JP2006120151A - Information processor, information processing method, and computer program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a device and a method for efficiently and accurately constructing a high security access control configuration. <P>SOLUTION: Only a MAC address of a controller (client) 351 authorized by a user is authenticated and registered in a MAC address table of a device 352, and the device 352 executes MAC address filtering allowing access from the controller 351 (client) authenticated and registered in the MAC address table. Notification of registration completion and version regulation is carried out for constructing a sure access control configuration. An apparatus authentication device 350 avoids access from unauthorized partner not authenticated and registered and prevents a controller fraudulently trying apparatus authentication from knowing presence of a server, so that highly secured access control can be realized. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an information processing apparatus capable of efficiently and surely generating access authority determination information and performing access restriction processing based on the generated information in a configuration for performing communication between devices connected to a network, and information The present invention relates to a processing method and a computer program. In particular, it is a technique relating to a configuration suitable for use in a network-compatible home appliance or computer, a home network in which peripheral devices are connected by a network, a public wireless LAN environment, or the like.

  With the recent spread of data communication networks, so-called home networks that allow home appliances, computers, and other peripheral devices to be connected to each other in the home and communicated between the devices are becoming popular. The home network provides convenience and comfort to users by sharing data processing functions between devices by communicating between network-connected devices, and sending and receiving content between devices. It is expected to become increasingly popular.

  Universal plug and play (UPnP) is known as a protocol suitable for such a home network configuration. Universal Plug and Play (UPnP) can easily construct a network without complicated operations, and provides a service for providing each connected device in devices connected to the network without complicated operations and settings. It can be received. Further, UPnP does not depend on the OS (operating system) on the device, and has an advantage that devices can be easily added.

UPnP exchanges definition files conforming to XML (eXtensible Markup Language) between connected devices, and performs mutual recognition between devices. The outline of UPnP processing is as follows.
(1) Addressing processing for acquiring a self device ID such as an IP address.
(2) Discovery processing for searching each device on the network, receiving a response from each device, and acquiring information such as device type and function included in the response.
(3) Service request processing for requesting a service from each device based on information acquired by the discovery processing.

  By performing the above processing procedure, it is possible to provide and receive a service using a device connected to the network. A device newly connected to the network acquires a device ID by the above addressing process, acquires information of another device connected to the network by the discovery process, and requests a service from another device based on the acquired information. Is possible.

  However, on this type of network, it is also necessary to consider measures against unauthorized access. In a home network, for example, a server or the like, content that requires copyright management such as private content or paid content is often stored.

  Content stored in a server in such a home network can be accessed from other devices connected to the network. For example, content can be acquired by a device that has performed UPnP connection, which is the above-described simple device connection configuration. When the content is movie data or music data, it is possible to watch a movie or listen to music by connecting a TV or player as a network connection device.

  Access by a device connected by a user who has the right to use content may be permitted, but in the network configuration as described above, it is easy for a user who does not have the right to use content to enter the network. For example, in the case of a network configured by a wireless LAN, there is a situation in which a server in a house is illegally entered into the network using communication devices from the outside or from a neighboring house, etc., and content is exploited. Can occur. Such a configuration that allows unauthorized access also causes secret leakage, and is also an important problem from the viewpoint of content copyright management.

  In order to eliminate unauthorized access as described above, for example, a list of clients that are allowed to be accessed by the server is maintained, and when the client requests access to the server, the server performs a matching process with the list to eliminate unauthorized access. A configuration has been proposed.

  For example, MAC address filtering is known in which a MAC (Media Access Control) address, which is a physical address unique to a network connection device, is set as an access-permitted device list. MAC address filtering is a pre-registered MAC address that allows access to a router or gateway that isolates an internal network (subnet) such as a home network and an external network, and is registered as the MAC address of the received packet. The MAC address is checked and access from a device having a MAC address that is not registered is rejected. This type of technology is disclosed in, for example, Patent Document 1.

  However, in order to perform the MAC address registration process for restricting access, it is necessary to check all the MAC addresses of the devices connected to the network, and the MAC addresses (48 bits) of all the acquired devices are used. A process is required in which an operator inputs and creates a list. Such processing can be performed under a predetermined administrator when it is required to construct a secure environment such as a specific company or organization, for example, but is set in a general household, for example. In a home network environment, it is not realistic to request a general user to generate and store a MAC list.

  In a home network, new device addition processing frequently occurs, and in such device addition processing, the user must sequentially check the MAC address of the device and perform registration processing. If it is necessary, it will hinder the ease of network construction.

On the other hand, in general homes, a network configuration including not only PCs but also household electrical appliances has been built, so-called ubiquitous environments that allow access to the network from any device are being built, and the spread of wireless LANs, etc. This makes it easy for a communicable device to enter the wireless LAN from the outside. In such a network environment, unauthorized access to network-connected devices is more likely to occur, and there is an increasing possibility that exploitation of secret information, unauthorized reading of content, etc. due to unauthorized access will be executed. Under such circumstances, it is required to easily realize an appropriate access control configuration without imposing a burden on general users.
JP-A-10-271154

  The present invention has been made in view of the above-described problems. In a configuration in which various devices are connected to a network, an access control configuration can be easily and accurately performed without imposing a burden on a user having a network connection device. An object is to provide an information processing apparatus, an information processing method, and a computer program that can be constructed.

  In a commercial network provided by a certain ISP (Internet Service Provider), a plurality of users are assigned to the same subnet. When receiving such a connection service, there is a problem that a router for performing MAC address filtering described above must be provided in order to prevent unauthorized access to the home network at home by other users in the same subnet. In connection services using cable TV, router connection may be prohibited by the terms of service. In such a connection service, MAC address filtering cannot be performed and access authentication is performed using an IP address. However, since the IP address is logically set, it can be spoofed relatively easily, and high-security access control is difficult. There are drawbacks.

  Therefore, the present invention has been made in view of such circumstances, and an object thereof is to provide a configuration capable of performing high-security access control without using a router.

  Furthermore, the present invention provides a configuration for ensuring the reliable execution of a regular registration process of a client device in an authentication process for building an access control configuration, that is, a device registration process, specifically a registration completion notification configuration. Realize. In addition, in the device registration process, it solves the problem when the registration processing message executed between server clients differs depending on the version of the device registration processing execution program, and ensures reliable device registration processing even in a network environment where old and new devices are mixed It is an object to provide an information processing apparatus, an information processing method, and a computer program.

The first aspect of the present invention is:
An information processing apparatus that executes access control processing,
A data transmission / reception unit for performing data transmission / reception with a client as an access requesting device;
A storage unit for storing access control information including a client MAC address;
A registration processing unit that executes a client MAC address registration process based on a registration request from a client;
A data output unit for outputting data based on a device signal from the registration processing unit;
A data input unit for performing data input to the registration processing unit,
The registration processing unit
The registration confirmation data to be transmitted to the client is output based on the registration permission determination based on the registration request from the client, and is transmitted to the client based on the reception of the registration confirmation response from the client in response to the registration confirmation data. In the information processing apparatus, the registration completion confirmation data is output.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the registration processing unit outputs a reception status of a registration confirmation response from the client as a device signal, and the data output unit registers based on the device signal output Confirmation reception status information is output, and the registration processing unit executes the registration completion confirmation data output process based on a user input via the data input unit after the registration confirmation response reception status information is output. It is characterized by being.

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the registration processing unit outputs registration completion information as a device signal based on reception of a registration completion confirmation response from the client with respect to the registration completion confirmation, and the data The output unit is configured to output a registration completion message based on the device signal output.

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the registration processing unit sets a password request flag in the registration confirmation data as transmission data to the client, generates a password, and outputs the password to the data output unit In addition to executing the process, the password received from the client and the generated password are collated, and the registration completion confirmation data output process is executed on the condition that the collation is established.

Furthermore, the second aspect of the present invention provides
An information processing apparatus that executes access control processing,
A data transmission / reception unit for performing data transmission / reception with a client as an access requesting device;
A storage unit for storing access control information including a client MAC address;
A registration processing unit that executes a client MAC address registration process based on a registration request from a client;
The registration processing unit
The version information of the device authentication program included in the registration request from the client is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, processing of the old version of both programs is performed. An information processing apparatus having a configuration for selectively executing processing according to a sequence.

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the version information is information composed of a major version and a minor version, and the registration processing unit includes a device authentication program included in a registration request from a client If the major version of the device is different from the major version of the device authentication program executed on the local device, the process is stopped. If the major versions of the two match, the minor version of both is compared and the older version It is the structure which selectively performs the process according to the process sequence of the program corresponding to the minor version which shows.

Furthermore, the third aspect of the present invention provides
An information processing apparatus that executes access control processing,
A data transmission / reception unit for performing data transmission / reception with a client as an access requesting device;
A storage unit for storing access control information including a client MAC address;
A registration processing unit that executes a client MAC address registration process based on a registration request from a client;
The registration processing unit
Registration indicating that the client MAC address included in the registration request from the client has been registered in the access control information stored in the storage unit, and indicating that it has been registered based on the determination that it has been registered The information processing apparatus is configured to execute a process of outputting a completion notification as transmission data to the client.

  Furthermore, in an embodiment of the information processing apparatus of the present invention, the information processing apparatus includes a data output unit that outputs data based on a device signal from the registration processing unit, and the registration processing unit includes the registered Response reception information from the client in response to the notification is output as a device signal, and the data output unit is configured to output a message based on the device signal.

Furthermore, the fourth aspect of the present invention provides
An information processing apparatus as a client that executes access right registration processing for a server,
A data transmission / reception unit for performing data transmission / reception with the server;
A storage unit storing a client MAC address;
A registration request processing unit that executes client MAC address registration request processing;
The registration request processing unit
The version information of the device authentication program included in the registration confirmation from the server is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, the old version of the programs is processed. An information processing apparatus having a configuration for selectively executing processing according to a sequence.

