JP2018173921A - Network device, authentication management system, and control methods and control programs therefor - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a network relay device, a network device, authentication management system, and control methods and control programs therefor, which can securely relay device data.SOLUTION: A network relay device includes a certificate holding unit that holds a second certificate distributed from a certificate distribution server distributing a certificate, a certificate providing unit that provides the held second certificate to a network device that performs network communication with a database, a certificate obtaining unit that obtains, from the network device, a first certificate distributed from the certificate distribution server to the network device, an authentication process unit that performs an authentication process on the obtained first certificate, and a relay unit that relays network communication between the network device and the database when the first certificate is authenticated in the authentication process.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a network relay device, a network device, an authentication management system, a control method thereof, and a control program.

  In recent years, the concept of IOT (Internet of Things) has been proposed, and everything (devices) is connected to the Internet, and device information (device data) is collected. The device data is transmitted to the database via the network and collected. The collected device data is used for processing such as analysis, search, and transfer as big data, for example.

  A device from which device data is collected is connected to a database via a relay device such as a gateway (GW). When the gateway has a function of an access point (AP) that relays wireless communication, a predetermined encryption method is used for connection of the device to the AP, authentication processing is performed, and the validity of the device is authenticated. (For example, see Patent Document 1).

  In addition, encrypted communication using a certificate is performed in communication between a terminal connected to a network and a server (see, for example, Patent Document 2).

JP 2017-017571 A JP 2007-318518 A

  However, if the relay device to which the device is connected is not a regular relay but an unauthorized relay device, device data may be collected via the unauthorized relay device and used illegally. For example, if an AP impersonating a legitimate AP (spoofed AP) performs the same authentication process as the legitimate AP and the radio field intensity is stronger than the legitimate AP, the device may be connected to the impersonation AP.

  Also, the device connected to the AP is not a legitimate device, but is an impersonation device that illegally uses terminal identification information such as IMSI (International Mobile Subscriber Identity), or an SSID (Service Set Identifier) or password is illegally used. If the acquired device is an unauthorized device, the unauthorized device data transmitted from the unauthorized device may be collected in the database.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide a network relay device, a network device, an authentication management system, a control method thereof, and a control program that can safely relay device data. To do.

  (1) In one aspect of the present invention, the network relay device includes a certificate holding unit that holds a second certificate distributed from a certificate distribution server that distributes a certificate, and a second certificate that is held A certificate providing unit that provides a network device that communicates with a database to a network device, a certificate obtaining unit that obtains a first certificate distributed from the certificate distribution server to the network device, and the network device. An authentication processing unit that performs authentication processing on the first certificate and a relay unit that relays network communication between the network device and the database when the first certificate is authenticated in the authentication processing.

  (2) In one aspect of the present invention, the network device includes a device data holding unit that holds device data, and a certificate holding unit that holds a first certificate distributed from a certificate distribution server that distributes a certificate. A certificate providing unit that provides the held first certificate to a network relay device that relays network communication with the database, and a second certificate distributed from the certificate distribution server to the network relay device. A certificate acquisition unit acquired from the network relay device, an authentication processing unit that performs authentication processing on the acquired second certificate, and the network relay device when the second certificate is authenticated in the authentication processing A device data transmission unit for transmitting device data to the database via

  (3) In one aspect of the present invention, the authentication management system generates a first certificate to be distributed to a network device that transmits device data to a database, and relays network communication between the network device and the database. A certificate generation unit that generates a second certificate to be distributed to the relay device; distributes the generated first certificate to a network device; and transmits the generated second certificate to the network relay And a certificate distribution unit for distributing to the device.

  (4) In one aspect of the present invention, a method for controlling a network relay device includes a certificate holding step for holding a second certificate distributed from a certificate distribution server for distributing a certificate, A certificate providing step for providing the network certificate to the network device that performs network communication with the database; a certificate obtaining step for obtaining from the network device the first certificate distributed to the network device from the certificate distribution server; An authentication processing step of performing authentication processing on the acquired first certificate, and a relaying step of relaying network communication between the network device and the database when the first certificate is authenticated in the authentication processing. Including.

  (5) In one aspect of the present invention, a network device control method includes a device data holding step for holding device data, and a certificate for holding a first certificate distributed from a certificate distribution server for distributing a certificate. A certificate holding step, a certificate providing step of providing the held first certificate to a network relay device that relays network communication with the database, and a second distributed from the certificate distribution server to the network relay device A certificate acquisition step of acquiring a certificate from the network relay device, an authentication processing step of performing an authentication process on the acquired second certificate, and when the second certificate is authenticated in the authentication process, And a device data transmission step of transmitting the device data to the database via the network relay device.

  (6) In one aspect of the present invention, a method for controlling an authentication management system generates a first certificate to be distributed to a network device that transmits device data to a database, and performs network communication between the network device and the database. A certificate generation step of generating a second certificate to be distributed to the network relay device to be relayed; a generated first certificate is distributed to the network device; and the generated second certificate is And a certificate distribution step of distributing to the network relay device.

  (7) The control method of the authentication management system according to one aspect of the present invention further includes a program distribution step of distributing an authentication processing program for performing certificate authentication processing to the network device and the network relay device.

  (8) In one aspect of the present invention, the network relay device control program includes a certificate holding process for holding a second certificate distributed from a certificate distribution server for distributing a certificate, and a second stored A certificate providing process for providing the network certificate to the network device that performs network communication with the database; a certificate obtaining process for obtaining the first certificate distributed from the certificate distribution server to the network device; An authentication process that performs an authentication process on the acquired first certificate, and a relay process that relays network communication between the network device and the database when the first certificate is authenticated in the authentication process. Let the computer run.

  (9) In one aspect of the present invention, the network device control program includes a device data holding process for holding device data, and a certificate for holding a first certificate distributed from a certificate distribution server for distributing a certificate. Certificate holding process, a certificate providing process for providing the held first certificate to the network relay apparatus that relays the network communication with the database, and a second distributed from the certificate distribution server to the network relay apparatus. Certificate acquisition processing for acquiring a certificate from the network relay device, authentication processing for performing authentication processing on the acquired second certificate, and when the second certificate is authenticated in the authentication processing, the network A computer is caused to execute device data transmission processing for transmitting device data to a database via a relay device.

