JP2020092318A - Relay device, relay method, and computer program - Google Patents

Abstract

To provide a relay device, a relay method, and a computer program that can realize Pub/Sub type communication with higher security.SOLUTION: A relay device according to the embodiment is a device that delivers a message received from one or more publishers to one or more subscribers on the basis of a designated topic by a publish/subscribe messaging method. The relay device includes a storage unit and a relay unit. The storage unit stores in advance topic management information indicating the publisher of the topic. The relay unit receives a message from a transmission device preset as the publisher of the topic in the topic management information, and transmits the received message to a reception device that is a subscriber of the topic.SELECTED DRAWING: Figure 2

Description

Embodiments of the present invention relate to a relay device, a relay method, and a computer program.

A publish/subscribe type messaging method such as MQTT (Message Queueing Telemetry Transport) is known as one of communication methods used when transmitting various sensor data generated in real time in a plant or the like to a cloud server ( Hereinafter referred to as "Pub/Sub type communication".) In the Pub/Sub type communication, a broker (broker) registers a message received from a publisher (publisher) in a corresponding topic, and a message registered in the topic is applied for delivery to the topic. It is a communication model for delivering to one or more subscribers (Subscriber). In such Pub/Sub communication, a publisher can efficiently deliver a message to a plurality of subscribers without being aware of the individual subscribers who need to deliver the message.

However, the security of the conventional Pub/Sub type communication is not always sufficient, and there is a possibility that a message may be erroneously delivered or tampered with. For example, a message may be delivered to an unintended subscriber due to fraud or a topic, or may be tampered with by an unauthorized subscriber.

Japanese Patent No. 5160134

An object of the present invention is to provide a relay device, a relay method, and a computer program that can realize Pub/Sub type communication with higher security.

The relay device according to the embodiment is a device that delivers a message received from one or more publishers to one or more subscribers based on a specified topic based on a publish/subscribe messaging method. The relay device includes a storage unit and a relay unit. The storage unit stores in advance topic management information indicating the publisher of the topic. The relay unit receives a message from a transmission device preset as a publisher of the topic in the topic management information, and transmits the received message to a reception device that is a subscriber of the topic.

The figure which shows the structural example of the Pub/Sub type communication system in 1st Embodiment. The figure which shows the specific example of a functional structure of the relay device 10 of 1st Embodiment. The figure which shows the specific example of the topic management information in 1st Embodiment. The figure which shows the specific example of the topic management information in 1st Embodiment. The figure which shows the specific example of a functional structure of the transmitter 20 in 1st Embodiment. The figure which shows the specific example of a functional structure of the receiver 30 in 1st Embodiment. The sequence diagram which shows the specific example of the process which the communication system 100 of 1st Embodiment transmits/receives a message by Pub/Sub type communication. The sequence diagram which shows the specific example of the topic setting process which the communication system 100 of 1st Embodiment performs prior to transmission/reception of the message by Pub/Sub type communication. The figure which shows the structural example of the Pub/Sub type communication system in 2nd Embodiment. The figure which shows the specific example of a functional structure of the relay apparatus 10a of 2nd Embodiment. The figure which shows the specific example of the order management information in 2nd Embodiment. The figure which shows the specific example of the message format transmitted from the transmitter 20a in 2nd Embodiment. The figure which shows the specific example of a functional structure of the transmitter 20a of 2nd Embodiment. The sequence diagram which shows the specific example of the process which the communication system 100a of 2nd Embodiment transmits/receives a message by Pub/Sub type communication. The sequence diagram which shows the specific example of the topic setting process which the communication system 100a of 2nd Embodiment performs prior to transmission/reception of the message by Pub/Sub type communication. The figure which shows the structural example of the Pub/Sub type communication system in 3rd Embodiment. The figure which shows the specific example of a functional structure of the relay apparatus 10b of 3rd Embodiment. The figure which shows the specific example of a functional structure of the management apparatus 40 of 3rd Embodiment. The sequence diagram which shows the specific example of the setting process of the topic in the communication system 100b of 3rd Embodiment. The figure which shows the structural example of the Pub/Sub type communication system in 4th Embodiment. The figure which shows the specific example of a functional structure of the relay apparatus 10c in 4th Embodiment. The figure which shows the specific example of a functional structure of the transmitter 20c in 4th Embodiment. The sequence diagram which shows the specific example of the topic setting process which the communication system 100c of 4th Embodiment performs prior to transmission/reception of the message by Pub/Sub type communication.

Hereinafter, a relay device, a relay method, and a computer program according to the embodiments will be described with reference to the drawings.

(First embodiment)
FIG. 1 is a diagram illustrating a configuration example of a publish/subscribe type (hereinafter referred to as “Pub/Sub type”) communication system according to the first embodiment. The communication system 100 shown in FIG. 1 is an example of the Pub/Sub type communication system in the first embodiment. The communication system 100 includes a relay device 10, a transmission device 20, and a reception device 30. The relay device 10 is communicatively connected to the transmitting device 20 via the network N1, and is communicatively connected to the receiving device 30 via the network N2. Note that the network configuration of the communication system 100 may be different from that of FIG. 1 as long as the relay device 10 is communicatively connected to the transmitting device 20 and the receiving device 30.

The relay device 10 is a communication device that functions as a broker in Pub/Sub type communication. Specifically, the relay device 10 has a function of relaying a message transmitted by the transmission device 20 to a corresponding reception device 30 based on a Pub/Sub type messaging method such as MQTT (Message Queueing Telemetry Transport) (hereinafter referred to as “relay”). Function.)).