  Furthermore, in one embodiment of the information processing apparatus of the present invention, the version information is information composed of a major version and a minor version, and the registration request processing unit includes a device authentication included in registration confirmation from a server. If the major version of the program is different from the major version of the device authentication program to be executed on the local device, the processing is stopped. If the major versions of both are the same, the minor versions of both are compared and the older version is obtained. The present invention is characterized in that a process according to a process sequence of a program corresponding to a minor version indicating a version is selectively executed.

Furthermore, the fifth aspect of the present invention provides
An information processing apparatus as a client that executes access right registration processing for a server,
A data transmission / reception unit for performing data transmission / reception with the server;
A storage unit storing a client MAC address;
A registration request processing unit for executing client MAC address registration request processing;
A data output unit that performs data output based on a device signal from the registration request processing unit,
The registration request processing unit
It is determined whether or not registered notification data indicating that it has been registered is included in the registration confirmation received from the server, and determination information that registered notification data is included is output as a device signal.
In the information processing apparatus, the data output unit is configured to execute message output based on the device signal.

Furthermore, the sixth aspect of the present invention provides
An information processing method for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
A registration processing step for executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The registration confirmation data to be transmitted to the client is output based on the registration permission determination based on the registration request from the client, and is transmitted to the client based on the reception of the registration confirmation response from the client in response to the registration confirmation data. There is provided an information processing method including a step of executing a process of outputting registration completion confirmation data.

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further outputs a registration confirmation response reception status from the client as a device signal, and a registration confirmation response reception status based on the device signal output. And a step of outputting information to a data output unit, wherein the registration completion confirmation data output process is executed based on a user input after the registration confirmation response reception status information is output.

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further outputs registration completion information as a device signal based on reception of a registration completion confirmation response from the client for the registration completion confirmation, A step of outputting a registration completion message based on the device signal output is provided.

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further includes: setting a password request flag in the registration confirmation data as transmission data to the client; generating a password; A step of outputting to the data output unit; and a step of collating the password received from the client with the generated password and executing the output process of the registration completion confirmation data on condition that the collation is established. .

Furthermore, the seventh aspect of the present invention provides
An information processing method for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
A registration processing step for executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The version information of the device authentication program included in the registration request from the client is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, processing of the old version of both programs is performed. An information processing method includes a step of selectively executing processing according to a sequence.

  Furthermore, in one embodiment of the information processing method of the present invention, the version information is information constituted by a major version and a minor version, and the registration processing step includes a device authentication program included in a registration request from a client If the major version of the device is different from the major version of the device authentication program executed on the local device, the process is stopped. If the major versions of the two match, the minor version of both is compared and the older version This is a step of selectively executing processing according to the processing sequence of the program corresponding to the minor version indicating.

Furthermore, the eighth aspect of the present invention provides
An information processing method for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
Determining whether or not the client MAC address included in the registration request from the client has been registered in the access control information stored in the storage unit;
Outputting a registered notification indicating that it has been registered based on the determination that it has been registered as transmission data for the client;
There is an information processing method characterized by comprising:

  Furthermore, in an embodiment of the information processing method of the present invention, the information processing method further outputs response reception information from a client for the registered notification as a device signal, and executes message output based on the device signal. It has a step.

Furthermore, the ninth aspect of the present invention provides
An information processing method in a client that executes access right registration processing for a server,
Sending a registration request to the server;
A comparison processing step for comparing the version information of the device authentication program included in the registration confirmation received from the server as a response to the registration request and the version information of the device authentication program executed in the own device;
Based on the result of the comparison process, a step of selecting and executing a process according to the process sequence of the old version of the program among the two programs;
There is an information processing method characterized by comprising:

  Furthermore, in one embodiment of the information processing method of the present invention, the version information is information composed of a major version and a minor version. In the information processing method, device authentication included in registration confirmation from a server If the major version of the program is different from the major version of the device authentication program to be executed on the local device, the processing is stopped. If the major versions of both are the same, the minor versions of both are compared and the older version is obtained. A process according to a process sequence of a program corresponding to a minor version indicating a version is selectively executed.

Furthermore, the tenth aspect of the present invention provides
An information processing method in a client that executes access right registration processing for a server,
Sending a registration request to the server;
Determining whether the registration confirmation received from the server as a response to the registration request includes registered notification data indicating registration;
Performing the message output according to the device signal based on the determination that the registered notification data is included in the determination;
There is an information processing method characterized by comprising:

Furthermore, an eleventh aspect of the present invention is
A computer program for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
A registration processing step for executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The registration confirmation data to be transmitted to the client is output based on the registration permission determination based on the registration request from the client, and is transmitted to the client based on the reception of the registration confirmation response from the client in response to the registration confirmation data. The computer program includes a step of executing a process of outputting registration completion confirmation data.

Furthermore, the twelfth aspect of the present invention is
A computer program for causing a computer constituting the server to execute device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
Performing a registration process step of executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The version information of the device authentication program included in the registration request from the client is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, processing of the old version of both programs is performed. The present invention resides in a computer program characterized in that it is a step of selectively executing processing according to a sequence.

Furthermore, the thirteenth aspect of the present invention is
A computer program for causing a computer constituting the server to execute device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
Determining whether or not the client MAC address included in the registration request from the client has been registered in the access control information stored in the storage unit;
Outputting a registered notification indicating that it has been registered based on the determination that it has been registered as transmission data for the client;
In a computer program characterized by causing

Furthermore, the fourteenth aspect of the present invention is
A computer program that causes a computer constituting a client to execute access right registration processing for a server,
Sending a registration request to the server;
A comparison processing step for comparing the version information of the device authentication program included in the registration confirmation received from the server as a response to the registration request and the version information of the device authentication program executed in the own device;
Based on the result of the comparison process, a step of selectively executing a process according to the process sequence of the old version program among the two programs;
In a computer program characterized by causing

Furthermore, the fifteenth aspect of the present invention provides
A computer program that causes a computer constituting a client to execute access right registration processing for a server,
Sending a registration request to the server;
Determining whether the registration confirmation received from the server as a response to the registration request includes registered notification data indicating registration;
In the determination, outputting information based on the determination that registered notification data is included as a device signal, and executing a message output based on the device signal;
In a computer program characterized by causing

  According to the configuration of the present invention, only the MAC address of the first device (client) authorized by the user operation is authenticated and registered in the second device, and the second device has the MAC address registered for authentication. As a result of allowing access only to other devices (clients), it is possible to avoid access from unauthorized parties who are not registered for authentication without installing a router to isolate other users in the same subnet. As a result of making the first device (client) attempting to authenticate the device unknown to the server, it is possible to provide access control with high security.

  Furthermore, according to the configuration of the present invention, as a final step of the MAC registration processing, a registration completion (Complete) confirmation process is executed, and a MAC (register) confirmation is sent from the server (device) side to the client (controller) side. Since it is configured to transmit, the user can confirm final registration completion based on the registration completion message in both devices. On the client (controller) side, on the condition that a MAC registration completion confirmation notification is received from the server (device) side, an SSDP (Simple Service Detection Protocol) M-search transmission process is executed as a service search process. For example, since it is guaranteed that the MAC registration is completed on the server (device) side, it is possible to reliably receive the response of the service search process.

  Further, according to the configuration of the present invention, the M-search transmission process is performed on the condition that the MAC registration completion confirmation notification is received from the server (device) side by performing the registration completion (Complete) confirmation process. Can be automatically executed, and the client can receive service information from the server following the registration process for the server without any user input processing or the like.

  Furthermore, according to the configuration of the present invention, when there is a MAC registration request from a client that has already been registered in the server's MAC list, a confirmation notification process for registration between devices is executed. Based on this notification, it is possible to display a message indicating that registration has been completed, and the user can confirm that the client device has already been registered in the server.

  Furthermore, according to the configuration of the present invention, in the device registration process between the server clients, the notification of the version information of the processing program of both devices is executed, and the device registration process is executed by adjusting the processing sequence. Therefore, device registration processing according to a unified processing sequence can be executed between devices storing various versions of programs.

  The computer program of the present invention is, for example, a storage medium or communication medium provided in a computer-readable format to a general-purpose computer system capable of executing various program codes, such as a CD, FD, MO, etc. Or a computer program that can be provided by a communication medium such as a network. By providing such a program in a computer-readable format, processing corresponding to the program is realized on the computer system.

  Other objects, features, and advantages of the present invention will become apparent from a more detailed description based on embodiments of the present invention described later and the accompanying drawings. In this specification, the system is a logical set configuration of a plurality of devices, and is not limited to one in which the devices of each configuration are in the same casing.

  The details of the information processing apparatus, information processing method, and computer program of the present invention will be described below with reference to the drawings.

[System Overview]
First, a network configuration example to which the present invention can be applied will be described with reference to FIG. FIG. 1 shows a server 101 that executes processing in response to processing requests from various client devices, and a PC 121, a monitor 122, a mobile phone 123, a playback device 124, and a PDA as client devices that make processing requests to the server 101. A configuration in which (Personal Digital Assistant) 125 is connected via a network 100, for example, a home network configuration is shown. In addition to this, various electronic devices and household electrical appliances can be connected as the client device.

  The processing executed by the server 101 in response to a request from the client is, for example, provision of content stored in a storage unit such as a hard disk held by the server 101 or a data processing service by executing an application program executable by the server. is there. In FIG. 1, the server 101 and the client device are distinguished from each other, but a device that provides a service for a request from the client is shown as a server, and each client device has its own device. When the data processing service is provided to other clients, the server function can be provided. Accordingly, the network-connected client device shown in FIG. 1 can also be a server.

