JP2011150445A - Device for measurement - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an inexpensive and highly convenient device for measurement, wherein security is improved and communication is not made available immediately after log-in failure. <P>SOLUTION: This device for measurement is configured so that a storage password, a volatile password, and a key code obtained by encrypting the volatile password are stored in a memory 13, and when authentication with the storage password fails, in the case of the log-in authentication of a terminal 2 for control, a control part 12 notifies the terminal 2 for control of the key code stored in the memory 13, and when the password is transmitted from the terminal 2 for control, the transmitted password is collated with a volatile password, and when those passwords are matched, log-in authentication is permitted to generate and update the volatile password at random, and to generate and update the key code corresponding to the updated volatile password, and to update the stored password with a default password. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a measurement device that generates a predetermined signal and supplies it to an external device, and more particularly, to a measurement device that can improve user-friendliness and enhance security.

[Description of Prior Art]
The measurement device is an ultra-low noise signal generator that includes a synthesizer inside and supplies a specific signal to an external device in accordance with an instruction from a terminal connected by a LAN (Local Area Network). In addition to signal supply, there is also a type that performs measurement using an external device in response to an instruction from a terminal.

In a system including a measuring device, communication by socket communication is adopted.
In socket communication, a connection destination is specified using a combination of an IP address provided in a computer that performs communication using TCP / IP (Transmission Control Protocol / Internet Protocol) and a port number that is a subaddress (auxiliary address) of the IP address.

Normally, in TCP / IP communication, one IP address is composed of a plurality (usually 65,536) ports, and can be connected simultaneously with a plurality of addresses by combining with ports on other IP addresses. . When connecting, an IP address and port pair (socket) is specified.
Application software can send and receive data without worrying about the details of the communication procedure simply by specifying a socket and opening a line.

  When a terminal that monitors / controls a measurement device and a measurement device that generates a measurement signal communicate via a LAN, a password for connecting to the device is stored in advance in the measurement device. The terminal can communicate when the password is input and authenticated by the measurement device.

[Example of system equipped with measuring apparatus: Fig. 4]
A configuration example of a system including a measurement device will be described with reference to FIG. FIG. 4 is an explanatory diagram illustrating a configuration example of a system (measurement system) including a measurement device.
The measurement system shown in FIG. 4 includes a measurement device 1 and control terminals 2a and 2b, which are connected via LANs 3a and 3b, routers 4a and 4b, and the Internet 5. .

  In the configuration example of FIG. 4, the control terminal 2a is connected to the measurement apparatus 1 via the LAN 3a, and the control terminal 2b is connected to the measurement apparatus 1 via the LAN 3b, the router 4b, the Internet 5, the router 4a, and the LAN 3a. .

  The measurement apparatus 1 includes a synthesizer 11 that generates an ultra-low noise signal, a control unit 12 that is configured by a microcomputer or the like and controls the entire apparatus, an EEPROM (Electrically Erasable and Programmable Read Only Memory) 13 that stores a retained password, A protocol conversion module 14 that performs protocol conversion between TCP / IP and LAN, a LAN interface 15 that is connected to the LAN, and a maintenance interface 16 that is connected to a maintenance terminal (for example, the control terminal 2a) that performs maintenance of the measurement apparatus 1. I have.

  And the control part 12 starts the processing program memorize | stored in the memory | storage part inside a microcomputer, and while controlling the synthesizer 11 and outputting a predetermined signal, it communicates with the terminal 2 for control, various measurement, etc. Process.

The control terminal 2 is a computer including at least a control unit, a storage unit, a display unit, and an operation unit, and inputs measurement parameters and outputs instructions to the measurement device 1. Thus, the measurement device 1 is controlled and monitored. In some cases, the measurement result is acquired from the measurement apparatus 1 and displayed.
Furthermore, the control terminal 2a can be connected to the maintenance interface 16 to perform maintenance of the measuring apparatus 1.
The control terminal 2b is provided at a remote place, and controls and monitors the measurement device 1 by remote operation via a network.

