JP2019186823A - Control apparatus and program - Google Patents

Abstract

To prevent a third person who is not known by a resident in a house from invading a home network using one terminal device and connecting to a household electric appliance in the house.SOLUTION: A control apparatus comprises: a first determination unit that determines whether a request from one terminal device to a household electric appliance is through a home network; an acquisition unit that acquires information determining whether the one terminal device is a registration terminal device in which a request is permitted for the household electric appliance; a second determination unit that determines whether the one terminal device is the registration terminal device on the basis of the information acquired by the acquisition unit; a request control unit that controls the request using determination results of the first determination unit and the second determination unit; and a response generation unit that generates a response indicating that the request is refused when the request control unit refuses the request.SELECTED DRAWING: Figure 2

Description

  The present disclosure relates to a control device or the like provided in a home appliance or a device connected to the home appliance via a home network.

  2. Description of the Related Art Conventionally, a service for performing information communication between a terminal device such as a smartphone and a home appliance such as a washing machine via an external network such as the Internet has been provided. In addition, a method in which a terminal device and home appliances communicate via a home network such as a LAN (Local Area Network) is also being studied.

  In Patent Document 1, as a terminal authentication method capable of easily and accurately authenticating whether or not the access is given by a person who has been given access to the server, a terminal-specific authentication ID is issued and accessed once. If authentication is successful, an authentication ID is stored in the server at that time, and a method of authenticating without user confirmation for the second time and thereafter is disclosed.

  Patent Document 2 discloses an image forming apparatus including an internal NIC (Network Interface Card) that does not support SNMPv3, which is the latest communication protocol, and an external NIC that supports SNMPv3. A technique for ensuring the security of the image forming apparatus at the latest level by restricting access via the internal NIC by using SNMPv3 authentication information set in the external NIC when accessed.

  In Patent Document 3, in the case of a secure client on which security measures have been taken, the file name of “OK pac file” is set in the registry, and the client is passed through a proxy server without going through an access control server. Connect to the Internet. As a result, as compared with a method in which access requests from all clients are processed by an access control server, high security is ensured and system construction costs are reduced.

JP 2003-345754 A JP 2009-889 A JP 2008-97489 A

  However, in the conventional technology, it may be difficult to achieve both the safety of home appliances connectable via a home network and the ease of connection to the home appliances. For example, in Patent Documents 1 and 3, although the safety of a device connected to an external device via an external network may be ensured, the home network is not considered. Further, in Patent Document 2, although communication may be possible with a protocol having a relatively low security level via another local area network, at least two types of NICs are required.

A control device according to an aspect of the present disclosure is a control device provided in a home appliance or a device connected to the home appliance via a home network,
A communication unit that receives a request to the home appliance from one terminal device via a network, and transmits a response to the request;
A first determination unit that determines whether the request received by the communication unit is via the home network;
An acquisition unit that acquires information for determining whether the one terminal device is one or more registered terminal devices that are permitted to request the home appliance;
A second determination unit that determines whether the one terminal device is the registered terminal device based on the information obtained by the acquisition unit;
A request control unit that controls the request using determination results of the first determination unit and the second determination unit;
A response generation unit configured to generate the response indicating that the request has been rejected when the request control unit rejects the request;

  According to the present disclosure, it is possible to ensure both safety of home appliances that can be connected via a home network and simplicity of connection to the home appliances.

It is a whole block diagram of the authentication system to which the control apparatus in Embodiment 1 of this invention is applied. It is a block diagram which shows the function of the household appliances to which the control apparatus which concerns on Embodiment 1 was applied. It is a flowchart which shows an example of the process of the household appliances to which the control apparatus which concerns on Embodiment 1 was applied. It is a sequence diagram which shows the process at the time of a terminal device transmitting an access request to household appliances via an external network. It is a sequence diagram which shows the 1st example of a process when the terminal device registered as a registration terminal device transmits an access request to household appliances via a home network. It is a sequence diagram which shows the 2nd example of a process when the terminal device registered as a registration terminal device transmits an access request to household appliances via a home network. It is a block diagram which shows the function of the household appliances to which the control apparatus which concerns on Embodiment 2 was applied. 5 is a flowchart illustrating an example of processing of a household electrical appliance to which the control device according to Embodiment 2 is applied. In Embodiment 2, it is a sequence diagram which shows an example of a process at the time of a terminal device transmitting an access request to household appliances via a home network. It is a block diagram which shows the function of the household appliances to which the control apparatus which concerns on Embodiment 3 was applied. 14 is a flowchart illustrating an example of processing of a household electrical appliance to which a control device according to Embodiment 3 is applied. In Embodiment 3, it is a sequence diagram which shows an example of the process at the time of a terminal device transmitting an access request to household appliances via a home network. It is a block diagram which shows the function of the household appliances to which the control apparatus which concerns on Embodiment 4 was applied. It is a flowchart which shows an example of the process of the household appliances to which the control apparatus which concerns on Embodiment 4 was applied. In Embodiment 4, it is a sequence diagram which shows an example of the process at the time of a terminal device transmitting an access request to household appliances via a home network. It is a figure which shows an example of the permission input screen displayed on the display of the registration terminal device which received the permission input request.

(Background to this disclosure)
In recent years, it has been possible to control home appliances by accessing home appliances in a home via a network using portable terminals such as smartphones and tablet terminals.

  There are two types of control of home appliances from a mobile terminal via a network, one is out-of-home control, and the other is in-home control. In-home control is a mode in which home appliances are controlled via an external network such as the Internet, and in-home control is a mode in which home appliances are controlled via a home network such as a LAN.

  In the out-of-home control, when the mobile terminal accesses the home network, the mobile terminal needs to be permitted by accessing the cloud server and performing login authentication. Further, in remote control, data communication using secure HTTPs (Hypertext Transfer Protocol Secure) is generally performed. For this reason, it is difficult for a third party who does not have access authority to enter the in-home network in the outside control.

  On the other hand, in home control, communication protocols such as ECHONET Lite and DLNA (registered trademark) (Digital Living Network Alliance) are used. In these communication protocols, clear rules are defined for the authentication mechanism for mobile terminals. However, the authentication mechanism is entrusted to the manufacturer of the home router or home appliance. Therefore, when a home router that allows setting of the communication mode without encryption is installed in the home network, if the home router is set to the communication mode without encryption, a third party can easily use the mobile terminal. It is possible to enter the home network.

  In this case, if home appliances conforming to a standard specification system such as HEMS (Home Energy Management System) are adopted as home appliances in the home, information such as control contents and status of the home appliances can be easily obtained. There arises a problem that a third party can grasp or home appliances are controlled by a third party.

  In addition, some home routers have a function called WPS (Wi-Fi Protected Setup) for easily connecting a wireless LAN terminal and a home router. The WPS is a function for automatically connecting the wireless LAN terminal and the home router by pressing the WPS button of the home router while the WPS on the wireless LAN terminal side is activated. Therefore, for example, when the WPS button of the home router is pressed, if a third party who accidentally passes by the neighborhood or a third party resident in the neighborhood starts WPS on his / her wireless LAN terminal, the third party's wireless LAN There may be a problem that the terminal is connected to the home network and information in the home leaks.