  (10) In one aspect of the present invention, the control program of the authentication management system generates a first certificate to be distributed to a network device that transmits device data to a database, and performs network communication between the network device and the database. A certificate generation process for generating a second certificate to be distributed to a network relay device to be relayed, a generated first certificate to a network device, and the generated second certificate Causes the computer to execute certificate distribution processing for distribution to network relay devices.

  According to the present invention, it is possible to provide a network relay device, a network device, an authentication management system, and a control method and control program thereof that can relay device data safely.

The figure which shows an example of the outline | summary of the network relay system of embodiment. The figure which shows an example of the hardware constitutions of the network relay apparatus of embodiment. The figure which shows an example of the hardware constitutions of the network device of embodiment. The figure which shows an example of the software structure of the network relay apparatus of embodiment. FIG. 3 is a diagram illustrating an example of a software configuration of the network device according to the embodiment. The figure which shows an example of the software configuration of the authentication management system of embodiment. The flowchart which shows an example of operation | movement of the network relay apparatus of embodiment. 5 is a flowchart illustrating an example of the operation of the network device according to the embodiment. The flowchart which shows an example of operation | movement of the authentication management system of embodiment.

  Hereinafter, a network relay device, a network device, an authentication management system, a control method, and a control program thereof will be described in detail with reference to the drawings. In each figure shown below, the same numerals are given about the same composition.

  First, the outline of the network relay system according to the embodiment will be described with reference to FIG.

  1, the network relay system 1 includes a network device 10 (10a to 10c), a network relay device 20 (20a to 20c), an authentication management system 30, and a device data database (device data DB) 40.

  The network device 10 is a device that can be connected to a network. The network device 10 transmits device data to the device data DB 40 via the network relay device 20. The network device is a device that can collect device data by IoT, such as a sensor, a home appliance, a mobile communication terminal, a vehicle, a ship, a wireless tag, and the like. The device data is data acquired from the device, for example, measurement data measured by a sensor attached to the device, storage data stored in the device, and the like. Network devices 10 a to 10 c indicate that a plurality of network devices 10 are connected to the network relay device 20. In IoT, there is a possibility that the number of devices that can collect device data increases dramatically. FIG. 1 shows that each of the network devices 10a to 10c has a device certificate to be described later.

  The network device 10 is connected to the network relay device 20 by wireless communication or wired communication. In wired communication, the network device 10 is often connected to a fixed network relay device 20. The network device 10 impersonates the network device 10 and communicates with the network relay device 20, or impersonates the network relay device 20. The possibility that an unauthorized relay device that communicates with the network relay system 1 is connected to the network relay system 1 is low compared to wireless communication.

  On the other hand, in wireless communication, for example, if an SSID and a password are leaked, there is a possibility of being connected to the network relay system 1 by impersonation. For example, when the network device 10 is a sensor used in a plant process or the like, the measurement data measured by the sensor is highly confidential device data such as the operation status of the process. When the measurement data of the network device 10 is collected by an unauthorized AP impersonating a regular AP that is the network relay device 20, highly confidential information is leaked. In the following description, it is assumed that the network device 10 and the network relay device 20 perform wireless communication.

  The network relay device 20 is a device that relays communication between the network device 10 and the device data DB 40. The network relay device 20 has, for example, a wireless communication AP function and a gateway (GW) function that connects the wireless communication network and the wired communication network. However, the network relay device 20 is not limited to the network to be connected as long as it has a function of relaying communication between the network device 10 and the device data DB 40. The network relay device 20 relays device data transmitted from the network device 10 and transmits it to the device data DB 40.

  The network relay device 20a to the network relay device 20c indicate that the network relay system 1 has a plurality of network relay devices 20. The network relay device 20a to the network relay device 20c can communicate with the network devices 10a to 10c, respectively. For example, FIG. 1 shows that the network relay device 20b can communicate with the network devices 10a to 10c. The network device 10a indicates that it can communicate with the network relay device 20a or the network relay device 20b. The network device 10a may switch communication between the network relay device 20a and the network relay device 20b according to the radio wave intensity. FIG. 1 shows that each of the network relay device 20a to the network relay device 20c has a relay device certificate to be described later. Each of the network relay device 20a to the network relay device 20c has an authentication processing program to be described later.

  The authentication management system 30 is a system that ensures the safety of communication between the network device 10 and the network relay device 20. The authentication management system 30 distributes a device certificate to the network device 10. The device certificate is a certificate indicating that the network device 10 is a valid communication partner in communication with the network relay device 20. In the present embodiment, the device certificate is an example of a first certificate. The authentication management system 30 generates and holds a device certificate. For example, the authentication management system 30 distributes the device certificate to the network device 10 via the device setting device 50 that can communicate with the authentication management system 30. The authentication management system 30 may distribute the device certificate to the network device 10 via the network relay device 20. The authentication management system 30 authenticates the distributed device certificate. The authentication management system 30 acquires a device certificate from the network relay device 20 that is a communication destination of the network device 10 that has acquired the device certificate, authenticates whether the device certificate is a valid certificate, The authentication result is transmitted to the network relay device 20.

  Further, the authentication management system 30 distributes the relay device certificate to the network relay device 20. The relay device certificate is a certificate indicating that the network relay device 20 is a valid communication partner in communication with the network device 10. In the present embodiment, the relay device certificate is an example of a second certificate. The authentication management system 30 generates and holds a relay device certificate. The authentication management system 30 communicates with the network relay device 20 via the network and distributes the relay device certificate. The authentication management system 30 may distribute the relay device certificate to the network relay device 20. The authentication management system 30 acquires the relay device certificate from the network device 10 that is the communication destination of the network relay device 20 that acquired the relay device certificate, and determines whether or not the relay device certificate is a valid certificate. And the authentication result may be transmitted to the network device 10.

  The device data DB 40 is a database that collects and stores device data acquired from the network device 10. For example, the device data DB 40 may poll the network device 10 capable of communication and search for whether or not the device data can be acquired to acquire the device data (pull-type acquisition). The device data DB 40 may acquire device data by receiving device data transmitted by the network device 10 (push-type acquisition).

  The device data DB 40 may use encrypted communication such as SSL (Secure Socket Layer) with the network device 10. SSL encrypts communication between the device data DB 40 and the network device 10 using an SSL server certificate. The SSL server certificate proves ownership of the domain name of the device data DB 40, for example. The SSL server certificate may prove that the organization of the device data DB 40 owner actually exists or is not a phishing site. That is, the network device 10 can confirm the correctness of communication with the network relay device 20 by using the device certificate and the relay device certificate, and can confirm the correctness of communication with the device data DB 40 by using the SSL certificate. .

