JP2021087191A - Communication management system, information processing system, and communication method - Google Patents

Abstract

To provide a communication management system that can reduce a burden related to setting of a network security occurring in a plurality of gateways.SOLUTION: A communication management system 20 provides a communication path for connecting application software executed by end points 10, 11 with the end points, and has: a plurality of gateways 24 to 26 that connect the application software with the end points in a many-to-many manner; a gateway destination management unit 23 that manages the end points and the gateways in association with each other, and in response to requests from the end point, transmits information on the gateways associated with the end points to the end points; and a gateway proxy 40 that, when receiving requests for the gateways using the information on the gateways from the end points, transfers the requests to the gateways.SELECTED DRAWING: Figure 2

Description

The present invention relates to a communication management system, an information processing system, and a communication method.

Technology that attaches sensors to various devices connected to networks such as office equipment such as MFPs (Multi Functional Printers), industrial equipment, medical equipment, or "things" that cannot be connected to networks, and monitors these states by servers, etc. Are known. Such technology is called IOT (Internet Of Things).

In the conventional IoT platform (hereinafter referred to as communication management system), when using multiple gateways provided for each region such as region or for each application, each gateway is set to communicate with the endpoint (terminal). The administrator needs to do as many as the number of gateways. However, in an in-house LAN where security is strict, the communication management system may need to change network security settings such as a firewall in order to communicate with those endpoints, or communication may not be permitted in the first place.

Techniques are known that facilitate the establishment of connections between local and remote endpoints (see, eg, Patent Document 1). In Patent Document 1, a connection request message from a local endpoint is sent to a proxy server that branches to a large number of remote endpoints, and an acknowledgment corresponding to the connection request message is sent to the remote end via the proxy server. Disclosed is a technique for establishing a connection between a local endpoint and at least one remote endpoint by transmitting to the point.

However, the conventional technology cannot solve the problem of reducing the burden of changing the network security settings that occurs in a plurality of gateways provided for each region or application.

In view of the above problems, an object of the present invention is to provide a communication management system capable of reducing the burden of setting network security that occurs for a plurality of gateways.

In view of the above problems, the present invention is a communication management system that provides a communication path for connecting the application software executed by the endpoint and the endpoint, and connects the application software and the endpoint in a many-to-many manner. Gateway destination management that manages a plurality of gateways in association with the endpoint and the gateway, and transmits information about the gateway associated with the endpoint to the endpoint in response to a request from the endpoint. It is characterized by having a unit and a gateway proxy that forwards the request to the gateway when a request for the gateway using the information about the gateway is received from the endpoint.

It is possible to provide a communication management system that can reduce the burden of setting network security that occurs for a plurality of gateways.

It is a figure explaining the comparison technique of a communication management system. This is an example of a schematic configuration diagram of the communication management system of the present embodiment. This is an example of a configuration diagram of an information processing system. This is an example of the hardware configuration diagram of the communication management system. This is an example of a smartphone hardware configuration diagram. This is an example of a hardware configuration diagram of an electronic blackboard. This is an example of a hardware configuration diagram of an image forming apparatus. This is an example of a hardware configuration diagram of a video conferencing terminal. This is an example of a functional block diagram for explaining the functions of the communication management system by dividing them into blocks. It is a figure explaining the function of a gateway proxy, an electronic device, and a gateway destination management part. It is a figure explaining the installation example and the procedure of operation or processing when the gateway proxy is provided. It is a figure which shows an example of a gateway destination registration request. It is a figure which shows an example of a gateway destination registration response. It is a figure which shows an example of a gateway destination reply request and a gateway destination reply response. This is an example of a sequence diagram illustrating the operations performed by the electronic device and the gateway proxy. It is a figure explaining the operation procedure about the installation of the newly added gateway when the gateway proxy is provided. It is a figure explaining the operation procedure about the change of the gateway when the gateway proxy is provided. It is a figure which shows an example of the gateway destination change request. It is a figure which shows an example of a gateway destination change response. This is an example of a functional block diagram for explaining the functions of the communication management system by dividing them into blocks. It is a figure which shows typically the gateway destination information associated with the gateway proxy for each type of an electronic device or a sensor.

Hereinafter, as an example of the embodiment for carrying out the present invention, the communication management system and the communication method performed by the communication management system will be described with reference to the drawings.

<Comparison technology>
In explaining the communication management system of the present embodiment, first, a suitable comparison technique will be described.

FIG. 1 is a diagram illustrating a comparative technique of the communication management system 20. An electronic device 10 is arranged in the company LAN, and the application A is used via the communication management system 20. A firewall FW is set in the company LAN, and the electronic device 10 cannot communicate with the communication management system 20 unless it passes through the firewall FW.

The communication management system 20 includes a plurality of gateways such as an MQTT (MQ Telemetry Transport) broker 26, a file transfer gateway 25, and a streaming gateway 24 (hereinafter, simply referred to as a gateway when each gateway is not distinguished including the MQTT broker 26). Is placed. The electronic device 10 asks the gateway destination management unit 23 which gateway to connect to, and then connects to an appropriate gateway. Therefore, the administrator needs to set a firewall so that the electronic device 10 can communicate with each of the gateway destination management unit 23, the MQTT broker 26, the file transfer gateway 25, and the streaming gateway 24.

<Outline of this embodiment>
Therefore, in the present embodiment, the endpoints seen from the communication management system 20 are unified by installing the gateway proxy 40 between the plurality of gateways provided for each region or each application and the electronic device 10.

FIG. 2 is an example of a schematic configuration diagram of the communication management system 20 of the present embodiment. The gateway proxy 40 is installed in the gateway group 29. The electronic device 10 communicates with the gateway proxy 40 proxy via the firewall FW. Therefore, the administrator may make settings related to network security (firewall FW) so that the gateway proxy 40 and the electronic device 10 can communicate with each other regardless of the number of gateways, so that the burden related to the settings can be reduced.

