JP2006067277A - Terminal, network transferring device, server device, method for controlling terminal, method for controlling network transferring device, program and recording medium - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a network service with high convenience that uses an external control system by constructing the external control system which can prevent an external control signal from being unauthorizedly used and is secure and strong in the case of externally controlling a terminal connected to a network. <P>SOLUTION: When a terminal receives a specific control signal packet transmitted from a different unit connected to the network while operation in a plurality of starting states is defined in a device in the terminal with supplied with power from a power source part belonging to the terminal, the terminal recognizes various information tags relating to a starting state included in the received control signal packet and controls the starting state of each device of the terminal most appropriately for control contents requested by the recognized information tags. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

The present invention relates to a user terminal device necessary for enjoying a service provided via a network, a network on a service provider side, a server device, a network device, and a network system constructed by connecting them. , Service and related.

  In a network service that connects terminal devices such as personal computers and digital home appliances to a wide area network such as the Internet, and transmits and receives various data, various types of communication means ( Protocol) is used.

  Some of these services, for example, automatically start and stop the terminal device, especially each hardware included in the device, such as automatically starting at a determined time and transmitting and receiving data. There are many services to do.

  As a technique for realizing this function, a magic packet used mainly for remotely controlling a personal computer within a LAN is known (for example, see Non-Patent Document 1).

  However, the external control realized by the above-described magic packet has several problems, particularly when used in a large-scale system.

  One of the problems is security assurance. The magicpacket is a function for identifying a device that transmits a signal, although it is possible to start a personal computer compliant with ACPI (for example, see Non-Patent Document 2) that defines a function for returning from a hibernation / power-saving state. Therefore, when a malicious third party transmits a signal from the outside, there is a problem that the terminal device is illegally activated.

  In many cases, a personal computer or the like that is running is provided with a robust security protection function. For example, as a method to prevent terminal operation by a malicious third party, the user often inputs a password. In this case, there is a leakage or decryption of the password. It cannot be said that safety is strictly protected.

In addition, as a technique different from a technique such as a password that is required to be directly operated by a user, security protection such as IPSec (for example, see Non-Patent Document 3) is proposed in a communication protocol on the Internet. Since this technology protects communication signals, safety is maintained at a high level, but it does not have a function of directly controlling a terminal device in a dormant state.
“Magic Packet Technology”, advanced Micro Devices, Inc., 1998 (URL: http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/20213.pdf) “Advanced Configuration and Power Interface Specification”, Compaq Computer Corporation, August 25, 2003, mainly p. 1-5, p. 19-23 (URL: http://www.acpi.info/DOWNLOADS/ACPIspec-2-0c.pdf) Marcus Goncalves et al., Translated by Rieko Ikuta “IPv6 Protocol Thorough Explanation”, published by Nikkei BP, March 2001, p. 210-233

  Therefore, when the terminal device is remotely operated from the network, it is required to ensure safety in close cooperation with the control of the communication protocol even when the terminal device is in a sleep / power-saving state.

The present invention can prevent unauthorized use of an external control signal when controlling a terminal device connected to a network from the outside, and constructs a safe and robust external control system, which is highly convenient to use. The purpose is to provide network services.

  The invention according to claim 1 is a network including a terminal device that transmits and receives a packet and a network transfer device that transfers a packet, and a specific unit transmitted from a power supply unit and another device connected to the network. When the control signal packet receiving means for receiving the control signal packet and the control signal packet receiving means receive the control signal packet from the other device, the terminal device included in the control signal packet is activated. Information tag recognizing means for recognizing related information tags, and each device that constitutes the terminal device and is supplied with power from the power supply unit according to the control content requested by the recognized information tag, It is a terminal device characterized by having a control means for controlling to the most appropriate activation state.

  According to a second aspect of the present invention, in the first aspect, it is verified based on a verification operation defined by the recognized information tag that the device that is the transmission source of the control signal packet is a reliable device. It has a verification means, and the control means is a means for controlling the activation state of each device provided in the terminal device only when it is confirmed that the information is from a valid transmission source. This is a characteristic terminal device.

  The invention described in claim 3 is the control signal packet transmitted from another device connected to the network according to claim 1, and when the specific encrypted control signal packet is received. Decryption means for decrypting the control signal packet using key information for decryption processing held by the terminal device, wherein the control means decrypts the control signal packet by the decryption means. After that, the terminal device is means for controlling the activation state of each device of the terminal device.

  According to a fourth aspect of the present invention, in a network including a terminal device that transmits and receives packets and a network transfer device that transfers packets, a specific control signal packet transmitted from another device connected to the network is transmitted. Control signal packet receiving means for receiving, and control signal identifying means for identifying that the received control signal packet is a control signal based on an information tag related to an activation state included in the control signal packet And a control signal transfer means for transferring the recognized control signal only to the destination terminal device of the control signal packet.

  According to a fifth aspect of the present invention, in the fourth aspect, the control signal packet is a packet for controlling an activation state of the terminal device, and the control signal packet is transmitted after the control signal packet is transmitted to the terminal device. When a server request certificate transmission request packet required for verification is transmitted from the terminal device, the transmission request packet is transferred to the certificate transmission server device and included in the response signal packet. The network transfer device is characterized in that the certificate is transferred to the terminal device.

  A sixth aspect of the present invention provides the control signal packet according to the fourth aspect, wherein the control signal packet controls an activation state of the terminal device and is an encrypted packet, and the control signal packet is transmitted to the terminal device. Later, when an encryption key transmission request packet for decrypting the control signal packet is received from the terminal device, the received transmission request packet is transferred to the encryption key distribution server device, and the response signal packet is transmitted. A network transfer device that transfers an included encryption key to the terminal device.

  The invention according to claim 7 provides the specific session number for the transmission / reception process of the control signal packet having the priority information in the packet transfer according to claim 4, and is given from the information included in the packet. Transfer control processing by changing the priority number given to multiple packets belonging to a given session number so that the impact on each processing is minimal and the transfer can be maximized in efficiency. This is a featured network transfer apparatus.

