JP2014048950A - Authentication method, server, and authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To allow secure utilization of a network connection on a fixed line of a fixed terminal from a portable terminal.SOLUTION: A portable terminal 2 preliminarily sets a utilization time and a MAC address to a server 1 (S1), and the server distributes an SSID and a password to the portable terminal 2 (S21) and distributes the SSID, the password, and the utilization time to a fixed terminal 3A or the like (S22 and S32). In response to a request for wireless LAN connection for Internet connection on a fixed line, which is accompanied by transmission of the SSID, the password, and the MAC address from the portable terminal 2 (S23 and S33), the fixed terminal 3A or the like permits the connection if the request is issued within the utilization time and the transmitted SSID and so on coincide with preliminarily distributed those (S24 and S34).

Description

  The present invention relates to an authentication method, a server, and an authentication system, which are suitable for home medical support and the like, and can securely connect a mobile terminal to a network via a fixed line of a fixed terminal.

  As an example of a general home-visit nursing system, EIR (Eil; company name / service name) of Non-Patent Document 1 and systems disclosed in Patent Documents 1 to 3 can be cited. In particular, EIR shows a home medical support system using mobile terminals. In such a system, there is no big problem in inputting simple information from a mobile terminal as a client, but when patient information accumulated for a long time is downloaded (DL) from a central server and viewed. When using 3G (3rd generation) lines used in mobile phones, DL takes time. In addition, the traffic increases, preventing other users from using the network.

  Here, it is conceivable to use a relatively high-speed wireless LAN (such as WiFi [registered trademark]) efficiently instead of the 3G line. As related technologies, Patent Documents 4 to 6 disclose a seamless switching method between a mobile network and a wireless LAN.

JP 2010-176371 A (Home medical support system) JP 2009-064401 (Support system enabling home medical care) JP2009-20794 (Home medical support system) Japanese Patent No. 2009-4657305 (communication system and communication terminal) JP 2009-147428 A (Method for switching connection to wide area / narrow area network, mobile terminal and program) JP 2011-199732 A (Wireless LAN system, mobile terminal and mobile terminal IP address switching method)

EIR, [online], <URL: http://www.eir-note.com/>

  However, the switching method has a problem that it cannot be used when there is no public wireless LAN service available near the patient's home. In addition, it is possible to use this access point when there is a fixed line at the patient's home and a wireless LAN, but it is generally difficult to use because there are passwords and MAC address authentication. In addition, there are security problems such as unauthorized use.

  An object of the present invention is to provide an authentication method, a server, and an authentication system that allow a fixed line to be used safely from a portable terminal in view of the above-described problems of the prior art.

In order to achieve the above object, the present invention provides an authentication method for connecting a mobile terminal to a network through a fixed line via a fixed terminal under management by a server, wherein the server includes identification information of the mobile terminal, A first step of receiving period information on which the mobile terminal is scheduled to be connected to the fixed terminal and generating authentication information of the mobile terminal; and the server sends the authentication information to the mobile terminal. A second step of distributing the authentication information, the identification information, and the period information to the fixed terminal, and the mobile terminal requests a network connection to the fixed terminal together with the identification information and the authentication information. And the fixed terminal sends the transmitted identification information and authentication information to the distributed identification information and the third information in response to the request. Consistent with the authentication information, if the reception of the request is within a predetermined time period based on the period information, characterized in that it comprises a fourth step to allow network connection by the mobile terminal.
In addition, the present invention is a server that executes the authentication method.

  Further, the present invention is a server for connecting a mobile terminal to a network via a fixed terminal via a fixed line, and the server connects to the mobile terminal identification information and the fixed terminal from the mobile terminal. The authentication information generation unit that generates the authentication information of the mobile terminal from the identification information and the authentication information is transmitted to the mobile terminal to enable the network connection. A mobile terminal setting unit configured to be set, and the identification information, the authentication information, and the period information are distributed to the fixed terminal, and the network by the mobile terminal only in a predetermined period based on the period information in the fixed terminal And a fixed terminal setting unit configured to permit connection.