  The authentication management system 30 and the device data DB are included in the IoT platform. The IoT platform is, for example, a platform for using various technologies provided by IoT, or a platform for developing technologies related to IoT. The IoT platform includes, for example, a cloud service platform using cloud computing for realizing IoT. The authentication management system 30 or device data DB in the present embodiment may be realized by a cloud service, for example.

  The device setting device 50 includes a certificate setting unit 51 and a program setting unit 52. The certificate setting unit 51 sets a device certificate for the network device 10. The setting of the device certificate is, for example, distribution of a device certificate to the network device 10, setting of account information for the network device 10 to use the device certificate distributed to the network device 10. The certificate setting unit 51 communicates with the authentication management system 30 and causes the authentication management system 30 to generate a device certificate using information (for example, a physical address) for identifying the network device 10. The certificate setting unit 51 installs the generated device certificate in the network device 10 to make it usable.

  The program setting unit 52 sets an authentication processing program to be described later for the network device 10. The setting of the authentication processing program includes, for example, the distribution of the authentication processing program to the network device 10 and the parameter setting of the authentication processing program distributed to the network device 10. The program setting unit 52 communicates with the authentication management system 30 and acquires an authentication processing program. The program setting unit 52 installs the acquired authentication processing program in the network device 10.

  The device setting device 50 may perform device certificate setting and authentication processing program setting for a plurality of network devices 10 at a time. For example, when a user introduces a large number of network devices, it takes a lot of work time to set a device certificate and an authentication processing program. The device setting apparatus 50 can set the device certificate and the authentication processing program for a plurality of network devices 10 at a time, thereby reducing the introduction cost of the network device.

  As described above, the communication between the network relay device 20 and the network device 10 may not ensure secure communication (safe communication without impersonation or cracking). Therefore, when the communication between the network relay device 20 and the network device 10 is not secure, the same applies to the communication between the authentication management system 30 and the network device 10. It is assumed that the device setting device 50 can secure secure communication with the authentication management system 30. Accordingly, the authentication management system 30 can perform the above-described device certificate setting and authentication processing program setting for the network device 10 in a secure communication state.

  The policy setting device 60 includes a policy holding unit 61 and a policy setting unit 62. For example, the policy holding unit 61 holds a communication policy for each user of the network device 10. The communication policy includes the address of the connection destination network relay device 20, the encryption procedure of the connectable network relay device 20, the priority order of the connection destination, and the like when communicating with the network relay device 20. The policy setting unit 62 sets the communication policy held by the policy holding unit 61 in the network device 10.

  Although the device setting device 50 or the policy setting device 60 is illustrated as a single device, the device setting device 50 or the policy setting device 60 may be realized by one device. Each function in each device may be realized by a plurality of devices. For example, some or all of the functions of the device setting device 50 or the policy setting device 60 may be realized by the network relay device 20.

  Next, the hardware configuration of the network relay device 20 according to the embodiment will be described with reference to FIG.

  In FIG. 2, the network relay device 20 includes a CPU 21, a RAM (Random Access Memory) 22, a ROM (Read Only Memory) 23, an HDD (Hard Disk Drive) 24, an operation unit 25, a display unit 26, a communication I / F 27, and a communication. I / F28.

  The network relay device 20 can be a general-purpose computer such as a desktop PC or a server device. Further, the network relay device 20 can execute software (relay device control program) that realizes the function of the network relay device 20.

  The CPU 21 implements the function of the network relay device 20 by executing the relay device control program stored in the RAM 22, ROM 23 or HDD 24. The relay device control program is acquired from, for example, a recording medium on which the program is recorded or a server that provides the program via a network, is installed in the HDD 24, and is stored in the RAM 22 so as to be readable from the CPU 21. Further, the CPU 21 executes an authentication processing program.

  The operation unit 25 is, for example, a keyboard, a mouse, or a switch that enables an operation input by the operator of the network relay device 20. The display unit 26 has a display function for displaying information to an operator, for example, a liquid crystal display, a lamp, or the like. Note that the operation unit 25 and the display unit 26 may be, for example, a touch panel having an operation display function.

  The communication I / F 27 controls communication with other devices via a network such as the device data DB 40. The communication I / F 27 controls communication with other devices via, for example, wired LAN communication. The communication I / F 28 controls communication with the network device 10. The communication I / F 28 controls, for example, wireless LAN communication, infrared communication, or short-range wireless communication.

  FIG. 2 illustrates the hardware configuration of the network relay device 20, but the authentication management system 30 described in FIG. 1 also has the hardware configuration illustrated in FIG. That is, the authentication management system 30 includes a CPU, a RAM, a ROM, an HDD, an operation unit, a display unit, and a communication I / F, as in FIG.

  Next, the hardware configuration of the network device 10 according to the embodiment will be described with reference to FIG.

  In FIG. 3, the network device 10 includes a CPU 11, a RAM 12, a ROM 13, and a communication I / F 17.

  The network device 10 is a low-spec device such as a sensor or a wireless tag. The network device 10 can execute software (network device control program) that realizes the functions of the network device 10.

  The CPU 11 implements the function of the network device 10 by executing a network device control program stored in the RAM 12 or the ROM 13. The network device control program is acquired from, for example, a recording medium on which the program is recorded or a server that provides the program via the network, is installed in the ROM 13, and is stored in the RAM 12 so as to be readable from the CPU 11. Further, the CPU 11 executes an authentication processing program.

  The communication I / F 17 controls communication with the network relay device 20. Accordingly, the communication I / F 17 performs communication corresponding to the communication I / F 27. For example, when the communication I / F 27 controls wireless LAN communication, the communication I / F 17 also controls wireless communication. The communication I / F 18 controls communication with the device setting device 50 or the policy setting device 60. The communication I / F 18 controls, for example, wireless LAN communication, infrared communication, short-range wireless communication, or serial bus.

  Next, the software configuration of the network relay device 20 according to the embodiment will be described with reference to FIG.

  In FIG. 4, the network relay device 20 has functions of a certificate holding unit 211, a certificate providing unit 212, a certificate acquisition unit 213, an authentication processing unit 214, and a relay unit 217. The authentication processing unit 214 has functions of a certificate transmission unit 215 and an authentication result acquisition unit 216. Each function of the network relay device 20 is a functional module realized by a relay device control program (software) that controls the network relay device 20. The relay device control program is executed by the CPU 21.