  In this way, in-home control has less security measures than out-of-home control, and there is a problem that a third party can easily enter the home network and connect the third-party mobile terminal to the home appliance. As a result, information on the home appliance is acquired by a third party, or the home appliance is controlled by the third party.

  Patent Document 1 only discloses that authentication is easily and accurately performed by a person who has been granted access rights to a server. An electrical device that can be connected via a home network is disclosed. Safety cannot be ensured.

  As described above, Patent Document 2 requires at least two types of NICs and has a problem that connection is not easy.

  Patent Document 3 relates to a connection between a client and the Internet, and since there is no description in consideration of the vulnerability of the home network, it is not possible to ensure the safety of an electrical device that can be connected via the home network.

  An object of the present invention is to provide a technique that ensures both safety of home appliances connectable via a home network and ease of connection to the home appliances.

A control device according to an aspect of the present disclosure is a control device provided in a home appliance or a device connected to the home appliance via a home network,
A communication unit that receives a request to the home appliance from one terminal device via a network, and transmits a response to the request;
A first determination unit that determines whether the request received by the communication unit is via the home network;
An acquisition unit that acquires information for determining whether the one terminal device is one or more registered terminal devices that are permitted to request the home appliance;
A second determination unit that determines whether the one terminal device is the registered terminal device based on the information obtained by the acquisition unit;
A request control unit that controls the request using determination results of the first determination unit and the second determination unit;
A response generation unit configured to generate the response indicating that the request has been rejected when the request control unit rejects the request;

  According to this configuration, for example, when there is a request from one terminal device, it is determined whether the request is via a home network or an external network, and it is determined that the request is via a home network Then, it is determined whether or not the one terminal device is a registered terminal device that is permitted to request a home electric appliance. If the one terminal device is not a registered terminal device that is permitted to make a request to the home appliance, the request is rejected, and a response indicating that the request is rejected is transmitted to the one terminal device.

  Therefore, even if a third party who does not have the authority to access the home network transmits a request to the home appliance using one terminal device, it is determined that the one terminal device is not a registered terminal device. Requests to the device can be rejected. As a result, it is possible to ensure the safety of home appliances that can be connected via a home network. Moreover, since it is not the structure which requires two NICs like patent document 2, the simplicity of the connection with respect to the household appliances which can be connected via a home network can be aimed at.

In the above configuration, the communication unit transmits a permission input request of the one terminal device to the registered terminal device,
The communication unit receives a response to the permission input request from the registered terminal device,
The request control unit may control the request of the one terminal device using a determination result of the first determination unit and the second determination unit and a response to the permission input request.

  According to this configuration, when one terminal device that is not a registered terminal device makes a request to the home appliance via the home network, a permission input request for the one terminal device is transmitted to the registered terminal device, and the registration terminal for the permission input request The request is controlled using the response of the device and the determination results of the first determination unit and the second determination unit.

  Thereby, for example, when a third party who does not know the user of the registered terminal device makes a request to the home appliance via the home network using the terminal device, a response not permitting the request is transmitted from the registered terminal device. If so, the request can be denied. As a result, it is possible to prevent information related to home appliances from being acquired by a third party.

  On the other hand, if it is clear that the user of one terminal device is, for example, a family member or a living person of the registered terminal device, and is not a third party, the request is permitted by the user of the registered terminal device. Therefore, home appliances via a home network without imposing a troublesome registration work on a user of a terminal device that is clearly not a third party or imposing off-site authentication via a home network Requests to equipment can be granted. As a result, it is possible to further improve the convenience of connection to home appliances that can be connected via a home network.

The above configuration further includes an input unit that can be directly input by the user,
When the input unit accepts permission input by the user, the request control unit uses the determination results of the first determination unit and the second determination unit and the received content of the input unit, and the one terminal The request of the device may be controlled.

  According to this configuration, when one terminal device that is not a registered terminal device requests a home appliance via a home network, the user of the one terminal device directly operates the input unit provided in the control device. The request to the home appliance of one terminal device is controlled. Thereby, it can prevent that the request | requirement to the household appliances by the terminal device of the third party who exists in the environment (for example, outside a house) which cannot operate the input part of a control apparatus directly is permitted.

In the above configuration, further comprising an out-of-home authentication cooperation unit that cooperates with a server that performs authentication for a request to the home appliance of the one terminal device via an out-of-home network,
The request control unit may control the request of the one terminal device using a determination result of the first determination unit and the second determination unit and a cooperation result of the out-of-home authentication cooperation unit.

  According to this configuration, for example, even if the received request is a request to the home appliance via the home network by one terminal device that is not a registered terminal device, if a certain condition is satisfied in cooperation with the server, A request to the home appliance by one terminal device is controlled. Therefore, it is possible to improve convenience while ensuring security.

The outside authentication cooperation unit causes the communication unit to transmit an inquiry notification for inquiring of the server whether or not the identifier of the one terminal device is registered,
The request control unit may permit the request of the one terminal device when the notification that the identifier of the one terminal device is registered is received by the communication unit.

  According to this configuration, when one terminal device that is not a registered terminal device transmits a request to the home appliance via the home network, the request is permitted if the identifier of the one terminal device is registered in the cloud server. . Therefore, the one terminal device can automatically access the home network without performing a procedure for registering the identifier with respect to the control device, and convenience is improved.

  In the above configuration, the first determination unit determines that access from the one terminal device is via the home network, and the second determination unit determines that the one terminal device is not the registered terminal device. In this case, the out-of-home authentication cooperation unit may cause the communication unit to transmit guidance information for guiding the one terminal device to receive the authentication to the one terminal device.

  According to this configuration, when one terminal device that is not a registered terminal device makes a request to the home appliance via the home network, guidance information is transmitted. Therefore, when authentication is permitted for one terminal device according to the guidance information, a request to the home appliance via the outside network is permitted. For this reason, a user who is permitted to make a request via a network outside the home can, for example, save the trouble of finding an authentication web page from the network and inputting an operation to access the web page. It is completed smoothly.

  In the above configuration, the request control unit may permit the request of the one terminal device when the input unit accepts a permission input during a predetermined acceptable period.

  According to this configuration, for example, even if the input unit of the control device receives a permission input during a time zone when a resident is out of the house, a request for one terminal device is not permitted, so a third party Can be prevented from entering the house without permission and connecting one terminal device to the home appliance.

  In the above configuration, the request control unit causes the communication unit to transmit an inquiry notification inquiring whether the request is permitted in another household electrical appliance different from the household electrical appliance, and a response indicating that the request is permitted is When received by the communication unit, the request may be permitted.

  According to this configuration, when one terminal device that is not a registered terminal device transmits a request to a home appliance via a home network, the request is permitted if the request is permitted by the other home appliance in the home. Requests for home appliances are allowed.

  Therefore, the request is permitted in other home appliances, and there is no problem even if it is connected to the home appliance, without causing the user of the terminal device to perform the registration procedure for the applicable home appliance, Request can be granted.

  In the above configuration, the request may be an access request to the home appliance.

  According to this configuration, whether or not there is permission is determined for an access request to the home appliance from one terminal device.

  In the above configuration, the request may be an operation request to the home appliance.

