JP2008059182A - Authentication device and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an authentication device and method that allow even a device without user registration or device registration to access a home network. <P>SOLUTION: An access acceptance permitting part 101 accepts access from an external device connected to an outside network and permits the access if it is legitimate. A characteristic information obtaining part 104 obtains either information that a device connected to the home network has or information written in content that the device retains. A question generating part 103 generates one or more questions by using or combining pieces of information obtained by the characteristic information obtaining part. A question executing part 102 presents a user with the generated questions via the external device and determines whether or not answers to the questions from the user are right. The access acceptance permitting part 101 permits the access if the answers are right. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information device connected to a home network, and relates to an authentication apparatus and an authentication method for performing user authentication or device authentication in a system accessible from outside the home.

  In order to restrict external access to content or Internet home appliances placed in the home network, a method of performing authentication at the gateway by placing a gateway at the boundary between the home network and the Internet is widely used. . The authentication method includes various authentication methods ranging from a simple method in which a user ID and password are recorded on a gateway and password authentication is performed to a complicated method in which authentication is performed through an authentication server.

  For example, Patent Document 1 discloses a typical example of a conventional authentication device and authentication method. In the example disclosed in Patent Document 1, in order to place a home server in a home and view content in the home network from a mobile terminal outside the home, authentication data is registered in advance on the management server, and the authentication data Authentication is performed using (typically a user ID or password). In this case, the user is required to register authentication data in advance and input registered authentication information such as a user ID and a password when viewing the content.

  Also, the device authentication method disclosed in Patent Document 2 is different from Patent Document 1 in that a centralized management server for holding authentication information is not provided.

  However, in the point that “registration work” occurs in which an ID of a device used to connect to a device connected to the home network from outside the home is registered in advance in the home server in the home, Common. That is, in the conventional authentication method described above, it is necessary to register in advance something such as a user ID and password or device ID, which corresponds to authentication information, in an in-house authentication server or the like.

However, such “computer management” work of ID registration is not good for general consumers. Therefore, there can be considered a method in which an expert performs such computer management work. For example, an Internet service provider or home appliance manufacturer installs a management server for intensive user IDs and passwords outside the house, and the user requests registration management of user IDs and the like by user registration postcards at the time of product purchase. is there.
Japanese Patent Laying-Open No. 2003-37802 (page 9, FIGS. 1 and 2) Japanese Patent Laying-Open No. 2005-196790 (page 11, FIGS. 1 and 2)

  However, when the above-described method is used, although the "holding" of the user ID and password is reduced, for example, the period during which registration can be performed is limited to a certain period, or registration is performed only at a specific place such as a home appliance store. However, there are limitations such as being unable to perform, and there are drawbacks such as flexibility.

  Furthermore, even a certain degree of expert who can easily perform user registration from a computer can use only an authenticated device registered in advance. If you want to access a device, even if there is a device that can be accessed in terms of capacity, you cannot access the home if the device is not registered as an authenticated device in your home server in advance. There was a problem.

  The present invention has been made in view of the above points, and an authentication apparatus and an authentication method capable of securely accessing a home network even from a device that has not been previously registered by a user or registered in a relatively simple manner. The purpose is to provide.

  In order to solve such a problem, the authentication apparatus according to the present invention permits an access request from an external device connected to the second network whose access request destination is an existing device connected to the first network. A question execution means for transmitting a question to the external device that is an access request source, and comparing the user's answer and the correct answer to the question to determine whether the answer is correct, and the user's answer is If it is correct, an access acceptance permitting unit that permits the access request, a unique information obtaining unit that obtains device-specific information of the existing device, and the question and the correct answer based on the device-specific information A configuration is provided that includes question generation means for generating one or more pairs.

  According to this configuration, in response to a question created based on the unique information of an existing device connected to the first network that only a user who is familiar with the first network in the home can know everyday, the first in the home Answering via an external device connected to the second network outside the home who wants to access the device connected to the other network, and access to the existing device is permitted from the external device only when the answer is correct Therefore, in temporary access in situations where user registration and password setting are not performed in advance, or in situations where home appliance users with relatively low information literacy desire access to the first network in the house A legitimate user who is familiar with the first network in the house while providing a secure network connection at a certain level. Only the secure communication path from outside the home to home can perform authentication can be established.

  According to the present invention, it is possible to securely access the home network from a device that has not been registered in advance or registered in advance by a relatively simple method.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

(Embodiment 1)
FIG. 1 shows an example of the configuration of the home network system according to Embodiment 1 of the present invention and the configuration of the main part of authentication apparatus 100. As shown in the figure, the authentication apparatus 100 is connected to a first network 111 and a second network 110 via network I / Fs (Inter Faces) 106 and 105.

  In FIG. 1, a home IP (Internet Protocol) network that is typical in a general home is assumed as the first network 111. The first network 111 is not limited to a home IP network, but may be any other network that needs to restrict access from the outside, such as a company internal LAN (Local Area Network). But you can.

  As shown in the figure, a device 130 and a device 140 are connected to the first network 111. Hereinafter, a case where the device 130 is an IP network compatible telephone and the device 140 is a hard disk device will be described.

  In FIG. 1, the second network 110 is typically an external wide area network such as the Internet, another in-home IP (Internet Protocol) network connected via the Internet, or an in-house LAN (Local Area Network). Is assumed. Further, like the first network 111, the second network 110 is not particularly limited to the Internet or the like. As shown in the figure, a device 120 is connected to the second network 110.

  When an external device connected to the second network 110 tries to access an existing device connected to the first network 111, the authentication apparatus 100 determines whether the access request is valid and is valid. The access is permitted. In the present embodiment, the authentication method of authentication apparatus 100 is described by taking as an example a case where a user is trying to access device 140 connected to first network 111 via device 120 connected to second network 110. Will be described.

