JP2005227824A - Apparatus and method for equipment monitoring control - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a apparatus and method for equipment monitoring control for monitoring and/or controlling equipment with electronic mail, the apparatus and method for equipment monitoring control for coping with a service interruption attack. <P>SOLUTION: The equipment monitoring control apparatus 11 which monitors and/or controls one or more instruments by sending and receiving electronic mail for monitoring and control through a mail server 13 for monitoring and control which manages transmission and reception of the electronic mail for monitoring and control including monitoring information regarding operation states of the instruments 12 and/or control information regarding the operation states of the instruments 12 acquires the number of pieces of electronic mail from the mail server 13 for monitoring and control at prescribed time intervals and deletes all electronic mail stored in the mail server 13 for monitoring and control when the acquired number of pieces of electronic mail exceeds a preset upper limit value. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a device monitoring control device and a device monitoring control method for monitoring and / or controlling a target device by electronic mail transmitted and received from a terminal device, and in particular, a device monitoring control device and device monitoring control capable of coping with a service denial attack. Regarding the method.

  2. Description of the Related Art Conventionally, there is known a device monitoring control system including devices such as lighting equipment and air conditioning equipment, and a device monitoring control device that is connected to these devices and centrally monitors and / or controls the operation state of these devices. ing. In recent years, with the progress of communication technology represented by the Internet, control information for controlling the operation state of the device from the terminal device connectable to the Internet to the device monitoring control device is sent by e-mail (hereinafter referred to as “E-mail”). For example, Patent Document 1 discloses that transmission is performed using the device monitoring control device, and monitoring information related to the operation state of the device is received from the device monitoring control device using e-mail.

FIG. 12 is a diagram showing the configuration of the remote control system described in Patent Document 1. As shown in FIG. In FIG. 12, Patent Document 1 discloses a terminal device 310 having an electronic mail transmission / reception function, a host device 320 connected to the terminal device 310 via a communication network 300, and a plurality of devices connected to the host device 320. A monitoring device (substantially corresponding to the above-described device monitoring control device) 350 that monitors the operation state of the control device 360, and is monitored by the monitoring device 350 based on an operation control mail transmitted from the terminal device 310. A remote control system for controlling the operating states of a plurality of controlled devices 360 is disclosed.
JP 2003-018666 A

  By the way, the terminal device and the device monitoring control device are normally connected so as to be communicable with each other by an open network represented by the Internet. Along with such a situation, a device connected to a network is susceptible to a denial-of-service attack that interferes with a service provided by the device, such as a so-called DoS (Denial of Service) attack that sends a large number of IP packets or unauthorized access. Is in a state.

  Therefore, an e-mail irrelevant to the device monitoring control device such as so-called advertising e-mail is sent to the monitoring / control mail server which is a mail server that manages the transmission / reception of the monitoring / control e-mail describing the monitoring information and control information. May be sent in large quantities. Alternatively, an email whose size is excessively large compared to the processing capability of the device monitoring control device, for example, several mega sizes, may be transmitted. In such a case, the device monitoring and control apparatus according to the background art takes in the received e-mails to the monitoring / control mail server and executes the processing in order, so that monitoring and / or control of the devices by e-mail is delayed. Resulting in.

  In addition, a malicious third party may intentionally send the monitoring / control email to the monitoring / control mail server. In such a case, the device monitoring and control apparatus according to the background art also executes such a fake monitoring / control e-mail because it simply fetches the e-mail from the monitoring / control mail server and executes the process. There was a possibility.

  The present invention has been made in view of the above-described circumstances, and provides a device monitoring control device and a device monitoring control method that improve monitoring and / or control responsiveness and improve security over the background art. The purpose is to provide.

  Note that an email that interferes with the original operation of the device monitoring control device, such as an email irrelevant to the device monitoring control device described above or a fake monitoring / control email, is referred to as an attack email.

  The present invention provides a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of a device and / or control information for controlling the operating state of the device. The invention relates to a device monitoring control apparatus and method for monitoring and / or controlling one or more devices by transmitting and receiving control e-mails, and has the following features.

  That is, in order to achieve the above object, the first means acquires the number of e-mails from the monitoring / control mail server at a predetermined time interval in the above-mentioned device monitoring control apparatus, and the acquired electronic When the number of mails exceeds a preset upper limit value, a first mail processing unit is provided that deletes all electronic mails stored in the monitoring / control mail server.

  In the second means, in the device monitoring control apparatus according to the first means described above, a user information storage unit 123 for storing a user information list for registering an e-mail address of a user who uses the device monitoring control apparatus. The first mail processing unit further includes a deletion execution notification for notifying that all the e-mails have been deleted when all the e-mails stored in the monitoring / control mail server are deleted. An e-mail is created for all e-mail addresses registered in the user information list, and the created all-delete execution notification e-mail is transmitted.

  One mode of attack email is to send a large amount of email in a short time. In the device monitoring control apparatus having the above-described configuration, the first mail processing unit checks the number of e-mails stored in the monitoring / control mail server, so that the e-mail stored in the monitoring / control mail server. Can be inferred whether or not the email is an attack email, and the attack email can be deleted from the monitoring / control email server. In the device monitoring and control apparatus having the configuration according to the second means, when the e-mail is deleted from the monitoring / control mail server, the user is notified that the e-mail has been deleted. If the user has sent a monitoring / control email, the user can be prompted to resend.

