WO2017073030A1 - Gateway device, communication control method, communication control system, and program storage medium - Google Patents

Gateway device, communication control method, communication control system, and program storage medium Download PDF

Info

Publication number
WO2017073030A1
WO2017073030A1 PCT/JP2016/004598 JP2016004598W WO2017073030A1 WO 2017073030 A1 WO2017073030 A1 WO 2017073030A1 JP 2016004598 W JP2016004598 W JP 2016004598W WO 2017073030 A1 WO2017073030 A1 WO 2017073030A1
Authority
WO
WIPO (PCT)
Prior art keywords
communication
communication device
predetermined information
gateway device
setting
Prior art date
Application number
PCT/JP2016/004598
Other languages
French (fr)
Japanese (ja)
Inventor
雅一 清水
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Publication of WO2017073030A1 publication Critical patent/WO2017073030A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges

Definitions

  • the present invention relates to a technique for setting information necessary for controlling a communication operation performed by a communication device via a gateway device in the gateway device.
  • a plurality of communication devices having communication functions such as a personal computer (PC: Personal Computer), a printer, and a game machine in a home are connected to each other via a local area network (LAN).
  • these communication devices are connected to an external server or the like via a LAN, a gateway device such as a home router, and a wide area network (WAN).
  • LAN local area network
  • WAN wide area network
  • Patent Document 1 describes a technique in which an information processing apparatus performs communication settings suitable for a network to which the information processing apparatus belongs based on setting information transmitted from a server.
  • Patent Document 2 describes a technique in which setting of each field device is performed via a network by registering setting information of a large number of field devices in a supply server.
  • Patent Document 3 describes a technique in which network device receives communication setting information for performing communication setting from a setting terminal, and the network device performs communication setting based on the received communication setting information.
  • Patent Document 4 describes a gateway device that automatically acquires a device identifier for allowing a device to participate in a network by analyzing a transmission radio wave of the device.
  • the user When the user sets information on individual communication devices in the gateway device, the user acquires information on each communication device by referring to a manual, for example. Based on the acquired information, the user manually sets communication device information in the gateway device. This setting work takes time and effort, and inappropriate information may be set.
  • Patent Documents 1 to 3 are all techniques for setting communication in the communication device itself. Patent Documents 1 to 3 do not disclose a technique for setting communication in the gateway device.
  • the gateway device in order to acquire a device identifier associated with a communication device, the gateway device needs to analyze a radio wave transmitted by the communication device. Therefore, the gateway device must be equipped with a radio wave analysis device such as a packet analyzer or a sniffer. Such a device configuration is redundant and complicated. Further, when the radio wave analysis fails, the gateway device cannot acquire the device identifier, and cannot connect the communication device that cannot acquire the device identifier to the network or another communication device.
  • a radio wave analysis device such as a packet analyzer or a sniffer.
  • a main object of the present invention is to provide a technology that can easily set information necessary for controlling communication of a communication device via a gateway device in the gateway device.
  • the gateway device of the present invention provides: Determining means for determining the content of communication settings related to communication of the communication device via its own device based on predetermined information corresponding to the type of communication device to be controlled; Communication control means for controlling communication of the communication device via the own apparatus according to the determined communication setting; Is provided.
  • the communication control method of the present invention includes: Based on predetermined information according to the type of communication device to be controlled, determine the content of communication settings related to communication of the communication device through its own device, Control communication of the communication device via the own apparatus according to the determined communication setting.
  • the communication control system of the present invention A database server that associates and holds an identifier of a communication device and predetermined information corresponding to the type of the communication device; A gateway device connected to the communication device and the database server, The gateway apparatus determines a communication setting content related to the communication device based on the predetermined information; A communication control unit for controlling communication via the gateway device by the communication device according to the determined communication setting; Have
  • the program storage medium of the present invention includes: Based on predetermined information corresponding to the type of communication device to be controlled for communication, processing for determining the content of communication settings related to communication of the communication device via its own device; A process for controlling communication of the communication device via the own apparatus according to the determined communication setting; A computer program for causing a computer to execute is stored.
  • information necessary for controlling communication of the communication device via the gateway device can be easily set in the gateway device.
  • FIG. 1 is a block diagram illustrating the configuration of a gateway device 4 according to an embodiment of the invention.
  • FIG. 2 is a diagram illustrating the configuration of a communication control system including the gateway device 4.
  • the gateway device 4 includes a determination unit 22 and a communication control unit 24.
  • gateway device 4 is connected to a communication device (for example, devices 2A to 2C in FIG. 2).
  • the determination unit 22 determines the content of communication settings related to communication of the communication device via the own device (gateway device 4) based on predetermined information corresponding to the type of communication device.
  • Examples of communication device types include PCs (Personal Computers), home appliances, game machines, and surveillance cameras.
  • examples of predetermined information according to the type of communication device include product category, usage, communication function, security function / performance, (product) related information, recommended communication settings, etc. as shown in FIG. There is.
  • examples of communication setting contents regarding the communication device include network separation, QoS (Quality of Service), effective port, encryption processing, access restriction / notification to the user, etc. as shown in FIG.
  • the communication control unit 24 communicates with the communication device via the gateway device 4 according to the determined communication settings (for example, communication within the LAN (Local Area Network) 8 in FIG. 2, WAN (Wide Area Network) 10 side). Communication).
  • the determined communication settings for example, communication within the LAN (Local Area Network) 8 in FIG. 2, WAN (Wide Area Network) 10 side). Communication).
  • the gateway device 4 can set communication settings relating to communication of the communication device via the own device by the gateway device 4 itself. This is because the gateway device 4 determines the contents of communication settings related to the communication device (network separation, QoS, effective port, effective address, encryption processing, access restriction, notification to the user, etc.) based on information according to the type of the communication device. This is because it can be determined by the device itself.
  • FIG. 2 is a diagram illustrating a connection configuration of the communication control system according to the first embodiment.
  • the communication control system of the first embodiment includes a gateway device 4 and a database server 6.
  • the gateway device 4 and the database server 6 are connected via a WAN (Wide Area Network) 10.
  • Communication devices 2A to 2C are connected to the gateway device 4 via a LAN (Local Area Network) 8 such as Ethernet (registered trademark) or Wi-Fi (Wireless Fidelity) (registered trademark).
  • the communication devices 2A to 2C are, for example, surveillance cameras, game machines, home appliances (TVs, air conditioners, refrigerators, etc.), PCs (Personal Computers), and the like.
  • the communication devices 2A to 2C are collectively referred to as the communication device 2 as appropriate.
  • FIG. 3 is a block diagram illustrating the configuration of the gateway device 4.
  • the gateway device 4 includes a communication unit 12, a request transmission unit 14, a database 16, a search unit 18, a reception unit 20, a determination unit 22, a communication control unit 24, a fraud report unit 26, an alarm generation unit 28, A reporting database 30 is provided.
  • the communication unit 12 sends information to the communication device 2 and the database server 6 connected to the gateway device 4. In addition, the communication unit 12 receives information from the communication device 2 and the database server 6.
  • the search unit 18 executes the following search operation. That is, the search unit 18 confirms whether or not “predetermined information” regarding the communication device 2 associated with the received identifier of the communication device 2 is stored in the database 16.
  • the identifier for example, MAC (Media Access Control) address
  • FIG. 4 is a table illustrating information held in the database 16 of the gateway device 4.
  • the database 16 holds communication device identifiers, “predetermined information”, and communication settings determined by the determination unit 22 in association with each other.
  • the “predetermined information” is information corresponding to the type of the communication device 2 as shown in FIG. 4, for example, “product category”, “use”, “communication function”, “security function”. , Performance ",” related information "and” recommended communication settings ".
  • “Recommended communication settings” are recommended communication settings based on at least one of “Product category”, “Usage”, “Communication function”, “Security function / performance”, and “Related information”. Including.
  • the recommended communication setting may be, for example, a communication setting recommended by a vendor of the communication device 2 or a vendor of an application operating on the communication device 2.
  • “recommended communication settings” regarding “related information” may include “designation / restriction of transmission IP (Internet protocol) address and reception IP address”. Such a communication setting permits, for example, access to a server used for service provision by the communication device 2 and a server used when updating firmware (these servers have specific IP addresses). Can be used for.
  • the request transmission unit 14 inquires the database server 6 about the “predetermined information” regarding the communication device 2 (requests information). At this time, the request transmission unit 14 uses all or part of the identifier (MAC address) of the communication device 2 received from the communication device 2.
  • MAC address identifier
  • the receiving unit 20 receives “predetermined information” regarding the communication device 2 from the database server 6 via the communication unit 12.
  • the receiving unit 20 stores the received “predetermined information” in the database 16 in association with the identifier (MAC address) of the communication device 2.
  • the determination unit 22 performs communication settings regarding the communication device 2 (for example, network separation, QoS, security measures, communication rejection, etc.) based on the “predetermined information” acquired from the database server 6 or the database 16. For example, the determination unit 22 performs communication setting for separating a network accessible by the communication device 2 from other networks according to “product category” included in “predetermined information”. In addition, the determination unit 22 performs communication settings related to the bandwidth and priority of communication by the communication device 2 according to the “use” included in the “predetermined information”. Furthermore, the determination unit 22 performs communication settings related to an effective port for communication by the communication device 2 according to the “communication function” included in the “predetermined information”.
  • the determination unit 22 substitutes the gateway device 4 for encryption processing (encryption processing, decryption processing, etc.) for the communication device 2 in accordance with the “security function / performance” included in the “predetermined information”.
  • Make communication settings as follows. Furthermore, the determination unit 22 blocks access to at least some ports and addresses by the communication device 2 or rejects communication by the communication device 2 according to “related information” included in the “predetermined information”. Set the communication settings to be performed. Alternatively, the determination unit 22 notifies the user of related information using a predetermined notification method. Further, when the communication setting as described above is completed, the determination unit 22 registers the completed communication setting content in the database 16 in association with the identifier of the communication device 2. Furthermore, the determination unit 22 displays the contents of the set communication settings and the like together with the acquired identifier (MAC address) of the communication device 2 on the screen that displays the internal information of the gateway device 4.
  • MAC address acquired identifier
  • the communication control unit 24 controls communication of the communication device 2 via its own device (gateway device 4) according to the communication setting determined by the determination unit 22. Further, the communication control unit 24 notifies the fraud report unit 26 of information related to the fraudulent communication when communication (illegal communication) that violates the product category, usage, or the like is detected.
  • the fraud report unit 26 notifies the user and the database server 6 of information related to fraudulent communication. Specifically, the fraud report unit 26 uses the alarm generation unit 28 to notify the user of the occurrence of unauthorized communication. Further, the fraud report unit 26 accumulates information related to fraudulent communication in the report database 30. Further, the fraud report unit 26 reports information related to unauthorized communication to the database server 6 via the communication unit 12.
  • FIG. 5 is a block diagram illustrating the configuration of the database server 6.
  • the database server 6 includes a communication unit 32, a request reception unit 34, an information database 36, a search unit 38, a transmission unit 40, a report reception unit 42, and a report database 44.
  • the communication unit 32 sends information to the gateway device 4 and receives information from the gateway device 4.
  • the request receiving unit 34 When the request receiving unit 34 receives an information request for “predetermined information” from the gateway device 4 together with the identifier of the communication device 2 via the communication unit 32, the request receiving unit 34 transfers the received information request to the search unit 38.
  • the search unit 38 Upon receiving the information request, the search unit 38 refers to the information database 36 and searches for “predetermined information” associated with the identifier (MAC address) of the communication device 2 received from the gateway device 4.
  • FIG. 6 is a table illustrating information stored in the information database 36 of the database server 6.
  • the information database 36 holds the identifier of the communication device 2 and “predetermined information” in association with each other.
  • predetermined information means “product category”, “use”, “communication function”, “security function, performance”, “related information”, and “related information” of the communication device 2, as shown in FIG. "Recommended communication settings”.
  • “Recommended communication settings” are recommended communication based on at least one of “product category”, “use”, “communication function”, “security function / performance”, and “related information”. Includes settings.
  • the “recommended communication setting” may be a communication setting recommended by the vendor of the communication device 2 or the vendor of the application operating on the communication device 2, for example.
  • the transmission unit 40 transmits the searched “predetermined information” to the gateway device 4 via the communication unit 32.
  • the report receiving unit 42 stores information on the unauthorized communication from the gateway device 4 via the communication unit 32 and stores it in the report database 44.
  • FIG. 7 is a sequence diagram illustrating the operation of the communication control system.
  • the communication device 2 transmits a communication request together with the identifier of the communication device 2 to the gateway device 4 (step A1).
  • an identifier of the communication device 2 exchanged when the communication device 2 starts communication for example, there is a MAC (Media Access Control) address.
  • the MAC address is individually assigned to the communication device 2 and is information unique to the communication device 2.
  • the identifier of the communication device 2 is a MAC address will be described.
  • the identifier of the communication device 2 is not limited to the MAC address, and can uniquely identify the communication device 2 (or a product) As long as it can identify the type).
  • the communication unit 12 of the gateway device 4 receives the communication request including the identifier (MAC address) transmitted from the communication device 2. Then, the search unit 18 of the gateway device 4 refers to the database 16 and confirms whether or not information related to the communication device 2 is held in association with the received MAC address (step A2). If the database 16 holds the information, the process proceeds to step A7. On the other hand, when the database 16 does not hold the information, the request transmission unit 14 uses the information of all or a part of the MAC address received from the communication device 2 to transmit the information on the communication device 2 to the database server 6. Is requested (step A3).
  • the request receiving unit 34 of the database server 6 accepts a request from the gateway device 4 via the communication unit 32 and transfers the request to the search unit 38.
  • the search unit 38 refers to the information database 36 in response to the received request, and searches for “predetermined information” associated with the MAC address received from the gateway device 4 (step A4).
  • the transmission unit 40 transmits (replies) the searched “predetermined information” to the gateway device 4 via the communication unit 32 (step A5).
  • predetermined information means “product category”, “use”, “communication function”, “security function, performance”, “related information”, and “recommended communication setting” of the communication device 2.
  • Recommended communication settings are recommended communication based on at least one of “product category”, “use”, “communication function”, “security function / performance”, and “related information”. Includes settings.
  • the receiving unit 20 of the gateway device 4 receives “predetermined information” regarding the communication device 2 from the database server 6 via the communication unit 12.
  • the receiving unit 20 registers the received “predetermined information” in the database 16 in association with the MAC address of the communication device 2 (step A6).
  • the database 16 in the gateway device 4 is updated regularly.
  • (2) Automatic setting of communication connection The determination unit 22 of the gateway device 4 is based on “predetermined information” received from the database server 6 or “predetermined information” registered in the database 16.
  • the communication setting is performed (step A7).
  • the communication settings performed by the determination unit 22 may include the following settings (2.1) to (2.5), for example.
  • the determination unit 22 determines according to “product category”, that is, according to categories such as home appliances and OA (Office Automation) devices. Perform network separation (for example, access restriction). For example, when the “product category” of the communication device 2 is “game machine”, the determination unit 22 unconditionally disables connection to the LAN. At this time, even if a Wi-Fi (Wireless Fidelity) SSID (Service Set Identifier) and a password are set, the communication device 2 corresponding to the game machine cannot be connected to the LAN 8. As another example, when the “product category” of the communication device 2 is “home appliance”, the determination unit 22 can disable communication with the WAN 10 side.
  • “product category” of the communication device 2 is “game machine”
  • SSID Service Set Identifier
  • the determination unit 22 performs settings related to the QoS of communication (for example, traffic limit or priority setting) according to “use”. For example, the determination unit 22 can give high priority to communication with real-time requirement and give low priority to other communication. For example, when the communication device 2 is a monitoring camera, an image captured by the monitoring camera is transferred to an external storage device or a personal computer via the gateway device 4, and the captured image is monitored on a personal computer in real time (use ). In such a case, since the real-time property is required as the “use” of communication performed by the communication device 2, the determination unit 22 sets the priority of communication by the communication device 2 to a high priority.
  • the determination unit 22 performs effective port setting according to “Communication Function (Protocol to be Used)”. Generally, since a port to be used is determined in advance according to the type of the communication device 2, the determination unit 22 blocks inappropriate communication by discarding (dropping) a packet addressed to an unused port.
  • the determination unit 22 performs encryption processing (encryption, encryption, etc.) when performing communication through the network according to “security function / performance”. Communication settings that support decoding, etc.). Some communication devices 2 do not have a cryptographic processing function (or do not have sufficient processing capability). In such a case, the determination unit 22 sets the gateway device 4 to substitute processing related to the security function (for example, communication encryption).
  • the determination unit 22 determines at least some ports and addresses by the communication device 2 according to “(Product) related information”.
  • the communication setting for blocking the access to the communication device 2 or rejecting the communication by the communication device 2 is performed.
  • the determination part 22 may notify a user of related information.
  • “(product) related information” is information related to a product, and indicates information updated as needed.
  • the determination unit 22 performs communication settings such as blocking access to some ports and addresses, or performing full communication rejection. . Furthermore, the determination unit 22 notifies the user of alarm information as necessary.
  • the gateway device 4 transmits a mail including the alarm information to a user terminal connected to the gateway device 4.
  • the gateway device 4 may light or blink a warning LED (Light Emitting Diode) provided in the gateway device 4.
  • the determination unit 22 notifies the user terminal by e-mail. May be.
  • the determination unit 22 registers the determined communication setting in the database 16 when the communication setting (step A7) is completed. In addition, the determination unit 22 determines on the screen (for example, the display of a user terminal (such as a PC) connected to the gateway device 4) the internal information of the gateway device 4 together with the acquired MAC address of the communication device 2. The communication settings determined by the unit 22 are displayed. For example, based on the acquired information, the determination unit 22 displays information such as the device name, model number, and network distinction of the communication device 2 on the display of the user terminal connected to the gateway device 4 together with the MAC address. May be. Thereby, the user can confirm whether or not the communication setting intended by the user is made by referring to the communication setting automatically set by the gateway device 4.
  • the communication control unit 24 of the gateway device 4 controls communication of the communication device 2 using the gateway device 4 according to the communication setting determined in step A7 (steps A8 and A9). Further, when communication (illegal communication) that violates the product category, usage, or the like is detected, the communication control unit 24 includes information on unauthorized communication (for example, the identifier of the communication device 2 that performed unauthorized communication, the content of unauthorized communication, etc. ) To the fraud report unit 26. The fraud report unit 26 notifies the user and the database server 6 of information related to fraudulent communication. Specifically, the alarm generation unit 28 notifies the user of the occurrence of unauthorized communication.
  • the notification method is not particularly limited, for example, methods such as lighting or blinking of a lamp, generation of an alarm sound, and mailing to a user terminal are used.
  • the fraud report unit 26 accumulates information related to fraudulent communication in the report database 30 so that registration information in the report database 30 can be referred to from a user terminal. Further, the fraud report unit 26 reports information related to the fraudulent communication to the database server 6 via the communication unit 12 (step A10).
  • the report receiving unit 42 of the database server 6 receives information related to unauthorized communication via the communication unit 32, the report receiving unit 42 registers it in the report database 44 (step A11).
  • the information held in the database 16 of the gateway device 4 and the information database 36 of the database server 6 are appropriately updated and synchronized (steps A12 and A13).
  • the gateway device 4 acquires predetermined information corresponding to the type of the communication device 2 from the database server 6 and performs communication settings of the communication device 2 based on the acquired information. Therefore, in the communication control system according to the first embodiment, the communication setting in the gateway device 4 necessary for the communication device 2 to communicate via the gateway device 4 is set by the gateway device 4 instead of manually by a user or the like. Is done.
  • communication setting is performed by the gateway device 4 without the user himself investigating and setting information of the communication device 2. Therefore, the communication using the gateway device 4 is appropriately controlled by the gateway device 4 without being adversely affected by the information input error to the gateway device 4. Therefore, the user only needs to set the communication policy and the update frequency of the internal database to the gateway device 4. Furthermore, in the communication control system according to the first embodiment, since the communication device 2 does not need to notify the gateway device 4 of information related to the own device, the user first selects a number of communication devices 2 including the existing communication device 2. It can be applied to the communication control system of the embodiment. Second Embodiment Next, a communication control system according to a second embodiment of the present invention will be described with reference to the drawings.
  • the communication settings determined by the gateway device 4 are also stored in the database server 6 in addition to information according to the type of the communication device 2 and information related to unauthorized communication.
  • a plurality of gateway devices 4 can be connected to the database server 6 and these gateway devices 4 can share communication settings.
  • FIG. 8 is a diagram illustrating a configuration of a communication control system according to the second embodiment.
  • the communication control system includes gateway devices 4P and 4Q and a database server 6.
  • the gateway devices 4P and 4Q and the database server 6 are connected via the WAN 10.
  • Communication devices 2A to 2C are connected to the gateway apparatus 4P via a LAN 8P such as Ethernet (registered trademark) or Wi-Fi.
  • the gateway device 4Q is connected to the communication device 2 (for example, the communication device 2C) via the LAN 8Q.
  • the gateway devices 4P and 4Q are also collectively referred to as the gateway device 4 as appropriate.
  • gateway devices 4P, 4Q As a case where communication settings are shared among a plurality of gateway devices 4P, 4Q, for example, it is conceivable to share communication settings between a gateway device 4P at home and a gateway device 4Q at a separate house (villa, etc.). In addition, when the old and new gateway devices 4 are replaced, the communication settings of the gateway device 4P before the replacement may be transferred to the gateway device 4Q after the replacement. Furthermore, a case where communication settings are collectively performed (synchronized) for a plurality of access points (gateway devices 4) provided on each of a plurality of floors of an office building is conceivable. Note that these cases are merely examples, and cases where the communication control system of the second embodiment is effective are not limited thereto. Further, the connection configuration shown in FIG. 8 and the number of gateway devices 4 and communication devices 2 are merely examples.
  • the gateway devices 4P and 4Q in the second embodiment also have the same configuration as the gateway device 4 (see FIG. 3) in the first embodiment.
  • the determination unit 22 of the gateway device 4 also sends the determined communication settings to the database server 6.
  • the database server 6 in the second embodiment also has the same configuration as the database server 6 (see FIG. 5) in the first embodiment.
  • the information database 36 of the database server 6 also holds the communication settings sent from the gateway device 4.
  • the information database 36 holds the communication settings acquired from the gateway device 4, but the database server 6 may hold the acquired communication settings in a separate database.
  • FIG. 9 is a table illustrating information stored in the information database 36 of the database server 6 in the second embodiment.
  • the information database 36 holds the identifier of the gateway device 4, the identifier of the communication device 2, “predetermined information”, and the “communication setting” determined by the gateway device 4. To do. If there is no need to identify the gateway device 4 that has determined the communication setting, the identifier of the gateway device 4 in FIG. 9 may be omitted.
  • the search unit 38 when the search unit 38 receives an information request from the gateway device 4, the search unit 38 refers to the information database 36 in response to the information request. Then, the search unit 38 searches the information database 36 for “predetermined information” and “communication setting” regarding the communication device 2 having the MAC address (the identifier of the communication device 2) received from the gateway device 4. The transmission unit 40 transmits the searched “predetermined information” and “communication setting” to the gateway device 4. On the other hand, when the “communication setting” associated with the MAC address included in the information request is not registered in the information database 36, the transmission unit 40 transmits only “predetermined information” to the gateway device 4.
  • FIG. 10 is a sequence diagram illustrating the operation of the communication control system according to the second embodiment.
  • the communication settings regarding the communication devices 2A and 2C determined by the gateway device 4P have been registered in the information database 36 of the database server 6.
  • the operation when the communication device 2A or 2B is connected to the gateway device 4Q will be described.
  • step B1 The operation in which the communication device 2 sends a communication request to the gateway device 4Q (step B1) and the operation in which the gateway device 4Q confirms the database 16 (step B2) are steps A1 and A2 in the first embodiment (FIG. 7). This is the same as the operation of (see).
  • the request receiving unit 34 of the database server 6 receives the information request from the gateway device 4 via the communication unit 32 and transfers the information request to the search unit 38.
  • the search unit 38 refers to the information database 36 in response to the information request, and searches for “predetermined information” and “communication setting” information associated with the MAC address received from the gateway device 4 (step B4).
  • “communication setting” associated with the MAC address exists (that is, the communication device 2A has accessed the gateway device 4Q).
  • the transmission unit 40 transmits the searched “predetermined information” and “communication setting” to the gateway device 4 via the communication unit 32 (step B5).
  • the transmission unit 40 transmits the searched “predetermined information” to the gateway device 4 via the communication unit 32 (step B5).
  • the database server 6 may also perform processing such as user authentication if necessary when sharing communication settings among a plurality of gateway devices (for example, the gateway devices 4P and 4Q). .
  • step B6 When “predetermined information” is received from the database server 6, the information registration operation (step B6) and communication setting operation (step B7) performed by the gateway device 4Q are the steps A6 and A7 of the first embodiment (see FIG. 7). It is the same.
  • the receiving unit 20 of the gateway device 4 ⁇ / b> Q stores the received “predetermined information” and “communication setting” information in the database 16.
  • Store step B6.
  • the MAC address of the communication device 2 is associated with the stored “predetermined information” and “communication setting” information.
  • the determination unit 22 performs communication setting of the communication device 2 that has transmitted the communication request based on the “communication setting” received from the database server 6 (step B7).
  • the communication control system of the second embodiment has the following effects in addition to the effects of the communication control system of the first embodiment.
  • a plurality of gateway devices 4 can share communication setting information via the database server 6. Therefore, according to the second embodiment, the communication device 2 does not depend on the gateway device 4 to be connected (that is, does not depend on the LAN 8 to be accessed), and the same type of communication device 2 can enjoy the same communication setting. It becomes possible.
  • the user only needs to set a policy related to communication setting in any one of the plurality of gateway devices 4, and set and manage the policy for each of the plurality of gateway devices 4. You are freed from the complexity. Therefore, when a plurality of gateway devices 4 are used in a home and a separate home, when the old and new gateway devices 4 are replaced, or when the gateway devices 4 are installed on each of a plurality of floors, management of the gateway devices is facilitated.
  • MAC address is used as the identifier of the communication device 2
  • MAC address “AB: CD: EF: ab: 12: 34” is given to the communication device 2
  • the “AB: CD: EF” portion of the MAC address can be used as information representing the manufacturer.
  • the assignment of the product / individual number varies depending on the manufacturer, but here, as an example, it is assumed that “ab” is information representing a product (model number) and “12:34” is individual information.
  • the MAC address “AB: CD: EF: ab: 12: 34” can be used as the identifier of the communication device 2 in the database 16 (see FIG. 4) of the gateway device 4.
  • the identifier managed by the information database 36 (see FIG. 6) of the database server 6 only needs to identify the product (model number) of the communication device 2. Therefore, it is not necessary to hold “predetermined information” for each identifier of the communication device 2. That is, in the information database 36 of the database server 6, the identifier is given in a state associated with the identifier “AB: CD: EF: ab: **: **” (* is a symbol representing an arbitrary character). It is only necessary to hold “predetermined information” regarding the communication device 2.
  • the amount of data held by the information database 36 can be significantly reduced.
  • a gateway device connected to a communication device, A determination unit that determines communication settings for the communication device based on predetermined information according to a type of the communication device; A communication control unit that controls communication by the communication device via the gateway device according to the determined communication setting.
  • the predetermined information includes at least one of a product category, usage, communication function, security function / performance, related information, and recommended communication setting.
  • the recommended communication setting is a communication setting recommended for at least one of product category, application, communication function, security function / performance, and related information
  • the determining unit determines communication settings for the communication device according to the recommended communication settings.
  • the determination unit When the predetermined information includes a product category, the determination unit performs communication setting for separating a network accessible by the communication device and other networks according to the product category.
  • the determining unit when the predetermined information includes a use, performs communication settings related to the bandwidth and priority of communication by the communication device according to the use.
  • the gateway device according to any one of appendix 2 to appendix 4.
  • the determining unit when the predetermined information includes a communication function, performs communication setting related to an effective port of communication by the communication device according to the communication function.
  • the gateway device according to any one of appendix 2 to appendix 5.
  • the determining unit when the predetermined information includes a security function / performance, according to the security function / performance, performs communication settings to replace the encryption processing by the communication device by the gateway device, The gateway device according to any one of appendix 2 to appendix 6.
  • the determination unit when the predetermined information includes related information, to block access to at least some ports and addresses by the communication device, or to perform communication settings to refuse communication by the communication device, or , Notifying the user of the related information,
  • the gateway device according to any one of appendices 2 to 7.
  • a database that stores the identifier of the communication device and the predetermined information in association with each other;
  • a communication unit that receives a communication request including an identifier of the communication device from the communication device,
  • the determining unit refers to the database and determines communication settings for the communication device based on the predetermined information associated with an identifier included in the communication request.
  • the gateway device according to any one of supplementary notes 1 to 8.
  • a request transmission unit that inquires the database server for the predetermined information using the identifier; Receiving the predetermined information from the database server in response to the inquiry, and storing in the database in association with the identifier, The gateway device according to attachment 9.
  • the determination unit stores the determined communication setting for the communication device in the database in association with the identifier of the communication device and the predetermined information.
  • the gateway device determining communication settings for the communication device based on predetermined information according to a type of the communication device; and Controlling communication via the gateway device by the communication device in accordance with the determined communication settings.
  • the predetermined information includes at least one of a product category, usage, communication function, security function / performance, related information, and recommended communication setting.
  • the recommended communication setting is a communication setting recommended for at least one of product category, application, communication function, security function / performance, and related information,
  • the gateway device determines communication settings for the communication device according to the recommended communication settings;
  • the gateway device performs communication setting for separating a network accessible by the communication device and a network other than the network according to the product category.
  • the communication control method according to Supplementary Note 13 or Supplementary Note 14.
  • the gateway device When the predetermined information includes a use, the gateway device performs communication settings related to the bandwidth and priority of communication by the communication device according to the use. The communication control method according to any one of supplementary notes 13 to 15.
  • the gateway device When the predetermined information includes a communication function, the gateway device performs communication setting related to an effective port of communication by the communication device according to the communication function. The communication control method according to any one of supplementary notes 13 to 16.
  • the gateway device When the predetermined information includes a security function / performance, the gateway device performs communication setting so that encryption processing by the communication device is replaced by the gateway device according to the security function / performance. 18. The communication control method according to any one of appendix 13 to appendix 17.
  • the gateway device when the predetermined information includes related information, performs a communication setting to block access to at least some ports and addresses by the communication device, or to refuse communication by the communication device, or , Notifying the user of the related information, The communication control method according to any one of appendix 13 to appendix 18.
  • the gateway device associating the identifier of the communication device and the predetermined information in a database, Receiving a communication request including an identifier of the communication device from the communication device; and The determination of the communication setting for the communication device is performed based on the predetermined information associated with the identifier included in the communication request with reference to the database.
  • the communication control method according to attachment 13.
  • the gateway device inquires the database server for the predetermined information using the identifier; , Obtaining the predetermined information from the database server in response to the inquiry and storing it in the database in association with the identifier.
  • the communication control method according to attachment 20 [Appendix 22]
  • the gateway device includes storing the determined communication setting for the communication device in the database in association with the identifier of the communication device and the predetermined information.
  • a database server that associates and holds an identifier of a communication device and predetermined information corresponding to the type of the communication device;
  • a gateway device connected to the communication device and the database server, The gateway device determines a communication setting for the communication device based on the predetermined information;
  • a communication control unit for controlling communication via the gateway device by the communication device according to the determined communication setting, A communication control system characterized by that.
  • the determining unit notifies the database server of an identifier of the communication device and a communication setting determined for the communication device,
  • the database server stores the identifier of the gateway device, the identifier of the communication device, and the communication setting determined for the communication device in association with each other, and queries the predetermined information from the other gateway device to the communication device.