[Password authentication: Fig. 5]
Normal password authentication will be described with reference to FIG. FIG. 5 is an explanatory diagram showing a normal password authentication process. The configurations of the measurement device 1 and the control terminal 2 are the same as those shown in FIG. 4, but in FIG. 5, for the measurement device 1, an EEPROM (“memory” in the drawing) 13 and a control unit 12. Only the protocol conversion module 14 is shown.
As shown in FIG. 5, the measuring device 1 is connected to the control terminal 2 via the Internet network or LAN, and performs password authentication when a communication start request is sent from the control terminal 2.

When a communication start notification is input from the control terminal 2 (S1), the measurement device 1 outputs a display for prompting password input to the control terminal 2 (S2), and the password is input at the control terminal 2. (S3), the control unit 12 of the measurement apparatus 1 compares the received password with the stored password stored in the memory 13 in advance and performs password verification (S4).
If the password is authenticated, the measurement device 1 notifies the control terminal 2 that the login state has been entered and displays it (S5). As a result, the control terminal 2 and the measurement apparatus 1 are in a communicable state.
On the other hand, if the password is not authenticated in step S4, communication is disabled, and thereafter, the control terminal 2 can no longer communicate with the measurement apparatus 1 again.

The measurement device 1 stores a default password at the time of factory shipment, and includes a password change command or the like that allows the customer to change the password arbitrarily after disclosing the default password to the customer and logging in.
The default password is stored in a non-volatile memory and is stored even if the retained password is changed.

[Operation when changing password: Fig. 6]
Next, the operation when changing the password will be described with reference to FIG. FIG. 6 is an explanatory diagram showing an operation when changing a password.
As shown in FIG. 6, when a password change notification is input from the control terminal 2 in the login state (S11), the measurement apparatus 1 outputs a display requesting input of an old password (OLD password) ( S12).

When the control terminal 2 transmits the OLD password input by the operator (S13), the control unit 12 of the measurement device 1 collates the stored password and the received password stored in the memory 13 (S14). If they match, the password authentication is OK and a display prompting the user to input a new password (NEW password) is output (S15).
Further, when the retained password does not match the received password in step S14 and the password authentication is NG, the measuring apparatus 1 displays and outputs a message for rejecting the password change to the control terminal 2.

After the process S15, the control terminal 2 transmits the NEW password input by the operator (S16).
When the measuring apparatus 1 receives the NEW password, it transmits a confirmation notification for confirming that the stored password is changed with the password (S17), and when the control terminal 2 transmits a password change confirmation notification (S18), the measurement is performed. The control unit 12 of the device for use 1 recognizes that the retained password is changed to the NEW password (S19).

Then, the control unit 12 of the measuring apparatus 1 updates the retained password stored in the memory 13 with the NEW password (S20), and displays password change information indicating that the password has been changed on the control terminal 2 ( S21).
Thereafter, login authentication is performed using a NEW password from the time of restarting the system.
In this way, the password change process is performed.

[Conventional login process: Fig. 7]
Next, processing at the time of login in the conventional measuring apparatus will be described with reference to FIG. FIG. 7 is a flowchart showing processing at the time of login in the conventional measuring apparatus.
As shown in FIG. 7, when the control unit 12 of the conventional measuring apparatus 1 receives a password after a communication start request (300), it reads the stored password stored in the memory 13 (302), The password received in the process 300 is verified (304).

It is determined whether or not the retained password and the received password match (306). If they match (OK), the control unit 12 accepts login as an OK process and sets the communication enabled state (308).
In process 306, if the retained password and the received password do not match, the input of the password is accepted up to a predetermined number of times. If the retained password and the received password still do not match (NG), As an NG process, login failure is displayed on the control terminal 2 (310). As a result, the measuring device 1 and the control terminal 2 are in a communication disabled state.

[When communication is disabled]
As described above, in the conventional measurement device, if you enter the wrong password when logging in due to forgotten password or incorrect password change, you will not be able to communicate again. Returning to is done.
For example, initialization is performed by control using a switch or a maintenance interface, and the retained password is returned to the default password.
As another method, the retained password can be changed by a special command for initialization.