  The devices mentioned here are AV (Audio Visual) devices such as TVs, videos, DVD (Digital Video Disc) recorders, home appliances called white goods such as refrigerators and washing machines, PDA (Personal Digital Assistant), It refers broadly to information devices such as mobile phones, RFID (Radio Frequency Identification) tags, IC (Integrated Circuit) cards, electric devices such as light bulbs and batteries, and electric members. In the present invention, it is assumed that these devices have a network I / F, can be connected to the network, and can provide some service to the outside of the device.

  The service here refers to a function provided in a device that can be connected via a network. Specifically, it is provided by the distributed cooperative calculation mechanism such as SOAP (Simple Object Access Protocol), CORBA (Common Object Request Broker Architecture), and web services, etc., as defined in the DLNA (Digital Living Network Alliance) standard. A wide range of services is included.

  With reference to FIG. 1 again, the internal configuration of the authentication apparatus 100 will be described. As illustrated in FIG. 1, the authentication device 100 includes an access reception permission unit 101, a question execution unit 102, a question generation unit 103, a specific information acquisition unit 104, and network I / Fs (Interfaces) 105 and 106. It has.

  When the access permission request is notified from an external device connected to the second network, which is an external network, and the access permission request is received, the access reception permission unit 101 notifies the question execution unit 102 of the question execution request, When the check result for the question execution request is notified from the execution unit 102, it is determined whether or not to permit access according to the notified check result, and the access permission or the disapproval result is requested for access permission. Notify incoming devices.

  When the question execution request is notified from the access reception permission unit 101, the question execution unit 102 notifies the question generation unit 103 of the question generation request. Further, the question generated by the question generation unit 103 is displayed to the device that has requested access via the network I / F 105. Alternatively, it may be instructed to indirectly display a question to a device that has requested access through another module such as the access reception permission unit 101. Further, the question execution unit 102 receives the user's answer to the displayed question, checks whether the user's answer matches the correct answer to the question, and notifies the access reception permission unit 101 of the check result. Note that the check result is used to determine the validity of granting access rights. That is, if the answer from the user matches the correct answer, it is determined that the access from the external device is valid.

  When the question generation unit 103 receives the question generation request notified from the question execution unit 102, the question generation unit 103 notifies the specific information acquisition unit 104 of the specific information acquisition request, and the specific information acquisition unit 104 receives and acquires the specific information acquisition request. According to the information, a question for the user and a correct answer to the question are generated. For example, when the unique information acquisition unit 104 acquires the telephone number of a telephone connected to the first network 111, the question generation unit 103 includes a question “What is the telephone number?” A correct answer to this question is generated in pairs.

  The unique information acquisition unit 104 calls a service provided by a device connected to the first network 111 and acquires unique information held by the device. The “unique information” is information unique to the content held by the device or device, and is information that can distinguish the device or content from other similar devices or the same content. For example, the ID code for identifying each device corresponds to “unique information” here. The telephone number corresponds to “unique information” for the telephone, and the network address, IP address, MAC address, and the like correspond to “unique information” for the network device. The “unique information” is not limited to such a unique identifier, but the device manufacturing date, model name, manufacturer name, installation location (latitude, longitude, address or postal code, name of the installed room) Etc.) and various types of information such as the owner name and the administrator name are also used as “unique information”. Furthermore, when the device holds various contents such as moving images, still images, word processor software data files, etc., the information in the contents or even the meta information of the contents is “unique information”. Can be used as

  That is, the “unique information” in the present invention is not limited to the device ID uniquely assigned to the device, but also includes content-specific information that the device holds in real time. In short, all information that other devices and contents do not have can be “unique information” of the devices and contents. For example, when a certain device is an IP network compatible telephone and the telephone has a function of notifying a telephone number set in its own device or notifying an incoming / outgoing call history as a service, the telephone Not only the number but also the incoming / outgoing call history is “unique information” of the IP network compatible telephone. In addition, when the device is a hard disk recorder, the hard disk recorder is likely to store video content that records programs broadcast on television, but the recording date and time of the video content, TV channels, etc. Is also “unique information” of the hard disk recorder.

  Furthermore, not only alphanumeric information but also multimedia information can be “unique information”. For example, in the case of a hard disk recorder, a part of a moving image content and a snapshot are also “unique information” held by the hard disk recorder. Furthermore, when the address or postal code of the place where the device is installed can be acquired from the device such as the authentication device 100 or the network router, these are also “unique information”.

  FIG. 2 shows an internal configuration of the device 130 connected to the first network 111. As described above, in the present embodiment, the case where the device 130 is an IP network compatible telephone will be described.

  The device 130 includes a nonvolatile memory 131, a unique information response unit 132, and a network I / F 135, and can communicate with other devices via the first network 111.

  In the nonvolatile memory 131, a tag 133 called a telephone number and its number 134 are recorded as “unique information”.

  The unique information response unit 132 includes a module that provides a service that responds to a telephone number assigned to the device 130 that is an IP network compatible telephone according to a predetermined protocol (for example, the above-described SOAP or CORBA).

  That is, the device 130 which is an IP network compatible telephone provides a service for responding to its own telephone number in response to a request from a device outside the telephone.

  FIG. 3 shows the appearance of the device 120 connected to the second network 110. The device 120 is an Internet-compatible mobile phone (so-called browser phone), and includes a display 121, an input field 122, and an input key set 123. The display 121 displays various types of information, and the user can input a character string or the like in the input field 122 using the key set 123.

  Next, an authentication operation performed by the authentication apparatus 100 configured as described above will be described with reference to a sequence diagram shown in FIG. In the following, a case where the user tries to access multimedia content 141 in the hard disk device (device 140) connected to the first network in the home via the device 120 will be considered. The hard disk device (device 140) is a so-called network-compatible hard disk, and can be connected to the network by a single hard disk device and can read and write content held by the hard disk device via the network. To do.