<Terminology>
An endpoint is a general term for network terminals such as electronic devices and sensors connected to a network.

A region means a region or area, and refers to the location where the endpoint is installed or the department to which it belongs.

A proxy means a proxy, and is a proxy device that connects to a gateway instead of the device or program that requested communication. A gateway proxy is a proxy that represents a connection to a gateway.

<System configuration example>
FIG. 3 is a configuration diagram of an example of the information processing system 1 according to the present embodiment. In the information processing system 1 of FIG. 3, the customer environment 8 is connected to the communication management system 20 via a network N1 such as the Internet. The network N1 also includes a telephone line such as a mobile phone network.

The customer is a customer of an application (service) provided by the application server 60, and includes an organization such as a company, an organization, an educational institution, an administrative organization, or a department. In the customer environment 8, one or more electronic devices 10, a sensor 11, and a firewall FW 16 are connected to each other via a network N2 such as a LAN.

The electronic device 10 is, for example, an image forming apparatus 10a, and the image forming apparatus 10a also includes a laser printer, a multifunction device (multifunction printer), an MFP (Multi-function Peripheral / Product / Printer), and the like. Further, as the electronic device 10, an electronic blackboard can also be mentioned. In addition, the electronic device 10 includes, for example, an output device such as a PJ (Projector: projector), a digital signage, a video conferencing terminal, a HUD (Head Up Display) device, an industrial machine, an imaging device, a sound collecting device, a medical device, and a network. It may be a home appliance, a car (Connected Car), a notebook PC, a mobile phone, a smartphone, a tablet terminal, a game machine, a PDA (Personal Digital Assistant), a digital camera, a wearable PC, a desktop PC, or the like.

The electronic device 10 (or the user) logs in to the application server 60 using the certificate described later, and receives the service provided by the application (application software) for which the usage authority is recognized. The same applies to the sensor 11. In this way, the service is provided on an app-by-app basis.

The firewall FW16 is a device for preventing intrusion into the customer environment 8 from the outside, and all communications from the customer environment 8 are monitored by the firewall FW16. In addition, communication from the outside to the customer environment 8 is basically blocked by the firewall FW16, and only the response to the request from the inside and the communication such as the fixed port number and the fixed communication protocol are exceptionally permitted. To.

The communication management system 20 is a device or program called a platform for IoT, and has a plurality of gateways provided for each region or application. The IOT platform is a standard platform for providing and acquiring functions required for IoT (Internet of Things) to remote computers / servers (clouds) via networks.

The communication management system 20 may be arranged in the customer environment.

The application server 60 specializes in executing application software and provides at least one or more applications to the electronic device 10 or the sensor 11 via the communication management system 20.

The communication management system 20 and the application server 60 have one or more information processing devices. This information processing device is sometimes called a server. The information processing device is mainly arranged on the Internet, but may be arranged in a local network (inside the firewall FW) such as in the company. One or more information processing devices may be referred to as a cloud system. A cloud system is a system that uses cloud computing, and cloud computing is a usage pattern in which resources on a network are used without being aware of specific hardware resources.

The communication management system 20 and the application server 60 include a plurality of computing devices such as a server cluster. The plurality of computing devices are configured to communicate with each other via any type of communication link, including networks, shared memory, and the like, and perform the processes disclosed herein.

The communication management system 20 may be realized by one information processing device or may be distributed to a plurality of information processing devices. For example, there may be an information processing device that provides this for each service, one information processing device may provide a plurality of services, or a plurality of information processing devices provide one service. You may.

<Hardware configuration example>
<< Communication management system, application server >>
FIG. 4 is a hardware configuration diagram of the communication management system 20 or the application server 60. Here, the hardware configuration of the communication management system 20 will be described. The communication management system 20 is constructed by a computer, and as shown in FIG. 4, the CPU 501, ROM 502, RAM 503, HD 504, HDD (Hard Disk Drive) controller 505, display 506, and external device connection I / F ( It includes Interface) 508, network I / F 509, bus line 510, controller 511, pointing device 512, DVD-RW (Digital Versatile Disk Rewritable) drive 514, and media I / F 516.

Of these, the CPU 501 controls the operation of the entire communication management system 20. The ROM 502 stores a program used to drive the CPU 501 such as an IPL. The RAM 503 is used as a work area of the CPU 501. The HD504 stores various data such as programs. The HDD controller 505 controls reading or writing of various data to the HD 504 according to the control of the CPU 501. The display 506 displays various information such as cursors, menus, windows, characters, or images. The external device connection I / F 508 is an interface for connecting various external devices. The external device in this case is, for example, a USB (Universal Serial Bus) memory, a printer, or the like. The network I / F 509 is an interface for performing data communication using the communication network 100. The bus line 510 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 501 shown in FIG.

Further, the keyboard 511 is a kind of input means including a plurality of keys for inputting characters, numerical values, various instructions and the like. The pointing device 512 is a kind of input means for selecting and executing various instructions, selecting a processing target, moving a cursor, and the like. The DVD-RW drive 514 controls reading or writing of various data to the DVD-RW 513 as an example of the removable recording medium. In addition, it is not limited to DVD-RW, and may be DVD-R or the like. The media I / F 516 controls reading or writing (storage) of data to a recording medium 515 such as a flash memory.

<< Smartphone >>
FIG. 5 is a hardware configuration diagram of a smartphone, which is an example of the electronic device 10. As shown in FIG. 5, the smartphone 4 includes a CPU 401, a ROM 402, a RAM 403, an EEPROM 404, a CMOS sensor 405, an image sensor I / F 406, an acceleration / orientation sensor 407, a media I / F 409, and a GPS receiver 411. There is.