  As technologies relating to system authentication, Japanese Patent Laid-Open No. 2001-136318 “Password Change and Reissue Method” (Applicant: Shizuo Nagashima, Patent Document 1), Japanese Patent Laid-Open No. 2003-140765 “Password Management Device, Password Management system, password management method, and program thereof (Applicant: NEC Corporation, Patent Document 2), Japanese Patent Application Laid-Open No. 2004-355332, “Login management system and method thereof” (Applicant: Kyocera Communication System Corporation, There exists patent document 3).

  Patent Document 1 stores an auxiliary password necessary for changing or reissuing a normal password in a system authentication method, notifies a password that is randomly changed according to a request, and uses the password from the notification source. It is described that an auxiliary password is obtained so that the normal password can be changed or reissued.

  Japanese Patent Application Laid-Open No. 2004-228561 describes that the system authentication method includes a new password that is updated at a certain timing separately from the normal password, and realizes security by notifying the new password.

  Further, Patent Document 3 includes first and second passwords in the system authentication method, and when communication is interrupted after logging in with the first password, re-login with the second password and update at random. Obtaining new first and second passwords is described.

JP 2001-136318 A JP 2003-140765 A JP 2004-355332 A

  However, with the conventional measurement device, all communications including login authentication are transmitted as text without encryption, so security is not sufficient, and passwords and communication contents are easy even in a closed LAN environment. There was a problem of being intercepted by.

  In addition, in the case of a conventional measurement device, if the method of initialization or change of the stored password is leaked, there is a risk of unauthorized access or obstruction easily, and further, communication becomes impossible due to authentication failure at login. In this case, there is a problem that it is necessary to dispatch a maintenance person for initializing the measuring device and changing the stored password, or to prepare an alternative device, and there is a cost for returning the communication.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide a measurement device that is low in cost and highly convenient without improving communication security and immediately disabling communication even when login fails. .

  The present invention for solving the problems of the conventional example described above is a measurement device that generates a predetermined signal and supplies it to an external device in accordance with an instruction from a terminal connected via a network, and stores data And a control unit that performs authentication processing of the terminal when a communication start request is received from the terminal, and the memory has a first password and a second password different from the first password. If the control unit stores the password received at the time of communication start request from the terminal against the first password, and matches, the login authentication is performed to enable communication, and when the password does not match Notifies the terminal of the key code obtained by encrypting the second password by a specific process, then checks the password received from the terminal against the second password, and if they match, logs in It is characterized in that a communicable state witness.

  Further, according to the present invention, in the measurement apparatus, when the control unit verifies the login with the second password, the second password is updated and the first password is stored at the time of shipment from the factory. It is characterized by updating with a default password.

  Further, according to the present invention, in the measurement apparatus, when the control unit performs login authentication by checking with the second password, the second password is updated and the terminal is prompted to change the first password. When a message is output and a password is received from the terminal, the first password is updated with the password.

  In the measurement apparatus, when the second password is updated, the control unit encrypts the updated second password, generates a key code, and stores the key code in the memory. It is said.

  Further, the present invention is characterized in that, in the measuring apparatus, the first password, the second password, and the key code are encrypted and stored in a memory.

  Further, the present invention is characterized in that, in the measurement apparatus, the control unit encrypts the key code and transmits it to the terminal, and receives and decrypts the encrypted second password from the terminal. .

  According to the present invention, a measurement device that generates a predetermined signal and supplies it to an external device in accordance with an instruction from a terminal connected via a network, the memory storing data, and the communication start request from the terminal And a control unit that performs authentication processing of the terminal, the memory stores the first password and a second password different from the first password, and the control unit The password received at the time of the communication start request from the terminal is checked against the first password, and if it matches, login authentication is performed to enable communication, and if it does not match, the second password is specified. The key code encrypted by the process is notified to the terminal, and then the password received from the terminal is checked against the second password. As a device for use, even if the user forgets or mistakenly changes the first password, it can be prevented from immediately becoming unable to communicate, improving user convenience, By transmitting and receiving a key code obtained by encrypting the second password, there is an effect that the second password can be prevented from leaking and security can be maintained.