The transmission device 20 is a communication device that functions as a publisher in Pub/Sub type communication. Specifically, the transmission device 20 has a function of transmitting a message to be distributed to the relay device 10 that is a broker according to the messaging method of the relay device 10. For example, the transmission device 20 transmits to the relay device 10 a message to which information indicating the topic of registration (hereinafter referred to as “topic information”) is added. Although FIG. 1 shows a communication system 100 including three transmitting devices 20-1, 20-2, and 20-3, the number of transmitting devices 20 connected to the relay device 10 is at least one or more. The number may be less than 3, and may be 4 or more.

The receiving device 30 is a communication device that functions as a subscriber in Pub/Sub communication. Specifically, the receiving device 30 has a function of receiving a message to be subscribed from the relay device 10, which is a broker, according to the messaging method of the relay device 10. Although FIG. 1 shows a communication system 100 including three receiving devices 30-1, 30-2, and 30-3, the number of receiving devices 30 connected to the relay device 10 is at least one or more. The number may be less than 3, and may be 4 or more.

In the communication system 100 of the embodiment configured as described above, the relay device 10 has a function of authenticating the setter of the topic (hereinafter, referred to as an “authentication function”) in addition to the relay function described above, and thus, the It is possible to realize highly secure Pub/Sub type communication. Note that the topic setting here means associating a publisher or a subscriber with a topic. Hereinafter, the configuration of the relay device 10 of the embodiment will be described in detail.

FIG. 2 is a diagram illustrating a specific example of the functional configuration of the relay device 10 according to the first embodiment. The relay device 10 includes a CPU (Central Processing Unit), a memory, an auxiliary storage device, and the like connected by a bus, and executes a program. The relay device 10 executes the program to execute the first communication unit 101, the second communication unit 102, the third communication unit 103, the fourth communication unit 104, the topic management information storage unit 105, the message relay unit 106, the authentication unit 111, and the topic. It functions as a device including the setting unit 112. All or some of the functions of the relay device 10 may be realized by using hardware such as ASIC (Application Specific Integrated Circuit), PLD (Programmable Logic Device), and FPGA (Field Programmable Gate Array). The program may be recorded in a computer-readable recording medium. The computer-readable recording medium is, for example, a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in a computer system. The program may be transmitted via a telecommunication line.

The first communication unit 101, the second communication unit 102, the third communication unit 103, and the fourth communication unit 104 are communication interfaces that connect the relay device 10 to the transmitting device 20 and the receiving device 30 in a communicable manner. The first communication unit 101 and the second communication unit 102 connect the relay device 10 to the transmission device 20 in a communicable manner. The third communication unit 103 and the fourth communication unit 104 connect the relay device 10 to the receiving device 30 in a communicable manner.

The relay device 10 performs communication related to topic setting via the first communication unit 101 and the third communication unit 103, and performs communication related to message transmission/reception via the second communication unit 102 and the fourth communication unit 104. The first communication unit 101, the second communication unit 102, the third communication unit 103, and the fourth communication unit 104 are appropriately aggregated or distributed as long as the relay device 10 can communicate with the transmission device 20 and the reception device 30. May be.

The topic management information storage unit 105 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The topic management information storage unit 105 stores topic management information. The topic management information is setting information regarding a topic in Pub/Sub type communication. The topic management information is recorded in the topic management information storage unit 105 in advance before sending and receiving the message.

3 and 4 are diagrams showing specific examples of the topic management information in the first embodiment. In FIG. 3, like the communication system 100 of the present embodiment, a communication device that functions as a publisher (here, the transmitting device 20) and a communication device that functions as a subscriber (here, the receiving device 30) are configured as different devices. It shows the topic management information in the case. In this case, the topic management information is stored in the topic management information storage unit 105 as the topic management table T1 shown in FIG. 3, for example.

The topic management table T1 has one record for each combination of an IP (Internet Protocol) address of a communication device functioning as a publisher or a subscriber and a topic of a message distributed by each communication device, and each record has an IP address. , Topic ID and access right.

The topic ID is identification information of a topic associated with a communication device having a corresponding IP address. The access right represents the authority given to the corresponding topic by the communication device having the corresponding IP address. For example, the record R1 of the topic management table T1 indicates that the communication device having the IP address of “192.168.1.102” can deliver (“publish”) a message for the topic “plantB”. Further, for example, the record R2 of the topic management table T1 indicates that the communication device having the IP address of “192.168.2.102” can subscribe (“subscribe”) a message for the topic “plantB”. There is.

It should be noted that the communication device that transmits and receives messages by the Pub/Sub type communication does not necessarily have to function as either a publisher or a subscriber, and may function as a publisher and a subscriber. For example, the topic management information in this case is set as in the topic management table T2 shown in FIG.

Returning to the explanation of FIG. The message relay unit 106 has a function of relaying a message based on topic management information. Specifically, the message relay unit 106 registers the message received from the transmission device 20 in the topic indicated by the topic information included in the message, and associates the message registered in the topic with the topic. It transmits to the attached receiving device 30.

The authentication unit 111 receives a topic setting request (hereinafter referred to as “topic setting request”) and authenticates the requesting communication device (here, the transmitting device 20 or the receiving device 30) (hereinafter referred to as “authentication function”). ) Has. It should be noted that the topic setting here means new generation of topic management information, addition, change, deletion, etc. of setting for existing topic management information.

Further, the above authentication function may be realized by any method as long as the presence or absence of the setting qualification can be determined for the requesting communication device. For example, the authentication unit 111 may acquire qualification information such as a user name and password, a private key, and a certificate from the requesting communication device, and determine the presence or absence of the setting qualification based on the acquired qualification information. Also, the authentication unit 111 may request the communication device of the request source to another device (not shown) and authenticate the communication device of the request source based on the authentication result.