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Small-Scale Networks (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

Provided is art capable of easily setting, in a gateway device, information required for controlling the communication of a communication device via the gateway device. A gateway device 4 is provided with a determination unit 22 and a communication control unit 24. On the basis of predetermined information corresponding to the type of communication device for which communication is to be controlled, the determination unit 22 determines the content of communication settings related to the communication of the communication device 2 via said device 4. The communication control unit 24 controls the communication of the communication device 2 via said device 4 in accordance with the determined communication settings.

Description

ゲートウェイ装置、通信制御方法、通信制御システム、および、プログラム記憶媒体Gateway device, communication control method, communication control system, and program storage medium
 本発明は、ゲートウェイ装置を介して通信デバイスが行う通信動作を制御するために必要な情報をゲートウェイ装置に設定する技術に関する。 The present invention relates to a technique for setting information necessary for controlling a communication operation performed by a communication device via a gateway device in the gateway device.
 家庭内におけるパーソナルコンピュータ(PC:Personal Computer)、プリンタ、ゲーム機器等の通信機能を備えた複数の通信デバイスをローカルエリアネットワーク(LAN:Local Area Network)を介して相互に接続する場合がある。また、これらの通信デバイスを、LANと、ホームルータ等のゲートウェイ装置と、広域通信網(WAN:Wide Area Network)とを介して外部のサーバ等に接続する場合がある。このように通信デバイスが他の通信デバイスや外部のサーバ等に接続するためには、ユーザは、個々の通信デバイスの性能を確認した上で、通信動作に必要な情報(設定情報)を各通信デバイスに設定する通信設定を手動で行う必要がある。 In some cases, a plurality of communication devices having communication functions such as a personal computer (PC: Personal Computer), a printer, and a game machine in a home are connected to each other via a local area network (LAN). In some cases, these communication devices are connected to an external server or the like via a LAN, a gateway device such as a home router, and a wide area network (WAN). In this way, in order for a communication device to connect to another communication device or an external server, the user confirms the performance of each communication device and then transmits information (setting information) necessary for the communication operation to each communication. You need to manually configure the communication settings for the device.
 特許文献1には、情報処理装置が、サーバから送信された設定情報に基づき、属するネットワークに適した通信の設定を行う技術が記載されている。 Patent Document 1 describes a technique in which an information processing apparatus performs communication settings suitable for a network to which the information processing apparatus belongs based on setting information transmitted from a server.
 また、特許文献2には、多数のフィールドデバイスの設定情報を供給サーバに登録しておくことで、各フィールドデバイスの設定がネットワーク経由で実施される技術が記載されている。 Patent Document 2 describes a technique in which setting of each field device is performed via a network by registering setting information of a large number of field devices in a supply server.
 さらに、特許文献3には、ネットワーク機器が通信設定を行うための通信設定情報を設定端末から受信し、この受信した通信設定情報に基づいてネットワーク機器が通信設定を行う技術が記載されている。 Furthermore, Patent Document 3 describes a technique in which network device receives communication setting information for performing communication setting from a setting terminal, and the network device performs communication setting based on the received communication setting information.
 また、特許文献4には、デバイスの送信電波の解析により当該デバイスをネットワークに参加させるためのデバイス識別子を自動的に取得するゲートウェイ装置が記載されている。 Further, Patent Document 4 describes a gateway device that automatically acquires a device identifier for allowing a device to participate in a network by analyzing a transmission radio wave of the device.
特開2012-199838号公報JP 2012-199838 A 特開2009-284183号公報JP 2009-284183 A 特開2007-306239号公報JP 2007-306239 A 特開2014-007668号公報JP 2014-007668 A
 個々の通信デバイスの情報を、ゲートウェイ装置にユーザが設定する場合、ユーザは、例えば、マニュアル等を参照することにより各通信デバイスに関する情報を取得する。そして、取得した情報に基づいて、ユーザは、手動によりゲートウェイ装置に通信デバイスの情報を設定する。この設定作業には手間や時間がかかり、また、不適切な情報が設定されてしまうおそれもある。 When the user sets information on individual communication devices in the gateway device, the user acquires information on each communication device by referring to a manual, for example. Based on the acquired information, the user manually sets communication device information in the gateway device. This setting work takes time and effort, and inappropriate information may be set.
 特許文献1~3に記載されている技術はいずれも通信デバイス自体に通信設定を行う技術である。特許文献1~3には、ゲートウェイ装置に通信設定を行う技術は開示されていない。 The techniques described in Patent Documents 1 to 3 are all techniques for setting communication in the communication device itself. Patent Documents 1 to 3 do not disclose a technique for setting communication in the gateway device.
 また、特許文献4に記載されている技術では、通信デバイスに関連付けるデバイス識別子を取得するために、ゲートウェイ装置は、通信デバイスが送信する電波を解析する必要がある。したがって、ゲートウェイ装置は、パケットアナライザやスニッファ等の電波解析装置を搭載しなければならない。このような装置構成は、冗長かつ複雑となる。また、ゲートウェイ装置は、電波の解析に失敗した場合、デバイス識別子を取得できず、当該デバイス識別子を取得できなかった通信デバイスをネットワークや他の通信デバイスに接続することができない。 In the technique described in Patent Document 4, in order to acquire a device identifier associated with a communication device, the gateway device needs to analyze a radio wave transmitted by the communication device. Therefore, the gateway device must be equipped with a radio wave analysis device such as a packet analyzer or a sniffer. Such a device configuration is redundant and complicated. Further, when the radio wave analysis fails, the gateway device cannot acquire the device identifier, and cannot connect the communication device that cannot acquire the device identifier to the network or another communication device.
 本発明は上記課題を解決するために考え出された。すなわち、本発明の主な目的は、ゲートウェイ装置を介した通信デバイスの通信を制御するために必要な情報をゲートウェイ装置に容易に設定できる技術を提供することにある。 The present invention has been devised to solve the above problems. That is, a main object of the present invention is to provide a technology that can easily set information necessary for controlling communication of a communication device via a gateway device in the gateway device.
 上記目的を達成するために、本発明のゲートウェイ装置は、
 通信制御対象の通信デバイスの種別に応じた所定の情報に基づいて、自装置を介した前記通信デバイスの通信に関する通信設定の内容を決定する決定手段と、
 決定した通信設定に従って自装置を介した前記通信デバイスの通信を制御する通信制御手段と、
を備える。 In order to achieve the above object, the gateway device of the present invention provides:
Determining means for determining the content of communication settings related to communication of the communication device via its own device based on predetermined information corresponding to the type of communication device to be controlled;
Communication control means for controlling communication of the communication device via the own apparatus according to the determined communication setting;
Is provided.
 本発明の通信制御方法は、
 通信制御対象の通信デバイスの種別に応じた所定の情報に基づいて、自装置を介した前記通信デバイスの通信に関する通信設定の内容を決定し、
 決定した通信設定に従って自装置を介した前記通信デバイスの通信を制御する。 The communication control method of the present invention includes:
Based on predetermined information according to the type of communication device to be controlled, determine the content of communication settings related to communication of the communication device through its own device,
Control communication of the communication device via the own apparatus according to the determined communication setting.
 本発明の通信制御システムは、
 通信デバイスの識別子と前記通信デバイスの種別に応じた所定の情報とを関連付けて保持するデータベースサーバと、
 前記通信デバイスおよび前記データベースサーバに接続されたゲートウェイ装置と、を備え、
 前記ゲートウェイ装置は、前記所定の情報に基づいて、前記通信デバイスに関する通信設定の内容を決定する決定部と、
 決定した通信設定に従って前記通信デバイスによる前記ゲートウェイ装置を介した通信を制御する通信制御部と、
を有する。 The communication control system of the present invention
A database server that associates and holds an identifier of a communication device and predetermined information corresponding to the type of the communication device;
A gateway device connected to the communication device and the database server,
The gateway apparatus determines a communication setting content related to the communication device based on the predetermined information;
A communication control unit for controlling communication via the gateway device by the communication device according to the determined communication setting;
Have
 本発明のプログラム記憶媒体は、
 通信制御対象の通信デバイスの種別に応じた所定の情報に基づいて、自装置を介した前記通信デバイスの通信に関する通信設定の内容を決定する処理と、
 決定した通信設定に従って自装置を介した前記通信デバイスの通信を制御する処理と、
をコンピュータに実行させるコンピュータプログラムを保持する。 The program storage medium of the present invention includes:
Based on predetermined information corresponding to the type of communication device to be controlled for communication, processing for determining the content of communication settings related to communication of the communication device via its own device;
A process for controlling communication of the communication device via the own apparatus according to the determined communication setting;
A computer program for causing a computer to execute is stored.
 本発明によると、ゲートウェイ装置を介した通信デバイスの通信を制御するために必要な情報をゲートウェイ装置に容易に設定できる。 According to the present invention, information necessary for controlling communication of the communication device via the gateway device can be easily set in the gateway device.
本発明に係るゲートウェイ装置の一構成例を表すブロック図である。It is a block diagram showing the example of 1 structure of the gateway apparatus concerning this invention. 本発明に係る第1実施形態の通信制御システムの構成を例示する図である。It is a figure which illustrates the structure of the communication control system of 1st Embodiment which concerns on this invention. 第1実施形態におけるゲートウェイ装置の構成を例示するブロック図である。It is a block diagram which illustrates the composition of the gateway device in a 1st embodiment. 第1実施形態におけるゲートウェイ装置のデータベースが保持する情報を例示する表である。It is a table | surface which illustrates the information which the database of the gateway apparatus in 1st Embodiment hold | maintains. 第1実施形態におけるデータベースサーバの構成を例示するブロック図である。It is a block diagram which illustrates the composition of the database server in a 1st embodiment. 第1実施形態におけるデータベースサーバの情報データベースが保持する情報を例示する表である。It is a table | surface which illustrates the information which the information database of the database server in 1st Embodiment hold | maintains. 第1実施形態に係る通信制御システムの動作を説明するシーケンス図である。It is a sequence diagram explaining operation | movement of the communication control system which concerns on 1st Embodiment. 本発明に係る第2実施形態の通信制御システムの構成を例示する図である。It is a figure which illustrates the structure of the communication control system of 2nd Embodiment which concerns on this invention. 第2実施形態におけるデータベースサーバの情報データベースが保持する情報を例示する表である。It is a table | surface which illustrates the information which the information database of the database server in 2nd Embodiment hold | maintains. 第2実施形態の通信制御システムの動作を例示するシーケンス図である。It is a sequence diagram which illustrates operation | movement of the communication control system of 2nd Embodiment.
 はじめに、本発明の一実施形態の概要について説明する。 First, an outline of an embodiment of the present invention will be described.
 図1は、本発明の一実施形態に係るゲートウェイ装置4の構成を例示するブロック図である。図2は、ゲートウェイ装置4を備えた通信制御システムの構成を説明する図である。図1を参照すると、ゲートウェイ装置4は、決定部22および通信制御部24を備えている。図2を参照すると、ゲートウェイ装置4は、通信デバイス(例えば、図2のデバイス2A~2C)に接続されている。 FIG. 1 is a block diagram illustrating the configuration of a gateway device 4 according to an embodiment of the invention. FIG. 2 is a diagram illustrating the configuration of a communication control system including the gateway device 4. Referring to FIG. 1, the gateway device 4 includes a determination unit 22 and a communication control unit 24. Referring to FIG. 2, gateway device 4 is connected to a communication device (for example, devices 2A to 2C in FIG. 2).
 決定部22は、通信デバイスの種別に応じた所定の情報に基づいて、自装置(ゲートウェイ装置4)を介した通信デバイスの通信に関する通信設定の内容を決定する。通信デバイスの種別の例を挙げると、PC(Personal Computer)、家電製品、ゲーム機、監視カメラ等がある。また、通信デバイスの種別に応じた所定の情報の例を挙げると、図6に示すような製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、(製品)関連情報、推奨される通信設定などがある。また、通信デバイスに関する通信設定内容の例を挙げると、図4に示すような、ネットワーク分離、QoS(Quality of Service)、有効ポート、暗号処理、アクセス制限・ユーザへの通知等がある。 The determination unit 22 determines the content of communication settings related to communication of the communication device via the own device (gateway device 4) based on predetermined information corresponding to the type of communication device. Examples of communication device types include PCs (Personal Computers), home appliances, game machines, and surveillance cameras. In addition, examples of predetermined information according to the type of communication device include product category, usage, communication function, security function / performance, (product) related information, recommended communication settings, etc. as shown in FIG. There is. Further, examples of communication setting contents regarding the communication device include network separation, QoS (Quality of Service), effective port, encryption processing, access restriction / notification to the user, etc. as shown in FIG.
 また、通信制御部24は、決定した通信設定に従って通信デバイスによるゲートウェイ装置4を介した通信(例えば、図2におけるLAN(Local Area Network)8内の通信、WAN(Wide Area Network)10側との通信等)を制御する。 Further, the communication control unit 24 communicates with the communication device via the gateway device 4 according to the determined communication settings (for example, communication within the LAN (Local Area Network) 8 in FIG. 2, WAN (Wide Area Network) 10 side). Communication).
 ゲートウェイ装置4は、自装置を介した通信デバイスの通信に関する通信設定をゲートウェイ装置4自身で設定することが可能となる。なぜなら、ゲートウェイ装置4は、通信デバイスに関する通信設定(ネットワーク分離、QoS、有効ポート、有効アドレス、暗号処理、アクセス制限、ユーザへの通知等)の内容を、通信デバイスの種別に応じた情報に基づき自装置で決定できるからである。 The gateway device 4 can set communication settings relating to communication of the communication device via the own device by the gateway device 4 itself. This is because the gateway device 4 determines the contents of communication settings related to the communication device (network separation, QoS, effective port, effective address, encryption processing, access restriction, notification to the user, etc.) based on information according to the type of the communication device. This is because it can be determined by the device itself.
 <第1実施形態>
 次に、本発明に係る第1実施形態の通信制御システムについて、図面を参照して説明する。 <First Embodiment>
Next, a communication control system according to a first embodiment of the present invention will be described with reference to the drawings.
 (構成)
 図2は、第1実施形態の通信制御システムの接続構成を説明する図である。図2を参照すると、第1実施形態の通信制御システムは、ゲートウェイ装置4およびデータベースサーバ6を備えている。ゲートウェイ装置4とデータベースサーバ6は、WAN(Wide Area Network)10を介して接続される。ゲートウェイ装置4には、Ethernet(登録商標)、Wi-Fi(Wireless Fidelity)(登録商標)等のLAN(Local Area Network)8を介して、通信デバイス2A~2Cが接続する。通信デバイス2A~2Cは、例えば、監視カメラ、ゲーム機、家電製品(テレビ、エアコン、冷蔵庫等)、PC(Personal Computer)等である。以下では、通信デバイス2A~2Cは、適宜、通信デバイス2と総称する。 (Constitution)
FIG. 2 is a diagram illustrating a connection configuration of the communication control system according to the first embodiment. Referring to FIG. 2, the communication control system of the first embodiment includes a gateway device 4 and a database server 6. The gateway device 4 and the database server 6 are connected via a WAN (Wide Area Network) 10. Communication devices 2A to 2C are connected to the gateway device 4 via a LAN (Local Area Network) 8 such as Ethernet (registered trademark) or Wi-Fi (Wireless Fidelity) (registered trademark). The communication devices 2A to 2C are, for example, surveillance cameras, game machines, home appliances (TVs, air conditioners, refrigerators, etc.), PCs (Personal Computers), and the like. Hereinafter, the communication devices 2A to 2C are collectively referred to as the communication device 2 as appropriate.
