JP2017208721A - Communication system, communication method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication system, a communication method and a program, enabling a guest to use registered equipment without use permission by a host, with a simplified registration of connection destination information.SOLUTION: The communication method includes: storing the equipment information of equipment acquired from the equipment through a first network; storing identification information for use for authentication, which is acquired from a terminal device through a second network; outputting the stored identification information for the purpose of authentication; accepting input information which is input according to the output identification information; and according to the accepted input information, controlling a connection between the second network and the third network, on the basis of a notification of whether or not the connection of the terminal device to the third network is permitted, a communication result of the communication of the terminal device with the equipment through the first network, and the stored equipment information.SELECTED DRAWING: Figure 6

Description

  The present invention relates to a communication system for controlling communication, a communication method, and a program for causing a computer to execute the processing.

  As notebook PCs are becoming cheaper and smart devices are becoming more popular, users have more opportunities to carry these terminals and use the network at their destination. There are cases where a wireless LAN (Local Area Network) communication is provided for a user in a store or a facility, or a public wireless LAN access point is installed by a communication carrier. A user can use these to connect to a network and perform communication via the Internet.

  Even in the business field, it is useful to provide a network environment for guests who visit the office for meetings and the like. However, for security reasons, it is desirable for guests to be able to monitor available logs by limiting the available resources.

  In view of this, a technique has been proposed in which a guest's network use is distinguished using an SDN (Software-Defined Network) technique to limit the devices that can be used by the guest (see, for example, Patent Document 1).

  However, the above technique has a problem that the IP address of a device that can be used by a guest must be manually registered in advance as connection destination information. Further, the above technique has a problem that the use permission must be given by operation from the host, and if the operation is mistaken, the use permission is given to an unintended device.

  The present invention has been made in view of the above, simplifies registration of connection destination information, and allows a guest to use a registered device without giving permission to use the host, An object is to provide a method and a program.

  In order to solve the above-described problem, an embodiment of the present invention is a communication system that controls communication, and includes a first communication unit that communicates with a device via a first network, and a first communication unit. A first storage unit that stores device information of the acquired device, a second communication unit that communicates with the terminal device via the second network, and a second communication unit that is transmitted from the terminal device and passes through the second network. A second storage unit that stores identification information used for authentication acquired by the two communication units; an output unit that outputs the identification information stored in the second storage unit for authentication; and the output identification An input unit that receives input information that is input according to the information, a third communication unit that communicates with the device via the third network, and a terminal device to the third network according to the input information received by the input unit Whether to allow connections A notification unit that notifies the communication unit, a notification received from the notification unit, a communication result of communication via the first network between the terminal device and the device, received by the second communication unit or the third communication unit, Provided is a communication system including a control unit that controls connection between a second communication unit and a third communication unit based on device information stored in a first storage unit.

  According to the present invention, it is possible to simplify registration of connection destination information and use a device in which a guest is registered even if the host does not give permission for use.

The figure which showed the structural example of the communication system of this embodiment. The figure which showed the example of arrangement | positioning of the connection box and PC which comprise a communication system. The figure which showed the hardware constitutions of PC and a connection box. The block diagram which showed an example of the function structure of PC. The block diagram which showed an example of the function structure of the terminal device. The block diagram which showed an example of the function structure of the connection box. The sequence diagram which showed the 1st example of the process which registers the apparatus which a guest can use. The sequence diagram which showed the 1st example of the process which a terminal device performs near field communication connection with an apparatus, and permits communication. The sequence diagram which showed the 1st example of the process which makes a terminal device out of the communication range of an apparatus, and refuses communication. The block diagram which showed another example of the function structure of the connection box. The figure which showed an example of the apparatus information with which PC and a terminal device transmit / receive with an apparatus by near field communication. The flowchart which showed the 2nd example of the process which registers the apparatus which a guest can use. The flowchart which showed the 3rd example of the process which registers the apparatus which a guest can use. The flowchart which showed the 4th example of the process which registers the apparatus which a guest can use. The flowchart which showed the 5th example of the process which registers the apparatus which a guest can use. The flowchart which showed the 2nd example of the process which a terminal device performs near field communication connection with an apparatus, and permits communication. The flowchart which showed the 3rd example of the process which a terminal device performs near field communication connection with an apparatus, and permits communication. The flowchart which showed the 4th example of the process which a terminal device performs near field communication connection with an apparatus, and permits communication. The flowchart which showed the 5th example of the process which a terminal device performs near field communication connection with an apparatus, and permits communication. The flowchart which showed the 2nd example of the process which makes a terminal device out of the communication range of an apparatus, and refuses communication. The flowchart which showed the 3rd example of the process which refuses communication when a terminal device is out of the communication range of an apparatus.

  FIG. 1 is a diagram illustrating a configuration example of a communication system according to the present embodiment. This communication system includes a network 10 such as a LAN (Local Area Network) and performs communication using, for example, TCP / IP (Transmission Control Protocol / Internet Protocol) as a communication protocol. The network 10 is an intra-organization LAN or the like that is closed in an organization such as a company.

  The communication system includes devices 11 to 15 such as an IWB (Interactive White Board), MFP (Multi Function Peripheral), printer, server, projector, and the like connected to the network 10 and users in the organization (hereinafter referred to as internal users). PC 20 to be used. The devices 11 to 15 and the PC 20 have a wireless communication function using a wireless LAN such as Wi-Fi. The communication system includes access points 16 to 19 for connecting the devices 11 to 15 and the PC 20 to the network 10 by wireless communication. A wireless LAN such as Wi-Fi is a wireless communication technology with a communication distance of about 100 m.

  The PC 20 holds data such as images and can transmit the data to the devices 11 to 15 via the access points 16 to 19 and the network 10. The devices 11 to 15 can receive the data and display the data on a screen or a screen, or print and output the data.

  Here, all the devices 11 to 15 and the PC 20 are configured to be connected to the network 10 via the access points 16 to 19 by wireless communication, but are not limited to this, and are directly connected to the network 10. It may be.

  The devices 11 to 15, the PC 20, and the access points 16 to 19 connected to the network 10 are devices used in the organization and are authenticated in the organization. Since this authentication is received, these devices can communicate via the network 10 without being restricted.