  Further, according to the present invention, when the control unit verifies the login with the second password, the second password is updated, and the first password is updated with the default password stored at the time of shipment from the factory. Therefore, once you log in with the second password, you will not be able to log in with the same password again, and you will return to the factory default settings and log in with the default password recognized by the authorized user. This makes it possible to improve user convenience and maintain security.

  Further, according to the present invention, when the control unit verifies the login with the second password, the second password is updated, and a message prompting the terminal to change the first password is output. When the password is received from the terminal, the measurement device updates the first password with the password. Therefore, once logging in with the second password, the second password is used to prevent the login with the same password again. Only the user who has logged in can set a new first password, which improves the convenience for the user and improves the security.

  Further, according to the present invention, when the control unit updates the second password, the measurement device is configured to generate a key code by encrypting the updated second password and store it in the memory. When the authentication with the first password is rejected, the key code may be read from the memory and transmitted, and the key code can be transmitted quickly.

  Further, according to the present invention, since the first measuring device, the second password, and the key code are encrypted and stored in the memory, the memory is analyzed and the information is illegally obtained. Can be prevented.

  Further, according to the present invention, the control unit encrypts the key code and transmits it to the terminal, and receives and decrypts the encrypted second password from the terminal. There is an effect that the code and the second password can be transmitted and received safely.

1 is a configuration block diagram of a measuring apparatus according to an embodiment of the present invention. It is model explanatory drawing which shows the method of the password authentication in this measuring apparatus. It is a flowchart which shows the password authentication process of the control part 12 in this measuring apparatus. It is explanatory drawing which shows the structural example of the system (measurement system) provided with the apparatus for a measurement. It is explanatory drawing which shows a normal password authentication process. It is explanatory drawing which shows the operation | movement at the time of a password change. It is a flowchart which shows the process at the time of login in the conventional measuring apparatus.

[Outline of the embodiment]
Embodiments of the present invention will be described with reference to the drawings.
The measurement apparatus according to the embodiment of the present invention includes a volatile password that is temporarily used in addition to the retained password, and encrypts the volatile password when the retained password authentication fails at the time of login to the control terminal. The key code is transmitted to the control terminal, and the operator of the control terminal notifies the key manager to an external administrator such as the manufacturer of the measuring device, and the external manager decrypts the key code. Is converted to a volatile password and notified to the user of the control terminal, the control terminal logs in to the measurement device using the volatile password, and the measurement device is successfully authenticated with the volatile password. In this case, the volatile password is randomly changed internally and the retained password is used as the default password. The password can be re-authenticated, so communication is not immediately lost and the convenience can be improved. The key code that encrypts the volatile password is sent and received, and the volatile password is It is possible to improve security by changing as needed, and to strengthen countermeasures against unauthorized operation and obstruction of the device due to password leakage.

[Configuration of Measuring Device According to Embodiment: FIG. 1]
The configuration of the measurement apparatus according to the embodiment of the present invention will be described with reference to FIG. FIG. 1 is a configuration block diagram of a measuring apparatus according to an embodiment of the present invention.
The measurement apparatus according to the present embodiment (the main measurement apparatus) is used in a system as shown in FIG. 4, and the basic configuration and operation are the same as those of the measurement apparatus 1 shown in FIG.
As shown in FIG. 1, the measurement apparatus includes a synthesizer 11 that generates an ultra-low noise signal, a control unit 12 that performs an authentication process that is a feature of the apparatus, and a memory 13 that stores a password and the like used for authentication. A protocol conversion unit 14 that performs protocol conversion between the TPC / IP and the LAN, and a LAN interface 15.
In this measurement apparatus, the processing at the time of login authentication in the control unit 12 and the information stored in the memory 13 are partly different from the conventional one.

The characteristic part of this measuring apparatus will be specifically described.
[Control unit 12]
The control unit 12 is configured by a microcomputer or the like, and a processing unit (CPU) starts up a program stored in an internal memory and performs processing.
Then, in accordance with an instruction from the control terminal 2, signal generation setting and control and alarm monitoring are performed for the synthesizer 11. Further, in response to a request from the control terminal 2, the measurement using the connected external device is performed, and the measurement result is transmitted to the control terminal 2.

