the value obtained after conversion matches the value (message authentication code) attached to the message, the second communication terminal determines that the message is from a valid communication terminal. Therefore, when using a keyed hash function, each communication terminal holds a hash function and its key that are common to the communication partner.

  The message authentication code may be a value obtained by converting a part or all of the message with a common key. In this case, each communication terminal holds a common key common to the communication partner.

  Further, the authentication process is not limited to the method using the message authentication code, and any process can be used as long as it can determine whether the data is sent from a valid communication terminal. Also good. As another method of authentication processing, for example, there is a method using a digital signature. Further, the message may be authenticated by combining a hash function with a key and a digital signature. As described above, in the present embodiment, any authentication process may be used, but what is common when any authentication process is used is that each communication terminal communicates with another communication target. This means that authentication information about the terminal is held. In the present embodiment, a case will be described in which each communication terminal performs an authentication process using a keyed hash function.

  FIG. 2 is a diagram schematically illustrating a configuration of a table relating to authentication information necessary for the authentication process. FIG. 2 is an example of a table held by the communication terminal 10a, but the communication terminals 10b and 10c also hold the same table as the communication terminal 10a.

  The communication terminal holds management information related to another communication terminal in association with the identifier and address of the other communication terminal. The management information includes authentication information, authentication relationship establishment time, authentication information last use time, last survival confirmation time, and non-survival confirmation time. The authentication relationship establishment time is the date and time when the authentication relationship is established, that is, the date and time when authentication information of the communication partner is recorded in the management table. The authentication information last use time is a date and time when the authentication information is used when a message is transmitted and received. The authentication information last use time is updated every time the authentication information is used.

  The final survival confirmation time is the date and time when it is confirmed that the communication partner is alive. Here, the “surviving” communication terminal means a communication terminal that is operating normally and can communicate. The final survival confirmation time is updated every time the existence of the communication partner is confirmed. The non-survival confirmation time is a time when it is confirmed that a response is not returned even though a message for confirming the existence of the communication partner is transmitted.

  Hereinafter, a set of communication terminal identifier, address, authentication information, authentication relationship establishment time, authentication information use last time, survival confirmation last time, and non-survival confirmation time will be referred to as an entry. A table in which entries are recorded is called a management table.

  Four entries are recorded in the management table. In the communication system shown in FIG. 1, since there are two communication partners for each communication terminal, authentication information is registered in two entries. In the remaining two entries, authentication information of the communication partner is not registered. Hereinafter, an entry for which authentication information is not registered is referred to as an empty entry.

  In FIG. 2, the maximum number of entries recorded in the management table is 4, but the maximum number of entries may be 3 or less, or 5 or more. Further, information other than the information described above may be registered in each entry.

  When a new communication terminal is connected to the network 9, the new communication terminal needs to establish an authentication relationship with the communication terminals 10 a to 10 c already connected to the network 9. Here, a communication terminal newly connected to the network 9 is referred to as a communication terminal 10d in order to distinguish from the communication terminals 10a to 10c. When the communication terminal 10d is connected to the network 9, the communication terminal 10d transmits a setting request for requesting setting of authentication information of the terminal itself to the communication terminals 10a to 10c. The setting request includes the address of the communication terminal 10d and authentication information.

  When receiving the authentication information setting request from the communication terminal 10d, the communication terminal 10a refers to the management table 102 and determines whether or not the number of recorded entries has reached the maximum storage number. When the number of entries does not reach the maximum storage number, the communication terminal 10a records the authentication information of the communication terminal 10d that is the transmission source of the setting request in the authentication relationship management table. On the other hand, when the number of entries has reached the maximum storage number, the communication terminal 10a rejects the authentication information setting request.

  When the authentication information of the communication terminal 10d is recorded in the management table, the communication terminal 10a determines whether or not the number of recorded entries exceeds a predetermined storage number. The predetermined storage number is smaller than the above-mentioned maximum storage number and is set in advance.

  If the number of entries does not exceed the predetermined storage number, the communication terminal 10a ends the process. On the other hand, when the number of entries exceeds the predetermined storage number, the communication terminal 10a determines whether all the communication terminals recorded in the management table are alive. The communication terminal 10a creates and transmits a message for confirming the existence to all the communication terminals (here, the communication terminals 10b to 10d) recorded in the management table. The message transmitted at this time is called a survival confirmation message.

  The communication terminals 10b to 10d that have received the existence confirmation message return a response message to the communication terminal that is the source of the existence confirmation message. The response message at this time is called a survival response message.

  After transmitting the survival confirmation message, the communication terminal 10a determines whether or not the survival response message is transmitted within a predetermined waiting time from the transmission destination of the survival confirmation message. When the survival response message is transmitted from all the communication counterparts within the predetermined waiting time, the communication terminal 10a determines that all the communication terminals recorded in the management table are alive and deletes the entry. The process is terminated without doing so.

  On the other hand, communication terminals that cannot transmit the survival response message within a predetermined waiting time among the communication terminals that are the transmission destinations of the survival confirmation message may not be currently used. When there is a communication terminal that does not transmit a survival response message, the communication terminal 10a records a communication terminal that does not transmit a survival response message as a deletion candidate in the management table. The communication terminal 10a waits for access from the communication terminal until a predetermined waiting time elapses. If there is any access from the deletion candidate communication terminal before the predetermined waiting time elapses, the communication terminal 10a removes the accessed communication terminal from the deletion candidate. When the predetermined waiting time elapses, the communication terminal 10a transmits a message to the communication terminal in order to confirm again whether or not the deletion candidate communication terminal is alive. The message transmitted at this time is called a survival reconfirmation message.

  After transmitting the survival reconfirmation message, the communication terminal 10a determines whether or not the survival response message is transmitted within a predetermined waiting time from the transmission destination of the survival reconfirmation message. When the survival response message is transmitted, the communication terminal 10a removes the communication terminal that is the source of the survival response message from deletion candidates. In addition, when there is some access from the deletion candidate communication terminal, the communication terminal 10a removes the accessed communication terminal from the deletion candidate.

  On the other hand, there is a high possibility that a communication terminal that cannot transmit a survival response message within a predetermined waiting time is not currently used. The communication terminal 10 deletes the authentication information of the communication terminal that has not transmitted the survival response message from the management table. At this time, when there are a plurality of communication terminals that do not transmit the survival response message, the communication terminal 10a selects the communication terminal that is most likely not currently used. And the communication terminal 10a deletes the authentication information of the selected communication terminal from a management table, and complete | finishes a process.

  FIG. 3 is a block diagram showing a more detailed configuration of the communication terminal 10a. In FIG. 3, the communication terminal 10 a includes a storage unit 101, an authentication relationship control unit 103, a survival confirmation unit 104, a survival response unit 105, and a communication unit 106. The communication terminals 10b and 10c have the same configuration as the communication terminal 10a. Hereinafter, the detail of each part of the communication terminal 10a is demonstrated.

  The storage unit 101 stores a management table 102.

  When the authentication relationship control unit 103 receives an authentication information setting request transmitted from another communication terminal that has not yet established an authentication relationship via the communication unit 106, the management table 102 stored in the storage unit 101. To determine whether the number of recorded entries has reached the maximum storage number. When the number of entries does not reach the maximum storage number, the authentication relationship control unit 103 records authentication information of a setting request transmission source in the management table 102. At the same time, the authentication relationship control unit 103 registers the authentication relationship establishment time in the entry in which the authentication information is registered. On the other hand, when the number of entries has reached the maximum storage number, the authentication relationship control unit 103 rejects the authentication information setting request.

  Next, the authentication relationship control unit 103 determines whether or not the number of recorded entries exceeds a predetermined storage number. As described above, the predetermined storage number is set in advance. Here, in the present embodiment, a case where the maximum number of storages is four and the predetermined number of storages is two will be described as an example. Note that the predetermined number of storages is not limited to two as long as the number is less than the maximum number of storages. When the maximum storage number is 1, the predetermined storage number is preferably equal to the maximum storage number.

  If the predetermined stored number is not exceeded, the authentication relationship control unit 103 ends the process. On the other hand, when the predetermined number of stored items is exceeded, the authentication relation control unit 103 instructs the survival confirmation unit 104 to transmit a survival confirmation message to all the communication terminals recorded in the management table 102. Specifically, the authentication relationship control unit 103 creates a survival confirmation instruction and passes it to the survival confirmation unit 104.

  Then, the authentication relationship control unit 103 determines whether or not a survival response message is transmitted within a predetermined waiting time from the transmission destination of the survival confirmation message. Specifically, upon receiving a reception notification indicating that a survival response message has been transmitted from the communication partner from the survival confirmation unit 104, the authentication relationship control unit 103 determines the communication terminal that is the transmission source of the survival response message. Then, the last survival confirmation time in the management table 102 is updated.

  Upon receiving the waiting time expiration notification from the survival confirmation unit 104, the authentication relationship control unit 103 determines that the waiting time for a response to the survival confirmation message has expired. Then, the authentication relationship control unit 103 refers to the management table 102 and determines whether there is an entry for which the last survival confirmation time has not been updated. The fact that the last survival confirmation time is not updated indicates that a survival response message has not been transmitted. If the last survival confirmation time has been updated for all entries, the authentication relationship control unit 103 ends the process.

  On the other hand, if there is an entry whose last survival confirmation time has not been updated, the authentication relationship control unit 103 registers the entry as a deletion candidate. Specifically, the authentication relationship control unit 103 registers the non-survival confirmation time in the corresponding entry. Thereafter, the authentication relationship control unit 103 determines whether there is any access from the communication partner registered as the deletion candidate until a predetermined waiting time elapses. Upon receiving a reception notification indicating that access has been made from a deletion candidate from another application (not shown), the authentication relationship control unit 103 cancels registration of the accessed communication partner as a deletion candidate. Specifically, the authentication relationship control unit 103 deletes the non-survival confirmation time recorded in the management table 102. If there is a deletion candidate that is not accessed even after a predetermined waiting time has elapsed, the authentication relationship control unit 103 instructs the survival confirmation unit 104 to transmit a survival reconfirmation message to the communication terminal registered as the deletion candidate. Specifically, the authentication relationship control unit 103 creates a survival reconfirmation instruction and passes it to the survival confirmation unit 104.

