JP2005260358A - Communication system and communication terminal for use therein, authentication information deleting method and program, and recording medium storing authentication information deleting program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication terminal capable of deleting information required for authentication stored in its own device and in a communication partner. <P>SOLUTION: A storage section 101 stores a management table 102 for managing authentication information of each communication terminal being used for judging whether a communication terminal being connected through a network is authorized or not. A delete instruction processing section 104 creates a delete instruction message being transmitted to other authorized communication terminal through a communicating section 106. When a delete instruction message is transmitted to other communication terminal, the delete instruction processing section 104 deletes authentication information of the source communication terminal of the destination of delete instruction message from the management table 102. When a delete instruction message transmitted from other communication terminal is received, the delete instruction processing section 104 deletes authentication information of the source communication terminal of delete instruction message from the management table 102. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a communication system that communicates with each other via a network and a communication terminal, a method, a program, and a recording medium that stores the program, and more specifically, a communication system that communicates using an authentication technique and the communication medium. The present invention relates to a communication terminal used, an authentication information deletion method, an authentication information deletion program, and a recording medium storing the authentication information deletion program.

  In recent years, home network systems have become widespread. In the home network system, communication terminals such as network-compatible home appliances and personal computers having communication functions communicate with each other. However, since a third party may intrude into the home network illegally, generally, each communication terminal transmits and receives messages using encryption and authentication technology.

An example of a home network system that prevents unauthorized intrusion by a third party is disclosed in Patent Document 1. In Patent Literature 1, a home appliance encrypts a message with a common encryption key and transmits the message to a communication partner. The common encryption key is authentication information for authenticating that the other party that transmits and receives a message is the correct communication partner. Each communication terminal has the same common key as the communication partner, and when there are a plurality of communication partners, the communication terminal has a different common encryption key for each communication partner. A message encrypted with the common encryption key cannot be decrypted unless it is decrypted with the same common encryption key. Therefore, it is possible to prevent eavesdropping and tampering of a message by a third party by performing communication using the common key encryption.
JP 2003-087238 A JP2003-114828 (5th page, FIG. 3) JP 2002-071143 A JP 2002-171205 A JP 2002-374308 A JP 2003-023424 A

  Here, home appliances connected to the home network may be discarded due to failure or replacement. When the home appliance is disposed of while the authentication information is stored, a third party may use the home appliance to illegally enter the home network. Therefore, it is necessary to delete the authentication information stored in the memory of the household appliance to be discarded.

  Patent Document 2 discloses a method for deleting authentication information. FIG. 18 is a block diagram showing a configuration of a conventional authentication information management system. In FIG. 18, the conventional authentication information management system includes a management device 30 and a communication terminal 31. The management device 30 and the communication terminal 31 are connected via a network so that they can communicate with each other. The communication terminal 31 includes a communication unit 301, a data processing unit 302, an input unit 303, a storage unit 304, an authentication unit 305, and a display unit 306.

  The management device 30 transmits a deletion request for instructing deletion of the authentication information to the communication terminal 31. In the communication terminal 31, the data processing unit 302 receives an erasure request via the communication unit 301. The erasure request is passed from the data processing unit 302 to the authentication unit 305. The authentication unit 305 authenticates whether the erasure request is a valid message.

  When it is authenticated that the deletion request is valid, the data processing unit 302 deletes the authentication data stored in the storage unit 304. As described above, the management device 30 that centrally manages authentication information of a communication terminal instructs a desired communication terminal to delete the authentication information. The communication terminal that has received the deletion instruction from the management apparatus 30 deletes the authentication information stored in the own apparatus. Accordingly, it is possible to prevent unauthorized authentication information from being read from a communication terminal that has left the user due to loss or the like.

  However, in a home network such as a home network, communication terminals may directly communicate with each other, such as peer-to-peer communication. Also, there is a case where there is no management device that centrally manages authentication information of each communication terminal on the network, and each communication terminal may communicate by managing authentication information. When discarding a connected communication terminal in a network system in which no management device exists, it is necessary to delete authentication information of the communication terminal discarded by the user himself / herself.

  When the communication terminal to be discarded has the authentication information deletion function, the user deletes the authentication information using the deletion function. On the other hand, if the communication terminal does not have a deletion function, the user must break the communication terminal and disable the communication terminal. Therefore, in either case, it takes time and effort to delete the authentication information.

  Furthermore, even if the authentication information of the communication terminal to be discarded is deleted, the authentication information stored in another communication terminal that is the communication partner of the communication terminal to be discarded cannot be deleted. In this case, as new communication terminals connected to the network are added, the amount of authentication information stored in the memory of each communication terminal increases. Accordingly, unnecessary information is accumulated, leading to a shortage of memory capacity.

  Therefore, an object of the present invention is a communication system in which communication terminals directly communicate with each other, and a communication system capable of deleting information necessary for authentication from each communication terminal at once, and a communication terminal used for the communication and authentication information A deletion method, an authentication information deletion program, and a recording medium for storing the authentication information deletion program are provided.

  The communication terminal of the present invention is a communication terminal that directly communicates with another authorized communication terminal via the network after determining whether the other communication terminal connected via the network is valid. A management table storage means for storing a management table for managing authentication information for each communication terminal used to determine whether or not a communication terminal connected via a network is valid; An authentication information deletion message creation / transmission means for creating an authentication information deletion message for deleting the authentication information stored in the other communication terminal and transmitting it to the other valid communication terminal; and a management table An authentication information deleting means for deleting the managed authentication information. When the authentication information deleting means transmits an authentication information deletion message to another communication terminal, the authentication information deleting means When the authentication information related to the communication terminal that is the destination of the information deletion message is deleted from the management table and an authentication information deletion message transmitted by another communication terminal is received, Delete from the management table.

  As a result, the authentication information stored in the communication terminal that no longer needs to be connected to the network can be deleted, and the authentication information can also be deleted from other communication terminals storing the authentication information related to the communication terminal. . Therefore, for example, even after the communication terminal is discarded, it is possible to prevent unauthorized access to the network using the communication terminal discarded by a third party. In addition, by deleting authentication information related to a communication terminal that is no longer required to be connected to the network from other communication terminals connected to the network, the storage device of the communication terminal connected to the network has the necessary authentication. Only information will be stored. Accordingly, it is possible to prevent the storage device from being short of capacity due to accumulation of unnecessary information.

  Preferably, the communication terminal may further include response message creation / transmission means for notifying the transmission source communication terminal that the authentication information has been deleted. Upon receipt of the authentication information deletion message transmitted by another communication terminal, the response message creation / transmission means creates a response message indicating that the authentication information has been deleted, and sends a response message to the communication terminal that has transmitted the authentication information deletion message. Send. At this time, when the authentication information deletion means transmits an authentication information deletion message to another communication terminal, after receiving a response message transmitted from the other communication terminal, the authentication information deletion means transmits the communication of the authentication information deletion message. Delete authentication information about the terminal from the management table.

  As a result, even if the destination communication terminal of the authentication information deletion message is not temporarily connected to the network or the power is temporarily turned off, the destination communication terminal reliably Authentication information can be deleted.

  Preferably, the communication terminal includes a display unit that displays that the deletion of the authentication information is completed when all the authentication information recorded in the management table is deleted. The display means may display that the deletion of the authentication information is completed by turning on the LED.