  The invention described in claim 8 includes a connection unit that connects to a terminal device or a network transfer device via a network, and a control signal packet transmission unit that transmits a control signal packet for controlling the activation state of the terminal device. This is a featured server device.

  According to a ninth aspect of the present invention, there is provided a control method of a terminal device for transmitting and receiving packets, wherein a specific control signal packet transmitted from another device connected to a network to which the terminal device is connected is received, and a memory And receiving the control signal packet from the other device and recognizing an information tag related to a predetermined activation state of the terminal device included in the control signal packet, According to the information tag recognition stage stored in the memory and the control content requested by the recognized information tag, power is supplied from a power supply unit provided in the terminal device, which is a device constituting the terminal device. The control stage for controlling each device to the most appropriate activation state and controlling the operation state of the terminal device, and the device that is the transmission source of the control signal packet A verification step for verifying that the device is a device that can be verified based on the verification operation defined by the recognized information tag, and the control step is confirmed to be information from a valid source The terminal device control method is a step of controlling the activation state of each of the devices provided in the terminal device.

  The invention according to claim 10 is the control signal packet transmitted from another device connected to the network according to claim 9, when the specific encrypted control signal packet is received. A decryption step of decrypting the control signal packet using key information for decryption processing held by the terminal device, wherein the control step decrypts the control signal packet in the decryption step; Then, the terminal device control method is a means for controlling the activation state of each device of the terminal device.

  The invention according to claim 11 is a method of controlling a network transfer apparatus for transferring a packet, and receives a specific control signal packet transmitted from another apparatus connected to a network to which the network transfer apparatus is connected. A control signal packet receiving step stored in a memory, and identifying that the received control signal packet is a control signal, based on an information tag related to an activation state included in the control signal packet, A control method for a network transfer device, comprising: a control signal identification step stored in a memory; and a control signal transfer step for transferring the recognized control signal only to a destination terminal device of the control signal packet. .

  The invention of claim 12 is the control signal packet according to claim 11, wherein the control signal packet is a packet for controlling an activation state of the terminal device, and the control signal packet is transmitted after the control signal packet is transmitted to the terminal device. When a certificate transmission request packet of the server device necessary for verification is received from the terminal device, the transmission request packet is transferred to the certificate transmission server device and included in the response signal packet. A method for controlling a network transfer apparatus, wherein a certificate is transferred to the terminal apparatus.

  The invention according to claim 13 is the control signal packet according to claim 11, wherein the control signal packet is an encrypted packet that controls an activation state of the terminal device, and the control signal packet is transmitted to the terminal device. Later, when an encryption key transmission request packet for decrypting the control signal packet is received from the terminal device, the received transmission request packet is transferred to the encryption key distribution server device, and the response signal packet is transmitted. A control method for a network transfer device, wherein an encryption key contained therein is transferred to the terminal device.

  The invention according to claim 14 assigns a specific session number to a transmission / reception process of a control signal packet having priority information in packet transfer, and belongs to the assigned session number from the information included in the packet. A network transfer characterized in that a transfer control process is performed by changing a priority number given to a plurality of packets so that the influence on each process is minimal and the transfer can be maximized in efficiency. This is a method for controlling the apparatus.

  A fifteenth aspect of the invention is the terminal device according to the eleventh aspect, wherein emergency terminal information for remotely starting the terminal unit is received from an emergency warning transmission server even when the terminal unit is in a dormant state. This is a control method.

  According to a sixteenth aspect of the present invention, there is provided a terminal device control system for controlling an activation state of the terminal device on a system including a terminal device that transmits and receives packets, a network transfer device that transfers packets, and a network. In the method, the network interface control unit included in the network device control unit receives the control signal packet, and the filter / verification processing unit included in the network device control unit receives the filter information and the identification information. Originally, the step of performing authentication and discarding unnecessary packets, the step of determining the information tag contained in the control signal packet by the external information analysis unit included in the network device control unit, and the CPU Based on the control signal packet information received from the network device control unit, A method for controlling a terminal device, comprising: determining operation control of a device; and a power control unit receiving an operation control command from the CPU and controlling power supply to each device. .

  The invention according to claim 17 is a program for controlling a terminal device that transmits and receives packets, and receives a specific control signal packet transmitted from another device connected to a network to which the terminal device is connected. And a control signal packet receiving procedure stored in the memory and an information tag related to a predetermined activation state of the terminal device included in the control signal packet when the control signal packet is received from the other device. Recognizing and storing the information tag in the memory and the control content requested by the recognized information tag, the power is supplied from the power supply unit provided in the terminal device, which is a device constituting the terminal device. The control procedure for controlling each supplied device to the most appropriate activation state and the device that is the source of the control signal packet are reliable devices. And a verification procedure for verifying based on the verification work defined by the recognized information tag, and the control procedure is confirmed to be information from a valid source. This is a program that is a procedure for controlling the activation state of each of the devices provided in the terminal device only when the terminal device is installed.

  The invention according to claim 18 is a program for controlling a network transfer apparatus for transferring a packet, and a specific control signal packet transmitted from another apparatus connected to a network to which the network transfer apparatus is connected The control signal packet reception procedure for receiving and storing in the memory, and that the received control signal packet is a control signal, based on the information tag related to the activation state included in the control signal packet, A program for causing a computer to execute a control signal identification procedure for identifying and storing in a memory and a control signal transfer procedure for transferring the recognized control signal only to a destination terminal device of the control signal packet.

  The invention according to claim 19 is a program for controlling a terminal device that transmits and receives packets, and receives a specific control signal packet transmitted from another device connected to a network to which the terminal device is connected. And a control signal packet receiving procedure stored in the memory and an information tag related to a predetermined activation state of the terminal device included in the control signal packet when the control signal packet is received from the other device. Recognizing and storing the information tag in the memory and the control content requested by the recognized information tag, the power is supplied from the power supply unit provided in the terminal device, which is a device constituting the terminal device. The control procedure for controlling each supplied device to the most appropriate activation state and the device that is the source of the control signal packet are reliable devices. And a verification procedure for verifying based on the verification work defined by the recognized information tag, and the control procedure is confirmed to be information from a valid source. This is a computer-readable recording medium on which a program that is a procedure for controlling the activation state of each device provided in the terminal device is recorded.