  The network 100 is a wired or wireless network, and each connected device transmits and receives a communication packet such as an Ethernet (registered trademark) frame via the network 100. That is, the client executes a data processing request to the server 101 by transmitting a frame in which processing request information is stored in the data portion of the Ethernet (registered trademark) frame to the server 101. The server 101 executes data processing in response to the reception of the processing request frame, stores the result data as the data processing result in the data portion of the communication packet as necessary, and transmits it to each client.

The network connection device is configured by, for example, a universal plug and play (UPnP) compatible device. Therefore, it is a configuration in which connection devices can be easily added to and deleted from the network. New devices connected to the network
(1) Addressing processing for acquiring a self device ID such as an IP address.
(2) Discovery processing for searching each device on the network, receiving a response from each device, and acquiring information such as device type and function included in the response.
(3) Service request processing for requesting a service from each device based on information acquired by the discovery processing.
By performing the above processing procedure, it is possible to receive a service to which a device connected to the network is applied.

  An example of a hardware configuration of a PC will be described with reference to FIG. 2 as an example of an information processing apparatus that constitutes the server and the client apparatus shown in FIG.

  A CPU (Central Processing Unit) 201 executes various processes in accordance with programs stored in a ROM (Read Only Memory) 202, an HDD (hard disk drive) 204, or the like, and performs data processing means or communication control processing means. Function as. A RAM (random access memory) 203 appropriately stores programs executed by the CPU 201 and data. The CPU 201, ROM 202, RAM 203, and HDD 204 are connected to each other via a bus 205.

  An input / output interface 206 is connected to the bus 205. The input / output interface 206 includes, for example, an input unit 207 including a keyboard, a switch, a button, or a mouse operated by the user, and various kinds of information to the user. An output unit 208 composed of an LCD, a CRT, a speaker and the like for presenting the information is connected. Further, a communication unit 209 functioning as a data transmission / reception means, and a removable recording medium 211 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory can be mounted, and data reading or writing processing from these removable recording media 211 is possible. Is connected.

  The configuration shown in FIG. 2 is an example of a server or personal computer (PC) as an example of the network connection device shown in FIG. 1. However, the network connection device is not limited to a PC, and a mobile phone or PDA as shown in FIG. In addition, it can be constituted by various electronic devices such as a portable communication terminal such as a playback device and a display, and an information processing device. Therefore, it is possible to have a hardware configuration unique to each device, and processing according to the hardware is executed.

  FIG. 3 is a block diagram showing a minimum configuration example of the server 310 and the client 320 of the home network 300 to which the device authentication apparatus according to the present invention is applied. The network constituted by the server 310 and the client 320 shown in this figure provides the so-called UPnP (Universal Plug and Play) environment described above. In the example illustrated in FIG. 3, the client 320 is assumed to be configured by a network-compatible device 321 that executes various communication processes with the server and a television receiver 322 that displays received content from the server, for example.

  The server 310 provides various application functions and content data in response to a request from the network compatible device 321. The network-compatible device 321 is hardware that functions as a control point of the home network 300, and requests the server 310 to execute a designated service in accordance with an event that occurs in response to a user operation, or a server in response to the request. The service provided from the 321 side is processed.

  In such a network configuration, for example, when MPEG-compressed video material is stored on the server 310 side and the network compatible device 321 requests transmission of the video material, the server 310 responds to a request from the network compatible device 321. The video material is transmitted, and the network compatible device 321 supplies a video signal obtained by decoding (expanding) the MPEG-compressed video material to the television receiver 322 to reproduce the video.

[Configuration of device authentication device]
In the home network described above, a device authentication device that prevents unauthorized access from other users in the same subnet is mounted on the server and the network-compatible device. FIG. 4 is a block diagram showing a functional configuration of the device authentication apparatus.

  The device authentication apparatus 350 is a program aggregate formed from various routines called methods that define operations on objects. The device authentication device 350 is mounted on the client, that is, the controller 351 mounted on the network-compatible device side and on the server side. This is a virtual device composed of the device 352.

  The controller 351 generates a user signal in response to a user operation performed when a registration request is made, for example, a registration button is pressed. The controller 351 broadcasts a registration request in the UDP layer in accordance with a user signal generated in response to a user operation. In addition, the controller 351 receives a method unicast in the TCP layer from the device 352 side, returns a response, and generates a device signal for displaying contents corresponding to the received method.

  On the other hand, the device 352 generates a user signal in response to a user operation performed at the time of registration confirmation, for example, pressing of a confirmation button. When the device 352 receives a registration request broadcast from the controller 351 side, the device 352 registers the client side MAC address in the MAC address table and authenticates the device according to a user signal generated in response to a user operation. The fact that the authentication is registered on the controller 351 side is unicast in the TCP layer.

  The device 352 receives a response unicast returned from the controller 351 in the TCP layer, and generates a device signal for displaying contents corresponding to the received response. The device 352 instructs to erase all or part of the MAC addresses registered in the MAC address table in accordance with a predetermined user operation. In addition, the device 352 rejects access from a device having a MAC address other than that registered in the MAC address table and does not return anything.

  Therefore, in the home network 100 including the device authentication apparatus 350 including the controller 351 and the device 352, the apparatus authentication apparatus 350 is authenticated and registered without installing a router for isolation from other users in the same subnet. In order to prevent access from an unauthorized unauthorized party while preventing the controller 351 from attempting to authenticate the device illegitimately, it is possible to perform access control with high security.

[Example of client registration process-Example 1]
Next, a first embodiment of client registration processing by the device authentication apparatus 350 will be described with reference to FIGS. Here, for example, in the home network shown in FIGS. 1 and 3, a new network compatible device including the controller 351 is connected, and the controller 351 mounted on the new network compatible device (client side) is connected to the server side. The operation (procedure) for requesting authentication registration to the device 352 will be described.

  The device authentication apparatus 350 includes a mode for device authentication without using a password and a mode for device authentication using a password. The operation will be described below for each mode.

1 When there is no one-time password In the mode of device authentication without using a password, authentication registration is performed in the sequence shown in FIG. Hereinafter, a description will be given with reference to the sequence shown in FIG. First, the user presses a registration button provided on the client (controller 351) side. Then, the controller 351 broadcasts a MAC address registration method in the UDP layer in accordance with a user signal A (USA) generated in response to pressing of the registration button. As a form of broadcasting, for example, broadcast transmission is performed every 3 seconds for 5 minutes. If the controller 351 cannot receive the MAC registration confirmation method from the device 352 after 5 minutes, the controller 351 determines that the authentication has failed and starts over.

  After the user presses a registration button provided on the client (controller 351) side, the user moves to the server (device 352) side. Then, a confirmation button provided on the server side is pressed. Then, the device 352 receives the MAC address registration method for 10 seconds in accordance with the user signal B (USB) generated in response to pressing of the confirmation button.

  If multiple MAC address registration methods with the same MAC address are received in 10 seconds, the device 352 temporarily stores the MAC address in the MAC address table, and then “is found the device. The device signal A (DSA) that displays the message “??” is generated and waits for one minute in that state. This device signal A (DSA) may be omitted.

  While waiting for one minute, the user presses a confirmation button provided on the server side. Then, the device 352 unicasts the MAC registration confirmation method to the controller 351 in the TCP layer according to the user signal C (USC) generated accordingly.

  If the device signal A (DSA) is omitted in the previous section, the user signal C (USC) is not required when the MAC address registration method having the same MAC address is received for 10 seconds, and the device 352 immediately receives the MAC. The registration confirmation method is unicast to the controller 351 in the TCP layer. The registered device name dev-name is added to the MAC registration confirmation method.

  Upon receiving the MAC registration confirmation method, the controller 351 stops transmitting the MAC address registration method and, based on the device name dev-name included in the received MAC registration confirmation method, gives the user “device“ XXXX ”. A device signal Z (DSZ) is generated to display the message "Registered." Then, the MAC registration confirmation response to which the name cp-name is added is unicasted back to the device 352.

  Upon receiving the MAC registration confirmation response from the controller 351, the device 352 can register “controller“ YYYY ”for the user based on the controller name cp-name included in the MAC registration confirmation response. A device signal D (DSD) for displaying the message “??” is generated.

  Here, the user presses a confirmation button provided on the server side. Then, the device 352 generates a device signal Z (DSZ) for displaying a message “controller“ YYYY ”has been registered” to the user in accordance with the user signal D (USD) generated accordingly, and authentication registration is performed. Finish.

  When the above-described authentication registration is completed, when the device 352 receives an M-search of SSDP (Simple Service Detection Protocol) executed as a service search process from the controller 351, the device 352 refers to the MAC list, and receives information from the registered device 352. Confirm that it is a request, and respond to the service search.

  If the device 352 receives an M-search of SSDP (Simple Service Detection Protocol) from the controller 351 before receiving the user signal D (USD), that is, before completely completing the authentication registration, the device 352 returns a response. It is supposed not to.

2. With One-Time Password Next, an authentication registration operation performed in a mode for performing device authentication using a password will be described with reference to the sequence shown in FIG. First, the user presses a registration button provided on the client (controller 351) side. Then, the controller 351 broadcasts a MAC address registration method in the UDP layer in accordance with a user signal A (USA) generated in response to pressing of the registration button. As a form of broadcasting, for example, it is performed every 3 seconds for 5 minutes. If the MAC registration confirmation cannot be received from the device 352 after 5 minutes, it is determined that the authentication has failed, and the process is restarted from the beginning.