  All access requests from external devices connected to the second network 110 outside the home to the devices in the first network 111 inside the home are accepted by the access acceptance permitting unit 101, and the access acceptance permitting unit 101 performs access. A decision is made whether to allow or not. At this time, the access is not permitted from outside the house until the access acceptance permitting unit 101 determines that the access is a legitimate access and is permitted.

  That is, when a user tries to access the device 140 from the device 120, the access request (401) output from the device 120 is determined by the access reception permission unit 101 as to whether or not to permit access. become.

  Specifically, when the access request (401) is received by the access reception permission unit 101, the question execution request (402) is notified from the access reception permission unit 101 to the question execution unit 102. When the question execution request (402) is notified from the access reception permission unit 101 to the question execution unit 102, the question generation request (403) is notified from the question execution unit 102 to the question generation unit 103.

  When the question generation request (403) is notified from the question execution unit 102 to the question generation unit 103, the unique information is acquired from the question generation unit 103 as specific information so as to acquire information related to a telephone number assigned to a home phone. An acquisition request (404) is notified to the specific information acquisition unit 104.

  Then, when the unique information acquisition request (404) is notified from the question generation unit 103 to the unique information acquisition unit 104, the unique information acquisition unit 104 sends an existing device connected to the first network 111 in the home to the existing device. A device search request (405, 406) for searching for a telephone type device is notified by broadcast. In FIG. 4, 405 indicates a device search request output to the device 130, and 406 indicates a device search request output to the device 140.

  The reason why the device search request is notified by broadcast is that the unique information acquisition unit 104 does not know what device is connected to the first network 111 in the home. Therefore, when the specific information acquisition unit 104 knows what device is connected to the first network 111 in the home, there is no need to notify the device search request by broadcasting, and the telephone type and It is only necessary to notify the phone number acquisition request directly only to the device that is grasped.

  In response to the device search request (405, 406), the device 130, which is an IP network compatible phone, responds with a “positive” response (407) indicating that the own device is a phone type device. Will be notified.

  When a “Yes” response (407) is notified from the device 130 to the unique information acquisition unit 104, the unique information acquisition unit 104 further notifies the device 130 of a telephone number acquisition request (408). When the telephone number acquisition request (408) is notified to the device 130, the telephone number 134 is notified from the device 130 to the unique information acquisition unit 104 as a response (409).

  In addition, acquisition of specific information is performed using existing standards for Internet home appliances such as UPnP (Universal Plug And Play), or using a communication protocol such as remote procedure call (RPC). You may be allowed to implement this interface yourself.

  Further, the device search request (405, 406) and the telephone number acquisition request (408) are unified as an attribute acquisition request, for example, so that only a device having the attribute “phone number” responds to this request. Good. In this case, since the device 140 does not have the attribute “telephone number”, the device 140 does not respond to the attribute acquisition request. However, since the device 130 has the attribute “telephone number”, the telephone number in response to the attribute acquisition request. 134 will be answered. As described above, various methods of implementing the unique information acquisition sequence are conceivable.

  In the above-described method for acquiring the unique information, the case where the unique information is dynamically acquired at the time of authentication has been described. However, the unique information may be acquired in advance. For example, the authentication apparatus 100 may acquire specific information from home appliances in advance at the time of activation, or the unique information acquired at the previous authentication may be cached and the cached unique information may be used. May be.

  In this way, when the telephone number 134 of the device 130 connected to the first network 111 in the home is notified to the specific information acquisition unit 104 as a response to the device search (405) (409), it is a response result. The telephone number 134 is notified to the question generating unit 103 (410). When the telephone number 134 is notified, the question generating unit 103 generates a question with the content “what is the telephone number” and a character string “0312345678” as the correct answer, and the question and the correct answer are paired. Is notified to the question execution unit 102 (411).

  By the way, various forms of expression of questions and correct answers based on unique information can be considered. For example, HTML (Hyper Text Markup Language) may be used, or an XML (eXtented Markup Language) format may be specified and used. Alternatively, it may be expressed by a structure such as a C language or an S expression in a LISP (LIStProcessing) language. In short, an appropriate format may be selected in consideration of a programming language supported by the authentication apparatus 100 according to the present embodiment, an operating environment, and the like.

  When the question execution unit 102 is notified of the question and the correct answer based on the unique information (411), the question execution unit 102 displays the question and input field 122 on the display 121 of the device 120 (412). The input field 122 is used for inputting an answer to the question. For example, when a web browser is operating on the device 120, the question execution unit 102 generates an HTML document that displays the question and the input field 122 on the browser. A question and input field 122 can be displayed on the display 121. Since various display methods can be considered, the programming language and the operating environment supported by the authentication apparatus 100 according to the embodiment are taken into consideration, as well as the question and correct answer expression format based on the specific information. And select an appropriate format.

  When the input field 122 for inputting the question and the answer to the question is displayed on the display 121 of the device 120 (412), the answer to the question displayed on the display 121 is displayed by the user of the device 120 as a key. Input is made using set 123 (420). In this embodiment, since the device 120 is a mobile phone, the shape of the key set 123 is the shape of a telephone key as shown in FIG. 3, and the user of the device 120 uses the key set 123. Although the case of inputting has been described, this is merely an example, and the present invention is not limited to this. That is, an answer to the question displayed on the display 121 may be input by using an input method that does not rely on keys using voice input or pen input.

  When the key set 123 is used by the user of the device 120 and the telephone number “0312345678” is input into the input field 122, the character string “0312345678” is notified to the question execution unit 102 (430). Then, the question execution unit 102 checks whether the correct answer notified from the question generation unit 103 matches the character string “0312345678” input by the user of the device 120.