  In the third means, in the above-described device monitoring control apparatus, the size of the electronic mail is acquired from the monitoring / control mail server, and the size of the acquired electronic mail exceeds a preset upper limit value. Or a second mail processing unit for deleting the e-mail from the monitoring / control mail server when the size of the acquired e-mail is smaller than a preset lower limit value.

  One form of attack email is to send a relatively large size email. In the device monitoring control device having the above-described configuration, the second mail processing unit checks the size of the email stored in the monitoring / control mail server, so the email stored in the monitoring / control mail server. Can be inferred whether or not the email is an attack email, and the attack email can be deleted from the monitoring / control mail server.

  Further, in the fourth means, in the above-mentioned device monitoring control apparatus, a header information storage unit that stores in advance header information described in a header in the case of the monitoring / control email, and the monitoring / control email When an e-mail is acquired from a server and the header information described in the header of the acquired e-mail does not match the header information stored in the header information storage unit, the e-mail is monitored and controlled. And a third mail processing unit to be deleted from the mail server.

  The fifth means includes a format information storage unit that stores in advance information on the format of the text in the case of the monitoring / control email, and the monitoring / control mail server. If an e-mail is acquired and the format of the text in the acquired e-mail does not match the information on the format of the text stored in the format information storage unit, the e-mail is sent to the monitoring / control mail server And a fourth mail processing unit to be deleted.

  The sixth means further includes a password storage unit for storing a password list for registering a password of a user who uses the device monitoring control device in association with the user in the device monitoring control device described above. When an email is acquired from the control mail server, and the password in the acquired email does not match the password stored in the password storage unit, the email is deleted from the monitoring / control mail server The fifth mail processing unit is provided.

  In the seventh means, in the device monitoring control apparatus according to the sixth means described above, the fifth mail processing unit further deletes the electronic mail stored in the monitoring / control mail server. A deletion execution notification e-mail for notifying that the e-mail has been deleted is generated to the e-mail address of the transmission source in the e-mail, and the generated deletion execution notification e-mail is transmitted. .

  One aspect of the attack e-mail is that a third party who does not have proper use authority for the device monitoring control apparatus tries to use it illegally. In the device monitoring control apparatus having the configuration according to the fourth means, the third mail processing unit checks the header information of the email. In the device monitoring control apparatus having the configuration according to the fifth means, the fourth mail processing unit checks the format of the text of the email. In the device monitoring control apparatus having the configuration according to the sixth means, the fifth mail processing unit checks the password of the email. Since each of these checks is performed, each device monitoring control device can determine whether the email received from the monitoring / control mail server is an attack email or not. The attack email can be deleted from the control mail server.

  In the device monitoring and control apparatus having the configuration according to the seventh means, when the e-mail is deleted from the monitoring / control mail server, the user is notified that the e-mail has been deleted. If the user has sent a monitoring / control email, the user can be prompted to resend.

  The eighth means further comprises a password storage unit for storing a password list for registering a password of a user who uses the device monitoring control device in association with the user in the device monitoring control device described above. When an e-mail is acquired from the control mail server and the password in the acquired e-mail matches the password stored in the password storage unit 125, a new password is created, and the generated new password The password list is updated at the same time, a password notification email for notifying the created new password is created to the email address of the sender in the acquired email, and the created password notification email is sent A sixth mail processing unit is provided.

  In the device monitoring control device having such a configuration, when the sixth mail processing unit checks and authenticates the password of the email, the password is updated, so that even if the password is stolen, the spread of damage is suppressed. be able to.

  Further, in the ninth means, in the above-described device monitoring control apparatus, an electronic mail is received from the monitoring / control mail server, and the one or more devices are monitored and / or controlled based on the received electronic mail. The control unit includes at least one mail processing unit among the first to sixth mail processing units according to the first to eighth aspects.

  In the tenth means, in the device monitoring control method described above, a step of obtaining the number of emails from the monitoring / controlling mail server at a predetermined time interval, and the number of emails obtained in the step are determined in advance. And a step of deleting all electronic mails stored in the monitoring / control mail server when the set upper limit value is exceeded.

  In the device monitoring control device and the device monitoring control method having such a configuration, it is possible to infer whether the email of the monitoring / control mail server is an attack email or not, and the monitoring / control mail server can efficiently You can delete attack emails. For this reason, compared with background art, responsiveness can be improved and security can be improved.

Embodiments according to the present invention will be described below with reference to the drawings. In addition, the structure which attached | subjected the same code | symbol in each figure shows that it is the same structure, The description is abbreviate | omitted.
(Configuration of the embodiment)
FIG. 1 is a diagram illustrating a configuration of a device monitoring control system according to the embodiment. FIG. 2 is a diagram illustrating a configuration of the device monitoring control apparatus according to the present embodiment. FIG. 3 is a diagram showing a monitoring / control command list according to the present embodiment. FIG. 4 is a diagram showing a user information list according to the present embodiment. FIG. 5 is a diagram showing a password list according to the present embodiment. FIG. 6 is a diagram showing a monitoring / control email screen. 6A shows a monitoring / control email in the case of a control request, and FIG. 6B shows a monitoring / control email for notification of a control result.

