JP2007306100A - Server, controller, and program thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technology of improving a level of the information security without losing the operability with respect to a user authentication part of a user using an information terminal in remote control from the outside of a user's house applied to apparatuses in the user's house. <P>SOLUTION: A server 3 disclosed herein includes: a remote control server section 31 for making communication with a controller 2 in the user's house to apply remote control to the apparatuses; a code information generating section 35 for converting URL information and user authentication information in the remote control server section 31 into code information such as a bar code and a two-dimensional code; and a code information transmission section 36 for transmitting the code information to the controller. Thus, the server can transmit authentication information complicated more than conventional authentication information and enhance the convenience. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a server, a controller, and a program for providing a remote control service or the like from outside the home to a home device.

  Conventionally, this type of system has many configurations as disclosed in Patent Document 1, for example. FIG. 5 shows a schematic configuration of a conventional system.

  In FIG. 5, a device 101 and a controller 102 are installed in the user's home, and a server 103 is installed on the information center side. The controller 102 can control the device 101 through home communication. The server 103 is connected to the controller 102 and the information terminal 104 via a communication line such as the Internet, and transmits and receives information.

The user operates the information terminal 104 and inputs a control command for the device 101. The server 103 receives the control command input by the user and transmits it to the controller 102 to perform remote control of the device 101.
JP 2004-287461 A

  However, the above-described conventional configuration has a problem in terms of information security in the user authentication portion of the information terminal.

  The information terminal performs user authentication before accepting the device control command. In general, user authentication at an information terminal (for example, a mobile phone) is generally authentication based on input of a user ID and a password. In this case, for example, there are the following problems.

  (1) In order to improve operability, the user often sets a short user ID and password, and often sets a character string (number) that can be easily analogized.

  (2) Once set, the user ID and password are rarely changed.

  (3) If restrictions are placed on user IDs and passwords, and short things that can be easily guessed are systematically excluded, the operability at the time of login becomes very poor.

  In particular, in remote control of devices, if a home device is improperly controlled, there is a possibility that a large loss will be caused to the user depending on the device. Therefore, although a high level of user authentication is required, there is a problem that operability is impaired.

  In order to solve the above-mentioned conventional problems, in the present invention, a server for remote control of equipment, a remote control server section for communicating with a controller in the house and performing remote control of the equipment, and URL information of the remote control server section And a code information generation unit that converts user authentication information into code information such as a barcode and a two-dimensional code, and a code information transmission unit that transmits the code information to the controller. The controller communicates with the remote control server unit. A device control unit that performs remote control of the device, and a code information display unit that receives code information including URL information and authentication information of the remote control server unit from the server and displays the code information to the user.

  By using the server and controller of the present invention, the authentication information is displayed on the controller as code information such as a barcode or a two-dimensional code. By reading these with an information terminal, authentication information can be stored in the information terminal without user input.

  Therefore, it is possible to use complicated and long character string authentication information that is difficult to infer. Also, with this method, even if the authentication information is periodically changed from the server side, the user can easily change the authentication information simply by reading the code information, thus improving the level of information security without impairing operability. Can do.

  A first invention is a remote control server unit that communicates with a controller to remotely control a device, and a code that converts URL information and user authentication information of the remote control server unit into code information such as a barcode or a two-dimensional code. The server includes an information generation unit and a code information transmission unit that transmits code information to the controller.

  With this configuration, the user can easily access the remote control server by reading the code information using the information terminal, and the operability is improved. Further, in this method, since the user does not need to input authentication information, more complicated and long authentication information can be used. Therefore, the level of information security against unauthorized access is improved.

  In particular, the second invention includes an authentication information update unit that updates a login ID, which is one of user authentication information, at a predetermined interval in the server of the first invention, and at the time of updating the authentication information, a code information generation unit Generates code information using the URL information of the remote control server unit and the updated login ID, and the code information transmission unit transmits the generated code information to the controller.

  By using only the login ID instead of all the authentication information as the authentication information (the password is not converted into code information), it is possible to prevent unauthorized access from others when the information terminal is lost or stolen. Further, by periodically changing the login ID on the system side, a sufficient information security level can be maintained even if the user does not periodically change the password.

  According to a third aspect of the present invention, a device control unit that communicates with a remote control server unit to perform remote control of the device, and receives code information including URL information and authentication information of the remote control server unit from the server, and displays them to the user Thus, the controller includes a code information display unit that is read by the information terminal.

  Thereby, when accessing from the information terminal, the user can access by reading the code information displayed on the controller from the information terminal without inputting the authentication information from the keyboard or the numeric keypad. Therefore, it is not necessary to memorize and input long and complicated authentication information, and the operation is simplified.