  Thereafter, the authentication relation control unit 103 determines whether or not a reception notification is received from the survival confirmation unit 104 until a waiting time expiration notification is received from the survival confirmation unit 104. When receiving the reception notification, the authentication relationship control unit 103 refers to the management table 102 and deletes the last survival confirmation time from the entry in which the address recorded in the reception notification is registered. At the same time, the authentication relationship control unit 103 updates the last survival confirmation time registered in the entry from which the last survival confirmation time has been deleted. In addition, when there is an access from a communication terminal registered as a deletion candidate during a response waiting time for a survival reconfirmation message, the authentication relationship control unit 103 cancels the registration as a deletion candidate for the accessed communication terminal. To do.

  Upon receiving the waiting time expiration notification from the survival confirmation unit 104, the authentication relationship control unit 103 refers to the management table 102 and determines whether there is an entry in which the non-survival confirmation time is registered. If there is no entry in which the non-survival confirmation time is registered, the authentication relationship control unit 103 ends the process. On the other hand, when there is an entry in which the non-survival confirmation time is registered and there is one entry, the authentication relationship control unit 103 deletes the authentication information registered in the entry. Here, unless otherwise specified, when deleting the authentication information, the identifier, the address, and other information related to time are also deleted.

  When there are a plurality of entries in which the non-survival confirmation time is registered, the authentication relationship control unit 103 selects a communication terminal that is most likely not currently used. Specifically, the authentication relationship control unit 103 refers to the management table 102 and prioritizes deletion candidates. Then, the authentication relationship control unit 103 selects the entry having the highest priority, that is, the entry in which the oldest non-survival confirmation time is registered as the most likely entry. The authentication relationship control unit 103 deletes the authentication information registered in the most prominent entry.

  Further, when the authentication relationship control unit 103 receives a reception notification indicating that a survival confirmation message or a survival reconfirmation message has been transmitted from another communication terminal from the survival response unit 105 described later, the authentication relationship control unit 103 refers to the management table 102. Update the last survival confirmation time.

  Upon receiving the survival confirmation instruction from the authentication relation control unit 103, the survival confirmation unit 104 creates a survival confirmation message. The transmission destination addresses of the survival confirmation message are all addresses recorded in the management table 102. The survival confirmation unit 104 passes the created survival confirmation message to the communication unit 106.

  FIG. 4 is a diagram illustrating an example of the configuration of a survival confirmation message. The survival confirmation message includes destination address information, transmission source address information, a survival confirmation flag, and a hash value. The destination address information is information indicating the address of the communication terminal that is the transmission destination of the survival confirmation message. The source address information is information indicating the address of the communication terminal 10a that is the source of the survival confirmation message. The survival confirmation flag is information indicating that the message is a survival confirmation message.

  The hash value is a value obtained by converting a message with a keyed hash function. The key used here is recorded in the management table 102 as authentication information for the communication partner that transmits the message. Note that if the hash function is not used as the authentication information, the hash value may not be attached to the message.

  Returning to the description of FIG. The survival confirmation unit 104 updates the authentication information last use time when reading the authentication information (here, the hash value) from the management table 102 in order to create a survival confirmation message. In addition, the survival confirmation unit 104 transmits a survival confirmation message and starts measuring the waiting time. When the waiting time for the response to the survival confirmation message expires, the survival confirmation unit 104 creates a waiting time expiration notification indicating that the waiting time has expired, and passes it to the authentication relationship control unit 103.

  Here, when receiving the survival confirmation message, the communication terminal that is the transmission destination of the survival confirmation message returns a survival response message to be described later. When the survival confirmation unit 104 receives the survival response message returned from the communication terminal that is the transmission destination of the survival confirmation message via the communication unit 106, the survival confirmation unit 104 authenticates the survival response message. When the survival response message is valid, the survival confirmation unit 104 creates a reception notification in which the source address of the survival response message is recorded and passes it to the authentication relationship control unit 103. At this time, the survival confirmation unit 104 updates the authentication information last use time in the management table 102.

  In addition, upon receiving a survival reconfirmation instruction from the authentication relationship control unit 103, the survival confirmation unit 104 creates a survival reconfirmation message. The survival confirmation unit 104 refers to the management table 102 and sets the transmission destination address of the survival reconfirmation message as the address of the entry in which the non-survival confirmation time is registered. Then, the survival confirmation unit 104 passes the created non-survival confirmation message to the communication unit 106. In addition, the survival confirmation unit 104 measures the waiting time for the response of the survival reconfirmation message in the same manner as when the survival confirmation message is transmitted.

  FIG. 5 is a diagram illustrating an example of the configuration of a survival reconfirmation message. The survival reconfirmation message shown in FIG. 5 is different from the survival confirmation message shown in FIG. 4 in that a survival reconfirmation flag is included instead of the survival confirmation flag. The survival reconfirmation flag is information indicating that the message is a survival reconfirmation message. In the survival reconfirmation message, the configuration other than the survival reconfirmation flag is the same as that of the survival confirmation message, and thus the description of other configurations is omitted.

  Returning to the description of FIG. The survival confirmation unit 104 updates the authentication information last use time of the management table 102 when the survival reconfirmation message is transmitted and when the survival response message is received.

  When the survival response unit 105 receives a survival confirmation message or a survival reconfirmation message transmitted from another communication terminal via the communication unit 106, the survival response unit 105 authenticates the received message. If the message is valid, a survival response message to be transmitted to the communication terminal that is the transmission source of the survival confirmation message or the survival reconfirmation message is created. The survival response unit 105 passes the created survival response message to the communication unit 106. In addition, the survival response unit 105 updates the authentication information last use time of the management table 102 when the survival confirmation message or the survival reconfirmation message is received and when the survival response message is transmitted.

  FIG. 6 is a diagram illustrating an example of the configuration of a survival response message. The survival response message shown in FIG. 6 differs from the survival confirmation message shown in FIG. 4 in that a response flag is included instead of the survival confirmation flag. The response flag is information indicating that the message is a survival response message. Since the configuration other than the response flag in the survival response message is the same as that of the survival confirmation message, description of other configurations is omitted.

  Returning to the description of FIG. The communication unit 106 is an interface with the network, and passes the received message to the authentication relation control unit 103, the survival confirmation unit 104, the survival response unit 105, or another application (not shown). Specifically, the communication unit 106 identifies the type of message by referring to a flag recorded in the received message. When the flag indicates a request for setting authentication information, the communication unit 106 passes the received message to the authentication relationship control unit 103. When the flag is a survival confirmation flag or a survival reconfirmation flag, the communication unit 106 passes the received message to the survival confirmation unit 104. When the flag is a response flag, the communication unit 106 passes the received message to the survival response unit 105. When receiving a message in which a flag other than these is recorded, the communication unit 106 passes the received message to another application.

  Here, the other application refers to an application used for operating the original function of the communication terminal 10a or its attached function. For example, when the communication terminal 10a is a television controlled by a remote controller via a network, the television includes an application for responding to a control request from the remote controller. Other applications, like the survival confirmation unit 104 and the survival response unit 105, receive a message from the communication unit 106, create a reception notification, and pass it to the authentication relationship control unit 103. Other applications update the authentication information last use time in the management table 102 when the authentication information is used at the time of message transmission / reception.

  Further, when receiving a message from the survival confirmation unit 104 or the survival response unit 105, the communication unit 106 transmits the message to the designated communication terminal.

  Note that the survival confirmation message, the survival reconfirmation message, and the survival response message may be transmitted to a plurality of communication terminals using multicast or broadcast, or only to a specific communication terminal using unicast. May be sent.

  An outline of the operation of the communication terminal configured as described above will be described. FIG. 7 is a sequence diagram showing an outline of the operation of each communication terminal. Here, a case where the communication terminal 10d is newly connected to the network 9 and the communication terminal 10d transmits an authentication information setting request to the communication terminal 10a will be described. In the management table 102, the maximum number of entries stored is four, and the predetermined number of stores is two.

  In FIG. 7, four squares arranged vertically represent an entry. Among the entries, a hatched square represents an entry in which authentication information is registered, and a dot patterned square represents an entry registered as a deletion candidate. In addition, a solid white square represents an empty entry. Each communication terminal updates the authentication information last use time recorded in the management table 102 when the authentication information is used when the message is transmitted and received.

  First, the authentication information of the communication terminals 10b and 10c is recorded in the management table 102 held by the communication terminal 10a. When connected to the network 9, the communication terminal 10d creates an authentication information setting request and transmits it to the communication terminal 10a. There are two entries recorded in the table held by the communication terminal 10a, and the maximum number of storages has not been reached. The communication terminal 10a registers the authentication information of the communication terminal 10d in the empty entry of the management table 102. At this time, the authentication relationship establishment time is registered in the entry in which the authentication information of the communication terminal 10d is registered.

  When the authentication information of the communication terminal 10d is registered, the number of entries recorded in the management table 102 is 3, which exceeds the predetermined storage number. The communication terminal 10a creates a survival confirmation message and transmits it to the communication terminals 10b and 10c.

  However, when the communication terminal 10a transmits a survival confirmation message, the communication terminal 10b is out of order and the communication terminal 10c is turned off to save power because the communication terminal 10b is out of order. For this reason, the communication terminals 10b and 10c cannot transmit the survival response message to the communication terminal 10a. The communication terminal 10a registers the non-survival confirmation time in the entry in which the authentication information of the communication terminals 10b and 10c is registered because the survival response message is not transmitted even when the waiting time expires. Thereby, the communication terminals 10b and 10c are recorded in the management table 102 as deletion candidates.

  Then, the communication terminal 10a waits for a predetermined time until a survival response message is further transmitted. By the time the waiting time at this time expires, the communication terminal 10c is turned on, and the communication terminal 10c accesses the communication terminal 10a. The communication terminal 10a responds to the access of the communication terminal 10c, and at the same time, deletes the non-survival confirmation time of the communication terminal 10c from the management table 102 and cancels registration of the communication terminal 10c as a deletion candidate. At this time, the communication terminal 10a updates the last survival confirmation time of the communication terminal 10c.