  A user outside an organization such as another company (hereinafter referred to as an external user) visits a meeting, brings in a terminal device 21 such as a notebook PC, a tablet terminal, or a smartphone, and connects to a device in the communication system. You may want to use the device. Examples of using the device include an example in which an image held by the terminal device 21 is displayed on the IWB by an external user, an example in which the image is projected by a projector, and an example in which the image is printed and distributed.

  However, since the terminal device 21 used by an external user is a device outside the organization, the terminal device 21 is not authenticated by the organization and cannot be connected to the network 10. In order to make it possible to connect the terminal device 21 to the network 10, the communication system includes a connection box 22 as a connection device connected to the network 10.

  The connection box 22 has an access point function for enabling wireless communication by wireless LAN, and by this access point function, it is possible to communicate with the terminal device 21 which is a device outside the organization by wireless.

  The connection box 22 performs control to connect the terminal device 21 connected by wireless communication by wireless LAN and the network 10 or to disconnect the connection in response to an instruction from an internal user. Therefore, the connection box 22 connects the terminal device 21 and the network 10 only when receiving a connection permission instruction from an internal user, and can communicate with a device connected to the network 10. For this reason, the PC 20 used by the internal user is used as an authentication device.

  Note that communication with all of the devices connected to the network 10 may be possible, or devices that are permitted to be used may be specified in advance and communication with the specified devices may be enabled.

  With reference to FIG. 2, arrangement | positioning of PC20, the connection box 22, etc. which comprise a communication system is demonstrated. A company or the like has a plurality of areas 23 to 26 such as a work area where internal users work, a conference room where a meeting is held, and a break room. Necessary devices are arranged in each of the plurality of areas 23 to 26 and can communicate with each other via a closed network 10 such as an in-house network.

  In the example shown in FIG. 2, the area 23 is an area where an external user can enter. In the area 23, an access point 16 connected to the network 10, a device 11 and a device 12 wirelessly connected to the access point 16, and a connection box 22 connected to the network 10 are arranged. . In this example, the PC 20 used by the internal user and the terminal device 21 used by the external user are also shown in order for the internal user and the external user to make a meeting.

  Areas 24 to 26 are areas where external users cannot enter. In the areas 24 to 26, access points 17 to 19 connected to the network 10, devices 13 and 15 connected wirelessly to the access points 17 and 19, and devices 14 connected to the access point 18 by wire are arranged. ing.

  The connection box 22 receives authentication within the organization and can communicate with the devices 11 to 15 connected to the network 10 via the access points 16 to 19. The devices 11 and 12 arranged in the area 23 have a near field communication function such as NFC (Near Field Communication) and Bluetooth (registered trademark) LE. NFC is a short-range wireless communication technology with a communication distance of about 10 cm, and Bluetooth (registered trademark) LE is a power-saving short-range wireless communication technology with a communication distance of about 5 m.

  In FIG. 2, a range that can be communicated by the short-range wireless communication function of the devices 11 and 12 (hereinafter referred to as a communication range) is circled and shown. The communication range of the device 11 includes the access point 16 and the terminal device 21, and the communication range of the device 12 includes the PC 20. Incidentally, the devices 13 to 15 arranged in the areas 24 to 26 can also have a short-range wireless communication function, but the communication range does not overlap with the area 23.

  An internal user uses the PC 20 to register a device that can be used by an external user in advance. Here, the devices that can be used by external users are devices 11 and 12. The internal user moves the PC 20 within the communication range of the device 11, performs short-range wireless communication between the PC 20 and the device 11, and the PC 20 acquires device information of the device 11. Then, the PC 20 communicates with the connection box 22 via the access point 16 and the network 10 and registers the device information in the connection box 22. Similarly, the device information of the device 12 is registered.

  Since the device information of the devices 13 to 15 arranged in the areas 24 to 26 does not overlap with the area 23 as described above, the PC 20 in the area 23 cannot perform short-distance wireless communication. Information cannot be obtained. For this reason, the device information cannot be registered in the connection box 22.

  In order to use the device 11 or the device 12, the external user connects the terminal device 21 and the connection box 22 by wireless communication such as Wi-Fi. In this connection, the internal user transmits in advance an SSID (Service Set Identifier) necessary for identifying the access point function of the connection box 22 to the external user. When this access point function is used, encryption using a WEP (Wired Equivalent Privacy) key or the like does not have to be performed.

  The external user transmits a connection request from the terminal device 21 to the connection box 22. At this time, the external user is notified by some method of identification information used for authentication from the internal user. The method for notifying the identification information may be verbal, may be notified by a memo or the like, or may be notified by e-mail or the like. The external user inputs the notified identification information when transmitting the connection request. The terminal device 21 adds the input identification information to the connection request and transmits it.

  The connection box 22 stores the connection request and identification information received from the terminal device 21 in a memory or the like, and the PC 20 used by the internal user accesses the memory or the like to acquire the connection request and the identification information. Pass them on. This is because the connection of the terminal device 21 to the network 10 is not yet permitted at this point. The PC 20 accesses the connection box 22 at regular intervals, for example, and confirms whether a connection request and identification information are stored in a memory or the like.

  The PC 20 displays and outputs the acquired identification information, and the internal user sees it and confirms whether it is correct identification information. The internal user inputs whether or not to permit the connection of the terminal device 21 according to the confirmed result to the PC 20 and notifies the connection box 22 of it.

  When receiving a connection permission notification from the PC 20, the connection box 22 connects the terminal device 21 and the network 10, and the terminal device 21 is connected to the network 10 via the connection box 22. On the other hand, when the connection box 22 receives a notification of the connection non-permission from the PC 20, the connection between the terminal device 21 and the network 10 is maintained in a disconnected state.

  The terminal device 21 is connected to the network 10 when receiving a connection permission notification from the PC 20, but cannot communicate with all of the devices connected to the network 10. , 12. Further, the terminal device 21 must obtain permission in order to communicate with the registered devices 11 and 12.

  The terminal device 21 performs near field communication within the communication range of the device 11, acquires device information of the device 11, and transmits it to the connection box 22. The connection box 22 confirms whether the received device information is registered, and if registered, permits communication with the device 11. If communication is permitted, the terminal device 21 can communicate with the device 11 via the connection box 22 and the network 10.

  For example, the terminal device 21 periodically performs short-range wireless communication, acquires device information of the device 11, and transmits the device information to the connection box 22. For this reason, if the terminal device 21 moves out of the communication range of the device 11, the short-range wireless communication cannot be performed. Then, since the connection box 22 does not transmit the device information from the terminal device 21, the connection box 22 disallows communication with the device 11. As a result, the terminal device 21 cannot communicate with the device 11. The same applies to the device 12.