  According to this configuration, permission / non-permission is determined for an operation request from one terminal device to the home appliance. For this reason, when one terminal device that is not a registered terminal device is connected to a home appliance via a home network, for example, the status confirmation of the home appliance may be permitted, but the operation of the home device may not be permitted. it can.

In the above configuration, the one or more registered terminal devices are two or more registered terminal devices,
Priorities are set for the two or more registered terminal devices,
The request control unit identifies a registration terminal device that transmits the permission input request from the two or more registration terminal devices according to the priority order,
The communication unit may transmit the permission input request to the specified registered terminal device.

  According to this configuration, when there are a plurality of registered terminal devices, it is possible to determine a registered terminal device that is a transmission target of permission input according to the priority order. As a result, permission input to a plurality of registered terminal devices can be broadcast, for example, and permission for access to home appliances via the home network of one terminal device can be determined without requiring permission of all registered terminal devices. .

  The present disclosure can also be realized as a method including each characteristic step included in such a control device, and a computer program that causes a computer to execute the configuration of the characteristic control device. Needless to say, such a computer program can be distributed via a computer-readable non-transitory recording medium such as a CD-ROM or a communication network such as the Internet.

(Embodiment)
Embodiments of the present invention will be described below with reference to the drawings.

(Embodiment 1)
FIG. 1 is an overall configuration diagram of an authentication system to which a control device according to Embodiment 1 of the present invention is applied. In FIG. 1, the authentication system includes a terminal device 101A, an out-of-home network 102, a cloud server 103 (an example of a server), an Internet line 104, a router 105, a home network 106, a home appliance 107, and a terminal device 101B. In the example of FIG. 1, the control device according to the present embodiment is mounted on home appliance 107. However, this is merely an example, and the control device may be mounted on the router 105.

  The terminal device 101 </ b> A is a device that is used by a user outside the home to access and change the state of the home appliance 107 by accessing the home appliance 107 in the home. The terminal device 101A includes, for example, a mobile terminal such as a smartphone, a tablet terminal, and a mobile phone. Hereinafter, the terminal device 101A and the terminal device 101B are collectively referred to as the terminal device 101.

  The outside network 102 is a public line for using the Internet from outside the house, and for example, a mobile phone communication network or a WiFi (registered trademark) communication network is adopted.

  The cloud server 103 is composed of, for example, one or a plurality of computers, and is accessed from the terminal device 101A via the external network 102, and from the terminal device 101B, the home network 106, the router 105 installed in the home, and the Internet Access is made via the line 104. Then, the cloud server 103 includes information necessary for login authentication by the user of the terminal device 101A (for example, user identification information and password), and home appliance management information indicating the home appliance 107 that can be used by the user. Are stored in a memory (not shown) and managed. In addition, when the cloud server 103 permits login of the user of the terminal device 101A to the home network 106 by login authentication, the cloud server 103 changes the state of the home appliance 107 only to the available home appliance 107 registered in the home appliance management information. A command to be acquired and a command to change the state are transmitted.

  The Internet line 104 is a line that provides various services provided by the cloud server 103 to the home appliance 107 via the router 105 and the home network 106. In a broad sense, the outside network includes the Internet line 104 in addition to the outside network 102.

  The router 105 is, for example, a home router installed in a home, and is a device that controls communication between the Internet line 104 and the home network 106.

  The home network 106 is a local area network that performs communication under the control of the router 105. As the home network 106, for example, an IEEE 802 series wired LAN, an IEEE 802.11 series wireless LAN, or a network in which a wired LAN and a wireless LAN are mixed is employed.

  The home appliance 107 is an electric device having a communication function, such as a washing machine, an air conditioner, a vacuum cleaner, or a television. In FIG. 1, only one home appliance 107 is shown, but a plurality of home appliances 107 may be installed.

  The terminal device 101B is configured by, for example, a smartphone, a tablet terminal, or a mobile phone, and is used by a user in the home to access the home appliance 107 in the home and acquire and change the state of the home appliance 107 It is.

  FIG. 2 is a block diagram illustrating functions of home appliance 107 to which the control device according to Embodiment 1 is applied. The home appliance 107 includes an access receiving unit 201, an access route confirmation unit 202, an access permission confirmation unit 203, an access permitted terminal management unit 204, and an access result response unit 205. Here, the home appliance 107 includes a processor such as a CPU, a memory, and a communication circuit, and the processor executes a control program stored in the memory, thereby realizing the function of each block illustrated in FIG.

  The access receiving unit 201 (an example of a communication unit) includes a communication circuit and a processor that controls the communication circuit, and receives communication data including various commands input by a user by operating the terminal device 101. Receive from. As the communication circuit, a communication circuit for connecting the home appliance 107 to a wired LAN or a wireless LAN is employed.

  When the access reception unit 201 receives the communication data of the access request from the terminal device 101, the access route confirmation unit 202 (an example of the first determination unit) analyzes the header information of the access request, thereby It is determined whether access to the home appliance 107 is via the home network 106 or the external network 102. The access request is a request for the terminal device 101 to establish a communication connection with the home appliance 107.

  For example, the home network 106 employs a communication protocol such as ECHONET Lite or DLNA (registered trademark), but the header information of the communication data transmitted using these communication protocols includes the type information of the communication protocol. Yes. Similarly, the header information of the communication data transmitted via the external network 102 includes the type information of the communication protocol to be used.

  Therefore, if the header information of the access request transmitted by the terminal device 101 includes the type information of the communication protocol of the home network 106, the access path confirmation unit 202 sends the access request of the terminal device 101 via the home network 106. If the header information includes the type information of the communication protocol of the outside network 102, it may be determined that the access request of the terminal device 101 is via the outside network 102.

  If the access route confirmation unit 202 determines that the access request to the home appliance 107 of the terminal device 101 is via the home network 106, the access permission confirmation unit 203 permits the access request to the home appliance 107 by the terminal device 101 Determine whether or not. Here, the access permission confirmation unit 203 acquires terminal management information for determining whether or not the access terminal is a registered terminal device that is permitted to access the home appliance 107 from the access permitted terminal management unit 204. If the identifier of the terminal device 101 that has transmitted the access request is registered in the acquired terminal management information, the access permission confirmation unit 203 permits the access request by the terminal device 101, and if the identifier is not registered. The access request from the terminal device 101 is rejected. The access permission confirmation unit 203 corresponds to an example of an acquisition unit, a second determination unit, and a request control unit. Further, the process for determining whether or not to permit an access request corresponds to an example of controlling the request.

  The access-permitted terminal management unit 204 includes a memory, and stores terminal management information in which identifiers of registered terminal devices are registered in advance. Here, the identifier stored in the terminal management information includes a unique identifier (for example, product number) of the registered terminal device, a nickname set in the registered terminal device, and a registration date and time indicating the date and time when the identifier was registered in the terminal management information In addition, at least an identifier or a nickname is included in information such as registration time limit information indicating the date and time of expiration date of access permission. As the nickname set in the registered terminal device, for example, an attribute or nickname in a family living in the house such as “dad” and “mother” is adopted.