  After pressing the registration button provided on the client (controller 351) side, the user moves to the server (device 352) side. Then, a confirmation button provided on the server side is pressed. Then, the device 352 receives the MAC address registration method for 10 seconds in accordance with the user signal B (USB) generated in response to pressing of the confirmation button.

  If the MAC address registration method is received from only the same MAC address for 10 seconds, the device 352 temporarily stores the MAC address in the MAC address table, and then asks the user “A device was found. The device signal A (DSA) which displays the message “is generated” is waited for 1 minute in this state.

  If a MAC address registration method is received from the controller 351 that has already been registered for authentication, the device 352 transmits a MAC registration confirmation method that means completion of MAC registration, and immediately ends authentication registration.

  Now, while waiting for one minute in a state where the device signal A (DSA) is generated, the user presses a confirmation button provided on the server side. Then, the device 352 unicasts the MAC registration confirmation method in the TCP layer according to the user signal C (USC) generated in response to pressing of the confirmation button. A password request flag is added to the MAC registration confirmation method.

  Upon receiving the MAC registration confirmation method with the password request flag added, the controller 351 stops sending the MAC address registration method and returns a MAC registration confirmation response to the device 352 by unicast.

  When the device 352 receives the MAC registration confirmation response, the device 352 displays a device signal C (DSC) for displaying a message “the one-time password for the controller“ YYYY ”is“ XXX ””. Occurs and waits for 5 minutes with a one-time password presented.

  On the other hand, based on the password request flag included in the received MAC registration confirmation method, the controller 351 displays a device signal B (DSB) that displays a message “Please enter the password for device“ XXXX ”” to the user. And wait for 5 minutes to enter the one-time password.

  During this standby, the user moves from the server side to the client (controller 351) side. Then, the user who has moved to the client (controller 351) side inputs the password. Then, the controller 351 unicasts the password method with the input password added to the device 352 in the TCP layer and waits for 10 seconds.

  When the device 352 receives a password method from the controller 351 in a five-minute standby state where a one-time password is presented, the device 352 collates with a one-time password set in advance. Hereinafter, the operation will be described separately for the case of password verification OK and the case of password verification NG.

(A) In case of password verification OK If the one-time password sent from the controller 351 is appropriate, the device 352 officially authenticates and registers the MAC address temporarily stored in the MAC address table, and then verifies it to the controller 351. Returns a password response with unicast. Then, a device signal Z (DSZ) for displaying a message “Controller“ YYYY ”has been registered” is generated for the user, and the authentication registration is completed.

  On the other hand, when the controller 351 receives the password response with the verification OK added from the device 352 while unicasting the password method to the device 352 in the TCP layer and waiting for 10 seconds, it is assumed that the MAC address is authenticated and registered. The device authentication is completed by generating a device signal Z (DSZ) that displays a message “Registered in device“ XXXX ”.”

  When the above-described authentication registration is completed, when the device 352 receives an M-search of SSDP (Simple Service Detection Protocol) executed as a service search process from the controller 351, the device 352 refers to the MAC list, and receives information from the registered device 352. Confirm that it is a request, and respond to the service search.

  When the device 352 receives an M-search of SSDP (Simple Service Detection Protocol) from the controller 351 before issuing the device signal Z (DSZ), that is, before completing the authentication registration, the device 352 It does not respond.

(B) In the case of password verification NG If the one-time password sent from the controller 351 is invalid, the device 352 returns a password response with the verification NG added to the controller 351 by unicast, and the password is input again from the controller 351. Wait 5 minutes to be done.

  If the password verification NG is continued three times during this waiting period, the device 352 stops retrying the password input and displays a message “controller“ YYYY ”cannot be registered” to the user. (DSZ) is generated to complete the device authentication. In this case, the device 352 erases the MAC address temporarily stored in the MAC address table.

  On the other hand, when the controller 351 receives a password response to which a retry stop result code is added from the device 352, the device signal Z (DSZ) displays a message “Cannot be registered in the device“ XXXX ”” to the user. ) To end device authentication.

3 When a different controller is detected Next, the operation when the device 352 detects another controller different from the controller 351 that broadcasts the MAC address registration method while receiving the MAC address registration method for 10 seconds is shown in FIG. Will be described with reference to FIG.

  The user presses a registration button provided on the client (controller 351) side, and the controller 351 broadcasts a MAC address registration method in the UDP layer in accordance with a user signal A (USA) generated accordingly. Thereafter, when the user moves to the server (device 352) side and presses the confirmation button provided on the server side, the device 352 registers the MAC address according to the user signal B (USB) generated in response to the pressing of the confirmation button. Receive method for 10 seconds.

  If the MAC address registration method from a different MAC address is received during this 10 seconds, the device 352 displays a message “X Multiple controllers have been found. Registration is not performed” to the user. (DSX) is generated to cancel device authentication.

  In this way, when the device 352 side unilaterally ends the device authentication, the controller 351 cannot receive the MAC registration confirmation method, and when the five-minute time limit for broadcasting the MAC address registration method has elapsed, the user is notified with “ The device signal X (DSX) that displays the message "registration failed" is generated and device authentication is stopped.

  In addition, if the device 352 receives a plurality of MAC address registration methods from the same MAC address within 2 seconds during the period of receiving the MAC address registration method for 10 seconds, the device 352 indicates to the user that “an illegal controller has been found. Device registration is terminated by generating a device signal X (DSX) that displays the message “No registration is performed”.

  Also in this case, the controller 351 cannot receive the MAC registration confirmation method, and when the 5-minute time limit for broadcasting the MAC address registration method has elapsed, the message “registration failed” is given to the user. The device signal X (DSX) for displaying is generated and the device authentication is stopped.

  As described above, when the MAC address registration method from the controller 351 conflicts, the device 352 does not perform device authentication and prevents unauthorized access by not responding to any of the controllers 351 having the conflicting MAC address. Therefore, the controller 351 that tries to authenticate the device illegally is not made aware of its existence.

  In addition, when the user performs the registration work cancel processing provided in the controller 351 at the stage where the MAC address registration method is broadcast from the controller 351 of this procedure in the UDP layer, the controller 351 immediately transmits the MAC address registration method. Instead, the MAC address registration stop method is broadcast several times instead, and the process is terminated. When the device receiving the MAC address for 10 seconds receives this MAC address registration cancellation method, it immediately stops processing and presents a message such as “device registration has been canceled” to the user.

  As described above, according to the present embodiment, when the user presses the registration button on the client (controller 351) side, the controller 351 broadcasts the MAC address registration method on the network at regular intervals for a certain period of time. When the user presses the confirmation button on the server side, when the device 352 receives a MAC address registration method having the same MAC address within a predetermined time, the device 352 temporarily stores the MAC address in the MAC address table. When the user presses the confirmation button on the server side, the device 352 unicasts the MAC registration confirmation method to the controller 351, and the controller 351 that receives the unicast returns a MAC registration confirmation response to the device 352. Then, when the device 352 receives the MAC registration confirmation response and prompts the user to perform authentication registration, when the user presses a confirmation button provided on the server side, the MAC address temporarily stored in the MAC address table is authenticated. be registered.

  Thus, only the MAC address of the controller 351 (client) authorized by the user is authenticated and registered in the MAC address table of the device 352, and the device 352 accesses the controller 351 (client) of the MAC address authenticated and registered in the MAC address table. As a result of executing the permitted MAC address filtering, the device authentication apparatus 350 avoids access from unauthorized parties who are not registered for authentication, without installing a router and isolating it from other users in the same subnet. Since the controller 351 to be authenticated does not know the existence of the server 1, it is possible to provide access control with high security.

  The device authentication apparatus 350 according to the present invention can also implement a function of protecting copyright using the access control described above. That is, for device authentication, as described above, the user must operate the confirmation button provided on the server side and the registration button provided on the client (controller 351) side.

  For this reason, the controller 351 (client) of another user in the same subnet cannot be authenticated on the home network 100 side. Therefore, the server 1 of the home network 100 is illegally accessed and stored in the server 1. There is no situation where the copyright of the content is infringed.

  In the above-described embodiment, the device authentication apparatus 350 provided in a pair of servers / clients has been described as an example in order to simplify the description. However, the gist of the present invention is not limited thereto. Of course, the present invention can also be applied to a network including a plurality of servers and a plurality of clients. That is, when there are a plurality of servers (devices 352), if the user presses the confirmation button on the server to be authenticated, that server is necessarily an authentication source.

[Example of client registration process-Example 2]
Next, a second embodiment of the client registration process will be described with reference to FIGS. In the second embodiment, a registration completion (Complete) confirmation process is executed as the final step of the MAC registration process.

  This embodiment also includes a mode for device authentication without using a password and a mode for device authentication using a password, and the operation will be described below for each mode.

1 When there is no one-time password In the mode of device authentication without using a password, authentication registration is performed in the sequence shown in FIG. Hereinafter, description will be given with reference to the sequence shown in FIG. First, the user presses a registration button provided on the client (controller 351) side. Then, the controller 351 broadcasts a MAC address registration method in the UDP layer in accordance with a user signal A (USA) generated in response to pressing of the registration button. As a form of broadcasting, for example, broadcast transmission is performed every 3 seconds for 5 minutes. If the controller 351 cannot receive the MAC registration confirmation method from the device 352 after 5 minutes, the controller 351 determines that the authentication has failed and starts over.

  After the user presses a registration button provided on the client (controller 351) side, the user moves to the server (device 352) side. Then, a confirmation button provided on the server side is pressed. Then, the device 352 receives the MAC address registration method for 10 seconds in accordance with the user signal B (USB) generated in response to pressing of the confirmation button.