  Hereinafter, the configuration of each apparatus and the details of processing will be described. With reference to FIG. 3, the hardware configuration of the PC 20 and the connection box 22 constituting the communication system will be described. Since the hardware configuration of the terminal device 21 is the same as that of the PC 20, the description thereof is omitted here. As shown in FIG. 3A, the PC 20 includes, as hardware, a CPU 30, ROM 31, RAM 32, HDD 33, network I / F 34, input / output I / F 35, input device 36, display device 37, wireless LAN communication device 38, A range wireless communication device 39 is provided.

  The CPU 30 controls the entire PC 20 and executes programs stored in the ROM 31 and the HDD 33 for the control. Further, the CPU 30 executes a program for realizing processing such as device registration in the connection box 22, display of identification information, notification of connection permission or non-permission.

  The ROM 31 stores a boot program for starting up the PC 20, firmware for controlling operations of peripheral devices, and the like. The RAM 32 provides a work area for the CPU 30. The HDD 33 stores an OS, a program for realizing the above processing, data such as an image, and the like. The network I / F 34 is connected to the network 10 and controls communication via the network 10.

  The input device 36 is a device for inputting information such as a mouse and a keyboard. The display device 37 is one of output devices, and is a device for displaying information such as a CRT (Cathode Ray Tube), a liquid crystal display, and an organic EL (Electro Luminescence) display. The input / output I / F 35 controls input of information from the input device 36 and output of information to the display device 37.

  The wireless LAN communication device 38 is a device for performing wireless communication by wireless LAN, and the short-range wireless communication device 39 is a device for performing short-range wireless communication by NFC or Bluetooth (registered trademark) LE.

  As shown in FIG. 3B, the connection box 22 includes a CPU 40, a memory 41, a network I / F 42, and a wireless LAN communication device 43 as hardware. The CPU 40 controls the entire connection box 22 and executes a program stored in the memory 41 for the control. Further, the CPU 40 executes a program for realizing processing such as registration of device information, switching between connection and disconnection, and determination of permission to use a device. The memory 41 stores the above program and device information.

  The network I / F 42 is connected to the network 10 and controls communication via the network 10. The wireless LAN communication device 43 is a device for performing wireless communication by wireless LAN.

  With reference to FIGS. 4-6, the function with which PC20, the terminal device 21, and the connection box 22 are provided is demonstrated. The PC 20 has a functional unit realized by the CPU 30 executing a program. As the functional unit, a short-range wireless communication unit 50, a registration request unit 51, a request acquisition unit 52, an output unit as shown in FIG. As a display unit 53, an input unit 54, and a notification unit 55.

  When the short-range wireless communication unit 50 enters a communication range (a kind of network) of the device, the short-range wireless communication unit 50 performs short-range wireless communication with the device and acquires device information of the device. The device information includes a device name, an IP (Internet Protocol) address, a MAC (Media Access Control) address, and the like.

  The registration request unit 51 transmits the device information acquired by the short-range wireless communication unit 50 to the connection box 22 and requests registration thereof. This is because the device can be used by an external user.

  The request acquisition unit 52 acquires, from the connection box 22, the connection request and identification information that the connection box 22 has received from the terminal device 21 in wireless communication with the terminal device 21 through wireless LAN. The identification information may be any information that can be identified, and is information transmitted from the internal user to the external user in advance.

  The display unit 53 displays the identification information acquired by the request acquisition unit 52. The internal user confirms whether the displayed identification information matches the identification information transmitted to the external user. If they match, since the transmission source that transmitted the connection request is a correct external user, the connection of the terminal device 21 of the transmission source to the network 10 is permitted. On the other hand, if they do not match, the connection is not permitted because the user is not a correct external user. The internal user inputs permission or disapproval according to the result, and the input unit 54 receives the input as input information.

  The notification unit 55 notifies the connection box 22 of the information received by the input unit 54 via the access point and the network 10. The information to be notified is connection permission information for permitting connection or connection disapproval information for disallowing connection.

  The terminal device 21 has a functional unit realized by the CPU executing a program, and as the functional unit, a wireless LAN communication unit 60, a display unit 61, an input unit 62, a short-range wireless as shown in FIG. A communication unit 63 is included.

  The wireless LAN communication unit 60 establishes connection with the connection box 22 using the SSID transmitted from the internal user, performs wireless communication with the connection box 22 by wireless LAN, and transmits a connection request to the network 10. The display unit 61 displays a screen for allowing the external user to input identification information. The input unit 62 receives input of identification information from an external user. The wireless LAN communication unit 60 transmits the identification information received by the input unit 62 to the connection box 22 together with the connection request.

  When the short-range wireless communication unit 63 enters the communication range of the device, the short-range wireless communication unit 63 performs short-range wireless communication with the device, and acquires device information of the device as a communication result. This device information is device information (connection destination device information) of a connection destination device that an external user wants to use. The wireless LAN communication unit 60 transmits the connection destination device information acquired by the short-range wireless communication unit 63 to the connection box 22 by wireless communication using the wireless LAN.

  The connection box 22 has a functional unit realized by the CPU 40 executing a program. As the functional unit, a wireless LAN communication unit 70, an identification information storage unit 71, and a device information storage unit 72 as shown in FIG. A network communication unit 73 and a control unit 74.

  The wireless LAN communication unit 70 performs wireless communication with the terminal device 21 by wireless LAN, acquires a connection request and identification information, and stores them in the identification information storage unit 71. In addition, the wireless LAN communication unit 70 performs wireless communication with the terminal device 21 by wireless LAN, and acquires connection destination device information from the terminal device 21.

  The device information storage unit 72 stores the device information by the registration request unit 51 of the PC 20 and registers it as a device that can be used by an external user. The network communication unit 73 is connected to the network 10 and performs communication via the network 10. Devices 11 to 15 and PC 20 are connected to network 10 via access points 16 to 19, and network communication unit 73 can communicate with these devices 11 to 15 and PC 20. Therefore, the PC 20 can access the identification information storage unit 71 via the network communication unit 73 and acquire the connection request and identification information stored in the identification information storage unit 71.