Of these, the CPU 401 controls the operation of the entire smartphone 4. The ROM 402 stores a program used to drive the CPU 401 such as the CPU 401 and the IPL. The RAM 403 is used as a work area for the CPU 401. The EEPROM 404 reads or writes various data such as a smartphone program under the control of the CPU 401. The CMOS (Complementary Metal Oxide Semiconductor) sensor 405 is a kind of built-in imaging means for acquiring image data by imaging a subject (mainly a self-portrait) under the control of the CPU 401. Instead of a CMOS sensor, it may be an imaging means such as a CCD (Charge Coupled Device) sensor. The image sensor I / F 406 is a circuit that controls the drive of the CMOS sensor 405. The acceleration / orientation sensor 407 is a variety of sensors such as an electronic magnetic compass, a gyro compass, and an acceleration sensor that detect the geomagnetism. The media I / F 409 controls reading or writing (storage) of data to a recording medium 408 such as a flash memory. The GPS receiving unit 411 receives GPS signals from GPS satellites.

Further, the smartphone 4 includes a long-distance communication circuit 412, a CMOS sensor 413, an image pickup element I / F 414, a microphone 415, a speaker 416, a sound input / output I / F 417, a display 418, an external device connection I / F (Interface) 419, and near. It includes a range communication circuit 420, an interface 420a of the short range communication circuit 420, and a touch panel 421.

Of these, the long-distance communication circuit 412 is a circuit that communicates with other devices via the communication network 100. The CMOS sensor 413 is a kind of built-in imaging means for capturing an image of a subject and obtaining image data under the control of the CPU 401. The image sensor I / F 414 is a circuit that controls the drive of the CMOS sensor 413. The microphone 415 is a built-in circuit that converts sound into an electric signal. The speaker 416 is a built-in circuit that converts an electric signal into physical vibration to produce sounds such as music and voice. The sound input / output I / F 417 is a circuit that processes sound signal input / output between the microphone 415 and the speaker 416 under the control of the CPU 401. The display 418 is a kind of display means such as a liquid crystal or an organic EL (Electro Luminescence) for displaying an image of a subject, various icons, and the like. The external device connection I / F419 is an interface for connecting various external devices. The short-range communication circuit 420 is a communication circuit such as NFC (Near Field Communication) or Bluetooth (registered trademark). The touch panel 421 is a kind of input means for operating the smartphone 4 by the user pressing the display 418.

Further, the smartphone 4 is provided with a bus line 410. The bus line 410 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 401 shown in FIG.

<< Electronic Blackboard >>
FIG. 6 is a hardware configuration diagram of the electronic blackboard 2 which is an example of the electronic device 10. As shown in FIG. 6, the electronic blackboard has a CPU (Central Processing Unit) 201, a ROM (Read Only Memory) 202, a RAM (Random Access Memory) 203, an SSD (Solid State Drive) 204, and a network I / F 205. , And an external device connection I / F (Interface) 206.

Of these, the CPU 201 controls the operation of the entire electronic blackboard. The ROM 202 stores a program used to drive the CPU 201 such as the CPU 201 and the IPL (Initial Program Loader). The RAM 203 is used as a work area of the CPU 201. The SSD 204 stores various data such as a program for an electronic blackboard. The network I / F 205 controls communication with the communication network 100. The external device connection I / F 206 is an interface for connecting various external devices. The external device in this case is, for example, a USB (Universal Serial Bus) memory 230 and an external device (microphone 240, speaker 250, camera 260).

Further, the electronic blackboard includes a capture device 211, a GPU 212, a display controller 213, a contact sensor 214, a sensor controller 215, an electronic pen controller 216, a short-range communication circuit 219, an antenna 219a of the short-range communication circuit 219, a power switch 222, and a selection. It is equipped with switches 223.

Of these, the capture device 211 causes the display of the external PC (Personal Computer) 270 to display the video information as a still image or a moving image. The GPU (Graphics Processing Unit) 212 is a semiconductor chip that specializes in graphics. The display controller 213 controls and manages the screen display in order to output the output image from the GPU 212 to the display 280 or the like. The contact sensor 214 detects that the electronic pen 290, the user's hand H, or the like has come into contact with the display 280. The sensor controller 215 controls the processing of the contact sensor 214. The contact sensor 214 inputs and detects the coordinates by the infrared blocking method. In this method of inputting coordinates and detecting coordinates, two light receiving and emitting devices installed at both upper ends of the display 280 emit a plurality of infrared rays in parallel with the display 280 and are provided around the display 280. This is a method of receiving light that is reflected by a reflecting member and returns on the same optical path as the light path emitted by the light receiving element. The contact sensor 214 outputs an infrared ID emitted by two light emitting / receiving devices blocked by the object to the sensor controller 215, and the sensor controller 215 specifies a coordinate position which is a contact position of the object. The electronic pen controller 216 determines whether or not there is a touch of the pen tip or a touch of the pen tail on the display 280 by communicating with the electronic pen 290. The short-range communication circuit 219 is a communication circuit such as NFC (Near Field Communication) or Bluetooth (registered trademark). The power switch 222 is a switch for switching ON / OFF of the power of the electronic blackboard. The selection switches 223 are, for example, a group of switches for adjusting the brightness and color tone of the display of the display 280.

Further, the electronic blackboard is provided with a bus line 210. The bus line 210 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 201 shown in FIG.