The invention according to claim 20 is a program for controlling a network transfer apparatus for transferring a packet, and a specific control signal packet transmitted from another apparatus connected to a network to which the network transfer apparatus is connected The control signal packet reception procedure for receiving and storing in the memory, and that the received control signal packet is a control signal, based on the information tag related to the activation state included in the control signal packet, Computer-readable recording of a program for causing a computer to execute a control signal identification procedure for identifying and storing in a memory and a control signal transfer procedure for transferring the recognized control signal only to a destination terminal device of the control signal packet Recording medium.

According to the present invention, when a service is performed using a terminal device of a user who uses a service provider on the network, a network on the service provider side, a network device, and a network system using them, the terminal from the outside Realize content distribution services that are both safe and convenient, and monitoring systems for sending emergency alerts, etc., by sending and receiving signal packets for remote control of devices or packets with authentication / encryption functions There is an effect that can be done.

  The best mode for carrying out the invention is the following examples.

(Basic operation of remote control terminal)
First, control signal packet processing and power control will be described.

  FIG. 1 is a block diagram showing a system 100 for remotely starting a terminal device 10 according to a first embodiment of the present invention.

  The system 100 is an example of a minimum network configuration, and a remote control packet is transferred from the control signal transmission server 40 to the terminal device 10 via the network transfer device 30 and the gateway device 20.

  In the system 100, only one network transfer device 30 is provided. However, in a normal large-scale network configuration, a plurality of network transfer devices 30 are used.

  The gateway device 20 accommodates the terminal device 10 and transfers packets transmitted and received between the terminal device 10 and other devices. The gateway device 20 is simpler than a network transfer device generally used in a network. For example, a broadband router device for an IP network used as a home device in a general home is an example of the gateway device 20. The network area delimited by the gateway device 20 is called a local area network in FIG.

  The network transfer device 30 accommodates a plurality of gateway devices 20, and the gateway device 20 accommodates a plurality of terminal devices 10.

  FIG. 2 is a block diagram illustrating a system 200 that transmits multicast control signal packets.

  In the system 200, the network transfer device 30 suppresses transmission of a control signal packet to an unnecessary terminal device by using IP multicast as shown in FIG.

  FIG. 3 is a block diagram illustrating main components (modules) of the terminal device 10.

  The terminal device 10 includes a CPU 11, a main memory (memory) 12, an external storage (magnetic disk or the like) 13, an input / output device control unit 14, a network device control unit 15, an internal expansion interface 16, and an external expansion interface. 17, a power supply control unit 18, and a power supply unit 19.

  When power is supplied to each of the modules 11 to 18, the CPU 11 calculates based on various determination factors, and the power is supplied by notifying the power control unit 18 of the calculation result. When the terminal device 10 is in the activated state, necessary power is supplied from the power supply unit 19 to each module, except when the power supply to some of the modules that do not operate is restricted based on the determination of the CPU 11. Is done. Further, when in the resting state, the power supply to some modules is restricted or stopped based on the determination of the CPU 11.

  Note that the terminal device 10 illustrated in FIG. 3 is an example in which modules are written out by function, and does not indicate a physical component (chip) that is mounted. In addition, one function may be realized by a plurality of chips.

  When receiving the control signal packet, the network device control unit 15 performs basic analysis of the packet.

  FIG. 4 is a block diagram showing main components (modules) constituting the network device control unit 15.

  The network device control unit 15 includes a network interface control unit 151, an external information analysis unit 152, a filter / verification processing unit 153, and a terminal device side interface processing unit 154.

  The control signal packet is transmitted / received to / from the external network 51 through the network interface control unit 151. The signal packet includes an identifier indicating a state such as terminal activation (reactivation), suspension, power saving, and the like.

  FIG. 5 is a diagram illustrating examples of identifiers in the first embodiment.

  This identifier is included as bit information in a predetermined area defined in the signal packet.

  The network interface control unit 151 that has received the control signal from the outside passes the received control signal to the external information analysis unit 152, thereby receiving a command for performing power control processing corresponding to the identifier. For example, “activation” of the terminal device 10 literally indicates a normal activation state in which the terminal device 10 operates with sufficient power supply, and the terminal device 10 shifts from the other states to the normal activation state. Process. If a packet with the above identifier is received when it is already in a normal startup state, nothing happens.

  “Power saving” of the terminal device 10 is a state in which power supply is stopped for a device that is not used for the time being. “Pause” of the terminal device 10 is a restart process after holding the state of the terminal device 10 before the stop. In this state, power supply to almost all devices is stopped except for some devices necessary for the above. The “stop” of the terminal device 10 is literally a state in which power supply to all devices is stopped. Regarding the hibernation state and the power saving state, there may be several levels depending on the function of the terminal device 10 and the mounted device.

  That is, each state of stop / pause / power saving / start-up of the terminal device 10 is an example of a start-up state of the terminal device.

  In the filter / verification processing unit 153, the administrator of the terminal device 10 uniquely adds filter information as necessary, and discards unnecessary packets. The “filter information” includes approval (Accept) information used for continuation of processing and rejection (Reject) information used for stopping processing, and either or both of them can be used in combination.

  FIG. 6 is a diagram illustrating an example of filter information added by the administrator of the terminal device 10.

  In the example illustrated in FIG. 6, the IP address of the terminal device 10 or the network device is filter information, which is represented in CIDR notation. Depending on the implementation, identification information other than the IP address, such as a TCP or UDP port number, may be used as the filter information.

  The power control processing command is passed to the CPU 11 via the terminal device side interface control unit 154. The CPU 11 determines which device power supply is to be controlled based on the power supply control processing command. When the information regarding the correspondence between the power supply state and the power supply state to the device is mounted, the information is held in, for example, the external storage device 13. The power supply control unit 18 that has received a command related to power supply from the CPU 11 to the device actually controls the power supply unit 19, thereby completing the state transition of the terminal device 10.

