JP2008028843A - Electric-power-line communication device, and its security setting method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a technology for setting new security suitable for an electric-power-line communication device. <P>SOLUTION: There is provided the electric-power-line communication device A which communicates using an electric power line 10 as a signal transmission channel. The electric-power-line communication device A is equipped with a processor 25a-1 which performs a security information setting process for setting security information for securing security of the electric-power-line communication. The security setting processor 25a-1 starts performing the security setting process in the wake of a power-on operation for the electric-power-line communication device A. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a power line communication (PLC) device and a security setting method thereof.

As a method for constructing a LAN in a home, a PLC capable of communicating between all outlets using an existing distribution line has attracted attention. A technique related to PLC is described in, for example, Japanese Patent Application Laid-Open No. 2004-26883.
Japanese Patent Laid-Open No. 2005-150977

  Since an existing distribution line is also connected to an adjacent house, when a PLC is used in the house, the signal may propagate to the adjacent house and information leakage may occur.

  Therefore, a measure for preventing leakage of communication contents between a plurality of PLC networks (PLC-LAN) is required. As such a measure, it is conceivable to secure communication security by logically distinguishing networks using network identifiers or encrypting communication contents themselves.

  However, in order to realize these security ensuring functions, it is necessary for the user to perform security setting operations such as setting of a network identifier and an encryption key for performing encryption. Moreover, the security setting work is complicated and troublesome for general users with little network-related knowledge.

Despite the above problems, conventionally, no technology for security setting suitable for the power line communication device has been proposed.
Accordingly, an object of the present invention is to provide a new technique for security setting suitable for a power line communication device.

  The present invention is a power line communication device that performs communication using a power line as a signal transmission path, and includes a processing unit that performs security setting processing for setting security information for ensuring security of power line communication, and the security setting processing unit includes: Then, the security setting process is started when power is supplied to the power line communication device.

According to the present invention, the security setting can be performed by an operation that is easy for the user to turn on the power, so that the security setting is facilitated. In addition, since the power line communication apparatus can receive power supply when the power is turned on and the communication path is secured, the power-on communication apparatus is suitable as a trigger for starting the security setting process.
It should be noted that power-on includes both cases where the power switch of the power line communication device is simply inserted into a power plug insertion port such as a power outlet and no operation of the power switch is involved, and when the power switch is operated.

The processing unit performs a recognition process for recognizing the other party by searching for another power line communication apparatus that is the other party of the security setting process when the power to the power line communication apparatus is turned on, and the other recognized as the other party It is preferable to perform security setting processing by exchanging security information with other power line communication devices.
In this case, since the security setting process can be automatically performed between the other party recognition process and the other party when the power is turned on, the security setting is easy.

When the power to the power line communication device is turned on, the processing unit makes the communication range more limited than that during normal power line communication, and security between other power line communication devices is limited in the communication range. It is preferable that the security setting process is performed by exchanging information.
In this case, since the communication range is limited, the secrecy is improved, and it is possible to prevent the security setting from being erroneously made with another power line communication device. Moreover, since the communication range is limited when the power is turned on, the operation is easy for the user to understand.

  The processing unit may limit the communication range by lowering the power of the transmission signal than during normal power line communication, or lower the reception sensitivity of the received signal than during normal power line communication. The communication range may be limited.

  The processing unit exchanges security information with another power line communication device by using a part of a frequency band used in normal power line communication or a part of a multicarrier used in normal power line communication. Is preferred. Since the amount of security information is small, there is no problem in the exchange of security information even if the frequency band or carrier is narrowed down. In addition, communication with the power line communication device that attempts to communicate without narrowing the frequency band or carrier can be eliminated, and the secrecy is improved.

  It is preferable that the frequency band or carrier used when security information is exchanged with another power line communication apparatus is changed while security information is exchanged. In this case, by changing the frequency band or carrier, it is possible to further prevent security information leakage to unrelated power line communication devices.

  The processing unit preferably outputs to the other power line communication device a signal for causing the other power line communication device to start security setting processing for setting security information for ensuring security of the power line communication. It is preferable that the signal for starting the security setting process is output when the power to the own power line communication device is turned on. Note that the signal can be output in response to an operation of a switch for starting the security setting process.