  When a plurality of MAC address registration methods having the same MAC address are received for 10 seconds, the device 352 temporarily stores the MAC address in the MAC address table, and then transmits the MAC registration confirmation method to the controller 351 in the TCP layer. Cast. The registered device name dev-name is added to the MAC registration confirmation method.

  If a plurality of MAC address registration methods having the same MAC address are not received in 10 seconds, the device 352 generates a device signal A (DSA) that displays a message “Could not find device”. End device authentication.

  When the controller 351 receives the MAC registration confirmation method, the controller 351 stops transmitting the MAC address registration method and unicasts back a MAC registration confirmation response with its own name cp-name added thereto to the device 352. Thereafter, the controller 351 shifts to a reception standby state of the MAC registration completion confirmation method.

  Upon receiving the MAC registration confirmation response from the controller 351, the device 352 can register “controller“ YYYY ”for the user based on the controller name cp-name included in the MAC registration confirmation response. A device signal C (DSC) for displaying the message “??” is generated.

  Here, the user presses a confirmation button provided on the server side. Then, the device 352 performs registration processing according to the user signal C (USC) generated accordingly, and unicasts the MAC registration completion confirmation method to the controller 351 in the TCP layer. The registered device name dev-name is added to the MAC registration completion confirmation method.

  When the controller 351 receives the MAC registration completion confirmation method, the controller 351 returns a MAC registration completion confirmation response to the device 352 by unicast. Further, based on the device name dev-name included in the received MAC registration completion confirmation method, a device signal Z (DSZ) for displaying a message “Registered in device“ XXXX ”” is generated for the user. .

  When the device 352 waits for a predetermined time, for example, 10 seconds after sending the MAC registration completion confirmation method, and receives a MAC registration completion confirmation response from the controller 351, the device 352 sends a message “controller“ YYYY ”registered” to the user. A device signal Z (DSZ) to be displayed is generated to complete the authentication registration.

  If the device 352 waits for a predetermined time, for example, 10 seconds after transmitting the MAC registration completion confirmation method, and does not receive a MAC registration completion confirmation response from the controller 351, two settings are possible. First, regardless of whether or not a MAC registration completion confirmation response has been received, registration is validated, and a device signal Z (DSZ) is generated that displays the message “controller“ YYYY ”registered” to the user. This is a processing mode for completing authentication registration.

  In another processing mode, when the device 352 does not receive the MAC registration completion confirmation response from the controller 351 within a predetermined time, the registration is invalidated, and the device 352 side registers “controller“ YYYY ”to the user. This is a mode in which the message “Canceled.” Is displayed and the process is terminated. When this registration invalidation processing is executed, the device 352 transmits a registration cancellation notice to the controller 351, and the controller 351 indicates that “registration to the device“ XXXX ”has been canceled” for the user. The message is preferably displayed.

  As the processing when the device 352 does not receive the MAC registration completion confirmation response from the controller 351 for a predetermined time, the above two processing modes can be set.

  When the controller 351 is registered in the MAC list of the device 352 and authentication registration is completed, after that, when the device 352 receives an M-search of SSDP (Simple Service Detection Protocol) executed as a service search process from the controller 351, By referring to the MAC list, it is confirmed that the request is from the registered device 352, and a response to the service search is made.

  If the device 352 receives an SSDP (Simple Service Detection Protocol) M-search from the controller 351 before completing the authentication registration, the device 352 does not respond because it is not registered in the MAC list. .

2. With One-Time Password Next, an authentication registration operation performed in a mode for performing device authentication using a password will be described with reference to the sequence shown in FIG. First, the user presses a registration button provided on the client (controller 351) side. Then, the controller 351 broadcasts a MAC address registration method in the UDP layer in accordance with a user signal A (USA) generated in response to pressing of the registration button. As a form of broadcasting, for example, broadcast transmission is performed every 3 seconds for 5 minutes. If the controller 351 cannot receive the MAC registration confirmation method from the device 352 after 5 minutes, the controller 351 determines that the authentication has failed and starts over.

  After the user presses a registration button provided on the client (controller 351) side, the user moves to the server (device 352) side. Then, a confirmation button provided on the server side is pressed. Then, the device 352 receives the MAC address registration method for 10 seconds in accordance with the user signal B (USB) generated in response to pressing of the confirmation button.

  If multiple MAC address registration methods with the same MAC address are received in 10 seconds, the device 352 temporarily stores the MAC address in the MAC address table and displays a message “device found” to the user. Device signal A (DSA) is generated, and the MAC registration confirmation method is unicast in the TCP layer. A password request flag is added to the MAC registration confirmation method.

  If a plurality of MAC address registration methods having the same MAC address are not received in 10 seconds, the device 352 generates a device signal A (DSA) that displays a message “Could not find device”. End device authentication.

  Upon receiving the MAC registration confirmation method with the password request flag added, the controller 351 stops sending the MAC address registration method and returns a MAC registration confirmation response to the device 352 by unicast.

  When the device 352 receives the MAC registration confirmation response, the device 352 displays a device signal C (DSC) for displaying a message “the one-time password for the controller“ YYYY ”is“ XXX ””. Occurs and waits for 5 minutes with a one-time password presented. In FIG. 9, [1334] is illustrated as a password. This password is generated by the device 352 by, for example, random number generation processing.

  On the other hand, based on the password request flag included in the received MAC registration confirmation method, the controller 351 displays a device signal B (DSB) that displays a message “Please enter the password for device“ XXXX ”” to the user. And wait for 5 minutes to enter the one-time password.

  During this standby, the user moves from the server side to the client (controller 351) side. Then, the user who has moved to the client (controller 351) side inputs the password displayed on the device 352 side from the input means on the client (controller 351) side. Then, the controller 351 unicasts the password method with the input password added to the device 352 in the TCP layer and waits for 10 seconds.

  When the device 352 receives the password method from the controller 351 during the five-minute standby state after the one-time password is presented, the device 352 collates with the one-time password set in advance. Hereinafter, the operation will be described separately for the case of password verification OK and the case of password verification NG.

(A) In case of password verification OK When the one-time password sent from the controller 351 is appropriate, that is, matches the one-time password set by the device, the device 352 officially stores the MAC address temporarily stored in the MAC address table. Then, a password response with verification OK is returned to the controller 351 by unicast.

  When the controller 351 receives the password response to which the verification OK is added from the device 352 while waiting for 10 seconds after unicasting the password method to the device 352 in the TCP layer, the controller 351 shifts to the reception waiting state of the MAC registration completion confirmation method. .

  In addition, the device 352 generates a device signal C (DSC) that displays a message “Register controller“ YYYY ”to the user. Are you sure you want to register?” Based on the controller name cp-name. To do.

  Here, the user presses a confirmation button provided on the server side. Then, the device 352 performs registration processing according to the user signal C (USC) generated accordingly, and unicasts the MAC registration completion confirmation method to the controller 351 in the TCP layer. The registered device name dev-name is added to the MAC registration completion confirmation method.

  When the controller 351 receives the MAC registration completion confirmation method, the controller 351 returns a MAC registration completion confirmation response to the device 352 by unicast. Further, based on the device name dev-name included in the received MAC registration completion confirmation method, a device signal Z (DSZ) for displaying a message “Registered in device“ XXXX ”” is generated for the user. .

  When the device 352 waits for a predetermined time, for example, 10 seconds after sending the MAC registration completion confirmation method, and receives a MAC registration completion confirmation response from the controller 351, the device 352 sends a message “controller“ YYYY ”registered” to the user. A device signal Z (DSZ) to be displayed is generated to complete the authentication registration.

  If the device 352 waits for a predetermined time, for example, 10 seconds after transmitting the MAC registration completion confirmation method, and does not receive a MAC registration completion confirmation response from the controller 351, two settings are possible. First, regardless of whether or not a MAC registration completion confirmation response has been received, registration is validated, and a device signal Z (DSZ) is generated that displays the message “controller“ YYYY ”registered” to the user. This is a processing mode for completing authentication registration.

  In another processing mode, when the device 352 does not receive the MAC registration completion confirmation response from the controller 351 within a predetermined time, the registration is invalidated, and the device 352 side registers “controller“ YYYY ”to the user. This is a mode in which the message “Canceled.” Is displayed and the process is terminated. When this registration invalidation processing is executed, the device 352 transmits a registration cancellation notice to the controller 351, and the controller 351 indicates that “registration to the device“ XXXX ”has been canceled” for the user. The message is preferably displayed.

  As the processing when the device 352 does not receive the MAC registration completion confirmation response from the controller 351 for a predetermined time, the above two processing modes can be set.

  When the controller 351 is registered in the MAC list of the device 352 and authentication registration is completed, after that, when the device 352 receives an M-search of SSDP (Simple Service Detection Protocol) executed as a service search process from the controller 351, By referring to the MAC list, it is confirmed that the request is from the registered device 352, and a response to the service search is made.

  If the device 352 receives an SSDP (Simple Service Detection Protocol) M-search from the controller 351 before completing the authentication registration, the device 352 does not respond because it is not registered in the MAC list. .

(B) In the case of password verification NG If the one-time password sent from the controller 351 is invalid, that is, does not match the one-time password set by the device, the device 352 adds the verification NG to the controller 351. The response is returned by unicast, and the controller 351 waits for 5 minutes to input the password again.

  If the password verification NG is continued three times during this waiting period, the device 352 stops retrying the password input and displays a message “controller“ YYYY ”cannot be registered” to the user. (DSE) is generated to complete the device authentication. In this case, the device 352 erases the MAC address temporarily stored in the MAC address table.

  On the other hand, when the controller 351 receives a password response to which a retry stop result code is added from the device 352, the device signal E (DSE) that displays a message “cannot be registered in the device“ XXXX ”” to the user. ) To end device authentication.