  At this time, a user who wants to access the device 140 connected to the first network 111 in the home via the device 120 connected to the second network 110 outside the home, If you are familiar enough with the device connected to 111, you should definitely be able to enter the phone number 134 of the device 130.

  If it is determined as a result of the collation, the question execution unit 102 notifies the access acceptance permission unit 101 of “affirmation” as a response to the question execution request (402) (431).

  As a result, access permission (432) is notified from the access reception permission unit 101 to the device 120. Thereafter, a session between the device 120 and the device 140 is established (440), and the user can access the device 140 from the device 120.

  As described above, according to the present embodiment, unique information of an existing device connected to the first network that can be known only by a user who is familiar with the first network at home is acquired and acquired. Based on the unique information, create a question and a correct answer, present the created question to an external device connected to a second network outside the home who wants to access an existing device connected to the first network in the home, The presented question is answered via the external device, and when the answer result is correct, access from the external device to the existing device connected to the first network is permitted. As a result, in temporary access in situations where user registration or password setting is not performed in advance, or in situations where home appliance users with relatively low information literacy desire access to the first network in the house However, while providing a secure network connection at a certain level, only a legitimate user who is familiar with the first network in the house can perform authentication that can establish a secure communication path from outside the house to the house. it can.

  In the above-described embodiment, a question regarding a telephone number and a simple question form in which a user answers the question. However, the question form is not limited to this, and according to the obtained unique information, Various variations of questions can be considered.

  For example, when the device 130 has a service for providing a telephone number transmission history, the unique information acquisition unit 104 acquires the telephone number transmission history for the most recent week from the telephone number transmission history stored in the device 130. When the question generating unit 103 generates a question in which the most frequently used telephone number in the last week is the correct answer and makes the user answer the telephone number 134, This is also effective from the viewpoint of preventing unauthorized access, compared to the case where when the phone number 134 is in a state where the phone number 134 can be known, the question is such that the phone number 134 is a correct answer.

  In addition, when the unique information acquisition unit 104 can acquire the unique information regarding the longitude and latitude of the installation location of the device connected to the first network 111, the “longitude” and “latitude” are used as questions to determine the device 120. Display on the display 121 to let the user enter “Longitude” and “Latitude” as numerical values to answer, or display a map including the installation location, and point the installation location to the user with a pointing device or the like For example, the question generating unit 103 may create a question such that the unique information other than the telephone number is a correct answer, or a question in which a combination of a plurality of unique information is the correct answer. The same applies to the case where information relating to the postal code or address is acquired as unique information.

(Embodiment 2)
FIG. 5 shows an example of the configuration of the home network system according to Embodiment 2 of the present invention, and the configuration of the main part of authentication device 100. Components common to those in FIG. 1 are denoted by the same reference numerals as those in FIG. The authentication apparatus 100 shown in FIG. 5 employs a configuration in which a privacy information list DB 107 and a template DB (database) 108 are added to the authentication apparatus 100 shown in FIG. In addition to the devices 130 and 140 connected to the first network shown in FIG. 1, devices 150 and 160 are further connected to the first network shown in FIG.

  In the present embodiment, a case will be described in which the device 150 is a hard disk recorder and the last use date and time is held as the unique information 151, and the device 160 is a television and the last use date and time is held as the unique information 161. . In addition, it is assumed that the device 130 that is an IP network compatible telephone has the name of the first network 111 as a source identifier in addition to its own telephone number as the unique information 131. In the following description, the name of the first network 111 is described as “Matsushita family (reading: Matsushita)”.

  The privacy information list DB 107 stores a privacy information list in which “phone numbers” and “access destination names” are listed.

  The template DB 108 stores a template as shown in FIG. In the same figure, each part surrounded by a dotted line indicates a template 600, 610, 620, 630, 640. These templates 600, 610, 620, 630, 640 are used when the question generating unit 103 generates a question. Used.

  These templates are also used as guidelines when the unique information acquisition unit 104 acquires unique information. That is, the unique information acquisition unit 104 selects a template from the templates 600, 610, 620, 630, and 640 stored in the template DB 108, and enters a replaceable portion (or “hole portion”) of the selected template. Information to be acquired from the devices 130, 140, 150, 160 in the home.

  Note that FIG. 6 is merely a conceptual diagram and is represented as a display image for the device 120 for convenience of explanation. In practice, an appropriate format may be selected in consideration of the programming language in which the system operates, the operating environment, and the like. For example, if the template 600 is described using XML, it will be expressed as 700 in FIG. As an existing mechanism for describing a template, many technologies are known, including a server side script language such as PHP (PHP: Hypertext Processor), and these existing technologies are used. Create a template. Alternatively, the template may be created by determining the format itself in XML, or may be implemented with a structure such as C language.

  In FIG. 7, the “hole” portion 601 of the template 600 is described as “$ CEClass (TVSet) .name ()”, and the “hole” portion 611 is described as “$ CEClass (TVSet) .number ()”. ing. The unique information acquisition unit 104 replaces the “hole” portion 601 with the name “TV” for the TVSet, and the “hole” portion 611 with “1”, which is the number of televisions in the house. Then, after this replacement work, the question generation unit 103 converts the question and answer to the contents of “question: how many TVs are there” and “answer: 1”.

  In this way, the unique information acquisition unit 104 acquires information to be entered in the “hole” portions 601 and 602 of the template 600 from the devices 130, 140, 150, and 160 connected to the first network in the home. The In this sense, the template serves as a guideline when the unique information acquisition unit 104 acquires the unique information.