  Another aspect of the present invention is a power line communication device that performs communication using a power line as a signal transmission path, and includes a processing unit that performs security setting processing for setting security information for ensuring security of power line communication, When the processing unit receives a signal for starting the security setting process transmitted from another power line communication device, the processing unit starts the security setting process. It is preferable that the signal for starting the security setting process is output when the power to the other power line communication device is turned on.

  When the carrier of the signal transmitted from another power line communication device for starting the security setting process is recognized, it is preferable to return from the encrypted communication state to the plaintext communication state and start the security setting process. If it is in the encrypted communication state, the signal from the other power line communication device that is not encrypted cannot be decrypted, but the carrier can be recognized, so if the recognition of the carrier of the signal is triggered, the encrypted communication state Can be properly returned to the plaintext communication state.

When the processing unit recognizes that the number of carriers included in the multicarrier signal transmitted from another power line communication device is equal to or greater than a predetermined number, it is preferable to start the security setting process.
The processing unit preferably starts the security setting process when recognizing that a multicarrier signal transmitted from another power line communication apparatus has only a predetermined carrier.

The present invention from still another viewpoint is a power line communication device including a processing unit that performs security setting processing for ensuring communication security with another power line communication device, and the processing unit includes: When power-on of the own power line communication device and power-on of other power line communication devices are performed almost simultaneously, security setting processing is performed.
By setting the power-on operations almost simultaneously as the start condition of the security setting process, the user can easily understand the operation for the security setting.
Note that “almost simultaneous” power-on means that there may be a deviation of several seconds to several tens of seconds, not completely simultaneously. In addition, the time width that the power line communication apparatus regards as “power on almost at the same time” can be freely set, and the length is not particularly limited.

From another viewpoint, the present invention is a method for performing security setting processing for setting security information for ensuring security of communication between a plurality of power line communication devices, wherein power is supplied to the plurality of power line communication devices. Are performed almost simultaneously, the plurality of power line communication devices perform the security setting process.
By setting the power-on operations almost simultaneously as the start condition of the security setting process, the user can easily understand the operation for the security setting.

From another viewpoint, the present invention is a method for performing security setting processing for setting security information for ensuring communication security between a plurality of power line communication devices. The power plugs of the plurality of power line communication devices are connected to the power plug insertion port so that a communication path that does not substantially pass through the power line in the building is secured between the plurality of power line communication devices. When the respective tightly connected states are obtained and power is turned on to the plurality of previous power line communication devices almost simultaneously in the tightly connected state, the plurality of power line communication devices perform the security setting process.
In this case, the user can ensure that a communication path that does not substantially pass through the power line in the building is secured between the power line communication devices while the power line communication device obtains power from the power line in the building. By obtaining a tightly connected state in which the power plugs of a plurality of power line communication devices are respectively connected to the power plug outlets, and in the connected state, power on the previous plurality of power line communication devices is performed almost simultaneously, thereby enabling security settings. This is easy to understand, and the security settings are easy to understand.
The power line in the building is an existing power line laid in the building and located between the power line outside the building and the power plug socket (wall outlet) fixed on the wall surface of the building. Typically, it means a power line laid inside a building structure such as a wall of a building. Such an in-building power line is generally one in which a resident cannot easily change the laying state and characteristics. In the building power line here, a wall outlet installed at the end of the existing building power line in the building, an extension cord connected through the wall outlet, and other residents are added to the room (in the living space) Power lines that can be provided automatically are not included.

  According to the present invention, since the security setting can be performed when the power is turned on, the operation is easy for the user to understand.

Hereinafter, embodiments of the present invention and related technologies will be described with reference to the drawings.
FIG. 1 shows a home network (LAN) constructed using power line communication technology in a plurality of houses H1 and H2. In this power line communication network, an independent network (LAN) is constructed for each building H1, H2 using in-house distribution lines (building power lines) 10, 11 in each building (each house) H1, H2. The

  The in-house distribution lines (in-building power lines) 10 and 11 of the houses H1 and H2 are connected to the outdoor power lines 100 in the vicinity of the houses H1 and H2 through the lead-in lines 12 and 13 by being installed on a power pole. Yes. The lead-in wires 12 and 13 are connected to the distribution boards 14 and 15 of the houses H1 and H2, and a plurality of in-house distribution lines (in-building power lines) 10 and 11 branched from the distribution boards 14 and 15 are provided. It is laid in each house H1, H2.