  Since the communication terminal 10b is out of order, the communication terminal 10a cannot receive the survival response message from the communication terminal 10b even after the waiting time has expired. The communication terminal 10a creates a survival reconfirmation message and transmits it to the communication terminal 10b.

  Since the survival response message cannot be received from the communication terminal 10b even after the waiting time has expired after the transmission of the survival reconfirmation message, the communication terminal 10a deletes the authentication information of the communication terminal 10b from the management table 102. In the management table 102 after the processing is completed, two entries in which authentication information of the communication terminals 10c and 10d are registered are left.

  Hereinafter, the details of the operations of the communication terminals 10a to 10c will be described with reference to the flowcharts shown in FIGS. Hereinafter, a case where a communication terminal newly connected to the network (hereinafter referred to as a communication terminal 10d) transmits an authentication information setting request to the communication terminal 10a will be described as an example.

  FIG. 8 is a flowchart showing the operation of the authentication relationship control unit 103 of the communication terminal 10a. First, upon receiving an authentication information setting request from the communication unit 106 (step S101), the authentication relationship control unit 103 refers to the management table 102, and the number of entries recorded in the management table 102 has reached the maximum storage number. It is determined whether or not there is (step S102).

  If the number of entries has reached the maximum storage number, that is, if authentication information is registered in all entries of the management table 102, the authentication relationship control unit 103 rejects the setting of authentication information (step S103). . Then, the authentication relationship control unit 103 proceeds to the operation of step S106 described later.

  On the other hand, if the number of entries has not reached the maximum storage number, the authentication relationship control unit 103 reads the authentication information from the authentication information setting request received from the communication unit 106 and records it in the management table 102 together with the address (step) S104).

  Next, the authentication relationship control unit 103 determines whether or not the number of entries recorded in the management table 102 exceeds the predetermined number of storage (step S105). For example, when the predetermined storage number is 2, the authentication relationship control unit 103 determines whether there are three or more entries in which authentication information is registered.

  If the number of entries does not exceed the predetermined stored number, the authentication relationship control unit 103 returns to the operation of step S101. On the other hand, when the number of entries exceeds the predetermined storage number, the authentication relationship control unit 103 checks whether all communication counterparts recorded in the management table 102 are alive (step S106). The processing in step S106 is referred to as survival confirmation processing.

  FIG. 9 is a flowchart showing the operation of the authentication relationship control unit 103 in the survival confirmation process (step S106). First, the authentication relationship control unit 103 creates a survival confirmation instruction and passes it to the survival confirmation unit 104 (step S201).

  Next, the authentication relation control unit 103 determines whether or not a response waiting time expiration notification for the survival confirmation message has been received from the survival confirmation unit 104 (step S202). If the waiting time expiration notification has not been received, the authentication-related control unit 103 determines whether or not there is a response from the transmission destination of the survival confirmation message (step S203). Specifically, the authentication relationship control unit 103 determines whether or not a reception notification has been received from the survival confirmation unit 104.

  When receiving the reception notification, the authentication relationship control unit 103 refers to the management table 102 and registers the last survival confirmation time in the entry in which the response message transmission source address is registered (step S204). Then, the authentication relationship control unit 103 returns to the process of step S202, and determines whether or not a waiting time expiration notification has been received. On the other hand, if the reception notification has not been received, the authentication relationship control unit 103 returns to the operation of step S202.

  On the other hand, in step S <b> 202, if a response waiting time expiration notification for the survival confirmation message is received from the survival confirmation unit 104, the authentication relationship control unit 103 has received a response from all the communication counterparts that transmitted the survival confirmation message. Is determined (step S205). Specifically, the authentication relationship control unit 103 determines whether all the last survival confirmation times recorded in the management table 102 have been updated.

  If the survival response message is received from all the communication partners and all the last survival confirmation times have been updated, the authentication relationship control unit 103 returns to the operation of step S101 in FIG. On the other hand, if the survival response message has not been received from all the communication partners and all the final survival confirmation times have not been updated, the authentication relationship control unit 103 sets the communication partner that does not return the survival response message as a deletion candidate. Registration is performed (step S206). At this time, the authentication relationship control unit 103 refers to the management table 102 and selects an entry whose last survival confirmation time has not been updated. Then, the authentication relationship control unit 103 registers the non-survival confirmation time in the selected entry.

  Next, the authentication relationship control unit 103 starts measuring the waiting time until the survival reconfirmation message is transmitted (step S207), and determines whether the waiting time has expired (step S208).

  If the waiting time until the survival reconfirmation message is transmitted has not expired, the authentication relationship control unit 103 determines whether there is an access from a deletion candidate (step S209). Specifically, the authentication relationship control unit 103 determines whether or not a reception notification in which the deletion candidate address is recorded is received from another application. When the reception notification is received, the authentication relation control unit 103 cancels the registration as a deletion candidate for the communication terminal that is the message transmission source (step S210). The authentication relationship control unit 103 refers to the management table 102 and deletes the non-survival confirmation time from the entry in which the message source address is registered. Then, the authentication relationship control unit 103 registers the final survival confirmation time in the entry. Further, when authentication information is used for receiving a message, the authentication information last use time is updated. Then, the authentication relationship control unit 103 returns to the operation of step S208.

  On the other hand, when there is no access from the deletion candidate in step S209, the authentication relationship control unit 103 determines whether there is an access from another communication terminal excluding the deletion candidate (step S211). Specifically, the authentication relationship control unit 103 determines whether or not a reception notification in which an address other than the deletion candidate is recorded is received from another application.

  When there is an access from another communication terminal excluding deletion candidates, the authentication relationship control unit 103 updates the management table 102 (step S212). The authentication relationship control unit 103 refers to the management table 102 and registers the last survival confirmation time in the entry in which the message transmission destination address is recorded. Further, when authentication information is used for receiving a message, the authentication information last use time is updated. Then, the authentication relationship control unit 103 returns to the operation of step S208. On the other hand, in step S211, if a message is not received from a communication terminal that is not a deletion candidate, the authentication relationship control unit 103 returns to the operation of step S208.

  On the other hand, when the waiting time until the survival reconfirmation message is transmitted expires in step S208, the authentication relationship control unit 103 confirms again whether or not the communication terminal registered as the deletion candidate is alive (step S208). S213). The processing in step S213 is called survival reconfirmation processing.

  FIG. 10 is a flowchart showing the operation of the authentication relationship control unit 103 in the survival reconfirmation process (step S213).

  First, the authentication relationship control unit 103 passes a survival reconfirmation instruction to the survival confirmation unit 104 (step S301), and determines whether or not a response waiting time expiration notification for the survival reconfirmation message has been received from the survival confirmation unit 104. (Step S302). If the waiting time expiration notification has not been received, the authentication relationship control unit 103 determines whether there is a response or access from a deletion candidate (step S303). Specifically, whether the authentication relationship control unit 103 has received the survival response message transmitted by the deletion candidate from the survival confirmation unit 104, or has received a reception notification of another message transmitted by the deletion candidate from another application. Judging. If the reception notification has not been received, the authentication relationship control unit 103 returns to the operation of step S302.

  On the other hand, when the reception notification of the survival response message is received, the authentication relationship control unit 103 cancels the registration of the deletion candidate for the communication terminal that is the transmission source of the message (step S304). At this time, the authentication relationship control unit 103 refers to the management table 102 and deletes the non-survival confirmation time from the corresponding entry. At this time, the authentication relationship control unit 103 registers the last survival confirmation time in the entry.

  On the other hand, in step S <b> 302, when a response waiting time expiration notification for the survival reconfirmation message is received from the survival confirmation unit 104, the authentication relationship control unit 103 refers to the management table 102 and has received responses from all deletion candidates. It is determined whether or not (step S305). Specifically, the authentication relationship control unit 103 determines whether there is an entry in which the non-survival confirmation time is recorded in the management table 102.

  When the survival response message is received from all deletion candidates and no non-survival confirmation time is recorded in the management table 102, the authentication relationship control unit 103 returns to the operation of step S101 in FIG. On the other hand, if the survival response message has not been received from all the deletion candidates and the non-survival confirmation time is recorded in the management table 102, the authentication relationship control unit 103 determines that the communication terminal that does not return the survival response message is 1 It is determined whether it is a table (step S306). Specifically, the authentication relationship control unit 103 determines whether there is one entry in which the non-survival confirmation time is registered.

  When there are a plurality of communication terminals that do not return the survival response message, the authentication relationship control unit 103 selects the most probable entry from the deletion candidates (step S307). The authentication relationship control unit 103 refers to the management table 102 and sets the entry in which the oldest non-survival confirmation time is registered as the most likely entry. When all of the plurality of non-survival confirmation times are the same time, the authentication relationship control unit 103 sets the entry in which the oldest last survival confirmation time is registered as the most likely entry. The authentication relation control unit 103 deletes the authentication information from the most probable entry (step S308), and returns to the operation of step S101 in FIG.

  On the other hand, in step S306, when there is one communication terminal that does not return the survival response message, that is, when there is one entry in which the non-survival confirmation time is registered, the authentication relationship control unit 103 determines that the non-survival Delete the authentication information from the entry where the confirmation time is registered. Then, the authentication relationship control unit 103 returns to the operation of step S101 in FIG.

  FIG. 11 is a flowchart showing the operation of the survival confirmation unit 104. First, the survival confirmation unit 104 determines whether a survival confirmation instruction has been received from the authentication relationship control unit 103 (step S401). When receiving the survival confirmation instruction, the survival confirmation unit 104 refers to the management table 102 and creates a survival confirmation message to be transmitted to all addresses recorded in the management table 102 (step S402). Then, the survival confirmation unit 104 passes the survival confirmation message to the communication unit 106 (step S403). Then, the survival confirmation unit 104 proceeds to an operation of step S407 described later.