  As a result, the user can visually confirm that the deletion of the authentication information has been completed.

  Further, the communication terminal may further include a power-off means for turning off the power of the terminal itself instead of the display means when all the authentication information recorded in the management table is deleted.

  This eliminates the need for the communication terminal to include special display means for indicating that the deletion of authentication information has been completed.

  Preferably, the communication terminal further includes authentication information deletion instruction means for instructing generation of an authentication information deletion message to the authentication information deletion message preparation transmission means. For example, the authentication information deletion instruction means may be a switch.

  Thereby, the user can instruct the communication terminal that is no longer required to connect to the network to delete the authentication information.

  The authentication information deletion instruction means may instruct the authentication information deletion message creation transmission means to create an authentication information deletion message when the voltage decreases.

  As a result, the user does not need to perform complicated operations such as pressing a switch, and the authentication relationship can be canceled simply by turning off the communication terminal to be discarded or by removing the power plug from the outlet. .

  Preferably, an authentication value that is a value obtained by converting the message by a predetermined method is attached to the authentication information deletion message, and the communication terminal may further include an authentication unit. The authentication unit authenticates whether the received authentication information deletion message is transmitted from another valid communication terminal using the authentication value. The authentication information deletion unit manages authentication information related to the communication terminal that is the transmission source of the authentication information deletion message when the authentication unit determines that the authentication information deletion message has been transmitted from another valid communication terminal. Delete from the table. The response message may be transmitted with an authentication value attached.

  Accordingly, the communication terminal can determine whether or not the received message is valid.

  Further, the authentication information deletion message and the response message may be transmitted after being encrypted.

  As a result, it is possible to prevent message tapping and spoofing by a third party.

  Preferably, the communication terminal may delete the authentication information assigned to the own terminal when all the authentication information recorded in the management table is deleted.

  Thereby, it is possible to prevent an unauthorized message from being transmitted to another communication terminal using authentication information assigned to the communication terminal by a third party.

  In the present invention, a plurality of communication terminals are connected via a network, and each communication terminal determines whether or not the communication partner to be connected is valid, and then directly communicates with other communication terminals. And a communication terminal for managing the authentication information used for determining whether or not the communication terminal connected via the network is valid for each communication terminal. Management table storage means for storing a table, and an authentication information deletion message for deleting authentication information stored in another valid communication terminal, and authentication transmitted to the other valid communication terminal An information deletion message creation / transmission unit, and an authentication information deletion unit for deleting the authentication information managed in the management table. The authentication information deletion unit deletes the authentication information from another communication terminal. When the message is transmitted, the authentication information regarding the communication terminal that is the transmission destination of the authentication information deletion message is deleted from the management table. When the authentication information deletion message transmitted by another communication terminal is received, the authentication information deletion message is transmitted. Delete authentication information about the original communication terminal from the management table.

  In the present invention, a plurality of communication terminals are connected via a network, and each communication terminal determines whether or not the communication partner to be connected is valid, and then directly communicates with other communication terminals. In a communication system for performing authentication, a method for deleting authentication information necessary for determination registered in each communication terminal, wherein a communication terminal desiring to delete authentication information is registered in another communication terminal Creating an authentication information deletion message for deleting the authentication information of its own terminal and transmitting it to the other communication terminal, and the other communication terminal sending it from the communication terminal desiring to delete the authentication information. The authentication information message is received, the authentication information relating to the communication terminal that is the transmission source of the authentication information message is deleted, and the communication terminal that desires to delete the authentication information is registered in the own terminal. And a step of deleting the authentication information on another communication terminal are.

  In addition, the present invention determines whether another communication terminal connected via the network is valid or not, and then registers it with a communication terminal that directly communicates with another valid communication terminal via the network. Is a method for deleting authentication information necessary for determination, and a communication terminal creates an authentication information deletion message for deleting authentication information stored in another valid communication terminal, When the communication terminal transmits the authentication information deletion message and the step of transmitting to the other valid communication terminal, the communication terminal deletes the authentication information regarding the communication terminal that is the transmission destination of the authentication information deletion message from its own terminal. When the communication terminal receives the step and the authentication information deletion message, the communication terminal deletes the authentication information related to the communication terminal that is the transmission source of the authentication information deletion message from its own terminal. And a step.

  Further, the present invention, after determining whether or not the other communication terminal connected via the network is valid, to the communication terminal that communicates directly with the other valid communication terminal via the network, A program for deleting authentication information necessary for judgment registered in its own device, and sending an authentication information deletion message to the communication terminal for deleting authentication information stored in another valid communication terminal When the communication terminal transmits the authentication information deletion message and the authentication information deletion message to the communication terminal, the authentication information about the communication terminal that is the transmission destination of the authentication information deletion message is sent to the communication terminal. When the authentication information deletion message is received and the authentication information deletion message is received, the authentication information related to the communication terminal that is the transmission source of the authentication information deletion message is sent to the communication terminal. And a step of al deleted.

  Further, the present invention, after determining whether or not the other communication terminal connected via the network is valid, to the communication terminal that communicates directly with the other valid communication terminal via the network, Deletion of authentication information for deleting authentication information stored in a legitimate other communication terminal, which is a recording medium recording a program for deleting authentication information necessary for judgment registered in its own device A step of causing a communication terminal to create a message and transmitting it to the other legitimate communication terminal; and when the communication terminal transmits an authentication information deletion message, authentication information about the communication terminal to which the authentication information deletion message is transmitted Step of causing a communication terminal to delete from its own terminal, and when receiving an authentication information deletion message, authentication information about the communication terminal that is the transmission source of the authentication information deletion message Stores a program and a step of deleting the communication terminal from the own terminal.

  According to the communication terminal according to the present invention, the authentication information stored in the communication terminal that is no longer required to be connected to the network is deleted, and authentication is also performed from other communication terminals storing authentication information related to the communication terminal. Information can be deleted. Therefore, for example, even after the communication terminal is discarded, it is possible to prevent unauthorized access to the network using the communication terminal discarded by a third party. In addition, by deleting authentication information related to a communication terminal that is no longer required to be connected to the network from other communication terminals connected to the network, the storage device of the communication terminal connected to the network has the necessary authentication. Only information will be stored. Accordingly, it is possible to prevent the storage device from being short of capacity due to accumulation of unnecessary information.

(First embodiment)
FIG. 1 is a block diagram showing a configuration of a communication system according to the first embodiment of the present invention. In FIG. 1, the communication system includes communication terminals 11a to 11c.

  The communication terminals 11a to 11c are connected to be communicable with each other via the network 9. The communication terminals 11a to 11c communicate directly without going through a server, for example, peer-to-peer communication. The network 9 is typically an IP network, but may be a network using a protocol other than IP. The transmission method of the network 9 is typically Ethernet (R) or wireless LAN, but may be other transmission methods such as PLC (Power Line Communication). In FIG. 1, three communication terminals 11a to 11c are connected to the network 9, but two or less communication terminals may be connected to the network 9, or four or more communication terminals. May be connected to the network 9.

  The communication terminals 11a to 11c have a communication function and transmit / receive data to / from each other. The communication terminals 11a to 11c are, for example, home appliances such as an air conditioner, a refrigerator, a microwave oven, and a water heater connected to the network in a home network system, or cooking appliances such as a coffee maker and a pot. The communication terminals 11a to 11c may be telephones, televisions, videos, or security devices used for security measures.