The contact sensor 214 is not limited to the infrared blocking method, but is a capacitive touch panel that specifies a contact position by detecting a change in capacitance, and a contact position is specified by a voltage change between two opposing resistance films. Various detection means such as a resistance film type touch panel and an electromagnetic induction type touch panel that detects the electromagnetic induction generated when a contact object comes into contact with the display unit and specifies the contact position may be used. Further, the electronic pen controller 216 may determine whether or not there is a touch not only on the pen tip and pen end of the electronic pen 290 but also on the portion gripped by the user of the electronic pen 290 and other electronic pen portions.

<< Image forming device >>
FIG. 7 is a hardware configuration diagram of an image forming apparatus which is an example of the electronic device 10. As shown in FIG. 7, the image forming apparatus includes a controller 910, a short-range communication circuit 920, an engine control unit 930, an operation panel 940, and a network I / F 950.

Of these, the controller 910 is a CPU 901, a system memory (MEM-P) 902, a north bridge (NB) 903, a south bridge (SB) 904, an ASIC (Application Specific Integrated Circuit) 906, and a storage unit, which are the main parts of a computer. It has a local memory (MEM-C) 907, an HDD controller 908, and a storage unit HD909, and has a configuration in which the NB 903 and the ASIC 906 are connected by an AGP (Accelerated Graphics Port) bus 921.

Of these, the CPU 901 is a control unit that controls the entire image forming apparatus. The NB903 is a bridge for connecting the CPU 901, the MEM-P902, the SB904, and the AGP bus 921, and includes a memory controller that controls reading and writing to the MEM-P902, a PCI (Peripheral Component Interconnect) master, and an AGP target. Has.

The MEM-P902 includes a ROM 902a which is a memory for storing programs and data that realizes each function of the controller 910, and a RAM 902b which is used as a memory for developing programs and data and a memory for drawing at the time of memory printing. The program stored in the RAM 902b is configured to be recorded and provided on a computer-readable recording medium such as a CD-ROM, CD-R, or DVD in an installable format or an executable format file. You may.

SB904 is a bridge for connecting NB903 to a PCI device and peripheral devices. The ASIC 906 is an IC (Integrated Circuit) for image processing applications having hardware elements for image processing, and has a role of a bridge connecting the AGP bus 921, the PCI bus 922, the HDD controller 908, and the MEM-C907, respectively. This ASIC906 is a PCI target and an AGP master, an arbiter (ARB) that forms the core of the ASIC906, a memory controller that controls the MEM-C907, and a plurality of DMACs (Direct Memory Access Controllers) that rotate image data by hardware logic and the like. , And a PCI unit that transfers data between the scanner unit 931 and the printer unit 932 via the PCI bus 922. A USB (Universal Serial Bus) interface or an IEEE 1394 (Institute of Electrical and Electronics Engineers 1394) interface may be connected to the ASIC 906.

The MEM-C907 is a local memory used as a copy image buffer and a code buffer. The HD909 is a storage for accumulating image data, accumulating font data used at the time of printing, and accumulating forms. The HD909 controls reading or writing of data to the HD909 according to the control of the CPU 901. The AGP bus 921 is a bus interface for a graphics accelerator card proposed for speeding up graphic processing, and the graphics accelerator card can be speeded up by directly accessing the MEM-P902 with high throughput. ..

Further, the short-range communication circuit 920 includes a short-range communication circuit 920a. The short-range communication circuit 920 is a communication circuit such as NFC or Bluetooth (registered trademark).

Further, the engine control unit 930 is composed of a scanner unit 931 and a printer unit 932. Further, the operation panel 940 displays the current setting value, the selection screen, and the like, and displays the panel display unit 940a such as a touch panel that accepts the input from the operator, and the setting value of the condition related to image formation such as the density setting condition. It is provided with an operation panel 940b including a numeric keypad for receiving and a start key for receiving a copy start instruction. The controller 910 controls the entire image forming apparatus, and controls, for example, drawing, communication, input from the operation panel 940, and the like. The scanner unit 931 or the printer unit 932 includes an image processing portion such as error diffusion and gamma conversion.

The image forming apparatus can sequentially switch and select the document box function, the copy function, the printer function, and the facsimile function by the application switching key on the operation panel 940. When the document box function is selected, the document box mode is set, when the copy function is selected, the copy mode is set, when the printer function is selected, the printer mode is set, and when the facsimile mode is selected, the facsimile mode is set.

Further, the network I / F950 is an interface for performing data communication using the communication network 100. The short-range communication circuit 920 and the network I / F 950 are electrically connected to the ASIC 906 via the PCI bus 922.

<< Video conferencing terminal >>
FIG. 8 is a hardware configuration diagram of a video conferencing terminal 7 which is an example of the electronic device 10. As shown in FIG. 8, the video conferencing terminal 7 includes a CPU 701, a ROM 702, a RAM 703, a flash memory 704, an SSD 705, a media I / F 707, an operation button 708, a power switch 709, a bus line 710, and a network I / F 711. CMOS sensor 712, image pickup element I / F, microphone 714, speaker 715, sound input / output I / F 716, display I / F 717, external device connection I / F (Interface) 718, short-range communication circuit 719, short-range communication circuit 719 The antenna 719a is provided. Of these, the CPU 701 controls the operation of the entire video conferencing terminal 7. The ROM 702 stores a program used to drive the CPU 701 such as an IPL. The RAM 703 is used as a work area for the CPU 701. The flash memory 704 stores various data such as a communication program, image data, and sound data. The SSD 705 controls reading or writing of various data to the flash memory 704 according to the control of the CPU 701. An HDD may be used instead of the SSD. The media I / F 707 controls reading or writing (storage) of data to a recording medium 706 such as a flash memory. The operation button 708 is a button that is operated when selecting a destination of the video conferencing terminal 7. The power switch 709 is a switch for switching the power ON / OFF of the video conferencing terminal 7.