  Each in-house distribution line 10, 11 is provided with one or more terminal portions, and one or more power outlets (wall outlets) 16, 17 are connected to each terminal portion. Power line communication devices (hereinafter simply referred to as “modems”) A, B, C, D, E, and F are connected to the outlets of these outlets 16 and 17. Each modem performs signal transmission and receives power supply via the distribution lines 10 and 11.

  When a network is configured by PLC, the network needs to include a parent modem that controls power line communication. The parent modem function may be assigned to the parent modem dedicated machine, but all modems have a function as a parent modem, and the oldest modem is the parent modem. The modem to which power is turned on may be a child modem so that the parent modem is appropriately determined according to the state of the network. In the following description, it is assumed that the oldest modem is the parent modem.

Here, even if an independent network (LAN) is to be constructed for each of the houses H <b> 1 and H <b> 2, the in-house distribution lines 10 and 11 of the houses H <b> 1 and H <b> 2 are connected via the power line 100. Thus, signals from one network can reach the other network. Therefore, in order to make each network independent, data relating to a network identifier and / or an encryption key can be set as security information in each modem.
The network identifier is uniquely set for each network so as to distinguish its own and other networks, and modems belonging to the same network have a common network identifier. Further, modems belonging to the same network have a common encryption key so that signals cannot be read from outside the network.

Hereinafter, the configurations of the modems A and B will be described with reference to FIG. The configurations of the other modems C, D, E, and F are the same.
As shown in FIG. 2, the modems A and B are configured to be connectable to an outlet via power plugs 22a and 22b provided at the ends of power cords 21a and 21b extending from the modem casings 20a and 20b. ing.
The power cord 21 is connected to the power supply circuits 23a and 23b and the PLC transmission / reception units 24a and 24b in the modem device. The transmission / reception units 24a and 24b perform processing such as signal modulation and demodulation. The modem also includes control units 25a and 25b that control the transmission / reception units 24a and 24b and / or process transmission / reception data.

The modem performs communication by a frequency multiplexing method using a plurality of carriers (multicarrier) in a predetermined frequency band for power line communication. Specifically, the modem performs modulation using a modulation method called orthogonal frequency domain multiplexing (OFDM).
For this reason, the transmission / reception units 24a and 24b have a quadrature amplitude modulation (QAM) function. The transmission / reception units 24a and 24b distribute and assign data to be transmitted to each of a plurality of carriers, and carriers based on the assigned data. To modulate the amplitude (power) and phase. In the present embodiment, 2 MHz to 30 MHz is used as a frequency band in normal power line communication, and the number of carriers in the entire band (2 MHz to 30 MHz) is set to 2048 (N). However, the present invention is limited to this. It is not a thing.

  In addition, the control units 25a and 25b can give the control signals to the transmission / reception units 24a and 24b to appropriately increase or decrease the amplitude (power) of the carrier. This increase / decrease can be performed uniformly for all carriers, or can be performed for some carriers.

  Further, the transmission / reception units 24a and 24b have a quadrature amplitude demodulation function for demodulating the received signal. The transmission / reception units 24a and 24b are configured to recognize a carrier when the S / N of the received carrier is a certain value or more in order to distinguish noise. The control units 25a and 25b can determine the S / N level by giving control signals to the reception units 24a and 24b. It is also possible to determine and select a carrier effective for communication by setting a threshold value for S / N.

  The control units 25a and 25b include processing units (hereinafter referred to as “security setting processing units”) 25a-1 and 25b-1 that perform security setting processing for setting security information. The security setting processing units 25a-1 and 25b-1 recognize a network identifier and / or a function for automatically generating security information such as an encryption key, and a modem (a modem newly connected to the network) as a partner of the security setting processing. It has a function, a function for limiting the communication range for security setting, and a function for performing other processes necessary for security setting. These functions will be described later.

[Security settings between modems A and B (both modems are not set)]
The procedure for setting the security information between the modems A and B when the security information is not set for the modems A and B will be described below.