 図3は、ゲートウェイ装置4の構成を例示するブロック図である。図3を参照すると、ゲートウェイ装置4は、通信部12、要求送信部14、データベース16、検索部18、受信部20、決定部22、通信制御部24、不正報告部26、アラーム生成部28、および、報告データベース30を備えている。 FIG. 3 is a block diagram illustrating the configuration of the gateway device 4. Referring to FIG. 3, the gateway device 4 includes a communication unit 12, a request transmission unit 14, a database 16, a search unit 18, a reception unit 20, a determination unit 22, a communication control unit 24, a fraud report unit 26, an alarm generation unit 28, A reporting database 30 is provided.
 通信部12は、ゲートウェイ装置4に接続されている通信デバイス2およびデータベースサーバ6に向けて情報を送出する。また、通信部12は、通信デバイス2およびデータベースサーバ6から情報を受信する。 The communication unit 12 sends information to the communication device 2 and the database server 6 connected to the gateway device 4. In addition, the communication unit 12 receives information from the communication device 2 and the database server 6.
 検索部18は、通信部12が通信デバイス2の識別子(例えば、MAC(Media Access Control)アドレス)を含む通信要求を通信デバイス2から受信すると、次のような検索動作を実行する。つまり、検索部18は、受信した通信デバイス2の識別子に関連付けられている通信デバイス2に関する「所定の情報」がデータベース16に保持されているか否かを確認する。 When the communication unit 12 receives a communication request including the identifier (for example, MAC (Media Access Control) address) of the communication device 2 from the communication device 2, the search unit 18 executes the following search operation. That is, the search unit 18 confirms whether or not “predetermined information” regarding the communication device 2 associated with the received identifier of the communication device 2 is stored in the database 16.
 図4は、ゲートウェイ装置4のデータベース16が保持する情報を例示する表である。図4を参照すると、データベース16は、通信デバイスの識別子と、「所定の情報」と、決定部22が決定した通信設定の内容とを、互いに関連付けて保持する。ここで、「所定の情報」とは、図4に示すように、通信デバイス2の種別に応じた情報であり、例えば、「製品のカテゴリ」、「用途」、「通信機能」、「セキュリティ機能、性能」、「関連情報」および「推奨される通信設定」を含む。「推奨される通信設定」は、「製品のカテゴリ」、「用途」、「通信機能」、「セキュリティ機能・性能」、「関連情報」のうちの少なくとも一つに基づいて推奨される通信設定を含む。推奨される通信設定は、例えば、通信デバイス2のベンダ、または、通信デバイス2で動作するアプリケーションのベンダによって推奨される通信設定であってもよい。さらに、「関連情報」に関して「推奨される通信設定」には、「送信IP(Internet Protocol)アドレス、受信IPアドレスの指定・限定」が含まれるようにしてもよい。このような通信設定は、例えば、通信デバイス2がサービス提供のために使用するサーバやファームウェア更新を行う際に利用するサーバ(これらのサーバは特定のIPアドレスを有する)にアクセスすることを許可するために使用することができる。 FIG. 4 is a table illustrating information held in the database 16 of the gateway device 4. Referring to FIG. 4, the database 16 holds communication device identifiers, “predetermined information”, and communication settings determined by the determination unit 22 in association with each other. Here, the “predetermined information” is information corresponding to the type of the communication device 2 as shown in FIG. 4, for example, “product category”, “use”, “communication function”, “security function”. , Performance "," related information "and" recommended communication settings ". “Recommended communication settings” are recommended communication settings based on at least one of “Product category”, “Usage”, “Communication function”, “Security function / performance”, and “Related information”. Including. The recommended communication setting may be, for example, a communication setting recommended by a vendor of the communication device 2 or a vendor of an application operating on the communication device 2. Further, “recommended communication settings” regarding “related information” may include “designation / restriction of transmission IP (Internet protocol) address and reception IP address”. Such a communication setting permits, for example, access to a server used for service provision by the communication device 2 and a server used when updating firmware (these servers have specific IP addresses). Can be used for.
 要求送信部14は、データベース16が通信デバイス2に関する「所定の情報」を保持していない場合、通信デバイス2に関する「所定の情報」についてデータベースサーバ6に問い合わせる(情報要求する)。この際、要求送信部14は、通信デバイス2から受信した通信デバイス2の識別子(MACアドレス)の全部または一部の情報を利用する。 When the database 16 does not hold the “predetermined information” regarding the communication device 2, the request transmission unit 14 inquires the database server 6 about the “predetermined information” regarding the communication device 2 (requests information). At this time, the request transmission unit 14 uses all or part of the identifier (MAC address) of the communication device 2 received from the communication device 2.
 受信部20は、データベースサーバ6から通信部12を介して、通信デバイス2に関する「所定の情報」を受信する。また、受信部20は、受信した「所定の情報」を通信デバイス2の識別子(MACアドレス)に関連付けて、データベース16に格納する。 The receiving unit 20 receives “predetermined information” regarding the communication device 2 from the database server 6 via the communication unit 12. The receiving unit 20 stores the received “predetermined information” in the database 16 in association with the identifier (MAC address) of the communication device 2.
 決定部22は、データベースサーバ6、または、データベース16から取得した「所定の情報」に基づいて、通信デバイス2に関する通信設定(例えば、ネットワーク分離、QoS、セキュリティ対策、通信拒否など)を行う。例えば、決定部22は、「所定の情報」に含まれる「製品のカテゴリ」に応じて、通信デバイス2によりアクセス可能なネットワークとそれ以外のネットワークとを分離する通信設定を行う。また、決定部22は、「所定の情報」に含まれる「用途」に応じて通信デバイス2による通信の帯域および優先度に関する通信設定を行う。さらに、決定部22は、「所定の情報」に含まれる「通信機能」に応じて通信デバイス2による通信の有効ポートに関する通信設定を行う。また、決定部22は、「所定の情報」に含まれる「セキュリティ機能・性能」に応じて、通信デバイス2のための暗号処理(暗号化処理、復号化処理等)をゲートウェイ装置4によって代替するように通信設定を行う。さらに、決定部22は、「所定の情報」に含まれる「関連情報」に応じて、通信デバイス2による少なくとも一部のポート、アドレスへのアクセスを遮断し、もしくは、通信デバイス2による通信を拒否する通信設定を行う。または、決定部22は、関連情報を予め定められた通知手法を利用してユーザに通知する。また、決定部22は、上記のような通信設定が完了すると、完了した通信設定の内容を通信デバイス2の識別子と関連付けてデータベース16に登録する。さらに、決定部22は、ゲートウェイ装置4の内部情報等を表示する画面に、取得した通信デバイス2の識別子(MACアドレス)とともに、設定した通信設定の内容等を表示する。 The determination unit 22 performs communication settings regarding the communication device 2 (for example, network separation, QoS, security measures, communication rejection, etc.) based on the “predetermined information” acquired from the database server 6 or the database 16. For example, the determination unit 22 performs communication setting for separating a network accessible by the communication device 2 from other networks according to “product category” included in “predetermined information”. In addition, the determination unit 22 performs communication settings related to the bandwidth and priority of communication by the communication device 2 according to the “use” included in the “predetermined information”. Furthermore, the determination unit 22 performs communication settings related to an effective port for communication by the communication device 2 according to the “communication function” included in the “predetermined information”. Further, the determination unit 22 substitutes the gateway device 4 for encryption processing (encryption processing, decryption processing, etc.) for the communication device 2 in accordance with the “security function / performance” included in the “predetermined information”. Make communication settings as follows. Furthermore, the determination unit 22 blocks access to at least some ports and addresses by the communication device 2 or rejects communication by the communication device 2 according to “related information” included in the “predetermined information”. Set the communication settings to be performed. Alternatively, the determination unit 22 notifies the user of related information using a predetermined notification method. Further, when the communication setting as described above is completed, the determination unit 22 registers the completed communication setting content in the database 16 in association with the identifier of the communication device 2. Furthermore, the determination unit 22 displays the contents of the set communication settings and the like together with the acquired identifier (MAC address) of the communication device 2 on the screen that displays the internal information of the gateway device 4.
 通信制御部24は、決定部22が決定した通信設定に従って、自装置(ゲートウェイ装置4)を介した通信デバイス2の通信を制御する。また、通信制御部24は、製品カテゴリ、用途等に違反した通信(不正通信)が検出された場合、不正通信に関する情報を不正報告部26に通知する。 The communication control unit 24 controls communication of the communication device 2 via its own device (gateway device 4) according to the communication setting determined by the determination unit 22. Further, the communication control unit 24 notifies the fraud report unit 26 of information related to the fraudulent communication when communication (illegal communication) that violates the product category, usage, or the like is detected.
 不正報告部26は、不正通信に関する情報をユーザおよびデータベースサーバ6に報知する。具体的には、不正報告部26は、アラーム生成部28を用いて、ユーザに不正通信の発生を通知する。また、不正報告部26は、不正通信に関する情報を報告データベース30に蓄積する。さらに、不正報告部26は、不正通信に関する情報を、通信部12を介してデータベースサーバ6に報告する。 The fraud report unit 26 notifies the user and the database server 6 of information related to fraudulent communication. Specifically, the fraud report unit 26 uses the alarm generation unit 28 to notify the user of the occurrence of unauthorized communication. Further, the fraud report unit 26 accumulates information related to fraudulent communication in the report database 30. Further, the fraud report unit 26 reports information related to unauthorized communication to the database server 6 via the communication unit 12.
 図5は、データベースサーバ6の構成を例示するブロック図である。図5を参照すると、データベースサーバ6は、通信部32、要求受信部34、情報データベース36、検索部38、送信部40、報告受信部42、および、報告データベース44を備えている。 FIG. 5 is a block diagram illustrating the configuration of the database server 6. Referring to FIG. 5, the database server 6 includes a communication unit 32, a request reception unit 34, an information database 36, a search unit 38, a transmission unit 40, a report reception unit 42, and a report database 44.
 通信部32は、情報をゲートウェイ装置4に向けて送出するとともに、ゲートウェイ装置4から情報を受信する。 The communication unit 32 sends information to the gateway device 4 and receives information from the gateway device 4.
 要求受信部34は、ゲートウェイ装置4から、「所定の情報」を要求する情報要求を通信デバイス2の識別子と共に通信部32を介して受け付けると、受け付けた情報要求を検索部38に転送する。 When the request receiving unit 34 receives an information request for “predetermined information” from the gateway device 4 together with the identifier of the communication device 2 via the communication unit 32, the request receiving unit 34 transfers the received information request to the search unit 38.
 検索部38は、情報要求を受けると、情報データベース36を参照し、ゲートウェイ装置4から受け取った通信デバイス2の識別子(MACアドレス)に関連付けられている「所定の情報」を検索する。 Upon receiving the information request, the search unit 38 refers to the information database 36 and searches for “predetermined information” associated with the identifier (MAC address) of the communication device 2 received from the gateway device 4.
 図6は、データベースサーバ6の情報データベース36が保持する情報を例示する表である。図6を参照すると、情報データベース36は、通信デバイス2の識別子と、「所定の情報」とを、関連付けて保持する。ここで、「所定の情報」とは、図6に示すように、通信デバイス2の「製品のカテゴリ」、「用途」、「通信機能」、「セキュリティ機能、性能」、「関連情報」および「推奨される通信設定」を含む。また、「推奨される通信設定」は、「製品のカテゴリ」、「用途」、「通信機能」、「セキュリティ機能・性能」、「関連情報」のうちの少なくとも一つに基づいて推奨される通信設定を含む。なお、「推奨される通信設定」は、例えば、通信デバイス2のベンダ、または、通信デバイス2で動作するアプリケーションのベンダによって推奨される通信設定であってもよい。 FIG. 6 is a table illustrating information stored in the information database 36 of the database server 6. Referring to FIG. 6, the information database 36 holds the identifier of the communication device 2 and “predetermined information” in association with each other. Here, “predetermined information” means “product category”, “use”, “communication function”, “security function, performance”, “related information”, and “related information” of the communication device 2, as shown in FIG. "Recommended communication settings". “Recommended communication settings” are recommended communication based on at least one of “product category”, “use”, “communication function”, “security function / performance”, and “related information”. Includes settings. The “recommended communication setting” may be a communication setting recommended by the vendor of the communication device 2 or the vendor of the application operating on the communication device 2, for example.
 送信部40は、検索された「所定の情報」を、通信部32を経由してゲートウェイ装置4に送信する。 The transmission unit 40 transmits the searched “predetermined information” to the gateway device 4 via the communication unit 32.
 報告受信部42は、ゲートウェイ装置4から通信部32を経由して、不正通信に関する情報を受信すると、報告データベース44に蓄積する。 The report receiving unit 42 stores information on the unauthorized communication from the gateway device 4 via the communication unit 32 and stores it in the report database 44.
 (動作)
 次に、通信デバイス2と、通信デバイス2に直接接続されるゲートウェイ装置4、および、デバイス情報を管理するクラウドのデータベースサーバ6を含む第1実施形態の通信制御システムの動作例を説明する。 図7は、通信制御システムの動作を例示するシーケンス図である。 (Operation)
Next, an operation example of the communication control system of the first embodiment including the communication device 2, the gateway device 4 directly connected to the communication device 2, and the cloud database server 6 that manages device information will be described. FIG. 7 is a sequence diagram illustrating the operation of the communication control system.
 (1)デバイス情報の自動取得
 図7を参照すると、通信デバイス2は、ゲートウェイ装置4に、通信デバイス2の識別子と共に通信要求を送信する(ステップA1)。ここで、通信デバイス2が通信を開始する際にやりとりする通信デバイス2の識別子として、例えば、MAC(Media Access Control)アドレスがある。ここで、MACアドレスは原則として通信デバイス2に個別に割り当てられており、当該通信デバイス2固有の情報である。第1実施形態では、通信デバイス2の識別子がMACアドレスである場合について説明するが、通信デバイス2の識別子は、MACアドレスに限定されず、通信デバイス2を一意に識別可能なもの(または、製品の種別を特定可能なもの)であればよい。 (1) Automatic Acquisition of Device Information Referring to FIG. 7, the communication device 2 transmits a communication request together with the identifier of the communication device 2 to the gateway device 4 (step A1). Here, as an identifier of the communication device 2 exchanged when the communication device 2 starts communication, for example, there is a MAC (Media Access Control) address. Here, in principle, the MAC address is individually assigned to the communication device 2 and is information unique to the communication device 2. In the first embodiment, the case where the identifier of the communication device 2 is a MAC address will be described. However, the identifier of the communication device 2 is not limited to the MAC address, and can uniquely identify the communication device 2 (or a product) As long as it can identify the type).
 ゲートウェイ装置4の通信部12は、通信デバイス2から送出された識別子(MACアドレス)を含む通信要求を受信する。すると、ゲートウェイ装置4の検索部18は、データベース16を参照して、通信デバイス2に関連する情報が、受信したMACアドレスに関連付けられて保持されているか否かを確認する(ステップA2)。データベース16が、当該情報を保持している場合、ステップA7に進む。一方、データベース16が、当該情報を保持していない場合、要求送信部14は、通信デバイス2から受信したMACアドレスの全部または一部の情報を用いて、データベースサーバ6に、通信デバイス2の情報を要求する(ステップA3)。 The communication unit 12 of the gateway device 4 receives the communication request including the identifier (MAC address) transmitted from the communication device 2. Then, the search unit 18 of the gateway device 4 refers to the database 16 and confirms whether or not information related to the communication device 2 is held in association with the received MAC address (step A2). If the database 16 holds the information, the process proceeds to step A7. On the other hand, when the database 16 does not hold the information, the request transmission unit 14 uses the information of all or a part of the MAC address received from the communication device 2 to transmit the information on the communication device 2 to the database server 6. Is requested (step A3).