  When the communication terminals 11a to 11c are sent messages from other communication terminals connected to the network 9, the sent messages are sent from communication terminals that are legally connected to the network 9. It is determined whether or not. Hereinafter, the process of determining whether or not the sent message is sent from a valid communication terminal is referred to as an authentication process. The communication terminal that has sent the message and the communication terminal that receives the message and determines whether the message is from a valid communication terminal are said to be in an authentication relationship.

  Note that the communication terminal may confirm once whether or not it is in an authentication relationship with another communication terminal when it is first connected to the network 9, or may confirm periodically. Moreover, you may confirm for every communication message (IP packet etc.) transmitted / received.

  When the communication terminals 11a to 11c determine that the message is a message sent from a valid communication terminal by the authentication process, the communication terminals 11a to 11c execute a necessary process based on the message. On the other hand, if the communication terminals 11a to 11c determine that the message is a message transmitted from an unauthorized communication terminal in the authentication process, the communication terminals 11a to 11c discard the data.

  The authentication process used in the present embodiment may be any process as long as it can determine whether the data is sent from a valid communication terminal.

  For example, as a first method of authentication processing, there is a method using a message authentication code (MAC). In the first method, two communication devices in an authentication relationship have the same common key or keyed hash function. The two communication devices convert the message with a common key or a hash function with a key to obtain a message authentication code. The message authentication code is, for example, a part or all of the message encrypted with the common key, or the result of converting the message with a keyed hash function.

  When a common key is used, the first communication terminal on the message transmission side uses a value obtained by encrypting a predetermined part of the message with the common key possessed by the second communication terminal of the transmission destination as the message authentication code. . The first communication terminal attaches the message authentication code to the message and transmits it to the second communication terminal. The second communication terminal encrypts a predetermined part of the received message with the common key, and determines whether or not the encrypted value matches the message authentication code attached to the message. In this case, if the compared values match, it is determined that the message is from a valid communication terminal. Therefore, when using a common key, each communication terminal holds a common key used only with the communication terminal of the communication partner. FIG. 2A is a diagram illustrating a configuration of a table related to a common key held by each communication terminal when a common key is used. As shown in FIG. 2A, each communication terminal holds a common key used only with other communication terminals in association with the identifier and address of the other communication terminal.

In the case of using a hash function with a key, the first communication terminal on the message transmitting side converts the message to which the key is added with the hash function possessed by the second communication terminal at the transmission destination.
The hash function refers to a one-way function that converts a message into a constant length value and guarantees that the original message cannot be obtained from the constant length value. The first communication terminal on the message transmission side converts the message to which the key is added with a hash function, attaches the obtained value to the message as an authentication code, and transmits the message to the second communication terminal. The second communication terminal adds the key stored in the terminal itself to the sent message (excluding the authentication code part) and converts it using the hash function. If the value obtained after the conversion matches the value (authentication code) attached to the message, the second communication terminal determines that the message is from a valid communication terminal. Therefore, when using a keyed hash function, each communication terminal holds a hash function and its key that are common to the communication partner. FIG. 2B is a diagram illustrating a configuration of a table related to a keyed hash function held by each communication terminal when a hash function is used. As shown in FIG. 2B, each communication terminal holds a hash function and its key corresponding to the other communication terminal in association with the identifier and address of the other communication terminal.

  As a second method of authentication processing, there is a message authentication method using a digital signature. In the second method, two communication terminals having an authentication relationship have a secret key of the own terminal and a public key of the communication terminal of the other party. The first communication terminal on the message transmitting side encrypts the message using the secret key stored in its own terminal, and sends it to the second communication terminal. The second communication terminal decrypts the encrypted message with the public key of the first communication terminal. If the decryption is successful, it is determined that the message is from a valid communication terminal. Therefore, when using a digital signature, each communication terminal holds a secret key assigned to the terminal itself and a public key assigned to another communication terminal. FIG. 2C is a diagram illustrating a configuration of a table relating to a secret key and a public key held by each communication terminal when a digital signature is used. As shown in FIG. 2C, each communication terminal holds the public key of the other communication terminal in association with the identifier and address of the other communication terminal. The private key of the terminal is registered in a part of the table.

  As a third method of authentication processing, there is a message authentication method using a combination of a digital signature and a keyed hash function. In the fourth method, two communication terminals that are in an authentication relationship have their own secret key, the public key of the communication partner communication terminal, and the hash function and key used for the communication terminal of the communication partner. . The first communication terminal on the message transmission side uses a hash function stored in the terminal itself to attach a value (authentication code) obtained by converting the message to which the key is added to the message. Then, the first communication terminal encrypts the message using the secret key stored in the own terminal and sends it to the second communication terminal. At this time, for example, only a specific area of the message such as a value (authentication code) attached to the message may be encrypted. The second communication terminal decrypts the encrypted message with the public key of the first communication terminal. Then, the second communication terminal adds the key stored in its own terminal to the decrypted message (excluding the authentication code), converts it with a hash function, and attaches the obtained value and the message to the message. Compare the value (authentication code). If it can be normally decoded and the compared value (authentication code) matches, it is determined that the message is from a valid communication terminal. Therefore, when using a digital signature and a hash function, each communication terminal holds a secret key assigned to itself, a public key assigned to another communication terminal, a hash function and the key. Will be. FIG. 2D is a diagram illustrating a configuration of a table related to a secret key, a hash function, and a public key held by each communication terminal when a digital signature and a hash function with a key are used. As shown in FIG. 2D, each communication terminal holds the public key, hash function, and key of the other communication terminal in association with the identifier and address of the other communication terminal. Further, the private key of the own terminal is registered in a part of the table.

  In the above description, after creating the authentication code, the method for encrypting the authentication code has been described. However, after encryption, the authentication code is created using the encrypted message as the creation target of the authentication code. Alternatively, a method of adding this authentication code to the encrypted message may be used. In any case, the secret key, the public key, the hash function, and the key remain unchanged in correspondence with the identifier and address of the other communication terminal.

  As described above, in the present embodiment, any authentication process may be used, but what is common to any authentication process is that each communication terminal communicates with another communication target. The authentication information about the terminal is held. In the case of the first method, the authentication information is a common key, a hash function, and its key. In the case of the second method, the authentication information is a public key. In the case of the third method, the authentication information is a public key, a hash function, and its key.

  FIG. 3A shows a system for authenticating a message sent by a communication terminal itself, such as peer-to-peer communication, and including a communication terminal for storing a table related to authentication information necessary for performing an authentication process. It is a figure which shows a structure typically. As shown in FIG. 3A, each communication terminal holds authentication information related to another communication terminal in association with the identifier and address of the other communication terminal. Hereinafter, a set of communication terminal identifier, address, and authentication information is referred to as an entry. A table in which entries are registered is called a management table.

  Each management table records four entries. In the communication system shown in FIG. 1, since there are two communication counterparts for each communication terminal, authentication information is registered in two entries. In the remaining two entries, authentication information of the communication partner is not registered. Hereinafter, an entry for which authentication information is not registered is referred to as an empty entry.

  In FIG. 3A, the maximum number of entries recorded in the management table is four, but the maximum number of entries may be three or less, or may be five or more. Further, the upper limit may not be provided for the number of entries. Information other than the communication partner identifier, address, and authentication information may be registered in each entry.