  The control unit 74 controls the connection between the wireless LAN communication unit 70 and the network communication unit 73. The control unit 74 connects the wireless LAN communication unit 70 and the network communication unit 73 to connect the terminal device 21 or the like that performs wireless communication with the wireless LAN communication unit 70 to the network 10 and disconnects the connection. , Disconnect the device from the network 10.

  The control unit 74 receives a connection permission notification from the PC 20 and enables connection to the network 10. At this time, since communication with a device connected to the network 10 is not permitted, the terminal device 21 cannot communicate with the device via the network 10. The control unit 74 receives the connection destination device information from the terminal device 21 and determines whether to permit communication with the connection destination device.

  When the received connection destination device information matches the device information stored in the device information storage unit 72, the control unit 74 permits communication with the device having the connection destination device information. If they do not match, communication with the device having the connection destination device information is not permitted.

  The communication system determines whether or not to permit processing of a device that can be used by an external user and communication with a connection destination device specified by the external user by using the PC 20, the terminal device 21, and the connection box 22 including these functional units. The process to perform is performed. Details of these processes will be described with reference to FIGS.

  First, a process for registering a device that can be used by an external user will be described with reference to FIG. Here, a process in which the internal user uses the PC 20 and registers the device 11 in the connection box 22 will be described. The internal user carries the PC 20 and moves to a position that falls within the communication range of the device 11. As a result, the PC 20 performs a short-range wireless communication connection to the device 11 (S1).

  When the short-range wireless communication connection is established with the PC 20, the device 11 transmits the device information held by itself to the PC 20 as connection destination device information (S2). The connection destination device information is the IP address of the device 11 or the like. Upon receiving the connection destination device information, the PC 20 disconnects the short-range wireless communication connection (S3). Since it is not necessary to perform short-range wireless communication, the connection is disconnected here.

  Here, the PC 20 performs a short-range wireless communication connection and disconnects the connection, but the device 11 transmits the connection destination device information by broadcasting using advertising data or tokens used in Bluetooth (registered trademark) LE or the like. If so, the processing of S1 and S3 is not necessary.

  The PC 20 transmits the connection destination device information received from the device 11 as a communication result with the device 11 to the connection box 22 via the network 10 (S4). Upon receiving the connection destination device information from the PC 20, the connection box 22 stores the device information and registers it as device information of a device that can be used by an external user (S5).

  In the example illustrated in FIG. 7, the PC 20 performs a short-range wireless communication connection, acquires connection destination device information, and transmits it to the connection box 22, but is not limited thereto. The device 11 may perform a short-range wireless communication connection with the PC 20, and the device 11 may transmit its device information as connection destination device information to the connection box 22 as a communication result with the PC 20.

  Next, with reference to FIG. 8, a process in which the terminal device 21 performs near field communication connection with a connection destination device and permits communication is described. Here, it is assumed that an external user uses the terminal device 21, uses the device 11 as a connection destination device, connects to the network 10 via the connection box 22, and permits communication with the device 11 connected to the network 10. To do.

  The device 11 transmits information (communication range information) of the communication range of the device 11 to the terminal device 21 (S1). The device 11 transmits communication range information by broadcasting. When receiving the communication range information transmitted from the device 11, the terminal device 21 detects that it exists within the communication range of the device 11 from the communication range information. When detecting that the terminal device 21 is within the communication range of the device 11, the terminal device 21 performs a short-range wireless communication connection to the device 11 (S2).

  When the short-range wireless communication connection is established with the terminal device 21, the device 11 transmits the device information held by itself to the PC 20 as connection destination device information (S3). The connection destination device information is the IP address of the device 11 or the like. When receiving the connection destination device information from the device 11, the terminal device 21 disconnects the short-range wireless communication connection (S4).

  In this case, the terminal device 21 performs a short-range wireless communication connection and disconnects the connection, but the device 11 broadcasts connection destination device information using advertising data or tokens used in Bluetooth (registered trademark) LE or the like. In the case of transmission by S, the processing of S2 and S4 is not necessary.

  The terminal device 21 transmits the connection destination device information received from the device 11 to the connection box 22 by wireless communication by wireless LAN (S5). When the connection box 22 receives the connection destination device information from the terminal device 21, the connection box 22 refers to the registered device information. In this example, since the connection destination device is registered, the connection box 22 permits communication (S6). The connection box 22 can notify the terminal device 21 that communication is permitted.

  If permitted, the terminal device 21 communicates with the device 11 via the network 10 (S7). Communication at this time is performed from the terminal device 21 to the device 11 via the connection box 22, the network 10, and the access point 16.

  In the example illustrated in FIG. 8, the device 11 transmits communication range information, the terminal device 21 performs a short-range wireless communication connection, acquires connection destination device information, and transmits it to the connection box 22. It is not limited. The terminal device 21 may transmit communication range information, the device 11 may perform near field communication connection to the terminal device 21, and the device 11 may transmit its device information to the connection box 22 as connection destination device information. .

  With reference to FIG. 9, a process for disabling communication when the terminal device 21 is outside the communication range of the connection destination device will be described. Here, it is assumed that the external user uses the terminal device 21, the device 11 is the connection destination device, the terminal device 21 is out of the communication range of the device 11, and communication is not permitted.

  The device 11 transmits the communication range information of the device 11 to the terminal device 21 (S1). The terminal device 21 detects that it is out of the communication range from the communication range information transmitted from the device 11. Since the terminal device 21 is outside the communication range of the device 11, the short-distance wireless communication connection to the device 11 cannot be performed.

  The terminal device 21 transmits connection destination device information to the connection box 22 (S2). At this time, information that is outside the communication range and information that is an external user's device are also transmitted. When the connection box 22 receives these pieces of information from the terminal device 21, the connection box 22 is outside the communication range and is an external user's device, and therefore disallows communication with the connection destination device (S3).

  In the example illustrated in FIG. 9, the device 11 transmits the communication range information, and the terminal device 21 transmits the connection destination device information to the connection box 22, but is not limited thereto. The terminal device 21 may transmit the communication range information, and the device 11 may transmit the connection destination device information to the connection box 22.

  In the example shown in FIG. 9, the terminal device 21 transmits the connection destination device information in response to reception of the communication range information from the device 11. However, the present invention is not limited to this, and the timer function is used. You may transmit after predetermined time passes. In addition, the connection destination device information may be transmitted by an operation of an external user.

  Next, another embodiment of the communication system will be described. In this embodiment, the concept of SDN (Software-Defined Network) is applied to the connection box 22 described above. First, this SDN will be schematically described.