  FIG. 7 is a diagram illustrating an operation of processing an external control signal in the terminal device 10.

  First, the network interface control unit 151 receives a control signal (packet), the external information analysis unit 152 analyzes the control signal (packet), determines identifier information, and if necessary, the filter processing unit 153 Perform filtering processing. Then, the terminal device side interface processing unit 154 transmits the identifier information (terminal state) to the CPU 11.

Then, the CPU 11 determines the power supply state of the device based on the state data of the terminal device 100 stored in the main memory 12, and the CPU 11 transmits a power control command for each device to the power control unit 18, The power supply control unit 18 performs power processing on the power supply unit 19, and the power supply unit 19 adjusts the power of each device.

(Authentication process of remote control terminal device 10)
The second embodiment of the present invention is an embodiment regarding control signal packet processing and power control in the terminal device 10.

  If the information analyzed by the external information analysis unit 152 includes information related to the security processing illustrated in FIG. 8, the filter / verification processing unit 153 verifies the authenticator included in the control signal packet. The authentication process is performed by verifying whether or not.

  The “authenticator” is specifically used in an existing network service, such as a password or an electronic certificate. The “identifier” is uniquely defined in the present specification. Specifically, the “identifier” is an identifier of the activation state (of the terminal device 10) shown in FIG. 5 and an identifier relating to the security processing shown in FIG. The above-mentioned “verify whether the authenticator is valid” is specifically associated with authentication processing of the server device, for example, an electronic certificate preinstalled in the terminal device and a control signal packet. This is a process for checking whether or not the electronic certificate is the same, and does not indicate the analysis of the identifier.

  FIG. 8 is a diagram illustrating an example of identifiers related to security processing in the second embodiment.

  In the example shown in FIG. 8, a level (decimal number) that can be seen and understood by humans is appended to a bit string (binary number) of information.

  For example, at the security processing level 0, authentication processing is not performed. That is, processing equivalent to that in the first embodiment is performed.

  In level 1 of the security process, the terminal device 10 stores information related to the IP address of the server, and determines whether or not the signal packet is sent from the server having the stored IP address.

  In level 2 of the security process, the server has a unique authenticator, and the terminal device 10 verifies whether the authenticator included in the control signal packet is valid.

  At level 3 of security processing, both level 1 and level 2 processing are performed.

  The “unique authenticator of the server” is, for example, a password or an electronic signature issued by a reliable organization (certificate authority) as a stronger one. The electronic signature is encrypted data created using a digital certificate issued from a trusted organization (certificate authority) and a private key possessed by the server device.

  Certificate issuance and distribution, authentication processing on the terminal device 10 side, and the like conform to the PKI system. For example, a certificate or a public key necessary for decrypting a certificate is distributed in advance to a control signal server device by a trusted organization (certificate authority). When distributing, you may distribute via a network and you may make it distribute using another means in consideration of the safety aspect. The control signal server device distributes the certificate and the public key to the terminal device 10 in advance, and the terminal device 10 holds the identification information as identification information, or the terminal device 10 provides a key to the certificate authority during the authentication process. Distribute certificates and public keys upon request.

  The terminal device 10 decrypts the electronic signature included in the control signal packet using the held public key, and determines whether the electronic signature is transmitted from a valid server. .

  If the data cannot be decrypted or if the decrypted data does not match the certificate, it is determined that the server device of the transmission source is invalid and the processing is interrupted. If the terminal device 10 does not authenticate itself, the authentication server authenticates using an existing authentication protocol such as RADIUS.

  Generally, public keys and certificates are updated at regular intervals for the purpose of preventing unauthorized access due to leakage. Each time the terminal device 10 is updated, the terminal device 10 updates the information (public key) held by the terminal device 10 to the latest authenticator transmitted from the certificate authority.

The authentication and the power control process after the filtering process are the same as those in the first embodiment.

(Decoding process of remote control terminal device 10)
The third embodiment of the present invention is an embodiment regarding control signal packet processing and power control in the terminal device 10.

  When the data of the control signal packet transmitted from the outside is encrypted, the external information analysis unit 152 shown in FIG. 4 decrypts (decrypts) the signal before controlling the power supply.

  There are various existing methods for encryption. For example, DES is used in the common key encryption method, and RSA is used in the public key encryption method.

  The information on the encryption key is held in the external information analysis unit 152 and is referred to as necessary. When the terminal device 10 does not hold the encryption key, the key is acquired by transmitting a request signal to a key distribution server device (certification authority) in an external network.

  The power control process after decoding is the same as the power control process in the first embodiment.

  When processing the control signal packet in the terminal device 10, the control signal packet processing in the second embodiment and the control signal packet processing in the third embodiment may be used in combination.

  FIG. 9 is a sequence diagram illustrating main processing in the network when the control signal packet processing in the second embodiment and the control signal packet processing in the third embodiment are used together.

  In FIG. 9, the process indicated by the dotted line is not essential, and the process indicated by the dotted line depends on the security identifier of the control signal packet.

  That is, the control signal server device 40 holds the secret key (S1), and the control signal server 40 issues an authentication request to the authentication device 50 of the certificate authority (CA). The authentication device 50 of the certificate authority authenticates (S3), approves and sends the public key / certificate to the control signal server device 40 (S4).

  The control signal server device 40 encrypts the certificate (S5), transmits the certificate / public key to the terminal device 10 (S6), encrypts the data (S7), and transmits the control signal packet to the network transfer device 30. Is transmitted (signature of the server device) (S8).

  The network transfer device 30 identifies (S9) and transmits a control signal packet to the terminal device 10 (signature of the server device) (S10). If the terminal device 10 does not have a key, the terminal device 10 requests the public key from the authentication device 50 of the certificate authority (S13), and the authentication device 50 transmits the public key to the terminal device 10 (S14).

  The control signal server device 40 decrypts the data (S15), transmits the certificate / public key to the terminal device 10 (S16), the control signal server device 40 encrypts the data (S17), and the network transfer device 30. Next, the control signal is transmitted as a packet (signature of the server device) (S18).