  Furthermore, the present invention is an authentication system comprising the server, the mobile terminal, and the fixed terminal, wherein the mobile terminal is connected to the fixed terminal together with the identification information and the authentication information. In response to the request, the fixed terminal matches the transmitted identification information and authentication information with the distributed identification information and authentication information and receives the request based on the period information. When it is within the period, network connection by the portable terminal is permitted.

  According to the present invention, the Internet connection through the fixed line at the fixed terminal is permitted only from the mobile terminal registered in advance only within the predetermined period based on the period information set in advance. It can be used safely.

It is a figure for explaining the outline of the present invention. It is a block diagram of the authentication system containing the functional block of the server based on one Embodiment. It is a figure for demonstrating the authentication method which concerns on one Embodiment.

  FIG. 1 is a diagram for explaining the outline of the present invention. An authentication system 10 according to an embodiment of the present invention includes a server 1, a mobile terminal 2, and a plurality of fixed terminals 3A, 3B,... (Other than the 3A and 3B are not shown). In the figure, a plurality of portable terminals 2 are depicted, and this represents a state at each time point when the present invention is implemented in a single portable terminal 2.

  In FIG. 1, as a preferred example of the present invention, each fixed terminal 3A or the like is a fixed terminal of the patient (patient A or the like) in a patient's home receiving home medical care, and the user of the mobile terminal 2 An example in which a nurse who performs home-visit nursing and brings the portable terminal 2 to each patient's home is used. Similarly, the present invention can also be applied to doctor's visiting medicine.

  More generally, the present invention is not limited to medical treatment, etc., in a situation where each visit destination (each fixed terminal 3A, etc.) and its visit schedule are known in advance when the user who carries and uses the mobile terminal 2 goes out. Can be applied. The visit schedule may be a work schedule of a user who uses the mobile terminal 2. For example, the present invention can be applied to a case where home appliances, furniture, indoor equipment, and the like are repaired at each visit destination. As an example for explanation, it is assumed that home-visit nursing by a nurse is used.

  The server 1 is accessible from the mobile terminal 2 and the fixed terminal 3A that are clients via the Internet, and the management of each patient's visit schedule in the home nursing where the nurse brings the mobile terminal 2 Management of wireless LAN connection in the fixed terminal 3A etc. at the time.

  The mobile terminal 2 is a mobile terminal such as a mobile phone or a tablet, and has at least a wireless LAN connection function in order to connect to the fixed terminal 3A or the like. The fixed terminal 3A and the like are in each patient's house and have a function of providing fixed line Internet connection and wireless LAN connection. For example, an installed device having an access point such as an STB (Set Top Box) can be used as the fixed terminal 3A.

  In FIG. 1, the outline of the present invention is as follows in chronological order.

(1) Registration / setting before visiting Nurses can provide information on the schedule of home-visit nursing using mobile terminal 2 and information on mobile terminal 2 to enable wireless LAN connection at each visiting site. Register with Server 1. The server 1 generates authentication information for wireless LAN connection, and distributes it to the mobile terminal 1 and each fixed terminal 3A, 3B together with the visit time information. As will be described later, there are various modes for the distribution timing.

(2) The visiting nurse at Patient A's home brings the mobile terminal 2 and visits Patient A's home, which is the first destination, according to the set schedule, and performs home nursing. At this time, by using the authentication information set in advance in (1), the mobile terminal 2 connects to the fixed terminal 3A via a wireless LAN and connects to the Internet through the fixed line of the fixed terminal 3A.

  By connecting to the Internet via the fixed line, the nurse can connect to the Internet without using a wireless line such as 3G by mobile terminal 2 alone (however, mobile terminal 2 does not necessarily have the wireless line function other than wireless LAN). The patient A records etc. existing on the system used by the user can be viewed or updated at high speed.

(3) During the visit to patient B's home, the mobile terminal 2 can be connected to the Internet using the fixed line of the fixed terminal 3B at the patient B's home, which is the next visit destination, according to the set schedule. Thereafter, the Internet connection can be similarly made at the visit destination (4) [Patient C home] (not shown) that follows the set schedule.