  SDN is a concept that enables the movement of data on a network to be controlled only by software. An organization such as a company can construct an original network by applying this SDN. In connection with SDN, there is a method for controlling network virtualization and communication on the virtualized network, and there is an open specification OpenFlow that does not depend on the vendor.

  Network virtualization is a technology that includes multiple components, such as virtual interface technology that makes one physical interface look like multiple or multiple physical interfaces, and virtual switch technology that connects and relays virtual interfaces. Is a collection of This network virtualization uses a combination of physical network devices, virtual network components, and protocol technology to virtually separate the logical network configuration from the physical network configuration and realize a flexible network configuration that is not tied to the physical configuration. To do.

  OpenFlow regards communication as an end-to-end flow, and can perform path control, load balancing, optimization, etc. for each flow. This OpenFlow is realized by changing to a centralized control type instead of analyzing and transferring each data packet in an autonomous and distributed manner in a relay device on the data communication path.

  In OpenFlow, a control plane that performs data analysis and control for determining and determining a transfer destination is separated from a data plane that is simply responsible for physical transmission of packets. The control plane is realized by an OpenFlow controller (OFC), and the OFC instructs a transfer rule. The data plane is realized by an OpenFlow switch (OFS), and transfers packets according to instructions of the OFC. Specifically, the OPS performs packet transfer according to the flow table of the OFS that is added and rewritten by the OFC.

  By using such a mechanism, OpenFlow can be used as a tool for controlling network virtualization.

  FIG. 10 is a block diagram showing a functional configuration of the connection box 22 according to another embodiment. The connection box 22 includes a wireless LAN communication unit 70, an identification information storage unit 71, a device information storage unit 72, a network communication unit 73, and a control unit 74 as functional units, and the device information storage unit 72 includes a transfer control table. 75 is stored. In addition, the control unit 74 includes a transfer control unit 76 corresponding to OPC and a transfer processing unit 77 corresponding to OFS.

  The transfer control unit 76 generates transfer control information including the condition of the packet to be transferred and information indicating the transfer destination of the packet according to the device information transmitted from the PC 20, and is stored in the device information storage unit 72. Write to the transfer control table 75. The transfer processing unit 77 controls the behavior of the relayed packet according to the transfer control information read from the transfer control table 75.

  With reference to FIG. 11, the apparatus information which PC20 and the terminal device 21 and the apparatus 11 transmit / receive by near field communication is demonstrated. The PC 20 acquires an IP address and a registered name that is the device name of the device 11 from the device 11 in order to register as a device that can be used by an external user. These are transmitted from the PC 20 to the connection box 22 via the network 10, and the connection box 22 registers in the transfer control table 75.

  The packet condition is, for example, a condition that the packet includes the IP address or registered name of the device 11, and the information indicating the transfer destination is the IP address or registered name. Since the IP address is necessary to actually transfer the packet, the information acquired by the PC 20 and registered in the transfer control table 75 may be only the IP address.

  This registration may be performed by the device 11. In this case, the device 11 determines that the short-distance wireless communication connection has been established with the PC 20 based on the identification information of the device 11, and transmits its own IP address and registered name to the connection box 22, and the connection box 22 displays the transfer control table. 75.

  When the terminal device 21 permits use of the device 11 to the connection box 22, device information is transmitted and received between the terminal device 21 and the device 11 by short-range wireless communication. When the short-distance wireless communication connection is made and the terminal device 21 makes a use permission request, the received IP address and registered name of the device 11 are transmitted to the connection box 22. After confirming that the device 11 is a device registered in the transfer control table 75, the connection box 22 grants communication permission between the terminal device 21 and the device 11.

  It is also possible for the device 11 to make a use permission request to the connection box 22 by performing a short-range wireless communication connection. In this case, the device 11 determines that the short-distance wireless communication connection with the terminal device 21 is made based on the identification information, and transmits the IP address and the registered name to the connection box 22. After confirming that the device 11 is a device registered in the transfer control table 75, the connection box 22 grants communication permission between the terminal device 21 and the device 11.

  Whether or not the device is registered in the transfer control table 75 can be determined by the registered name, but may be device identification information or an IP address. For this reason, the terminal device 21 or the device 11 transmits only the identification information or only the IP address to the connection box 22, and the connection box 22 can make a determination based on the information and give the communication permission.

  With reference to FIG. 12, the process of registering a device that can be used by an external user using the connection box 22 shown in FIG. 10 will be described. Starting from step 1200, in step 1205, the PC 20 connected to the network 10 by the internal user is moved to a position within the communication range where the short-range wireless communication of the device 11 is possible. In step 1210, it is determined whether the PC 20 recognizes the device 11 and enters the communication range of the device 11.

  When entering the communication range of the device 11, the process proceeds to step 1215, and the PC 20 performs a short-range wireless communication connection with the device 11 and determines whether or not the connection has been established. In step 1220, the PC 20 acquires device information from the device 11. In step 1225, the PC 20 disconnects the short-range wireless communication connection with the device 11.

  In step 1230, the device information acquired by the PC 20 is transmitted to the connection box 22. The device information is the IP address and registered name described above. In step 1235, transfer control information is generated based on the device information received by the connection box 22 and registered in the transfer control table 75. Then, the process proceeds to step 1240 and the registration process is terminated.

  If it is determined in step 1210 that the device 11 has not entered the communication range or if connection cannot be established in step 1215, the process proceeds to step 1240 and the registration process is terminated.

  In the example illustrated in FIG. 12, the PC 20 performs a short-range wireless communication connection with the device 11 and acquires device information from the device 11. However, the present invention is not limited to this, and the device 11 transmits the device information. You may acquire by receiving the apparatus information. Processing in this case will be described with reference to FIG.

  Starting from step 1300, in step 1305, the PC 20 connected to the network 10 by the internal user is moved to a position within the communication range where the short-range wireless communication of the device 11 is possible, and the PC 20 enters the communication range. To recognize the device 11. The device 11 transmits its own device information using Advertising data. In step 1310, it is determined whether the PC 20 that has entered the communication range of the device 11 has received advertising data transmitted from the device 11.

  When advertising data is received, the process proceeds to step 1315, and the PC 20 acquires device information from the received advertising data. In step 1320, the PC 20 transmits the acquired device information to the connection box 22. The device information is the IP address and registered name described above.