  In the second embodiment, while the device 352 receives the MAC address registration method for 10 seconds, the operation when detecting another controller different from the controller 351 that broadcasts the MAC address registration method is described in the embodiment. 1 (see FIG. 7), the device 352 displays a message “A plurality of controllers have been found. Registration is not performed” to the user, and device authentication is stopped.

  In this way, when the device 352 side unilaterally ends the device authentication, the controller 351 cannot receive the MAC registration confirmation method, and when the five-minute time limit for broadcasting the MAC address registration method has elapsed, the user is notified with “ The message "Registration failed" is displayed and device authentication is canceled.

  In addition, if the device 352 receives a plurality of MAC address registration methods from the same MAC address within 2 seconds during the period of receiving the MAC address registration method for 10 seconds, the device 352 indicates to the user that “an illegal controller has been found. The message “No registration will be performed” is displayed and the device authentication is terminated.

  Also in this case, the controller 351 cannot receive the MAC registration confirmation method, and when the 5-minute time limit for broadcasting the MAC address registration method has elapsed, the message “registration failed” is given to the user. Is displayed and device authentication is canceled.

  As described above, when the MAC address registration method from the controller 351 competes, the device 352 does not perform device authentication and does not respond to any of the controllers 351 having the conflicting MAC address, thereby preventing unauthorized access. Therefore, the controller 351 that tries to authenticate the device illegally is not made aware of its existence.

  As described above, according to the processing configuration of the second embodiment, as a final step of the MAC registration processing, the configuration is such that the registration completion (Complete) confirmation processing is executed, and the MAC registration completion confirmation is received from the server (device) side by the client. Since the transmission is made to the (controller) side, the user can confirm final registration completion based on the registration completion message in both devices.

  On the client (controller) side, on the condition that a MAC registration completion confirmation notification is received from the server (device) side, an SSDP (Simple Service Detection Protocol) M-search transmission process is executed as a service search process. For example, since it is guaranteed that the MAC registration is completed on the server (device) side, it is possible to reliably receive the response of the service search process.

  This processing sequence may be automatically executed based on a program of a device on the client (controller) side without executing an explicit M-search transmission processing start command by the user. That is, the M-search transmission process is automatically executed on condition that the MAC registration completion confirmation notification is received from the server (device) side. By setting such an automatic execution processing sequence, the client can receive service information from the server following the registration processing for the server without any user input processing or the like.

[Registration request from registered controller]
Next, processing when a MAC address registration request from a client (controller) that has already been registered in the MAC list on the server (device) side occurs will be described with reference to the flowchart of FIG.

  In the normal registration process, as described above, when the server (device) receives a MAC address registration request from the client (controller), it transmits a MAC registration confirmation to the client. However, if the MAC address included in the registration request is the same as that registered in the MAC list of the server, the server (device) is already registered with the client (controller). Send a registered notification indicating. Each step of the flow shown in FIG. 10 will be described.

  First, in step S111, the client-side controller 351 broadcasts a MAC address registration method in the UDP layer based on a user instruction. In step S211, the server device 352 determines whether or not the MAC address included in the MAC registration request from the controller has been registered in the MAC list. If the MAC address is not included in the list, in step S221, the normal device 352 The MAC registration processing sequence is executed. This is processing in accordance with each processing example described above.

  On the other hand, if the device 352 determines in step S211 that the MAC address included in the MAC registration request from the controller has been registered in the MAC list, in step S212, a registered notification that clearly indicates that it has been registered. Is transmitted to the controller 351 on the client side as a MAC registration confirmation.

  The controller 351 on the client side waits for registration confirmation after sending the MAC registration request in step S111, and if no registration confirmation is received within the waiting time (step S112: No, step S121: Yes), in step S122 A time-out notification is executed to the higher-level application program, and a message display process or the like indicating failure of registration confirmation reception is executed by the higher-level application program.

  If the registration confirmation is received within the specified time, the process proceeds to step S113, and it is determined whether or not the registration is notified. If it is not a registered notification, the process proceeds to step S123, and a normal MAC registration processing sequence is executed. This is processing in accordance with each processing example described above. If it is a registered notification, the process proceeds to step S114, and a registration confirmation response as an acknowledgment response message to the registered notification is transmitted to the server (device) side.

  After transmitting the registered notification in step S212, the server (device 352) waits for a registration confirmation response and does not receive the registration confirmation response within the waiting time (step S213: No, step S222: Yes). In step S223, a time-out notification is executed to the upper application program, and a message display process or the like indicating a failure in receiving the registration confirmation response is executed by the upper application program.

  If a registration confirmation response is received within the waiting time (step S213: Yes), a registered notification is executed to the upper application program in step S214. The upper application program executes, for example, a message display process indicating that it has been registered, and ends the process.

  On the other hand, in step S114, the client (controller 351) that has transmitted a registration confirmation response as an acknowledgment response message to the registered notification to the server (device) side executes a registered notification to a higher-level application program in step S115. The upper application program executes, for example, a message display process indicating that it has been registered, and ends the process.

  In this way, when there is a MAC registration request from a client that has already been registered in the server's MAC list, a confirmation notification process is performed between devices, and registration is performed based on these notifications. A message indicating that the client device has been registered can be displayed, and the user can confirm that the client device has already been registered in the server.

[Version management in registration request processing]
As described in the first and second embodiments of the client registration processing example described above, the device registration processing sequence executed between server clients may be executed according to different sequences. This is because the processing sequence differs depending on the version of the device authentication program stored in the client or server. For example, the above-described client registration processing example 1 is defined as a different version, such as version 1.0, and example 2 is a version 1.1 program.

  When the device authentication processing programs stored in both the server and the client are the same version, the processing is executed according to the processing sequence that matches both, but different versions of the processing programs are in both devices. If they are stored and processed in different processing sequences, normal device registration processing is not executed as a result.

  Therefore, in the configuration of the present invention, the version information of the processing program is notified between the server clients, and the device registration is executed by matching the processing sequence.

  The versions of the processing programs are sequentially changed from [1.0], [1.1], [1.2]. . , [2.0], [2.1]. . It is set like this. [X. The two numerical values y] are defined as x = major version and y = minor version, respectively.

  Here, for those with the same major version, the newer version supports the old version processing sequence. That is, version [1.2] supports [1.0] and [1.1]. Version [2.1] supports [2.0]. Processing based on notification of version information in the device registration processing sequence will be described with reference to FIGS.

  FIG. 11 is a flowchart for explaining the procedure for setting the processing sequence based on the version notification from the client (controller) side on the server (device) side. In step S501, the server receives a MAC registration request from the client. This is the MAC address registration method described in the first and second embodiments of the client registration processing example described above, and is broadcast data every 3 seconds for 5 minutes in the UDP layer, for example.

  The client stores the version information of the execution program of the MAC registration processing sequence executed by itself, for example, [1.0], [1.1], etc. in the MAC registration request from the client, and transmits it to the server.

  When the server receives the MAC registration request (Register) from the client in step S501, the server, in step S502, the major version in the version information included in the MAC registration request from the client and the version of the processing program that can be executed by itself. The possibility of processing is determined based on comparison of major versions of information.

  As described above, if the same major version can be processed, the major version in the version information included in the MAC registration request from the client and the major version of the version information of the self-executable processing program are included. If they match, the process proceeds to step S503. If they do not match, it is determined that the process is not possible, and the process ends. In this case, the server may be configured to execute processing for notifying the client that processing cannot be performed.

  In step S503, the minor version in the version information included in the MAC registration request from the client is compared with the minor version in the version information of the self-executable processing program. If the minor version included in the client's MAC registration request is smaller than the minor version of the self-executable processing program, the process proceeds to step S505, and the processing sequence in accordance with the version information included in the MAC registration request from the client. Execute the process.

  On the other hand, if the minor version included in the client's MAC registration request is not smaller than the minor version of the self-executable processing program, the process proceeds to step S504, and processing in a processing sequence according to the version of the processing program owned by the client is performed. Execute.

  Next, a procedure for setting a processing sequence on the client (controller) side based on the version notification from the server (device) side will be described with reference to FIG. In step S701, the client receives a MAC registration confirmation request (Confirm) from the server. This is a response from the server to the MAC address registration method transmitted from the client described in the first and second embodiments of the client registration processing example described above, and is unicast data in the TCP layer.

  The server stores the version information of the execution program of the MAC registration process sequence executed by itself in the MAC registration confirmation transmitted from the server, for example, [1.0], [1.1], etc., and transmits it to the client.

  In step S701, when the client receives the MAC registration confirmation from the server, the client, in step S702, measures the major version in the version information included in the MAC registration confirmation from the server and the major information of the version information of its executable processing program. The possibility of processing is determined based on the version comparison.

  If the major version is the same, it can be processed, so if the major version in the version information included in the MAC registration confirmation from the server matches the major version of the version information of its executable processing program, step The process proceeds to S703. If they do not match, it is determined that the process is not possible, and the process ends. In this case, the client may be configured to execute processing for notifying the server that processing cannot be performed.

  In step S703, the minor version in the version information included in the MAC registration confirmation from the server is compared with the minor version in the version information of the self-executable processing program. If the minor version included in the MAC registration confirmation of the server is smaller than the minor version of the self-executable processing program, the process proceeds to step S705, and the processing sequence in accordance with the version information included in the MAC registration confirmation from the server Execute the process.

  On the other hand, if the minor version included in the MAC registration confirmation of the server is not smaller than the minor version of the self-executable processing program, the process proceeds to step S704, and the processing in the processing sequence according to the version of the processing program owned by the server is performed. Execute.