  On the other hand, if no survival confirmation instruction has been received, the survival confirmation unit 104 determines whether a survival reconfirmation instruction has been received from the authentication relationship control unit 103 (step S404). When the survival reconfirmation instruction has not been received, the survival confirmation unit 104 returns to the operation of step S401. On the other hand, when a survival reconfirmation instruction is received, the survival confirmation unit 104 creates a survival reconfirmation message to be transmitted to the deletion candidate (step S405). Then, the survival confirmation unit 104 passes the survival reconfirmation message to the communication unit 106 (step S406). At this time, the authentication information last use time is updated.

  When the survival confirmation message or the survival reconfirmation message is passed to the communication unit 106, the survival confirmation unit 104 starts measuring the response waiting time for the survival confirmation message or the survival reconfirmation message (step S407). Then, the survival confirmation unit 104 determines whether or not the waiting time has expired (step S408). If the waiting time has not expired, the survival confirmation unit 104 returns to the operation of step S408 again.

  On the other hand, when the waiting time for the response to the survival confirmation message or the survival reconfirmation message has expired, the survival confirmation unit 104 determines whether a survival response message has been received from the communication unit 106 (step S409). When the survival response message is received, the survival confirmation unit 104 authenticates the survival response message and determines whether or not the survival response message is valid (step S410). If the survival response message is valid, the survival confirmation unit 104 creates a reception notification and passes it to the authentication relationship control unit 103 (step S411). At this time, the authentication information last use time is updated.

  On the other hand, if the survival response message has not been received in step S409, the survival confirmation unit 104 returns to the operation of step S408. In step S410, if the survival response message is not valid, the survival confirmation unit 104 returns to the operation of step S408.

  FIG. 12 is a flowchart showing the operation of the communication unit 106. First, the communication unit 106 determines whether a message is received from the network 9 (step S501). If no message has been received, the communication unit 106 determines whether a message transmission request has been received (step S502). Specifically, the communication unit 106 determines whether a message has been received from the survival confirmation unit 104, the survival response unit 105, or another application.

  If there is a message transmission request, the communication unit 106 transmits the message to the network 9 (step S503). On the other hand, when there is no message transmission request, the communication unit 106 returns to the operation of step S501 and waits for reception of the message.

  On the other hand, when a message is received in step S501, the communication unit 106 determines whether the received message is a request for setting authentication information (step S504). If the received message is an authentication information setting request, the communication unit 106 passes the authentication information setting request to the authentication relationship control unit 103 (step S505). Then, the communication unit 106 returns to the operation of step S501.

  On the other hand, if the received message is not an authentication information setting request, the communication unit 106 determines whether the message is a survival confirmation message (step S506). If the received message is a survival confirmation message, the communication unit 106 passes the survival confirmation message to the survival response unit 105 (step S507). Then, the communication unit 106 returns to the operation of step S501.

  On the other hand, if the received message is not a survival confirmation message, the communication unit 106 determines whether the message is a survival reconfirmation message (step S508). When the received message is a survival reconfirmation message, the communication unit 106 passes the survival reconfirmation message to the survival response unit 105 (step S509). Then, the communication unit 106 returns to the operation of step S501.

  On the other hand, if the received message is not a survival reconfirmation message, the communication unit 106 determines whether the message is a survival response message (step S510). If the received message is a survival response message, the communication unit 106 passes the survival response message to the survival confirmation unit 104 (step S511). Then, the communication unit 106 returns to the operation of step S501.

  On the other hand, if the received message is not a survival response message, the communication unit 106 passes the message to another application (step S512). Then, the communication unit 106 returns to the operation of step S501.

  FIG. 13 is a flowchart showing the operation of the survival response unit 105. First, the survival response unit 105 determines whether a survival confirmation message has been received from the communication unit 106 (step S601). When the survival confirmation message is received, the survival response unit 105 proceeds to the operation of step S603 described later.

  On the other hand, if no survival confirmation message has been received, the survival response unit 105 determines whether a survival reconfirmation message has been received from the communication unit 106 (step S602). If the survival reconfirmation message has not been received, the survival response unit 105 returns to the operation of step S601 again.

  On the other hand, when a survival reconfirmation message or a survival confirmation message is received, the survival response unit 105 authenticates the received message and determines whether or not the message is valid (step S603). If the message is not valid, the survival response unit 105 discards the message and returns to the operation in step S601.

  On the other hand, if the message is valid, the survival response unit 105 creates a survival response message to be sent back to the source of the survival reconfirmation message or the survival confirmation message (step S604). The created survival response message is passed to the communication unit 106 (step S605). At this time, the survival response unit 105 updates the authentication information last use time in the management table 102.

  As described above, according to the present embodiment, when the number of pieces of authentication information held by the terminal exceeds the predetermined number stored, the communication terminal confirms the existence of other communication terminals and may be alive. Register low communication terminals as deletion candidates. When there is no access from a communication terminal registered as a deletion candidate, the communication terminal confirms the existence of the communication terminal again. The communication terminal selects the communication terminal that is least likely to be alive from the communication terminals that finally remain as deletion candidates, and deletes the authentication information of the selected communication terminal. Thereby, unnecessary authentication information can be deleted. Further, by performing the survival check a plurality of times, it is possible to minimize the possibility that the authentication information is erroneously deleted when the user temporarily turns off the power due to measures such as energy saving.

  Furthermore, the predetermined storage number is smaller than the maximum storage number, and the timing at which the communication terminal starts checking the existence of other communication terminals is when the authentication information storage number exceeds the predetermined storage number. Therefore, even when there is an authentication information setting request continuously from another communication terminal, the possibility of rejecting the authentication information setting request is reduced.

  Further, according to the present embodiment, unnecessary authentication information is deleted without the user performing a specific operation. Furthermore, even when the communication terminal is a terminal with a small memory capacity such as a network-compatible home appliance or a mobile phone with a small memory capacity, unnecessary authentication information is deleted before reaching the maximum number of stored authentication information. Therefore, unnecessary authentication information is not accumulated in the memory. Therefore, a shortage of memory capacity can be prevented.

  In this embodiment, when there are a plurality of communication terminals that are deletion candidates, the communication terminal selects the entry in which the oldest non-survival confirmation time is registered as the most likely entry. Here, for example, the communication terminal compares the last survival confirmation time recorded in the authentication information management table, and among the deletion candidates, the entry in which the oldest last survival confirmation time is registered may be the most likely entry. .

  The communication terminal may select the most prominent entry by using an algorithm such as LRU (Last Recent Use) or FIFO (First In First Out). When selecting the most prominent entry using LRU, the communication terminal selects, as the most prominent entry, an entry in which authentication information that has not been referred to for the longest time is registered. That is, the communication terminal selects an entry in which the oldest authentication information last use time is registered among the entries recorded in the authentication information management table. When selecting the most prominent entry using the FIFO, the communication terminal selects an entry in which the oldest authentication relationship establishment time is registered among the entries recorded in the authentication information management table. The method for selecting the most prominent entry is not limited to the above method as long as it is a method capable of selecting the most prominent entry.

  In the present embodiment, there is one entry that is selected as the most powerful entry and the authentication information is deleted. Here, the number of the most prominent entries may be two or more, and all the communication terminals that are candidates for deletion, that is, all the entries in which the non-survival confirmation times are registered may be set as the most prominent entries. When selecting a plurality of most prominent entries, the communication terminal may select a predetermined number of the most prominent entries in descending order of priority, and it is not possible to confirm survival after a predetermined condition (for example, after a predetermined period of time). All communication terminals satisfying (b) may be selected as the most likely entries.

  In the present embodiment, the number of times that the survival reconfirmation message is transmitted is one, but the survival reconfirmation message may be transmitted twice or more.

  In the present embodiment, each communication terminal communicates using authentication information. However, each communication terminal may perform, for example, encrypted communication using a common encryption key. In this case, an encryption key and information related to encryption are recorded in the management table instead of the authentication information.

  In the present embodiment, the authentication information setting request has been described as being transmitted from another communication terminal. Here, the authentication information setting request is not limited to the case of being instructed from another communication terminal, and may be instructed by other means. For example, the authentication information setting request may be instructed from an application or input from a user. The authentication information setting request may be instructed via a medium.

  Moreover, in this embodiment, the communication terminal calculated | required the hash value using the authentication information different for every communicating party. In this case, if the number of communication partners is large, the communication terminal that transmits the message must perform hash calculation as many as the number of communication partners, which places a processing load on the communication terminal that transmits the message. Therefore, each communication terminal may hold common authentication information for each group such as in the home. Thereby, when transmitting a message to the communication terminals belonging to the group, it is possible to create a message using the authentication information common to the group and perform broadcast communication. As a result, the number of message creations can be reduced.

(Second Embodiment)
Next, a second embodiment of the present invention will be described. FIG. 14 is a block diagram showing a configuration of a communication terminal 10a according to the second embodiment of the present invention. Compared with the configuration of the communication terminal according to the first embodiment shown in FIG. 3, the communication terminal shown in FIG. 14 includes an authentication information management table 107 and a deletion candidate management table 108 in the storage unit 101 instead of the management table 102. It differs in that it is stored. Since the other configuration is the same as that of the first embodiment, the same components as those of the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

  FIG. 15 is a diagram showing an example of the configuration of the authentication information management table 107 held by the communication terminal 10a according to the second embodiment. As shown in FIG. 15, each communication terminal uses authentication information, authentication relationship establishment time, authentication information last use time, and last survival confirmation time as the authentication management information of the other communication terminal. And corresponding to the address. Hereinafter, a set of the identifier, address, authentication information, authentication relationship establishment time, authentication information use last time, and survival confirmation last time of the communication terminal is referred to as an entry.

  In FIG. 15, the maximum number of entries recorded in the authentication information management table 107 is four, but the maximum number of entries may be three or less, or may be five or more. . Further, information other than the information described above may be registered in each entry. The authentication information management table 107 may record information other than the information described above.

  FIG. 16 is a diagram illustrating an example of the configuration of the deletion candidate management table 108. As shown in FIG. 16, each communication terminal holds a deletion candidate registration time and a final survival confirmation time corresponding to the identifier of the other communication terminal as deletion management information of the other communication terminal. The deletion candidate registration time is a time that is registered when it is determined as a deletion candidate without transmitting a survival response message even if a predetermined time has elapsed after transmission of the survival confirmation message.