  FIG. 2 is a configuration diagram of the authentication system 10 including the functional blocks of the server 1. Here, a fixed terminal 3 and a reference number are assigned to represent one of a plurality of fixed terminals such as fixed terminals 3A and 3B. The server 1 includes an authentication information generation unit 11, a mobile terminal setting unit 12, and a fixed terminal setting unit 13. FIG. 3 is a diagram for sequentially explaining the flow of the authentication method according to the embodiment of the present invention as steps S1 to S36.

  In FIG. 3, data related to each step (or group of steps) are added in columns C1 to C6, and in the upper flow, the reference position in the description in the form of a balloon is shown in the lower part enclosed in parentheses. Shows the specific contents. Details of the present invention will be described below.

(Step S1)
On the server 1, the mobile terminal 2 used by the nurse is set. For this setting, as shown in column C1, information on the nurse (generally the user who uses the mobile terminal 2), the MAC address of the mobile terminal 2 (generally the identification information of the mobile terminal 2), the visit time, and the visiting patient Are transmitted to the server 1.

  Here, a visit schedule is configured as shown in column C2 by the visit time and visit patient information. The schedule exists for each nurse, but the schedule of the nurse who uses the mobile terminal 2 (here, nurse “I”) is transmitted to the server 1. Note that the transmission source of the information may be the mobile terminal 2 or a schedule management system (not shown) used by the nurse A. The transmission information may be input by a person other than the nurse A.

  On the other hand, as shown in column C3 as “patient-IP address correspondence table”, server 1 holds in advance information on the IP address of each patient's fixed terminal (not as a patient, but as a subscriber to a fixed line). Therefore, it is possible to access and set the fixed terminals 3A, 3B and the like (implemented in steps S22 and S32 described later) in each patient's house.

  Using the transmitted information, the server 1 generates a “visit schedule table” including information for enabling temporary wireless LAN connection at each visited site as shown in a column C4. For example, for the nurse A who uses the mobile terminal 2, for the patient A, the patient A is first visited in the time zone "11: 00-12: 00" and the patient A's fixed terminal 3A SSID (service set ID) “aaa” and Pass (password) “bbb” as authentication information used when mobile terminal 2 connects to a wireless LAN, and MAC address as identification information of mobile terminal 2 used for authentication A visit schedule table including the information “ccc” is generated. Also for the next patient B, the time zone ("12: 00-13: 00"), SSID "ddd", password "eee" and MAC address "ccc" are prepared, and the subsequent items not shown in column C4 The same applies to patients.

  Thus, in step S1, a “visit schedule table” such as column C4 is generated. Note that the SSID and password as the authentication information may be randomly generated by the authentication information setting unit 11 (FIG. 2) of the server 1 for each fixed terminal 3A that is visited. The password may be set on the nurse side and included in the transmission information to the server 1 to be set in the server 1. In addition, since the MAC address has a similar function, generation or setting of a password may be omitted, but it is preferable not to omit it from the viewpoint of enhancing security.

  Regarding the schedule, in the column C4 and the like, only the time zone is shown under the assumption of the same day such as “11:00 to 12:00” for the convenience of explanation assuming a visiting nursing example. In general, the schedule in the present invention is given by period information as a time zone including the case of the length of the year, month, and day, and there may be a period across the day, month, and year.

(Steps S21 and S22)
The server 1 starts at the start time (11:00 in the example in the figure) of the visit time of the patient A's home, which is the first visit of the nurse using the mobile terminal 2, or a predetermined time before the start time ( For example, at 10:50) or later (for example, 11:05), information for enabling wireless LAN connection to the fixed terminal 3A is distributed to the mobile terminal 2 (step S21), and also to the fixed terminal 3A. Distribute (step S22).

  In addition, if it is before the predetermined time, it is possible to respond when the nurse arrives earlier than the schedule, etc. If it is after the predetermined time, the actual Internet connection will be delayed from the time of arrival at the patient's home on time It can be in a form that matches the actual situation. The information before and after the predetermined time may be set in advance in step S1 by an input from a nurse or the like.

  In step S21, the mobile terminal setting unit 12 (FIG. 2) of the server 1 distributes and sets the SSID and password to be used when connecting the wireless terminal 2 to the fixed terminal 3A to the mobile terminal 2. In step S22, the SSID, password, and MAC address used by the fixed terminal setting unit 13 (FIG. 2) of the server 1 when the mobile terminal 2 is connected to the fixed terminal 3A from the other terminals by making a wireless LAN connection. In addition, the visit time (that is, the use time of the wireless LAN) is distributed and set.