  In FIG. 1, a device monitoring control system 1 monitors and / or controls one or more devices 12 (in this embodiment, a plurality of devices 12-a, devices 12-b,..., Devices 12-n). The device monitoring control device 11, the monitoring / control mail server 13, and one or a plurality of terminal devices 14 (in this embodiment, the terminal device 14-1, the terminal device 14-2, and the terminal device 14-3) are configured. The device monitoring control device 11 is connected to the monitoring / control mail server 13 and the terminal device 14 via the router device 16 and the network 15 so that they can communicate with each other.

  The terminal device 14 obtains the operation state of the device 12 and controls the operation state of the device 12. The terminal device 14 includes monitoring information regarding the operation state of the device 12 and / or control information for controlling the operation state of the device 12. This is a device having a function of transmitting / receiving the monitoring / control email to / from the monitoring / control mail server 13 via the network 15 in order to transmit / receive the control email to / from the device monitoring control device 11. The terminal device 14 is, for example, a mobile communication terminal (for example, a mobile phone), a PDA (Personal Digital Assistants), a portable personal computer and a disk having such a function by software such as a mailer or hardware such as a communication interface. Top computer etc.

  For example, as shown in FIG. 6A, the monitoring / control email 60 when a monitoring request or a control request is made includes “control request mail” in the “subject” and the first line in the “text”. “Password 1234” 601 is described as the password, and “illumination ON” 602 that is the control content is described in the second line. Further, the monitoring / control email 61 for notifying the monitoring result or the control result, for example, as shown in FIG. 6B, “control result mail” is described in “subject”, and “text” “Password 4321” 611 which is a new password, which will be described later, is described in the first line, and “illumination ON” 612 which is a control result is described in the second line.

  The monitoring / control mail server 13 is a mail server that manages transmission / reception of monitoring / control emails from the terminal device 14 and monitoring / control emails from the device monitoring control device 11. In this embodiment, the monitoring / control mail server 13 includes a POP3 mail server that manages reception of e-mails using POP3 (Post Office Protocol ver. 3) as a communication protocol, and an SMTP (Simple Mail Transfer Protocol) as a communication protocol. ) And an SMTP mail server that manages the transmission of e-mails.

  The network 15 is a transmission path such as a telephone network, a digital communication network, and a wireless communication network, for example, and data is transmitted using a predetermined communication protocol. For example, the network 15 uses the Internet protocol such as HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), SMTP, POP3, and TCP / IP (Transmission Control Protocol / Internet Protocol) as a communication protocol. To do. The router device 16 is a device that connects the network 15 and the device monitoring control device 11 so that they can communicate with each other, and routes a communication signal to a communication destination corresponding to the destination based on a routing table.

  The device monitoring control device 11 is a device that monitors and / or controls one or more devices by transmitting / receiving monitoring / control emails via the monitoring / control mail server 13. For example, as shown in FIG. 2, the device monitoring control apparatus 11 includes a control unit 101, a storage unit 102, a communication interface unit (hereinafter abbreviated as “communication I / F unit”) 103, a device monitoring / monitoring unit. And a control unit 104.

  The communication I / F unit 103 is a circuit for performing communication with the network 15, generates a communication signal according to the communication protocol of the network 15 from the data from the control unit 101, and controls the communication signal from the network 15. 101 converts the data into a format that can be processed.

  The device monitoring / control unit 104 controls the operating state of the connected device based on the output from the monitoring / control processing unit 112 of the control unit 101, and checks and monitors the operating state of the connected device. The data is output to the processing unit 112. The device monitoring / control unit 104 includes, for example, a switch such as a relay, and controls on / off of the device by controlling on / off of the switch connected to the switch, and changes the state of the switch. The device monitoring / control unit 104 includes a communication interface based on a communication method such as power line communication or Ethernet (registered trademark), for example, for monitoring the operation state of the device by referring to the communication interface. You may control and / or acquire the operation state of an apparatus by transmitting / receiving a communication signal with respect to the apparatus connected.

  The control unit 101 includes, for example, a microprocessor, and includes a mail processing unit 111 that processes monitoring / control emails transmitted / received via the communication I / F unit 103 and the network 15, and a monitoring / control E. A monitoring / control processing unit 112 that monitors and / or controls the device 12 based on the mail is provided, and the control unit 101 uses the storage unit 102, the communication I / F unit 103, and the device monitoring / control unit 104 as the functions. Each is controlled by the program accordingly.

  The storage unit 102 is, for example, a volatile memory element such as a RAM (Random Access Memory), a rewritable nonvolatile memory element such as an EEPROM (Electrically Erasable Programmable Read Only Memory), and a nonvolatile memory such as a ROM (Read Only Memory). It comprises a semiconductor storage element such as a storage element, and includes a user name / password storage unit 121, a monitoring / control command storage unit 122, a user information storage unit 123, a transmission email storage unit 124, a password storage unit 125, and an appropriate size E. Each program (not shown), such as a program for operating the device monitoring control device 11, configured with the mail list storage unit 126, data during execution of each program (not shown), and data after execution of each program (Not shown) and the like are stored.