  The access result response unit 205 (an example of a communication unit and an access response generation unit) includes, for example, a communication circuit and a processor that controls the communication circuit, and the access request of the terminal device 101 to which the access permission confirmation unit 203 has transmitted the access request. If the registration request is rejected, a permission input request is sent to the registered terminal device to prompt the user of the registered terminal device to determine whether or not to permit the access request of the terminal device 101. On the other hand, when the access permission confirmation unit 203 permits the access request of the terminal device 101 that has transmitted the access request, the access result response unit 205 generates a permission notification indicating that the access request is permitted, and sends the permission notification to the terminal device 101. Send. The access result response unit 205 and the access reception unit 201 may physically share the same communication circuit.

  FIG. 3 is a flowchart illustrating an example of processing of home appliance 107 to which the control device according to Embodiment 1 is applied. When the user transmits an access request to the home appliance 107 using the terminal device 101 such as a smartphone, the access receiving unit 201 receives the access request via the router 105 (S301) and stores it in the memory.

  Here, the access request includes, for example, terminal information of the terminal device 101 that is the access source and identification information (for example, information such as a washing machine and a refrigerator) of the home appliance 107 that the user of the terminal device 101 is accessing. . Upon receiving the access request, the router 105 broadcasts a command for searching for the home appliance 107 based on the identification information of the home appliance 107 to be accessed to the home network 106, so that the home appliance 107 included in the home network 106 is What is necessary is just to identify the communication address of the household appliance 107 of an access destination from inside, and to transmit an access request to the identified communication address.

  Next, the access route confirmation unit 202 acquires the header information of the access request held in S301 (S302), and the access request of the terminal device 101 passes through the home network 106 from the communication protocol type information included in the header information. It is determined whether or not (S303).

  When the determination result in S303 is a determination result that the request is not an access request via the home network 106 (NO in S303), the access result response unit 205 indicates that the access request is permitted to the access source terminal device 101. A permission notice is transmitted (S307).

  On the other hand, when the determination result in S303 is a determination result that the request is an access request via the home network 106 (YES in S303), the access permission confirmation unit 203 acquires the terminal management information from the access permission terminal management unit 204 ( In step S304, it is determined whether or not the access source terminal device 101 is a registered terminal device (S305).

  If the access source terminal apparatus 101 is determined to be a registered terminal apparatus in S305 (YES in S305), the access result response unit 205 indicates that the access request is permitted to the access source terminal apparatus 101. Is transmitted (S307).

  On the other hand, when it is determined in S305 that the access source terminal device 101 is not a registered terminal device (NO in S305), the access permission confirmation unit 203 accesses the terminal management information acquired from the access permitted terminal management unit 204. It is determined whether or not a terminal device 101 other than the original terminal device 101 is registered as a registered terminal device (S306).

  When the terminal device 101 other than the access source terminal device 101 is registered as a registered terminal device in S306 (YES in S306), the access result response unit 205 transmits a permission input request to the registered terminal device (S308). ). Next, the access result response unit 205 receives a permission notification or a rejection notification for the permission input request from the registered terminal device (S310).

  On the other hand, when the access permission confirmation unit 203 determines in S306 that the terminal device 101 other than the access source terminal device 101 is not registered as a registered terminal device (NO in S306), the access result response unit 205 A rejection notification indicating that the access request to the device 107 has been rejected is transmitted to the access source terminal device 101 (S309).

  FIG. 16 is a diagram illustrating an example of a permission input screen G1 displayed on the display of the registered terminal device that has received the permission input request. The permission input screen G1 includes a terminal information display field R1 related to the access source terminal device 101, and a display field R2 that displays home information related to the home appliance 107 that the access source terminal device 101 desires to access. ing. The terminal information displayed in the display column R1 includes, for example, the model name of the access source terminal device 101, the browser engine name of the browser used by the access source terminal device 101, and the user of the access source terminal device 101. If it is known, the user's name or nickname can be adopted. In the example of FIG. 16, since the access source terminal device 101 is an access request from a third party other than the resident in the house and the user cannot be specified, “ ? "Is displayed.

  The home appliance information displayed in the display column R2 includes, for example, information indicating the type of the home appliance 107 such as a washing machine or a vacuum cleaner, information indicating the product name of the home appliance 107 such as “QZ-12X”, and the like. For example, when the installation location of the home appliance 107 such as a living room or dining room can be specified, information indicating the installation location may be included as home appliance information. Thereby, when there are a plurality of home appliances 107 of the same type in the house, the user of the registered terminal device can easily know which home appliance 107 is.

  The permission input screen G1 further includes a secret word input field R3 that prompts the user of the registered terminal device to input the secret word. The secret word is a word that is registered in advance by the user of the registered terminal device with respect to the home appliance 107 and is, for example, an answer to a question such as “What is your favorite food?” (For example, an apple) A word is adopted. Therefore, this question is also displayed in the input field R3.

  Furthermore, the permission input screen G1 includes an OK button B1 and an NG button B2 that allow the user of the registered terminal device to input whether to permit an access request to the home appliance 107 of the access source terminal device 101.

  The user of the registered terminal device determines whether or not to permit the access request of the access source terminal device 101 by combining the terminal information displayed in the display field R1 and the home appliance information displayed in the display field R2. To permit, enter the secret word and press the OK button B1. Thereby, as a response to the permission input request, a permission notification (an example of a response to the permission input request) for permitting the access request of the access source terminal device 101 is transmitted to the home appliance 107.

  On the other hand, when it is determined that the user of the registered terminal device does not permit, the NG button B2 is pressed. In this case, the input of the secret word may be omitted. Thereby, as a response to the permission input request, a rejection notification (an example of a response to the permission input request) for rejecting the access request of the access source terminal device 101 is transmitted to the home appliance 107.

  The permission notification or rejection notification transmitted from the registered terminal device is transmitted to the access source terminal device 101 by the access result response unit 205.

  Thus, since the terminal information of the access source terminal device 101 and the home appliance information of the access destination home appliance 107 are displayed on the permission input screen G1, the access source terminal is displayed to the user of the registered terminal device. It is possible to provide information for determining whether or not to permit the access request of the device 101.

  FIG. 4 is a sequence diagram illustrating processing when the terminal device 101 transmits an access request to the home appliance 107 via the external network 102. First, the access source terminal device 101 transmits an authentication request to the cloud server 103 (S401). Here, the authentication request includes, for example, a user name and a password.

  Next, the cloud server 103 performs an authentication process and determines whether or not to log in the terminal device 101 that is the access source (S402). Here, if the user name and password pair included in the authentication request matches the user name and password pair registered in the memory in advance, the cloud server 103 permits the access source terminal device 101 to log in, and Otherwise, the login of the access source terminal device 101 is rejected. Here, it is assumed that login is permitted.

  Next, the cloud server 103 transmits an authentication result notification to the access source terminal device 101 (S403). Next, the access source terminal device 101 transmits an access request to the home appliance 107 to the cloud server 103, and the cloud server 103 transmits the access request to the home appliance 107 (S404). Note that if the terminal device 101 that is the access source is unregistered with respect to the home appliance 107, the terminal device 101 may transmit a registration request to the home appliance 107 via the cloud server 103.

  Next, in the home appliance 107, when the access receiving unit 201 receives the access request, the access path confirmation unit 202 accesses the home appliance 107 of the terminal device 101 from the type information of the communication protocol included in the header information of the access request. It is determined whether the request is via the home network 106 or the external network 102 (first determination: S405). Here, it is determined that it is via the outside network 102.