  Thus, information necessary for wireless LAN connection as shown in the column C5 is shared between the mobile terminal 2 and the fixed terminal 3A. It should be noted that steps S21 and S22 may be performed simultaneously as a single unit, or may be performed individually regardless of the previous or later. In particular, step S21 for the mobile terminal 2 may be performed immediately after step S1.

(Steps S23 and S24)
In step S23, the nurse arriving at the patient A's home and performing home-visit nursing transmits a wireless LAN connection request to the fixed terminal 3A from the portable terminal 2 he / she brought. At the time of the transmission, the SSID and password distributed to the mobile terminal 2 in step S21 and the MAC address of the mobile terminal 2 are transmitted together with the connection request, and the fixed terminal 3A receives them.

  The fixed terminal 3A, in step S24, the SSID, password and MAC address transmitted and received from the mobile terminal 2 in step S23 respectively match the SSID, password and MAC address distributed from the server 1 in step S22, and When the reception of the request in step S23 is within the visit time distributed from server 1 in step S22, the wireless LAN connection of mobile terminal 2 and the fixed line via fixed terminal 3A via the wireless LAN connection Allow internet connection. With this permission, the fixed terminal 3A can use a high-speed line.

  On the contrary, the connection is not permitted when at least one of the SSID, password, and MAC address does not match and when the request reception time of step S23 is outside the visit time. Therefore, access from terminals other than the mobile terminal 2 to which the nurse is linked as a user or access outside the visit schedule that is not supposed to be used even if access from the mobile terminal 2 is blocked. Is done. In this way, the use of the fixed line is permitted only from a predetermined terminal within a predetermined time zone, and the safety as the object of the present invention is achieved.

  To determine whether the request reception for the permission determination is within the visiting time, the schedule (usage time) received in step S23 may be extended by a predetermined time to meet the actual situation of visiting nursing. For example, when “11:00 to 12:00” is received as the usage time, the time zone for determining the connection permission may be “10:50 to 12:10”. The extended setting may be set in association with the normal usage time in step S1, and distributed in step S22.

(Steps S25 and S26)
The nurse who has completed the home-visit nursing and has finished the work of browsing or updating patient information through the high-speed line of the fixed terminal 3A, notifies the server 1 via the fixed terminal 3A (step S25) that the connection has been terminated through the high-speed line. The server receives the notification (step S26). Note that the notifications shown as the steps S25 and S26 may be made directly to the server 1 not via the high-speed line but via the 3G line of the mobile terminal 2 or the like.

  When the notification to the server 1 is completed in step S26, the fixed terminal 3A deletes the SSID, password and MAC address distributed and held in step S22, and the mobile terminal 2 receives the SSID distributed and held in step S21. Delete the password. The deletion may be executed voluntarily by the fixed terminal 3A and the mobile terminal 2, or may be executed by an instruction from the server 2.

  Thereafter, in the same manner as steps S21 to S26 for the fixed terminal 3A of the patient A, the steps S31 to S36 to which the corresponding numbers are assigned are executed for the fixed terminal 3B of the next patient B on the schedule, and the column C6 ( The information as shown in the column C5 in the case of the fixed terminal 3A) is shared between the mobile terminal 2 and the fixed terminal 3B, and the mobile terminal at the usage time “12:00 to 13:00” according to the schedule. 2 is connected to the fixed terminal 3B via a wireless LAN, and high-speed communication is possible. In addition, the same processing as in steps S21 to S26 is executed in each fixed terminal (not shown) after the next patient in the schedule order.

  Steps S21, S22, etc., in which the server 1 is the main, are executed at a predetermined timing based on the schedule set in step S1, and steps S23, in which the mobile terminal 2 (and the fixed terminal 3A, etc. responding thereto) are the main Since S24, S25, S26, etc. are executed in accordance with the actual progress of home-visit nursing, these prior relationships may be reversed with respect to the relationships shown in FIG. For example, distribution of step S31 and step S32 to the next patient B may be executed when patient A is on-site nursing and has not yet reached step S25 as a result of the extended nursing time from the beginning. If a connection request (step S33) at patient B's home can be executed within B's schedule time, no particular problem will occur. In addition, one of the other embodiments (1A) described later can better cope with such a situation.