  As described above, in the configuration of the present invention, in the device registration process between the server clients, the version information of the processing program of both devices is notified, and the device registration process is executed by adjusting the processing sequence. Therefore, device registration processing according to a unified processing sequence can be executed between devices storing various versions of programs.

[Functional configuration of server and client]
The hardware configurations of the server and the client device are as described above with reference to FIG. 2, and the various processes described above are performed by the CPU as the control unit according to the program stored in the storage unit of each server client. Execute.

  The processing executed by the CPU is, for example, on the server side, by inputting a request from the client, analyzing the input information, registering in the MAC list based on the analysis result, that is, access control information, generating a packet to be transmitted / received to / from the client, and analyzing Processing, and various message output in registration processing, analysis processing of user input information, and the like. Processing on the client side includes information analysis processing received from the server, packet generation sent to and received from the server, analysis processing, various message output in registration processing, user input information analysis processing, etc.

  Basically, these processes are executed according to a processing program stored in advance under the control of the CPU as the control unit of the server and client device. Processing executed by the CPU as the control unit, data stored in the storage unit, and the like will be described with reference to FIGS. 13 and 14. FIG. 13 is a block diagram illustrating the main functional configuration of the server, and FIG. 14 is a block diagram illustrating the main functional configuration of the client.

  First, the functional configuration of the server will be described with reference to a block diagram showing the functional configuration of the server in FIG. The data transmission / reception unit 501 receives a packet for the client and a packet from the client. The data transmission / reception unit 501 performs transmission packet generation processing and reception packet analysis processing. Packet address setting, address recognition, data storage in the data portion, data acquisition processing from the data portion, and the like.

  The registration processing unit 502 executes a series of processing sequences based on a registration request from the client. The processing corresponding to each sequence diagram and flow described above is executed according to the device authentication program 521 stored in the storage unit 505. The registration processing unit 502 includes a password generation determination unit 511 that executes password generation processing and verification processing, and a version determination unit 512 that refers to the program version described with reference to the flow of FIG. 11 and determines a processing sequence. .

  The data input unit 503 is an input unit such as a keyboard for inputting a user signal to the registration processing unit 502. The data output unit 504 is an output unit such as a display that displays message data based on the device signal output from the registration processing unit 502.

  The storage unit 505 stores a device authentication program 521 for executing a registration processing sequence. Version information consisting of a major version and a minor version is added to this processing program. The storage unit 505 further stores a MAC list 522 that stores client MAC addresses as client access control information.

  Next, the functional configuration of the client device will be described with reference to FIG. The data transmission / reception unit 501 receives a packet for the client and a packet from the client. The data transmission / reception unit 601 performs transmission packet generation processing and reception packet analysis processing. Packet address setting, address recognition, data storage in the data portion, data acquisition processing from the data portion, and the like.

  The registration request processing unit 602 executes a series of processing sequences of client registration request processing for the server. The processing corresponding to each sequence diagram and flow described above is executed according to the device authentication program 621 stored in the storage unit 605. The registration request processing unit 602 includes a version determination unit 611 that determines the processing sequence with reference to the program version described with reference to the flow of FIG.

  The data input unit 603 is an input unit such as a keyboard for inputting a user signal to the registration request processing unit 602. The data output unit 604 is an output unit such as a display that displays message data based on the device signal output from the registration request processing unit 602.

  The storage unit 605 stores a device authentication program 621 for executing a registration processing sequence. Version information consisting of a major version and a minor version is added to this processing program. The storage unit 605 further stores the MAC address 622 of the client.

  The server and the client functionally have the functions shown in FIGS. 13 and 14 and execute the processes described above. However, the block diagrams shown in FIGS. 13 and 14 are block diagrams for explaining the functions. In practice, various processing programs are executed under the control of the CPU in the hardware configuration such as the PC shown in FIG. The

  The present invention has been described in detail above with reference to specific embodiments. However, it is obvious that those skilled in the art can make modifications and substitutions of the embodiments without departing from the gist of the present invention. In other words, the present invention has been disclosed in the form of exemplification, and should not be interpreted in a limited manner. In order to determine the gist of the present invention, the claims section described at the beginning should be considered.

  The series of processes described in the specification can be executed by hardware, software, or a combined configuration of both. When executing processing by software, the program recording the processing sequence is installed in a memory in a computer incorporated in dedicated hardware and executed, or the program is executed on a general-purpose computer capable of executing various processing. It can be installed and executed.

  For example, the program can be recorded in advance on a hard disk or ROM (Read Only Memory) as a recording medium. Alternatively, the program is temporarily or permanently stored on a removable recording medium such as a flexible disk, a CD-ROM (Compact Disc Read Only Memory), an MO (Magneto optical) disk, a DVD (Digital Versatile Disc), a magnetic disk, or a semiconductor memory. It can be stored (recorded). Such a removable recording medium can be provided as so-called package software.

  The program is installed on the computer from the removable recording medium as described above, or is wirelessly transferred from the download site to the computer, or is wired to the computer via a network such as a LAN (Local Area Network) or the Internet. The computer can receive the program transferred in this manner and install it on a recording medium such as a built-in hard disk.

  The various processes described in the specification are not only executed in time series according to the description, but may be executed in parallel or individually as required by the processing capability of the apparatus that executes the processes. Further, in this specification, the system is a logical set configuration of a plurality of devices, and the devices of each configuration are not limited to being in the same casing.

  As described above, according to the present invention, only the MAC address of the client authorized by the user operation is authenticated and registered on the server side, and the server only allows access to the client having the authenticated and registered MAC address. As a result, it is possible to avoid access from an unauthorized party who is not registered for authentication without installing a router for isolation from other users in the same subnet, while on the client (controller 351) side attempting to authenticate the device illegally. You can hide the server's existence.

  Further, according to the configuration of the present invention, when a plurality of conflicting registration requests having different MAC addresses are received, the conflicting MAC addresses are not temporarily stored, but from the client (controller 351) side having the conflicting MAC address. Since the device authentication is canceled by ignoring the registration request, it is possible to prevent unauthorized access and to prevent the client (controller 351) attempting to authenticate the device from knowing its existence.

  Further, according to the configuration of the present invention, only the MAC address of the authorized client is authenticated and registered on the server side only when the passwords match and match, and the server only accesses the client having the MAC address that has been authenticated and registered. As a result, the client (controller 351) tries to authenticate the device illegally while avoiding access from an unauthorized partner who is not registered for authentication without installing a router for isolating it from other users in the same subnet. It is possible to provide access control with high security so that the existence of the server is not known to the side.

  Furthermore, according to the configuration of the present invention, when the input password and the password set in advance do not match for a predetermined number of times, the temporarily stored MAC address is deleted. Since device authentication is canceled, unauthorized access due to password misrepresentation can be prevented.

  Furthermore, according to the configuration of the present invention, as a final step of the MAC registration processing, a registration completion (Complete) confirmation process is executed, and a MAC (register) confirmation is sent from the server (device) side to the client (controller) side. Since it is configured to transmit, the user can confirm final registration completion based on the registration completion message in both devices. On the client (controller) side, on the condition that a MAC registration completion confirmation notification is received from the server (device) side, an SSDP (Simple Service Detection Protocol) M-search transmission process is executed as a service search process. For example, since it is guaranteed that the MAC registration is completed on the server (device) side, it is possible to reliably receive the response of the service search process.

  As a final step of the MAC registration process, a configuration for performing the completion of registration (Complete) confirmation process is performed, so that the transmission process of M-search is automatically performed on the condition that a MAC registration completion confirmation notification is received from the server (device) side. Thus, the client can receive service information from the server following the registration process for the server without any user input processing or the like.

  Furthermore, according to the configuration of the present invention, when there is a MAC registration request from a client that has already been registered in the server's MAC list, a confirmation notification process for registration between devices is executed. Based on this notification, it is possible to display a message indicating that registration has been completed, and the user can confirm that the client device has already been registered in the server.

  Furthermore, according to the configuration of the present invention, in the device registration process between the server clients, the notification of the version information of the processing program of both devices is executed, and the device registration process is executed by adjusting the processing sequence. Therefore, device registration processing according to a unified processing sequence can be executed between devices storing various versions of programs.

It is a figure which shows the network structural example which can apply this invention. It is a figure explaining the structural example of a network connection apparatus. It is a block diagram which shows the structure of the home network by one Embodiment of this invention. It is a block diagram which shows the functional structure of an apparatus authentication apparatus. FIG. 10 is a sequence diagram illustrating an operation when device authentication is performed without using a password in the first exemplary client registration process. FIG. 11 is a sequence diagram illustrating an operation when device authentication is performed using a password in the first exemplary client registration process. It is a sequence diagram which shows operation | movement when a MAC address registration method competes. FIG. 10 is a sequence diagram illustrating an operation when device authentication is performed without using a password in the second embodiment of the client registration processing example. FIG. 11 is a sequence diagram illustrating an operation when device authentication is performed using a password in the second embodiment of the client registration processing example. In the client registration process, it is a flowchart explaining centering on a registered notification process. It is a flowchart explaining the version adjustment process performed in a server in a client registration process. It is a flowchart explaining the version adjustment process performed in a client in a client registration process. It is a block diagram which shows the function structure of a server. It is a block diagram which shows the function structure of a client.