[Basic policy for modem connection]
When setting security information, the connection between a plurality of modems A and B for setting security information is short in distance and is not affected by the existing power line wirings 10 and 11 in the building (house). The basic policy.
For this purpose, a table tap (power tap) 30 may be used as shown in FIG. Here, the table tap 30 was wound on the main body portion 32 having a plurality of power plug insertion ports 31, 31, 31, the extension cord 33 extending from the main body portion 32, and the tip of the extension cord 33. The power obtained through the power plug 34 can be distributed to the power plugs connected to the insertion ports 31, 31, 31 of the main body 32.

  When the power plug 34 of the table tap 30 is connected to the wall outlet 16, and the power plugs 22a and 22b of both modems A and B are inserted into the insertion ports 31 and 31 of the table tap 30, the modems A and B are connected to each other. While the connection is very close and power is supplied from the existing power line 10 to the building (house) or the like, the wiring in the table tap body (the wiring in the building (in-house power line)) is between the modems A and B. A communication path that does not pass through the in-home power line 10 is ensured only through the power line further ahead of the terminal unit.

  Here, when the communication path between the modems passes through the in-house power line 10, signal attenuation occurs depending on the frequency band depending on the number and type of devices connected to the in-house power line 10 and the branch of the in-house power line 10. On the other hand, when the table tap 30 is used as shown in FIG. 2, it is hardly affected by the form of the existing in-home power line wiring 10, and an ideal communication path with little attenuation is secured in the entire frequency band.

  FIG. 3 shows another modem connection method that matches the basic policy of the modem connection. 3 uses a bifurcated (plurality) branch outlet 40 instead of the table tap 30 of FIG. The bifurcated branch outlet 40 includes a main body portion 32 having two (a plurality of) power plug insertion ports 31 and a power plug 44 projecting from the main body portion, and the extension cord 33 is removed from the table tap 30. Can be considered.

  Accordingly, if the power plug 44 of the bifurcated branch outlet 40 is inserted into the wall outlet 16, and the power plugs 22a and 22b of both modems A and B are inserted into the insertion ports 41 and 41 of the bifurcated branch outlet body 32, both modems A and B Is in a tightly connected state and is supplied with power from the existing power line 10 in a building (house) or the like, but between the modems A and B, the wiring P1 in the bifurcated branch outlet main body 32 (in-building wiring (in-house wiring) A communication path that does not pass through the in-house power line 10 is ensured only through the power line) further ahead of the terminal end of the power line).

FIG. 4 shows still another modem connection method that conforms to the basic policy of modem connection. 4 uses a wall outlet 16 having a plurality of insertion ports 51, 51 in place of the table tap of FIG. 2 and the bifurcated branch outlet 40 of FIG.
The wall outlet 16 of FIG. 4 has a plurality of insertion ports 51 and 51 so that a plurality of power plugs can be inserted in the same place. The wall outlet 16 is connected to the terminal end 10a of the in-house power line 10, and the wall outlet includes a wiring P2 that branches into two (plurality) of insertion ports 51 and 51 from the terminal end 10a. ing.

  Therefore, if the power plugs 22a and 22b of both modems A and B are inserted into the respective insertion ports 51 and 51 of the same wall outlet 16, both modems A and B are in a tightly connected state and are already installed in a building (house) or the like. While receiving power supply from the power line 10, only the wiring P <b> 2 in the wall socket 16 (the power line further ahead of the terminal end of the building wiring (home power line)) is passed between the modems A and B. A communication path that does not pass through the in-home power line 10 is secured.

[Power on both modems A and B]
In order to set the security information, the power plugs 22a and 22b of the modem A and the modem B are connected according to the policy shown in FIGS. 2 to 4, and the modems A and B are turned on (steps S11 and S21 in FIG. 5). . Since the modem does not have a power switch, power is turned on by connecting the power plugs 22a and 22b.
When the security information is set, the modems A and B are turned on (plugged in the power plugs 22a and 22b) almost simultaneously. The security setting process for both modems A and B starts when power is supplied to both modems A and B almost simultaneously. If the modem has a power switch, the power switches of both modems A and B may be turned on almost simultaneously with the connection states shown in FIGS.
In the following description, it is assumed that the modem A of the modems A and B is turned on slightly earlier, that is, the modem A is the parent modem.