  Hereinafter, various other embodiments of the present invention will be described. In addition, (1A), (1B), and (2) to (4) were given as headings, respectively.

  First, another embodiment of the distribution timing of wireless LAN connection information from the server 1 to the mobile terminal 2 and each fixed terminal 3A, 3B, etc. (steps S21, S22, S31, S32, etc. in FIG. 3) in the flow of FIG. Will be explained.

  (1A) In one embodiment, when the fixed terminal 3A is the first visit destination of a series of schedules, the fixed terminal 3A is distributed at the same timing as in FIG. For the above, the distribution timing of S31 and S32 is changed as follows.

  That is, instead of delivering at a predetermined time based on the schedule set in advance in step S1, the connection in the fixed terminal 3A of the previous visited destination is terminated, and after the server 1 receives the termination notification in step S26, step S31 and Perform S32 distribution. Here, after receiving the end notification, it may be delivered after the predetermined time set in advance in step S1 in consideration of the travel time to the next visited place, etc., or when the end notification is received, the end You may make it deliver immediately by using notification as a trigger.

  At this time, in the fixed terminal 3B or the like to be visited after the second, not only within the period set in advance in the schedule, but also in advance in the schedule starting from the time when the delivery after the end notification is received It is preferable to set the wireless LAN connection to be permitted including the length period, particularly when the schedule is delayed.

  In this case, even if the actual schedule for home-visit nursing fluctuates from what was set, a time zone in which wireless LAN connection is possible is set according to the actual schedule as appropriate, and the nurse corrects the schedule (execute step S1 again) There is no need to perform manual input.

  In addition, when the next visited place is not the continued visited place such as the next day or later, the delivery timing may be set as the first visited place similarly to the fixed terminal 3A in FIG. Or, in exactly the same way, the flow shown in FIG. 3 may be executed for each series of schedules for continuous visits.

  (1B) In one embodiment, wireless LAN connection information may be distributed to the mobile terminal 2 and the visited fixed terminals 3A, 3B in advance at the first stage of a series of schedules, for example, immediately after step S1. Good. In this case, the server 1 (fixed terminal setting unit 13), the fixed terminal 3A, 3B, etc. by the distribution, only in the visit time zone, or only in a predetermined time zone based on the visit time zone (with allowance before and after), It is set to permit connection to the portable terminal 2 that has transmitted a predetermined SSID, password, and MAC address. When using a predetermined time zone that allows for a margin, it may be set in step S1.

  (2) As another embodiment of the flow of FIG. 3, steps S25, S26, S35, S36 and the like may be omitted. That is, instead of notifying that the connection has actually ended and deleting various wireless LAN connection information at the end, the mobile terminal 2 and each fixed terminal are automatically The information may be deleted by 3A or the like.

  (3) Further, as another embodiment of the present invention, such as information distribution from the server 1 (fixed terminal setting unit 13) to the fixed terminal 3A or the like in steps S22 and S32, the following may be performed. That is, in addition to the distribution of the fixed terminal identification information (MAC address), authentication information (SSID and password), and visit time as described above, the Internet via a wireless LAN connection in the fixed terminal 3A etc. Information on access restriction at the time of connection may be distributed.

  For example, in the case of home-visit nursing, access to only a specified site (or group of sites) is permitted, such as permitting access only to the patient information management site used by the nurse, and other access is prohibited. Distribute the setting information. In addition, even in the case of various business visits, similarly, the setting information may be distributed so as to permit access only to sites that need to be accessed in the business.

  In the fixed terminal 3A and the like, by restricting the access destination of the mobile terminal 2 according to the setting information, it is possible to improve the security particularly in the case of business use. The setting information may be additionally set in advance in step S1. Further, when the visit ends and the fixed terminal 3A deletes the SSID, password, and MAC address for wireless LAN connection of the mobile terminal 2, the access restriction information may be deleted.