Specifically, the authentication unit 111 receives the topic setting request and acquires information indicating the setting content for the topic management information (hereinafter referred to as “setting request information”) from the requesting communication device. On the other hand, the authentication unit 111 performs the authentication process of the requesting communication device in response to the reception of the topic setting request, and outputs the setting request information to the topic setting unit 112 when the authentication is successful.

The topic setting unit 112 has a topic setting function. Specifically, the topic setting unit 112 acquires the setting request information output by the authentication unit 111, and reflects the setting content indicated by the acquired setting request information in the topic management information.

FIG. 5 is a diagram illustrating a specific example of the functional configuration of the transmission device 20 according to the first embodiment. The transmission device 20 includes a CPU, a memory, an auxiliary storage device, and the like connected by a bus, and executes a program. The transmission device 20 functions as a device including the first communication unit 21, the second communication unit 22, the message transmission unit 23, and the topic setting request unit 24 by executing the program. Note that all or part of each function of the transmission device 20 may be realized by using hardware such as ASIC, PLD, or FPGA. The program may be recorded in a computer-readable recording medium. The computer-readable recording medium is, for example, a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in a computer system. The program may be transmitted via a telecommunication line.

The first communication unit 21 and the second communication unit 22 are communication interfaces that connect the transmission device 20 to the relay device 10 in a communicable manner. The transmission device 20 performs communication related to topic setting via the first communication unit 21 and communication related to message transmission via the second communication unit 22. The first communication unit 21 and the second communication unit 22 may be appropriately aggregated or distributed as long as the transmission device 20 can communicate with the relay device 10.

The message transmission unit 23 has a function of transmitting a message to the relay device 10 that is a broker as a publisher in Pub/Sub communication. Specifically, the message transmission unit 23 stores topic information (for example, topic ID) related to the message to be transmitted in advance, adds the topic information to the message, and transmits the message to the relay device 10. The message transmission unit 23 may add the same topic information to all the messages to be transmitted, or may add different topic information depending on the message.

The topic setting request unit 24 has a function of notifying the relay apparatus 10 of a topic setting request in which the transmission device 20 is the publisher. The topic setting request unit 24 transmits the qualification information regarding the setting of the topic and the setting request information to the relay device 10 together with the notification of the topic setting request.

FIG. 6 is a diagram illustrating a specific example of the functional configuration of the receiving device 30 according to the first embodiment. The receiving device 30 includes a CPU, a memory, an auxiliary storage device, and the like connected by a bus, and executes a program. The receiving device 30 functions as a device including the first communication unit 31, the second communication unit 32, the message receiving unit 33, and the topic setting requesting unit 34 by executing the program. Note that all or part of each function of the receiving device 30 may be realized by using hardware such as an ASIC, PLD, or FPGA. The program may be recorded in a computer-readable recording medium. The computer-readable recording medium is, for example, a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in a computer system. The program may be transmitted via a telecommunication line.

The first communication unit 31 and the second communication unit 32 are communication interfaces that connect the receiving device 30 to the relay device 10 in a communicable manner. The receiving device 30 performs communication related to topic setting via the first communication unit 31 and communication related to message reception via the second communication unit 32. The first communication unit 31 and the second communication unit 32 may be appropriately aggregated or distributed as long as the receiving device 30 can communicate with the relay device 10.

The message receiving unit 33 has a function of receiving, as a subscriber in Pub/Sub communication, a message of a topic for which a subscription is applied in advance from the relay device 10 that is a broker.

The topic setting requesting unit 34 has a function of notifying the relay device 10 of a topic setting request having the transmitting device 20 as a subscriber. The topic setting requesting unit 34 transmits the qualification information regarding the setting of the topic and the setting request information to the relay device 10 together with the notification of the topic setting request.

FIG. 7 is a sequence diagram showing a specific example of a process in which the communication system 100 of the first embodiment transmits/receives a message by Pub/Sub type communication. The message transmission/reception process described here is the same as the message transmission/reception process in the conventional Pub/Sub type communication.

First, when a message to be distributed is generated in the transmission device 20, the transmission device 20 transmits the generated message to the relay device 10 according to the Pub/Sub communication protocol (step S101). Specifically, the transmission device 20 stores topic information (for example, a topic ID) regarding a message to be transmitted in advance, adds the topic information to the message, and transmits the message to the relay device 10. Here, the topic information stored in advance in the transmission device 20 may indicate one topic common to all the messages, or may indicate a plurality of different topics depending on the messages. .. Further, the transmission device 20 may add topic information indicating one topic to one message, or may add topic information indicating a plurality of topics. The transmitted message is received by the relay device 10.

In the relay device 10, the message relay unit 106 determines whether or not the transmission device 20 that is the transmission source of the received message is set in the topic management information (step S102). For example, the message relay unit 106 acquires the IP address of the transmission source added to the received message, and determines whether the IP address is set as the publisher in the topic management information. Here, when the transmission device 20 of the transmission source is set to the topic management information (step S102-YES), the message relay unit 106 sets the topic designated as the registration destination of the received message to the topic management information. It is determined whether it has been done (step S103).