  The user name / password storage unit 121 stores a user name and a password necessary for the device monitoring control device to log in to the monitoring / control mail server 13.

  The monitoring / control command storage unit 122 can be described in the text of the monitoring / control email, and is a character string of a command for performing monitoring and a command for performing control used by the device monitoring control device 11. The monitoring / control command list in which the character string is registered is stored. For example, as shown in FIG. 3, in the monitoring / control command list 30, character strings of names of devices to be monitored / controlled such as “lighting”, “air conditioner”, “ventilation fan”, and “electric lock” are registered, Character strings of commands that require control such as “ON” and “OFF” are registered, and character strings of commands that require monitoring such as “temperature?” And “state?” Are registered.

  The user information storage unit 123 stores a user information list in which user information related to users who use the device monitoring control device 11 is registered. For example, as shown in FIG. 4, at least the user's email address is registered in the user information list 40.

  The transmission e-mail storage unit 124 is a buffer that temporarily stores e-mails that the device monitoring control device 11 should transmit to the monitoring / control mail server 13.

  The password storage unit 125 stores a password list for registering passwords assigned to each user. For example, as shown in FIG. 5, at least an email address of a user name and a password are registered in the password list 50 in association with each other.

  The appropriate size e-mail list storage unit 126 stores an appropriate size e-mail list in which e-mail numbers of e-mails that have been determined to be appropriate by the process described below are registered with sequential numbers starting from 1. Remember.

  The user information list stores a user identifier (for example, user name) for identifying the user in association with the user's e-mail address, and the password list stores the user identifier in association with the password. You may comprise.

  Returning to FIG. 1, the device 12 is a device that is monitored and / or controlled by the device monitoring control device 11 and operates using electricity as an energy source. For example, an office environment or a dwelling environment such as a lighting fixture or an air conditioner. Adjusting device, adjusting camera, dwelling equipment such as intercom, housing information panel and electric lock device, security sensor, fire sensor, gas leak sensor and humidity sensor (detector), wattmeter, gas meter and quantity water Measuring instruments such as measuring instruments, televisions, video tape recorders, DVD recorders, hard disk recorders, washing machines and other household appliances, computers and other information processing equipment, telephones and facsimile machines and other communication equipment, pulse meters, thermometers, blood oxygen Medical devices such as densitometers and electrocardiographs, and switches for making emergency calls. One or more devices 12 are installed in the building and connected to the device monitoring control device 11. The building is, for example, a detached house, an apartment house, an office building, a warehouse, a factory, or the like.

Next, the operation of this embodiment will be described.
(Operation of the embodiment)
The device monitoring control apparatus 11 according to the present embodiment periodically accesses the monitoring / control mail server 13 at predetermined time intervals, and executes the following processing to determine whether the monitoring / control email is an attack. It judges whether it is an e-mail, eliminates an attack e-mail, acquires a monitoring / control e-mail, and monitors and / or controls the device. Details will be described below.

  FIG. 7 is a flowchart (part 1) illustrating the operation of the device monitoring control apparatus according to the embodiment. FIG. 8 is a flowchart (part 2) illustrating the operation of the device monitoring control apparatus according to the embodiment. FIG. 9 is a flowchart (part 3) illustrating the operation of the device monitoring control apparatus according to the embodiment. FIG. 10 is a diagram showing a list of e-mails. FIG. 11 is a diagram showing an appropriate size e-mail list and an e-mail list.

  When a predetermined time has elapsed since the previous processing was executed, the mail processing unit 111 performs initialization such as setting the size check pointer and the authenticity check pointer to 1, and the transmission email storage unit 124 Various initializations such as initialization such as clearing the appropriate size e-mail list storage unit 126 are performed (S11). Then, the mail processing unit 111 accesses the monitoring / control mail server 13 and uses the user name and password stored in the user name / password storage unit 121 to authenticate the mailbox in the device monitoring control device 11. Is obtained from the monitoring / control mail server 13 (S12). The predetermined time is determined according to the specifications of the device monitoring control device 11. If the predetermined time is set to a relatively short time such as 30 seconds, 1 minute, 2 minutes, or the like, the user can This is preferable because the responsiveness of monitoring and / or controlling the device 12 via the monitoring / control mail server 13 and the device monitoring control device 11 is improved.

  If the authentication fails (No), the mail processing unit 111 terminates the process and executes a later-described process S37 in order to wait until the next execution time. On the other hand, if the authentication is successful (Yes), the monitoring control terminal device 11 is logged in to the monitoring / control mail server 13, and the mail processing unit 111 monitors, for example, by transmitting a “STAT” command of POP3. The number of stored emails (that is, the number of received emails) is acquired from the control mail server 13 (S13). As is well known, the “STAT” command is a command for confirming the total number and the total size of e-mails stored in the mail server.