  In step 1325, the connection box 22 generates transfer control information based on the received device information and registers it in the transfer control table 75. Then, the process proceeds to step 1330 and the registration process is terminated. If the advertising data is not received in step 1310, the device information cannot be acquired, so the process proceeds to step 1330, and the process ends without registration.

  In the example shown in FIGS. 12 and 13, the PC 20 transmits the device information to the connection box 22, but the device 11 may transmit the device information to the connection box 22 and register it. Processing in this case will be described with reference to FIGS.

  FIG. 14 illustrates an example in which short-range wireless communication connection is performed and device information is transmitted and received. FIG. 15 illustrates an example in which the device 11 transmits its own device information using Advertising data. First, the example shown in FIG. 14 will be described. Starting from step 1400, in step 1405, the PC 20 connected to the network 10 by the internal user is moved to a position within the communication range where the short-range wireless communication of the device 11 is possible. In step 1410, it is determined whether the PC 20 recognizes the device 11 and enters the communication range of the device 11.

  When entering the communication range of the device 11, the process proceeds to step 1415, and the device 11 performs a short-range wireless communication connection with the PC 20 and determines whether or not the connection has been established. In step 1420, the PC 20 transmits its own device information to the device 11. In step 1425, the device 11 disconnects the short-range wireless communication connection with the PC 20.

  In step 1430, the device 11 transmits its own device information and the device information of the PC 20 to the connection box 22. The device information is the IP address and registered name described above. In step 1435, the connection box 22 confirms from the received device information of the PC 20 whether the partner of the short-distance wireless communication connection is the PC 20. If it is the PC 20, the process proceeds to step 1440.

  In step 1440, the connection box 22 generates transfer control information based on the received device information of the device 11 and registers it in the transfer control table 75. Then, the process proceeds to step 1445, and this registration process is terminated.

  If it is determined in step 1410 that the device 11 has not entered the communication range or if connection cannot be established in step 1415, the process proceeds to step 1445 and the registration process is terminated.

  Next, the example shown in FIG. 15 will be described. Starting from Step 1500, in Step 1505, the PC 20 connected to the network 10 by the internal user is moved to a position within the communication range where the short-range wireless communication of the device 11 is possible, and the PC 20 enters the communication range. To recognize the device 11. The device 11 transmits its own device information using Advertising data. In step 1510, it is determined whether the PC 20 that has entered the communication range of the device 11 has received advertising data transmitted from the device 11.

  If advertising data is received, the process proceeds to step 1515, where the PC 20 transmits its own device information to the device 11 using advertising data. In step 1520, the device 11 confirms that it is the PC 20 from the device information of the PC 20, and transmits the device information of the device 11 to the connection box 22. At this time, the device information of the PC 20 is also transmitted.

  In step 1525, the connection box 22 confirms from the received device information of the PC 20 whether the partner of the short-range wireless communication connection is the PC 20. If it is the PC 20, the process proceeds to step 1530.

  In step 1530, the connection box 22 generates transfer control information based on the received device information of the device 11 and registers it in the transfer control table 75. Then, the process proceeds to step 1535, and the registration process is terminated. If the advertising data is not received in step 1510 and if the connection partner is not the PC 20, the process proceeds to step 1330, and the process ends without registration.

  The registration process when the connection box 22 shown in FIG. 10 is used has been described with reference to FIGS. 12 to 15, but the terminal device 21 and the device 11 are close to each other with reference to FIGS. 16 to 21. Processing for performing wireless communication and permitting / disallowing communication will be described.

  With reference to FIG. 16, a process in which the terminal device 21 performs near field communication connection with the device 11 and permits communication between the terminal device 21 and the device 11 will be described. This processing is started from step 1600, and in step 1605, the terminal device 21 is moved by the external user to a position within the communication range in which the device 11 can perform near field communication. In step 1610, it is determined whether the terminal device 21 recognizes the device 11 and enters the communication range of the device 11.

  When entering the communication range of the device 11, the process proceeds to step 1615, where the terminal device 21 performs a short-range wireless communication connection with the device 11 and determines whether or not the connection has been established. In step 1620, the terminal device 21 acquires device information from the device 11. In step 1625, the terminal device 21 disconnects the short-range wireless communication connection with the device 11.

  In step 1630, the terminal device 21 transmits the acquired device information to the connection box 22 by wireless communication using a wireless LAN. The device information includes both the device information of the terminal device 21 and the device information of the device 11. In step 1635, the connection box 22 confirms the transmission source that has transmitted the device information of the device 11 based on the received device information, and determines whether the terminal device 21 has transmitted the connection request.

  In the case of the terminal device 21, the process proceeds to step 1640, and the connection box 22 confirms registration in the database, that is, the transfer control table 75 based on the received device information. In step 1645, it is determined whether the device 11 is registered. If registered, the process proceeds to step 1650, and the connection box 22 permits communication between the terminal device 21 and the device 11 using OpenFlow. Then, the process proceeds to step 1655 to end this process.

  If it is determined in step 1610 that the device 11 has not entered the communication range or if connection cannot be established in step 1615, the process proceeds to step 1655 and the process is terminated.

  In the example illustrated in FIG. 16, the terminal device 21 performs short-range wireless communication connection with the device 11 and acquires device information from the device 11, but is not limited thereto. The device 11 may be acquired by transmitting device information and the terminal device 21 receiving the device information. Processing in this case will be described with reference to FIG.

  Starting from step 1700, in step 1705, the external user moves the terminal device 21 to a position within the communication range where the short-range wireless communication of the device 11 is possible. Recognize The device 11 transmits its own device information using Advertising data. In step 1710, it is determined whether the terminal device 21 that has entered the communication range of the device 11 has received advertising data transmitted from the device 11.

  If Advertising data is received, the process proceeds to Step 1715, and the terminal device 21 acquires device information from Advertising data. In step 1720, the terminal device 21 transmits the acquired device information to the connection box 22. The device information includes both the device information of the terminal device 21 and the device information of the device 11. In step 1725, the connection box 22 confirms the transmission source based on the received device information, and determines whether it is the terminal device 21 that transmitted the connection request.

  If it is the terminal device 21, the process proceeds to step 1730 where the connection box 22 confirms registration in the database, that is, the transfer control table 75 based on the received device information. In step 1735, it is determined whether the device 11 is registered. If registered, the process proceeds to step 1740, and the connection box 22 permits communication between the terminal device 21 and the device 11 using OpenFlow. Then, the process proceeds to step 1745 to end this process.