Explanation of symbols

100 network 101 server 121 PC
122 monitor 123 mobile phone 124 player 125 PDA
201 CPU
202 ROM
203 RAM
204 HDD
205 Bus 206 Input / output interface 207 Input unit 208 Output unit 209 Communication unit 210 Drive 211 Removable recording medium 300 Home network 310 Server 320 Client 321 Network compatible device 322 Television receiver 350 Device authentication device 351 Controller (first device, first device 1 processing and first program)
352 device (second device, second processing and second program)
501 Data transmission / reception unit 502 Registration processing unit 503 Data input unit 504 Data output unit 505 Storage unit 511 Password generation determination unit 512 Version determination unit 521 Device authentication program 522 MAC list 601 Data transmission / reception unit 602 Registration request processing unit 603 Data input unit 604 Data Output unit 605 Storage unit 611 Version determination unit 621 Device authentication program 622 Client MAC address

Claims (27)

An information processing apparatus that executes access control processing,
A data transmission / reception unit for performing data transmission / reception with a client as an access requesting device;
A storage unit for storing access control information including a client MAC address;
A registration processing unit that executes a client MAC address registration process based on a registration request from a client;
A data output unit for outputting data based on a device signal from the registration processing unit;
A data input unit for performing data input to the registration processing unit,
The registration processing unit
The registration confirmation data to be transmitted to the client is output based on the registration permission determination based on the registration request from the client, and is transmitted to the client based on the reception of the registration confirmation response from the client in response to the registration confirmation data. An information processing apparatus that executes an output process of registration completion confirmation data to be performed. The registration processing unit outputs a reception status of a registration confirmation response from the client as a device signal,
The data output unit outputs registration confirmation response reception status information based on the device signal output,
The said registration process part is a structure which performs the output process of the said registration completion confirmation data based on the user input via the said data input part after the output of the said registration confirmation response reception status information. The information processing apparatus according to 1. The registration processing unit
Based on reception of a registration completion confirmation response from the client for the registration completion confirmation, output registration completion information as a device signal,
The information processing apparatus according to claim 1, wherein the data output unit is configured to output a registration completion message based on the device signal output. The registration processing unit
Set a password request flag in the registration confirmation data as transmission data for the client, execute a process of generating a password and outputting it to the data output unit,
The information processing apparatus according to claim 1, wherein a password received from a client and a generated password are collated, and the registration completion confirmation data output process is executed on the condition that the collation is established. An information processing apparatus that executes access control processing,
A data transmission / reception unit for performing data transmission / reception with a client as an access requesting device;
A storage unit for storing access control information including a client MAC address;
A registration processing unit that executes a client MAC address registration process based on a registration request from a client;
The registration processing unit
The version information of the device authentication program included in the registration request from the client is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, processing of the old version of both programs is performed. An information processing apparatus configured to selectively execute processing according to a sequence. The version information is information composed of a major version and a minor version,
The registration processing unit
If the major version of the device authentication program included in the registration request from the client is different from the major version of the device authentication program executed on the local device, the process is stopped. 6. The information processing apparatus according to claim 5, wherein the information processing apparatus is configured to perform a comparison of minor versions and selectively execute processing according to a processing sequence of a program corresponding to a minor version indicating an older version. An information processing apparatus that executes access control processing,
A data transmission / reception unit for performing data transmission / reception with a client as an access requesting device;
A storage unit for storing access control information including a client MAC address;
A registration processing unit that executes a client MAC address registration process based on a registration request from a client;
The registration processing unit
Registration indicating that the client MAC address included in the registration request from the client has been registered in the access control information stored in the storage unit, and indicating that it has been registered based on the determination that it has been registered The information processing apparatus is configured to execute a process of outputting a completion notification as transmission data to the client. The information processing apparatus includes a data output unit that performs data output based on a device signal from the registration processing unit,
The registration processing unit
Response reception information from the client for the registered notification is output as a device signal,
The information processing apparatus according to claim 7, wherein the data output unit is configured to output a message based on the device signal. An information processing apparatus as a client that executes access right registration processing for a server,
A data transmission / reception unit for performing data transmission / reception with the server;
A storage unit storing a client MAC address;
A registration request processing unit that executes client MAC address registration request processing;
The registration request processing unit
The version information of the device authentication program included in the registration confirmation from the server is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, the old version of the programs is processed. An information processing apparatus configured to selectively execute processing according to a sequence. The version information is information composed of a major version and a minor version,
The registration request processing unit
If the major version of the device authentication program included in the registration confirmation from the server is different from the major version of the device authentication program executed on the local device, the process is stopped. If the two major versions match, The information processing apparatus according to claim 9, wherein the information processing apparatus is configured to perform a comparison of minor versions and selectively execute processing according to a processing sequence of a program corresponding to a minor version indicating an older version. An information processing apparatus as a client that executes access right registration processing for a server,
A data transmission / reception unit for performing data transmission / reception with the server;
A storage unit storing a client MAC address;
A registration request processing unit for executing client MAC address registration request processing;
A data output unit that performs data output based on a device signal from the registration request processing unit,
The registration request processing unit
It is determined whether or not registered notification data indicating that it has been registered is included in the registration confirmation received from the server, and determination information that registered notification data is included is output as a device signal.
The data output unit is configured to execute a message output based on the device signal. An information processing method for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
A registration processing step for executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The registration confirmation data to be transmitted to the client is output based on the registration permission determination based on the registration request from the client, and is transmitted to the client based on the reception of the registration confirmation response from the client in response to the registration confirmation data. An information processing method comprising a step of executing a process of outputting registration completion confirmation data. The information processing method further includes:
Outputting the registration confirmation response reception status information from the client as a device signal, and outputting the registration confirmation response reception status information based on the device signal output to a data output unit, and outputting the registration confirmation response reception status information 13. The information processing method according to claim 12, wherein an output process of the registration completion confirmation data is executed based on a later user input. The information processing method further includes:
And a step of outputting registration completion information as a device signal based on reception of a registration completion confirmation response from the client in response to the registration completion confirmation, and outputting a registration completion message based on the device signal output. The information processing method according to claim 12. The information processing method further includes:
Setting a password request flag in the registration confirmation data as transmission data to the client;
Generating a password and outputting the generated password to the data output unit;
Verifying the password received from the client and the generated password, and executing the output processing of the registration completion confirmation data on condition that the verification is established;
The information processing method according to claim 12, further comprising: An information processing method for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
A registration processing step for executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The version information of the device authentication program included in the registration request from the client is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, processing of the old version of both programs is performed. An information processing method comprising a step of selectively executing processing according to a sequence. The version information is information composed of a major version and a minor version,
The registration processing step includes:
If the major version of the device authentication program included in the registration request from the client is different from the major version of the device authentication program executed on the local device, the process is stopped. The information processing method according to claim 16, wherein the information processing method is a step of performing a comparison of minor versions and selectively executing a process according to a processing sequence of a program corresponding to a minor version indicating an older version. An information processing method for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
Determining whether or not the client MAC address included in the registration request from the client has been registered in the access control information stored in the storage unit;
Outputting a registered notification indicating that it has been registered based on the determination that it has been registered as transmission data for the client;
An information processing method characterized by comprising: The information processing method further includes:
19. The information processing method according to claim 18, further comprising: outputting response reception information from the client for the registered notification as a device signal and executing message output based on the device signal. An information processing method in a client that executes access right registration processing for a server,
Sending a registration request to the server;
A comparison processing step for comparing the version information of the device authentication program included in the registration confirmation received from the server as a response to the registration request and the version information of the device authentication program executed in the own device;
Based on the result of the comparison process, a step of selecting and executing a process according to the process sequence of the old version of the program among the two programs;
An information processing method characterized by comprising: The version information is information composed of a major version and a minor version,
In the information processing method,
If the major version of the device authentication program included in the registration confirmation from the server is different from the major version of the device authentication program executed on the local device, the process is stopped. If the two major versions match, 21. The information processing method according to claim 20, wherein minor version comparison is performed, and processing according to a processing sequence of a program corresponding to a minor version indicating an older version is selected and executed. An information processing method in a client that executes access right registration processing for a server,
Sending a registration request to the server;
Determining whether the registration confirmation received from the server as a response to the registration request includes registered notification data indicating registration;
In the determination, executing a message output according to a device signal based on a determination that registered notification data is included;
An information processing method characterized by comprising: A computer program for executing device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
A registration processing step for executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The registration confirmation data to be transmitted to the client is output based on the registration permission determination based on the registration request from the client, and is transmitted to the client based on the reception of the registration confirmation response from the client in response to the registration confirmation data. A computer program comprising a step of executing a process of outputting registration completion confirmation data. A computer program for causing a computer constituting the server to execute device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
Performing a registration process step of executing a client MAC address registration process based on the registration request;
The registration processing step includes:
The version information of the device authentication program included in the registration request from the client is compared with the version information of the device authentication program executed on the own device. Based on the comparison result, processing of the old version of both programs is performed. A computer program characterized in that it is a step of selectively executing processing according to a sequence. A computer program for causing a computer constituting the server to execute device registration processing for access control,
A data receiving step for receiving a registration request from a client as an access requesting device;
Determining whether or not the client MAC address included in the registration request from the client has been registered in the access control information stored in the storage unit;
Outputting a registered notification indicating that it has been registered based on the determination that it has been registered as transmission data for the client;
A computer program for executing A computer program that causes a computer constituting a client to execute access right registration processing for a server,
Sending a registration request to the server;
A comparison processing step for comparing the version information of the device authentication program included in the registration confirmation received from the server as a response to the registration request and the version information of the device authentication program executed in the own device;
Based on the result of the comparison process, a step of selectively executing a process according to the process sequence of the old version program among the two programs;
A computer program for executing A computer program that causes a computer constituting a client to execute access right registration processing for a server,
Sending a registration request to the server;
Determining whether the registration confirmation received from the server as a response to the registration request includes registered notification data indicating registration;
In the determination, outputting information based on the determination that registered notification data is included as a device signal, and executing a message output based on the device signal;
A computer program for executing

Images