  The certificate holding unit 211 holds the relay device certificate exemplified as the second certificate distributed from the authentication management system 30 having the function of the certificate distribution server that distributes the certificate. The certificate holding unit 211 can hold the relay device certificate by storing it in the HDD 14, for example.

  Since the communication between the authentication management system 30 and the network relay device 20 is a closed environment closed as a communication network, it is assumed that the communication is secure (no spoofing or the like) in which safety is ensured. Accordingly, the relay device certificate can be distributed in a secure communication state between the authentication management system 30 and the network relay device 20.

  The certificate providing unit 212 provides the relay device certificate exemplified as the second certificate held in the certificate holding unit 211 to the network device 10 that performs network communication with the device data DB 40. For example, the certificate providing unit 212 provides a relay device certificate to the network device 10 when a connection request is received from the network device 10.

  The certificate acquisition unit 213 acquires from the network device 10 a device certificate exemplified as the first certificate distributed to the network device 10 from the authentication management system 30 having the function of the certificate distribution server. For example, when there is a connection request from the network device 10, the certificate acquisition unit 213 requests the network device 10 to transmit a device certificate. The certificate acquisition unit 213 acquires a device certificate by receiving a device certificate transmitted from the network device 10 in response to a transmission request.

  The authentication processing unit 214 performs authentication processing on the device certificate exemplified as the first certificate acquired by the certificate acquisition unit 213. The authentication processing unit 214 includes a certificate transmission unit 215 and an authentication result acquisition unit 216. The certificate transmission unit 215 transmits a device certificate exemplified as the first certificate to the authentication management system 30 having the function of a certificate authentication server that authenticates the certificate. The authentication result acquisition unit 216 acquires that the device certificate transmitted to the authentication management system 30 has been authenticated. That is, the authentication processing unit 214 can perform the authentication process by authenticating the device certificate in the authentication management system 30 and acquiring the authentication result. With this function, the network relay device 20 can confirm the validity of the network device 10 that relays communication.

  However, the authentication processing unit 214 may authenticate the device certificate itself. For example, the authentication processing unit 214 records a device certificate once authenticated by the authentication management system 30, and when there is a connection request using the same device certificate from the network device 10, the recorded device certificate is recorded. The device certificate may be authenticated by determining whether or not it matches.

  The function of the authentication processing unit 214 can be realized by the network relay device 20 executing an authentication processing program distributed from the authentication management system 30. As described above, since the communication between the authentication management system 30 and the network relay device 20 is secured, the distribution of the authentication processing program and the setting of the authentication processing program are performed directly from the authentication management system 30. Also good. For example, the function of the certificate transmission unit 215 or the function of the authentication result acquisition unit 216 in the authentication processing unit 214 is to acquire the certificate destination and the authentication result in the authentication processing program distributed to the network relay device 20 by the authentication management system 30. It may be realized by setting the previous information.

  The relay unit 217 relays network communication between the network device 10 and the device data DB 40 when the device certificate exemplified as the first certificate is authenticated in the authentication process executed by the authentication processing unit 214. The relay unit 217 functions as a gateway that connects the wireless communication network and the wired communication network.

  Note that each function of the certificate holding unit 211, the certificate providing unit 212, the certificate acquisition unit 213, the authentication processing unit 214, the relay unit 217, the certificate transmission unit 215, and the authentication result acquisition unit 216 included in the network relay device 20 is provided. Has been described as being implemented by software as described above. However, at least one of the functions of the network relay device 20 may be realized by hardware.

  In addition, any one of the above functions of the network relay device 20 may be implemented by dividing one function into a plurality of functions. Further, any two or more functions of the network relay device 20 may be integrated into one function.

  The network relay device 20 may be a device realized by a single housing or a system realized by a plurality of devices connected via a network or the like. For example, the network relay device 20 may be a virtual device such as a cloud service provided by a cloud computing system. The network relay device 20 may be a general-purpose computer such as a server device or a dedicated device with limited functions.

  Moreover, you may make it implement | achieve at least 1 or more functions in another apparatus among each said function of the network relay apparatus 20. FIG. That is, the network relay device 20 does not have to have all the functions described above, and may have some functions.

  Next, the software configuration of the network device 10 according to the embodiment will be described with reference to FIG.

  In FIG. 5, the network device 10 has functions of a device data acquisition unit 101, a device data holding unit 102, and a communication control unit 110. The communication control unit 110 has functions of a certificate holding unit 111, a certificate providing unit 112, a certificate acquisition unit 113, an authentication processing unit 114, and a device data transmission unit 117. The authentication processing unit 114 has functions of a certificate transmission unit 115 and an authentication result acquisition unit 116. Each function of the network device 10 is a functional module realized by a network device control program (software) that controls the network device 10. The network device control program is executed by the CPU 11.

  The device data acquisition unit 101 acquires device data. For example, when the network device is a sensor, the device data acquisition unit 101 acquires sensor measurement data. For example, the device data acquisition unit 101 may acquire device data at predetermined time intervals.

  The device data holding unit 102 holds device data. For example, when the network device is a sensor, the device data holding unit 102 holds device data acquired by the device data acquisition unit 101. When the network device is a wireless tag, the device data holding unit 102 holds the recorded data recorded on the wireless tag. The device data holding unit 102 holds device data by recording the device data in the ROM 13, for example.

  The certificate holding unit 111 holds a device certificate exemplified as a first certificate distributed from the authentication management system 30 having the function of a certificate distribution server that distributes a certificate. The certificate holding unit 111 can hold the device certificate by storing it in, for example, the ROM 13.

  The certificate providing unit 112 provides the device certificate exemplified as the first certificate held in the certificate holding unit 111 to the network relay device 20 that relays network communication with the device data DB 40. For example, when making a connection request to the network relay device 20, the certificate providing unit 112 transmits the device certificate in response to the device certificate transmission request received from the network relay device 20, thereby obtaining the device certificate. provide.

  The certificate acquisition unit 113 acquires from the network relay device 20 the relay device certificate exemplified as the second certificate distributed to the network relay device 20 from the authentication management system 30 having the function of the certificate distribution server. . For example, the certificate acquisition unit 113 acquires a relay device certificate from the network relay device 20 when making a connection request to the network relay device 20.