  In each communication terminal, when a survival response message is not sent within a predetermined waiting time after sending a survival confirmation message, when deleting / registering a deletion candidate, and when selecting a leading entry, authentication relationship The operations other than the control unit 103 referring to the deletion candidate management table 108 instead of the authentication information management table 107 are the same as those in the first embodiment. Only the difference will be described below with reference to FIG. Further, in the present embodiment, description will be made assuming that an identifier of a message transmission source is recorded in the reception notification passed from the survival confirmation unit 104, the survival response unit 105, or another application to the authentication relationship control unit 103. .

  In FIG. 9, when there is a communication terminal that does not transmit a survival response message after transmission of a survival confirmation message (step S205), the authentication relationship control unit 103 selects a communication terminal that has not transmitted a survival response message as a deletion candidate. (Step S206). The authentication relationship control unit 103 refers to the authentication information management table 107 and selects an entry whose last survival confirmation time has not been updated. Then, the authentication relationship control unit 103 records the identifier registered in the selected entry, the deletion candidate registration time, and the final survival confirmation time in the deletion candidate management table 108 in combination. The deletion candidate registration time registered at this time is the time when these pieces of information are registered in the entry.

  If there is any access from a communication terminal registered as a deletion candidate (step S209), that is, if a reception notification in which the deletion candidate identifier is recorded is received from another application, the authentication relationship control unit 103 Cancels registration as a deletion candidate for a communication terminal that has been accessed (step S210). At this time, the authentication relationship control unit 103 refers to the deletion candidate management table 108 and deletes the identifier, the deletion candidate registration time, and the last survival confirmation time from the entry in which the identifier of the accessed communication terminal is registered. . Then, the authentication relationship control unit 103 refers to the authentication information management table 107 and updates the last survival confirmation time. Further, when the authentication information is used when the other application receives the message, the authentication information last use time is updated.

  Next, details of the operation in step S212 of FIG. 9 are shown in FIG. In step S304 in FIG. 10, when canceling registration as a deletion candidate for a communication terminal that has transmitted a survival response message, the authentication relationship control unit 103 refers to the deletion candidate management table 108 and determines the communication terminal that has responded. The identifier, the deletion candidate registration time, and the last survival confirmation time are deleted from the entry in which the identifier is registered. Then, the authentication relationship control unit 103 refers to the authentication information management table 107 and updates the last survival confirmation time. When the authentication information is used when the survival confirmation unit 104 or another application receives the message, the authentication information last use time is updated.

  If there are a plurality of communication terminals that do not transmit the survival response message (step S306), the authentication relationship control unit 103 selects the most probable entry (step S307). At this time, the authentication relationship control unit 103 refers to the deletion candidate management table 108 and sets the entry in which the oldest deletion candidate registration time is registered as the most likely entry. Then, the authentication relationship control unit 103 deletes information registered in the most prominent entry (step S308). At this time, the authentication relationship control unit 103 refers to the authentication information management table 107 and deletes the authentication information registered in the most prominent entry.

  As described above, according to the present embodiment, the communication terminal refers to the deletion candidate management table when transmitting the survival reconfirmation message to the deletion candidate or selecting the most powerful entry. As a result, the communication terminal only needs to refer to the deletion candidate management table after registering the deletion candidate, and therefore does not need to search for necessary information from all entries recorded in the authentication management table. Therefore, the existence of the communication partner can be confirmed efficiently.

  In this embodiment, when there are a plurality of deletion candidate communication terminals, the communication terminal selects the most probable entry based on the deletion candidate registration time recorded in the deletion candidate management table. Here, the communication terminal may select the most probable entry based on the last survival confirmation time recorded in the deletion candidate management table. At this time, the authentication relationship control unit of the communication terminal selects an entry in which the oldest last survival confirmation time is registered as the most likely entry. The communication terminal may select the most probable entry using an algorithm such as LRU or FIFO. Further, when using the LRU, the authentication information last use time may be recorded in the deletion candidate management table, and when using the FIFO, the authentication relationship establishment time may be recorded in the deletion candidate management table. Also, the method for selecting the most prominent entry is not limited to the above method as long as it is a method that can prioritize a plurality of entries.

  Further, in the present embodiment, when deletion candidates are registered, the deletion candidate management table may be transmitted to all the communication terminals having an authentication relationship to synchronize the deletion candidates. The communication terminal that has received the deletion candidate management table can perform the survival reconfirmation process based on the deletion candidate management table. As a result, the communication terminal that has received the deletion candidate management table does not need to send a survival confirmation message to another communication terminal. Thereby, the frequency | count of transmission of the survival confirmation message on a network can be reduced. Therefore, the existence of the communication partner can be confirmed efficiently.

  When transmitting the deletion candidate management table to another communication terminal, the communication terminal that has received the deletion candidate management table is recorded in the deletion candidate management table with respect to the communication terminal that is the transmission source of the deletion candidate management table. You may notify whether it communicated with the communication terminal of the deletion candidate within a fixed period. In this case, an example of the configuration of the authentication information management table held by the communication terminal is shown in FIG.

  The authentication information management table shown in FIG. 17 is obtained by further recording the number of responses within a predetermined period in the authentication information management table shown in FIG. The communication terminal that has received the deletion candidate management table notifies the deletion candidate communication terminal of a notification indicating whether or not communication with the deletion candidate communication terminal has been performed within a predetermined period. The destination communication terminal of the deletion candidate management table counts the number of communication terminals that have communicated with the deletion candidate communication terminal within this predetermined period. Then, the destination communication terminal of the deletion candidate management table determines that the deletion candidate communication terminal having the largest count number is most likely to be alive among the deletion candidates. Note that, when prioritizing deletion candidates and selecting them as the highest priority entry and the most likely entry, the priority of the deletion candidate communication terminal with the largest count may be lowered by one.

  In addition, when deleting authentication information, information related to the communication terminal from which the authentication information has been deleted may be notified to all the communication terminals having an authentication relationship, and the authentication information may be synchronized. The communication terminal that has received the notification may delete the authentication information of the communication terminal recorded in the notification, or may perform a survival reconfirmation process on the communication terminal recorded in the notification. In addition, when managing deletion candidates with priority, if a communication terminal that has received a notification is a communication terminal that has been notified that it has been deleted, the priority of deletion candidates in its own terminal is equal to or higher than a certain rank, The deletion candidate may be deleted.

(Third embodiment)
Next, a third embodiment of the present invention will be described. In the first embodiment, the communication terminal records the new authentication information in the authentication information management table, and performs the survival check only when the number of entries exceeds the predetermined storage number. On the other hand, in the third embodiment, the communication terminal starts the survival check process of the communication partner according to the user's instruction, and displays the number of entries recorded in the authentication relationship management table. This is different from the first embodiment.

  FIG. 18 is a block diagram showing a configuration of a communication terminal according to the third embodiment of the present invention. The configuration of the communication terminal illustrated in FIG. 18 is different from the configuration of the communication terminal according to the first embodiment illustrated in FIG. 3 in that the storage number display unit 109 and the update instruction unit 110 are further included. Since the other configuration is the same as that of the first embodiment, the same components as those of the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

  The storage number display unit 109 displays the number of entries recorded in the management table 102, the maximum number of entries stored, and the like. Specifically, the number of entries in which authentication information is registered, the maximum storage number, and the predetermined storage number are displayed on, for example, a liquid crystal display or a mechanical display device. The display format of the storage number display unit 109 may display the number of recorded entries and the ratio (percentage) of the number of entries with respect to the maximum storage number in numbers, and a graph representing them. Or a mark. Further, the recording status of the entry may be always displayed, or may be displayed only when the predetermined number of storage is exceeded.

  The update instruction unit 110 is, for example, a switch, and generates an update instruction signal according to a user instruction. The update instruction unit 110 only needs to be able to detect an instruction from the user (external) as a signal generation trigger, and is, for example, a button switch, or a switch using connection of a mechanical switch, a sensor, or a contact.

  In the communication terminal, the operations of the units other than the storage number display unit 109, the update instruction unit 110, and the authentication relation control unit 103 are substantially the same as those in the first embodiment, and therefore, details are described with reference to FIGS. The detailed explanation is omitted.

  FIG. 19 is a flowchart showing the operation of the update instruction unit 110. Hereinafter, the operation of the update instruction unit 110 will be described with reference to FIG.

  First, the update instruction unit 110 determines whether an instruction from a user has been received (step S701). When receiving the instruction, the update instruction unit 110 generates an update instruction signal and passes it to the authentication relationship control unit 103 (S702).

  On the other hand, if an instruction from the user has not been received, the update instruction unit 110 returns to the operation of step S1701 and waits for an instruction from the user.

  FIG. 20 is a flowchart showing the operation of the authentication relationship control unit 103. Hereinafter, the operation of the authentication relationship control unit 103 will be described with reference to FIG.

  The authentication relationship control unit 103 determines whether an update instruction signal has been received from the update instruction unit 110 (step S801). If the update instruction signal has not been received, the authentication relationship control unit 103 returns to the operation of step S801 again.

  On the other hand, when an update instruction signal is received, the authentication relationship control unit 103 refers to the management table 102 (step S802), and determines whether or not deletion candidates are registered (step S803). When the deletion candidate is not registered, that is, when there is no entry in which the non-survival confirmation time is registered in the management table 102, the authentication relationship control unit 103 starts the survival confirmation process (step S804). The survival confirmation process in step S804 corresponds to the survival confirmation process in step S106 of FIG.

  On the other hand, if a deletion candidate is registered in step S803, the authentication relationship control unit 103 starts a survival reconfirmation process (step S805). The survival reconfirmation process in step S805 corresponds to the survival reconfirmation process in step S212 of FIG.

  As described above, according to the present embodiment, the number of entries and the maximum storage number recorded in the authentication information management table are displayed on the communication terminal, so that the user can determine the amount of authentication information recorded on the communication terminal. Can be grasped. Further, the user can instruct the communication terminal to delete unnecessary authentication information.

(Fourth embodiment)
Next, a fourth embodiment of the present invention will be described. In the first embodiment, the survival reconfirmation message transmitted by the communication terminal is transmitted once. On the other hand, in the fourth embodiment, the communication terminal is different from the first embodiment in that it transmits the survival reconfirmation message a plurality of times.