  When the network transfer device 30 identifies (S19), transmits a control signal to the terminal device 10 (packet of the server device) (S20), and the terminal device 10 does not hold the certificate, the control signal server device 40 requests the certificate (S21), the control signal server device 40 transmits the certificate to the terminal device 10 (S22), and if the terminal device 10 does not have a key, the terminal device 10 is the authentication device of the certificate authority. 60 requests the public key (S23), the authentication device 60 of the certificate authority transmits the public key (S24), the terminal device 10 decrypts the data (S25), and the terminal device 10 performs authentication / authorization → control. Execute (S26), and notify the control signal server device 40 of the end of control (S27).

  FIG. 10 is a flowchart showing a specific processing flow in the terminal device 10.

  The processing shown in FIG. 10 is realized on the hardware of the terminal device 10 or by software that executes a program.

  First, the network device control unit 15 receives a control signal packet (S31). If the signal is not encrypted (S32), the network device control unit 15 determines whether authentication processing is necessary (S33). If the signal is encrypted (S32), the encrypted data is decrypted using the encryption key (S34) (S35).

  If authentication processing is required (S33), an authenticator (electronic certificate, etc.), filter information, etc. are used (S36), authentication / filter information is verified (S37), and if No (Reject), processing is performed. Stop (S38), write the received information (log) (S39), and return to step S31.

When authentication processing is not required (S33), or the result of authentication / filter information matching is Y
If it is es (Accept) (S37), the CPU 11 determines the power supply of each device according to the activation level (S41), and the power supply control unit 18 starts / stops the power supply of each device (S51). ), The CPU 11 writes the received information (log) (S42), and returns to step S31.

(Transfer device operation)
FIG. 11 is a block diagram illustrating main components (modules) of the network transfer device 30 according to the fourth embodiment of the present invention.

  The network transfer device 30 includes a CPU 31, a main memory (memory) 32, an auxiliary memory (memory) 33, an external expansion interface 34, a plurality of network device control units 35, 35,..., A power control unit 38, And a power supply unit 39.

  The network transfer apparatus 30 normally has a plurality of network device control units 35 and connects a plurality of networks. When transmitting the control data signal, when the network device control unit 35 receives the signal from the network, it passes the received signal to the CPU 31 or the auxiliary storage 33, determines the transfer destination of the signal, and sends it to the determined transfer destination. A control data signal is transmitted by passing it to the connected network device control unit 35.

  FIG. 12 is a block diagram illustrating main components (modules) of the network device control unit 35 in the fourth embodiment.

  The network device control unit 35 includes a network interface control unit 351, an external information analysis unit 352, a filter processing unit 353, and a terminal device side interface control unit 354.

  The network interface control unit 351 that has received the control signal from the outside passes the received control signal to the external information analysis unit 352 to obtain necessary information. When it is recognized by the processing in the external information analysis unit 352 that the received packet is a control signal packet, the packet needs to transmit a control signal packet using a broadcast transmission function such as IP multicast. The device 10 is specified, and the packet is transferred only to the interface where the corresponding terminal device 10 exists.

The filter processing unit 353 identifies whether or not the received signal is to be transferred, and determines whether or not to continue the process. For example, this corresponds to a process of not transferring a packet having a broadcast address in an IP network. Information necessary for the transfer is transferred to the CPU 31 or the auxiliary storage 33 via the terminal device side interface control unit 354 and transferred after the transfer destination is determined.

(Corresponding to the certificate request in the transfer device)
In the fifth embodiment of the present invention, when the control signal packet has security-related information as in the second embodiment, the server device certificate necessary for verifying the control signal packet as in the second embodiment is described. When the transmission request packet is transmitted from the terminal device 10, the network transfer device 30 transfers the transmission request to the certificate transmission server device, and the certificate included in the response signal packet for the transmission request is transmitted to the terminal. This is an example of transferring to the device 10.

(Corresponding to encryption key request in transfer device)
In the sixth embodiment of the present invention, when the control signal packet has security-related information as in the third embodiment, the transmission request packet for the encryption key for decrypting the control signal packet is different from that in the third embodiment. Then, the network transfer device 30 transfers the transmission request to the encryption key distribution server device and transfers the encryption key included in the response signal packet of the transmission request to the terminal device 10. This is an example.

(Priority control processing in the transfer device)
In Embodiment 7 of the present invention, when priority information is added to an externally transmitted control signal packet in the network transfer device 30, the external information analysis unit 352 shown in FIG. In this embodiment, an identifier indicating priority is given to a packet, and a signal packet having a high priority indicated by the identifier is preferentially transferred.

  The “priority information” is, for example, DSCP as defined in Diffserv, and existing technology such as WFQ is applied to transfer control when handling such information.

  At this time, when there are signal packets having the same priority number and different information, settings such as changing the priority information are performed using other information. This setting is performed by the network administrator, and the determination is left to the administrator.

  For example, when an identifier as shown in FIG. 8 is set, the priority number may be maximized and the packet transfer process may be performed with the highest priority.

  FIG. 13 is a flowchart illustrating specific processing in the network transfer device 30 according to the seventh embodiment.

  The processing shown in FIG. 13 is realized on the hardware of the network transfer device 30 or by software that executes a program.

  First, a signal (packet) is received (S61), and if the information is encrypted (S62), the encrypted data is decrypted using the encryption key (S63) (S64). If the information is not encrypted (S62), filter information or the like is used (S65), and factor information verification is performed (S66).

  If the result of collation of the filter information (S66) is No (transfer stop), the process is stopped (S67), the received information is written (logged) (S68), and the process returns to step S61.

If the result of filter information collation (S66) is Yes (transferable), transfer destination collation (routing process) (S69), priority information collation / priority process (S70), transfer process (S71), The received information is written (logged) (S68), and the process returns to step S61.

(Emergency warning system 300)
FIG. 14 is a block diagram showing an emergency alert system network 300 according to the eighth embodiment of the present invention.

  The emergency alert system network 300 is the most basic network configuration for transmitting emergency information to the terminal device 10.