  Next, in the home appliance 107, the access permission confirmation unit 203 determines that the access request is permitted because it is an access request via the external network 102, and the access result response unit 205 sends a permission notification via the cloud server 103. It transmits to the terminal device 101 of the access source (S406).

  FIG. 5 is a sequence diagram illustrating a first example of processing when the terminal device 101 registered as a registered terminal device transmits an access request to the home appliance 107 via the home network 106.

  First, the access source terminal device 101 transmits an access request to the home appliance 107 (S501). Next, in the home appliance 107, when the access receiving unit 201 receives the access request, the access permission confirmation unit 203 accesses the home appliance 107 of the terminal device 101 from the type information of the communication protocol included in the header information of the access request. It is determined whether the request is via the home network 106 or the external network 102 (first determination: S502). Here, it is determined that it is via the home network 106.

  Next, in the home appliance 107, the access permission confirmation unit 203 determines whether or not the identifier of the terminal device 101 that is the access source matches one of the identifiers registered in the terminal management information. It is determined whether or not the access request is permitted (second determination: S503).

  If the identifier of the access source terminal device 101 is registered in the terminal management information, that is, if the access source terminal device 101 is a registered terminal device, the access result response unit 205 in the home appliance 107 accesses the permission notification. It transmits to the original terminal device 101 (S504). On the other hand, if the identifier of the registered terminal device is not registered in the terminal management information, the access result response unit 205 in the home appliance 107 transmits a rejection notice to the access source terminal device 101 (S504).

  FIG. 6 is a sequence diagram illustrating a second example of processing when the terminal device 101 registered as a registered terminal device transmits an access request to the home appliance 107 via the home network 106. The processing of S601 and S602 is the same as S501 and S502 of FIG.

  In step S603, in the home appliance 107, the access permission confirmation unit 203 performs the second determination as in step S503 in FIG.

  Here, it is assumed that, in the terminal management information, the identifier of the terminal device 101 that is the access source is not registered, but the identifier of another terminal device 101 is registered.

  Therefore, the access result response unit 205 transmits a permission input notification to the registered terminal device that is the other terminal device 101 in which the identifier is registered (S604).

  Next, when the registration terminal apparatus receives the permission input notification, the registration terminal apparatus displays a permission input screen G1 shown in FIG. 16 and accepts an input as to whether or not to permit an access request from the user of the registration terminal apparatus (S605). ). Here, it is assumed that the registered terminal device accepts an input for permitting an access request from the user by pressing the OK button B1.

  Therefore, the registered terminal device transmits a permission notice permitting the access request of the access source terminal device 101 to the home appliance 107 (S606). In addition, when the NG button B2 is pressed and an input indicating that the access request is rejected is received from the user, the registration terminal device transmits a rejection notification that rejects the access request to the home appliance 107.

  Next, when receiving the permission notification from the registered terminal device, the household electrical appliance 107 transmits the permission notification to the access source terminal device 101 (S607). In addition, when the household electrical appliance 107 receives the rejection notification from the registered terminal device, the home appliance 107 may transmit the rejection notification to the access source terminal device 101.

  Thus, according to the first embodiment, when there is an access request from the terminal device 101, it is determined whether the access request is via the home network 106 or the outside network 102, and is via the home network 106. When it is determined that the access source terminal device 101 is a registered terminal device that is permitted to request access to the home appliance 107, it is determined. If the access source terminal device 101 is not a registered terminal device that is permitted to access the home appliance 107, a permission input request is transmitted to the registered terminal device registered in the terminal management information. When the user of the registered terminal device inputs that the access request is to be rejected, the access request from the home appliance 107 is rejected.

  Thereby, for example, the router 105 is set to have no encryption, or the third party terminal device 101 that is not known by the user of the registered terminal device is transferred to the home appliance 107 via the home network 106 by the WPS function of the router 105. Connection can be prevented, and information on the home appliance 107 can be prevented from being acquired by a third party.

  On the other hand, if it is clear that the user of the access source terminal device 101 is, for example, a family member or a cohabitant of the registered terminal device user and is not a third party, the access request is permitted by the registered terminal device user. The For this reason, the home appliance 107 does not impose troublesome registration work on the user of the terminal device 101 of the access source that is clearly not a third party, or imposes outside authentication via the outside network 102. Connection to can be allowed. As a result, it is possible to improve the convenience of connection to the home appliance 107.

(Modification 1 of Embodiment 1)
In the first embodiment, as shown in FIG. 3, when the access source terminal device 101 is not a registered terminal device (NO in S305), it is left to the user of the registered terminal device to determine whether or not to permit an access request. However, the present disclosure is not limited to this (S308). For example, if the access source terminal apparatus 101 is not a registered terminal apparatus, a configuration in which an access request from the terminal apparatus 101 is rejected may be employed. Specifically, when the access permission confirmation unit 203 determines that the access source terminal device 101 is not a registered terminal device, the access result response unit 205 generates a response to reject the access request, and the access source terminal What is necessary is just to transmit to the apparatus 101. In this way, the request is controlled using the result of the access route confirmation unit 202 and the result of the access permission confirmation unit 203. The processing of the access route confirmation unit 202 and the access permission confirmation unit 203 may be switched in order.

  With these configurations, even if a third party who does not know the user of the registered terminal device uses the terminal device 101 to make an access request to the home appliance 107 via the home network 106, the terminal device 101 is connected to the home appliance. Can be prevented.

(Modification 2 of Embodiment 1)
In the permission input screen G1 shown in FIG. 16, the secret word input field R3 is provided. However, the present disclosure is not limited to this, and the input field R3 may be omitted. In this case, the user of the registered terminal device inputs the determination result as to whether or not to permit the access request by the access source terminal device 101 by pressing the OK button B1 or the NG button B2 without inputting the secret word. do it.

(Modification 3 of Embodiment 1)
In the first embodiment, the case where the access source terminal device 101 transmits an access request is illustrated, but the present disclosure is not limited to this, and the access source terminal device 101 responds to an operation request to the home appliance 107. May be applied. Here, the operation request is a request for changing the state of the home appliance 107, that is, a request for controlling the home appliance 107. Specifically, if the home appliance 107 is a washing machine, the operation request includes an operation request for setting a washing mode of the washing machine, an operation request for causing the washing machine to start washing in the set washing mode, and the like. Can be mentioned. In this case, the access permission confirmation unit 203 performs a process for determining whether or not to permit the operation request. This process corresponds to an example of controlling the request.

  In this modification, for example, even if the access source terminal device 101 makes an access request via the home network 106 and can connect to the home appliance 107, the operation request is limited. Remote control can be prevented.

(Modification 4 of Embodiment 1)
In the first embodiment, when the access source terminal device 101 is not a registered terminal device, a plurality of registered terminal devices may be registered in the terminal management information. In this case, a priority order may be set for a plurality of registered terminal devices and registered in the terminal management information. Then, the access permission confirmation unit 203 identifies the registered terminal device that transmits the permission input request according to the priority order, and transmits the permission input request to the identified registered terminal device via the access result response unit 205. .