  Next, the mail processing unit 111 determines whether the number of received emails is 0 (S14). If the number of received emails is 0 as a result of the determination (Yes), there is no email to be processed, and the email processing unit 111 executes processing S35 described later. On the other hand, if the number of received emails is not 0 as a result of the determination (No), the mail processing unit 111 determines whether the number of received emails exceeds the maximum number of items (S15). Since an attack e-mail may be sent in a large number of e-mails in a short time, it can be determined whether or not it is an attack e-mail by checking the number of received e-mails in this way.

  The upper limit of the number of cases is a threshold for inferring whether or not the e-mail stored in the monitoring / control mail server 13 is an attack e-mail, and is empirically determined by experiments, statistics, or the like according to the purpose of this inference. To be determined. For example, when the above-mentioned predetermined time, which is the execution interval of this processing (processing S11 to processing 37), is relatively short, it is considered that the number of emails accumulated in the monitoring / controlling mail server 13 during that time is small. Therefore, the upper limit of the number of cases is set to a relatively small numerical value such as 5, 10 or 15, and conversely, when this predetermined time is relatively long such as 5 minutes, 7 minutes or 10 minutes, Since the number of emails stored in the monitoring / controlling mail server 13 during this period is considered to be large, the upper limit value of the number of emails is set to a relatively large value such as 25, 30 or 35, for example. In addition, for example, when the number of users using the device monitoring control device 11 is relatively small, it is considered that there are few monitoring / control emails transmitted from the user, so the upper limit number of cases is set to a relatively small number. On the contrary, when the number of users using the device monitoring control device 11 is relatively large, it is considered that the number of monitoring / control emails transmitted from the user increases. Set to In the present embodiment, considering various balances, for example, the predetermined time is set to 1 minute, and the upper limit number of cases is set to 10. The upper limit value of the number of cases is stored in advance in the device monitoring control device 11.

  As a result of the determination, if the number of received emails does not exceed the maximum number of emails (No), the email processing unit 111 executes processing S18. On the other hand, as a result of the determination, if the number of received emails exceeds the maximum number of emails (Yes), the mail processing unit 111 repeats, for example, the “DELE” command of POP3 by the number of received emails acquired in step S13. By transmitting, all the emails stored in the monitoring / controlling mail server 13 are deleted (S16). As is well known, the “DELE” command is a command for deleting an e-mail with a specified number in the format of DELE [E-mail number].

  Next, the mail processing unit 111 refers to the user information list 40 stored in the user information storage unit 123, and is an e-mail addressed to all users who use the device monitoring control device 11. Create all deletion execution notification emails informing that all the emails have been deleted from the control mail server 13, and store the created deletion execution notification emails in the transmission email storage unit 124 (S17). Then, the mail processing unit 111 executes process S35. When the number of received emails exceeds the maximum number of emails, all emails stored in the monitoring / control mail server 13 are deleted. Therefore, some of the deleted emails are monitored / controlled. There may have been an email for use. For this reason, all deletion execution notification emails are sent to all users in step S36, which will be described later, so that all users can recognize that the monitoring / control email has been deleted. It is possible to prompt the user who transmitted the control e-mail to resend the monitoring / control e-mail.

  In the process S 18, the mail processing unit 111 acquires a list of emails stored in the monitoring / control mail server 13 from the monitoring / control mail server 13 by transmitting “LIST” of POP 3. As is well known, the “LIST” command is a command for acquiring from the POP3 mail server a list of emails stored in the mailbox corresponding to the client that transmitted the “LIST” command. The e-mail list is a list in which e-mail numbers and e-mail sizes (data sizes) are described in octet units (1 octet = 1 byte) as shown in FIG. 10, for example.

  Next, the mail processing unit 111 determines whether or not the size of the email in the email list whose email number is the size check pointer is smaller than the size upper limit and larger than the size lower limit. Is determined (S19). The characters that can be described in the text of the monitoring / control email in this embodiment are limited as shown in the monitoring / control command list 30, for example. For this reason, although there are some lengths depending on the specific contents of monitoring / control and the contents of the header information, the size of the monitoring / control email is within a certain range. Therefore, by checking the size of the e-mail, it can be determined whether the e-mail is a monitoring / control e-mail. As the size upper limit value and the size lower limit value, numerical values that specify the certain range are assigned.

  As a result of the determination, when the size of the e-mail is equal to or larger than the size upper limit value or smaller than the size lower limit value (No), the mail processing unit 111 designates the size inspection pointer as the e-mail number. By transmitting the “DELE” command, the e-mail whose size is equal to or larger than the size upper limit value or smaller than the size lower limit value is deleted from the monitoring / control mail server 13 (S20).

  Next, the mail processing unit 111 determines whether there is an e-mail whose size is uninspected in the e-mail list (S21). If the result of the determination is that there is an email in the email list (Yes), the email processing unit 111 increments the size check pointer by 1 (S22), and returns the processing to step S19. On the other hand, as a result of the determination in step S21, when there is no e-mail in the e-mail list (No), the mail processing unit 111 executes the process S24.

  If the size of the e-mail is smaller than the size upper limit value and larger than the size lower limit value (Yes) as a result of the determination in step S19, the mail processing unit 111 sets the size check pointer to an appropriate size e-mail. It registers in the list (S23) and executes processing 21.