  Here, for example, when the communication terminal 11a is discarded, the communication terminal 11a sends a message for instructing deletion of authentication information related to its own terminal (hereinafter referred to as a delete command message) to another communication terminal ( In FIG. 1, it transmits to the communication terminal 11b and the communication terminal 11c). And the communication terminal 11a deletes all the authentication information stored in the own terminal. The communication terminal 11b and the communication terminal 11c that have received the delete command message delete the authentication information related to the communication terminal 11a from the management table. Hereinafter, unless otherwise specified, the communication terminal deletes both the communication destination identifier and the address registered in the same entry when deleting the authentication information. Further, it is assumed that the authentication relationship is canceled when the authentication information is deleted.

  FIG. 3B is a diagram schematically illustrating a configuration of a system including a communication terminal that stores a management table after the authentication relationship is canceled in the communication system. FIG. 3B shows a state after the authentication relationship of the communication terminal 11a shown in FIG. 3A is released. All authentication information recorded in the management table of the communication terminal 11a is deleted, and all entries are empty entries. Become. The authentication information of the communication terminal 11a is deleted from the management table of the communication terminal 11b, and only the authentication information of the communication terminal 11c is left in the management table. Similarly, also in the management table of the communication terminal 11c, the authentication information of the communication terminal 11a is deleted, and only the authentication information of the communication terminal 11b is left in the management table.

  FIG. 4 is a block diagram showing a more detailed configuration of the communication terminal 11a. In FIG. 4, the communication terminal 11 a includes a storage unit 101, a deletion instruction unit 103, a deletion command processing unit 104, a response processing unit 105, a communication unit 106, and a display unit 107. Note that the communication terminal 11b and the communication terminal 11c also have the same configuration as the communication terminal 11a. Hereinafter, the detail of each part of the communication terminal 11a is demonstrated.

  The storage unit 101 stores a management table 102.

  The deletion instruction unit 103 is, for example, a switch, and deletes the authentication information stored in the communication terminal 11a from the user, and sends a deletion instruction signal in response to an instruction for canceling the authentication relationship with another communication terminal. Generate. The deletion instruction unit 103 only needs to be able to detect a deletion instruction from a user (external) as a trigger for signal generation. Specifically, the deletion instruction unit 103 is a button switch, a mechanical switch, a sensor, a switch using connection of contacts, or the like. is there. The deletion instruction unit 103 passes the generated deletion instruction signal to the deletion instruction processing unit 104.

  Note that the function of the deletion instruction unit 103 may be realized by combining a plurality of switches. For example, when the deletion instruction unit 103 has a configuration in which a first switch and a second switch are combined, the first switch can be pressed only when the user presses the second switch. Can be considered. At this time, the deletion instruction unit 103 generates a deletion instruction signal when the first switch is pressed. In this way, by configuring the deletion instruction unit 103 with a plurality of switches, it is possible to prevent a user's erroneous operation. Further, the switch may be covered with an openable / closable cover in order to physically prevent a user's erroneous operation.

  The delete command processing unit 104 creates a delete command message for instructing another communication terminal to delete the authentication information related to the communication terminal 11a. When receiving the delete instruction signal, the delete instruction processing unit 104 refers to the management table 102 stored in the storage unit 101 and determines whether an entry exists. Here, the presence of an entry means that authentication information is registered in the entry.

  If there is an entry in the management table 102, the delete command processing unit 104 selects one entry and creates a delete command message for transmission to the address registered in the entry. The delete command processing unit 104 passes the created delete command message to the communication unit 106.

  FIG. 5 is a diagram illustrating an example of the configuration of the delete command message. The delete command message includes destination address information, source address information, a delete command flag, and a hash value. The destination address information is information indicating the address of the communication terminal that is the transmission destination of the delete command message. The sender address information is information indicating the address of the communication terminal 11a that is the sender of the delete command message. The delete command flag is information indicating that the message is a delete command message.

  The hash value is a value obtained by converting a message with a keyed hash function. The key used here is recorded in the management table 102 as authentication information for the communication partner that transmits the message. If the hash function is not used as authentication information, the hash value does not have to be attached to the message.

  Returning again to the description of FIG. Upon receiving the delete command message, the communication terminal that is the destination of the delete command message returns a response message to be described later. When receiving the response message returned from the communication terminal that is the transmission destination of the deletion command message via the communication unit 106, the deletion command processing unit 104 authenticates the response message. If the response message is valid, the delete command processing unit 104 deletes the authentication information from the entry in which the response message source address is registered. Then, the delete command processing unit 104 refers to the management table 102 again, and creates a delete command message when an entry remains. When all the authentication information is deleted from the management table 102 and all entries in the management table 102 are empty entries, the delete command processing unit 104 creates a completion notification indicating that the cancellation of the authentication relationship is completed, and displays the display unit Pass to 107.

  When the response processing unit 105 receives the deletion command message transmitted from the communication terminal that is the transmission source of the deletion command message via the communication unit 106, the response processing unit 105 authenticates the received deletion command message. If the delete command message is valid, the management table 102 is referenced to delete the authentication information from the entry in which the source address of the delete command message is registered. Then, the response processing unit 105 creates a response message and passes it to the communication unit 106. The response processing unit 105 does not create a response message when the deletion of the authentication information fails. When the deletion of the authentication information fails, the response processing unit 105 may create a message indicating that the deletion of the authentication information has failed and pass it to the communication unit 106.

  FIG. 6 is a diagram illustrating an example of a configuration of a response message. The response message is a message returned to the communication terminal that has transmitted the delete command message. The response message includes destination address information, source address information, a response flag, and a hash value. The response message is different from the delete command message shown in FIG. 5 in that it has a response flag instead of the delete command flag. The response flag is information indicating that the message is a response message. Since the other structure of the response message is the same as that of the delete command message, the description is omitted.

  The communication unit 106 passes the received message to the delete command processing unit 104, the response processing unit 105, or another application (not shown). The communication unit 106 refers to the flag recorded in the received message. When the flag is a flag indicating a release response, the communication unit 106 passes the received message to the delete command processing unit 104. When the flag is a flag indicating a delete command, the communication unit 106 passes the received message to the response processing unit 105. When the flag is not a flag indicating a delete command and is not a flag indicating a release response, the communication unit 106 passes the received message to another application (not shown).

  Here, the other application refers to an application used for operating an original function or an attached function of the communication terminal 11a. For example, when the communication terminal 11a is an air conditioner controlled by a remote controller via a network, the air conditioner includes an application for responding to a control request from the remote controller. In addition, when the communication unit 106 receives a message from the delete command processing unit 104 or the response processing unit 105, the communication unit 106 transmits the message to the designated communication terminal.

  Note that the deletion command message and the response message may be transmitted to all communication terminals connected to the network 9, or may be transmitted only to a specific communication terminal that should receive the deletion command message.

  Upon receiving the completion notification from the delete command processing unit 104, the display unit 107 displays that the cancellation of the authentication relationship has been completed. Specifically, the fact that the cancellation of the authentication relationship has been completed is displayed by, for example, lighting of an LED, a liquid crystal display, or a mechanical display device. Thereby, the user can know that the cancellation of the authentication relationship has been completed. Moreover, if the display unit 107 is a mechanical display device, the user can visually confirm that the cancellation of the authentication relationship has been completed even after the communication terminal 11a is powered off.