Specifically, the message relay unit 106 identifies the topic designated as the registration destination of the message based on the topic information added to the received message, and the topic is identified as the transmission source in the topic management information. It is determined whether or not it is associated with the transmitting device 20. Here, when the topic designated as the registration destination of the received message is set in the topic management information (step S103-YES), the message relay unit 106 receives the topic designated by the topic information. While registering the message, the message registered in the topic is transferred to the receiving device 30 associated with the topic (step S104). Through such a series of processing flows, the relay device 10 relays the message transmitted from the one or more transmitting devices 20 to the corresponding one or more receiving devices 30.

For example, when the topic management information is set as shown in FIG. 3, the message transmitted by the transmission device 20 having the IP address “192.168.1.102” is the same topic “plantB as the transmission source transmission device 20. It is transmitted to the receiving device 30 having the IP address associated with ". Specifically, the message transmitted by the transmission device 20 having the IP address “192.168.1.102” includes the reception device 30 having the IP address “192.168.2.101” and the IP address “192. And the receiving device 30 having 168.2.102″.

On the other hand, in step S102, when the transmission device 20 of the transmission source is not set in the topic management information (step S102-NO), or the topic designated as the registration destination of the received message in step S103 is topic management. If not set in the information (step S103-NO), the message relay unit 106 discards the message without transferring it (step S105).

By relaying the message in such a series of processing flows, the relay device 10 relays the message transmitted from the legitimate transmission device 20 to the reception device 30, and receives the message transmitted from the unauthorized transmission device 20. It may not be relayed to the device 30. This is because, by the topic setting process described below, only the legitimate transmitting device 20 is set in the topic management information prior to transmitting/receiving the message.

FIG. 8 is a sequence diagram showing a specific example of topic setting processing performed by the communication system 100 according to the first embodiment prior to transmitting/receiving a message by Pub/Sub type communication. Here, the case where the topic setting process is performed in the order of the publisher and the subscriber will be described, but the topic setting process does not necessarily have to be performed in this order. For example, the topic setting process may be performed in the order of the subscriber and the publisher.

[Publisher Settings]
First, the transmission device 20 notifies the relay device 10 of a topic setting request (step S111). At this time, the transmission device 20 transmits the setting request information to the relay device 10 together with the qualification information for authentication. The relay device 10 receives the topic setting request and receives the qualification information and the setting request information from the requesting transmission device 20.

In the relay device 10, the authentication unit 111 performs authentication processing of the requesting transmission device 20 based on the received qualification information (step S112), and returns the authentication result to the requesting transmission device 20 (step S113). ).

Subsequently, the topic setting unit 112 determines the authentication result of the requesting transmission device 20 (step S114), and performs topic setting processing according to the determination result (step S115). Specifically, when the authentication of the requesting transmission device 20 is successful (step S114-OK), the topic setting unit 112 reflects the setting content indicated by the received setting request information in the topic setting information.

For example, in step S111, it is assumed that the transmission device 20 having the IP address “192.168.1.102” requests the relay device 10 to set itself as the publisher of the topic “plantB”. In this case, in step S115, the record R1 shown in FIG. 3 is added to the topic management table T1. On the other hand, when the authentication of the requesting transmission device 20 fails (step S114-NG), the topic setting unit 112 does not set the topic.

Subscriber settings
First, the receiving device 30 notifies the relay device 10 of a topic setting request (step S121). At this time, the receiving device 30 transmits the setting request information to the relay device 10 together with the qualification information for authentication. The relay device 10 receives the topic setting request and also receives the qualification information of the request source and the setting request information.

In the relay device 10, the authentication unit 111 performs authentication processing of the requesting receiving device 30 based on the received qualification information (step S122), and returns the authentication result to the requesting receiving device 30 (step S123). ).

Subsequently, the topic setting unit 112 determines the authentication result of the requesting receiving device 30 (step S124), and performs topic setting processing according to the determination result (step S125). Specifically, when the authentication of the receiving device 30 of the request source is successful (step S124-OK), the topic setting unit 112 sets a topic based on the received setting request information.

For example, in step S121, the receiving device 30 having the IP address “192.168.2.102” requests the relay device 10 to set itself as a subscriber of the topic “plantB”. In this case, in step S125, the record R2 shown in FIG. 3 is added to the topic management table T1. On the other hand, when the authentication of the receiving device 30 of the request source has failed (step S124-NG), the topic setting unit 112 does not set the topic.

Note that FIG. 8 illustrates the flow of topic setting processing in the case where both publisher setting (steps S111 to S115) and subscriber setting (steps S121 to S125) are performed. It does not necessarily have to be done for both publishers and subscribers. For example, the topic setting process may be performed for either the publisher or the subscriber as necessary.

Further, in FIG. 8, the case where the setting request information is transmitted together with the topic setting request has been described for simplification, but the setting request information does not necessarily need to be transmitted together with the topic setting request. For example, the setting request information may be transmitted after notification of successful authentication.

Further, when the topic indicated by the setting request information is not included in the topic management table, the topic setting unit 112 may determine that the topic for which setting is requested is invalid and discard the topic setting request.

In the communication system 100 of the first embodiment configured as described above, the relay device 10 is provided with the authentication function related to the topic setting in the Pub/Sub type communication, thereby realizing higher security Pub/Sub type communication. be able to.

Specifically, the communication system 100 according to the first embodiment can prevent an unauthorized topic from being set by authenticating a publisher or a subscriber when setting a topic. In addition, the communication system 100 of the first embodiment registers a message for a topic based on a preset access right, so that an unauthorized message is delivered without increasing the communication load during message transmission/reception. Can be suppressed.