  The authentication processing unit 114 performs authentication processing on the relay device certificate exemplified as the second certificate acquired by the certificate acquisition unit 113. The authentication processing unit 114 includes a certificate transmission unit 115 and an authentication result acquisition unit 116. The certificate transmission unit 115 transmits the relay device certificate exemplified as the second certificate to the authentication management system 30 having the function of the certificate authentication server that authenticates the certificate. The authentication result acquisition unit 116 acquires that the relay device certificate transmitted to the authentication management system 30 has been authenticated. That is, the authentication processing unit 114 can perform authentication processing by causing the authentication management system 30 to authenticate the relay device certificate and acquiring the authentication result. With this function, the network device 10 can confirm the validity of the network relay device 20 that relays communication.

  However, the authentication processing unit 114 may authenticate the relay device certificate itself. For example, when the authentication processing unit 114 records a device certificate once authenticated by the authentication management system 30 and obtains the same device certificate from the network relay device 20, the authentication processing unit 114 confirms the match with the recorded relay device certificate. By determining, the relay device certificate may be authenticated.

  The authentication processing unit 114 may authenticate the relay device certificate without using the authentication management system 30. Since the network device 10 is a low-spec sensor or the like as described above, for example, authentication processing may be performed using a dedicated chip for certificate authentication processing.

  The function of the authentication processing unit 114 can be realized by the network device 10 executing an authentication processing program distributed from the authentication management system 30. The setting of the authentication processing program can be executed by the device setting device 50 that can secure secure communication with the authentication management system 30. For example, the function of the certificate transmission unit 115 or the function of the authentication result acquisition unit 116 in the authentication processing unit 114 is that the device setting device 50 sets information on the certificate transmission destination and the authentication result acquisition destination in the authentication processing program. It may be realized by.

  The device data transmission unit 117 performs network communication with the device data DB 40 via the network relay device 20 when the relay device certificate exemplified as the second certificate is authenticated in the authentication processing executed by the authentication processing unit 114. To send device data. The device data transmission unit 117 may encrypt device data to be transmitted to the device data DB 40 using SSL or the like.

  Note that the network device 10 includes a device data acquisition unit 101, a device data holding unit 102, a communication control unit 110, a certificate holding unit 111, a certificate providing unit 112, a certificate acquisition unit 113, an authentication processing unit 114, and device data. The functions of the transmission unit 117, the certificate transmission unit 115, and the authentication result acquisition unit 116 have been described as being realized by software as described above. However, at least one of the functions of the network device 10 may be realized by hardware.

  In addition, any one of the functions that the network device 10 has may be implemented by dividing one function into a plurality of functions. Further, any two or more functions of the network device 10 may be integrated into one function.

  The network device 10 may be an apparatus realized by a single casing or may be realized by a plurality of casings connected by wiring or the like.

  Moreover, you may make it implement | achieve at least 1 or more functions in another apparatus among each said function of the network relay apparatus 20. FIG. That is, the network device 10 does not have to have all the functions described above, and may have some functions.

  Next, the software configuration of the authentication management system 30 according to the embodiment will be described with reference to FIG.

  In FIG. 6, the authentication management system 30 has functions of a certificate distribution server 31, a certificate authentication server 32, and a program distribution server 33. The certificate distribution server 31 has functions of a distribution information holding unit 311, a certificate generation unit 312, a certificate holding unit 313, and a certificate distribution unit 314. The certificate authentication server 32 has functions of a certificate acquisition unit 321, a certificate authentication unit 322, and a device information holding unit 323. The program distribution server 33 has functions of a distribution information holding unit 331, a program holding unit 332, and a program distribution unit 333. Each function of the authentication management system 30 is a function module realized by an authentication management system control program (software) that controls the authentication management system 30. The authentication management system control program is executed by the CPU in the hardware configuration shown in FIG.

  The certificate distribution server 31 is a server that provides a service for distributing a device certificate or a relay device certificate. In FIG. 6, the certificate distribution server 31 will be described as a software function.

  The distribution information holding unit 311 holds information on a certificate distribution destination. The certificate distribution destination is, for example, the network address of the transmission destination to which the certificate is transmitted or the file system directory information when the certificate distribution server 31 distributes the certificate in the push type. For example, since the communication between the authentication management system 30 and the network relay device 20 is secured, the distribution of the relay device certificate to the network relay device 20 is a push-type distribution from the certificate distribution server 31. be able to. Further, the distribution information holding unit 311 may record a distribution destination (distribution log) to which the certificate is distributed.

  The certificate generation unit 312 generates a certificate to be distributed. The certificate generation unit 312 generates a device certificate exemplified as a first certificate distributed to the network device 10 that transmits device data to the device data DB 40. Also, the certificate generation unit 312 generates a relay device certificate exemplified as a second certificate to be distributed to the network relay device 20 that relays network communication between the network device 10 and the device data DB 40.

  The certificate generation unit 312 generates a different certificate for each device of the network device 10 or the network relay device 20 that holds the certificate, for example. The certificate generation unit 312 may generate a different certificate for each user of the network device 10 or the network relay device 20. The certificate generation unit 312 may generate a certificate common to the network devices 10 and a certificate common to the network relay device 20. For example, when generating a certificate for each device, the certificate generation unit 312 can generate a certificate based on a physical address value unique to each device. The certificate generation unit 312 may generate a certificate based on the value of identification information unique to each user. In addition, the certificate generation unit 312 may generate a certificate based on the value of identification information unique to each device type. In addition, the certificate generation unit 312 may generate a certificate with an expiration date.

  The certificate holding unit 313 holds the certificate generated by the certificate generation unit 312. The certificate holding unit 313 holds the certificate generated by the certificate generation unit 312, thereby comparing the held certificate with the certificate acquired from the network device 10 or the network relay device 20. Is possible. In addition, since the certificate holding unit 313 holds the certificate, for example, a certificate generated in advance by the certificate generation unit 312 can be distributed, and time for certificate generation can be saved. it can.

  The certificate distribution unit 314 distributes the device certificate exemplified as the first certificate generated in the certificate holding unit 313 to the network device 10. Further, the certificate distribution unit 314 distributes the relay device certificate exemplified as the second certificate generated in the certificate holding unit 313 to the network relay device 20.

  For example, the certificate distribution unit 314 may distribute the device certificate to the network device 10 via the device setting device 50. The certificate distribution unit 314 acquires a list of physical addresses of the network device 10 to which the device certificate is distributed from the device setting device 50, and the device certificate generated by the certificate generation unit 312 based on the acquired list. You may make it distribute via the device setting apparatus 50. FIG.