[Recognizing the other party modem]
When the modem A is turned on slightly earlier than the modem B, immediately after the modem A is turned on, there is no other modem that the modem A can recognize, so that the function of the parent modem is activated in the modem A (step S12). ). At the same time as the function of the parent modem starts up in the modem A, the modem A periodically outputs a signal (search signal) for searching for a setting partner of the security setting process (step S13; recognition process). This signal is valid only for a certain period of time after the function of the parent modem is activated. If there is no response signal from another modem B within a certain period of time, modem A determines that there is no modem to be set. Security setting processing is not performed.
That is, both modems A and B need to be turned on before the fixed time has elapsed after the power of one of them is turned on.
If security information has not been set for both modems, communication from the other party search signal transmission (step S13) to the security information setting (steps S17, S25) is performed in plain text that is not encrypted.

  When the power supply modem B turned on with a slight delay recognizes the search signal from the modem A (step S22), the power supply modem B recognizes the modem A as a security setting partner and outputs a response signal to the modem A (step S23). . When the modem A receives the response signal from the modem B, the modem A recognizes the modem B as the other party of the security setting. Thus, both modems A and B recognize the other party. For mutual recognition, the modem B may further transmit a search signal, and the modem A may also transmit a response signal.

  When the security setting processing unit of each of the modems A and B recognizes the other party, it performs a communication range limiting process (steps S15 and S24). The communication range is limited by reducing the output power of the transmission signal by the transmission / reception units 24a and 24b or by reducing the reception sensitivity of the reception signal by the transmission / reception units 24a and 24b. By limiting the communication range, information leakage to others can be prevented and the secrecy can be improved. If both the output power and the reception sensitivity are reduced, the secrecy is further improved.

  When the output power of the transmission signal of the modem is lowered due to the limitation of the communication range, when the modems A and B mistakenly recognize other modems C, D, E, and F as the other party, communication becomes impossible. It is possible to avoid setting security information by mistake. That is, since the other modems C, D, E, and F are modems that are not connected according to the connection policy as shown in FIGS. 2 to 4, the signal attenuation is large and the output power of the transmission signal is reduced. Since the connection link is disconnected and communication becomes impossible, erroneous setting is avoided. On the other hand, if the modems A and B are connected according to the connection policy, the connection is maintained even if the output power of the transmission signal is reduced, so that the processing for setting the security information can be performed.

  When the reception sensitivity of the received signal of the modem is lowered to limit the communication range, even if the modems A and B mistakenly recognize other modems C, D, E, and F as the other party, the modems A and B When the reception sensitivity is lowered, the modems A and B cannot recognize signals from the other modems C, D, E, and F. Therefore, the modems A and B determine that the unrecognized partner is an inappropriate partner and disconnect the connection. On the other hand, if the modems A and B are in a tightly connected state, they can recognize each other's signals even if the reception sensitivity is lowered, so that the connection is maintained and the subsequent processing for setting security information is performed. It can be performed.

If the modems A and B can recognize each other, and the connection is maintained even when the communication range is limited, the process proceeds to setting of security information. First, the modem A that functions as a parent modem automatically generates security information (step S16). Security information such as network identifiers and encryption keys is generated by random numbers.
The generated security information is set in the modem A (step S17), transmitted to the modem B, and set in the modem B (step S25). In this way, security information is set in both modems by exchanging security information between the modems A and B.
Note that after the security information is set, encrypted communication is performed between the modems A and B.

[Limitation of frequency or carrier when security information is exchanged between modems]
When security information is exchanged between the modems A and B (steps S16 and S25), all signals over the entire band (2 MHz to 30 MHz) may be output as in normal power line communication. As shown in FIG. 6, when performing communication for transmitting a signal including “”, confidentiality is improved by narrowing the communication band to a specific frequency band Fa.
If the communication range is limited between the modems A and B by reducing the output power in the narrowed communication band Fa, communication with a modem that uses a frequency band other than the communication band Fa can be eliminated.