  The emergency alert system / network 300 includes a terminal device 10, a plurality of network transfer devices (routers) 30, 30,..., An emergency alert (control signal packet) transmission server 60, and an encryption information management device 62.

  The terminal device 10 receives the control signal packet and changes its own state to an appropriate operating state.

  The network transfer device 30 transfers a control signal packet and a packet having information necessary for processing for changing the operating state of the terminal device.

  The emergency alert transmission server 61 transmits a control signal packet and emergency alert information.

  A plurality of network transfer devices 30 are generally installed in the transfer networks A and B, respectively, but only one is shown in FIG. Although the transfer networks A and B are different networks in FIG. 14, the transfer networks A and B may be the same network depending on the case. That is, the emergency alert transmission server 60 and the encryption information management device 62 may be installed in the same network. In FIG. 14, attention is paid to one of the terminal devices 10, but actually, a plurality of terminal devices 10 are connected to the transfer networks A and B.

  In the emergency alert system 300, the terminal device 10 displays emergency information when a large-scale disaster or crime occurs. For emergency alert information such as breaking news on terrestrial television broadcasts, broadcast stations place information on radio waves of television broadcasts, but watch emergency alerts if the receiver TV is not active I can't. Therefore, the terminal device 10 in the dormant state needs to activate the terminal device 10 by transmitting a control signal from the outside.

  In the eighth embodiment, even when the receiving device (terminal device 10) is in a dormant state, it can be remotely activated by transmitting a control signal from the outside.

  The emergency control (control signal packet) transmission server 61 transmits the external control signal at this time to each terminal device 10. This signal (control signal packet) is sent to the terminal device 10 via the network transfer device 30. The emergency information is displayed through decryption (decryption) of the encrypted signal and authentication processing.

When decrypting an encrypted signal, information for decryption such as an encryption key is required. Information for decryption, such as this encryption key, is transmitted in advance by the encryption information management device 62 to the terminal device 10, or a request signal for requesting an encryption key is given at the time of decryption processing. The terminal apparatus 10 transmits to the encryption information management apparatus 62, and the terminal apparatus 10 receives information for decryption such as an encryption key.

(Externally activated content distribution system 400)
FIG. 15 is a block diagram showing an externally activated content distribution system network 400 according to the ninth embodiment of the present invention.

  The externally activated content distribution system 400 includes a terminal device 10, a plurality of network transfer devices (routers) 30, 30,..., A control signal transmission server 70, an encryption information management device 71, and a content data transmission device 72. .

  The externally activated content distribution system 400 is the most basic network configuration for remotely starting the terminal device 10 and starting / stopping content distribution by sending a control signal from outside the network.

  In general, a plurality of network transfer devices 30 are installed in each of the transfer networks A, B, and C, but only one network transfer device 30 is shown in FIG. The transfer networks A, B, and C are shown as different networks in FIG. 15, but the transfer networks A, B, and C may be the same depending on the case. In FIG. 15, attention is paid to one terminal device 10, but actually, a plurality of terminal devices 10 are connected to the transfer networks A, B, and C.

  In externally activated content distribution system 400, when a person who operates terminal device 10 cannot directly operate terminal device 10 for some reason, such as when going out, control signal transmission server 70 transmits a control signal packet. Then, the terminal device 10 in the dormant state is activated.

  The ninth embodiment is an example in which a video recording device or the like is activated and operated from the outside. That is, when the user is not at home, a control signal packet is transmitted from the outside to activate the power source of the video recording device. It is an example. Conventionally, there is a service for starting a recording device when information is transmitted from a mobile phone. In this case, the mobile phone functions as a control signal transmission server. According to the ninth embodiment, it is possible to prevent a third party from transmitting an unauthorized control signal.

A portable network terminal device 10 such as a mobile phone, PHS (registered trademark), or mobile PC can be used as the control signal transmission server 70. The terminal device 10 receives data transmitted from the content data transmitting device 72 by operating a function for receiving content set in advance in the activated terminal device 10, and according to the setting, Processing such as recording is performed. The process related to the decryption of the encrypted signal is the same as the process in the third embodiment.

  FIG. 16 is a block diagram showing a maintenance network 500 by external activation, which is Embodiment 10 of the present invention.

  The maintenance network 500 by external activation is the most basic network configuration for remotely starting the terminal device 10 by sending a signal from outside the network and updating the internal firmware (software) of the terminal device 10. Basically, it is the same as the externally activated content distribution system 400, and a terminal device firmware data transmission device 73 is provided instead of the content data transmission device 72 in the externally activated content distribution system 400.

  That is, the maintenance network 500 by external activation includes the terminal device 10, a plurality of network transfer devices (routers) 30, 30,..., A control signal transmission server 70, an encryption information management device 71, and terminal device firmware data. A transmission device 73.

  In this system 500, as in the ninth embodiment, the control signal transmission server 70 transmits a control signal packet and activates the terminal device 10 in a dormant state.

  According to the tenth embodiment, the control signal transmission server automatically activates the recording apparatus and updates the internal firmware by automatically transmitting the control signal packet regardless of the absence of the user.

  The activated terminal device 10 automatically updates the firmware in the terminal device 10. The firmware transmission device for the terminal device 10 transmits firmware update data. Accordingly, when a serious defect is detected in the internal firmware of the terminal device 10, the firmware can be updated without bothering the user. The process related to the decryption of the encrypted signal is the same as the process in the third embodiment.

  In addition, the above embodiment can be grasped as a program invention. In other words, the above embodiment is a program for controlling a terminal device that transmits and receives packets, and receives a specific control signal packet transmitted from another device connected to the network to which the terminal device is connected. The control signal packet receiving procedure stored in the memory and the information tag related to the predetermined activation state of the terminal device included in the control signal packet when the control signal packet is received from the other device Then, according to the information tag recognition procedure stored in the memory and the control content requested by the recognized information tag, power is supplied from the power supply unit provided in the terminal device, which is a device constituting the terminal device. The control procedure for controlling each device to be activated to the most appropriate activation state, and the device that is the transmission source of the control signal packet is a reliable device And a verification procedure for verifying based on a verification operation defined by the recognized information tag, and the control procedure is confirmed to be information from a valid transmission source. This is an example of a program that is a procedure for controlling the activation state of each device provided in the terminal device only when the terminal device is installed.