 データベースサーバ6の要求受信部34は、ゲートウェイ装置4からの要求を、通信部32を介して受け付け、当該要求を検索部38に転送する。検索部38は、受け取った要求に応じて情報データベース36を参照し、ゲートウェイ装置4から受け取ったMACアドレスに関連付けられている「所定の情報」を検索する(ステップA4)。また、送信部40は、検索された「所定の情報」を、通信部32を経由してゲートウェイ装置4に送信(返信)する(ステップA5)。 The request receiving unit 34 of the database server 6 accepts a request from the gateway device 4 via the communication unit 32 and transfers the request to the search unit 38. The search unit 38 refers to the information database 36 in response to the received request, and searches for “predetermined information” associated with the MAC address received from the gateway device 4 (step A4). The transmission unit 40 transmits (replies) the searched “predetermined information” to the gateway device 4 via the communication unit 32 (step A5).
 ここで、「所定の情報」とは、通信デバイス2の「製品のカテゴリ」、「用途」、「通信機能」、「セキュリティ機能、性能」、「関連情報」および「推奨される通信設定」である。また、「推奨される通信設定」は、「製品のカテゴリ」、「用途」、「通信機能」、「セキュリティ機能・性能」、「関連情報」のうちの少なくとも一つに基づいて推奨される通信設定を含む。 Here, “predetermined information” means “product category”, “use”, “communication function”, “security function, performance”, “related information”, and “recommended communication setting” of the communication device 2. is there. “Recommended communication settings” are recommended communication based on at least one of “product category”, “use”, “communication function”, “security function / performance”, and “related information”. Includes settings.
 ゲートウェイ装置4の受信部20は、データベースサーバ6から通信部12を介して、通信デバイス2に関する「所定の情報」を受信する。また、受信部20は、受信した「所定の情報」を通信デバイス2のMACアドレスに関連付けて、データベース16に登録する(ステップA6)。なお、ゲートウェイ装置4におけるデータベース16の更新は定期的に行われる。 
 (2)通信接続の自動設定
 ゲートウェイ装置4の決定部22は、データベースサーバ6から受信した「所定の情報」、または、データベース16に登録されている「所定の情報」に基づいて、通信デバイス2に関する通信設定を行う(ステップA7)。決定部22が行う通信設定は、例えば以下の(2.1)~(2.5)のような設定を含んでもよい。 The receiving unit 20 of the gateway device 4 receives “predetermined information” regarding the communication device 2 from the database server 6 via the communication unit 12. The receiving unit 20 registers the received “predetermined information” in the database 16 in association with the MAC address of the communication device 2 (step A6). The database 16 in the gateway device 4 is updated regularly.
(2) Automatic setting of communication connection The determination unit 22 of the gateway device 4 is based on “predetermined information” received from the database server 6 or “predetermined information” registered in the database 16. The communication setting is performed (step A7). The communication settings performed by the determination unit 22 may include the following settings (2.1) to (2.5), for example.
 (2.1)「製品のカテゴリ」に応じた「ネットワーク分離」設定
 決定部22は、「製品のカテゴリ」に応じて、つまり、家電製品、OA(Office Automation)機器などのカテゴリに応じて、ネットワークの分離(例えばアクセス制限)を行う。決定部22は、例えば、通信デバイス2の「製品のカテゴリ」が「ゲーム機」である場合、無条件にLANへの接続を不可とする。このとき、仮にWi-Fi(Wireless Fidelity)のSSID(Service Set Identifier)とパスワードを設定していた場合でも、ゲーム機に該当する通信デバイス2はLAN8に接続することができない。また、他の例として、決定部22は、通信デバイス2の「製品のカテゴリ」が「家電製品」である場合、WAN10側との通信を不可とすることができる。なお、これらの「ポリシ」(例えば「ゲーム機は接続不可」、「家電製品は宅内接続のみ」等)は、ユーザがゲートウェイ装置4に設定する。なお、これらの通信設定に係るポリシは例示にすぎず、決定部22が用いるポリシは、これらに限定されない。 
 (2.2)「用途」に応じた「QoS」設定
 決定部22は、「用途」に応じて、通信のQoS(例えば、通信量制限や優先度設定)に関する設定を行う。例えば、決定部22は、リアルタイム要求性がある通信については高優先とし、それ以外の通信については低優先とすることができる。例えば、通信デバイス2が監視カメラであり、当該監視カメラによる撮像画像がゲートウェイ装置4を経由して外部の記憶装置やパソコンに転送され、当該撮像画像がリアルタイムにパソコンなどで監視される場合(用途)が有る。このような場合には、通信デバイス2が行う通信の「用途」としてリアルタイム性が要求されるので、決定部22は、通信デバイス2による通信の優先度を高い優先度とする。 (2.1) “Network separation” setting according to “product category” The determination unit 22 determines according to “product category”, that is, according to categories such as home appliances and OA (Office Automation) devices. Perform network separation (for example, access restriction). For example, when the “product category” of the communication device 2 is “game machine”, the determination unit 22 unconditionally disables connection to the LAN. At this time, even if a Wi-Fi (Wireless Fidelity) SSID (Service Set Identifier) and a password are set, the communication device 2 corresponding to the game machine cannot be connected to the LAN 8. As another example, when the “product category” of the communication device 2 is “home appliance”, the determination unit 22 can disable communication with the WAN 10 side. The user sets these “policies” (for example, “game machine cannot be connected”, “home appliances only for home connection”, etc.) in the gateway device 4. The policies related to these communication settings are merely examples, and the policies used by the determination unit 22 are not limited to these.
(2.2) “QoS” Setting According to “Use” The determination unit 22 performs settings related to the QoS of communication (for example, traffic limit or priority setting) according to “use”. For example, the determination unit 22 can give high priority to communication with real-time requirement and give low priority to other communication. For example, when the communication device 2 is a monitoring camera, an image captured by the monitoring camera is transferred to an external storage device or a personal computer via the gateway device 4, and the captured image is monitored on a personal computer in real time (use ). In such a case, since the real-time property is required as the “use” of communication performed by the communication device 2, the determination unit 22 sets the priority of communication by the communication device 2 to a high priority.
 (2.3)「通信機能(プロトコル)」に応じた「有効ポート」設定
 決定部22は、「通信機能(使用するプロトコル)」に応じて、有効ポート設定を行う。一般に、通信デバイス2の種類に応じて、予め使用するポートが決まっているため、決定部22は、使用しないポート宛てのパケットを廃棄(ドロップ)する等により、不適切な通信を遮断する。 (2.3) “Effective Port” Setting According to “Communication Function (Protocol)” The determination unit 22 performs effective port setting according to “Communication Function (Protocol to be Used)”. Generally, since a port to be used is determined in advance according to the type of the communication device 2, the determination unit 22 blocks inappropriate communication by discarding (dropping) a packet addressed to an unused port.
 (2.4)「セキュリティ機能・性能」に応じた「セキュリティ機能の代替」設定
 決定部22は、「セキュリティ機能・性能」に応じて、ネットワークを通る通信を行う場合に暗号処理(暗号化、復号化等)をサポートする通信設定を行う。通信デバイス2によっては暗号処理機能を有していない(または十分な処理能力を有していない)場合がある。決定部22は、そのような場合に、ゲートウェイ装置4がセキュリティ機能(例えば、通信の暗号化)に関する処理を代替するように設定する。 (2.4) “Security Function Substitution” Setting According to “Security Function / Performance” The determination unit 22 performs encryption processing (encryption, encryption, etc.) when performing communication through the network according to “security function / performance”. Communication settings that support decoding, etc.). Some communication devices 2 do not have a cryptographic processing function (or do not have sufficient processing capability). In such a case, the determination unit 22 sets the gateway device 4 to substitute processing related to the security function (for example, communication encryption).
 (2.5)「(製品)関連情報」に応じた「アクセス制限、ユーザ通知」設定
 決定部22は、「(製品)関連情報」に応じて、通信デバイス2による少なくとも一部のポート、アドレスへのアクセスを遮断し、もしくは、通信デバイス2による通信を拒否する通信設定を行う。また、決定部22は、関連情報をユーザに通知してもよい。ここで、「(製品)関連情報」とは、製品に関する情報であり、随時更新される情報を示す。例えば、「関連情報」として「脆弱性情報」が存在する通信デバイス2については、決定部22は一部ポート、アドレスへのアクセス遮断、もしくは、全面的な通信拒否を行うなどの通信設定を行う。さらに、決定部22は、必要に応じてユーザにアラーム情報を通知する。アラーム情報の通知方法については特に限定されないが、例えば、ゲートウェイ装置4は、当該ゲートウェイ装置4に接続されたユーザの端末にアラーム情報を含むメールを送信する。または、ゲートウェイ装置4は、当該ゲートウェイ装置4に設けられた警告用のLED(Light Emitting Diode)を点灯もしくは点滅させるようにしてもよい。一方、「関連情報」として、「ファームウェア更新情報」、「お知らせ」等の緊急性の低い情報が存在する通信デバイス2については、決定部22は、ユーザの端末に向けてメールで通知するようにしてもよい。 (2.5) “Access restriction, user notification” setting according to “(Product) related information” The determination unit 22 determines at least some ports and addresses by the communication device 2 according to “(Product) related information”. The communication setting for blocking the access to the communication device 2 or rejecting the communication by the communication device 2 is performed. Moreover, the determination part 22 may notify a user of related information. Here, “(product) related information” is information related to a product, and indicates information updated as needed. For example, for the communication device 2 in which “vulnerability information” exists as “related information”, the determination unit 22 performs communication settings such as blocking access to some ports and addresses, or performing full communication rejection. . Furthermore, the determination unit 22 notifies the user of alarm information as necessary. Although the alarm information notification method is not particularly limited, for example, the gateway device 4 transmits a mail including the alarm information to a user terminal connected to the gateway device 4. Alternatively, the gateway device 4 may light or blink a warning LED (Light Emitting Diode) provided in the gateway device 4. On the other hand, for the communication device 2 in which less urgent information such as “firmware update information” and “notification” exists as “related information”, the determination unit 22 notifies the user terminal by e-mail. May be.
 決定部22は、上記の通信設定(ステップA7)が完了すると、データベース16に、決定した通信設定を登録する。また、決定部22は、ゲートウェイ装置4の内部情報等を表示する画面(例えば、ゲートウェイ装置4に接続されたユーザ端末(PC等)のディスプレイ)に、取得した通信デバイス2のMACアドレスとともに、決定部22が決定した通信設定等を表示する。例えば、決定部22は、取得した情報に基づき、ゲートウェイ装置4に接続されているユーザ端末のディスプレイに、MACアドレスとともに、通信デバイス2の機器名、型番、ネットワーク区別等の情報を表示するようにしてもよい。これにより、ユーザは、ゲートウェイ装置4が自動設定した通信設定を参照し、ユーザが意図した通信設定であるかどうかを確認することができる。 The determination unit 22 registers the determined communication setting in the database 16 when the communication setting (step A7) is completed. In addition, the determination unit 22 determines on the screen (for example, the display of a user terminal (such as a PC) connected to the gateway device 4) the internal information of the gateway device 4 together with the acquired MAC address of the communication device 2. The communication settings determined by the unit 22 are displayed. For example, based on the acquired information, the determination unit 22 displays information such as the device name, model number, and network distinction of the communication device 2 on the display of the user terminal connected to the gateway device 4 together with the MAC address. May be. Thereby, the user can confirm whether or not the communication setting intended by the user is made by referring to the communication setting automatically set by the gateway device 4.
 (3)不正通信の報告
 ゲートウェイ装置4の通信制御部24は、ステップA7で決定した通信設定に従って、ゲートウェイ装置4を利用した通信デバイス2の通信を制御する(ステップA8、A9)。また、通信制御部24は、製品カテゴリ、用途等に違反した通信(不正通信)が検出された場合、不正通信に関する情報(例えば、不正通信を行った通信デバイス2の識別子、不正通信の内容等)を不正報告部26に通知する。不正報告部26は、不正通信に関する情報をユーザおよびデータベースサーバ6に報知する。具体的には、アラーム生成部28は、ユーザに不正通信の発生を通知する。通知方法は特に限定されないが、例えば、ランプの点灯または点滅、アラーム音の発生、ユーザの端末にメールする等の方法が用いられる。また、不正報告部26は、不正通信に関する情報を報告データベース30に蓄積し、報告データベース30の登録情報をユーザの端末から参照可能とする。さらに、不正報告部26は、不正通信に関する情報を、通信部12を介してデータベースサーバ6に報告する(ステップA10)。データベースサーバ6の報告受信部42は、通信部32を経由して、不正通信に関する情報を受信すると、報告データベース44に登録する(ステップA11)。 (3) Report of Unauthorized Communication The communication control unit 24 of the gateway device 4 controls communication of the communication device 2 using the gateway device 4 according to the communication setting determined in step A7 (steps A8 and A9). Further, when communication (illegal communication) that violates the product category, usage, or the like is detected, the communication control unit 24 includes information on unauthorized communication (for example, the identifier of the communication device 2 that performed unauthorized communication, the content of unauthorized communication, etc. ) To the fraud report unit 26. The fraud report unit 26 notifies the user and the database server 6 of information related to fraudulent communication. Specifically, the alarm generation unit 28 notifies the user of the occurrence of unauthorized communication. Although the notification method is not particularly limited, for example, methods such as lighting or blinking of a lamp, generation of an alarm sound, and mailing to a user terminal are used. In addition, the fraud report unit 26 accumulates information related to fraudulent communication in the report database 30 so that registration information in the report database 30 can be referred to from a user terminal. Further, the fraud report unit 26 reports information related to the fraudulent communication to the database server 6 via the communication unit 12 (step A10). When the report receiving unit 42 of the database server 6 receives information related to unauthorized communication via the communication unit 32, the report receiving unit 42 registers it in the report database 44 (step A11).
 さらに、ゲートウェイ装置4のデータベース16と、データベースサーバ6の情報データベース36との間では、適宜、保持する情報の更新や同期を行う(ステップA12、A13)。 Furthermore, the information held in the database 16 of the gateway device 4 and the information database 36 of the database server 6 are appropriately updated and synchronized (steps A12 and A13).
 (効果)
 第1実施形態では、ゲートウェイ装置4は、通信デバイス2の種別に応じた所定の情報をデータベースサーバ6から取得し、取得した情報に基づいて、通信デバイス2の通信設定を実施する。したがって、第1実施形態に係る通信制御システムでは、通信デバイス2がゲートウェイ装置4を介した通信を行うために必要なゲートウェイ装置4における通信設定が、ユーザ等による手動ではなく、ゲートウェイ装置4によって設定される。 (effect)
In the first embodiment, the gateway device 4 acquires predetermined information corresponding to the type of the communication device 2 from the database server 6 and performs communication settings of the communication device 2 based on the acquired information. Therefore, in the communication control system according to the first embodiment, the communication setting in the gateway device 4 necessary for the communication device 2 to communicate via the gateway device 4 is set by the gateway device 4 instead of manually by a user or the like. Is done.
 また、第1実施形態によると、ユーザ自らが通信デバイス2の情報を調査・設定することなく、ゲートウェイ装置4により通信設定が行われる。このため、通信デバイス2は、ゲートウェイ装置4への情報入力ミスの悪影響を受けることなく、ゲートウェイ装置4を利用する通信がゲートウェイ装置4により適切に制御される。 したがって、ユーザはゲートウェイ装置4に通信に係るポリシや内部データベースの更新頻度程度の設定をすればよい。さらに、第1実施形態の通信制御システムでは、通信デバイス2が自装置に関する情報をゲートウェイ装置4に通知する必要がないため、ユーザは、既存の通信デバイス2を含む多くの通信デバイス2を第1実施形態の通信制御システムに適用させることができる。 
 <第2実施形態>
 次に、本発明に係る第2実施形態の通信制御システムについて、図面を参照して説明する。第2実施形態の通信制御システムでは、データベースサーバ6に、通信デバイス2の種別に応じた情報や不正通信に関する情報に加えて、ゲートウェイ装置4が決定した通信設定をも蓄積する。また、データベースサーバ6に、複数のゲートウェイ装置4が接続可能とし、これらゲートウェイ装置4が通信設定を共有することを可能とする。 Also, according to the first embodiment, communication setting is performed by the gateway device 4 without the user himself investigating and setting information of the communication device 2. Therefore, the communication using the gateway device 4 is appropriately controlled by the gateway device 4 without being adversely affected by the information input error to the gateway device 4. Therefore, the user only needs to set the communication policy and the update frequency of the internal database to the gateway device 4. Furthermore, in the communication control system according to the first embodiment, since the communication device 2 does not need to notify the gateway device 4 of information related to the own device, the user first selects a number of communication devices 2 including the existing communication device 2. It can be applied to the communication control system of the embodiment.
Second Embodiment
Next, a communication control system according to a second embodiment of the present invention will be described with reference to the drawings. In the communication control system of the second embodiment, the communication settings determined by the gateway device 4 are also stored in the database server 6 in addition to information according to the type of the communication device 2 and information related to unauthorized communication. In addition, a plurality of gateway devices 4 can be connected to the database server 6 and these gateway devices 4 can share communication settings.