Further, when performing communication for sending a signal including security information, the secrecy is improved even if only a part of all carriers (1500) is used. For example, when there are carriers f1 to f11 as shown in FIG. 7 as carriers used in normal power line communication, among these carriers, some carriers f2, f4, f5 as shown in FIG. , F9 may be used.
If the communication range is limited between the modems A and B by reducing the power of the carriers f2, f4, f5, and f9 to be used, the modem that intends to use the carriers f2, f4, f5, and f9. Communication with can be eliminated.
Note that the amount of security information is not so large, so there is no problem in communication even if the frequency band or carrier is narrowed down.

  When the frequency band and carrier are narrowed as described above, the frequency band and carrier may be determined by both modems A and B. In addition, a predetermined frequency band or carrier in either modem A or B may be transmitted to the other modem A or B. Also, either modem A or B (preferably parent modem A) may determine the frequency band or carrier to be narrowed before transmitting the security information and communicate it to the other modem.

  Also, when narrowing the frequency band or carrier as described above, the frequency band or carrier used when exchanging security information with other power line communication devices is successively updated while exchanging security information. It may vary (frequency band or carrier hopping). Change pattern information indicating how to change the frequency band or carrier is automatically generated by one of the modems A and B (preferably the parent modem A) prior to the exchange of security information, and is transmitted to the other modems A and B. . Then, both modems A and B change the frequency band or carrier used when exchanging security information one after another according to the change pattern information. By performing such frequency band or carrier hopping, the confidentiality is improved.

[Modified example of security setting between modems A and B (both modems are not set)]
FIG. 9 shows a modification of the security setting procedure described above based on FIG. The modification of FIG. 9 differs from that of FIG. 5 in that the communication range is limited (steps S33 and S42) before the counterpart modem is recognized (steps S34, S35, S43, and S44). In this way, if the partner modem is recognized after limiting the communication range, it is possible to more reliably prevent misrecognition of the modem.
9 is the same as that of FIG. 5 in that the description is omitted.

[Related Art Disclosure 1]
The security setting procedure shown in FIG. 5 or 9 is started by turning on the power of both modems A and B (including turning on the power by turning on the power switch) (security setting start operation by turning on the power). Setting is easy, but either one of the modems A and B or both modems A and B is equipped with a switch for starting security setting (a switch other than the power switch), and the operation of the switch (security by the switch) The security setting procedure may be started by the setting start method.

[Security settings when adding modem C]
A case will be described in which the security information is set in the modem C for which security information has not been set when the security information has already been set in the modem A. Here, it is assumed that the modem A whose security information is already set functions as a parent modem.

First, the modems A and C are connected by the close connection method similar to the connection of the modems A and B shown in FIGS. With this connection, the modems A and C are turned on almost simultaneously (steps S51 and S61).
Here, the modem A is in a state of performing encrypted communication because the security information is already set, and communication with the modem C for which the security information is not set cannot be performed in the encrypted communication. . That is, the modem A cannot decode the signal of the modem C. Therefore, the modems A and C recognize each other in plain text that is not encrypted for a certain time after the power is turned on (steps S52, 53, S62, and S63).

Recognition of the other party and limitation of the communication range (steps S54 and S64) are performed in the same manner as the setting process shown in FIG. When the security information is exchanged between the modems A and C, since the security information is already set in the modem A, the modem A transmits the security information held by the modem A to the modem C in plain text (step) In step S55, the information is set in the modem C (step S65).
When the above processing is completed, the modem A returns to the encrypted communication, and the modem C starts the encrypted communication.

[Related Art Disclosure 2]
In the security setting procedure of FIG. 11 in the case of adding the modem C, the modem A whose security information is already set starts communication in plain text when the power is turned on (including the power switch ON) and performs the security setting. The timing for returning to the plaintext may be obtained by operating a switch for starting the security setting provided in the modem A (parent modem).

That is, when the switch for starting the security setting is operated while the modem A is in the encrypted communication state, the communication may be returned to the plaintext communication and the security setting procedure may be started. In this case, the modem A can perform security settings for the modem C at any time after the power is turned on.
Note that the modem C for which security information is not set may have a similar switch.