  (4) In the present invention, the connection between the portable terminal 2 and the fixed terminal 3A has been described as a wireless LAN. However, the present invention is also applied to a wired LAN connection by using authentication information or the like. Can be applied. Wireless LAN connection that does not require wiring connection work or the like is preferable from the viewpoint of enabling quick home-visit nursing.

  As described above, according to the present invention, the use schedule of the mobile terminal 2 and each fixed terminal 3A to be visited are linked by the server 1 so that the access point that can be effectively authenticated only at the time of visit is automatically set temporarily. Therefore, it is possible to use a high-speed line at the visited site in consideration of security. Therefore, it is possible to cope with the traffic increase problem of portable radio such as the 3G line of the portable terminal 2 that is becoming a problem in recent years.

  10 ... Authentication system, 1 ... Server, 2 ... Mobile terminal, 3,3A, 3B ... Fixed terminal

Claims (9)

An authentication method for connecting a mobile terminal to a network with a fixed line via a fixed terminal under the control of a server,
A first step in which the server receives identification information of the mobile terminal and period information on which the mobile terminal is scheduled to be connected to the network by the fixed terminal, and generates authentication information of the mobile terminal;
A second step in which the server distributes the authentication information to the mobile terminal and distributes the authentication information, the identification information, and the period information to the fixed terminal;
A third step in which the mobile terminal transmits a network connection request to the fixed terminal together with the identification information and the authentication information;
When the fixed terminal matches the transmitted identification information and authentication information with the distributed identification information and authentication information, and the reception of the request is within a predetermined period based on the period information. And a fourth step of permitting network connection by the portable terminal. There are a plurality (n) of fixed terminals, and the period information is configured as a schedule for sequentially connecting to the network through each fixed terminal,
In the first step, authentication information is generated for each fixed terminal,
The second to fourth steps are sequentially executed for each fixed terminal i (1 ≦ i ≦ n) according to the order of the schedule,
After the fourth step in the i-th fixed terminal, further comprising a fifth step of notifying the server that the mobile terminal has ended the network connection via the i-th fixed terminal,
2. The authentication method according to claim 1, wherein after the notification in the fifth step in the i-th fixed terminal, the second step for the i + 1-th fixed terminal is executed.   In the fifth step in the i-th fixed terminal, the i-th fixed terminal further deletes the distributed identification information and authentication information, and the mobile terminal distributes the authentication information distributed for the i-th fixed terminal. The authentication method according to claim 2, wherein the authentication method is deleted. The network connection is made through a wireless LAN connection of the mobile terminal to the fixed terminal,
The identification information is a MAC address;
4. The authentication method according to claim 1, wherein the authentication information includes an SSID.   5. The authentication method according to claim 1, wherein the period information is based on a work schedule of a user who brings the mobile terminal to the vicinity of the fixed terminal and uses the mobile terminal. The authentication method is intended for home healthcare support of healthcare workers,
The period information is based on a schedule when a medical worker brings the mobile terminal and performs home medical care for a patient having the fixed terminal,
6. The authentication method according to claim 1, wherein the network connection is intended for access to patient information.   A server that executes the authentication method according to claim 1. A server for connecting a mobile terminal to a network via a fixed line via a fixed terminal, the server including identification information of the mobile terminal from the mobile terminal and period information scheduled to be connected to the network by the fixed terminal And, receive
An authentication information generating unit for generating authentication information of the mobile terminal from the identification information;
In order to enable the network connection, a mobile terminal setting unit that transmits and sets the authentication information to the mobile terminal;
The fixed information is set so that the identification information, the authentication information, and the period information are distributed to the fixed terminal, and the network connection by the portable terminal is permitted only in a predetermined period based on the period information in the fixed terminal. And a terminal setting unit. An authentication system comprising the server according to claim 8, a mobile terminal, and a fixed terminal,
The mobile terminal transmits a request for network connection to the fixed terminal together with the identification information and the authentication information,
In response to the request, the fixed terminal matches the transmitted identification information and authentication information with the distributed identification information and authentication information, and the reception of the request is within a predetermined period based on the period information. And an authentication system that permits network connection by the portable terminal.