  The above-described embodiment is a program for controlling a network transfer apparatus that transfers a packet, and a specific control signal packet transmitted from another apparatus connected to the network to which the network transfer apparatus is connected The control signal packet receiving procedure to be received and stored in the memory, and identifying that the received control signal packet is a control signal based on the information tag related to the activation state included in the control signal packet Then, it is an example of a program for causing a computer to execute a control signal identification procedure stored in a memory and a control signal transfer procedure for transferring the recognized control signal only to a destination terminal device of the control signal packet.

The above programs may be recorded on a recording medium such as a CD, a DVD, an HD, or a semiconductor memory.

1 is a block diagram showing a system 100 for remotely starting a terminal device 10 that is Embodiment 1 of the present invention. FIG. 1 is a block diagram illustrating a system 200 for transmitting control signal packets by multicast. FIG. 2 is a block diagram showing main components (modules) of the terminal device 10. FIG. 3 is a block diagram showing main components (modules) constituting the network device control unit 15. FIG. 6 is a diagram illustrating an example of identifiers in Embodiment 1. FIG. It is a figure which shows the example of the filter information which the administrator of the terminal device adds. It is a figure which shows the operation | movement which processes the external control signal in the terminal device. It is a figure which shows the example of the identifier regarding the security process in Example 2. FIG. It is a sequence diagram which shows the main processes in a network in the case of using together the control signal packet process in Example 2, and the control signal packet process in Example 3. FIG. 4 is a flowchart showing a specific processing flow in the terminal device 10. It is a block diagram which shows the main components (module) of the network transfer apparatus 30 which is Example 4 of this invention. In Example 4, it is a block diagram which shows the main components (modules) of the network device control part 35. FIG. FIG. 13 is a flowchart illustrating specific processing in the network transfer device 30 according to the seventh embodiment. It is a block diagram which shows the emergency alert system network 300 which is Example 8 of this invention. It is a block diagram which shows the external starting content delivery system network 400 which is Example 9 of this invention. It is a block diagram which shows the maintenance network 500 by the external starting which is Example 10 of this invention.

Explanation of symbols

100: System with a minimum network configuration,
10 ... terminal device,
11 ... CPU,
12 ... Main memory,
13 ... External memory,
14: Input / output device controller,
15 ... Network device control unit,
16 ... Internal expansion interface,
17 ... External expansion interface,
18 ... Power control unit,
19 ... power supply,
20 ... Gateway device,
30 ... Network transfer device,
40 ... control signal transmission server,
60 ... Certificate authority authentication device,
61 ... Emergency alert transmission server,
62 ... Encryption information management device,
70 ... control signal transmission server,
71. Encryption information management device,
72. Content data transmitting device,
73... Firmware data transmission device for terminals,
200 ... System for transmitting control signal packets by multicast,
300 ... Emergency warning system,
400 ... Externally activated content distribution system,
500: Maintenance network with external activation.

Claims (20)