 (構成)
 図8は、第2実施形態に係る通信制御システムの構成を例示する図である。図8を参照すると、通信制御システムは、ゲートウェイ装置4P、4Qおよびデータベースサーバ6を備えている。ゲートウェイ装置4P、4Qとデータベースサーバ6は、WAN10を介して接続されている。ゲートウェイ装置4Pには、Ethernet(登録商標)、Wi-Fi等のLAN8Pを介して、通信デバイス2A~2Cが接続する。ゲートウェイ装置4Qには、LAN8Qを介して通信デバイス2(例えば通信デバイス2C)が接続する。以下では、ゲートウェイ装置4P、4Qを、適宜ゲートウェイ装置4とも総称する。 (Constitution)
FIG. 8 is a diagram illustrating a configuration of a communication control system according to the second embodiment. Referring to FIG. 8, the communication control system includes gateway devices 4P and 4Q and a database server 6. The gateway devices 4P and 4Q and the database server 6 are connected via the WAN 10. Communication devices 2A to 2C are connected to the gateway apparatus 4P via a LAN 8P such as Ethernet (registered trademark) or Wi-Fi. The gateway device 4Q is connected to the communication device 2 (for example, the communication device 2C) via the LAN 8Q. Hereinafter, the gateway devices 4P and 4Q are also collectively referred to as the gateway device 4 as appropriate.
 複数のゲートウェイ装置4P、4Qの間で、通信設定を共有するケースとして、例えば、自宅のゲートウェイ装置4Pと別宅(別荘等)のゲートウェイ装置4Qの間で通信設定を共有することが考えられる。また、新旧のゲートウェイ装置4を入れ替える際に、入れ替え前のゲートウェイ装置4Pの通信設定を、入れ替え後のゲートウェイ装置4Qに移行することが考えられる。さらに、オフィスビルの複数のフロアのそれぞれに設けられた複数のアクセスポイント(ゲートウェイ装置4)に通信設定を一括して行う(同期処理する)ケースが考えられる。なお、これらのケースは例示にすぎず、第2実施形態の通信制御システムが有効なケースはこれらに限定されない。また、図8に示す接続構成、および、ゲートウェイ装置4、通信デバイス2の台数も例示にすぎない。 As a case where communication settings are shared among a plurality of gateway devices 4P, 4Q, for example, it is conceivable to share communication settings between a gateway device 4P at home and a gateway device 4Q at a separate house (villa, etc.). In addition, when the old and new gateway devices 4 are replaced, the communication settings of the gateway device 4P before the replacement may be transferred to the gateway device 4Q after the replacement. Furthermore, a case where communication settings are collectively performed (synchronized) for a plurality of access points (gateway devices 4) provided on each of a plurality of floors of an office building is conceivable. Note that these cases are merely examples, and cases where the communication control system of the second embodiment is effective are not limited thereto. Further, the connection configuration shown in FIG. 8 and the number of gateway devices 4 and communication devices 2 are merely examples.
 以下、第2実施形態の通信制御システムについて、第1実施形態との差分を中心に説明する。第2実施形態におけるゲートウェイ装置4P、4Qも、第1実施形態におけるゲートウェイ装置4(図3参照)と同様の構成を有する。ただし、第2実施形態では、ゲートウェイ装置4の決定部22は、決定した通信設定をデータベースサーバ6にも送出する。 Hereinafter, the communication control system according to the second embodiment will be described focusing on differences from the first embodiment. The gateway devices 4P and 4Q in the second embodiment also have the same configuration as the gateway device 4 (see FIG. 3) in the first embodiment. However, in the second embodiment, the determination unit 22 of the gateway device 4 also sends the determined communication settings to the database server 6.
 第2実施形態におけるデータベースサーバ6も、第1実施形態におけるデータベースサーバ6(図5参照)と同様の構成を有する。ただし、第2実施形態では、データベースサーバ6の情報データベース36は、ゲートウェイ装置4から送出された通信設定も併せて保持する。ここでは、一例として、ゲートウェイ装置4から取得した通信設定を情報データベース36が保持する構成としたが、データベースサーバ6は、取得した通信設定を別個のデータベースに保持してもよい。 The database server 6 in the second embodiment also has the same configuration as the database server 6 (see FIG. 5) in the first embodiment. However, in the second embodiment, the information database 36 of the database server 6 also holds the communication settings sent from the gateway device 4. Here, as an example, the information database 36 holds the communication settings acquired from the gateway device 4, but the database server 6 may hold the acquired communication settings in a separate database.
 図9は、第2実施形態におけるデータベースサーバ6の情報データベース36が保持する情報を例示する表である。図9を参照すると、情報データベース36は、ゲートウェイ装置4の識別子と、通信デバイス2の識別子と、「所定の情報」と、ゲートウェイ装置4により決定された「通信設定」とを関連付けた状態で保持する。なお、通信設定を決定したゲートウェイ装置4を識別する必要がない場合、図9におけるゲートウェイ装置4の識別子を省略してもよい。 FIG. 9 is a table illustrating information stored in the information database 36 of the database server 6 in the second embodiment. Referring to FIG. 9, the information database 36 holds the identifier of the gateway device 4, the identifier of the communication device 2, “predetermined information”, and the “communication setting” determined by the gateway device 4. To do. If there is no need to identify the gateway device 4 that has determined the communication setting, the identifier of the gateway device 4 in FIG. 9 may be omitted.
 また、第2実施形態では、検索部38は、ゲートウェイ装置4からの情報要求を受けると、当該情報要求に応じて、情報データベース36を参照する。そして、検索部38は、ゲートウェイ装置4から受信したMACアドレス(通信デバイス2の識別子)を持つ通信デバイス2に関する「所定の情報」と「通信設定」を情報データベース36から検索する。送信部40は、検索された「所定の情報」と「通信設定」をゲートウェイ装置4に送信する。一方、当該情報要求に含まれるMACアドレスに関連付けられている「通信設定」が情報データベース36に未登録である場合、送信部40は、「所定の情報」のみをゲートウェイ装置4に送信する。 In the second embodiment, when the search unit 38 receives an information request from the gateway device 4, the search unit 38 refers to the information database 36 in response to the information request. Then, the search unit 38 searches the information database 36 for “predetermined information” and “communication setting” regarding the communication device 2 having the MAC address (the identifier of the communication device 2) received from the gateway device 4. The transmission unit 40 transmits the searched “predetermined information” and “communication setting” to the gateway device 4. On the other hand, when the “communication setting” associated with the MAC address included in the information request is not registered in the information database 36, the transmission unit 40 transmits only “predetermined information” to the gateway device 4.
 (動作)
 図10は、第2実施形態に係る通信制御システムの動作を例示するシーケンス図である。ここでは、ゲートウェイ装置4Pによって決定された通信デバイス2A、2Cに関する通信設定がデータベースサーバ6の情報データベース36に登録済であるとする。この場合に、通信デバイス2Aまたは2Bがゲートウェイ装置4Qに接続したときの動作を説明する。 (Operation)
FIG. 10 is a sequence diagram illustrating the operation of the communication control system according to the second embodiment. Here, it is assumed that the communication settings regarding the communication devices 2A and 2C determined by the gateway device 4P have been registered in the information database 36 of the database server 6. In this case, the operation when the communication device 2A or 2B is connected to the gateway device 4Q will be described.
 なお、通信デバイス2がゲートウェイ装置4Qに通信要求を送出する動作(ステップB1)と、ゲートウェイ装置4Qがデータベース16を確認する動作(ステップB2)は、第1実施形態におけるステップA1、A2(図7参照)の動作と同様である。 The operation in which the communication device 2 sends a communication request to the gateway device 4Q (step B1) and the operation in which the gateway device 4Q confirms the database 16 (step B2) are steps A1 and A2 in the first embodiment (FIG. 7). This is the same as the operation of (see).
 第2実施形態では、データベースサーバ6の要求受信部34は、ゲートウェイ装置4からの情報要求を、通信部32を介して受け付け、当該情報要求を検索部38に転送する。検索部38は、当該情報要求に応じて情報データベース36を参照し、ゲートウェイ装置4から受け取ったMACアドレスに関連付けられている「所定の情報」と「通信設定」の情報を検索する(ステップB4)。ここで、MACアドレスに関連付けられている「通信設定」が存在する(すなわち、通信デバイス2Aがゲートウェイ装置4Qにアクセスした)とする。この場合には、送信部40は、検索された「所定の情報」と「通信設定」を、通信部32を経由してゲートウェイ装置4に送信する(ステップB5)。一方、MACアドレスに関連付けられている「通信設定」が存在しない(すなわち、通信デバイス2Bがゲートウェイ装置4Qにアクセスした)とする。この場合には、送信部40は、検索された「所定の情報」を、通信部32を経由してゲートウェイ装置4に送信する(ステップB5)。なお、データベースサーバ6は、複数のゲートウェイ装置(例えば、ゲートウェイ装置4P、4Q)間で通信設定を共有可能とする際に、必要であればユーザ認証等の処理を併せて行うようにしてもよい。 In the second embodiment, the request receiving unit 34 of the database server 6 receives the information request from the gateway device 4 via the communication unit 32 and transfers the information request to the search unit 38. The search unit 38 refers to the information database 36 in response to the information request, and searches for “predetermined information” and “communication setting” information associated with the MAC address received from the gateway device 4 (step B4). . Here, it is assumed that “communication setting” associated with the MAC address exists (that is, the communication device 2A has accessed the gateway device 4Q). In this case, the transmission unit 40 transmits the searched “predetermined information” and “communication setting” to the gateway device 4 via the communication unit 32 (step B5). On the other hand, it is assumed that there is no “communication setting” associated with the MAC address (that is, the communication device 2B has accessed the gateway device 4Q). In this case, the transmission unit 40 transmits the searched “predetermined information” to the gateway device 4 via the communication unit 32 (step B5). The database server 6 may also perform processing such as user authentication if necessary when sharing communication settings among a plurality of gateway devices (for example, the gateway devices 4P and 4Q). .
 データベースサーバ6から「所定の情報」を受信した場合、ゲートウェイ装置4Qが行う情報登録動作(ステップB6)および通信設定動作(ステップB7)は、第1実施形態のステップA6、A7(図7参照)と同様である。一方、データベースサーバ6から「所定の情報」と「通信設定」の双方を受信した場合、ゲートウェイ装置4Qの受信部20は、受信した「所定の情報」と「通信設定」の情報をデータベース16に格納する(ステップB6)。この際、格納される「所定の情報」と「通信設定」の情報には通信デバイス2のMACアドレスが関連付けられる。また、決定部22は、データベースサーバ6から受信した「通信設定」に基づき、通信要求を発信した通信デバイス2の通信設定を行う(ステップB7)。 When “predetermined information” is received from the database server 6, the information registration operation (step B6) and communication setting operation (step B7) performed by the gateway device 4Q are the steps A6 and A7 of the first embodiment (see FIG. 7). It is the same. On the other hand, when both “predetermined information” and “communication setting” are received from the database server 6, the receiving unit 20 of the gateway device 4 </ b> Q stores the received “predetermined information” and “communication setting” information in the database 16. Store (step B6). At this time, the MAC address of the communication device 2 is associated with the stored “predetermined information” and “communication setting” information. Further, the determination unit 22 performs communication setting of the communication device 2 that has transmitted the communication request based on the “communication setting” received from the database server 6 (step B7).
 (効果)
 第2実施形態の通信制御システムは、第1実施形態の通信制御システムにおける効果に加えて、次の効果を奏する。第2実施形態では、データベースサーバ6を介して、複数のゲートウェイ装置4は通信設定の情報を共有できる。したがって、第2実施形態によると、通信デバイス2は接続先のゲートウェイ装置4に依らず(すなわち、アクセスするLAN8に依らず)、同種の通信デバイス2については、同一の通信設定を享受することが可能となる。また、第2実施形態によると、ユーザは複数のゲートウェイ装置4のうちのいずれか1つに通信設定に関わるポリシを設定すればよく、複数のゲートウェイ装置4のそれぞれについて、ポリシを設定し、管理する煩雑さから解放される。したがって、自宅と別宅で複数のゲートウェイ装置4を用いる場合や、新旧のゲートウェイ装置4を入れ替える際、または、複数のフロアのそれぞれにゲートウェイ装置4を設置した場合におけるゲートウェイ装置の管理が容易になる。 (effect)
The communication control system of the second embodiment has the following effects in addition to the effects of the communication control system of the first embodiment. In the second embodiment, a plurality of gateway devices 4 can share communication setting information via the database server 6. Therefore, according to the second embodiment, the communication device 2 does not depend on the gateway device 4 to be connected (that is, does not depend on the LAN 8 to be accessed), and the same type of communication device 2 can enjoy the same communication setting. It becomes possible. Further, according to the second embodiment, the user only needs to set a policy related to communication setting in any one of the plurality of gateway devices 4, and set and manage the policy for each of the plurality of gateway devices 4. You are freed from the complexity. Therefore, when a plurality of gateway devices 4 are used in a home and a separate home, when the old and new gateway devices 4 are replaced, or when the gateway devices 4 are installed on each of a plurality of floors, management of the gateway devices is facilitated.
 <変形例>
 第1と第2の実施形態では、通信デバイス2の識別子としてMACアドレスを使用する場合について説明している。ここでは、一例として通信デバイス2に対してMACアドレス"AB:CD:EF:ab:12:34"というMACアドレスが付与されたときの変形例について説明する。ここで、MACアドレスのうちの"AB:CD:EF"の部分はメーカを表す情報として使用可能である。製品・個体番号の割り当てはメーカによって異なるが、ここでは、一例として、"ab"が製品(型番)を表す情報であるとし、"12:34"が個体情報であるとする。 <Modification>
In the first and second embodiments, a case where a MAC address is used as the identifier of the communication device 2 is described. Here, a modified example when the MAC address “AB: CD: EF: ab: 12: 34” is given to the communication device 2 will be described as an example. Here, the “AB: CD: EF” portion of the MAC address can be used as information representing the manufacturer. The assignment of the product / individual number varies depending on the manufacturer, but here, as an example, it is assumed that “ab” is information representing a product (model number) and “12:34” is individual information.
 このとき、ゲートウェイ装置4のデータベース16(図4参照)における通信デバイス2の識別子として、MACアドレス"AB:CD:EF:ab:12:34"を使用することができる。一方、ゲートウェイ装置4とは異なり、データベースサーバ6の情報データベース36(図6参照)で管理する識別子では通信デバイス2の製品(型番)を識別できればよい。したがって、通信デバイス2の識別子ごとに「所定の情報」を保持する必要はない。すなわち、データベースサーバ6の情報データベース36では、"AB:CD:EF:ab:**:**"(*は任意の文字を表す記号)という識別子と関連付けた状態で、その識別子が付与されている通信デバイス2に関する「所定の情報」が保持されればよい。このような構成とすることにより、情報データベース36が保持するデータの量を大幅に削減することが可能となる。ただし、第2実施形態における情報データベース36のように、通信デバイス2毎の通信設定が保持される場合には、通信デバイスの識別子として、通信デバイスを一意に特定する識別子を使用する必要がある。 At this time, the MAC address “AB: CD: EF: ab: 12: 34” can be used as the identifier of the communication device 2 in the database 16 (see FIG. 4) of the gateway device 4. On the other hand, unlike the gateway device 4, the identifier managed by the information database 36 (see FIG. 6) of the database server 6 only needs to identify the product (model number) of the communication device 2. Therefore, it is not necessary to hold “predetermined information” for each identifier of the communication device 2. That is, in the information database 36 of the database server 6, the identifier is given in a state associated with the identifier “AB: CD: EF: ab: **: **” (* is a symbol representing an arbitrary character). It is only necessary to hold “predetermined information” regarding the communication device 2. With this configuration, the amount of data held by the information database 36 can be significantly reduced. However, when the communication setting for each communication device 2 is held as in the information database 36 in the second embodiment, it is necessary to use an identifier that uniquely identifies the communication device as the identifier of the communication device.
 なお、上記の実施形態の一部又は全部は、以下の付記のようにも記載されうるが、以下には限られない。
[付記1]
 通信デバイスに接続されたゲートウェイ装置であって、
 通信デバイスの種別に応じた所定の情報に基づいて、前記通信デバイスに対する通信設定を決定する決定部と、
 決定した通信設定に従って前記通信デバイスによる前記ゲートウェイ装置を介した通信を制御する通信制御部と、を備える。
[付記2]
 前記所定の情報は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、関連情報、および、推奨される通信設定のうちの少なくともいずれかを含む、
 付記1に記載のゲートウェイ装置。
[付記3]
 前記推奨される通信設定は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、および、関連情報のうちの少なくともいずれかに関して推奨される通信設定であり、
 前記決定部は、前記推奨される通信設定に応じて、前記通信デバイスに対する通信設定を決定する、
 付記2に記載のゲートウェイ装置。
[付記4]
 前記決定部は、前記所定の情報が製品のカテゴリを含む場合、前記製品のカテゴリに応じて、前記通信デバイスによりアクセス可能なネットワークとそれ以外のネットワークとを分離する通信設定を行う、
 付記2または3に記載のゲートウェイ装置。
[付記5]
 前記決定部は、前記所定の情報が用途を含む場合、前記用途に応じて前記通信デバイスによる通信の帯域および優先度に関する通信設定を行う、
 付記2ないし付記4のいずれか一つに記載のゲートウェイ装置。
[付記6]
 前記決定部は、前記所定の情報が通信機能を含む場合、前記通信機能に応じて前記通信デバイスによる通信の有効ポートに関する通信設定を行う、
 付記2ないし付記5のいずれか一つに記載のゲートウェイ装置。
[付記7]
 前記決定部は、前記所定の情報がセキュリティ機能・性能を含む場合、前記セキュリティ機能・性能に応じて、前記通信デバイスによる暗号処理を前記ゲートウェイ装置によって代替するように通信設定を行う、
 付記2ないし付記6のいずれか一つに記載のゲートウェイ装置。
[付記8]
 前記決定部は、前記所定の情報が関連情報を含む場合、前記通信デバイスによる少なくとも一部のポート、アドレスへのアクセスを遮断し、もしくは、前記通信デバイスによる通信を拒否する通信設定を行い、または、前記関連情報をユーザに通知する、