  And the process in the password authentication at the time of login in the control part 12 is the characteristic part of this measuring apparatus, and the process of the update of the volatile password mentioned later and the production | generation of a key code based on the said volatile password is performed. . The processing of the control unit 12 will be described later in detail.

[Memory 13]
The memory 13 stores the retained password and the default password in the same manner as in the past, but in addition to this, as a feature of this measuring device, a volatile password different from the retained password and the default password and a volatile password are encrypted. The key code is stored. The retained password corresponds to the first password recited in the claims, and the volatile password corresponds to the second password.

[Volatile password]
The volatile password, which is a characteristic part of the measurement device, is a password that is randomly changed, and is used when normal login authentication using a retained password is NG. As the volatile password, for example, an 8-digit character string or the like can be considered.
The volatile password is updated at random by the processing of the control unit 12. In addition, at the time of factory shipment, a randomly generated volatile password is stored in the memory 13.

In the measurement apparatus, the volatile password is newly generated and updated every time it is used, that is, whenever login authentication is performed using the volatile password.
This makes it difficult to crack passwords and enhances system security.

[Key code]
The key code is information transmitted from the measurement device 1 to the control terminal 2 when authentication with the retained password is rejected at the time of login authentication, and specifies the volatile password stored in the memory 13. It is generated by encrypting with encryption processing.
That is, a volatile password can be generated by acquiring a key code and performing a decryption process corresponding to a specific encryption process. The volatile password and the key code are stored in association with each other.

  Volatile password encryption processing (key code generation processing) is performed by the control unit 12, and the processing content is managed by an administrator such as the manufacturer of the measuring apparatus and is not disclosed to the user. The manufacturer of the device also manages a decryption process that is an inverse conversion of the encryption process. The contact information of the manager of the device manufacturer is notified to the user in advance.

In other words, the volatile password can be generated from the key code only by a legitimate authority holder such as the manufacturer of the measuring apparatus 1 and the volatile password generation algorithm is stored in the computer operated by the legitimate authority holder. When a key code is input, a volatile password is generated and output according to a conversion algorithm.
As a result, when a key code is sent / received over the network, even if the key code is leaked, it is impossible for anyone other than the authorized person to generate a volatile password from it, thus preventing unauthorized access. It is something that can be done.

Note that when the volatile password is updated, the control unit 12 immediately encrypts the volatile password to generate a key code, and stores the key code in the memory 13 in association with the volatile password.
As a result, if authentication with the retained password is denied at the time of login authentication, it is sufficient to read and transmit from the memory 13 without generating a key code by performing volatile password encryption processing each time. The key code can be transmitted.
Furthermore, since the key code is updated with the update of the volatile password, the key code once used cannot be used many times, and the safety of the system can be further enhanced.

[Password authentication in this measurement device: Fig. 2]
Next, password authentication in the measurement apparatus will be described with reference to FIG. FIG. 2 is a schematic explanatory diagram showing a password authentication method in the measurement apparatus.
As shown in FIG. 2, in the measurement apparatus 1, when the control terminal 2 logs in, first, authentication using the same retained password as shown in FIG. 5 is performed (S21 to S24).
If the authentication using the retained password is OK, the control unit 12 of the measuring apparatus 1 displays the login state as in the conventional case and accepts the start of communication (S25 ′).

On the other hand, when the authentication by the retained password is NG, the control unit 12 displays the login NG on the control terminal 2 (S25), reads the key code from the memory 13, attaches a message, and adds the message to the control terminal 2 (S26).
The content of the message is such that the key code is contacted to an administrator such as the manufacturer of the measuring apparatus 1 to obtain a volatile password and to log in again with the volatile password.

When the operator of the control terminal 2 obtains the key code in S26, the operator notifies the manufacturer of the key code by telephone or in writing.
After confirming that the user is a legitimate user, the manufacturer or the like generates a volatile password before being encrypted by decrypting the notified key code.
Then, the user is notified of the volatile password corresponding to the key code by telephone or in writing.
In this way, the user acquires a volatile password (S27).

  Then, when the volatile password is input at the control terminal 2, the control terminal 2 transmits the volatile password to the measurement device 1 (S28).