  In particular, according to a fourth aspect of the present invention, in the third aspect of the invention, the code information display unit includes a display history storage unit that measures the number of display times and display date and time of code information within a predetermined period. While displaying the number of display times or the display date and time to the user, the display more than a predetermined number of times is limited.

As a result, the user can be provided with a clue to determine whether or not the controller has been illegally operated at home and the authentication information has been illegally read. Further, by limiting the number of display times, the user can limit the display of authentication information by an unauthorized operation.

  A fifth invention is a program for causing a computer to realize at least a part of the server according to any one of the first to second inventions. A sixth invention is a program for causing a computer to realize at least a part of the controller according to any one of the third to fourth inventions.

  Since it is a program, some or all of the functions of the present invention can be easily realized by using hardware resources such as electric / information equipment and a computer in cooperation. Also, program distribution and installation can be simplified by recording on a recording medium or distributing the program using a communication line.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Note that the present invention is not limited to the present embodiment.

(Embodiment 1)
FIG. 1 is a diagram showing a system configuration in the first embodiment of the present invention. The present invention comprises a device 1 and a controller 2 installed in a home, a server 3 installed in an information center, and an information terminal 4 for outside control.

  The device 1 is a device that receives information communication services such as remote control and information distribution from the server 3. In the present embodiment, the equipment is a water heater, a floor heater, an air conditioner, or the like. The device 1 may be a white product such as a refrigerator or a microwave oven, a security device such as a fire sensor or a CO sensor, or an AV device. Not only at home, but also at offices, factories, and stores.

  The controller 2 is a device for connecting the device 1 to a communication line outside the house and receiving an information communication service from the server 3. In general, it is often called a remote controller or a control panel. The controller 2 may be incorporated in the device 1.

  The controller 2 is composed of the following functional blocks (1) to (4).

  (1) A communication unit 20 that communicates with the server 3 via a communication line such as the Internet. Specifically, the communication unit 20 is an Ethernet (registered trademark) adapter, a line terminator, an ADSL modem, a cable modem, a router, or the like, and the configuration varies depending on the type of communication line. The communication unit 20 may be an Ethernet (registered trademark) adapter, and functions such as a modem and a router may not be built in the controller 2 but may be externally attached.

  (2) A device control unit 21 that controls the device 1 in accordance with a device control command from the server 3 received by the communication unit 20. The device control unit 21 also receives the usage state and the setting state of the device 1. Communication between the device control unit 21 and the device 1 may be wired or wireless. In general, wired communication using the HA (home automation) terminal (JEM1461) of the Japan Electrical Manufacturers' Association is often used. However, other communication methods such as a wireless LAN may be used. The controller 2 is also positioned as a gateway for out-of-home communication and in-home communication.

  (3) A code information display unit 22 that receives a two-dimensional code from the server 3 and displays it to the user. The code information display unit 22 includes a display device such as a liquid crystal panel or an EL panel and its control circuit, and displays the image information of the two-dimensional code received by the communication unit 20.

  (4) A display history storage unit 23 that stores display history information such as the date and time when the two-dimensional code is displayed to the user, and causes the code information display unit 22 to display the display history information.

  On the other hand, the server 3 is an apparatus that provides information services such as remote control and information distribution to the device 1 and the controller 2. The server 3 is composed of the following functional blocks (5) to (9).

  (5) A server-side communication unit 30 that is connected to a communication line such as the Internet and communicates with the controller 2 and the information terminal 4. Specifically, it is composed of a line terminator, a switch, a router, a firewall, and the like for connecting to the Internet backbone line. A device such as an ADSL modem or a cable modem may be used.

  (6) A remote control server unit 31 that receives communication from the information terminal 4 outside the home, transmits a device control command included therein to the controller 2, and performs remote control of the device 1. The remote control server unit 31 includes a WEB server unit 32 and a customer information database unit 33.

Here, the WEB server unit 32 is a device that executes a WEB application (such as a servlet or a CGI program) for performing remote control. For WEB applications,
(A) Content or program for authenticating a user who operates the information terminal 4;
(A) Screens displayed on the information terminal 4 and contents that accept input (HTML files, image files, etc.)
(C) A program for transmitting device control command information input at the information terminal 4 to the controller 2 is included.

  Further, the customer information database unit 33 is specifically composed of a relational database. Here, authentication information (login ID, password, etc.) used for user authentication in the information terminal 4, the allocation relationship between the user (customer) and the controller 2, user (customer) information, information on the controller 2 (type, address, ID) ), Information of the device 1 connected to the controller 2 is stored in association with each other. The customer information database unit 33 provides these information to the WEB server unit 32.

  (7) An authentication information update unit 34 that changes user authentication information used in the information terminal 4 at predetermined intervals. The updated authentication information is stored in the customer information database unit 33 described above.