  The certificate authentication server 32 is a server that provides a service for authenticating a certificate. In FIG. 6, the certificate authentication server 32 will be described as a software function.

  The certificate acquisition unit 321 acquires from the network relay device 20 a device certificate exemplified as the first certificate acquired by the network relay device 20 from the network device 10. Further, the certificate acquisition unit 321 acquires from the network device 10 a relay device certificate exemplified as the second certificate acquired by the network device 10 from the network relay device 20. The certificate acquisition unit 321 can acquire the device certificate by receiving the device certificate transmitted by the network relay device 20. Further, the certificate acquisition unit 321 can acquire the relay device certificate by receiving the relay device certificate transmitted from the network device 10.

  The certificate authentication unit 322 authenticates the acquired device certificate or relay device certificate. For example, the certificate authentication unit 322 determines whether the acquired certificate is valid by comparing the acquired certificate with the certificate held in the certificate holding unit 313. Can do. Further, the certificate authentication unit 322 may study the acquired certificate data using a predetermined calculation formula and determine whether the certificate is valid based on the calculation result. The certificate authentication unit 322 notifies the certificate acquisition destination of the authentication result as to whether or not the certificate is valid. The authentication result may be, for example, information on whether or not the authentication is successful.

  The device information holding unit 323 holds setting information that affects authentication on the device certificate. For example, when any setting is made in the device certificate by the device setting apparatus 50, the device information holding unit 323 acquires the set information from the device setting apparatus 50 and holds it. The certificate authentication unit 322 refers to the device certificate setting information held by the device information holding unit 323 and authenticates the device certificate. Further, the device information holding unit 323 may hold information such as a policy set for the network device by the policy setting device 60.

  The program distribution server 33 is a server that provides a service for distributing an authentication processing program. In FIG. 6, the program distribution server 33 is described as a software function.

  The distribution information holding unit 331 holds information on the distribution destination of the authentication processing program. The distribution destination of the authentication processing program is, for example, the network address of the transmission destination to which the authentication processing program is transmitted or the file system directory information when the program distribution server 33 distributes the authentication processing program in a push type. Further, the distribution information holding unit 331 may record a distribution destination (distribution log) to which the authentication processing program is distributed.

  The program holding unit 332 holds an authentication processing program. The program holding unit 332 holds the authentication processing program, so that the authentication processing program can be distributed. As described above, the authentication processing program is a program that provides a function of an authentication processing unit that performs certificate authentication processing by being executed in the network relay device 20 or the network device 10. The program holding unit 332 may hold, for example, authentication processing programs having different versions for each distribution destination model or for each user.

  The program distribution unit 333 distributes the authentication processing program to the network device 10 and the network relay device 20. The program distribution unit 333 may distribute the authentication processing program to the network device 10 via the device setting device 50 that can ensure secure communication with the authentication management system 30. The program distribution unit 333 may directly distribute the authentication processing program and set parameters for the network relay device 20 that can secure secure communication with the authentication management system 30.

  Note that the certificate management server 30 has a certificate distribution server 31, a certificate authentication server 32, a program distribution server 33, a distribution information holding unit 311, a certificate generation unit 312, a certificate holding unit 313, a certificate distribution unit 314, The functions of the certificate acquisition unit 321, certificate authentication unit 322, device information holding unit 323, distribution information holding unit 331, program holding unit 332, and program distribution unit 333 are described as being realized by software as described above. did. However, at least one of the above functions of the authentication management system 30 may be realized by hardware.

  In addition, any one of the functions of the authentication management system 30 may be implemented by dividing one function into a plurality of functions. Further, any two or more functions of the authentication management system 30 may be integrated into one function.

  Further, the authentication management system 30 may be a device realized by a single casing or a system realized by a plurality of devices connected via a network or the like. For example, the authentication management system 30 may be a virtual device such as a cloud service provided by a cloud computing system. The authentication management system 30 may be a general-purpose computer such as a server device or a dedicated device having a limited function.

  Moreover, you may make it implement | achieve at least 1 or more functions in another apparatus among said each function of the authentication management system 30. FIG. That is, the authentication management system 30 does not have to have all the functions described above, and may have a part of the functions.

  For example, the certificate distribution server 31, the certificate authentication server 32, or the program distribution server 33 in the authentication management system 30 may be realized in different devices. Further, each function of the authentication management system 30 may have a redundant configuration using a mirror server or the like.

  Next, the operation of the network relay device 20 according to the embodiment will be described with reference to FIG.

  In FIG. 7, the network relay device 20 holds the relay device certificate distributed from the certificate distribution server 31 (step S11). The timing for distributing and holding the relay device certificate may be any timing before starting the relay processing for network communication.

  After executing the process of step S11, the network relay device 20 determines whether there is a connection request from the network device 10 (step S12). If it is determined that there is no connection request (step S12: NO), the network relay device 20 repeats the process of step S12 and waits for a connection request.

  On the other hand, if it is determined that there is a connection request (step S12: YES), the network relay device 20 provides the held relay device certificate to the network device 10 that has made the connection request (step S13). . After executing the processing in step S13, the network relay device 20 requests the network device 10 that has requested connection to obtain a device certificate (step S14). If relay processing has already started, the network relay device 20 notifies the network device 10 that has made a connection request that the relay processing is being performed, and does not request acquisition of a device certificate. It may be.

  After executing the process of step S14, the network relay device 20 determines whether a device certificate has been acquired from the network device 10 (step S15). When determining that the device certificate has not been acquired (step S15: NO), the network relay device 20 repeats the process of step S15 and waits for the device certificate to be acquired. Note that the network relay device 20 may stop the operation of the flowchart of FIG. 7 when a predetermined time has elapsed after requesting acquisition of a device certificate.

  On the other hand, if it is determined that the device certificate has been acquired (step S15: YES), the network relay device 20 transmits the acquired device certificate to the certificate authentication server 32 (step S16). Note that if the device certificate has been authenticated in the past, the network relay device 20 does not authenticate again, notifies the network device 10 of the successful authentication, and starts the relay processing in step S19. May be. Further, when the network relay device 20 acquires a large number of certificates from the same network device 10 in a short time, the network relay device 20 may stop the operation of the flowchart of FIG.

  After executing the process of step S16, the network relay device 20 determines whether an authentication result has been acquired from the certificate authentication server 32 (step S17). When determining that the authentication result has not been acquired (step S17: NO), the network relay device 20 repeats the process of step S17 and waits for the acquisition of the authentication result. Note that the network relay device 20 may stop the operation of the flowchart of FIG. 7 when a predetermined time has elapsed after transmitting the device certificate.