  Here, a supplementary explanation will be given regarding some templates. Templates 620, 630, and 640 are templates in a format for selecting an answer to a question (hereinafter referred to as “selection formula”). The replaceable portions 621 to 624 and 641 to 643 in the templates 620, 630, and 640 are used as answer options. For example, in the template 620, the correct answer to the question “What is the name of the access destination?” Is “Matsushita family” as described above, so the question generating unit 103 corrects the correct answer from the replaceable portions 621 to 624 of the template 620. The “hole” part where the branch “Matsushita family” is inserted is appropriately selected, and the remaining “hole” part is filled with erroneous answers such as “Tanaka family” or “Yamamoto family”. In addition, the branch of wrong answer may be generated dynamically using natural language processing technology, or an answer that is likely to be used as a wrong answer is held in advance. You may use as many as needed.

  Radio buttons 625, 631, and 644 are used by the user to select an answer from alternatives. In the templates 620, 630, and 640, the user selects an answer from the options using the radio buttons 625, 631, and 644 in consideration of the graphic user interface. However, the present invention is not limited to this, and the user selects one. Any interface may be used as long as it is clear that an answer is selected from options. For example, an interface that prompts the user to input a number assigned to each option and selects an answer from the option may be used.

  The template 640 is different from the other selection-type templates 620 and 630 in that the option is a video (still image). For example, when a refrigerator with a camera is connected to the first network 111, the internal information is captured by the unique information acquisition unit 104, and the captured internal image is a correct answer by the question generation unit 103. Questions and answer options are generated such that (for example, past images in the refrigerator, etc.) are wrong answers.

  In the above description, the template is recorded in the template DB 108 in advance and the template recorded in the template DB 108 is selected. However, the template is downloaded from the manufacturer's support site or the like, and the template DB 108 is downloaded. The recorded template may be changed / updated as needed. For example, when a new network compatible device capable of acquiring unique information is connected to the first network 111, a template of a question sentence that makes use of the unique information of the device can be downloaded from the new device itself. If the device can be downloaded from the manufacturer site of the device, there are a wide variety of questions. As a result, it becomes difficult for a user other than the user who is familiar with the first network 111 to answer correctly, and unauthorized access. It is very beneficial in terms of preventing

  Next, an authentication operation performed by the authentication device 100 configured as described above will be described. In the following, a case where a user tries to access multimedia content 141 in a hard disk device (device 140) connected to the first network in the home via the device 120 will be considered.

  As in the first embodiment, all access requests (401) from the second network 110 outside the home to the existing devices in the first network 111 inside the home are received by the access reception permission unit 101, and access permission is granted. The unit 101 determines whether to permit access. At this time, the access is not permitted from outside the house until the access acceptance permitting unit 101 determines that the access is a legitimate access and is permitted.

  When the access request (401) is received by the access reception permission unit 101, the access execution permission unit 101 notifies the question execution unit (402) of the question execution request (402). When the question execution request (402) is notified from the access reception permission unit 101 to the question execution unit 102, the question generation request (403) is notified from the question execution unit 102 to the question generation unit 103. The operation so far is the same as in the first embodiment.

  When the question generation request (403) is notified from the question execution unit 102 to the question generation unit 103, the question generation unit 103 first selects a template that is the basis of the question from the template DB 108. As a template selection method, a template that can be selected randomly or according to some rule from templates recorded in the template DB 108, or a template that can fill all “holes” of the template is selected. There is no particular limitation. Also, a plurality of questions may be asked to the user by selecting a plurality of templates. By increasing the number of questions, only users who are familiar with the first network can answer correctly, and unauthorized access can be reduced. In the following description, it is assumed that the template 620 is randomly selected by the question generation unit 103.

  When the template 620 is selected by the question generation unit 103, the question generation unit 103 further collates the privacy information list stored in the privacy information list DB 107, and the use of the template 620 is prohibited. Checked. As described above, the privacy information list DB 107 lists “phone number” and “access destination name” as privacy information. In the template 620, “name of access destination” is displayed as one of the answer options. Therefore, when the template 620 is used, the name of the access destination is directly presented to the second network outside the home as an answer option. However, the privacy information stored in the privacy information list DB 107 includes “access destination name”. Since “name” is listed, the use of the template 620 is prohibited. In other words, for the purpose of protecting privacy, by listing information that is not desired to be notified to the outside in the privacy information list DB 107, a template used for generating a question is limited.

  When the use of the template 620 is prohibited in this way, the template is selected again by the question generating unit 103 from the remaining templates excluding the template 620. In the following description, it is assumed that the template 630 is selected by the question generation unit 103.

  Unlike the template 620, the template 630 does not directly display the “access destination name”, but is a template in which the “initial letter of the access destination name” is selected from the characters attached to the radio button 631 and answered. . Therefore, as a result of checking the privacy information list stored in the privacy information list DB 107 by the question generation unit 103 and checking whether or not the template 630 is prohibited from use, it is determined that the template 630 can be used.

  When an available template is selected, a unique information acquisition request (404) is notified from the question generation unit 103 to the specific information acquisition unit 104 so as to acquire information related to “name of access destination” as specific information. Thereafter, as in the first embodiment, the search request is notified from the unique information acquisition unit 104 to the device connected to the first network 111 in the home, and the device 130 sends a “Matsushita family” to the search request. (Reading: Matsutake) ”(131) is notified to the unique information acquisition unit 104 regarding the name of the own device.

  When the device 130 notifies the unique information acquisition unit 104 of information about the name of the own device, information about the name of the own device is notified to the question generation unit 103, and the question generation unit 103 asks the question “name of access destination”. Answer options are created. When the template 630 is used, since the question is fixed, a new question is not generated. As shown in FIG. 6, “alphanumeric characters” and “asoso” are available as answer options. , “Ta ~ ho”, “other” are generated. In this case, “Ta-ho” is the correct answer.