 付記2ないし7のいずれか一に記載のゲートウェイ装置。
[付記9]
 前記通信デバイスの識別子と前記所定の情報とを関連付けて保持するデータベースと、
 前記通信デバイスの識別子を含む通信要求を前記通信デバイスから受信する通信部と、を備え、
 前記決定部は、前記データベースを参照して、前記通信要求に含まれる識別子に関連付けられた前記所定の情報に基づいて、前記通信デバイスに対する通信設定を決定する、
 付記1ないし付記8のいずれか一つに記載のゲートウェイ装置。
[付記10]
 前記通信要求に含まれる前記通信デバイスの識別子と前記所定の情報とを関連付けて前記データベースに保持していない場合、前記識別子を用いて前記所定の情報をデータベースサーバに問い合わせる要求送信部と、
 前記問い合わせに応じて前記データベースサーバから前記所定の情報を取得し、前記識別子と関連付けて前記データベースに格納する受信部と、を備える、
 付記9に記載のゲートウェイ装置。
[付記11]
 前記決定部は、決定した前記通信デバイスに対する通信設定を、前記通信デバイスの識別子および前記所定の情報と関連付けて前記データベースに格納する、
 付記10に記載のゲートウェイ装置。
[付記12]
 ゲートウェイ装置が、通信デバイスの種別に応じた所定の情報に基づいて、前記通信デバイスに対する通信設定を決定するステップと、
 決定した通信設定に従って前記通信デバイスによる前記ゲートウェイ装置を介した通信を制御するステップと、を含む、
 ことを特徴とする通信制御方法。
[付記13]
 前記所定の情報は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、関連情報、および、推奨される通信設定のうちの少なくともいずれかを含む、
 付記12に記載の通信制御方法。
[付記14]
 前記推奨される通信設定は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、および、関連情報のうちの少なくともいずれかに関して推奨される通信設定であり、
 前記ゲートウェイ装置は、前記推奨される通信設定に応じて、前記通信デバイスに対する通信設定を決定する、
 付記13に記載の通信制御方法。
[付記15]
 前記ゲートウェイ装置は、前記所定の情報が製品のカテゴリを含む場合、前記製品のカテゴリに応じて、前記通信デバイスによりアクセス可能なネットワークとそれ以外のネットワークとを分離する通信設定を行う、
 付記13または付記14に記載の通信制御方法。
[付記16]
 前記ゲートウェイ装置は、前記所定の情報が用途を含む場合、前記用途に応じて前記通信デバイスによる通信の帯域および優先度に関する通信設定を行う、
 付記13ないし付記15のいずれか一つに記載の通信制御方法。
[付記17]
 前記ゲートウェイ装置は、前記所定の情報が通信機能を含む場合、前記通信機能に応じて前記通信デバイスによる通信の有効ポートに関する通信設定を行う、
 付記13ないし付記16のいずれか一つに記載の通信制御方法。
[付記18]
 前記ゲートウェイ装置は、前記所定の情報がセキュリティ機能・性能含む場合、前記セキュリティ機能・性能に応じて、前記通信デバイスによる暗号処理を前記ゲートウェイ装置によって代替するように通信設定を行う、
 付記13ないし付記17のいずれか一つに記載の通信制御方法。
[付記19]
 前記ゲートウェイ装置は、前記所定の情報が関連情報を含む場合、前記通信デバイスによる少なくとも一部のポート、アドレスへのアクセスを遮断し、もしくは、前記通信デバイスによる通信を拒否する通信設定を行い、または、前記関連情報をユーザに通知する、
 付記13ないし付記18のいずれか一つに記載の通信制御方法。
[付記20]
 前記ゲートウェイ装置が、前記通信デバイスの識別子と前記所定の情報とを関連付けてデータベースに保持するステップと、
 前記通信デバイスの識別子を含む通信要求を前記通信デバイスから受信するステップと、を含み、
 前記通信デバイスに対する通信設定の決定は、前記データベースを参照して、前記通信要求に含まれる識別子に関連付けられた前記所定の情報に基づいて行われる、
 付記13に記載の通信制御方法。
[付記21]
 前記通信要求に含まれる前記通信デバイスの識別子と前記所定の情報とを関連付けて前記データベースに保持していない場合、前記ゲートウェイ装置が、前記識別子を用いて前記所定の情報をデータベースサーバに問い合わせるステップと、
 前記問い合わせに応じて前記データベースサーバから前記所定の情報を取得し、前記識別子と関連付けて前記データベースに格納するステップと、を含む、
 付記20に記載の通信制御方法。
[付記22]
 前記ゲートウェイ装置が、決定した前記通信デバイスに対する通信設定を、前記通信デバイスの識別子および前記所定の情報と関連付けて前記データベースに格納するステップを含む、
 付記21に記載の通信制御方法。
[付記23]
 通信デバイスの識別子と前記通信デバイスの種別に応じた所定の情報とを関連付けて保持するデータベースサーバと、
 前記通信デバイスおよび前記データベースサーバに接続されたゲートウェイ装置と、を備え、
 前記ゲートウェイ装置は、前記所定の情報に基づいて、前記通信デバイスに対する通信設定を決定する決定部と、
 決定した通信設定に従って前記通信デバイスによる前記ゲートウェイ装置を介した通信を制御する通信制御部と、を有する、
 ことを特徴とする通信制御システム。
[付記24]
 前記決定部は、前記通信デバイスの識別子と前記通信デバイスに対して決定した通信設定を前記データベースサーバに通知し、
 前記データベースサーバは、前記ゲートウェイ装置の識別子と前記通信デバイスの識別子と前記通信デバイスに対して決定された通信設定とを関連付けて保持し、他のゲートウェイ装置から前記通信デバイスに対する前記所定の情報の問い合わせに応じて、前記ゲートウェイ装置により決定された通信設定を回答する、
 付記23に記載の通信制御システム。
[付記25]
 ゲートウェイ装置に設けられたコンピュータに対して、
 通信デバイスの種別に応じた所定の情報に基づいて、前記通信デバイスに対する通信設定を決定する処理と、
 決定した通信設定に従って前記通信デバイスによる前記ゲートウェイ装置を介した通信を制御する処理と、を実行させる、
 ことを特徴とするプログラム。 In addition, although a part or all of said embodiment can be described also as the following additional remarks, it is not restricted to the following.
[Appendix 1]
A gateway device connected to a communication device,
A determination unit that determines communication settings for the communication device based on predetermined information according to a type of the communication device;
A communication control unit that controls communication by the communication device via the gateway device according to the determined communication setting.
[Appendix 2]
The predetermined information includes at least one of a product category, usage, communication function, security function / performance, related information, and recommended communication setting.
The gateway device according to attachment 1.
[Appendix 3]
The recommended communication setting is a communication setting recommended for at least one of product category, application, communication function, security function / performance, and related information,
The determining unit determines communication settings for the communication device according to the recommended communication settings.
The gateway device according to attachment 2.
[Appendix 4]
When the predetermined information includes a product category, the determination unit performs communication setting for separating a network accessible by the communication device and other networks according to the product category.
The gateway device according to attachment 2 or 3.
[Appendix 5]
The determining unit, when the predetermined information includes a use, performs communication settings related to the bandwidth and priority of communication by the communication device according to the use.
The gateway device according to any one of appendix 2 to appendix 4.
[Appendix 6]
The determining unit, when the predetermined information includes a communication function, performs communication setting related to an effective port of communication by the communication device according to the communication function.
The gateway device according to any one of appendix 2 to appendix 5.
[Appendix 7]
The determining unit, when the predetermined information includes a security function / performance, according to the security function / performance, performs communication settings to replace the encryption processing by the communication device by the gateway device,
The gateway device according to any one of appendix 2 to appendix 6.
[Appendix 8]
The determination unit, when the predetermined information includes related information, to block access to at least some ports and addresses by the communication device, or to perform communication settings to refuse communication by the communication device, or , Notifying the user of the related information,
The gateway device according to any one of appendices 2 to 7.
[Appendix 9]
A database that stores the identifier of the communication device and the predetermined information in association with each other;
A communication unit that receives a communication request including an identifier of the communication device from the communication device,
The determining unit refers to the database and determines communication settings for the communication device based on the predetermined information associated with an identifier included in the communication request.
The gateway device according to any one of supplementary notes 1 to 8.
[Appendix 10]
If the communication device identifier included in the communication request is associated with the predetermined information and is not held in the database, a request transmission unit that inquires the database server for the predetermined information using the identifier;
Receiving the predetermined information from the database server in response to the inquiry, and storing in the database in association with the identifier,
The gateway device according to attachment 9.
[Appendix 11]
The determination unit stores the determined communication setting for the communication device in the database in association with the identifier of the communication device and the predetermined information.
The gateway device according to attachment 10.
[Appendix 12]
The gateway device determining communication settings for the communication device based on predetermined information according to a type of the communication device; and
Controlling communication via the gateway device by the communication device in accordance with the determined communication settings.
A communication control method characterized by the above.
[Appendix 13]
The predetermined information includes at least one of a product category, usage, communication function, security function / performance, related information, and recommended communication setting.
The communication control method according to attachment 12.
[Appendix 14]
The recommended communication setting is a communication setting recommended for at least one of product category, application, communication function, security function / performance, and related information,
The gateway device determines communication settings for the communication device according to the recommended communication settings;
The communication control method according to attachment 13.
[Appendix 15]
When the predetermined information includes a product category, the gateway device performs communication setting for separating a network accessible by the communication device and a network other than the network according to the product category.
The communication control method according to Supplementary Note 13 or Supplementary Note 14.
[Appendix 16]
When the predetermined information includes a use, the gateway device performs communication settings related to the bandwidth and priority of communication by the communication device according to the use.
The communication control method according to any one of supplementary notes 13 to 15.
[Appendix 17]
When the predetermined information includes a communication function, the gateway device performs communication setting related to an effective port of communication by the communication device according to the communication function.
The communication control method according to any one of supplementary notes 13 to 16.
[Appendix 18]
When the predetermined information includes a security function / performance, the gateway device performs communication setting so that encryption processing by the communication device is replaced by the gateway device according to the security function / performance.
18. The communication control method according to any one of appendix 13 to appendix 17.
[Appendix 19]
The gateway device, when the predetermined information includes related information, performs a communication setting to block access to at least some ports and addresses by the communication device, or to refuse communication by the communication device, or , Notifying the user of the related information,
The communication control method according to any one of appendix 13 to appendix 18.
[Appendix 20]
The gateway device associating the identifier of the communication device and the predetermined information in a database,
Receiving a communication request including an identifier of the communication device from the communication device; and
The determination of the communication setting for the communication device is performed based on the predetermined information associated with the identifier included in the communication request with reference to the database.
The communication control method according to attachment 13.
[Appendix 21]
When the identifier of the communication device included in the communication request and the predetermined information are not associated with each other and stored in the database, the gateway device inquires the database server for the predetermined information using the identifier; ,
Obtaining the predetermined information from the database server in response to the inquiry and storing it in the database in association with the identifier.
The communication control method according to attachment 20.
[Appendix 22]
The gateway device includes storing the determined communication setting for the communication device in the database in association with the identifier of the communication device and the predetermined information.
The communication control method according to attachment 21.
[Appendix 23]
A database server that associates and holds an identifier of a communication device and predetermined information corresponding to the type of the communication device;
A gateway device connected to the communication device and the database server,
The gateway device determines a communication setting for the communication device based on the predetermined information;
A communication control unit for controlling communication via the gateway device by the communication device according to the determined communication setting,
A communication control system characterized by that.
[Appendix 24]
The determining unit notifies the database server of an identifier of the communication device and a communication setting determined for the communication device,
The database server stores the identifier of the gateway device, the identifier of the communication device, and the communication setting determined for the communication device in association with each other, and queries the predetermined information from the other gateway device to the communication device. In response to the communication setting determined by the gateway device,
The communication control system according to attachment 23.
[Appendix 25]
For the computer installed in the gateway device,
Processing for determining communication settings for the communication device based on predetermined information according to the type of the communication device;
Processing to control communication through the gateway device by the communication device according to the determined communication setting,
A program characterized by that.
 なお、上記特許文献の全開示内容は、本書に引用をもって繰り込み記載されているものとする。本発明の全開示(請求の範囲を含む)の枠内において、さらにその基本的技術思想に基づいて、実施形態の変更・調整が可能である。また、本発明の全開示の枠内において種々の開示要素(各請求項の各要素、各実施形態の各要素、各図面の各要素等を含む)の多様な組み合わせ、ないし、選択が可能である。すなわち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得る各種変形、修正を含むことは勿論である。特に、本書に記載した数値範囲については、当該範囲内に含まれる任意の数値ないし小範囲が、別段の記載のない場合でも具体的に記載されているものと解釈されるべきである。 It should be noted that the entire disclosure of the above patent document is incorporated herein by reference. Within the scope of the entire disclosure (including claims) of the present invention, the embodiment can be changed and adjusted based on the basic technical concept. Further, various combinations or selections of various disclosed elements (including each element of each claim, each element of each embodiment, each element of each drawing, etc.) are possible within the framework of the entire disclosure of the present invention. is there. That is, the present invention of course includes various variations and modifications that can be made by those skilled in the art according to the entire disclosure including the claims and the technical idea. In particular, with respect to the numerical ranges described in this document, any numerical value or small range included in the range should be construed as being specifically described even if there is no specific description.
 この出願は、2015年10月27日に出願された日本出願特願2015-211273を基礎とする優先権を主張し、その開示の全てをここに取り込む。 This application claims priority based on Japanese Patent Application No. 2015-212173 filed on Oct. 27, 2015, the entire disclosure of which is incorporated herein.
2、2A~2C  通信デバイス
4、4P、4Q  ゲートウェイ装置
6  データベースサーバ
8、8P、8Q  LAN
10  WAN
12  通信部
14  要求送信部
16  データベース
18  検索部
20  受信部
22  決定部
24  通信制御部
26  不正報告部
28  アラーム生成部
30  報告データベース
32  通信部
34  要求受信部
36  情報データベース
38  検索部
40  送信部
42  報告受信部
44  報告データベース 2, 2A to 2C Communication device 4, 4P, 4Q Gateway device 6 Database server 8, 8P, 8Q LAN
10 WAN
12 communication unit 14 request transmission unit 16 database 18 search unit 20 reception unit 22 determination unit 24 communication control unit 26 fraud report unit 28 alarm generation unit 30 report database 32 communication unit 34 request reception unit 36 information database 38 search unit 40 transmission unit 42 Report receiver 44 Report database