(Second embodiment)
FIG. 9 is a diagram showing a configuration example of the Pub/Sub type communication system in the second embodiment. The communication system 100a shown in FIG. 9 is an example of the Pub/Sub type communication system in the second embodiment. The communication system 100a is different from the communication system 100 of the first embodiment in that the relay device 10a is provided instead of the relay device 10 and the transmission device 20a is provided instead of the transmission device 20.

FIG. 10 is a diagram illustrating a specific example of the functional configuration of the relay device 10a according to the second embodiment. The relay device 10a is a first embodiment in that it includes a topic setting unit 112a and a message relay unit 106a in place of the topic setting unit 112 and the message relay unit 106, and further includes an order management information storage unit 107 and an alteration detection unit 108. It is different from the relay device 10 of the embodiment. Since other functional units are the same as those in the first embodiment, these functional units are denoted by the same reference numerals as those in FIG. 2 and their description is omitted.

The order management information storage unit 107 is configured using a storage device such as a magnetic hard disk device or a semiconductor storage device. The order management information storage unit 107 stores order management information. The order management information is information used for order management of messages transmitted and received in the communication system 100a. The order management information is initialized before the transmission/reception of the message is started, and is updated according to the transmission/reception of the message. For example, the order management information is updated by the topic setting unit 112a when the topic is set, and updated by the message relay unit 106a when the message is relayed.

FIG. 11 is a diagram showing a specific example of order management information in the second embodiment. For example, the order management information is stored in the order management information storage unit 107 as the order management table T3 shown in FIG. The order management table T3 has one record for each combination of the transmission device 20a and the topic of the message distributed by the transmission device 20a, and each record includes the IP address, topic ID, and sequence number of the transmission device 20a. Has each value. The sequence number is a value indicating the order of the messages received from the corresponding transmitting device 20a for the corresponding topic, and may be any value as long as the value increases by a predetermined rule each time the message is received. May be.

For example, the sequence number may be a numerical value that is incremented by 1 each time a message is received, or may be the cumulative sum of the data sizes of previously received messages. The sequence number is managed for each combination of the transmission device 20a and the topic of the message distributed by the transmission device 20a.

Returning to the description of FIG. The falsification detection unit 108 has a function of detecting falsification of the received message. Specifically, the falsification detection unit 108 uses the falsification detection code (falsification detection information) added to the received message to determine whether or not the message has been falsified. The tampering detection code may be generated by any method as long as the data is obtained (the probability is sufficiently high) only by the message data at the time of transmission. For example, a MAC (Message Authentication Code) function, a MIC (Message Integrity Code) function, a hash function, or the like can be used to generate the tampering detection code.

The message received by the relay device 10a from the transmission device 20a is added with the falsification detection code generated by the transmission device 20a using the message data at the time of transmission, and the falsification detection unit 108 is added to the received message. Whether or not the message data has been tampered with is determined by comparing the tampering detection code that has been generated with the tampering detection code that has been generated using the received message data in the same manner as the transmission device 20a.

FIG. 12 is a diagram showing a specific example of a message format transmitted from the transmission device 20a in the second embodiment. The message M shown in FIG. 12 is a specific example of a message transmitted from the transmission device 20a. For example, a payload part M1 in which actual data is stored, and a transmission source identifier, a message length, a topic ID, and a sequence number in the payload part M1. And a footer section M3 for adding a tampering detection code to the payload section M1. In this case, the tampering detection code generated using the message data including at least the payload part M1 is added as the footer part M3. The sequence number here represents the order of message transmission in the transmission device 20a.

In this case, the tampering detection unit 108 stores in advance a method for generating the tampering detection code added to the footer unit M3, and uses the received message data to generate the tampering detection code by the same method as the transmission device 20a. To do. For example, when the tampering detection code added to the footer part M3 is generated by using the message data of the payload part M1 and the header part M2, the tampering detection part 108 determines that the payload part M1 and the header part of the received message data. A tampering detection code is generated using the data of M2. Then, the falsification detection unit 108 compares the received improvement detection code with the generated falsification detection code, determines that there is no falsification when both are the same, and determines that there is falsification when the two are different.

The falsification detection unit 108 outputs the received message to the message relay unit 106a when it is determined that there is no falsification, and discards the received message when it is determined that there is falsification. Note that the falsification detection unit 108 may be configured to, when it is determined that there is falsification, perform an operation of notifying the fact.

Returning to the description of FIG. The message relay unit 106a is similar to the message relay unit 106 in the first embodiment in that the message output from the falsification detection unit 108 is relayed to the reception device 30, but at the time of this relay, the message order confirmation is performed. This is different from the message relay unit 106 in the first embodiment in that Specifically, the message relay unit 106a determines whether or not the messages are received in the correct order by comparing the sequence number added to the received message with the sequence number managed by the own device. To do. The message relay unit 106a may be configured to relay the messages when the reception order is correct, and when the reception order inconsistency is detected, the message relay unit 106a is configured to perform an operation of notifying the fact. May be.

The topic setting unit 112a is similar to the topic setting unit 112 in the first embodiment in that it sets topics in response to topic setting requests from the transmitting device 20a and the receiving device 30, but in this setting, the order is set. It differs from the topic setting unit 112 in the first embodiment in that management information (specifically, sequence number) is initialized. For example, in the case of the example in FIG. 11, the topic setting unit 112a initializes the sequence numbers x, y, and z to the initial values according to the topic setting. Note that a predetermined value such as "0" or "1" may be used as the initial value, or may be randomly determined at the timing of initialization. When the initial value is randomly determined, the topic setting unit 112a notifies the determined initial value to the transmission device 20a, and the transmission device 20a starts message transmission with the notified initial value.