  Then, the question execution unit 102 is notified of the question and the correct answer based on the unique information, and the input field 122 for inputting the question and the answer to the question is displayed on the display 121 of the device 120.

  By the way, when a user is asked a question using a selection type template, even if the user is not familiar with the first network, even if he selects an answer from the choices, “one choice” There is a potential problem that a high probability of becoming a correct answer. However, it is considered that the case of “answering correctly as if it is correct” can be eliminated by increasing the number of questions by combining a plurality of templates, and allowing access only when all questions are answered correctly.

  In the above description, when a plurality of questions are made, it is assumed that the user answers all of the questions. However, the user “selects a question that can be answered and answers only the question”. It is also possible to change to this method. The question sentence is generated based on the unique information of the device connected to the first network 111 in the house, but the user is not necessarily familiar with all the information in the house. As a result, there may be a case where the user cannot answer the question and is not permitted to access even though the user has a legitimate authority to access the device connected to the first network 111 in the home. However, by allowing the question generator 103 to generate a plurality of questions and allowing the user to select and answer some of the questions he answers, the right access authority can be obtained. It is possible to reduce the number of scenes where the access is not permitted.

  In addition, it can be said that fine access control can be realized if it is possible to arbitrarily set the range and time in which access is permitted according to the template.

  For example, let's say your parents and daughter are living together, and her daughter's room has her own hard disk recorder. It is natural that there are devices that do not want to be operated by each other even if they are family members, and it is often more appropriate for the daughter's heart to give access rights separately from the family shared device in the living room and the device in the daughter room right. In such a case, prepare a “template (group) for accessing the equipment in the daughter room” and a “template (group) for accessing the device in the living room”, and then “to access the device in the daughter room”. When a question generated using a template selected from “template (s)” is answered, access to the daughter room device is permitted. At this time, for example, if the daughter room device or content specific information is used as the daughter-only template, only the daughter himself / herself may be given access rights to access the daughter room device. it can. Thus, by generating a question using a template corresponding to the access range, it becomes possible to restrict access more precisely.

  In addition, an access upper limit time is set for each template, and when a question generated from a template is answered, access can be made only during the set access time, and the access time is limited. May be. This is because the difficulty of the question may vary depending on the template selected to create the question. In other words, by answering questions about information that only a limited number of users can know, such as family members and individuals, by allowing access for a relatively long time and setting the access time according to the difficulty level of the question, , Will be able to prevent unauthorized access.

  In addition, since authentication apparatus 100 and the authentication method according to the present embodiment are used when a temporary connection is desired from outside the house, it is not necessary to permit access for an unlimited period of time. Thus, preventing unnecessary access by setting the access upper limit time is also useful for preventing unauthorized access. When multiple questions are created using multiple templates, the maximum access upper limit time among the access upper limit times set for each template is used as the limit value, or the upper limit times of all templates are combined. The access time may be determined by an appropriate method according to the implementation status.

  As described above, according to the present embodiment, the question and answer options are generated based on the template. As a result, it is possible to create questions and answers smoothly so that the network load is not so much, and when preparing multiple templates that the correct information of the device is correct, Since a plurality of questions can be created, it becomes difficult for a user who does not have access authority to the first network 111 to answer correctly, and unauthorized access can be reduced. In addition, since the privacy information list and the template are checked and the question is generated without using the template touching the privacy information, information in the house leaks to a device connected to the second network 110 outside the house. Can prevent the risk of being done.

  It is also possible for older devices to download and update templates periodically, or to install templates that can utilize unique information unique to the connected device when connecting to the first network. It is possible to generate questions that have not been answered, and only legitimate users who have access rights familiar with devices connected to the first network can connect to the second network outside the home. Access from the connected device is permitted, and unauthorized access can be reduced.

  One aspect of the authentication apparatus of the present invention determines whether or not to permit an access request from an external device connected to the second network whose access request is an existing device connected to the first network. In the authentication apparatus, when a question is transmitted to the external device that is an access request source, a question execution means for comparing the user's answer and the correct answer to the question to determine whether the answer is correct, and when the user's answer is correct, Based on the device-specific information, a pair of the question and the correct answer is paired with an access acceptance permitting unit that permits the access request, a device-specific information acquisition unit that acquires device-specific information that the existing device has. The structure which comprises the question production | generation means produced | generated above is taken.

  According to this configuration, in response to a question created based on the unique information of a device connected to the first network that only a user who is familiar with the first network in the house can know everyday, the first in the house Answer via a second device connected to a second network outside the home that wants to access the device connected to the network, and connect to the first network from the second device only if the answer is correct The first network in which the home appliance user who has relatively low information literacy or the temporary access in a situation where user registration or password setting is not performed in advance is permitted. Even in a situation where access is requested to the user, the first network in the house is provided while providing a secure network connection at a certain level. Only authorized users familiar is able to establish a secure communication path from outside the home to home can be authenticated.

  In one aspect of the authentication apparatus of the present invention, the unique information acquisition unit acquires the unique information of an existing device different from the access request destination when a plurality of existing devices are connected to the first network. And the said question production | generation means takes the structure which produces | generates one or more pairs of the said question and the said correct answer based on the said specific information acquired from the existing device different from the said access request destination.

  According to this configuration, when the unique information of the existing device different from the access request destination is unique, only an authorized user who is familiar with the unique unique information of the existing device is allowed to make an access request. Authentication that can establish a more secure communication path from the home to the home can be performed.

  In one aspect of the authentication apparatus of the present invention, the specific information acquisition means acquires the specific information of a plurality of the existing devices when a plurality of existing devices are connected to the first network, The question generation means adopts a configuration in which one or more pairs of the question and the correct answer are generated based on the plurality of unique information acquired from the plurality of existing devices.