  By operating as in steps S19 to S23, the size of each email in the email list is checked, and the size of the email is greater than or equal to the size upper limit value or less than the size lower limit value. The e-mail (e-mail of an inappropriate size) is deleted from the monitoring / control mail server 13, while the e-mail having an e-mail size smaller than the size upper limit and larger than the size lower limit (equivalent size e-mail). E-mail) is registered in the appropriate size e-mail list. For this reason, an inappropriate size e-mail is excluded, and the processing subsequent to step S24 is executed only for the appropriate size e-mail.

  More specifically, for example, when the size upper limit value is 600 octets and the size lower limit value is 500 octets, as a result of executing step S18, the e-mail list shown in FIG. 11B is obtained. Then, the e-mail numbers “1”, “4”, and “6” in the e-mail list are smaller than the size upper limit value and larger than the size lower limit value. By executing, serial numbers starting from 1 are added and registered in the appropriate size e-mail list as shown in FIG.

  Next, the mail processing unit 111 extracts an email number having a true / false check pointer as a serial number from the appropriate size email list, designates the extracted email number, and transmits a “RETR” command of POP3. As a result, the e-mail is acquired from the monitoring / control mail server 13 (S24). As is well known, the “RETR” command is a command for acquiring a specified e-mail including its header information in the format of RETR [E-mail number].

  Next, the mail processing unit 111 checks header information in the acquired email (S25). Since the header information includes information for determining whether the email is a monitoring / control email, the header information is checked to determine whether the email is a monitoring / control email or an attack email. Can be discriminated.

  The header information is checked by, for example, detecting the value of the from field of the header information and searching whether the detected value is in the user information list 40 stored in the user information storage unit 123. . Since the sender's e-mail address is described in the from field of the header information, if the detected value is in the user information list 40, the user who has the right to use the device monitoring control device 11 properly As a result of determining that the e-mail for monitoring / control is transmitted from, the header information is determined to be appropriate. On the other hand, if the detected value is not included in the user information, the header information is inappropriate as a result of inferring that the attack email is transmitted from a user who intends to illegally use the device monitoring control device 11. To be judged.

  The search for whether or not the value of the from field of the header information is in the user information list 40 may be performed by collating all character strings, but the e-mail address registered in the user information list 40 If the number of emails is large, the verification process takes time, so it may be possible to match several characters from the beginning of the email address, for example, 8 characters or 10 characters. With this configuration, the verification processing time can be shortened.

  If the header information is not appropriate (inappropriate) as a result of the check, the mail processing unit 111 determines that the e-mail is not a monitoring / control e-mail and has a true / false check pointer in the serial number. By sending the “DELE” command by designating the e-mail number with the e-mail number, the e-mail whose header information is not appropriate is deleted from the monitoring / control mail server 13 (S26).

  Next, the mail processing unit 111 determines whether there is an unchecked email in the appropriate size email list (S27). If the result of the determination is that there is an email in the email list (Yes), the email processing unit 111 increments the authenticity check pointer by 1 (S28), and returns the processing to step S25. On the other hand, as a result of the determination in step S27, when there is no e-mail in the e-mail list (No), the mail processing unit 111 executes the process S35.

  On the other hand, if the header information is appropriate (appropriate) as a result of the determination in step S25, the mail processing unit 111 determines whether the text format in the E-mail is appropriate (S29). Since the format of the text in the monitoring / control email is specified, it is possible to discriminate whether the email is a monitoring / control email or an attack email by checking the format of the text.

  The text format is, for example, determining whether or not the character string described in the text is a character string registered in the monitoring / control command list 30 stored in the monitoring / control command storage unit 122. To do. When the character string of the text is registered in the monitoring / control command list 30, it is determined that the text is a monitoring / control email transmitted from a user who has authority to use the device monitoring control device 11. The text format is determined to be appropriate. On the other hand, when the text string of the text is not registered in the monitoring / control command list 30, it is determined that the attack email is transmitted from a user who intends to illegally use the device monitoring control device 11, The body format is determined to be inappropriate.

  As a result of the check, when the format of the body text is not appropriate (inappropriate), the mail processing unit 111 executes processing S26 in order to delete an e-mail with an inappropriate text format. On the other hand, as a result of the check, if the format of the body text is appropriate (appropriate), the mail processing unit 111 sends the password described in the email to the sender of the email stored in the password storage unit 125. It is determined whether or not it matches the corresponding password (S30).

  If the passwords do not match as a result of the determination (No), the mail processing unit 111 creates a password error e-mail notifying that the password is wrong to the sender of the e-mail, and the created deletion execution notification E The mail is stored in the transmission email storage unit 124 (S31). Then, the mail processing unit 111 executes a process S26 in order to delete the email with the wrong password from the monitoring / controlling server 13.