  An outline of the operation of the communication terminal configured as described above will be described. FIG. 7 is a sequence diagram showing a rough flow of a cancellation process between communication terminals. Hereinafter, with reference to FIG. 7, the rough flow of the cancellation | release process between communication terminals is demonstrated. Here, a case where a delete command message is transmitted from the communication terminal 11a to the communication terminal 11b will be described as an example.

  Upon receiving a delete instruction from the user, the communication terminal 11a creates a delete command message and transmits it to the communication terminal 11b. Upon receiving the delete command message, the communication terminal 11b creates a response message and sends it back to the communication terminal 11a. Then, the communication terminal 11b refers to the management table 102 stored in the own terminal, and deletes the authentication information of the communication terminal 11a. On the other hand, when receiving the response message, the communication terminal 11a refers to the management table 102 stored in the own terminal, and deletes the authentication information of the communication terminal 11b. In the above description, the case where the delete command message is transmitted from the communication terminal 11a to the communication terminal 11b has been described as an example. However, the delete command message is also transmitted to other communication terminals (communication terminal 11c) other than the communication terminal 11b. The

  Hereinafter, the operation of each communication terminal 11 will be described in detail with reference to the flowcharts shown in FIGS.

  FIG. 8 is a flowchart showing the operation of the deletion instruction unit 103. First, the deletion instruction unit 103 determines whether or not a deletion instruction from the user has been detected (step S101). When the deletion instruction is detected, the deletion instruction unit 103 generates a deletion instruction signal and passes it to the deletion instruction processing unit 104 (step S102). On the other hand, when no deletion instruction is detected, the deletion instruction unit 103 returns to the operation of step S201.

  FIG. 9 is a flowchart showing the operation of the delete command processing unit 104. First, the deletion instruction processing unit 104 determines whether or not a deletion instruction signal has been received from the deletion instruction unit 103 (step S201). If the deletion instruction signal has not been received, the deletion command processing unit 104 returns to step S201.

  On the other hand, when receiving the delete instruction signal, the delete instruction processing unit 104 refers to the management table 102 and determines whether or not an entry exists (step S202). If there is an entry in the management table 102, the delete command processing unit 104 selects one entry from the management table 102 (step S203). Then, the delete command processing unit 104 creates a delete command message to be transmitted to the address registered in the selected entry (step S204), and passes it to the communication unit 106 (step S205).

  Next, the deletion command processing unit 104 waits for a response message to be returned from the communication terminal 11b. Specifically, the delete command processing unit 104 determines whether a response message has been received from the communication unit 106 (step S206). When the response message is received, the delete command processing unit 104 authenticates the response message and determines whether the response message is valid (step S207). If the received response message is not valid, the authentication information is not deleted. Then, the delete command processing unit 104 returns to the operation of step S202.

  On the other hand, when the response message is a valid message, the delete command processing unit 104 refers to the management table 102 and deletes the authentication information from the entry in which the authentication information of the communication terminal 11b is registered (step S208). Then, the delete command processing unit 104 returns to the operation of step S202.

  On the other hand, if it is determined in step S202 that no entry exists, that is, if all entries existing in the management table 102 are empty entries, all authentication information has been deleted and the cancellation of the authentication relationship has been completed. Means. At this time, the deletion command processing unit 104 deletes the authentication information assigned to the own terminal (step S209). For example, when authenticating a message using a digital signature, the authentication information assigned to the terminal itself is a secret key. Then, the delete command processing unit 104 creates a completion notification and passes it to the display unit 107 (step S210). In response to this, the display unit 107 displays a completion notification.

  FIG. 10 is a flowchart showing the operation of the communication unit 106. First, the communication unit 106 determines whether a message has been received (step S301). If no message has been received, it is determined whether there is a transmission request (step S302). Specifically, the communication unit 106 determines whether a message to be transmitted has been received from the delete command processing unit 104, the response processing unit 105, or other applications. When there is a transmission request, the communication unit 106 transmits a message to the destination communication terminal (step S303). When transmitting the message, the communication unit 106 returns to the operation of step S301. On the other hand, when there is no transmission request, the communication unit 106 returns to the operation of step S301.

  On the other hand, when a message is received in step S301, the communication unit 106 determines whether or not the message is a delete command message (step S304). If the message is a delete command message, the communication unit 106 passes the delete command message to the response processing unit 105 (step S305).

  On the other hand, if the received message is not a delete command message, it is determined whether or not it is a response message (step S306). If it is not a response message, the communication unit 106 passes the message to a predetermined application (step S307).

  On the other hand, when the received message is a response message, the communication unit 106 passes the response message to the delete command processing unit 104 (step S308).

  FIG. 11 is a flowchart showing the operation of the response processing unit 105. First, the response processing unit 105 determines whether or not a delete command message has been received from the communication unit 106 (step S401). If the delete instruction message has not been received, the response processing unit 105 returns to the operation of step S401.

  On the other hand, if a delete command message is received in step S401, the response processing unit 105 authenticates the delete command message and determines whether the message is a valid message (step S402). If the received delete command message is not valid, the authentication information is not deleted. Then, the response processing unit 105 returns to the operation of step S401.

  On the other hand, if the received delete command message is valid, the authentication information is deleted from the entry in which the transmission source address of the delete command message is registered with reference to the management table 102 (step S403). Then, the response processing unit 105 creates a response message (step S404). The created response message is passed to the communication unit 106 (step S405). A response message is created by the processes in steps S401 to S405 described above, and authentication information related to the communication terminal 11a is deleted.

  FIG. 12 is a flowchart showing the operation of the display unit 107. First, the display unit 107 determines whether or not a completion notification has been received from the delete command processing unit 104 (step S501). When the completion notification is received, the display unit 107 displays that the cancellation of the authentication relationship has been completed (step S502). On the other hand, if the completion notification has not been received, the process returns to step S501 again.

  As described above, according to the present embodiment, a communication terminal that has received an instruction for canceling an authentication relationship deletes authentication information stored in the own terminal and sends it to another communication terminal that has an authentication relationship. Instructs the user to delete the authentication information related to the terminal itself. Thereby, in a communication system in which a plurality of communication terminals connected to the network directly communicate, the authentication relationship between the communication terminal to be discarded and other communication terminals can be canceled. Therefore, it is possible to prevent a third party from reading the authentication information from the discarded communication terminal 11a and illegally connecting to the network.

  Moreover, since unnecessary authentication information can be deleted from the communication terminal, it is possible to prevent a shortage of memory capacity.

  Further, a response message is returned from the communication terminal that is the transmission destination of the delete command message. Thereby, the communication terminal which transmitted the deletion command message can confirm that the authentication information regarding the own terminal has been deleted from the communication terminal having the authentication relationship by receiving the response message. Therefore, the authentication relationship between the communication terminals can be canceled reliably.

  In the above embodiment, the delete command processing unit 104 generates a delete command message and then generates a next delete command message after receiving a response message. After creating the delete command message for all addresses recorded in the authentication information, the authentication information may be deleted without waiting for reception of a response message. This is effective when it is less necessary to confirm that other communication terminals have securely deleted authentication information, and at least the purpose is to delete authentication information held by the terminal itself. The completion notification created at this time indicates that at least all of the authentication information of the own terminal has been deleted.