  On the other hand, when it is determined that the authentication result has been acquired (step S17: YES), the network relay device 20 determines whether the authentication is successful (step S18). When it is determined that the authentication is not successful (step S18: NO), the network relay device 20 ends the operation of the flowchart of FIG.

  On the other hand, when it is determined that the authentication is successful (step S18: YES), the network relay device 20 notifies the network device 10 of the success of the authentication and starts a relay process (step S19).

  After executing the process of step S19, the network relay device 20 determines whether or not the communication has ended (step S20). Whether or not the communication has ended can be determined, for example, when there is an explicit acquisition of the end of communication from the network device 10 or when there is no transmission / reception of data for a predetermined time. If it is determined that the communication has not ended (step S20: NO), the network relay device 20 repeats the process of step S20 and waits for the communication to end. On the other hand, when it is determined that the communication has ended (step S20: YES), the network relay device 20 ends the relay process (step S21), and ends the operations shown in the flowchart.

  Next, the operation of the network device 10 according to the embodiment will be described with reference to FIG.

  In FIG. 8, the network relay device 20 holds the device certificate distributed from the certificate distribution server 31 (step S31). The timing for distributing and holding the device certificate may be any timing before starting transmission of device data. The device certificate can be distributed by the device setting device 50.

  After executing the process of step S31, the network device 10 determines whether device data has been acquired (step S32). For example, when the network device 10 is a sensor, device data may be acquired at predetermined time intervals. If it is determined that device data has not been acquired (step S32: NO), the network device 10 repeats the process of step S32 and waits for acquisition of device data.

  On the other hand, if it is determined that the device data has been acquired (step S32: YES), the network device 10 temporarily holds the acquired device data (step S33) and issues a connection request to the network relay device 20 (step S34). ).

  After executing the processing of step S34, the network device 10 determines whether a device certificate acquisition request has been issued from the network relay device 20 (step S35). If it is determined that a device certificate acquisition request has not been made (step S35: NO), the network device 10 repeats the process of step S35 and waits for an acquisition request.

  On the other hand, if it is determined that a device certificate acquisition request has been made (step S35: YES), the network device 10 transmits the device certificate to the network relay device 20 (step S36).

  After executing the processing of step S36, the network device 10 determines whether or not a relay device certificate has been acquired from the network relay device 20 (step S37). If it is determined that the relay device certificate has not been acquired (step S37: NO), the network device 10 repeats the process of step S37 and waits for acquisition of the relay device certificate. In addition, after performing the process of step S34 or the process of step S36, when predetermined time passes, the network device 10 may retry the process of step S34. When the number of retries reaches a predetermined number, the network device 10 may end the operation of the flowchart of FIG.

  On the other hand, when determining that the relay device certificate has been acquired (step S37: YES), the network device 10 transmits the acquired relay device certificate to the certificate authentication server 32 via the device setting device 50 or the like (step S37). S38).

  After executing the process of step S38, the network device 10 determines whether an authentication result has been acquired from the certificate authentication server 32 (step S39). When determining that the authentication result has not been acquired (step S39: NO), the network device 10 repeats the process of step S39 and waits for the acquisition of the authentication result. Note that the network device 10 may stop the operation of the flowchart of FIG. 8 when a predetermined time has elapsed since the relay device certificate was transmitted.

  On the other hand, when it is determined that the authentication result has been acquired (step S39: YES), the network device 10 determines whether the authentication is successful (step S40). When it is determined that the authentication is not successful (step S40: NO), the network device 10 ends the operation of the flowchart of FIG. Thereby, the network device 10 can avoid connection to an unauthorized network relay device.

  In FIG. 8, the case has been described in which the relay device certificate is authenticated by the certificate authentication server 32 in the processing of step S <b> 36 to step S <b> 39, but the network device 10 authenticates the relay device certificate by the authentication processing unit 114. May be performed. For example, the authentication processing unit 114 authenticates the relay device certificate using a predetermined algorithm and acquires the authentication result. The network device 10 may perform authentication in the certificate authentication server 32 shown in steps S36 to S39 after successful authentication in the authentication processing unit 114.

  If it is determined in step S40 that the authentication is successful (step S40: YES), the network device 10 transmits device data to the device data DB 40 (step S41). After the process of step S41 is completed, the network device 10 ends the communication (step S42) and ends the operation shown in the flowchart.

  Next, the operation of the authentication management system 30 according to the embodiment will be described with reference to FIG.

  In FIG. 9, the authentication management system 30 distributes the relay device certificate to the network relay device 20 (step S51). Distribution of the relay device certificate is performed, for example, when there is a request from the network relay device 20 or at an arbitrary timing.

  After executing the processing of step S51, the authentication management system 30 determines whether or not there is a device certificate acquisition request from the device setting device 50 (step S52). In FIG. 9, it is assumed that the device certificate is distributed via the device setting apparatus 50. If it is determined that there is no device certificate acquisition request (step S52: NO), the authentication management system 30 repeats the process of step S52 and waits for a device certificate acquisition request.

  On the other hand, if it is determined that a device certificate acquisition request has been made (step S52: YES), the authentication management system 30 generates a device certificate in response to the acquisition request (step S53). For example, when there is a request for obtaining a device certificate to be distributed to a plurality of network devices, the authentication management system 30 generates a plurality of device certificates.

  After executing the process of step S53, the authentication management system 30 holds the generated device certificate (step S54). By holding the generated device certificate, authentication of the device certificate can be facilitated.

  After executing the process of step S54, the authentication management system 30 distributes the held device certificate (step S55). The device certificate can be distributed to the network device 10 via the device setting device 50.

  After executing the process of step S55, the authentication management system 30 determines whether or not a certificate has been acquired (step S56). The authentication management system 30 acquires a device certificate acquired from the network device 10 by the network relay device 20 from the network relay device 20. Further, the authentication management system 30 may acquire the relay device certificate acquired by the network device 10 from the network relay device 20 from the network device 10 (via the device setting device 50 or the like). If it is determined that the certificate has not been acquired (step S56: NO), the authentication management system 30 repeats the process of step S56 and waits for acquisition of the certificate.