Further, the network I / F711 is an interface for data communication using a communication network 100 such as the Internet. The CMOS (Complementary Metal Oxide Semiconductor) sensor 712 is a kind of built-in imaging means that images a subject and obtains image data under the control of the CPU 701. Instead of a CMOS sensor, it may be an imaging means such as a CCD (Charge Coupled Device) sensor. The image sensor I / F 713 is a circuit that controls the drive of the CMOS sensor 712. The microphone 714 is a built-in circuit that converts sound into an electrical signal. The speaker 715 is a built-in circuit that converts an electric signal into physical vibration to produce sounds such as music and voice. The sound input / output I / F 716 is a circuit that processes sound signal input / output between the microphone 714 and the speaker 715 under the control of the CPU 701. The display I / F 717 is a circuit that transmits image data to an external display under the control of the CPU 701. The external device connection I / F718 is an interface for connecting various external devices. The short-range communication circuit 719 is a communication circuit such as NFC (Near Field Communication) or Bluetooth (registered trademark).

Further, the bus line 710 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 701 shown in FIG.

The display 720 is a kind of display means composed of a liquid crystal, an organic EL (Electro Luminescence), or the like for displaying an image of a subject, an operation icon, or the like. Further, the display 720 is connected to the display I / F 717 by a cable. This cable may be a cable for analog RGB (VGA) signals, a cable for component video, HDMI (High-Definition Multimedia Interface) (registered trademark), or DVI (Digital Video Interactive). ) It may be a signal cable.

The CMOS sensor 712 is a kind of built-in imaging means for capturing an image of a subject and obtaining image data under the control of the CPU 401. Instead of a CMOS sensor, it may be an imaging means such as a CCD (Charge Coupled Device) sensor. External devices such as an external camera, an external microphone, and an external speaker can be connected to the external device connection I / F718 by a USB cable or the like. When an external camera is connected, the external camera is driven in preference to the built-in CMOS sensor 712 according to the control of the CPU 701. Similarly, when an external microphone is connected or an external speaker is connected, the external microphone takes precedence over the built-in microphone 714 and the built-in speaker 715, respectively, according to the control of the CPU 701. And an external speaker is driven.

Further, the recording medium 706 has a structure that can be attached to and detached from the video conferencing terminal 7. Further, as long as it is a non-volatile memory that reads or writes data under the control of the CPU 701, not only the flash memory 704 but also an EEPROM or the like may be used.

<About functions>
FIG. 9 is an example of a functional block diagram for explaining the functions of the communication management system 20 by dividing them into blocks.

<< App Server >>
First, the application server 60 has a device management application 60a, a monitoring application 60b, a factory application 60c, and a medical application 60d. These applications are prepared as IOT applications for each business, for example. Each application remotely communicates with the electronic device 10 and the sensor 11 via the communication management system 20.
-The device management application 60a is, for example, an application that centrally and remotely manages an electronic device 10 such as an image forming device and a sensor 11.
-For example, the monitoring application 60b remotely confirms the operating status of the electronic device 10 and the sensor 11 at the site by video, and automatically detects an abnormality.
-The factory application 60c is, for example, an application for maintenance work that monitors the operating status of industrial equipment (an example of an electronic device 10 and a sensor 11), detects signs of failure, and notifies the user.
-The medical application 60d is, for example, an application for grasping the health condition of a patient or a care recipient for a hospital with a bed sensor 10d and notifying if there is an abnormality.

<< Communication Management System >>
The communication management system 20 is a system that provides a secure communication path that connects an application and an endpoint (electronic device 10 or sensor 11) to each other. The communication management system 20 has a plurality of gateway groups 29 (hereinafter, referred to as gateway groups 1 to 3 when distinguished). Gateway groups 1 to 3 include a plurality of gateways and MQTT brokers so as to flexibly correspond to the content format, frequency, or size of data. In this embodiment, the MQTT broker is regarded as one of the gateways. Each gateway group 1 to 3 has a gateway proxy 40. Further, the communication management system 20 has a certificate management unit 21, a thing registration management unit 22, and a gateway destination management unit 23.

These functions of the communication management system 20 are functions or means realized by the CPU 501 of the hardware shown in FIG. 4 executing a program developed from the HD 504 to the RAM 503.

First, the certificate management unit 21 manages information for the application and the electronic device 10 to authenticate each other, encrypt the communication packet, and communicate securely.

The thing registration management unit 22 manages the registration information of the application and the thing. You can register, refer to registered record information, update, delete, and search.

The gateway destination management unit 23 provides a setting screen as a Web page to the terminal operated by the operation staff, and the gateway and the endpoint information possessed by the gateway to be remotely accessed by the electronic device 10 or the sensor 11 from the operation staff. Accept registration, reference, update, or deletion.

Gateway groups 1 to 3 are management concepts that bundle gateways. They are grouped according to various differences such as business units, region units installed, and public cloud account units.

A gateway is a module that provides a communication path for many-to-many communication between an application and an electronic device 10 or a sensor. The MQTT broker is a module for sending and receiving lightweight text messages such as JSON to and from the application and the electronic device 10 or the sensor.

The file transfer gateway is a module for sending and receiving data in file format in both directions, and also stores data for a certain period of time. The streaming gateway is a module that receives information from an electronic device 10 that constantly sends data such as a camera and transfers it to an application.

The gateway proxy 40 is a module provided for each of the gateway groups 1 to 3. The request is transmitted to the gateway in response to the request from the electronic device 10 or the sensor 11.

<< Electronic device or sensor >>
The electronic device 10 is a variety of devices having a network function connected by IOT. Although the image forming apparatus 10a, the camera 10b, and the intermediary agent 10c are shown in FIG. 9, the present invention is not limited to these, and any terminal connected to the network may be used. The image forming apparatus 10a is an apparatus for forming an image on paper such as a copying machine and a multifunction device. The sensor 11 senses and notifies various environmental information such as human feeling, pressure, temperature, and illuminance.