FIG. 13 is a diagram illustrating a specific example of the functional configuration of the transmission device 20a according to the second embodiment. The transmission device 20a differs from the transmission device 20 of the first embodiment in that the transmission device 20a includes a message transmission unit 23a instead of the message transmission unit 23. Since other functional units are the same as those in the first embodiment, these functional units are denoted by the same reference numerals as those in FIG.

The message transmission unit 23a is similar to the message transmission unit 23 in the first embodiment in that it transmits a message to the relay device 10 that is a broker as a publisher in Pub/Sub communication, but the message transmission unit 23a It differs from the message transmitting unit 23 in the first embodiment in that a sequence number and a falsification detection code are added.

FIG. 14 is a sequence diagram showing a specific example of a process in which the communication system 100a according to the second embodiment transmits/receives a message by Pub/Sub type communication. In the sequence diagram shown in FIG. 14, the relay device 10a performs a falsification determination process (step S201) and an order determination process (step S202) between the topic determination process (step S103) and the message transfer process (step S104). This is different from the message transmission/reception process (see FIG. 7) in the first embodiment in that the alteration detection notification (step S203) is performed together with the message discarding process (step S105). Since other processes are the same as those in the first embodiment, other similar processes are denoted by the same reference numerals as those in FIG. 7, and description thereof will be omitted.

Further, here, when the tampering of the message is not detected, and when the message is received in the correct order, the relay device 10a transfers the message to the receiving device 30, and when the tampering of the message is detected, Or, when the message is not received in the correct order, an example of notifying it without forwarding the message was shown, but what kind of processing should be performed based on the result of alteration detection or the result of order determination? May be changed arbitrarily. For example, the relay device 10a may be configured to transfer a message regardless of the result of tampering detection or the result of order determination, and notify that effect only when tampering is detected.

FIG. 15 is a sequence diagram showing a specific example of topic setting processing performed by the communication system 100a according to the second embodiment prior to transmitting/receiving a message by the Pub/Sub type communication. The sequence diagram shown in FIG. 15 is that the relay device 10a initializes the sequence number (step S301) after setting the topic for the publisher (step S115), and the topic setting process (FIG. 8)). Since other processes are the same as those in the first embodiment, other similar processes are denoted by the same reference numerals as those in FIG. 8 and description thereof is omitted.

In the communication system 100a of the second embodiment configured as described above, the relay device 10a has an authentication function for setting a topic in Pub/Sub type communication, thereby realizing higher security Pub/Sub type communication. be able to. Further, in the communication system 100a of the second embodiment, the relay device 10a has a function of detecting the presence or absence of tampering with the received message and a function of confirming the reception order of the received message, thereby further improving security. It is possible to realize high Pub/Sub type communication.

(Third Embodiment)
FIG. 16 is a diagram showing a configuration example of the Pub/Sub type communication system in the third embodiment. A communication system 100b shown in FIG. 16 is an example of a Pub/Sub type communication system according to the second embodiment. The communication system 100b includes the relay device 10b, the transmission device 20b, and the reception device 30b in place of the relay device 10, the transmission device 20, and the reception device 30, and further includes a management device 40. Different from 100.

The relay device 10b differs from the relay device 10 of the first embodiment in that it performs topic setting processing in response to a topic setting request from the management device 40. The transmitting device 20b differs from the transmitting device 20 of the first embodiment in that it does not include the first communication unit 21 and the topic setting requesting unit 24. The receiving device 30b differs from the receiving device 30 of the first embodiment in that it does not include the first communication unit 31 and the topic setting requesting unit 34.

The management device 40 is a device that requests the relay device 10b to set a topic in place of the transmission device 20 and the reception device 30 according to the first embodiment. The management device 40 is communicatively connected to the relay device 10b via the network N3. Note that the network configuration of the communication system 100b may be different from that of FIG. 16 as long as the management device 40 is communicatively connected to the relay device 10b.

That is, in the communication system 100b according to the third embodiment, the topic setting request function for the broker (relay device 10) that the publisher (transmission device 20) and the subscriber (reception device 30) have in the first embodiment. Is different from the communication system 100 in the first embodiment in that the management device 40 different from the publisher and the subscriber is provided. On the other hand, message transmission/reception processing in the third embodiment is similar to that in the first embodiment (see FIG. 7). Therefore, only the topic setting process will be described below, and the description of the message transmission/reception process will be omitted.

FIG. 17 is a diagram illustrating a specific example of the functional configuration of the relay device 10b according to the third embodiment. The relay device 10b differs from the relay device 10 of the first embodiment in that the relay device 10b does not include the third communication unit 103 and that the authentication unit 111 includes an authentication unit 111b. The authentication unit 111b has the same authentication function as the authentication unit 111 in the first embodiment, but differs from the authentication unit 111 in the first embodiment in that the authentication target is the management device 40. Other functional units are similar to those of the relay device 10 of the first embodiment. Therefore, the same functional units as those in the first embodiment are designated by the same reference numerals as those in FIG. 2 and their description is omitted.

FIG. 18 is a diagram illustrating a specific example of the functional configuration of the management device 40 according to the third embodiment. The management device 40 includes a CPU, a memory, an auxiliary storage device, and the like connected by a bus, and executes a program. The management device 40 functions as a device including the first communication unit 41, the second communication unit 42, the first topic setting requesting unit 43, and the second topic setting requesting unit 44 by executing the program. Note that all or some of the functions of the management device 40 may be implemented using hardware such as ASIC, PLD, and FPGA. The program may be recorded in a computer-readable recording medium. The computer-readable recording medium is, for example, a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in a computer system. The program may be transmitted via a telecommunication line.