  When receiving the password from the control terminal 2, the control unit 12 of the measurement apparatus 1 compares the received password with the volatile password stored in the memory 13 (S29). 2 indicates that the log-in state has been entered, and makes a communicable state (S30).

Further, the control unit 12 of the measurement device 1 performs a process of randomly generating a volatile password, updates the volatile password in the memory 13 (S31), and further processes the generated volatile password with a predetermined process. The key code is generated by encrypting and the key code in the memory 13 is updated (S32).
As a result, the volatile password based on the key code once notified cannot be used many times.

Then, the control unit 12 updates the password retained in the memory 13 with the default password (S33). As a result, the retained password is in a factory-shipped state. Thereafter, the user can set a new held password by the same retained password update process as before.
This eliminates the need for special work for device initialization, shortens the period during which the device cannot be used, and improves convenience.

  Further, in S29, when the verification with the volatile password becomes NG for a predetermined number of times, as the NG process, the control terminal 2 and the measurement device 1 are notified of the login failure as in the conventional case. It becomes a communication impossible state.

Instead of updating the retained password with the default password in S33, a message prompting the user to set a new password is displayed on the control terminal 2, and the retained password is updated using the entered new password. Good.
In this way, password authentication is performed in the measurement apparatus.

  As a result, the user of the control terminal 2 logs in with the volatile password by acquiring the volatile password generated from the key code even when the retained password authentication is rejected due to the forgotten or erroneous change of the retained password. Therefore, it is possible to prevent communication from being disabled, to improve convenience, and to eliminate the cost for returning from communication disabled.

  Further, since the key code transmitted from the measuring apparatus 1 is recognized only by a legitimate administrator such as the manufacturer of the apparatus, the third party volatilizes the key code even if the key code leaks. It is extremely difficult to generate a secure password, and security in the system can be maintained.

[Processing of the control unit 12 in the measurement apparatus: FIG. 3]
Next, the process of the control part 12 in this measuring apparatus is demonstrated using FIG. FIG. 3 is a flowchart showing password authentication processing of the control unit 12 in the measurement apparatus.
As shown in FIG. 3, when the control unit 12 of this measurement device receives a password after a communication start request from the control terminal 2 (100), it reads the stored password stored in the memory 13 (102). The held password is compared with the password received in the process 100 (104).

  Then, the control unit 12 determines whether or not the retained password and the received password match (106). If they match (in the case of OK), login is permitted and communication is enabled as an OK process (110). ).

  If the retained password and the received password do not match in processing 106 (in the case of NG), the control unit 12 reads the key code from the memory 13 and transmits a message with the key code to transmit the control terminal 2. (S120).

And the control part 12 of the apparatus 1 for measurement waits for the input of the password from the terminal 2 for control (122).
When the password is received, the control unit 12 reads the volatile password from the memory 13 and collates the volatile password with the password received in the process 122 (124).

  As a result of the collation, when the volatile password and the received password do not match (in the case of NG), the control unit 12 notifies the control terminal 2 that login is impossible as an NG process (130). As a result, the measurement apparatus 1 and the control terminal 2 are in a communication disabled state as in the conventional case.

If the volatile password and the received password match in processing 124, the control unit 12 displays login OK as authentication OK and shifts to a communicable state (140).
Further, the control unit 12 randomly generates a volatile password to update the volatile password in the memory 13, and encrypts the volatile password to generate and update a key code (142).
Then, the control unit 12 updates the retained password with the default password, and returns the retained password to the factory default state (144). In this way, the processing of the control unit 12 of the measurement apparatus is performed.

[Encryption of memory]
In addition, in this measuring apparatus, it is also possible to encrypt a folder in which the security information of the password retained in the memory 13, the volatile password, and the key code is stored in order to increase the security of the security information.
In this case, an encryption / decryption processing program for security information is held in the control unit 12, and the control unit 12 reads the necessary information by decrypting the folder when necessary (for example, at the time of password authentication) After the process is completed, it is encrypted again.
Note that encryption may be performed for each piece of information, or the memory itself may be encrypted.
As a result, the data in the memory 13 can be analyzed to prevent unauthorized acquisition of a password or key code.