  In the above embodiment, the delete command processing unit 104 passes the delete command message to the communication unit 106 (step S205) and then waits for reception of a response message (step S206). The waiting time may be set. If no response message is returned within a predetermined time, the delete command processing unit 104 may refer to the management table 102 and create a delete command message for the next entry. In this case, when a predetermined time elapses from when the process proceeds to step S206 until the determination is Yes, the process returns to step S202, and the delete command processing unit 104 refers to the management table 102 again.

  At this time, after creating a deletion instruction message for all entries stored in the management table 102, information indicating that a response message reception waiting time-out has occurred is displayed together with a completion notification. It is also possible to pass it on. The display unit 107 displays the completion of the cancellation of the authentication relationship and displays that a time-out has occurred.

  Further, when a predetermined waiting time until the response message is received, the delete command processing unit 104 may pass data indicating the communication partner that failed to transmit the delete command message to the display unit 107. In response to this, the display unit 107 displays the communication terminal that failed to transmit the delete command message. In a communication system, not all communication terminals are always connected to the network. By displaying the communication terminal that failed to transmit the delete command message, the user can know that the communication terminal that is in an authentication relationship with the communication terminal to be discarded is not connected to the network.

  Further, in the case where the communication terminal that has transmitted the delete command message has timed out waiting for reception of a response message (step S206), the corresponding authentication information may be deleted from the management table 102. At this time, the deletion command processing unit 104 proceeds to step S208 after the reception standby time has elapsed for a predetermined time, and deletes the authentication information. Thereby, even when a response message is not returned from the communication partner, all the authentication information stored in the communication terminal to be discarded can be deleted.

  In the above embodiment, the deletion instruction unit 103 is a switch. However, any device other than a physical switch may be used as long as it can receive a deletion instruction from the user. Alternatively, a deletion instruction may be received from another communication terminal having an authentication relationship.

  In the above-described embodiment, the communication unit 106 refers to the flag recorded in the received message and determines whether the received message is passed to the deletion command processing unit 104, the response processing unit 105, or another application. I was judging. Here, the communication unit 106 may pass the received message to the delete command processing unit 104, the response processing unit 105, and all other applications. In this case, the delete command processing unit 104, the response processing unit 105, and other applications that have received the message from the communication unit 106 refer to the flag recorded in the message received from the communication unit 106, and are messages that each unit should receive. Judge that there is.

(Second Embodiment)
Next, a second embodiment of the present invention will be described. As described above, in the first embodiment, after deleting all authentication information recorded in the management table, the communication terminal displays the completion of the cancellation of the authentication relationship on the display unit. On the other hand, in 2nd Embodiment, a communication terminal will cut | disconnect the power supply of an own terminal, if cancellation | release of authentication relationship is completed.

  FIG. 13 is a block diagram showing a configuration of a communication terminal 11a according to the second embodiment of the present invention. The block diagram shown in FIG. 13 is different from the block diagram shown in FIG. 4 in that a power-off unit 108 is provided instead of the display unit 107. Since the other components are the same as those in FIG. 4, the same components as those in FIG. 4 are denoted by the same reference numerals, and detailed description thereof is omitted.

  In FIG. 13, the communication terminal 11 a includes a storage unit 101, a deletion instruction unit 103, a deletion command processing unit 104, a response processing unit 105, a communication unit 106, and a power disconnection unit 108.

  In the present embodiment, the deletion instruction unit 103 is, for example, a switch, and generates a deletion instruction signal by detecting a voltage drop. Further, the deletion instruction unit 103 may detect an operation in which the user pulls out the power plug of the communication terminal 11a from the outlet, or may detect that the power switch of the communication terminal is turned off.

  When receiving the completion notification from the delete command processing unit 104, the power cut-off unit 108 cuts off the power supply of the communication terminal 11a.

  As described above, when a communication terminal detects a voltage drop, the communication terminal starts an authentication relationship canceling operation, and when the canceling operation is completed, the communication terminal turns off the power of the terminal itself. The communication terminal may supply the minimum power necessary for the authentication-related cancellation operation using a backup power source, etc., and store the necessary power when a voltage drop is detected. Also good.

  FIG. 14 is a flowchart showing the operation of the power cut-off unit 108. The power-off unit 108 determines whether a completion notification has been received from the deletion command processing unit 104 (step S601). Upon receiving the completion notification, the power cut-off unit 108 cuts off the power of the communication terminal 11a (step S602).

  As described above, according to the present embodiment, when the communication terminal detects a voltage drop, the communication terminal starts releasing the authentication relationship with another communication terminal connected to the network, and when the release is completed, the power of the terminal is turned off. To do. Therefore, even if the communication terminal does not include a display unit that displays the completion of the cancellation of the authentication relationship, the user can know that the cancellation of the authentication relationship has been completed by turning off the power of the communication terminal.

  In addition, the communication terminal starts the operation of canceling the authentication relationship triggered by the detection of the voltage drop. As a result, the user can cancel the authentication relationship simply by turning off the power of the communication terminal to be discarded or pulling out the power plug from the outlet, and there is no need to perform a complicated operation such as pressing a switch.

  In the present embodiment, the deletion instruction unit 103 generates a deletion instruction signal when detecting a voltage drop. Here, the function of the deletion instruction unit 103 may be realized by combining a plurality of switches. For example, a second switch is combined with the above-described switch for detecting a voltage drop (hereinafter referred to as a first switch). The second switch may be any switch that can detect a deletion instruction from the user (external) such as button switch, mechanical switch, sensor, contact connection, etc. as a trigger for signal generation.

  In this case, only when the second switch is pressed, the deletion instruction unit 103 detects that the first switch is turned on, that is, a voltage drop and generates a deletion instruction signal. If the user does not discard the communication terminal but simply wants to power off the communication terminal, the user does not press the second switch. Therefore, even when the communication terminal is powered off, the deletion instruction unit 103 does not detect the deletion instruction. As a result, when the user simply wants to turn off the communication terminal, the authentication relationship can be prevented from being canceled. Note that the second switch may be covered with an openable / closable cover in order to physically prevent an erroneous operation by the user.

(Third embodiment)
Next, a third embodiment of the present invention will be described. In the present embodiment, the communication terminal encrypts the message and transmits it.

  Normally, even if a third party obtains a delete instruction message or response message sent once, the authentication relationship between the already discarded communication terminal and the other communication terminal is canceled, so the message is used illegally. It is thought that it cannot be done. However, it is the same when a communication terminal whose authentication relationship has been canceled is connected to the network again, or when authentication information used by a discarded communication terminal is assigned to a communication terminal newly connected to the network. The delete command message or response message is transmitted / received multiple times. In this case, in order to prevent unauthorized acquisition of the message by a third party, it is desirable to encrypt the message and transmit it. Hereinafter, the structure of the message when the message is encrypted and transmitted will be described. In addition, since the structure and operation | movement of each part of a communication terminal are the same as that of 1st Embodiment, FIGS. 1-12 is used and the description is abbreviate | omitted. The encryption method is, for example, a public key encryption method or a common key encryption method, but may be any method that encrypts a message, and is not limited to these encryption methods.