The first communication unit 41 and the second communication unit 42 are communication interfaces that connect the management device 40 to the relay device 10b in a communicable manner. The management device 40 performs communication regarding the topic setting of the publisher via the first communication unit 41, and performs communication regarding the topic setting of the subscriber via the second communication unit 42. The first communication unit 41 and the second communication unit 42 may be appropriately aggregated or distributed as long as the management device 40 can communicate with the relay device 10b.

The first topic setting requesting unit 43 is a functional unit similar to the topic setting requesting unit 24 in the transmitting device 20 of the first embodiment, and has a function of notifying the relay device 10b of a topic setting request in which the transmitting device 20b is the publisher. Have. That is, the first topic setting requesting unit 43, like the topic setting requesting unit 24, transmits the qualification information and the setting request information regarding the topic setting of the publisher to the relay device 10b together with the notification of the topic setting request.

The second topic setting requesting unit 44 is a functional unit similar to the topic setting requesting unit 34 in the receiving device 30 of the first embodiment, and has a function of notifying the relay device 10b of a topic setting request having the receiving device 30b as a subscriber. Have. That is, the second topic setting requesting unit 44, similarly to the topic setting requesting unit 34, transmits the qualification information and the setting request information regarding the topic setting of the subscriber to the relay device 10b together with the notification of the topic setting request.

FIG. 19 is a sequence diagram showing a specific example of topic setting processing in the communication system 100b according to the third embodiment. The sequence diagram shown in FIG. 19 is configured to cause the management device 40 to execute a part of the processing executed by the transmission device 20 and the reception device 30 in the topic setting processing (see FIG. 8) in the first embodiment. Yes, the content of each process is similar to that of the first embodiment. Therefore, the processes shown in FIG. 19 are denoted by the same reference numerals as the corresponding processes in FIG. 8, and the description of each process is omitted.

In the communication system 100b of the third embodiment configured as described above, the relay device 10b has an authentication function for setting a topic in Pub/Sub communication, thereby realizing higher security Pub/Sub communication. be able to. Furthermore, in the communication system 100b of the third embodiment, the management device 40 makes a topic setting request to the relay device 10b, so the communication system 100b of the third embodiment without changing the existing transmitting device and receiving device. Can be configured.

(Fourth Embodiment)
FIG. 20 is a diagram showing a configuration example of the Pub/Sub type communication system in the fourth embodiment. The communication system 100c shown in FIG. 20 is an example of a Pub/Sub communication system according to the fourth embodiment. The communication system 100c differs from the communication system 100b of the third embodiment in that the relay device 10c and the transmission device 20 are replaced by the relay device 10c and the transmission device 20c.

FIG. 21 is a diagram showing a specific example of the functional configuration of the relay device 10c in the fourth embodiment. The relay device 10c is different from the relay device 10a of the second embodiment in that the relay device 10c does not include the third communication unit 103 and that the relay device 10c communicates with the management device 40 via the first communication unit 101.

FIG. 22 is a diagram showing a specific example of the functional configuration of the transmission device 20c in the fourth embodiment. The transmission device 20c differs from the transmission device 20a of the second embodiment in that it does not include the first communication unit 21 and the topic setting request unit 24.

That is, the communication system 100c according to the fourth embodiment is obtained by adding a configuration related to message transmission/reception in the communication system 100a according to the second embodiment to the communication system 100b according to the third embodiment. it can. That is, the message transmission/reception process in the fourth embodiment is similar to that in the second embodiment (see FIG. 14). Therefore, only the topic setting process will be described below, and the description of the message transmission/reception process will be omitted.

FIG. 23 is a sequence diagram showing a specific example of topic setting processing performed by the communication system 100c according to the fourth embodiment prior to transmitting/receiving a message by Pub/Sub type communication. The sequence diagram shown in FIG. 23 is that the relay device 10c initializes the sequence number (step S301) after setting the topic for the publisher (step S115), and the topic setting process (FIG. 19)). Since other processes are the same as those in the third embodiment, the description of the other similar processes will be omitted by giving the same reference numerals as those in FIG.

In the communication system 100c of the fourth embodiment configured in this way, the relay device 10c is provided with the authentication function related to the topic setting in the Pub/Sub type communication, thereby realizing higher security Pub/Sub type communication. be able to. Further, in the communication system 100c of the fourth embodiment, the relay device 10c has a function of detecting the presence or absence of falsification of the received message and a function of confirming the reception order of the received message, thereby further improving security. It is possible to realize high-performance Pub/Sub-type communication. Further, in the communication system 100c of the fourth embodiment, the management device 40 makes a topic setting request to the relay device 10c, so that Pub/Sub communication with higher security can be realized.

(Modification)
The topic setting process performed prior to the message transmission/reception process may be executed at any timing before the message transmission/reception related to the topic set by the setting process is started. For example, these setting processes may be executed when each of the transmission device and the reception device or the management device is activated, or may be executed in response to an execution instruction from the user. Further, these setting processes may be executed immediately before the transmission/reception of the related message.

The topic management information and the order management information do not necessarily have to be stored as different information. For example, the topic management table T1 or T2 and the order management table T3 may be integrated into one table.

The networks N1, N2, and N3 may be local communication lines such as a LAN (Local Area Network), or wide-area wired communication lines such as the Internet and a dedicated line. The networks N1, N2, and N3 may use wide-area wireless communication lines such as 3G (3rd Generation), 4G (4th Generation), 5G (5th Generation), and LPWA (Low-Power Wide-Area Network). ..