  If it is determined in step 1710 that the device 11 has not entered the communication range or if it is not the terminal device 21 in step 1725, the process proceeds to step 1745 and the process ends.

  In the example illustrated in FIG. 17, the terminal device 21 performs the short-range wireless communication connection with the device 11. However, the present invention is not limited to this, and the device 11 may perform the short-range wireless communication connection with the terminal device 21. Good. Processing in this case will be described with reference to FIG.

  Starting from step 1800, in step 1805, the terminal device 21 is moved by the external user to a position that falls within a communication range in which the device 11 can perform near field communication. In step 1810, the device 11 recognizes the terminal device 21 and determines whether the terminal device 21 has entered the communication range of the device 11.

  When entering the communication range of the device 11, the process proceeds to step 1815, and the device 11 performs a short-range wireless communication connection with the terminal device 21 and determines whether or not the connection has been established. If the connection is established, the terminal device 21 transmits its device information to the device 11 in step 1820. In step 1825, the device 11 disconnects the short-range wireless communication connection with the terminal device 21.

  In step 1830, the device 11 transmits the device information of the terminal device 21 and its own device information to the connection box 22. Since the device 11 and the connection box 22 are connected by the network 10, the device 11 can transmit the device information to the connection box 22 via the network 10.

  In step 1835, the connection box 22 determines whether the terminal device that has transmitted the device information to the device 11 is the terminal device 21 that has transmitted the connection request, based on the received device information. In the case of the terminal device 21, the process proceeds to step 1840, and the connection box 22 confirms registration in the database, that is, the transfer control table 75 based on the received device information. In step 1845, it is determined whether the device 11 is registered. If registered, the process proceeds to step 1850, and the connection box 22 permits communication between the terminal device 21 and the device 11 using OpenFlow. Then, the process proceeds to step 1855 to end this process.

  If it is determined in step 1810 that the device 11 has not entered the communication range or if connection cannot be established in step 1815, the process proceeds to step 1855, and the process ends.

  In the example shown in FIG. 18, the device 11 performs near field communication connection with the terminal device 21, the terminal device 21 transmits its own device information to the device 11, and the device 11 transmits its own device information to the connection box 22. Although it is transmitting, it is not restricted to this. The terminal device 21 may transmit its own device information, and the device 11 may receive the reception and transmit its own device information to the connection box 22. Processing in this case will be described with reference to FIG.

  Starting from step 1900, in step 1905, the external device moves the terminal device 21 to a position that falls within a communication range in which the device 11 can perform short-range wireless communication. Recognize The device 11 transmits its own device information using Advertising data. In step 1910, it is determined whether the terminal device 21 that has entered the communication range of the device 11 has received advertising data transmitted from the device 11.

  If Advertising data is received, the process proceeds to Step 1915, and the terminal device 21 transmits its own device information to the device 11 using Advertising data. In step 1920, the device 11 transmits the device information of the terminal device 21 and its own device information to the connection box 22. Since the device 11 and the connection box 22 are connected by the network 10, the device 11 can transmit the device information to the connection box 22 via the network 10.

  In step 1925, the connection box 22 determines whether the terminal device that has transmitted the device information to the device 11 is the terminal device 21 that has transmitted the connection request, based on the received device information. If it is the terminal device 21, the process proceeds to step 1930, and the connection box 22 confirms registration in the database, that is, the transfer control table 75 based on the received device information. In step 1935, it is determined whether the device 11 is registered. If registered, the process proceeds to step 1940, and the connection box 22 permits communication between the terminal device 21 and the device 11 using OpenFlow. Then, the process proceeds to step 1945 to end this process.

  If it is determined in step 1910 that the device 11 has not entered the communication range or if it is not the terminal device 21 in step 1925, the process proceeds to step 1945 and the process is terminated.

  So far, the processing when the terminal device 21 enters the communication range of the device 11 has been described. The processing when the terminal device 21 leaves the communication range will be described with reference to FIGS. 20 and 21. First, with reference to FIG. 20, a process for detecting that the terminal device 21 has left the communication range of the device 11 and transmitting information indicating that the terminal device 21 has left (withdrawal information) to the connection box 22 will be described. The exit information includes device information of the device 11.

  Starting from Step 2000, in Step 2005, the terminal device 21 receives Advertising data transmitted from the device 11, and acquires distance information from the Advertising data. In step 2010, the terminal device 21 determines from the distance information whether it is within the communication range of the device 11 or has left the communication range.

  If the user exits, the process proceeds to step 2015, and the terminal device 21 transmits the exit information to the connection box 22. In step 2020, the connection box 22 determines whether or not the transmission source that transmitted the withdrawal information is the terminal device 21.

  In the case of the terminal device 21, the process proceeds to step 2025, and the connection box 22 confirms registration in the database, that is, the transfer control table 75 based on the received exit information. In step 2030, it is determined whether the device 11 is registered. If registered, the process proceeds to step 2035, and the connection box 22 disallows communication between the terminal device 21 and the device 11 using OpenFlow. Then, the process proceeds to step 2040, and this process ends.

  If it is determined in step 2010 that the device 11 has not left the communication range, or if the device 11 is not registered in step 2030, the process proceeds to step 2040, and the process ends.

  In the example illustrated in FIG. 20, the distance information is used as a trigger for disallowing communication with the device 11, but is not limited thereto. The trigger may be a specific operation of an internal user such as a disconnection operation of the PC 20 or a use completion operation of the device 11, or a short-range wireless communication connection at the time of use permission may be held and the disconnection may be used as a trigger. Good.

  In the example illustrated in FIG. 20, the terminal device 21 acquires distance information from the device 11 and determines whether the terminal device 21 has left the communication range. However, the device 11 acquires distance information from the terminal device 21 and It may be determined whether the terminal device 21 has left. Processing in this case will be described with reference to FIG.

  Starting from Step 2100, in Step 2105, the device 11 receives Advertising data transmitted from the terminal device 21 and acquires distance information from the Advertising data. In step 2110, the device 11 determines whether the terminal device 21 is within the communication range of the device 11 or whether it has left the communication range from this distance information.

  If the user exits, the process proceeds to step 2115, and the device 11 transmits the exit information to the connection box 22. In Step 2120, the connection box 22 determines whether or not the transmission source that has transmitted the withdrawal information is the terminal device 21.