  On the other hand, as a result of the determination in step S30, if the passwords match (Yes), the mail processing unit 111 notifies the monitoring / control processing unit 112 of the content of the text described in the E-mail. The monitoring / control processing unit 112 monitors or controls the device via the device monitoring / control unit 104 based on the content of the notified text, and after the execution of the monitoring or control ends, the mail processing unit 111 is notified (S32). The monitoring / control processing unit 112 generates a signal for monitoring and / or controlling the device 12 from the description in the monitoring / control email, outputs the generated signal to the device monitoring / control unit 104, and also monitors the device monitoring / control. Based on the output from the control unit 104, the monitoring / control e-mail describing the control result and the monitoring result is created, so that it functions as a gateway.

  Next, upon receiving this notification, the mail processing unit 111 creates a new password by generating a random number, for example, for the sender of the e-mail (S33). For example, “password 4321” is created as a new password. Next, the mail processing unit 111 updates the sender password stored in the password storage unit 125 with the new password, and the mail processing unit 111 sends a password notification email for notifying the new password to the sender. The created password notification email is stored in the transmission email storage unit 124 (S34). Then, the mail processing unit 111 executes process S27. For example, as shown in FIG. 6B, this password notification e-mail may also be used as the monitoring / control e-mail 61 for notifying the monitoring result or the control result, and the new password created in step S33. The password is described as “password 4321” on the first line in the “text”. When monitoring and control are executed in this way, a new password is generated. Therefore, even if the password is stolen by a third party, the spread of damage caused by the password can be suppressed.

  If the above-mentioned header information check is a check of the value of the from field and the e-mail address of the user information list 40, and the check is a full character string, as in the above-described processing S34, the password A notification e-mail may be created for the sender of the e-mail, but if the verification is a few character strings from the beginning of the e-mail address, the header information is checked only with some matches. Therefore, if the e-mail is created for the sender, a password notification e-mail may be sent to a user who is not registered in the user information list 40. Therefore, a password notification e-mail is created for the e-mail address of the user information list 40 determined not to match the value of the from field in the e-mail but to the value of the from field in the e-mail.

  In step S35, the mail processing unit 111 logs out from the monitoring / control mail server 13 by transmitting the “QUIT” command of POP3, and ends the email reception process. As is well known, the “QUIT” command is a command for logging out from the POP3 server (in this embodiment, the monitoring / control mail server 13 corresponds), and the POP3 mail server receives this “QUIT” command. Then, the e-mail with the e-mail number designated by the “DELE” command is deleted from the e-mails stored in the mailbox.

  Next, the mail processing unit 111 transmits the email stored in the transmission email storage unit 124 to the monitoring / controlling mail server 13 by SMTP (S36). As a result, all deletion execution notification emails, deletion execution notification emails, and password notification emails are transmitted.

  Next, the mail processing unit 111 waits for the predetermined time described above (S37), and returns the process to the process S11.

  Since it operates in this way, the device monitoring control apparatus 11 according to the present embodiment can infer whether the email of the monitoring / control mail server 13 is an attack email or not, and the monitoring / control email An attack email can be efficiently deleted from the server 13. For this reason, compared with background art, responsiveness can be improved and security can be improved.

  In the above description, the device monitoring control apparatus 11 is configured to acquire the number of received emails from the monitoring / controlling mail server 13 by transmitting a “STAT” command in the process S13. A list of e-mails stored in the monitoring / control mail server 13 may be acquired by transmitting a “LIST” command. With this configuration, the process S18 can be omitted.

  In the above description, the header information is checked using the from field. For example, information on one or a plurality of mailers used by the terminal device 14 (mailer information) is stored in the storage unit 102 in advance. With this configuration, the header information check detects the value of the X-Mailer field of the header information and searches whether the detected value is in the mailer information stored in the storage unit 102. It may be done by. If the detected value is included in the mailer information, it is determined that the email is transmitted from a user who has the right to use the device monitoring control device 11 properly, and as a result, the header information is appropriate. To be judged. On the other hand, if the detected value is not in the mailer information, the header information is inappropriate as a result of inferring that the attack email is transmitted from a user who intends to illegally use the device monitoring control device 11. To be judged.

  For example, since the monitoring / control email is in text format, the header information is checked by detecting the value of the Content-Type field of the header information and determining whether the detected value is text. May be. In the case of text, the header information is determined to be appropriate as a result of determining that the e-mail is transmitted from a user who has a right to use the device monitoring control device 11 properly. On the other hand, if it is not text, the header information is determined to be inappropriate as a result of inferring that it is an attack e-mail transmitted from a user who intends to illegally use the device monitoring control device 11.

  Also, the header information check may be performed by combining two or more of the from field check, the X-Mailer field check, and the Content-Type field check from the viewpoint of improving security.

  Furthermore, the above-described text format check is performed based on whether or not the character string used in the text is registered in the monitoring / control command list. For example, the text format is defined in advance, It may be performed depending on whether or not it matches this format. The format of the text is defined as, for example, command = “character string of monitoring / control command” and parameter = “argument”.