  Specifically, the access permission confirmation unit 203 transmits a permission input request to the registered terminal device with the highest priority from the registered terminal information via the access result response unit 205, and the registration terminal device notifies or rejects the permission. A notification may be received. In this case, when the access result response unit 205 cannot receive a permission notification or a rejection notification from the registered terminal device with the highest priority in a certain period, the access permission confirmation unit 203 determines that the registration terminal with the second highest priority. A permission input request may be transmitted to the apparatus via the access result response unit 205. In this way, the access permission confirmation unit 203 sequentially transmits permission input requests via the access result response unit 205 in accordance with the priority order until the access result response unit 205 can receive a permission notification or a rejection notification from the registered terminal device. Do it. In addition, when the permission notification or the rejection notification cannot be received from all the registered terminal devices, the access permission confirmation unit 203 may reject the access request from the access source terminal device 101.

  In the house, for example, household appliances such as washing machines, refrigerators, and vacuum cleaners are mainly used for each household appliance 107, such as mom, father in the living room TV, and child in the children's room TV. The user to be decided. Therefore, different priorities may be set for the registered terminal devices for each home appliance 107.

  For example, if there is an access request to the washing machine from the access source terminal device 101 and the mother's priority order for the washing machine is set to first, the access permission confirmation unit 203 grants permission to the mother's registered terminal device. An input request may be transmitted via the access result response unit 205. Also, if there is a request for access to the living room TV from the access source terminal apparatus 101, and the father's priority order for the living room TV is set to first, the access permission confirmation unit 203 is configured to register the father's registered terminal apparatus. The permission input request may be transmitted via the access result response unit 205.

(Embodiment 2)
In the second embodiment, when the access source terminal device 101 is not a registered terminal device, the user of the access source terminal device 101 permits the permission input unit 501 (an example of an input unit) provided in the home appliance 107. Whether or not the access request is permitted is determined on the condition that the input has been made.

  FIG. 7 is a block diagram illustrating functions of home appliance 107A to which the control device according to Embodiment 2 is applied. 7 is different from FIG. 2 in that a permission input unit 501 is newly provided. In the present embodiment, only differences from the first embodiment will be described, and the common components will be denoted by the same reference numerals and description thereof will be omitted.

  The permission input unit 501 includes, for example, physical buttons provided on the home appliance 107, and accepts permission input by direct input from the user of the terminal device 101 that is the access source. Note that when the home appliance 107 includes a display, the permission input unit 501 may be configured by a GUI button displayed on the display. The arrangement location in the case where the permission input unit 501 is configured with physical buttons is not particularly limited, but for example, the housing of the home appliance 107 is adopted.

  When the permission input unit 501 accepts a permission input by the user of the terminal device 101 that is the access source, as a result of the access route confirmation unit 202, a determination result as to whether or not the terminal device 101 is a registered terminal device, or a permission input unit Whether or not the request is permitted is controlled using information such as the received contents 501. For example, if the access permission confirmation unit 203 determines that the permission input unit 501 accepts a permission input when it determines that the access source terminal device 101 is not a registered terminal device, the access permission confirmation unit 203 permits the access request of the terminal device 101. . Here, the presence / absence of input to the permission input unit 501 corresponds to an example of received content.

  FIG. 8 is a flowchart illustrating an example of processing of home appliance 107A to which the control device according to Embodiment 2 is applied. In FIG. 8, the same step numbers are assigned to the processes overlapping with those in FIG.

  In S305, when the access permission confirmation unit 203 determines that the access source terminal device 101 is not a registered terminal device (NO in S305), the process proceeds to S801.

  In step S <b> 801, the access permission confirmation unit 203 determines whether the permission input unit 501 has accepted a user permission input. When the access permission confirmation unit 203 determines that the permission input has been received by the permission input unit 501 (YES in S801), the access result response unit 205 indicates that the access request is permitted to the access source terminal device 101. A notification is transmitted (S307).

  On the other hand, when the access permission confirmation unit 203 determines that the permission input is not received by the permission input unit 501 (NO in S801), the access result response unit 205 indicates that the access request to the home appliance 107 is rejected. A rejection notification is transmitted to the access source terminal device 101 (S309). Here, the access permission confirmation unit 203 determines that the access source terminal device 101 is not a registered terminal device (NO in S305), and if the permission input unit 501 does not accept the permission input within a predetermined time, S801 It may be determined as NO. As the fixed time, for example, a predetermined time during which a user in the house can move to the home appliance 107 and perform permission input to the permission input unit 501 can be employed.

  In S305, when the access permission confirmation unit 203 determines that the access source terminal device 101 is not a registered terminal device (NO in S305), the access result response unit 205 displays a permission input to the permission input unit 501. A message for prompting the user to perform an operation may be transmitted to the terminal device 101 that is the access source.

  FIG. 9 is a sequence diagram illustrating an example of processing when the terminal device 101 transmits an access request to the home appliance 107 via the home network 106 in the second embodiment.

  The processing of S901 to S903 is the same as S601 to S603 of FIG. In step S <b> 904, in the home appliance 107, the access permission confirmation unit 203 receives the permission input by the user of the terminal device 101 by the permission input unit 501. In step S <b> 905, the access result response unit 205 transmits a permission notice to the access source terminal device 101.

  As described above, according to the second embodiment, when the access source terminal device 101 that is not a registered terminal device transmits an access request to the home appliance 107 via the home network 106, the permission input unit 501 included in the home appliance 107 is provided. On the condition that the user of the terminal device 101 can directly operate, an access request to the home appliance of the terminal device 101 is permitted. Thereby, it is possible to prevent an access request to the home appliance from a third-party terminal device 101 in an environment where the permission input unit 501 cannot be directly operated (for example, outside the house).

(Modification 1 of Embodiment 2)
The access permission confirmation unit 203 may permit the access request only when the permission input unit 501 receives a permission input from the user during a predetermined acceptable period. Here, as the acceptable period, a predetermined time period in which a resident in the house is expected to go out may be employed. Alternatively, when the home security system is connected to the home network 106, the access permission confirmation unit 203 returns from the time when the home security system acquires information indicating that the home resident has gone out from the home security system. A period until the time when the information indicating that it has been acquired from the home security system may be set as an acceptable period.

  As a result, even when a resident in the house goes out and a third party enters the house and performs permission input to the permission input unit 501, an access request to the home appliance 107 of the terminal device 101 of the third party is permitted. Can be prevented.

(Modification 2 of Embodiment 2)
In S801 of FIG. 8, when the access permission confirmation unit 203 determines that the permission input is not accepted by the permission input unit 501 (NO in S801), the process proceeds to S306, but the present disclosure is not limited to this. . For example, if NO in S801, the process may proceed to S309. In this case, the access result response unit 205 transmits a rejection notification to the access source terminal device 101 without prompting the user of the registered terminal device to determine whether or not to permit the access request.

(Embodiment 3)
In the third embodiment, a cloud server that performs login authentication and home electric appliance 107B cooperate to determine permission of an access request.

  FIG. 10 is a block diagram illustrating functions of home appliance 107B to which the control device according to Embodiment 3 is applied. 10 is different from FIG. 2 in that an out-of-home authentication cooperation unit 701 is newly provided. In the present embodiment, only differences from the first and second embodiments will be described, and the common components will be denoted by the same reference numerals and description thereof will be omitted.