  (8) A code information generation unit 35 that creates a two-dimensional code from the new authentication information and the URL information of the remote control server unit 31 when the authentication information is updated by the authentication information update unit 34. In the present embodiment, a two-dimensional code is used as code information, but other codes such as a barcode may be used.

  (9) A code information transmission unit 36 that transmits the code information created by the code information generation unit 35 to the controller 2.

  The information terminal 4 is a device that communicates with the remote control server unit 31 of the server 3 to input a control command to the device 1 and monitor a state. Specifically, it is a mobile phone, a PDA, a personal computer, etc. In this embodiment, it is assumed that (A) a browser function and (B) a two-dimensional code reading function are attached. The two-dimensional code reading function of the information terminal 4 reads the two-dimensional code (URL and authentication information of the remote control server unit 31) displayed on the controller 2 and uses the browser function to connect to the remote control server unit 31 to 1 control command input.

  An operation example of the controller 2 and the server 3 in the system configured as described above will be described with reference to the flowchart of FIG.

  FIG. 2 is a flowchart showing an operation of updating user authentication information used in the information terminal 4. In this embodiment, a login ID is used as authentication information to be updated. With reference to this flowchart, the operation procedure of each unit shown in FIG. 1 will be described in order for each step.

  (Step A1) The authentication information update unit 34 in the server 3 obtains an elapsed period from the previous update of the authentication information (login ID) for each user. The update date of the login ID is stored in the customer information database 33 for each user, and the elapsed period is acquired by obtaining a difference from the current date and time.

  (Step A2) In this step, it is determined whether the elapsed period is longer than a predetermined period. If the elapsed period is shorter than the predetermined period, the process returns to step 1 to calculate the next timing and the elapsed period for the next user. If the elapsed period is longer than the predetermined period, the process proceeds to step A3 to perform a procedure for updating the authentication information.

  (Step A3) The authentication information update unit 34 generates authentication information (login ID) of the target user with a random number, and updates the authentication information in the customer information database unit 33.

  FIG. 3 shows a specific example of data stored in the customer information database unit 33. The customer information database unit 33 stores a set of customer ID, name, login ID, password, update date, and controller ID for each user as shown in the figure. Among these, a login ID character string is generated with a random number and rewritten for a user whose elapsed time is determined to be longer than a predetermined value in step A2.

  In the present invention, the login ID, which is the authentication information, and the URL information of the remote control server unit 31 are converted into code information and presented to the user, so there is no need to input the login ID manually. Therefore, it is possible to set a login ID that is sufficiently long and difficult to guess as shown in FIG. The login ID generated by the authentication information update unit 34 is output not only to the customer information database unit 33 but also to the code information generation unit 35.

  (Step A4) The code information generation unit 35 generates image information that is a two-dimensional code from the URL information of the remote control server unit 31 and the authentication information (login ID) updated in step A3. Although the two-dimensional code is used in the present embodiment, other code information such as a barcode may be used.

  (Step A5) The two-dimensional code created by the code information generation unit 35 is transmitted to the controller 2 by the code information transmission unit 36 via the server side communication unit 30. The transmitted two-dimensional code is received by the code information display unit 22 via the communication unit 20 in the controller 2 and displayed to the user.

  A display example is shown in FIG. In this example, the URL of the remote control server unit 31 is https://remote_control.com and the authentication information (login ID) is DgS034Ds3Ed094dcgE3e9QaLdeDi92dc.

FIG. 4 shows an example in which a login ID, which is authentication information, is passed as a URL argument of the WEB server unit 32. The code information generation unit 35 converts the following character string obtained by adding the login ID as an argument to the URL information of the remote control server unit 31 into a two-dimensional code.
https://remote_control.com?LoginID=DgS034Ds3Ed094dcgE3e9QaLdeDi92dc
The generated two-dimensional code is transmitted to the controller 2 by the code information transmission unit 36 and displayed on the code information display unit 22 as shown in FIG. By reading this image with the information terminal 4 such as a mobile phone, the user can acquire the URL and authentication information of the remote control server unit 31 without manually inputting with a keyboard or a numeric keypad. In this case, the information terminal 4 must have a camera function and a scanner function for reading a two-dimensional code.

  The user uses the browser function in the information terminal 4 to access the remote control server unit 31 based on the character string read from the two-dimensional code. Thereby, the login ID is passed to the WEB server unit 32 as an argument of the URL. Therefore, as shown in “(a) mobile phone login screen” in FIG. 4, the user can perform remote control with only a password without inputting a login ID.

  Since the controller 2 is installed in the house, users who can view the screen of the controller 2 are limited. In addition, compared to the case where the user manually inputs the login ID, the character string length is long and a login ID that is difficult to guess can be set, so that unauthorized access is easier to avoid than in the past.

  In this case, since the character string length of the login ID is long and is regularly updated on the server side, the password is a short character string and no major problem occurs even if it is not updated.