  FIG. 15A shows an example of the configuration of the delete command message when the message is encrypted and transmitted. As shown in FIG. 15A, the delete command message includes destination address information, source address information, a message type, a random value, a delete command flag, and a hash value. The delete command message shown in FIG. 15 differs from the delete command message shown in FIG. 5 in that it includes a message type and a random value. The message type indicates the attribute of the message, and here is information indicating a delete command. The random value is a random value determined by the communication terminal that creates the message. When the communication terminal transmits a delete command message in which the random number value is recorded to the transmission destination, the communication terminal of the transmission destination records the random number value in a response message and sends it back. As a result, the communication terminal that has transmitted the delete command message can determine whether the received message is valid or not by comparing the transmitted random number value with the received random value. The delete command processing unit 104 creates a delete command message, encrypts the random value and the delete command flag, and passes them to the communication unit 106.

  FIG. 15B is a diagram illustrating an example of a message configuration when a message is transmitted and received using TCP / IP. As shown in FIG. 15B, the delete command message is composed of an IP header, a TCP header, a random value, a delete command flag, and a hash value. In the IP header, a transmission destination address and a transmission source address of the message are recorded. Information indicating message attributes is recorded in the TCP header. The delete command processing unit 104 creates a delete command message, encrypts the random value and the delete command flag, and passes them to the communication unit 106. Note that the TCP header may be a UDP header.

  FIG. 15C is a diagram illustrating an example of a configuration of a delete instruction message when a message is transmitted / received using IPsec (IP Security). IPSec is a protocol for encrypting messages transmitted and received on the TCP / IP protocol. The delete command message includes an IP header, an ESP header, a TCP header, a random value, a delete command flag, an ESP trailer, and a hash value. The configuration example of the deletion command message illustrated in FIG. 15C is different from the configuration example of the deletion command message illustrated in FIG. 15B in that it includes an ESP (Encapsulation Security Payload) header and an ESP trailer. Data required for message encryption and authentication is recorded in the ESP header. After creating the delete command message, the delete command processing unit 104 encrypts the TCP header, random number value, delete command flag, and ESP trailer and passes them to the communication unit 106.

FIG. 16 shows an example of the configuration of a response message created by the response processing unit 105.
In FIG. 16, the response message includes destination address information, transmission source address information, message type, random number value, response flag, and hash value. The response message shown in FIG. 16 is different from the delete command message shown in FIG. 15A in that it includes a response flag instead of the delete command flag, but the rest of the configuration is the same, so detailed description is omitted. . The response message may be a message corresponding to TCP / IP as shown in FIG. 15B, or may be a message corresponding to IPsec (IP Security) as shown in FIG. 15C.

  As described above, according to the present embodiment, since the message can be transmitted after being encrypted, even if a third party obtains the message illegally, the message cannot be decrypted. Therefore, eavesdropping and spoofing of messages sent and received can be prevented.

  Note that when a message is transmitted / received using TCP / IP or IPsec, an address may be incorporated in data to be encrypted in the message. Thus, the communication terminal that has received the message can evaluate the validity of the message by comparing the address recorded in the IP header with the address embedded in the encrypted data.

(Fourth embodiment)
Next, a fourth embodiment of the present invention will be described. In the first embodiment, the communication terminal is a dedicated device such as a network-compatible home appliance on which an LSI or the like masked with a program having a function for canceling the authentication relationship is mounted. On the other hand, in the fourth embodiment, the communication terminal is, for example, a personal computer or a mobile phone, and is a general-purpose computer that reads and executes a program that implements the software configuration shown in FIG. A CPU is provided. Since the functional configuration and operation formed by the communication terminal executing the release program are the same as those in the first embodiment, FIG. 1 to FIG. 12 are used, and detailed description thereof is omitted.

  FIG. 17 is a block diagram illustrating a hardware configuration of the communication terminal 10a. The communication terminal 11a includes a CPU 201, a memory 203, an input unit 202, an output unit 204, and a communication unit 205. The cancellation program is stored in the memory 203 in advance, and is appropriately read by the CPU 201 and executed. Comparing FIG. 17 with the software configuration diagram of the communication terminal 11 a shown in FIG. 4, the input unit 202 first corresponds to the deletion instruction unit 103. The memory 203 stores the management table 102. The output unit 204 is a display device such as a liquid crystal display device, and corresponds to the display unit 107. The communication unit 205 includes a CPU and a communication terminal such as a modem, and corresponds to the communication unit 106. The CPU 201 realizes functions corresponding to the delete command processing unit 104 and the response processing unit 105. When the CPU 201 receives a deletion instruction from the input unit 202, the CPU 201 reads the cancellation program from the memory 203 and executes it. Then, the CPU 201 refers to the management table 102 stored in the memory 203 and starts an authentication relationship cancellation process.

  In the present embodiment, the release program is stored in the memory in advance. Here, the release program may be stored in a recording medium such as an optical disk or a flexible disk, or may be stored in a memory card such as an SD memory card or smart media. Further, the cancellation program may be provided via a network.

  The present invention is a communication system in which communication terminals communicate directly with each other, and a communication system capable of deleting information necessary for authentication from each communication terminal at once, a communication terminal used therefor, an authentication information deletion method, and authentication information It is useful as a recording medium for storing a deletion program and an authentication information deletion program.

The block diagram which shows the structure of the communication system which concerns on the 1st Embodiment of this invention. The figure which shows the structure of the management table in which a common key is recorded as authentication information. The figure which shows the structure of the management table in which a hash function with a key is recorded as authentication information The figure which shows the structure of the management table in which a public key is recorded as authentication information. The figure which shows the structure of the management table in which a public key and a hash function with a key are recorded as authentication information The figure which shows the structure of the management table 102 before the authentication relationship cancellation | release in a communication system. The figure which shows the structure of the management table 102 after authentication relationship cancellation | release in a communication system. The block diagram which shows the structure of the communication terminal 11a of FIG. The figure which shows an example of a structure of a deletion command message The figure which shows an example of a structure of a response message Sequence diagram showing operation of communication terminal 11a and communication terminal 11b A flowchart showing the operation of the deletion instruction unit 103 A flowchart showing the operation of the delete command processing unit 104 A flowchart showing the operation of the communication unit 106 A flowchart showing the operation of the release response creating unit 17 A flowchart showing the operation of the display unit 107 The block diagram which shows the structure of the communication terminal 11a which concerns on the 2nd Embodiment of this invention. A flowchart showing the operation of the power-off unit 108 The figure which shows an example of a structure of a deletion command message The figure which shows an example of a structure of a deletion command message The figure which shows an example of a structure of a deletion command message The figure which shows an example of a structure of a response message typically The block diagram which shows the hardware constitutions of the communication terminal 11a Block diagram showing the configuration of a conventional authentication information management system

Explanation of symbols

9, 29 Network 11, 111 Communication terminal 101, 304 Storage unit 102 Management table 103 Deletion instruction unit 104 Delete command processing unit 105 Response creation unit 106, 301 Communication unit 107, 306 Display unit 108 Power disconnection unit 302 Data processing unit 303 Input 305 Authentication unit

Claims (18)