  When the access source terminal device 101 is not a registered terminal device and the identifier of the registered terminal device is not registered in the terminal management information, the out-of-home authentication cooperation unit 701 cooperates with the cloud server 103 to issue an access request. Performs out-of-home authentication to determine permission. The cloud server 103 is a cloud server that performs login authentication to the home network 106 of the terminal device 101 that is the access source via the external network 102. In addition, although login authentication is illustrated as authentication, the authentication of this indication is not limited to this. Similarly, although the cloud server 103 is illustrated as a server, a server is not limited to this.

  Specifically, when the access route confirmation unit 202 determines that the access from the terminal device 101 is via the home network, and the access permission confirmation unit 203 determines that the terminal device 101 is not registered, The cooperation unit 701 acquires the URL of the web page for login authentication held by the cloud server 103 and passes it to the access result response unit 205. The URL is an example of guide information that guides the access source terminal device 101 to receive authentication. The guide information may be generated by application software that guides the access source terminal device 101 to the cloud server 103. Here, the out-of-home authentication cooperation unit 701 may acquire the URL by transmitting a request for acquiring the URL to the cloud server 103 via the access result response unit 205. Alternatively, when the URL of the login authentication web page is stored in the memory in advance, the outside-home authentication cooperation unit 701 may acquire the URL from the memory.

  The access result response unit 205 transmits the URL passed from the external authentication cooperation unit 701 to the terminal device 101 that is the access source.

  The user of the terminal device 101 that has received the URL accesses the login authentication web page using the URL and performs login authentication. When the login authentication is permitted, the access source terminal device 101 is permitted to access the in-home network 106 and is connected to the home appliance 107 to which connection is permitted in advance via the outside network 102. On the other hand, if the authentication is not permitted, the access source terminal device 101 is refused to connect to the home appliance 107B via the external network 102.

  FIG. 11 is a flowchart illustrating an example of processing of home appliance 107B to which the control device according to Embodiment 3 is applied. In FIG. 11, the same step numbers are assigned to the processes that are the same as those in FIG. 3. When the access permission confirmation unit 203 determines in S306 that the terminal device 101 other than the access source terminal device 101 is not registered as a registered terminal device (NO in S306), the out-of-home authentication cooperation unit 701 performs login authentication. Is transmitted to the access source terminal device 101 via the access result response unit 205 (S1101).

  FIG. 12 is a sequence diagram illustrating an example of processing when the terminal device 101 transmits an access request to the home appliance 107 via the home network 106 in the third embodiment.

  The processing of S1201 to S1203 is the same as S601 to S603 of FIG. In step S <b> 1204, the out-of-home authentication cooperation unit 701 passes a URL acquisition request to the access result response unit 205, and the access result response unit 205 transmits the URL acquisition request to the cloud server 103.

  Next, the cloud server 103 transmits the URL of the web page for login authentication to the home appliance 107 (S1205).

  Next, in the home appliance 107, when the access result response unit 205 receives the URL, the URL is transmitted to the access source terminal device 101 (S1206). Thereby, the user of the terminal device 101 that has received the URL accesses the web page for login authentication using the URL, and if the user knows information necessary for login authentication, the user uses the information for login authentication. By inputting into the web page, the user can log in to the home network 106 and access the home appliance 107.

  As described above, according to the third embodiment, when the access source terminal device 101 that is not a registered terminal device accesses the home appliance 107 via the home network 106, the URL of the web page for login authentication is notified. Therefore, the access source terminal device 101 accesses the web page for login authentication, and when the login authentication is permitted, the terminal device 101 accesses the home network 106 via the outside network 102 and is connected to the home appliance 107. Therefore, a user who is permitted to access via the external network 102 can access the web page without finding the login authentication web page from the network and inputting an operation to access the page. Can do.

(Modification of Embodiment 3)
In the third embodiment, when the login authentication is permitted by the cloud server 103 in the access source terminal device 101, the terminal device 101 is connected to the home appliance 107 via the outside network 102, but the present disclosure is not limited thereto. The out-of-home authentication cooperation unit 701 passes an inquiry notification inquiring whether or not the identifier of the access source terminal device 101 is registered to the access result response unit 205, and the access result response unit 205 transmits the inquiry notification to the cloud server 103. Good. When the access result response unit 205 receives a response indicating that the corresponding identifier is registered from the cloud server 103, the access permission confirmation unit 203 may permit the access request from the terminal device 101 that is the access source. In this case, the access source terminal device 101 is connected to the home appliance 107 via the home network 106.

  In this modified example, when the access source terminal device 101 is a terminal device whose identifier is registered in the cloud server 103 and is permitted to log in via the external network 102, the terminal device 101 is separately provided for the home appliance 107. Thus, the home network 106 can be automatically accessed without performing an identifier registration procedure, and convenience is improved.

(Embodiment 4)
In the fourth embodiment, if the access request is permitted in the other home electric appliance 107, the terminal device 101 permits the access request to the electric home appliance 107.

  FIG. 13 is a block diagram illustrating functions of home electric appliance 107C to which the control device according to Embodiment 4 is applied. 13 is different from FIG. 2 in that a home cooperation unit 1301 (an example of a request control unit) is newly provided. In the present embodiment, only differences from the first to third embodiments will be described, and the common components will be denoted by the same reference numerals and description thereof will be omitted.

  As an example, when the access permission confirmation unit 203 determines that the access source terminal device 101 is not a registered terminal device, the in-home cooperation unit 1301 determines whether another home appliance 107 is permitted to access the terminal device 101. Inquiry notification for inquiring is sent to the access result response unit 205. In this case, if a plurality of other home appliances 107 are connected to the home network 106, the access result response unit 205 may transmit an inquiry notification to each of the plurality of other home appliances 107.

  When the access result response unit 205 receives an inquiry result indicating that the access result response unit 205 is permitted from another home electric appliance 107, the home cooperation unit 1301 generates a permission notification and passes it to the access result response unit 205. On the other hand, when the access result response unit 205 receives an inquiry result that the access result response unit 205 is not permitted from other home appliances 107, the in-home cooperation unit 1301 generates a rejection notification and generates an access result response unit It passes to 205.

  The access result response unit 205 transmits the passed permission notification or rejection notification to the access source terminal device 101.

  Here, if the identifier of the home appliance 107 that is the access source is registered in the registration management information that the other home appliance 107 has, the other home appliance 107 may transmit an inquiry result indicating permission to the home appliance 107. In addition, when the access result response unit 205 receives an inquiry result from a plurality of other household electrical appliances 107, the in-home cooperation unit 1301 determines that the access source is an inquiry result indicating that at least one of the inquiry results is permitted. What is necessary is just to permit the access request to the household appliance 107 of the terminal device 101. On the other hand, if the in-home cooperation unit 1301 is an inquiry result indicating that all inquiry results transmitted from a plurality of other household electrical appliances 107 are not permitted, a rejection notification may be generated.

  FIG. 14 is a flowchart illustrating an example of processing of home appliance 107C to which the control device according to the fourth embodiment is applied. In FIG. 14, the same step numbers are assigned to the processes that are the same as those in FIG.

  In S305, when the access permission confirmation unit 203 determines that the access source terminal device 101 is not a registered terminal device (NO in S305), the process proceeds to S1401.