  In the case of the terminal device 21, the process proceeds to step 2125, and the connection box 22 confirms registration in the database, that is, the transfer control table 75 based on the received exit information. In step 2130, it is determined whether the device 11 is registered. If registered, the process proceeds to step 2135, and the connection box 22 disallows communication between the terminal device 21 and the device 11 using OpenFlow. Then, the process proceeds to step 2140, and this process ends.

  If it is determined in step 2110 that the device 11 has not left the communication range, or if the device 11 is not registered in step 2130, the process proceeds to step 2140, and the process is terminated.

  In the example shown in FIG. 21 as well, the distance information is used as a trigger for disabling communication with the device 11, but this is not a limitation. The trigger may be a specific operation of an internal user such as a disconnection operation of the PC 20 or a use completion operation of the device 11 as described above, or a short-range wireless communication connection at the time of use permission is maintained and the disconnection is performed. May be used as a trigger.

  As described above, it is possible to simplify the registration of devices that can be used by external users by automatically acquiring and registering device information using short-range wireless communication. In addition, in order to detect the approach of the terminal device 21 to an available device using the short-range wireless communication and give the use permission, to detect the exit and to disallow the use, the internal user operates, It is possible to avoid giving permission to use by mistake. Furthermore, since the use permission is automatically determined and given based on the registered information, it is not necessary for the internal user to make a determination or to perform the operation.

  In the present invention, it is also possible to provide a program for causing a computer to execute each process included in the communication method performed by the communication system and a recording medium in which the program is recorded. As the recording medium, a CD-ROM, DVD, SD card, etc. The program can be held by a server device or the like connected to the network, and can be provided upon receiving a download request from the server device or the like.

  The present invention has been described with the embodiments described above as a communication system, a communication method, and a program. However, the present invention is not limited to the above-described embodiments, and other embodiments, additions, modifications, deletions, and the like can be modified within a range that can be conceived by those skilled in the art. . In addition, any aspect is included in the scope of the present invention as long as the operations and effects of the present invention are exhibited.

DESCRIPTION OF SYMBOLS 10 ... Network, 11-15 ... Apparatus, 16-19 ... Access point, 20 ... PC, 21 ... Terminal device, 22 ... Connection box, 23-26 ... Area, 30 ... CPU, 31 ... ROM, 32 ... RAM, 33 ... HDD, 34 ... Network I / F, 35 ... Input / output I / F, 36 ... Input device, 37 ... Display device, 38 ... Wireless LAN communication device, 39 ... Near field communication device, 40 ... CPU, 41 ... Memory 42 ... Network I / F, 43 ... Wireless LAN communication device, 50 ... Short-range wireless communication unit, 51 ... Registration request unit, 52 ... Request acquisition unit, 53 ... Display unit, 54 ... Input unit, 55 ... Instruction unit, DESCRIPTION OF SYMBOLS 60 ... Wireless LAN communication part, 61 ... Display part, 62 ... Input part, 63 ... Short distance wireless communication part, 70 ... Wireless LAN communication part, 71 ... Identification information storage part, 72 ... Equipment information storage part, 73 ... Network communication , 74 ... control unit, 75 ... transfer control table, 76 The transfer control unit, 77 ... transfer processing unit

JP2015-084515A

Claims (8)

A first communication unit that communicates with a device via a first network;
A first storage unit for storing device information of the device acquired by the first communication unit;
A second communication unit that communicates with the terminal device via the second network;
A second storage unit that stores identification information used for authentication transmitted from the terminal device and acquired by the second communication unit via the second network;
An output unit for outputting the identification information stored in the second storage unit for authentication;
An input unit for receiving input information input according to the output identification information;
A third communication unit that communicates with the device via a third network;
A notification unit for notifying whether to permit connection of the terminal device to the third network according to the input information received by the input unit;
The notification received from the notification unit, the communication result of the communication between the terminal device and the device received by the second communication unit or the third communication unit via the first network, and A communication system including a control unit that controls connection between the second communication unit and the third communication unit based on the device information stored in the first storage unit. The second communication unit or the third communication unit receives, as the communication result, information indicating whether the terminal device and the device can communicate via the first network, and the device information. Receive
The control unit is information indicating that the information received by the second communication unit or the third communication unit is communicable, and the received device information is stored in the first storage unit. The second communication unit is connected to the third communication unit, and the terminal device is controlled so as to enable communication with the device via the third network. The communication system according to claim 1.   The first network is a communication network based on short-range wireless communication, and the first communication unit and the terminal device are present in a communication range where short-range wireless communication with the device is possible. The communication system according to claim 1, wherein communication with the communication system is enabled. The communication system includes a connection device and an authentication device connected to the third network,
The connection device includes the first storage unit, the second storage unit, the second communication unit, the third communication unit, and the control unit,
The communication system according to any one of claims 1 to 3, wherein the authentication device includes the first communication unit, the output unit, the input unit, and the notification unit.   The authentication apparatus transmits the device information acquired by the first communication unit, and requests the request to be stored in the first storage unit, and the stored in the second storage unit The communication system according to claim 4, further comprising an acquisition unit that acquires identification information.   The control unit generates transfer control information including a condition of information to be transferred and information indicating a transfer destination based on the device information acquired by the first communication unit, and stores the transfer control information in the first storage unit. The transfer control part to memorize | store, The transfer process part which controls the transfer of the information from the said terminal device to the said apparatus according to the said transfer control information memorize | stored in the said 1st memory | storage part, Any one of Claims 1-5 The communication system according to claim 1. A method of controlling communication by a communication system including a first communication unit, a second communication unit, and a third communication unit,
Communicating with a device via a first network by the first communication unit;
Storing the device information of the device acquired in the communicating step in a first storage unit;
Communicating with the terminal device via the second network by the second communication unit;
Storing identification information used for authentication transmitted from the terminal device and acquired by the second communication unit via the second network in a second storage unit;
Outputting the identification information stored in the second storage unit for authentication;
Receiving input information input according to the output identification information;
Notifying whether or not the device is connected according to the received input information and the third communication unit permits connection of the terminal device to a third network used for communication with the device; ,
Based on the received notification, the received communication result of communication between the terminal device and the device via the first network, and the device information stored in the first storage unit, the second And a step of controlling connection between the communication unit and the third communication unit.   A program for causing a computer to execute each step included in the communication method according to claim 7.