A communication terminal that directly communicates with another valid communication terminal via the network after determining whether another communication terminal connected via the network is valid or not,
A management table storage means for storing a management table for managing authentication information for each communication terminal used to determine whether or not a communication terminal connected via the network is valid;
An authentication information deletion message creating and transmitting means for creating an authentication information deletion message for deleting the authentication information stored in the other legitimate communication terminal and transmitting it to the other legitimate communication terminal;
An authentication information deleting means for deleting the authentication information managed in the management table,
The authentication information deleting means includes
When the authentication information deletion message is transmitted to the other communication terminal, the authentication information related to the communication terminal that is the transmission destination of the authentication information deletion message is deleted from the management table,
When receiving the authentication information deletion message transmitted by the other communication terminal, the communication terminal deletes authentication information regarding the communication terminal that is the transmission source of the authentication information deletion message from the management table. Further, a response that receives the authentication information deletion message transmitted by the other communication terminal, creates a response message indicating that the authentication information has been deleted, and transmits the response message to the communication terminal that is the transmission source of the authentication information deletion message With message creation and transmission means,
When the authentication information deletion means transmits an authentication information deletion message to the other communication terminal, the authentication information deletion means receives a response message transmitted from the other communication terminal, and then transmits the authentication information deletion message. The communication terminal according to claim 1, wherein the authentication information regarding is deleted from the management table.   The communication terminal according to claim 1, further comprising display means for displaying that the deletion of the authentication information is completed when all the authentication information recorded in the management table is deleted.   The communication terminal according to claim 3, wherein the display means displays that the deletion of the authentication information is completed by turning on an LED.   The communication terminal according to claim 1, further comprising: a power-off unit that turns off the power of the communication terminal when all the authentication information recorded in the management table is deleted.   The communication terminal according to claim 1, further comprising authentication information deletion instruction means for instructing generation of the authentication information deletion message to an authentication information deletion message preparation transmission means.   The communication terminal according to claim 6, wherein the authentication information deletion instruction unit is a switch.   The communication terminal according to claim 6, wherein the authentication information deletion instruction unit causes the authentication information deletion message generation and transmission unit to generate an authentication information deletion message when the voltage decreases. The authentication information deletion message is attached with an authentication value that is a value obtained by converting the message by a predetermined method,
Using the authentication value, further comprising authentication means for authenticating whether the received authentication information deletion message is transmitted from another valid communication terminal;
When the authentication information deletion unit determines that the authentication information deletion message has been transmitted from another valid communication terminal by the authentication unit, the authentication information deletion unit authenticates the communication terminal that is the transmission source of the authentication information deletion message. The communication terminal according to claim 1, which is deleted from the management table. The response message is attached with an authentication value, which is a value obtained by converting the message by a predetermined method.
Using the authentication value, further comprising authentication means for authenticating whether the received response message is transmitted from another valid communication terminal;
When the authentication information determining unit determines that the response message has been transmitted from another valid communication terminal by the authentication unit, the authentication information deleting unit stores authentication information regarding the communication terminal that is the transmission source of the response message in the management table. The communication terminal according to claim 2, wherein the communication terminal is deleted from the communication terminal. The authentication information deletion message creation transmission means encrypts and transmits the created authentication information deletion message,
The authentication information deleting means decrypts the received authentication information deletion message, and when the authentication information deletion message is successfully decrypted, authentication information on the communication terminal that is the transmission source of the authentication information deletion message is retrieved from the management table. The communication terminal according to claim 1, wherein the communication terminal is deleted. The response message creation and transmission means encrypts and transmits the created response message,
The authentication information deleting means decrypts the received response message, and when the response message is successfully decoded, deletes the authentication information regarding the communication terminal that is the transmission source of the response message from the management table. The communication terminal according to claim 2.   2. The communication terminal according to claim 1, wherein the authentication information deleting unit deletes the authentication information assigned to the own terminal when all of the authentication information recorded in the management table is deleted. A communication system in which a plurality of communication terminals are connected via a network, and each communication terminal determines whether or not a communication partner to be connected is valid, and then communicates directly with other communication terminals. There,
Each of the communication terminals
A management table storage means for storing a management table for managing authentication information for each communication terminal used to determine whether or not a communication terminal connected via the network is valid;
An authentication information deletion message creating and transmitting means for creating an authentication information deletion message for deleting the authentication information stored in the other legitimate communication terminal and transmitting it to the other legitimate communication terminal;
An authentication information deleting means for deleting the authentication information managed in the management table,
The authentication information deleting means includes
When the authentication information deletion message is transmitted to the other communication terminal, the authentication information related to the communication terminal that is the transmission destination of the authentication information deletion message is deleted from the management table,
When receiving the authentication information deletion message transmitted by the other communication terminal, the communication information is deleted from the management table, the authentication information regarding the communication terminal that is the transmission source of the authentication information deletion message. In a communication system in which a plurality of communication terminals are connected via a network and each communication terminal determines whether or not a communication partner to be connected is valid and then communicates directly with other communication terminals. , A method for deleting authentication information necessary for the determination registered in each communication terminal,
A step in which a communication terminal desiring to delete authentication information creates an authentication information deletion message for deleting the authentication information of the own terminal registered in the other communication terminal, and transmits it to the other communication terminal When,
The other communication terminal receiving the authentication information message sent from the communication terminal desiring to delete the authentication information, and deleting the authentication information related to the communication terminal that is the transmission source of the authentication information message;
A communication terminal desiring to delete the authentication information deletes the authentication information related to the other communication terminal registered in the own terminal. The determination that is registered in a communication terminal that directly communicates with another valid communication terminal via the network after determining whether another communication terminal connected via the network is valid A method for deleting authentication information necessary for
The communication terminal creates an authentication information deletion message for deleting the authentication information stored in the other valid communication terminal, and transmits to the other valid communication terminal;
When the communication terminal transmits an authentication information deletion message, the communication terminal deletes authentication information about the communication terminal that is the transmission destination of the authentication information deletion message from the own terminal;
And a step of, when the communication terminal receives the authentication information deletion message, deleting the authentication information related to the communication terminal that is the transmission source of the authentication information deletion message from the own terminal. After determining whether or not another communication terminal connected via the network is legitimate, it is registered in its own device with a communication terminal that communicates directly with the other legitimate communication terminal via the network. A program for deleting authentication information necessary for the determination,
Causing the communication terminal to create an authentication information deletion message for deleting the authentication information stored in the other valid communication terminal and transmitting the authentication information to the other valid communication terminal;
When the communication terminal transmits an authentication information deletion message, the authentication terminal related to the communication terminal of the transmission destination of the authentication information deletion message is deleted from the communication terminal to the communication terminal,
And a step of causing the communication terminal to delete authentication information regarding the communication terminal that is the transmission source of the authentication information deletion message from the own terminal when the communication terminal receives the authentication information deletion message. After determining whether or not another communication terminal connected via the network is legitimate, it is registered in its own device with a communication terminal that communicates directly with the other legitimate communication terminal via the network. A recording medium on which a program for deleting authentication information necessary for the determination is recorded,
Causing the communication terminal to create an authentication information deletion message for deleting the authentication information stored in the other valid communication terminal and transmitting the authentication information to the other valid communication terminal;
When the communication terminal transmits an authentication information deletion message, the authentication terminal related to the communication terminal of the transmission destination of the authentication information deletion message is deleted from the communication terminal to the communication terminal,
When the communication terminal receives an authentication information deletion message, a recording medium storing a program comprising: causing the communication terminal to delete authentication information related to a communication terminal that is a transmission source of the authentication information deletion message.

Images