[Recognition of the other party modem in encrypted communication]
If the modems A and C are turned on almost simultaneously as shown in the security setting procedure of FIG. 10, the modems A and C are turned on when the modems are recognized and the security information can be set. Each time, the signal processing is performed in plain text for a certain time after the power is turned on. Therefore, a time that does not function as a modem for a certain period of time occurs.
Therefore, in the case of the tightly connected state shown in FIGS. 2 to 4 in accordance with the basic policy of connection, the security setting procedure shown in FIG. Is the timing to return to plaintext.

Specifically, as in FIG. 10, when setting security information in modem C between modem A for which security information is already set and modem C for which security information is not set, the basic policy for modem connection is followed. The modems A and C are connected by a close connection method similar to the connection of the modems A and B shown in FIGS.
However, it is not necessary for the modems A and C to be powered on almost at the same time, and the modem C can be powered on (step S81) at completely different timing after the modem A is powered on (step S71).

  When the modem A is turned on, the encrypted communication is performed (step S72). When the modem C is turned on in this state, the modem C uses the modem A as a trigger. A signal for starting the security setting process is transmitted to (another power line communication device) (step S82). This signal is not decoded as data, but for modem A to recognize the signal carrier. Since the modem A can recognize the presence / absence of the carrier from the modem C even in the encrypted communication state, the modem A recognizes the presence / absence of the connection of the modem C according to the basic policy of the modem connection by the carrier recognition. .

As this signal, for example, when all the carriers of a multicarrier signal (N, for example, N = 2048, 1500, 1024) are transmitted, the modems A and C are in a tightly connected state. Since a good communication path with low attenuation is secured in the band, the modem A can recognize all or most of the N carriers transmitted from the modem C (step S73).
Alternatively, when a part of all the carriers (N1 (<N), for example, N1 = 1600, 1024, 800) is transmitted as the signal, the modem A transmits the N carriers transmitted from the modem C. Can be recognized (step S73).
Thus, if the number of carriers N2 recognized by the modem A is equal to or greater than the predetermined number of carriers N or N1 transmitted by the modem C, the modem A approaches the modem A for security setting. As a result, the modem A can be decrypted (converted into plain text) (step S74).
N1 is preferably 1/3 or more of N, N1 is preferably 1/2 or more of N, and N1 is preferably 2/3 or more of N.
Also, the modem recognition number N2 of the modem A for the modem A to consider that the modem C is powered on close to the modem A for security setting is 70% or more of the number of carriers N or N1 transmitted by the modem C. Is preferable, more preferably 80% or more, and further preferably 90% or more.

  Further, as a signal for causing the modem A to start the security setting process, a signal having a predetermined carrier pattern constituted by only a part of predetermined carriers among all carriers of the multicarrier signal is adopted. In this case, if the predetermined carrier is recognized by the modem A, it is assumed that the modem C is powered on close to the modem A for security setting, and the descrambling of the modem A (return to plain text) ) Can be performed (step S74).

  In FIG. 11, the communication range limitation, counterparty authentication, transmission of security information, etc. after the descrambling by modem A is the same as the procedure shown in FIG.

[Related Disclosure 3]
In the security setting procedure of FIG. 11, instead of turning on the power of the modem C, an operation of a switch for starting the security setting process provided in the modem C may be employed. That is, when the switch for starting the security setting process is operated in the modem C, the modem C itself starts the security setting start process, and the other modem transmits the signal for starting the security start process. You may be made to do.
Further, not only the modem C but also the modem A may have such a switch.

[Modification of connection method according to basic policy of modem connection]
A modem A (parent modem) shown in FIG. 12 has an outlet 27a for security setting. By inserting the power plug 22b of the modem B (, C) into the outlet 27a of the modem A, the modem B can be supplied with power via the modem A, and the modem A can be connected to the modem A by the security setting transmission / reception unit 26a. Communication between A and B is possible.
The security setting can be performed by connecting the modem B to which the security information is to be set to the outlet 27a of the modem A. Even with such a close connection method, all the security setting procedures described above can be performed. Moreover, in the case of the connection method of FIG. 12, the communication path between the modems A and B is disconnected from the power line 10, so that it is not necessary to limit the communication range.

  The present invention is not limited to the above embodiment. The present invention can be variously modified without departing from the gist thereof.