  FIG. 21 is a diagram schematically illustrating the configuration of the management table 102 held by the communication terminal according to the fourth embodiment. FIG. 22 is an example of a table held by the communication terminal 10a, but the communication terminals 10b and 10c also hold the same table as the communication terminal 10a.

  Compared with the management table 102 shown in FIG. 2, the management table 102 shown in FIG. 21 holds the device type in association with the identifiers and addresses of other communication terminals in addition to the information shown in FIG. Is different. The device type is information indicating the classification of the device to which each communication terminal belongs, and is information for distinguishing, for example, a telephone, a refrigerator, an air conditioner, or the like.

  Some communication terminals are turned on and off at regular intervals every several hours or several days for reasons such as power saving measures. In the present embodiment, the communication terminal transmits the survival reconfirmation message at a time other than the time zone in which the power is periodically turned off by grasping the device type of the communication partner. A memory (not shown) of the communication terminal stores a transmission pattern of a survival reconfirmation message corresponding to the device type in advance. The transmission pattern includes the number of transmissions of the survival reconfirmation message and its transmission interval. Based on the device type transmission pattern recorded in the management table 102, the communication terminal transmits a survival reconfirmation message to the deletion candidate.

  Since the configuration of the communication terminal is the same as that of the first embodiment, only the differences from the first embodiment will be described with reference to FIG.

  When the authentication relationship control unit 103 starts the survival reconfirmation process, the authentication relationship control unit 103 counts the number of times the survival reconfirmation message is transmitted. First, the authentication relation control unit 103 passes a collective transmission instruction for transmitting a survival reconfirmation message to all deletion candidates to the survival confirmation unit 104. Then, the authentication relationship control unit 103 waits for a response from the deletion candidate until a waiting time expiration notification is received from the survival confirmation unit 104. At this time, the waiting time expiration notification received from the survival confirmation unit 104 includes the address of the communication partner whose waiting time expires. The authentication-related control unit 103 refers to the address included in the waiting time expiration notification and updates the number of times the survival reconfirmation message is transmitted to the address.

  Then, the authentication relationship control unit 103 determines whether or not the survival reconfirmation message has been transmitted a predetermined number of times for all deletion candidates. Authentication is performed when the survival reconfirmation message has not been sent a predetermined number of times for all deletion candidates and the number of times the survival reconfirmation message has been sent for the deletion candidate whose waiting time has expired has not reached the predetermined number of times. The relationship control unit 103 instructs the survival confirmation unit 104 to transmit the survival reconfirmation message to the deletion candidate again. At this time, an instruction passed from the authentication relationship control unit 103 to the survival confirmation unit 104 is referred to as a partial transmission instruction in order to distinguish it from a batch transmission instruction.

  On the other hand, when the number of transmissions of the survival reconfirmation message for the deletion candidate whose waiting time has expired has reached a predetermined number, the authentication relationship control unit 103 waits for the next waiting time expiration notification.

  Thus, every time the waiting time expiration notification is received from the survival confirmation unit 104, the authentication relationship control unit 103 determines whether or not a survival reconfirmation message has been transmitted a predetermined number of times to all deletion candidates. By this time, when there is a response or access from the deletion candidate, that is, when a reception notification is received from the survival confirmation unit 104 or other application, registration of the communication terminal that has responded to the deletion candidate is canceled.

  On the other hand, if there is a communication terminal that does not respond even after sending the survival reconfirmation message to all the deletion candidates a predetermined number of times, the authentication relationship control unit 103 selects the most powerful entry from the deletion candidates, The authentication information is deleted from the management table 102.

  When the survival confirmation unit 104 receives a batch transmission instruction from the authentication relationship control unit 103, the survival confirmation unit 104 refers to the management table 102 and creates a survival reconfirmation message for transmission to all deletion candidates. When the survival confirmation unit 104 passes the survival reconfirmation message to the communication unit 106, the survival confirmation unit 104 starts measuring the waiting time according to the device type of the transmission destination of the message. Each time the response waiting time for the survival reconfirmation message expires, the address of the communication partner whose waiting time has expired is recorded in the waiting time expiration notification and passed to the authentication relationship control unit 103.

  When receiving the partial transmission instruction, the survival confirmation unit 104 creates a survival reconfirmation message to be transmitted for the instructed deletion candidate. Then, when the survival reconfirmation message is passed to the communication unit 106, the survival confirmation unit 104 starts measuring the waiting time determined for each deletion candidate.

  Hereinafter, operations of the authentication relationship control unit 103 and the survival confirmation unit 104 will be described. The operations different from those of the first embodiment are the operations of the authentication relation control unit 103 and the survival confirmation unit 104 in the survival reconfirmation process, and the operations in the other units are illustrated in FIGS. 8, 9, 12, and 12. FIG. 13 is used and the description thereof is omitted.

  FIG. 22 is a flowchart showing the operation of the authentication relationship control unit 103 in the survival reconfirmation process (step S208). Hereinafter, the operation of the authentication relation control unit 103 will be described with reference to FIG.

  First, the authentication relationship control unit 103 gives a collective transmission instruction of a survival reconfirmation message to the survival confirmation unit 104 (step S901). Then, it is determined whether or not a waiting time expiration notification for a response to the survival reconfirmation message has been received from the survival confirmation unit 104 (step S902). If the waiting time expiration notification has not been received, the authentication-related control unit 103 determines whether a survival response message has been transmitted from the deletion candidate or whether there has been an access (step S903). If the survival response message or the reception notification indicating that there has been some access has not been received from the deletion candidate, the authentication relationship control unit 103 returns to the operation of step S901.

  On the other hand, when the reception notification is received, the authentication relationship control unit 103 refers to the management table 102, deletes the non-survival confirmation time from the entry in which the address recorded in the reception notification is registered, and becomes a deletion candidate. Is unregistered (step S904). At this time, the authentication relationship control unit 103 updates the last survival confirmation time registered in the entry.

  On the other hand, if a waiting time expiration notification is received from the survival confirmation unit 104 in step S902, the authentication relationship control unit 103 determines whether or not a survival reconfirmation message has been transmitted a predetermined number of times for all deletion candidates ( Step S905). If the survival reconfirmation message has not been transmitted the predetermined number of times for all deletion candidates, should the authentication relationship control unit 103 transmit the survival reconfirmation message again to the deletion candidate whose waiting time has expired in step S902? It is determined whether or not (step S906). In step S902, when the number of times of sending the survival reconfirmation message to the deletion candidate whose waiting time has expired has not reached the predetermined number, the authentication relationship control unit 103 sends a survival reconfirmation message to the deletion candidate whose waiting time has expired. A partial transmission instruction for transmitting to the survival confirmation unit 104 is created (step S907). The partial transmission instruction is passed to the survival confirmation unit 104. On the other hand, in step S906, when the number of times of sending the survival reconfirmation message to the deletion candidate whose waiting time has expired has reached a predetermined number, the authentication relationship control unit 103 returns to the operation of step S902.

  On the other hand, when the survival reconfirmation message is transmitted a predetermined number of times for all deletion candidates, the authentication relationship control unit 103 refers to the management table 102 to determine whether or not a survival response message has been received from all deletion candidates. Judgment is made (step S908). The operation of the authentication relationship control unit 103 in steps S908 to S911 is the same as the operation of steps S305 to S308 shown in FIG.

  FIG. 23 is a flowchart showing the operation of the survival confirmation unit 104. The operations in steps S1101 to S1103 are the same as the operations in steps S401 to S403 shown in FIG.

  In step S <b> 1104, the survival confirmation unit 104 determines whether a batch transmission instruction has been received from the authentication relationship control unit 103. When receiving a batch transmission instruction, the survival confirmation unit 104 refers to the management table 102 and creates a survival reconfirmation message for transmission to all deletion candidates (step S1105). The survival reconfirmation message is passed to the communication unit 106 (step S1106).

  On the other hand, if no batch transmission instruction has been received in step S1104, the survival confirmation unit 104 determines whether a partial transmission instruction has been received from the authentication relationship control unit 103 (step S1107). When the partial transmission instruction is received, the survival confirmation unit 104 reads the address from the partial transmission instruction, and creates a survival reconfirmation message for transmission to the address (step S1108). The survival reconfirmation message is passed to the communication unit 106 (step S1109). Then, the survival confirmation unit 104 proceeds to the operation of step S407 illustrated in FIG.

  As described above, according to the present embodiment, even when the communication terminal connected to the network is one in which the power supply is periodically switched ON / OFF, it can survive by grasping the device type of the communication partner. The transmission pattern of the reconfirmation message can be changed. As a result, the survival reconfirmation message is not transmitted while the power of the communication partner is periodically disconnected, so that the existence of the communication partner can be accurately confirmed. Therefore, it is possible to further reduce the possibility that the authentication information of the alive communication terminal is erroneously deleted.

  In this embodiment, the waiting time of the survival response message for the survival confirmation message or the survival reconfirmation message and the number of times of the survival reconfirmation message transmission are set in advance according to the type of the communication terminal that is the transmission destination of the message. It was. Here, the user may determine the waiting time and the number of times of transmission of the survival reconfirmation message. In this case, the communication terminal includes an input unit, and the user may input the waiting time and the number of transmissions to the input unit.

  In addition, the waiting time of the survival response message for the survival confirmation message or the survival reconfirmation message and the number of times of the survival reconfirmation message transmission were set for each communication terminal, but grouped according to the type of communication terminal, The waiting time and the number of transmissions may be set for each group. For example, air conditioners, refrigerators, microwave ovens, and water heaters connected to a network can be grouped into home appliance groups, televisions and videos can be grouped into AV devices, and lighting and monitoring systems can be grouped into housing equipment groups. In this case, the communication terminal can set the waiting time and the number of times that the survival reconfirmation message is transmitted for each home appliance group, AV device group, and house equipment group.