  On the other hand, when determining that the certificate has been acquired (step S56: YES), the authentication management system 30 authenticates the acquired certificate (step S57). The certificate authentication method is arbitrary. For example, the authentication management system 30 may authenticate the certificate by confirming a match between the acquired certificate and the certificate held in the certificate holding unit 313. Further, the authentication management system 30 may authenticate the certificate based on a calculation result obtained by applying a predetermined algorithm calculation formula to the acquired certificate.

  After executing the processing of step S57, the authentication management system 30 transmits the authentication result to the certificate acquisition destination (step S58). The authentication management system 30 may include communication conditions such as an OK or NG determination result, a communicable time, and a usable bandwidth as an authentication result. After executing the process of step S58, the authentication management system 30 ends the operation shown in the flowchart.

  As described above, the network relay device according to the embodiment includes the certificate holding unit that holds the second certificate distributed from the certificate distribution server that distributes the certificate, and the held second certificate. A certificate providing unit provided to a network device that performs network communication with the database, a certificate obtaining unit that obtains a first certificate distributed from the certificate distribution server to the network device, and the acquired first An authentication processing unit that performs authentication processing on the certificate of the device, and a relay unit that relays network communication between the network device and the database when the first certificate is authenticated in the authentication processing. Data can be relayed safely.

  Note that a program for realizing the functions constituting the apparatus described in this embodiment is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into a computer system and executed. Thus, the various processes described above in the present embodiment may be performed. Here, the “computer system” may include an OS and hardware such as peripheral devices. Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used. The “computer-readable recording medium” means a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a CD-ROM, a hard disk built in a computer system, etc. This is a storage device.

  Further, the “computer-readable recording medium” refers to a volatile memory (for example, DRAM (Dynamic) in a computer system serving as a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. Random Access Memory)) that holds a program for a certain period of time is also included. The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. The program may be for realizing a part of the functions described above. Furthermore, what implement | achieves the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiment of the present invention has been described above with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes various modifications within the scope of the present invention. It is.

  DESCRIPTION OF SYMBOLS 1 ... Network relay system, 10 ... Network device, 20 ... Network relay apparatus, 30 ... Authentication management system, 40 ... Device data DB, 50 ... Device setting apparatus, 60 ... Policy setting apparatus

The present invention Netw network device, authentication management system, for these control method and control program.

The present invention has been made in view of the above circumstances, it is possible to safely relay device data, Netw network device, authentication management system, and to provide these control method and control program.

According to the present invention, it is possible to safely relay device data, Netw network device, authentication management system, it is possible to provide these control method and control program.

Claims (10)

A certificate holding unit that holds the second certificate distributed from the certificate distribution server that distributes the certificate;
A certificate providing unit that provides the held second certificate to a network device that performs network communication with the database;
A certificate acquisition unit that acquires from the network device a first certificate distributed from the certificate distribution server to the network device;
An authentication processing unit that performs an authentication process on the acquired first certificate;
A network relay device comprising: a relay unit that relays network communication between the network device and the database when the first certificate is authenticated in the authentication process. A device data holding unit for holding device data;
A certificate holding unit that holds the first certificate distributed from the certificate distribution server that distributes the certificate;
A certificate providing unit that provides the held first certificate to a network relay device that relays network communication with a database;
A certificate acquisition unit for acquiring from the network relay device a second certificate distributed from the certificate distribution server to the network relay device;
An authentication processing unit that performs an authentication process on the acquired second certificate;
A network device, comprising: a device data transmission unit configured to transmit the device data to the database via the network relay device when the second certificate is authenticated in the authentication process. A first certificate to be distributed to a network device that transmits device data to a database is generated, and a second certificate to be distributed to a network relay device that relays network communication between the network device and the database is generated. A certificate generator to generate;
A certificate distribution unit that distributes the generated first certificate to the network device and distributes the generated second certificate to the network relay device. A certificate holding step for holding the second certificate distributed from the certificate distribution server for distributing the certificate;
A certificate providing step of providing the held second certificate to a network device in network communication with the database;
A certificate acquisition step of acquiring from the network device a first certificate distributed to the network device from the certificate distribution server;
An authentication process step of performing an authentication process on the acquired first certificate;
And a relay step of relaying network communication between the network device and the database when the first certificate is authenticated in the authentication process. A device data holding step for holding device data; and
A certificate holding step for holding the first certificate distributed from the certificate distribution server for distributing the certificate;
A certificate providing step of providing the held first certificate to a network relay device that relays network communication with a database;
A certificate acquisition step of acquiring from the network relay device a second certificate distributed from the certificate distribution server to the network relay device;
An authentication processing step of performing an authentication process on the acquired second certificate;
And a device data transmission step of transmitting the device data to the database via the network relay device when the second certificate is authenticated in the authentication process. A first certificate to be distributed to a network device that transmits device data to a database is generated, and a second certificate to be distributed to a network relay device that relays network communication between the network device and the database is generated. A certificate generation step to generate;
A certificate distribution step of distributing the generated first certificate to the network device and distributing the generated second certificate to the network relay device. Control method.   The control method of the authentication management system according to claim 6, further comprising a program distribution step of distributing an authentication processing program for performing certificate authentication processing to the network device and the network relay device. A certificate holding process for holding the second certificate distributed from the certificate distribution server for distributing the certificate;
A certificate providing process for providing the held second certificate to a network device that performs network communication with the database;
A certificate acquisition process for acquiring from the network device a first certificate distributed to the network device from the certificate distribution server;
Authentication processing for performing authentication processing on the acquired first certificate;
A control program for a network relay device, which causes a computer to execute relay processing for relaying network communication between the network device and the database when the first certificate is authenticated in the authentication processing. Device data holding processing for holding device data;
A certificate holding process for holding the first certificate distributed from the certificate distribution server for distributing the certificate;
A certificate providing process for providing the held first certificate to a network relay device that relays network communication with a database;
A certificate acquisition process for acquiring from the network relay device a second certificate distributed from the certificate distribution server to the network relay device;
An authentication process for performing an authentication process on the acquired second certificate;
A network device control program for causing a computer to execute a device data transmission process for transmitting the device data to the database via the network relay device when the second certificate is authenticated in the authentication process. A first certificate to be distributed to a network device that transmits device data to a database is generated, and a second certificate to be distributed to a network relay device that relays network communication between the network device and the database is generated. The certificate generation process to generate,
Authentication that causes a computer to execute certificate distribution processing for distributing the generated first certificate to the network device and distributing the generated second certificate to the network relay device Control system control program.

Images