  According to this configuration, since a question can be generated using specific information of a plurality of existing devices, only a legitimate user who is familiar with the first network in the house is allowed to access, so Authentication that can establish a more secure communication path from the outside to the home can be performed.

  One aspect of the authentication apparatus of the present invention employs a configuration in which the device-specific information is information specific to the existing device or content held by the existing device.

  According to this configuration, only users who are familiar with the first network can connect to the second network outside the home, enabling a secure network connection at a certain level and preventing unauthorized access. can do.

  One aspect of the authentication apparatus according to the present invention employs a configuration in which the question generation unit generates an option including a correct answer to the question.

  According to this configuration, a user who requests access to an existing device connected to the first network via an external device connected to the second network can select the correct answer from the choices by performing a simple operation. 1 network can be connected.

  One aspect of the authentication apparatus of the present invention is the privacy in which the question generating means lists information or types of information to be hidden from the second network and external devices connected to the second network. An information list is provided, and for the unique information that matches the information or the kind of information described in the privacy information list, the question or the option is generated so that the unique information is not directly presented.

  According to this configuration, it is possible to avoid a situation in which information that is not desired to be known outside the house for privacy or security is disclosed to the outside via an external device connected to the second network. Can enhance privacy or security protection.

  In one aspect of the authentication apparatus of the present invention, the question generation means includes a private list in which information or types of information to be concealed are listed for the second network and an external device connected to the second network. A privacy information list, and for the specific information that matches the information or the type of information described in the private privacy information list, generates the question so that the user can input the answer, The question execution means adopts a configuration for determining whether the answer inputted by the user with respect to the question is correct or incorrect.

  According to this configuration, in order to answer questions regarding information that is not desired to be known outside the house for privacy or security, the user directly inputs and answers, so the external network connected to the second network outside the house Compared with a case where an option including private information is presented to the device, it is possible to reduce the risk of leakage of private information to the outside.

  One aspect of the authentication apparatus according to the present invention employs a configuration in which the question generating means includes a template and generates the question using the template.

  According to this configuration, a template that utilizes unique information unique to an existing device connected to the first network in the house is stored in advance, and a question is created using the template, thereby enhancing security. Can do.

  One aspect of the authentication apparatus of the present invention employs a configuration in which the template has a replacement part, and the unique information acquisition unit acquires information so as to fill the replacement part of the template.

  According to this configuration, since only the information that fills the replacement part of the template is acquired from the existing device connected to the first network, the unique information can be acquired in a short time.

  One aspect of the authentication apparatus according to the present invention employs a configuration in which there are a plurality of templates, and the question generation unit generates the question by changing the template for each access.

  According to this configuration, a different question for each access is asked to a user who desires access to a device connected to the first network in the house via an external device connected to the second network outside the house. Since the user is presented and access is permitted only when the user correctly answers a different question for each access request, security can be enhanced.

  One aspect of the authentication apparatus of the present invention employs a configuration in which the user selects the template in advance or at the time of access.

  According to this configuration, a legitimate user who has an access right to an existing device connected to the first network in the home is not permitted access and cannot access the first network unnecessarily. The user having the access right can be allowed to access smoothly.

  In one aspect of the authentication apparatus of the present invention, the specific information acquisition unit acquires the terminal type of the external device, the question generation unit estimates the display capability of the external device according to the terminal type, and the display The structure which produces | generates the said question according to ability is taken.

  According to this configuration, since the question is generated according to the display capability of the external device connected to the second network outside the home, the user can accurately grasp the question via the external device.

  One aspect of the authentication apparatus of the present invention employs a configuration in which the question generating means generates a question asking for a communication ID of the communication terminal when the existing device is a communication terminal.

  One aspect of the authentication apparatus according to the present invention employs a configuration in which the communication terminal is a telephone and the communication ID is a telephone number of the telephone.

  One aspect of the authentication apparatus of the present invention employs a configuration in which the communication ID is an IP address, a MAC address, or a network address part in the IP address.

  According to these configurations, since the communication ID that is always assigned to the communication terminal can be used as the unique information, the unique information can be acquired easily and reliably.

  One aspect of the authentication apparatus according to the present invention is that the unique information acquisition means includes, as the unique information, an installation location where the own device or the first network is installed, an address of the installation location, a part of the address, The postal code of the address is acquired, and the question generating means generates a question asking about the specific information or a combination of the specific information.

  In one aspect of the authentication apparatus of the present invention, the specific information acquisition unit acquires the name of the user of the existing device or how to read the name as the specific information, and the question generation unit includes all of the names. , A question that asks a part or initial, a question that asks how to read the name, or a question that includes these questions.

  In one aspect of the authentication apparatus of the present invention, the specific information acquisition unit acquires a video of the network camera as the specific information when the existing device is a network camera, and the question generation unit includes: A configuration for generating a question regarding the video of the network camera is adopted.

  According to these configurations, only a user who is familiar with the first network can answer correctly, and unauthorized access can be prevented.

  According to one aspect of the authentication apparatus of the present invention, the template is prepared for each group of the existing devices, and the question generation unit uses a template corresponding to the group to which the existing device to which the access request is made belongs. The access is permitted and the access acceptance permitting means adopts a configuration that permits access only to the existing device belonging to the group when the question is correctly answered.

  According to this configuration, a different template is used for each group of existing devices and a question is generated. Therefore, even a user who is familiar with the first network in the home can use each template for each existing device. Access restrictions can be set, and security can be enhanced.

  In one aspect of the authentication apparatus of the present invention, the template has an attribute of accessible time, and the access reception permission unit permits the access request only within the accessible time associated with the template. Take the configuration.

  According to this configuration, it is possible to limit the accessible time according to the difficulty level of the question created using the template, and to enhance security.