The mediation agent 10c is a module for collectively managing a plurality of electronic devices 10 or sensors 11. It is installed as a service in the operation unit of the electronic device 10 and communicates with the communication management system 20 in the background.

The bed sensor 10d is a sensor that detects when a person on the bed leaves the bed. Further, the camera 10b transmits a repetitive image installed for surveillance.

Each electronic device 10 or sensor 11 has a gateway destination resolution unit 31. By communicating with the gateway proxy 40, the gateway destination resolution unit 31 connects to the MQTT broker 26, the file transfer gateway 25, or the streaming gateway 24 by the gateway proxy 40. The gateway destination resolution unit 31 also has a function of accepting inquiries about the electronic device 10 or the sensor and notifying the job execution result to the gateway destination management unit 23 in response to an instruction from the application during operation.

<About gateway proxy function>
FIG. 10 is a diagram illustrating the functions of the gateway proxy 40, the electronic device 10 (or the sensor 11), and the gateway destination management unit 23.

In the present embodiment, the gateway destination resolution unit 31 inquires of the gateway destination management unit 23 via the communication unit 41 of the gateway proxy 40 as to which gateway the electronic device 10 or the sensor 11 should communicate with, and connects to the connection destination gateway. Acquire the connection information (gateway destination answer response described later). The communication unit 15 of the electronic device 10 or the sensor 11 uses the acquired connection information to send a file held by the electronic device 10 to the gateway proxy 40 or download the file.

The gateway proxy 40 has a transfer unit 42 and a communication unit 41. The communication unit 41 communicates bidirectionally with the electronic device 10 using a communication protocol such as HTTP. The transfer unit 42 connects the electronic device 10 or the sensor 11 to the gateway specified by the connection information.

<Operation example of gateway proxy 40>
FIG. 11 is a diagram illustrating an installation example and an operation or processing procedure when the gateway proxy 40 is provided.
(1) For example, the person in charge of operation manually constructs the gateway including the gateway proxy 40. That is, the gateway proxy 40 or the endpoint (electronic device 10 or sensor 11) connected to each gateway is determined.
(2) The operation manager registers the correspondence between the electronic device 10 and the gateway determined in (1) in the gateway destination management unit 23. (A request example is shown in "Gateway destination registration request / response" below)
(3) Based on the contents registered in the gateway destination management unit 23, the operation person registers the information about each gateway (information included in the gateway destination registration request) in the constructed gateway proxy 40 as a destination.
(4) The operation staff confirms the connection from the gateway proxy 40 to the gateway destination registered in (3). By confirming this connection, it is possible to reduce setting mistakes such as endpoints when registering gateway destinations.
(5) In (6), the person in charge of installation, the device manager, or the like sets the address of the gateway proxy 40 or the like in the gateway destination resolution unit 31 of the electronic device 10.

As described above, the electronic device 10 makes a gateway destination reply request via the gateway proxy 40. The electronic device 10 acquires the following destination information as a response.
-Host name of gateway proxy 40 (example: gatewayProxy.com)
-Information for accessing each gateway (path pattern, protocol, etc.)
The details of the inquiry of the electronic device 10 and the response to be acquired will be described in "Gateway destination response request / response example".

<< Gateway destination registration request and response >>
FIG. 12 is an example of a gateway destination registration request. The gateway destination registration request is described in JSON, but the format may be XML or the like.
POST is a method of sending information in HTTP.
"gatewayName" is the name of the gateway, which is "File Transfer Gateway".
"region" indicates the region, which is "na".
"scope" indicates the category of the app, which is "/ app / factory".
"endpoints" are endpoint settings.
"address" is the URL of the file transfer gateway, which is "foo.abc.com".
"protocol" is a protocol for communicating with a file transfer gateway. It is "https".
"port" is the TCP port number of the file transfer gateway, which is 8443.
"contentType" is the data format of the file transfer gateway, which is "file".
"pathPattern" is the path pattern for the endpoint to access the file transfer gateway, and it is shown to specify the path of "/ files".
"things" are identification information of the electronic device 10 or the sensor 11 using this gateway, and are "000001", "000003", and "000007".

FIG. 13 is an example of a gateway destination registration response. The gateway destination registration response is described in JSON, but the format may be XML or the like. FIG. 13 is body information returned in response when the gateway registration request can be registered.
"201 Created" is the status code of the HTTP response which means the registration is successful.
"gatewayId" is the identification information of the file transfer gateway to which the endpoint connects, and is "gw000004".
"gatewayName", region "," scope "," address "," protocol "," port "," contentType "," pathPattern ", and" things "are the same as the gateway destination registration request.

FIG. 14A shows an example of a gateway destination response request.
"GET" is an HTTP request method that requests the acquisition of information. "/ Gateways" specifies a directory, "region = tokyo" is a region called tokyo, "scope = / app / abc" specifies the contents of "scope", and "thingId = 00001" is an electronic device 10. Identification information is specified. FIG. 14A means that among the gateway destination information associated with the thingId of the electronic device 10 for which the destination response is requested, the gateway destination information satisfying both the region and the scope is requested.

FIG. 14B is an example of a gateway destination response response. Here, since the gateway proxy 40, the MQTT broker 26, and the file transfer gateway satisfy the conditions, their respective destination response responses are included.
"200 OK" is the status code of the HTTP response which means the acquisition is successful.
Description 1 is a destination response response for targeting the gateway proxy 40.
"gatewayId" is the identification information of the gateway proxy 40.
"gatewayName" is the name of the gateway proxy 40.
“Region” and “scope” are the same as in FIG.
"address" means the URL of the gateway proxy 40, "protocol" is a communication protocol for the electronic device 10 or the sensor 11 to communicate with the gateway proxy 40, and "port" is the TCP port number of the gateway proxy 40. is there.