As the identification information of each device registered in the topic management table, information other than the IP address may be used as long as the information can identify each device. For example, the topic management table may use the MAC (Media Access Control) address of each device.

The message relay unit may be configured to notify other devices (for example, the transmitting device) of the fact that the messages are received in an improper order, and record that fact in a log file or the like, or It may be configured to be displayed on a monitoring screen or the like.

The topic determination process (step S103), the falsification detection process (step S201), and the order determination process (step S202) do not necessarily have to be performed in the order shown in FIG. 14, and may be performed in any order.

The tampering detection unit does not necessarily need to perform message order determination processing when performing tampering detection including a sequence number. On the other hand, when performing the order determination process, the tampering detection unit may instruct the transmission device to retransmit in response to the detection of the packet loss.

For example, the communication system of the embodiment can be applied as means for collecting various sensor data in a supervisory control system such as a plant. In this case, the transmission device may have a function of acquiring the sensor data at regular intervals and transmitting the sensor data to the relay device. Further, the receiving device may have a function of storing, displaying, or analyzing the sensor data by executing an application that uses the sensor data. Further, the sensor data includes, for example, measured values of temperature, humidity, concentration, water level, water amount, flow rate, pressure, rotation speed, weight, voltage, current, etc. of the monitoring control target, during operation, during stoppage, abnormality occurrence, failure. The information may be information indicating an operation state such as occurrence or an abnormal state, or may be multimedia data such as an image, a video, a voice, or a text.

According to at least one embodiment described above, a message is received from a storage unit that stores in advance topic management information indicating a publisher of a topic, and a transmission device preset in the topic management information as a topic publisher. By having the relay unit that transmits the received message to the receiving device which is the subscriber of the topic, it is possible to realize Pub/Sub communication with higher security.

Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the spirit of the invention. These embodiments and their modifications are included in the invention described in the claims and the equivalents thereof as well as included in the scope and the gist of the invention.

100, 100a, 100b, 100c... Communication system, 10, 10a, 10b, 10c... Relay device, 101... First communication unit, 102... Second communication unit, 103... Third communication unit, 104... Fourth communication unit, 105... Topic management information storage unit, 106, 106a... Message relay unit, 107... Sequence management information storage unit, 108... Falsification detection unit, 111, 111b... Authentication unit, 112, 112a... Topic setting unit, 20, 20a, 20b , 20c... Sending device, 21... First communication unit, 22... Second communication unit, 23, 23a... Message sending unit, 24... Topic setting requesting unit, 30, 30b... Receiving device, 31... First communication unit, 32 ...Second communication unit, 33... message receiving unit, 34... topic setting requesting unit, 40... management device, 41... first communication unit, 42... second communication unit, 43... first topic setting requesting unit, 44... 2 Topic setting request section

Claims (13)

A relay device for delivering a message received from one or more publishers to one or more subscribers based on a specified topic based on a publish/subscribe type messaging system,
A storage unit that stores in advance topic management information indicating the publisher of the topic,
A relay unit that receives a message from a transmission device preset as a publisher of the topic in the topic management information, and transmits the received message to a reception device that is a subscriber of the topic;
A relay device including. An authentication unit that performs authentication processing of the communication device requesting that the transmission device be a publisher of the topic;
A topic setting unit that registers the transmission device in the topic management information as a publisher of the topic when the communication device is authenticated by the authentication unit;
Further comprising,
The relay device according to claim 1. The topic setting unit registers the transmitting device in the topic management information as a publisher of the topic when the topic is registered in the topic management information in advance,
The relay device according to claim 2. The communication device is the transmitting device,
The relay device according to claim 1 or 2. The topic management information further indicates subscribers to the topic,
An authentication unit that performs authentication processing of a communication device that requests that the receiving device be a subscriber of the topic,
A topic setting unit that registers the receiving device in the topic management information as a subscriber of the topic when the communication device is authenticated by the authenticating unit;
Further comprising,
The relay device according to claim 1. The topic setting unit registers the receiving device in the topic management information as a subscriber of the topic when the topic is registered in the topic management information in advance,
The relay device according to claim 5. The communication device is the receiving device,
The relay device according to claim 5 or 6. The communication device is a device different from the transmission device, the reception device, and the relay device,
The relay device according to claim 2, 3, 5, or 6. A tampering detection unit for detecting tampering with respect to the message based on tampering detection information added to the message received from the transmission device,
The relay unit transmits an untampered message to the receiving device,
The relay device according to any one of claims 1 to 8. The storage unit further stores order management information indicating a reception order of messages received from the transmission device,
The relay unit transmits the message to the receiving device when the information indicating the transmission order of the messages added to the message and the reception order indicated by the order management information are the same.
The relay device according to any one of claims 1 to 9. When the information indicating the transmission order of the messages added to the message and the reception order indicated by the order management information are not equal, the relay unit has a function of notifying the fact.
The relay device according to any one of claims 1 to 10. A relay method for delivering a message received from one or more publishers to one or more subscribers based on a specified topic based on a publish/subscribe messaging method, comprising:
Pre-storing topic management information indicating the publisher of the topic;
Receiving a message from a transmission device preset as a publisher of the topic in the topic management information, and transmitting the received message to a reception device that is a subscriber of the topic,
Relay method having. A computer that functions as a relay device that delivers messages received from one or more publishers to one or more subscribers based on a specified topic based on the publish/subscribe type messaging system,
Pre-storing topic management information indicating the publisher of the topic;
Receiving a message from a transmission device preset as a publisher of the topic in the topic management information, and transmitting the received message to a reception device that is a subscriber of the topic,
A computer program for executing.

Images