  The authentication device and the authentication method of the present invention are relatively simple methods, and can securely access a home network from a device that has not been previously registered by a user or a device, and are information devices connected to the home network. The present invention is useful for an authentication apparatus and an authentication method for performing user authentication or device authentication in a system accessible from outside the house.

The figure which shows the structural example of the network system which concerns on Embodiment 1 of this invention. Block diagram showing an internal configuration of a device connected to the first network system The figure which shows the external appearance of the device connected to a 2nd network system The figure which shows the sequence between each device and module which concerns on Embodiment 1. The figure which shows the structural example of the network system which concerns on Embodiment 2 of this invention. The figure which shows an example of the template which concerns on Embodiment 2. The figure which shows the example of mounting of the template which concerns on Embodiment 2.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Authentication apparatus 101 Access reception permission part 102 Question execution part 103 Question generation part 104 Specific information acquisition part 105,106 Network I / F
107 Privacy Information List DB
108 Template DB
DESCRIPTION OF SYMBOLS 110 2nd network 111 1st network 120 2nd device 121 Display 122 Input column 123 Key set 130 1st device 131,142,151,161 Unique information 132 Unique information reply part 133 Attribute 134 Attribute value 135 Network I / F
140,150,160 device 141 content

Claims (21)

An authentication apparatus that determines whether or not to permit an access request from an external device connected to a second network whose access request is an existing device connected to a first network,
A question execution means for transmitting a question to the external device that is an access request source, and determining correctness by comparing a user's answer to the question with a correct answer;
Access acceptance permitting means for permitting the access request when the user's answer is correct;
Unique information acquisition means for acquiring device-specific information of the existing device;
Question generating means for generating one or more pairs of the question and the correct answer based on the device-specific information;
An authentication device comprising: The unique information acquisition means includes
When a plurality of existing devices are connected to the first network, the unique information of an existing device different from the access request destination is acquired,
The question generating means includes
The authentication apparatus according to claim 1, wherein one or more pairs of the question and the correct answer are generated based on the unique information acquired from an existing device different from the access request destination. The unique information acquisition means includes
When a plurality of existing devices are connected to the first network, the specific information of the plurality of existing devices is acquired,
The question generating means includes
The authentication apparatus according to claim 1, wherein one or more pairs of the question and the correct answer are generated based on the plurality of pieces of unique information acquired from the plurality of existing devices. The device-specific information is
The authentication apparatus according to claim 1, wherein the authentication device is information unique to content existing in the existing device or the existing device. The question generating means includes
The authentication apparatus according to claim 1, wherein an option including a correct answer to the question is generated. The question generating means includes
A privacy information list listing information or types of information to be concealed from the second network and the external device connected to the second network;
The authentication apparatus according to claim 5, wherein the question or the option that does not directly present the unique information is generated for the unique information that matches information or a type of information described in the privacy information list. The question generating means includes
A private privacy information list listing information or types of information to be concealed from the second network and the external device connected to the second network;
For the specific information that matches the information or type of information described in the private privacy information list, generate the question so that the user can input the answer,
The question execution means includes
The authentication apparatus according to claim 1, wherein correctness / incorrectness of an answer input by the user with respect to the question is determined. The question generating means includes
With templates,
The authentication device according to claim 1, wherein the question is generated using the template. The template has a substitution moiety;
The unique information acquisition means includes
The authentication apparatus according to claim 8, wherein information is acquired so as to fill a replacement part of the template. There are multiple templates,
The question generating means includes
The authentication apparatus according to claim 8, wherein the question is generated by changing the template for each access. The authentication apparatus according to claim 8, wherein the user selects the template in advance or at the time of access. The unique information acquisition means includes
Get the terminal type of the external device,
The question generating means includes
The authentication apparatus according to claim 1, wherein the display capability of the external device is estimated according to the terminal type, and the question is generated according to the display capability. The question generating means includes
The authentication apparatus according to claim 1, wherein when the existing device is a communication terminal, a question for asking a communication ID of the communication terminal is generated. The authentication apparatus according to claim 13, wherein the communication terminal is a telephone and the communication ID is a telephone number of the telephone. The authentication apparatus according to claim 13, wherein the communication ID is an IP address, a MAC address, or a network address part in the IP address. The unique information acquisition means includes
As the unique information, obtain the installation location where the device or the first network is installed, the address of the installation location, a part of the address, the zip code of the address,
The question generating means includes
The authentication device according to claim 1, wherein a question for asking about the specific information or a combination of the specific information is generated. The unique information acquisition means includes
As the specific information, obtain the name of the user of the existing device or how to read the name,
The question generating means includes
The authentication apparatus according to claim 1, wherein a question that asks for all, a part, or an initial of the name, a question that asks how to read the name, or a question that includes these questions is generated. The unique information acquisition means includes
When the existing device is a network camera, as the specific information, obtain the video of the network camera,
The question generating means includes
The authentication device according to claim 1, wherein a question about the video of the network camera is generated. The template is prepared for each group of the existing devices,
The question generating means includes
Generating the question using a template corresponding to a group to which the existing device of the access request destination belongs;
The access acceptance permitting means is:
The authentication device according to claim 8, wherein when the question is answered correctly, access is permitted only to the existing device belonging to the group. The template has an attribute of accessible time,
The access acceptance permitting means is:
The authentication apparatus according to claim 8, wherein the access request is permitted only within the accessible time associated with the template. An authentication method for determining whether to permit access from an external device connected to a second network to an existing device connected to a first network,
Obtaining device-specific information of the existing device;
Generating one or more pairs of questions and correct answers to the questions based on the device-specific information;
Presenting the question via the external device and determining the correctness of the user's answer to the question;
An access step for accepting the access and allowing the access if the user's answer is correct;
An authentication method.

Images