Description 2 is a destination response response for destined for MQTT broker 26.
"gatewayId" is the identification information of MQTT broker 26.
"gatewayName" is the identification information of MQTT broker 26.
“Region” and “scope” are the same as in FIG.
"protocol" is a communication protocol for communicating with MQTT broker 26, "endpointType" indicates the type of endpoint, and "contentType" indicates the format of the data.

"pathPattern" is a path pattern for communicating with MQTT broker 26, "protocol" is a communication protocol for electronic device 10 or sensor 11 to communicate with MQTT broker 26, and "endpointType" is the type of endpoint. Indicate, "contentType" indicates the format of the data.

Description 3 shows the destination information of the file transfer gateway.
"gatewayId" is the identification information of the file transfer gateway.
"gatewayName" is the name of the file transfer gateway.
“Region” and “scope” are the same as in FIG.
"pathPattern" is a path pattern for the electronic device 10 or sensor 11 to communicate with the file transfer gateway, "protocol" is a communication protocol for communicating with the file transfer gateway, and "contentType" indicates the data format. ..

<Operation or processing>
FIG. 15 is an example of a sequence diagram illustrating the operations performed by the electronic device 10 and the gateway proxy 40. The electronic device 10 already holds the gateway destination response response.

S1: The communication unit 15 of the electronic device 10 uses the gateway destination response response to send a request to the file transfer gateway to the gateway proxy 40 with the address of the gateway proxy 40 as the destination. At this time, specify the path pattern of the file transfer gateway and the download URL.

S2: The communication unit 41 of the gateway proxy 40 receives the request, and the transfer unit 42 collates with the information of each gateway set in (3) of FIG. 11 to determine the gateway that accepts the communication with this path pattern. .. That is, the gateway of the transfer destination is determined. In addition to the path pattern, it may be determined by the protocol or endpoint type.

S3: The transfer unit 42 of the gateway proxy 40 specifies the download URL and sends a request to the determined file transfer gateway. The gateway proxy 40 acquires the file acquired by the file transfer gateway from the download URL.

<Main effect>
As described above, in the information processing system of this embodiment, the gateway uses a plurality of gateways by installing the gateway proxy 40 between the plurality of gateways provided for each region or application and the electronic device 10. You can connect via the gateway proxy 40. Therefore, the burden required for the required security settings is reduced.

In this embodiment, the communication management system 20 in which the person in charge of operation can newly add a file transfer gateway will be described.

<Operation example by gateway proxy>
FIG. 16 is a diagram illustrating an operation procedure relating to the installation of the newly added gateway 27 when the gateway proxy is provided.

(1) The person in charge of operation manually adds the newly added gateway and determines the endpoint (electronic device 10 or sensor 11) to be connected to the newly added gateway 27.

(2) The operation staff registers the correspondence between the endpoint determined in (1) and the newly added gateway 27 in the gateway destination management unit 23. The gateway destination registration request / response is the same as in the first embodiment.

(3) Based on the contents registered in the gateway destination management unit 23, the operation staff adds information (information included in the gateway destination registration request) regarding the newly added gateway 27 to the gateway proxy 40.

(4) The gateway proxy 40 confirms the connection to the newly added gateway registered in (3).

This completes the expansion of the newly added gateway. After that, the electronic device 10 or the sensor 11 makes a gateway destination reply request to the gateway proxy 40 to acquire the gateway destination reply response. The electronic device 10 or the sensor 11 can access the newly added gateway 27 that has been added.

<Main effect>
As described above, in this embodiment, the endpoint can connect to the newly added gateway added via the gateway proxy 40.

In this embodiment, when a specific gateway becomes unavailable due to a cyber attack, a system failure, or the like, the communication management system 20 in which the operation person can replace the gateway by changing the address of the gateway will be described.

<Operation example by gateway proxy>
FIG. 17 is a diagram illustrating a procedure of operation relating to a change of a gateway when a gateway proxy is provided. In the description of FIG. 17, the difference from FIG. 16 will be described. In this embodiment, the process of (2) is different from that of FIG.
(2) The operation staff changes the correspondence between the endpoint and the gateway determined in (1) to the gateway destination management unit 23 and registers it. The content of the gateway destination change request is shown in FIG.

FIG. 18 is a diagram showing an example of a gateway destination change request.
"PUT / gateways / gw000004" indicates that it is a gateway change called gw000004 in the gateway.
The "gatewayName", "region", and "scope" may be the same as in FIG.
"address" means to replace the address with that of the new gateway, which is "bar.abc.com".
The "protocol", "port", "contentType", "pathPattern", and "things" are the same as the gateway destination registration request in FIG.

Thereby, the gateway to which the electronic device 10 is connected can be changed.

FIG. 19 is a diagram showing an example of a gateway destination change response.
"200 OK" is the status code of the HTTP response indicating that the change was successful. It may be the same as in FIG. 18 except that "gatewayId" is included.

<Main effect>
Therefore, according to this embodiment, the gateway to which the electronic device 10 is connected can be changed.

In the gateway group 3 shown in FIG. 9, there is only one endpoint (bed sensor 10d), and it is not necessary to unify the endpoints. In this case, the bed sensor 10d can send a request to the MQTT broker 26 or the gateway without going through the gateway proxy 40.

When the electronic device 10 or the sensor 11 does not go through the gateway proxy 40, the address of the gateway (MQTT broker 26) to be accessed directly is specified instead of the gateway proxy 40 when the gateway destination reply request is made. The address of the MQTT broker 26 is set in the electronic device 10 or the sensor 11. As a result, the electronic device 10 or the sensor 11 can receive the gateway destination reply response including the address of the gateway to be accessed.