  In the first to fourth embodiments, the case where each communication terminal communicates directly on a one-to-one basis without going through a server has been described. However, the present invention applies to a case where each communication terminal communicates via a server. Can also be applied. In that case, a management device such as a server centrally manages authentication information of other communication terminals, and performs survival confirmation processing and survival reconfirmation processing on the other communication terminals.

(Example 1 of the first to fourth embodiments)
Next, Example 1 of the present invention will be described. In this embodiment, the communication terminal is a dedicated device such as a network-compatible home appliance on which an LSI or the like masked with a program having a function for canceling the authentication relationship is mounted. Since the configuration of the communication system and the operation of the communication terminal are the same as those in the first to fourth embodiments, the detailed description will be omitted with reference to FIGS.

  In the present embodiment, the communication terminals 10a to 10c are home appliances such as an air conditioner, a refrigerator, a microwave oven, and a water heater connected to the network in a home network system, or cooking home appliances such as a coffee maker and a pot. The communication terminals 10a to 10c may be telephones, televisions, videos, or security devices used for security measures.

  Hereinafter, a problem specific to a communication terminal that is a network-compatible home appliance will be described. First, since a communication terminal that is a network-compatible home appliance may have only a simple input means, there is a problem that it takes time to establish an authentication relationship with another communication terminal. Therefore, if an authentication information deletion error occurs, it takes time to reset the authentication information.

  Second, if the user temporarily turns off the power of the communication terminal to save power, or if the communication terminal switches on / off of the power of the own terminal at regular intervals, authentication is performed. There is a problem that erroneous deletion of information may occur. In the conventional authentication information deletion method, a message for confirming the existence of a communication partner is transmitted only once. Accordingly, even if the communication partner is only turned off when the message is transmitted, the authentication information is deleted. Thus, with the conventional method, it is impossible to accurately grasp whether or not the communication terminal that is the message transmission destination is alive. Therefore, there is a possibility of causing a deletion mistake.

  Thirdly, when the capacity of the memory held by the communication terminal is small, there is a problem that the communication terminal cannot hold a lot of authentication information. If unnecessary authentication information is not properly deleted and authentication information accumulated in the memory increases, there is a risk of insufficient memory capacity of the memory. Therefore, when unnecessary authentication information occurs, unnecessary authentication information must be deleted promptly. In this case, since the data processing capability of the communication terminal is considered to be low, the authentication process cannot be burdened. Therefore, it is difficult to transmit a keep-alive packet at regular intervals and authenticate the message each time. Moreover, since it becomes a processing burden, there is a possibility that the communication terminal does not include an input unit such as a keyboard.

  However, the above-described problems can be solved by applying the present invention. After transmitting the survival confirmation message, the communication terminal registers a communication terminal that does not respond as a deletion candidate, and transmits a survival reconfirmation message to the deletion candidate. In this way, by sending a message that confirms the existence of the communication partner multiple times, the power of the communication partner is accidentally turned off, or the message transmission delay occurs due to network congestion. The occurrence of the cause can be reduced. Thereby, possibility that authentication information will be deleted accidentally can be reduced. Thus, according to the present embodiment, the second problem can be solved. In addition, by solving the second problem, the first problem is also solved.

  Further, the communication terminal starts the survival process when the number of entries recorded in the management table exceeds the predetermined number of storage. As a result, unnecessary authentication information can be quickly deleted, so that only necessary authentication information can be recorded in the management table. In addition, since the predetermined number of storages is smaller than the maximum number of storages, authentication information can be set even when authentication information setting requests are continuously transmitted from a plurality of communication terminals. Therefore, the third problem is solved.

  As described above, according to the present embodiment, even when the communication terminal is a network-compatible home appliance with a small memory capacity, the possibility of erroneous deletion of necessary authentication information is reduced, and the memory capacity of the memory is reduced. Insufficiency can be prevented.

  In the present embodiment, the communication terminal is described as being a network-compatible home appliance, but the present invention is not limited to a network-compatible home appliance, and is also useful for a portable terminal having a small memory capacity.

(Example 2 of the first to fourth embodiments)
Next, Example 2 of the present invention will be described. In the first embodiment, the communication terminal is a dedicated device such as a network-compatible home appliance on which an LSI or the like masked with a program having a function for canceling the authentication relationship is mounted. On the other hand, in this embodiment, the communication terminal is, for example, a personal computer or a mobile phone, and is a program (hereinafter referred to as an authentication information management program) that realizes the software configuration shown in FIG. A general-purpose CPU for reading and executing the program. Since the functional configuration and operation formed by the communication terminal executing the authentication information management program are the same as those in the first to fourth embodiments, FIG. 1 to FIG. 23 are used, and detailed description thereof is omitted. .

  FIG. 24 is a block diagram illustrating a hardware configuration of the communication terminal 10a. The communication terminal 11a includes a CPU 201, an input unit 202, a memory 203, an output unit 204, and a communication unit 205. The authentication information management program is stored in the memory 203 in advance, and is appropriately read by the CPU 201 and executed. 24 is compared with the software configuration diagram of the communication terminal 10a shown in FIG. 18, first, the input unit 202 corresponds to the update instruction unit 110. The memory 203 stores the management table 102. The output unit 204 is a display device such as a liquid crystal display device, and corresponds to the stored number display unit 109. The communication unit 205 includes a CPU and a communication terminal such as a modem, and corresponds to the communication unit 106. The CPU 201 realizes functions corresponding to the authentication relation control unit 103, the survival confirmation unit 104, and the survival response unit 105. Upon receiving the authentication information setting request, the CPU 201 reads out and executes the authentication information management program from the memory 203. When the CPU 201 receives a deletion instruction from the input unit 202, the CPU 201 reads the authentication information management program from the memory 203 and executes it. Then, the CPU 201 refers to the management table 102 stored in the memory 203 and starts an authentication relationship cancellation process.

  When the storage number display unit 109 and the update instruction unit 110 are not necessary, the input unit 202 and the output unit 204 may not be provided. When the communication terminal holds the authentication information management table 107 and the deletion candidate management table 108, the memory 203 stores the authentication information management table 107 and the deletion candidate management table 108.

  In the present embodiment, the authentication information management program is stored in advance in the memory. Here, the authentication information management program may be stored in a recording medium such as an optical disk or a flexible disk, or may be stored in a memory card such as an SD memory card or smart media. The authentication information management program may be provided via a network.

  The present invention provides a communication system that can reduce the possibility of erroneous deletion of authentication information, a communication terminal used therefor, an authentication information management method, an authentication information management program, a recording medium for storing the authentication information management program, and the like. Useful. Further, the present invention provides a communication terminal capable of preventing a shortage of memory storage capacity when the communication terminal is a terminal having a small memory capacity such as a network-compatible home appliance or a mobile phone having a small memory capacity, It is also useful as an authentication information management method, an authentication information management program, and a recording medium for storing the authentication information management program.

The block diagram which shows the structure of the communication system which concerns on the 1st Embodiment of this invention. The figure which shows an example of a structure of the management table which the communication terminal 10a hold | maintains. The block diagram which shows the structure of the communication terminals 10a-10c Diagram showing an example of the structure of a survival confirmation message Diagram showing an example of the structure of a survival confirmation message Diagram showing an example of the structure of a survival response message Sequence diagram showing outline of operation of communication terminals 10a to 10d A flowchart showing the operation of the authentication relation control unit 103 The flowchart which shows operation | movement of the authentication relation control part 103 in a survival confirmation process. A flowchart showing the operation of the authentication relationship control unit 103 in the survival reconfirmation process A flowchart showing the operation of the survival confirmation unit 104 A flowchart showing the operation of the communication unit 106 A flowchart showing the operation of the survival response unit 105 The block diagram which shows the structure of the communication terminal which concerns on the 2nd Embodiment of this invention. The figure which shows an example of a structure of the authentication information management table 107 The figure which shows an example of a structure of the deletion candidate management table 108 The figure which shows an example of a structure of the authentication information management table 107 The block diagram which shows the structure of the communication terminal which concerns on the 3rd Embodiment of this invention. A flowchart showing the operation of the update instruction unit 110 The flowchart which shows operation | movement of the authentication relation control part 103 which concerns on 3rd Embodiment. The figure which shows an example of a structure of the management table 102 which a communication terminal hold | maintains in the communication system which concerns on 4th Embodiment. The flowchart which shows operation | movement of the authentication related control part 103 which concerns on 4th Embodiment in a survival reconfirmation process. The flowchart which shows operation | movement of the survival confirmation part 104 which concerns on 4th Embodiment. The block diagram which shows the hardware constitutions of the communication terminal 10a Block diagram showing the configuration of a conventional authentication information management system

Explanation of symbols

9 Network 10a to 10c, 100a to 100c Communication terminal 101 Storage unit 102 Management table 103 Authentication relation control unit 104 Survival confirmation unit 105 Survival response unit 106 Communication unit 107 Authentication information management table 108 Delete candidate management table 109 Storage number display unit 110 Update Instruction unit 200 Security gateway 201 CPU
202 Input unit 203 Memory 204 Output unit 205 Communication unit

Claims (27)