Claims (17)

  1.  通信制御対象の通信デバイスの種別に応じた所定の情報に基づいて、自装置を介した前記通信デバイスの通信に関する通信設定の内容を決定する決定手段と、
     決定した通信設定に従って自装置を介した前記通信デバイスの通信を制御する通信制御手段と、
    を備えるゲートウェイ装置。     Determining means for determining the content of communication settings related to communication of the communication device via its own device based on predetermined information corresponding to the type of communication device to be controlled;
    Communication control means for controlling communication of the communication device via the own apparatus according to the determined communication setting;
    A gateway device comprising:
  2.  前記所定の情報は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、関連情報、および、推奨される通信設定のうちの少なくともいずれかを含む、
     請求項1に記載のゲートウェイ装置。     The predetermined information includes at least one of a product category, usage, communication function, security function / performance, related information, and recommended communication setting.
    The gateway device according to claim 1.
  3.  前記推奨される通信設定は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、および、関連情報のうちの少なくともいずれかに関して推奨される通信設定であり、
     前記決定手段は、前記推奨される通信設定に応じて、前記通信デバイスに関する通信設定を決定する、
     請求項2に記載のゲートウェイ装置。     The recommended communication setting is a communication setting recommended for at least one of product category, application, communication function, security function / performance, and related information,
    The determining means determines communication settings related to the communication device according to the recommended communication settings;
    The gateway device according to claim 2.
  4.  前記決定手段は、前記所定の情報が製品のカテゴリを含む場合、前記製品のカテゴリに応じて、前記通信デバイスによりアクセス可能なネットワークとそれ以外のネットワークとを分離する通信設定を行う、
     請求項2または請求項3に記載のゲートウェイ装置。     When the predetermined information includes a product category, the determination unit performs communication setting for separating a network accessible by the communication device and another network according to the product category.
    The gateway device according to claim 2 or claim 3.
  5.  前記決定手段は、前記所定の情報が用途を含む場合、前記用途に応じて前記通信デバイスの通信の帯域および優先度に関する通信設定を行う、
     請求項2ないし請求項4のいずれか1項に記載のゲートウェイ装置。     When the predetermined information includes a use, the determination unit performs communication settings related to a communication band and priority of the communication device according to the use.
    The gateway device according to any one of claims 2 to 4.
  6.  前記決定手段は、前記所定の情報が通信機能を含む場合、前記通信機能に応じて前記通信デバイスによる通信の有効ポートに関する通信設定を行う、
     請求項2ないし請求項5のいずれか1項に記載のゲートウェイ装置。     When the predetermined information includes a communication function, the determination unit performs communication setting related to an effective port of communication by the communication device according to the communication function.
    The gateway device according to any one of claims 2 to 5.
  7.  前記決定手段は、前記所定の情報がセキュリティ機能・性能を含む場合、前記セキュリティ機能・性能に応じて、前記通信デバイスに代わって暗号処理を自装置が実行する通信設定を行う、
     請求項2ないし請求項6のいずれか1項に記載のゲートウェイ装置。     When the predetermined information includes a security function / performance, the determination unit performs communication setting in which the own apparatus executes encryption processing on behalf of the communication device, according to the security function / performance.
    The gateway device according to any one of claims 2 to 6.
  8.  前記決定手段は、前記所定の情報が関連情報を含む場合、前記通信デバイスによる少なくとも一部のポート、アドレスへのアクセスを遮断し、もしくは、前記通信デバイスによる通信を拒否する通信設定を行い、または、前記関連情報をユーザに通知する、
     請求項2ないし請求項7のいずれか1項に記載のゲートウェイ装置。     The determining means, when the predetermined information includes related information, performing a communication setting to block access to at least some ports and addresses by the communication device, or to refuse communication by the communication device; or , Notifying the user of the related information,
    The gateway device according to any one of claims 2 to 7.
  9.  前記通信デバイスの識別子と前記所定の情報とを関連付けて保持するデータベースと、
     前記通信デバイスの識別子を含む通信要求を前記通信デバイスから受信する通信手段と、を備え、
     前記決定手段は、前記データベースを参照して、前記通信要求に含まれる識別子に関連付けられた前記所定の情報に基づいて、前記通信デバイスに関する通信設定を決定する、
     請求項1ないし請求項8のいずれか1項に記載のゲートウェイ装置。     A database that stores the identifier of the communication device and the predetermined information in association with each other;
    Communication means for receiving a communication request including an identifier of the communication device from the communication device,
    The determining unit refers to the database and determines communication settings related to the communication device based on the predetermined information associated with an identifier included in the communication request;
    The gateway device according to any one of claims 1 to 8.
  10.  前記通信要求に含まれる前記通信デバイスの識別子に関連付けられた前記所定の情報が前記データベースに保持されていない場合、前記識別子を用いて前記所定の情報をデータベースサーバに問い合わせる要求送信手段と、
     前記問い合わせに応じて前記データベースサーバから送信されてきた前記所定の情報を前記識別子と関連付けた状態で前記データベースに格納する受信手段と、
    をさらに備える請求項9に記載のゲートウェイ装置。     If the predetermined information associated with the identifier of the communication device included in the communication request is not held in the database, a request transmission unit that inquires the database server for the predetermined information using the identifier;
    Receiving means for storing the predetermined information transmitted from the database server in response to the inquiry in the database in a state associated with the identifier;
    The gateway device according to claim 9, further comprising:
  11.  前記決定手段は、決定した通信設定を、前記通信デバイスの識別子および前記所定の情報に関連付けて前記データベースに格納する、
     請求項10に記載のゲートウェイ装置。     The determining means stores the determined communication setting in the database in association with the identifier of the communication device and the predetermined information.
    The gateway device according to claim 10.
  12.  通信制御対象の通信デバイスの種別に応じた所定の情報に基づいて、自装置を介した前記通信デバイスの通信に関する通信設定の内容を決定し、
     決定した通信設定に従って自装置を介した前記通信デバイスの通信を制御する、
    通信制御方法。     Based on predetermined information according to the type of communication device to be controlled, determine the content of communication settings related to communication of the communication device through its own device,
    Controlling communication of the communication device via the own apparatus according to the determined communication setting;
    Communication control method.
  13.  前記所定の情報は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、関連情報、および、推奨される通信設定のうちの少なくともいずれかを含む、
     請求項12に記載の通信制御方法。     The predetermined information includes at least one of a product category, usage, communication function, security function / performance, related information, and recommended communication setting.
    The communication control method according to claim 12.
  14.  前記推奨される通信設定は、製品のカテゴリ、用途、通信機能、セキュリティ機能・性能、および、関連情報のうちの少なくともいずれかに関して推奨される通信設定であり、
     前記推奨される通信設定に応じて、前記通信デバイスにする通信設定を決定する、
     請求項13に記載の通信制御方法。     The recommended communication setting is a communication setting recommended for at least one of product category, application, communication function, security function / performance, and related information,
    In accordance with the recommended communication settings, determine communication settings to be the communication device.
    The communication control method according to claim 13.
  15.  通信デバイスの識別子と前記通信デバイスの種別に応じた所定の情報とを関連付けて保持するデータベースサーバと、
     前記通信デバイスおよび前記データベースサーバに接続されたゲートウェイ装置と、を備え、
     前記ゲートウェイ装置は、前記所定の情報に基づいて、前記通信デバイスに関する通信設定の内容を決定する決定手段と、
     決定した通信設定に従って前記通信デバイスによる前記ゲートウェイ装置を介した通信を制御する通信制御手段と、を有する通信制御システム。     A database server that associates and holds an identifier of a communication device and predetermined information corresponding to the type of the communication device;
    A gateway device connected to the communication device and the database server,
    The gateway device, based on the predetermined information, determining means for determining the content of communication settings related to the communication device;
    Communication control means for controlling communication by the communication device via the gateway device in accordance with the determined communication setting.
  16.  前記決定手段は、前記決定した通信設定を前記通信デバイスの識別子に関連付けた状態で前記データベースサーバに通知し、
     前記データベースサーバは、前記通信デバイスの識別子と前記通信デバイスに関する通信設定とを関連付けて保持し、前記通信デバイスに関する前記所定の情報が要求された場合に、前記通信デバイスの識別子に関連付けられている通信設定を回答する、
     請求項15に記載の通信制御システム。     The determination means notifies the database server in a state in which the determined communication setting is associated with the identifier of the communication device,
    The database server associates and holds an identifier of the communication device and a communication setting related to the communication device, and when the predetermined information related to the communication device is requested, communication associated with the identifier of the communication device Answer settings,
    The communication control system according to claim 15.
  17.  通信制御対象の通信デバイスの種別に応じた所定の情報に基づいて、自装置を介した前記通信デバイスの通信に関する通信設定の内容を決定する処理と、
     決定した通信設定に従って自装置を介した前記通信デバイスの通信を制御する処理と、
    をコンピュータに実行させるコンピュータプログラムを保持するプログラム記録媒体。     Based on predetermined information corresponding to the type of communication device to be controlled for communication, processing for determining the content of communication settings related to communication of the communication device via its own device;
    A process for controlling communication of the communication device via the own apparatus according to the determined communication setting;
    A program recording medium that holds a computer program that causes a computer to execute the program.
PCT/JP2016/004598 2015-10-27 2016-10-17 Gateway device, communication control method, communication control system, and program storage medium WO2017073030A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2015-211273 2015-10-27
JP2015211273A JP6766337B2 (en) 2015-10-27 2015-10-27 Gateway device, communication control method, communication control system, and program