It is a figure which shows the structure of the apparatus monitoring control system which concerns on embodiment. It is a figure which shows the structure of the apparatus monitoring control apparatus which concerns on this embodiment. It is a figure which shows the monitoring and control command list which concerns on this embodiment. It is a figure which shows the user information list which concerns on this embodiment. It is a figure which shows the password list which concerns on this embodiment. It is a figure which shows the screen of the monitoring / control email. It is a flowchart (the 1) which shows operation | movement of the apparatus monitoring control apparatus which concerns on embodiment. It is a flowchart (the 2) which shows operation | movement of the apparatus monitoring control apparatus which concerns on embodiment. It is a flowchart (the 3) which shows operation | movement of the apparatus monitoring control apparatus which concerns on embodiment. It is a figure which shows the list | wrist of an email. It is a figure which shows the list of an appropriate size E mail list | wrist and an email. 1 is a diagram illustrating a configuration of a remote control system described in Patent Literature 1. FIG.

Explanation of symbols

1 device monitoring control system 11 device monitoring control device 12 device 13 monitoring / control mail server 14 terminal device 30 monitoring / control command list 40 user information list 50 password list 101 control unit 102 storage unit 103 communication interface unit 104 device monitoring / control Unit 111 mail processing unit 112 monitoring / control processing unit 121 user name / password storage unit 122 monitoring / control command storage unit 123 user information storage unit 124 outgoing email storage unit 125 password storage unit 126 appropriate size email list storage unit

Claims (10)

Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control device that monitors and / or controls one or more devices by transmitting and receiving
When the number of e-mails is acquired from the monitoring / control mail server at a predetermined time interval and the acquired number of e-mails exceeds a preset upper limit value, the monitoring / control mail server A device monitoring control device comprising a first mail processing unit for deleting all electronic mails stored in the device. A user information storage unit that stores a user information list for registering an e-mail address of a user who uses the device monitoring control device;
The first mail processing unit further sends an all-delete execution notification e-mail for notifying that all e-mails have been deleted when all e-mails stored in the monitoring / control mail server are deleted. The device monitoring control device according to claim 1, wherein the device monitoring control device is created for all email addresses registered in the user information list and transmits the created all deletion execution notification email. Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control device that monitors and / or controls one or more devices by transmitting and receiving
The size of the email is acquired from the monitoring / control mail server, and the size of the acquired email exceeds a preset upper limit value, or the size of the acquired email is a preset lower limit A device monitoring control device comprising a second mail processing unit for deleting the electronic mail from the monitoring / control mail server when the value is smaller than the value. Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control device that monitors and / or controls one or more devices by transmitting and receiving
A header information storage unit that stores in advance header information described in the header when the monitoring / control email is,
When an e-mail is acquired from the monitoring / control mail server, and the header information described in the header of the acquired e-mail does not match the header information stored in the header information storage unit, the electronic A device monitoring control apparatus comprising a third mail processing unit for deleting mail from the monitoring / control mail server. Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control device that monitors and / or controls one or more devices by transmitting and receiving
A format information storage unit that pre-stores information related to the format of the text when it is the monitoring and control e-mail;
If the e-mail is acquired from the monitoring / control mail server, and the format of the text in the acquired e-mail does not match the information on the format of the text stored in the format information storage unit, the e-mail A device monitoring control apparatus comprising: a fourth mail processing unit that deletes the mail from the monitoring / control mail server. Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control device that monitors and / or controls one or more devices by transmitting and receiving
A password storage unit for storing a password list for registering the password of the user who uses the device monitoring control device in association with the user;
If the e-mail is acquired from the monitoring / control mail server, and the password in the acquired e-mail does not match the password stored in the password storage unit, the e-mail is changed to the monitoring / control mail. A device monitoring control device comprising a fifth mail processing unit to be deleted from the server. The fifth mail processing unit further sends a deletion execution notification e-mail for notifying that the e-mail has been deleted when the e-mail stored in the monitoring / control mail server is deleted. The device monitoring control device according to claim 6, wherein the device monitoring control device is created to the e-mail address of the transmission source in, and transmits the created deletion execution notification e-mail. Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control device that monitors and / or controls one or more devices by transmitting and receiving
A password storage unit for storing a password list for registering the password of the user who uses the device monitoring control device in association with the user;
When an e-mail is acquired from the monitoring / control mail server, and the password in the acquired e-mail matches the password stored in the password storage unit, a new password is created, and the new The password list is updated with a new password, and a password notification e-mail for notifying the created new password is generated to the e-mail address of the sender in the acquired e-mail, and the generated password notification e-mail is generated. A device monitoring control device comprising a sixth mail processing unit for transmission. Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control device that monitors and / or controls one or more devices by transmitting and receiving
A control unit that receives an e-mail from the monitoring / control mail server and monitors and / or controls the one or more devices based on the received e-mail;
The apparatus monitoring control device, wherein the control unit includes at least one mail processing unit among the first to sixth mail processing units according to the first to eighth aspects. Monitoring / control e-mail via a monitoring / control mail server that manages transmission / reception of monitoring / control e-mails that describe monitoring information relating to the operating state of the device and / or control information for controlling the operating state of the device In a device monitoring control method for monitoring and / or controlling one or more devices by transmitting and receiving
Obtaining the number of e-mails from the monitoring / control mail server at a predetermined time interval; and
A step of deleting all e-mails stored in the monitoring / control mail server when the number of e-mails acquired in the step exceeds a preset upper limit. To monitor and control equipment.

Images