In a network comprising a terminal device that transmits and receives packets and a network transfer device that transfers packets,
A power supply;
Control signal packet receiving means for receiving a specific control signal packet transmitted from another device connected to the network;
Information tag recognizing means for recognizing an information tag related to the activation state of the terminal device included in the control signal packet when the control signal packet receiving means receives the control signal packet from the other device;
Control means for controlling each device, which is a device constituting the terminal device and supplied with power from the power supply unit, to the most appropriate activation state according to the control content requested by the recognized information tag;
The terminal device characterized by having. In claim 1,
A verification means for verifying that the device that is the transmission source of the control signal packet is a reliable device based on a verification operation defined by the recognized information tag;
The terminal device according to claim 1, wherein the control means is means for controlling the activation state of each device provided in the terminal device only when it is confirmed that the information is from a valid transmission source. In claim 1,
A key for a decryption process held by the terminal device when a specific control signal packet encrypted from another device connected to the network is received. Decoding means for decoding the control signal packet using information;
The terminal device according to claim 1, wherein the control means is means for controlling an activation state of each device of the terminal apparatus after the decoding means decodes the control signal packet. In a network comprising a terminal device that transmits and receives packets and a network transfer device that transfers packets,
Control signal packet receiving means for receiving a specific control signal packet transmitted from another device connected to the network;
Control signal identifying means for identifying that the received control signal packet is a control signal based on an information tag related to an activation state included in the control signal packet;
Control signal transfer means for transferring the recognized control signal only to the destination terminal device of the control signal packet;
A network transfer apparatus comprising: In claim 4,
The control signal packet is a packet for controlling the activation state of the terminal device,
After transmitting the control signal packet to the terminal device, if a transmission request packet of a server device certificate required for verification of the control signal packet is transmitted from the terminal device, the transmission request packet is The network transfer device is characterized in that the certificate is included in the response signal packet and transferred to the terminal device. In claim 4,
The control signal packet is a packet that controls the activation state of the terminal device and is encrypted,
After the control signal packet is transmitted to the terminal device, if the encryption key transmission request packet for decrypting the control signal packet is received from the terminal device, the received transmission request packet is transmitted to the encryption key distribution server device. And the encryption key contained in the response signal packet is transferred to the terminal device. In claim 4,
Regarding the transmission / reception processing of control signal packets with priority information in packet transfer, a specific session number is assigned, and the priority given to multiple packets belonging to the assigned session number from the information contained in the packet A network transfer apparatus characterized in that a transfer control process is performed on a number by changing the number so as to minimize the influence on each processing and to maximize the transfer efficiency. Connection means for connecting with a terminal device or a network transfer device via a network;
Control signal packet transmitting means for transmitting a control signal packet for controlling the activation state of the terminal device;
The server apparatus characterized by having. In a control method of a terminal device that transmits and receives packets,
Receiving a specific control signal packet transmitted from another device connected to the network to which the terminal device is connected, and storing it in a memory;
An information tag recognition step of recognizing an information tag related to a predetermined activation state of a terminal device included in the control signal packet when receiving the control signal packet from the other device, and storing the information tag in a memory;
In accordance with the control content requested by the recognized information tag, each device that constitutes the terminal device and that is supplied with power from the power supply unit provided in the terminal device is set to the most appropriate activation state. A control stage for controlling and controlling the operating state of the terminal device;
A verification stage for verifying that the device that is the source of the control signal packet is a reliable device based on a verification operation defined by the recognized information tag;
And the control step is a step of controlling the activation state of each device provided in the terminal device only when it is confirmed that the information is from a legitimate transmission source. Terminal device control method. In claim 9,
A key for a decryption process held by the terminal device when a specific control signal packet encrypted from another device connected to the network is received. A decoding step of decoding the control signal packet using information;
The terminal device control method according to claim 1, wherein the control step is means for controlling an activation state of each device of the terminal device after the control signal packet is decoded in the decoding step. In a control method of a network transfer device for transferring a packet,
Receiving a specific control signal packet transmitted from another device connected to the network to which the network transfer device is connected, and storing it in a memory;
A control signal identification step of identifying and storing in a memory the received control signal packet is a control signal based on an information tag associated with an activation state included in the control signal packet;
A control signal transfer step of transferring the recognized control signal only to the terminal device that is the destination of the control signal packet;
A method for controlling a network transfer apparatus, comprising: In claim 11,
The control signal packet is a packet for controlling the activation state of the terminal device,
After transmitting the control signal packet to the terminal device, if a server request certificate transmission request packet required for verification of the control signal packet is received from the terminal device, the transmission request packet is A control method for a network transfer device, wherein the certificate is transferred to a transmission server device and a certificate contained in the response signal packet is transferred to the terminal device. In claim 11,
The control signal packet is a packet that controls the activation state of the terminal device and is encrypted,
After the control signal packet is transmitted to the terminal device, if the encryption key transmission request packet for decrypting the control signal packet is received from the terminal device, the received transmission request packet is transmitted to the encryption key distribution server device. And the encryption key included in the response signal packet is transferred to the terminal device. In claim 11,
Regarding the transmission / reception processing of control signal packets with priority information in packet transfer, a specific session number is assigned, and the priority given to multiple packets belonging to the assigned session number from the information contained in the packet A method of controlling a network transfer apparatus, wherein the number is subjected to transfer control processing by changing the number so as to minimize the influence on each processing and to maximize the efficiency of transfer. In claim 11,
A control method for a terminal device, comprising: receiving emergency alert information for remotely starting the terminal device from an emergency alert transmission server even when the terminal device is in a dormant state. In a terminal device control method for controlling the activation state of the terminal device on a system configured by a terminal device that transmits and receives packets, a network transfer device that transfers packets, and a network,
A network interface controller included in the network device controller receives the control signal packet;
A step in which a filter / verification processing unit included in the network device control unit performs authentication and discards unnecessary packets based on filter information and identification information;
An external information analyzer included in the network device controller determines an information tag included in the control signal packet;
A step in which the CPU determines operation control of each device of the terminal based on information of the control signal packet received from the network device control unit;
A power control unit receiving an operation control command from the CPU and controlling power supply to each device;
A control method for a terminal device, comprising: A program for controlling a terminal device that transmits and receives packets,
A control signal packet receiving procedure for receiving a specific control signal packet transmitted from another device connected to the network to which the terminal device is connected and storing it in a memory;
An information tag recognition procedure for recognizing an information tag related to a predetermined activation state of a terminal device included in the control signal packet when the control signal packet is received from the other device, and storing the information tag in a memory;
In accordance with the control content requested by the recognized information tag, each device that constitutes the terminal device and that is supplied with power from the power supply unit provided in the terminal device is set to the most appropriate activation state. Control procedures to control;
A verification procedure for verifying that the device that is the transmission source of the control signal packet is a reliable device based on the verification operation defined by the recognized information tag;
Is a program for causing a computer to execute the control procedure, and the control procedure is a procedure for controlling the activation state of each device provided in the terminal device only when it is confirmed that the information is from a legitimate transmission source. A program that is. A program for controlling a network transfer device that transfers packets,
A control signal packet reception procedure for receiving a specific control signal packet transmitted from another device connected to the network to which the network transfer device is connected and storing it in a memory;
A control signal identification procedure for identifying that the received control signal packet is a control signal based on an information tag related to an activation state included in the control signal packet and storing the control signal packet in a memory;
A control signal transfer procedure for transferring the recognized control signal only to the destination terminal device of the control signal packet;
A program that causes a computer to execute. A program for controlling a terminal device that transmits and receives packets,
A control signal packet receiving procedure for receiving a specific control signal packet transmitted from another device connected to the network to which the terminal device is connected and storing it in a memory;
An information tag recognition procedure for recognizing an information tag related to a predetermined activation state of a terminal device included in the control signal packet when the control signal packet is received from the other device, and storing the information tag in a memory;
In accordance with the control content requested by the recognized information tag, each device that constitutes the terminal device and that is supplied with power from the power supply unit provided in the terminal device is set to the most appropriate activation state. Control procedures to control;
A verification procedure for verifying that the device that is the transmission source of the control signal packet is a reliable device based on the verification operation defined by the recognized information tag;
Is a program for causing a computer to execute the control procedure, and the control procedure is a procedure for controlling the activation state of each device provided in the terminal device only when it is confirmed that the information is from a legitimate transmission source. The computer-readable recording medium which recorded the program which is. A program for controlling a network transfer device that transfers packets,
A control signal packet reception procedure for receiving a specific control signal packet transmitted from another device connected to the network to which the network transfer device is connected and storing it in a memory;
A control signal identification procedure for identifying that the received control signal packet is a control signal based on an information tag related to an activation state included in the control signal packet and storing the control signal packet in a memory;
A control signal transfer procedure for transferring the recognized control signal only to the destination terminal device of the control signal packet;
The computer-readable recording medium which recorded the program which makes a computer perform.

Images