A communication terminal that communicates with another valid communication terminal via the network after determining whether the other communication terminal connected via the network is valid,
Management information storage means for storing management information for managing authentication information for each communication terminal used to determine whether or not a communication terminal connected via the network is valid;
A stored number judging means for referring to the management information and judging whether or not the number of authentication information recorded in the management information exceeds a predetermined stored number;
When it is determined by the stored number determination means that the number of stored authentication information exceeds the predetermined stored number, a survival confirmation unit for confirming whether the other valid communication terminal is alive,
If it is determined by the survival confirmation means that there is a communication terminal whose survival cannot be confirmed, a deletion candidate registration means for registering the communication terminal whose survival cannot be confirmed in the management information as a deletion candidate;
Authentication information deletion means for deleting authentication information related to at least one communication terminal from the management information among communication terminals registered as deletion candidates by the deletion candidate registration means,
The communication terminal according to claim 1, wherein the predetermined storage number is smaller than a maximum storage number of authentication information that can be stored in the communication terminal.   Furthermore, when there exists access from the communication terminal registered as a deletion candidate by the deletion candidate registration means, the deletion candidate cancellation means for canceling registration of the accessed communication terminal to the deletion candidate is provided. Communication terminal. Furthermore, it comprises a survival reconfirmation means for reconfirming the survival of the deletion candidate communication terminal registered in the management information by the deletion candidate registration means,
The communication terminal according to claim 2, wherein the deletion candidate canceling unit cancels registration as a deletion candidate for a communication terminal whose survival has been confirmed by the survival reconfirmation unit. The survival confirmation means includes
When the stored number determining means determines that the stored number of authentication information exceeds the predetermined stored number, a survival confirmation message for confirming whether or not the other valid communication terminal is alive A survival confirmation message creating and transmitting means for creating and transmitting to the other valid communication terminal;
Response presence determination means for determining whether or not a survival response message has been sent within a predetermined time from the destination communication terminal of the survival confirmation message,
When the communication terminal further receives a survival confirmation message transmitted by the other valid communication terminal, a survival response message is generated and transmitted to the communication terminal that is the transmission source of the survival confirmation message. The communication terminal according to claim 1, further comprising creation transmission means. The survival reconfirmation means includes
Create a survival reconfirmation message for reconfirming whether the communication terminal that is a deletion candidate is alive, and send it to a communication terminal registered as a deletion candidate,
Response presence determination means for determining whether or not a survival response message has been sent within a predetermined time from a communication terminal that is a transmission destination of the survival reconfirmation message,
When the communication terminal further receives the survival reconfirmation message transmitted by the other valid communication terminal, the communication terminal creates a survival response message and transmits the survival response message to the communication terminal that is the transmission source of the survival confirmation message. The communication terminal according to claim 3, further comprising a message creation / transmission unit. Further, when the setting of the authentication information is requested, the management information is referred to, and it is determined whether or not the number of authentication information recorded in the management information has reached the maximum storage number. Means,
An authentication information registering unit for registering the requested authentication information when it is determined by the registration propriety determining unit that the number of authentication information recorded in the management information has not reached the maximum storage number;
When the authentication information is recorded in the management information by the authentication information registration unit, the storage number determination unit refers to the management information and determines whether or not the authentication information storage number has reached the predetermined storage number. The communication terminal according to claim 1. An authentication value that is a value obtained by converting the message by a predetermined method is added to the survival confirmation message,
Using the authentication value, further comprising authentication means for authenticating whether the received survival confirmation message is transmitted from another valid communication terminal;
5. The survival response message creating / transmitting means creates a survival response message when the authenticating means determines that the survival confirmation message has been transmitted from another valid communication terminal. Communication terminal. In the survival response message for the survival confirmation message, an authentication value that is a value obtained by converting the message by a predetermined method is added,
Using the authentication value, further comprising authentication means for authenticating whether the received survival response message is transmitted from another valid communication terminal;
The response presence / absence determining means receives a response from the communication terminal that is the transmission source of the survival response message when the authentication means determines that the survival response message is transmitted from another valid communication terminal. The communication terminal according to claim 4, wherein the communication terminal is determined to have been. The survival reconfirmation message is attached with an authentication value that is a value obtained by converting the message by a predetermined method,
Using the authentication value, further comprising authentication means for authenticating whether the received survival reconfirmation message is transmitted from another valid communication terminal;
6. The survival response message creating / transmitting unit creates a survival response message when the authenticating unit determines that the survival reconfirmation message is transmitted from another valid communication terminal. Communication terminal. In the survival response message for the survival reconfirmation message, an authentication value that is a value obtained by converting the message by a predetermined method is added,
Using the authentication value, further comprising authentication means for authenticating whether the received survival response message is transmitted from another valid communication terminal;
The response presence / absence determining means receives a response from the communication terminal that is the transmission source of the survival response message when the authentication means determines that the survival response message is transmitted from another valid communication terminal. And
The communication terminal according to claim 5, wherein the deletion candidate canceling unit cancels registration of the communication terminal determined to have received a response by the response presence determination unit as a deletion candidate. The management information comprises a management table in which information necessary for selecting a communication terminal that is least likely to be alive among communication terminals that are deletion candidates is recorded,
The communication terminal according to claim 1, wherein the authentication information deleting unit selects a communication terminal from which the authentication information is deleted with reference to a management table. The management information is
An authentication information management table for managing the authentication information for each communication terminal;
It consists of a deletion candidate management table in which information necessary to select a communication terminal that is least likely to survive among communication terminals that are deletion candidates is recorded,
The communication terminal according to claim 1, wherein the authentication information deleting unit selects a communication terminal from which the authentication information is deleted with reference to the deletion management table.   The communication terminal according to claim 1, further comprising a stored number display unit that displays the number of authentication information stored in the management information.   The communication terminal according to claim 1, further comprising update instruction means for instructing the existence confirmation means to confirm whether or not the legitimate communication terminal is alive.   The communication terminal according to claim 14, wherein the update instruction means is a switch.   6. The communication terminal according to claim 5, wherein the survival reconfirmation message creation / transmission unit transmits the survival reconfirmation message to one communication partner a predetermined number of times.   The communication terminal according to claim 16, wherein the survival reconfirmation message is transmitted at a predetermined interval.   The communication terminal according to claim 17, wherein the predetermined number of times and the predetermined interval are predetermined for each communication terminal.   The communication terminal according to claim 17, wherein the predetermined number of times and the predetermined interval are predetermined for each group to which the communication terminal belongs.   The communication terminal that confirms the existence of the other valid communication terminal is a management apparatus that centrally manages authentication information of the other valid communication terminal connected to the network. The communication terminal described in 1.   The communication terminal according to claim 1, wherein the communication terminal directly communicates with another valid communication terminal connected to the network.   The communication terminal according to claim 21, further comprising a deletion candidate notification unit that notifies a communication terminal registered as a deletion candidate by the deletion candidate registration unit to another communication terminal connected to the network.   Furthermore, when the authentication information is deleted by the authentication information deleting unit, the communication device includes a deletion completion notifying unit that notifies the communication terminal from which the authentication information has been deleted to another communication terminal connected to the network. The communication terminal described. A communication system in which a plurality of communication terminals are connected via a network and each communication terminal determines whether or not the communication partner to be connected is valid, and then communicates with other communication terminals. And
Each of the communication terminals
Management information storage means for storing management information for managing authentication information for each communication terminal used to determine whether or not a communication terminal connected via the network is valid;
When a request for setting the authentication information is received, the management information is referred to, and it is determined whether or not the number of authentication information recorded in the management information has reached the maximum number that can be held by the terminal itself. Registration availability determination means;
An authentication information registering unit for registering the requested authentication information when it is determined by the registration propriety determining unit that the number of authentication information recorded in the management information has not reached the maximum storage number;
When the authentication information is recorded in the management information by the authentication information registration unit, the storage number judgment unit refers to the management information and judges whether or not the number of stored authentication information has reached the predetermined storage number;
A storage number judging means for referring to the management information and judging whether or not the number of authentication information recorded in the management information has reached the predetermined storage number;
When the stored number determining means determines that the number of stored authentication information exceeds the predetermined stored number, a survival confirmation means for confirming whether another valid communication terminal is alive,
When confirmation of survival is requested from the other valid communication terminal, survival response means for notifying that the terminal is alive to the terminal that has requested confirmation of survival,
If it is determined by the survival confirmation means that there is a communication terminal whose survival cannot be confirmed, a deletion candidate registration means for registering the communication terminal whose survival cannot be confirmed in the management information as a deletion candidate;
Authentication information deleting means for deleting authentication information related to at least one communication terminal from the management information among communication terminals registered as deletion candidates by the deletion candidate registration means,
The predetermined communication number is smaller than the maximum number of authentication information that can be stored in the communication terminal. A communication terminal for registering authentication information for determining whether or not a communication terminal as a communication partner is valid, a method for deleting unnecessary authentication information,
The communication terminal refers to management information for managing the authentication information for each communication terminal, and determines whether or not the number of authentication information recorded in the management information exceeds a predetermined storage number; ,
If the stored number of authentication information exceeds the predetermined stored number, the communication terminal confirms whether another valid communication terminal is alive; and
If there is another legitimate communication terminal whose survival cannot be confirmed, the communication terminal registers a communication terminal whose survival cannot be confirmed as a deletion candidate in the management information;
The communication terminal comprises a step of deleting authentication information related to at least one communication terminal among the communication terminals registered as the deletion candidate from the management information,
The method according to claim 1, wherein the predetermined storage number is smaller than a maximum storage number of authentication information that can be stored in the communication terminal. A program for deleting unnecessary authentication information in a communication terminal for registering authentication information for determining whether or not a communication terminal as a communication partner is valid,
Making the communication terminal refer to management information for managing authentication information for each communication terminal, and determining whether or not the number of authentication information recorded in the management information exceeds a predetermined storage number;
If the number of stored authentication information exceeds the predetermined number of stored, the step of causing the communication terminal to check whether another valid communication terminal is alive,
When there is the other legitimate communication terminal whose survival cannot be confirmed, the communication terminal allows the communication terminal whose survival cannot be confirmed to be registered in the management information as a deletion candidate;
A step of causing the communication terminal to delete authentication information related to at least one communication terminal among the communication terminals registered as the deletion candidate from the management information,
The program according to claim 1, wherein the predetermined storage number is smaller than a maximum storage number of authentication information that can be stored in the communication terminal. A recording medium recording a program for deleting unnecessary authentication information in a communication terminal for registering authentication information for determining whether or not a communication terminal as a communication partner is valid,
Making the communication terminal refer to management information for managing authentication information for each communication terminal, and determining whether or not the number of authentication information recorded in the management information exceeds a predetermined storage number;
If the number of stored authentication information exceeds the predetermined number of stored, the step of causing the communication terminal to check whether another valid communication terminal is alive,
When there is the other legitimate communication terminal whose survival cannot be confirmed, the communication terminal allows the communication terminal whose survival cannot be confirmed to be registered in the management information as a deletion candidate;
A step of causing the communication terminal to delete authentication information related to at least one communication terminal among the communication terminals registered as the deletion candidate from the management information,
The recording medium in which the program is stored, wherein the predetermined storage number is smaller than the maximum number of authentication information that can be stored in the communication terminal.

Images