[Communication channel encryption]
Furthermore, when passwords and key codes are transmitted and received between the measuring apparatus 1 and the control terminal 2, it is encrypted and transmitted by SSL (Secure Socket Layer), etc., and is decrypted and read on the receiving side. You may do it.
This prevents passwords and key codes from leaking on the communication path and allows safe transmission / reception.

[Effect of the embodiment]
According to the measurement apparatus according to the embodiment of the present invention, the retained password, the volatile password, and the key code obtained by encrypting the volatile password are stored in the memory 13, and the control unit 12 performs the control. When the authentication with the retained password fails during login authentication of the control terminal 2, the key code stored in the memory 13 is notified to the control terminal 2, and then the password is transmitted from the control terminal 2. When the sent password and the volatile password are matched and matched, login authentication is permitted, the volatile password is randomly generated and updated, and a key code corresponding to the updated volatile password is generated. The measurement device updates the retained password with the default password, and the user forgets or mistakenly changes the retained password. Even can be prevented from becoming incommunicable state when gone, there is an effect that it is possible to significantly improve convenience.

  Also, according to this measuring apparatus, the key code decryption method is recognized only by the authorized person such as the measuring apparatus manufacturer or authorized administrator. Even if the key code is obtained, it is extremely difficult to decipher the volatile password from the key code, and it is possible to improve the security of the system and prevent unauthorized access and obstruction.

  Furthermore, according to this measuring apparatus, when authentication with a volatile password is performed, a volatile password is generated and updated each time, and a key code encrypted with the volatile password is generated and updated. As a result, the same volatile password cannot be used over and over, and the security can be improved.

  In addition, according to this measurement apparatus, it is possible to implement a system that can be implemented only by adding the processing of the control unit 12 and that can improve both user convenience and system safety at low cost. There is.

  Further, according to this measuring apparatus, the stored password, the volatile password, and the key code are encrypted and stored in the memory 13, and the control unit 12 decrypts the information when the information is necessary. Is read and used, and after the necessary processing is completed, it is re-encrypted, so that it is possible to prevent memory from being illegally obtained by analyzing the memory and to further improve security. There is.

  Furthermore, according to the system using the measurement device, the communication path between the measurement device 1 and the control terminal 2 is encrypted by SSL or the like, so that the password and the key code are communicated. It is possible to prevent leakage on the road and to further improve security.

  The present invention is suitable for an apparatus for measurement that can improve user convenience and enhance security.

  DESCRIPTION OF SYMBOLS 1 ... Measuring apparatus, 2 ... Control terminal, 3 ... LAN, 4 ... Router, 5 ... Internet, 11 ... Synthesizer, 12 ... Control part, 13 ... EEPROM (memory), 14 ... Protocol conversion module, 15 ... LAN interface 16 Maintenance interface

Claims (6)

A measurement device that generates a predetermined signal and supplies it to an external device according to an instruction from a terminal connected via a network,
A memory for storing data;
A control unit that performs authentication processing of the terminal when a communication start request is received from the terminal;
The memory stores a first password and a second password different from the first password;
The control unit collates the password received at the time of the communication start request from the terminal with the first password, and if it matches, login authentication is performed to enable communication, and if not matched, A key code obtained by encrypting the second password by a specific process is notified to the terminal, and then the password received from the terminal is checked against the second password. A measuring device characterized by the above.   The control unit updates the second password when the login authentication is performed by collating with the second password, and updates the first password with a default password stored at the time of shipment from the factory. Item 1. The measuring device according to Item 1.   When the control unit verifies the login with the second password, the second password is updated, a message prompting the terminal to change the first password is output, and the password is received from the terminal. Then, the measuring apparatus according to claim 1, wherein the first password is updated with the password.   4. The measuring device according to claim 2, wherein when the second password is updated, the control unit generates a key code by encrypting the updated second password and stores the key code in a memory. .   The measuring apparatus according to claim 1, wherein the first password, the second password, and the key code are encrypted and stored in a memory.   6. The measurement unit according to claim 1, wherein the control unit encrypts the key code and transmits the encrypted key code to the terminal, and receives and decrypts the encrypted second password from the terminal. apparatus.

Images