  In S1401, the in-home cooperation unit 1301 makes an inquiry to another home appliance 107 to determine whether the access request from the access source terminal device 101 is permitted by the other home appliance 107 belonging to the same home network.

  When the home link unit 1301 determines that the access request of the access source terminal device 101 is permitted by another home appliance 107 (YES in S1401), the access result response unit 205 determines that the access source terminal device A permission notice is transmitted to 101 (S307). On the other hand, if the home cooperation unit 1301 determines that the access request from the access source terminal device 101 is not permitted by the other home appliances 107 (NO in S1401), the process proceeds to S306.

  FIG. 15 is a sequence diagram illustrating an example of processing when the terminal device 101 transmits an access request to the home appliance 107 via the home network 106 in the fourth embodiment.

  The processing of S1501 to S1503 is the same as S601 to S603 of FIG. In the example of FIG. 15, it is determined in S1503 that the access source terminal device 101 is not a registered terminal device.

  In step S <b> 1504, the in-home cooperation unit 1301 sends an inquiry notification inquiring whether the access request of the access source terminal device 101 is permitted by the other home appliance 107 to the other home appliance 107 via the access result response unit 205. Send.

  In step S <b> 1505, the access result response unit 205 receives an inquiry result from another home appliance 107.

  In step S1506, when the access result response unit 205 receives an inquiry result indicating that the access request is permitted from another home appliance 107, the in-home cooperation unit 1301 sets the access result response unit 205 to the access source terminal device 101. Send permission notification via On the other hand, in S1506, when the access result response unit 205 receives an inquiry result indicating that the access request is not permitted from the other home appliances 107, the in-home cooperation unit 1301 sends an access result response unit to the access source terminal device 101. A rejection notification is transmitted via 205.

  As described above, according to the fourth embodiment, when the terminal device 101 that is not a registered terminal device transmits an access request to the home appliance 107 via the home network, the terminal device 101 receives an access request in the other home appliance 107 in the home. Is permitted, an access request to the corresponding home electric appliance 107 is permitted.

  Therefore, the access request to the corresponding home appliance 107 is permitted without causing the user of the terminal device 101 whose access request is permitted in the other home appliance 107 to perform the registration procedure for the corresponding home appliance 107. Can do.

(Modification of Embodiment 4)
When there are a plurality of other home appliances 107 and one other home appliance 107 out of the plurality of other home appliances 107 represents the remaining home appliance 107 as a representative, An inquiry notification may be transmitted via the access result response unit 205 to another home electric appliance 107 represented.

  In this case, the other representative home appliances 107 include terminal management information of the remaining home appliances 107. Therefore, when the other representative home appliance 107 receives the inquiry request, it refers to the respective terminal management information of itself and the remaining home appliances 107, and the identifier of the terminal device 101 that is the access source is included in any one of the terminal management information Is registered, the inquiry result for permitting the access request may be transmitted to the home appliance 107 to be accessed. On the other hand, if the identifier of the terminal device 101 of the access source is not registered in any terminal management information, the other representative home appliance 107 sends an inquiry result that the access request is not permitted to the access target home appliance 107. Just send it.

  According to this configuration, since the home appliance 107 to be accessed only needs to send an inquiry request to another representative home appliance 107, communication traffic can be suppressed and processing loads on all the home appliances 107 can be reduced.

  According to the present disclosure, since it is possible to prevent a third party from connecting to the home appliance via the home network using the terminal device, it is useful for enhancing the security of the home network.

101, 101A, 101B Terminal device 102 Outside network 103 Cloud server 104 Internet line 105 Router 106 Home network 107, 107A, 107B, 107C Home appliance 201 Access reception unit 202 Access route confirmation unit 203 Access permission confirmation unit 204 Access permitted terminal management Unit 205 access result response unit 501 permission input unit 701 remote authentication link unit 1301 home link unit G1 permission input screen

Claims (12)

A control device provided in a home appliance or a device connected to the home appliance via a home network,
A communication unit that receives a request to the home appliance from one terminal device via a network, and transmits a response to the request;
A first determination unit that determines whether the request received by the communication unit is via the home network;
An acquisition unit that acquires information for determining whether the one terminal device is one or more registered terminal devices that are permitted to request the home appliance;
A second determination unit that determines whether the one terminal device is the registered terminal device based on the information obtained by the acquisition unit;
A request control unit that controls the request using determination results of the first determination unit and the second determination unit;
A response generating unit that generates the response indicating that the request is rejected when the request control unit rejects the request;
Control device. The communication unit transmits a permission input request of the one terminal device to the registered terminal device,
The communication unit receives a response to the permission input request from the registered terminal device,
The request control unit controls the request of the one terminal device using a determination result of the first determination unit and the second determination unit and a response to the permission input request.
The control device according to claim 1. It is further equipped with an input unit that can be directly input by the user,
When the input unit accepts permission input by the user, the request control unit uses the determination results of the first determination unit and the second determination unit and the received content of the input unit, and the one terminal Control the request of the device;
The control device according to claim 1. Further comprising an out-of-home authentication cooperation unit that cooperates with a server that performs authentication for a request to the home appliance of the one terminal device via an out-of-home network;
The said request control part controls the said request | requirement of said one terminal device using the determination result of said 1st determination part and said 2nd determination part, and the cooperation result of said outside authentication cooperation part. Control device. The outside authentication cooperation unit causes the communication unit to transmit an inquiry notification for inquiring of the server whether or not the identifier of the one terminal device is registered,
The request control unit permits the request of the one terminal device when a notification that the identifier of the one terminal device is registered is received by the communication unit.
The control device according to claim 4. When the first determination unit determines that access from the one terminal device is via the home network, and the second determination unit determines that the one terminal device is not the registered terminal device, the home The external authentication cooperation unit causes the communication unit to transmit guidance information for guiding the one terminal device to receive the authentication to the one terminal device.
The control device according to claim 4. The request control unit permits the request of the one terminal device when the input unit accepts a permission input during a predetermined acceptable period.
The control device according to claim 3. The request control unit causes the communication unit to transmit an inquiry notification that inquires whether the request is permitted in another household electrical appliance different from the household electrical appliance, and receives a response that the request is permitted by the communication unit. If so, allow the request,
The control device according to claim 1. The request is an access request to the home appliance.
The control device according to claim 1. The request is an operation request to the home appliance.
The control device according to claim 1. The one or more registered terminal devices are two or more registered terminal devices;
Priorities are set for the two or more registered terminal devices,
The request control unit identifies a registration terminal device that transmits the permission input request from the two or more registration terminal devices according to the priority order,
The communication unit transmits the permission input request to the specified registered terminal device.
The control device according to claim 2. A program for causing a computer to function as a control device provided in a home appliance or a device connected to the home appliance via a home network,
A communication unit that receives a request to the home appliance from one terminal device via a network, and transmits a response to the request;
A first determination unit that determines whether the request received by the communication unit is via the home network;
An acquisition unit that acquires information for determining whether the one terminal device is one or more registered terminal devices that are permitted to request the home appliance;
A second determination unit that determines whether the one terminal device is the registered terminal device based on the information obtained by the acquisition unit;
A request control unit that controls the request using determination results of the first determination unit and the second determination unit;
A program that causes a computer to function as a response generation unit that generates the response indicating that the request is rejected when the request control unit rejects the request.

Images