It is a block diagram of a power line communication network. It is a figure which shows an example of the connection figure for the block diagram and security setting of a power line communication apparatus. It is a figure which shows an example of the connection state for a security setting. It is a figure which shows an example of the connection state for a security setting. It is a security setting procedure figure between modems AB. It is explanatory drawing of frequency band limitation. It is explanatory drawing of a multicarrier. It is explanatory drawing which shows an example of the carrier pattern using the one part carrier of a multicarrier. It is a figure which shows the modification of the security setting procedure between modem AB. FIG. 11 is a procedure diagram of additional setting of a modem C. It is a procedure figure of the modification of the additional setting of the modem C. It is a figure which shows the modification about the connection state for a security setting.

Explanation of symbols

A power line communication device B power line communication device C power line communication device 25a-1 security setting processing unit 25b-1 security setting processing unit

Claims (15)

A power line communication device that performs communication using a power line as a signal transmission path,
A processing unit for performing security setting processing for setting security information for ensuring security of power line communication is provided.
The processing unit starts the security setting process when power is supplied to the power line communication device. The processing unit performs a recognition process for recognizing the other party by searching for another power line communication apparatus that is a partner of the security setting process, triggered by power-on to the power line communication apparatus,
2. The power line communication apparatus according to claim 1, wherein security information is exchanged with another power line communication apparatus recognized as a counterpart and the security setting process is performed. The processing unit is in a state in which the communication range is limited than during normal power line communication, triggered by power-on to the power line communication device,
3. The power line communication apparatus according to claim 1, wherein the security setting process is performed by exchanging security information with another power line communication apparatus in a state where a communication range is limited.   4. The power line communication apparatus according to claim 3, wherein the processing unit limits the communication range by reducing the power of the transmission signal as compared with normal power line communication.   5. The power line communication apparatus according to claim 3, wherein the processing unit limits a communication range by lowering a reception sensitivity of a received signal as compared with normal power line communication.   The processing unit exchanges security information with another power line communication device by using a part of a frequency band used in normal power line communication or a part of a multicarrier used in normal power line communication. The power line communication apparatus according to any one of claims 1 to 5.   7. The power line communication apparatus according to claim 6, wherein a frequency band or a carrier used when security information is exchanged with another power line communication apparatus changes while security information is exchanged. .   The processing unit sends a signal for starting security setting processing for setting security information for ensuring security of power line communication to another power line communication device, when the other power line communication device is turned on. The power line communication apparatus according to claim 1, wherein the power line communication apparatus outputs to a power line communication apparatus. A power line communication device that performs communication using a power line as a signal transmission path,
A processing unit for performing security setting processing for setting security information for ensuring security of power line communication is provided.
The processing unit starts the security setting process when receiving a signal for starting the security setting process transmitted from the other power line communication apparatus when the power to the other power line communication apparatus is turned on. A characteristic power line communication apparatus.   When the carrier of the signal transmitted from another power line communication device for starting the security setting process is recognized, the security setting process is started by returning from the encrypted communication state to the plaintext communication state. Item 10. The power line communication device according to Item 9.   The said processing part starts the said security setting process, if it recognizes that the number of carriers contained in the multicarrier signal transmitted from the other power line communication apparatus is more than predetermined number. The power line communication device described.   The said process part will start the said security setting process, if it recognizes that the multicarrier signal transmitted from the other power line communication apparatus has only a predetermined | prescribed carrier. The power line communication device described. A power line communication device including a processing unit that performs security setting processing to ensure communication security with other power line communication devices,
The power processing unit is configured to perform the security setting process when power-on of the own power line communication device and power-on of another power line communication device are performed almost simultaneously. A method of performing security setting processing for setting security information for ensuring communication security between a plurality of power line communication devices,
A security setting method, wherein when a plurality of power line communication devices are powered on substantially simultaneously, the plurality of power line communication devices perform the security setting process. A method of performing security setting processing for setting security information for ensuring communication security between a plurality of power line communication devices,
While the plurality of power line communication devices obtain power from the power line in the building, the communication paths of the plurality of power line communication devices are ensured between the plurality of power line communication devices so as not to substantially pass through the power line in the building. Obtain a tight connection state where the power plug is connected to the power plug outlet,
In the tightly connected state, when power is turned on to a plurality of previous power line communication devices almost simultaneously, the plurality of power line communication devices perform the security setting process.

Images