Publications (1)

Publication Number Publication Date
WO2017073030A1 true WO2017073030A1 (en) 2017-05-04

Family

ID=58631396

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2016/004598 WO2017073030A1 (en) 2015-10-27 2016-10-17 Gateway device, communication control method, communication control system, and program storage medium

Country Status (2)

Country Link
JP (1) JP6766337B2 (en)
WO (1) WO2017073030A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6988545B2 (en) * 2018-02-19 2022-01-05 大日本印刷株式会社 Network communication system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003348116A (en) * 2002-05-28 2003-12-05 Hitachi Ltd Address automatic setting system for in-home network
JP2007053703A (en) * 2005-08-19 2007-03-01 Matsushita Electric Works Ltd Filtering device
US7337219B1 (en) * 2003-05-30 2008-02-26 Aol Llc, A Delaware Limited Liability Company Classifying devices using a local proxy server
US20120216038A1 (en) * 2011-02-23 2012-08-23 Xuemin Chen Unified video delivery system for supporting ip video steaming service
US20150295763A1 (en) * 2012-11-12 2015-10-15 Zte Corporation Capability open platform, method and gateway for implementing PNP management of terminal device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004356855A (en) * 2003-05-28 2004-12-16 Tdk Corp Wireless network system
US7778193B2 (en) * 2004-06-07 2010-08-17 Nippon Telegraph And Telephone Corporation Residential network setting method, home gateway apparatus, home gateway program, and recording medium
JP2009065275A (en) * 2007-09-04 2009-03-26 Intec Netcore Inc Utilization service selection of terminal
JP4932918B2 (en) * 2010-01-21 2012-05-16 株式会社バッファロー Connection setting device, connection setting method and program thereof
JP2011155462A (en) * 2010-01-27 2011-08-11 Nakayo Telecommun Inc Relay apparatus having connection terminal identification function
JP5943860B2 (en) * 2013-02-28 2016-07-05 株式会社Kddi研究所 Device device setting method in gateway device, device device setting system, and device device setting program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003348116A (en) * 2002-05-28 2003-12-05 Hitachi Ltd Address automatic setting system for in-home network
US7337219B1 (en) * 2003-05-30 2008-02-26 Aol Llc, A Delaware Limited Liability Company Classifying devices using a local proxy server
JP2007053703A (en) * 2005-08-19 2007-03-01 Matsushita Electric Works Ltd Filtering device
US20120216038A1 (en) * 2011-02-23 2012-08-23 Xuemin Chen Unified video delivery system for supporting ip video steaming service
US20150295763A1 (en) * 2012-11-12 2015-10-15 Zte Corporation Capability open platform, method and gateway for implementing PNP management of terminal device

Also Published As

Publication number Publication date
JP2017085323A (en) 2017-05-18
JP6766337B2 (en) 2020-10-14

Similar Documents

Publication Publication Date Title
US11050713B2 (en) Firewall configured with dynamic membership sets representing machine attributes
US7516211B1 (en) Methods and apparatus to configure a communication port
EP2518940B1 (en) Automatic network topology detection and modeling
US7590733B2 (en) Dynamic address assignment for access control on DHCP networks
US9100298B2 (en) Host visibility as a network service
EP3370371A1 (en) System and method for identifying wireless terminal type in router network bridge mode
EP2947907B1 (en) Startup configuration method in base station, base station and server
US8605582B2 (en) IP network system and its access control method, IP address distributing device, and IP address distributing method
US8725852B1 (en) Dynamic network action based on DHCP notification
US20200128056A1 (en) Managing content casting
US10285038B2 (en) Method and system for discovering user equipment in a network
JP2008504776A (en) Method and system for dynamic device address management
US10033734B2 (en) Apparatus management system, apparatus management method, and program
US20080177868A1 (en) Address Provisioning
US20080183848A1 (en) Parameter Provisioning
CN104618522B (en) The method and Ethernet access equipment that IP address of terminal automatically updates
US9118588B2 (en) Virtual console-port management
US20100318633A1 (en) Dynamic Time Weighted Network Identification and Fingerprinting for IP Based Networks Based on Collection
WO2017073030A1 (en) Gateway device, communication control method, communication control system, and program storage medium
CN106534290B (en) Self-adaptive maintenance method and device for IP address of maintained equipment
US11134099B2 (en) Threat response in a multi-router environment
US10050929B2 (en) Connection setting information managing system
JP2015154322A (en) Control device for firewall apparatus, and program
KR102092015B1 (en) Method, apparatus and computer program for recognizing network equipment in a software defined network
Dimitrov System for monitoring of the university computer network performance

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16859268

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16859268

Country of ref document: EP

Kind code of ref document: A1