In the present embodiment, the login ID is selected as the authentication information to be converted into the two-dimensional code. However, for example, password information may be included. For example, in this example, a character string to be converted into a two-dimensional code is
https://remote_control.com?LoginID=DgS034Ds3Ed094dcgE3e9QaLdeDi92dc&Password=0123
By doing so, it is possible to allow the user to access the “(b) mobile phone remote control menu screen” of FIG. 4 without inputting the password only by the information read from the two-dimensional code. In this case, the operability of the remote control is improved, but as a result, all the authentication information is stored in the information terminal 4, so that when the information terminal 4 is lost, unauthorized access can be easily made by others. There is a demerit.

  In the present embodiment, the authentication information is periodically updated on the server side and transmitted to the user in the form of a two-dimensional code by the operations of steps A1 to A5 described above. By using a two-dimensional code and reading it by the information terminal 4, long and complicated authentication information can be set, and further, by periodically updating it, the level of information security can be improved as compared with the conventional case.

  In addition, since the two-dimensional code including the authentication information is displayed on the controller 2 in the home, the number of users who can browse is not limited to an unspecified number, but may not be sufficient. In order to deal with this, the display history storage unit 23 may be provided in the controller 2. The display history storage unit 23 stores history information regarding the display of the two-dimensional code on the code information display unit 22. Specifically, the number of display times and the display date and time within a predetermined period are stored. The stored history information is displayed simultaneously with the two-dimensional code on the code information display unit 22.

  A display example is shown in FIG. FIG. 4 shows the number of display times per month and the display date and time. This function can give the user a clue to know whether or not there is an illegal display of the two-dimensional code.

Note that the display history storage unit 23 may cause the code information display unit 22 to stop displaying code information when the number of times of display within a predetermined period exceeds a predetermined number of times. FIG. 4 shows an example in which the display is set to 3 times a month and is not displayed from the fourth time. Thus, by limiting the number of times the two-dimensional code is displayed, the level of information security is further improved.

  In the present embodiment, the remote control server unit 31 is configured inside the server 3. However, the remote control server unit 31 may be a separate server from the server 3 in terms of physical and installation location. In this case, the server 3 is a server that only updates authentication information and converts / transmits code information.

  Note that the above-described means described in this embodiment cooperates with hardware resources such as a CPU (or microcomputer), a RAM, a ROM, a storage / recording device, an electrical / information device including an I / O, a computer, a server, and the like. You may implement in the form of the program to work. In the form of a program, new functions can be easily distributed / updated and installed by recording them on a recording medium such as magnetic media or optical media or distributing them via a communication line such as the Internet.

  As described above, the server, the controller, and the program for remotely controlling the device according to the present invention can improve the level of information security in the remote control from the information terminal. This can be applied not only to the devices described in the embodiments, but also to remote control of white goods devices and AV devices, remote control of security systems such as crime prevention and disaster prevention, and the like. It can also be used in systems that log into the server for purposes other than remote control.

The figure which shows the system configuration | structure in Embodiment 1 of this invention. The flowchart which shows operation | movement of Embodiment 1 of this invention. Explanatory drawing of authentication information management in Embodiment 1 of this invention The figure which shows the example of a display of the code information in Embodiment 1 of this invention Diagram showing the configuration of a conventional example

Explanation of symbols

1 device 2 controller 3 server 4 information terminal 20 communication unit 21 device control unit 22 code information display unit 23 display history storage unit 30 server side communication unit 31 remote control server unit 32 WEB server unit 33 customer information database unit 34 authentication information update unit 34 35 Code information generator 36 Code information transmitter

Claims (6)

A remote control server unit that communicates with the controller to perform remote control of the device, a code information generation unit that converts the URL information and user authentication information of the remote control server unit into code information such as a barcode or a two-dimensional code, A server comprising a code information transmission unit for transmitting the code information to the controller. An authentication information update unit that updates a login ID, which is one of user authentication information, at predetermined intervals, and when the authentication information update unit is updated, the code information generation unit is updated with the URL information of the remote control server unit; The server according to claim 1, wherein code information is generated using the login ID, and the code information transmitting unit transmits the generated code information to a controller. The controller for communicating with the server according to claim 1, comprising: a device control unit that communicates with the remote control server unit to perform remote control of devices; and URL information and authentication information of the remote control server unit from the server A controller including a code information display unit that receives code information, displays it to a user, and causes an information terminal to read the code information. The code information display unit includes a display history storage unit that measures the number of display times and display date and time of code information within a predetermined period, and the code information display unit displays the number of display times or display date and time in the display history storage unit to the user. The controller according to claim 3, wherein the display is limited to a predetermined number of times. The program for making a computer implement | achieve at least one part of the server of any one of Claims 1-2. The program for making a computer implement | achieve at least one part of the controller of any one of Claims 3-4.

Images