<Main effect>
By doing the above, it is possible to access the gateway according to the number of endpoints and usage.

In this embodiment, the communication management system 20 having a plurality of gateway proxies 40 will be described.

FIG. 20 is an example of a functional block diagram for explaining the functions of the communication management system 20 by dividing them into blocks. In the description of FIG. 20, the difference from FIG. 9 will be mainly described. The communication management system 20 has gateway proxies 40A and 40B.

In the configuration of FIG. 9, it is considered that the load on the gateway proxy 40 increases according to the number of accesses because the electronic device 10 accesses each gateway via the gateway proxy 40. Therefore, by arranging a plurality of gateway proxies 40 in the gateway group such as the gateway proxies 40A and 40B, the access load from the electronic device 10 or the sensor 11 to the gateway proxies 40A or 40B can be distributed.

As shown in FIG. 21, when the communication management system 20 has a plurality of gateway proxies 40, the gateway destination information acquired by the electronic device 10 from the gateway destination management unit 23 is divided according to the type of the electronic device 10 or the sensor 11. .. In FIG. 21, different gateway proxies 40A and 40B are associated with the gateway destination information for each type of the electronic device 10 or the sensor 11.

As a result, when the electronic device 10 or the sensor 11 transmits the gateway destination reply request to the gateway destination management unit 23, the gateway destination information including the gateway proxy 40 different for each type of the electronic device 10 or the sensor 11 can be obtained.

<Main effect>
Since the communication management system 20 has a plurality of gateway proxies 40, the load on the gateway proxies 40 can be distributed, and the electronic device 10 or the sensor 11 can connect to an appropriate gateway proxy.

<Other application examples>
Although the best mode for carrying out the present invention has been described above with reference to examples, the present invention is not limited to these examples, and various modifications are made without departing from the gist of the present invention. And substitutions can be made.

Further, the configuration examples shown in FIG. 9 and the like are divided according to the main functions in order to facilitate the understanding of the processing by the communication management system 20. The present invention is not limited by the method of dividing the processing unit or the name. The processing of the communication management system 20 can be divided into more processing units according to the processing content. It is also possible to divide one processing unit so as to include more processing.

Further, the communication management system 20 can be configured to share the disclosed processing steps, eg, FIG. 15, in various combinations. For example, a process executed by a predetermined unit can be executed by a plurality of information processing devices included in the communication management system 20. Further, the communication management system 20 may be integrated into one server device or may be divided into a plurality of devices.

Each function of the embodiment described above can be realized by one or more processing circuits. Here, the "processing circuit" in the present specification is a processor programmed to execute each function by software such as a processor implemented by an electronic circuit, or a processor designed to execute each function described above. It shall include devices such as ASIC (Application Specific Integrated Circuit), DSP (Digital Signal Processor), FPGA (Field Programmable Gate Array) and conventional circuit modules.

1 Information processing system 10 Electronic blackboard 11 Sensor 20 Communication management system 21 Certificate management department 22 Mono registration management department 23 Gateway destination management department 24 Streaming gateway 25 File transfer gateway 26 MQTT broker 31 Gateway destination resolution department 40 Gateway proxy 60 App server

Japanese Unexamined Patent Publication No. 2012-129995

Claims (8)

A communication management system that provides a communication path for connecting the application software executed by the endpoint and the endpoint.
A plurality of gateways that connect the application software and the endpoint in a many-to-many manner,
A gateway destination management unit that manages the endpoint and the gateway in association with each other and transmits information about the gateway associated with the endpoint to the endpoint in response to a request from the endpoint.
When a request for the gateway using the information about the gateway is received from the endpoint, a gateway proxy that forwards the request to the gateway and a gateway proxy.
A communication management system characterized by having. The communication management system according to claim 1, wherein the gateway proxy determines a transfer destination gateway based on a path pattern included in information about the gateway received from the endpoint. The communication management system according to claim 1 or 2, wherein the gateway destination management unit additionally receives a setting of the gateway associated with the endpoint. The communication management system according to any one of claims 1 to 3, wherein the gateway destination management unit accepts a change of the gateway associated with the endpoint. When only one endpoint is connected to the communication management system
The communication management system according to any one of claims 1 to 4, wherein the gateway included in the communication management system receives a request directly from the endpoint. It has multiple gateway proxies
The gateway destination management unit manages the endpoint type and the gateway in association with each other.
The invention according to any one of claims 1 to 5, wherein when a request from the endpoint is received, information about the gateway associated with the endpoint type is transmitted to the endpoint. Communication management system. A communication management system that provides a communication path for connecting the application software executed by the endpoint and the endpoint, and an information processing system having the endpoint.
The communication management system is
A plurality of gateways that connect the application software and the endpoint in a many-to-many manner,
A gateway destination management unit that manages the endpoint and the gateway in association with each other and transmits information about the gateway associated with the endpoint to the endpoint in response to a request from the endpoint.
It has a gateway proxy that forwards the request to the gateway when a request for the gateway using the information about the gateway is received from the endpoint.
The endpoint
A destination resolution unit that requests information about the gateway associated with the endpoint from the gateway proxy.
A communication unit that requests a request for the gateway from the gateway proxy by using the information about the gateway acquired by the destination resolution unit.
An information processing system characterized by having. It is a communication method performed by a communication management system that provides a communication path for connecting the application software executed by the endpoint and the endpoint.
A plurality of gateways that connect the application software and the endpoint in a many-to-many manner and the endpoint are managed in association with each other, and the gateway destination management unit sends the endpoint to the endpoint in response to a request from the endpoint. A step of sending information about the associated gateway to the endpoint, and
When a request for the gateway using the information about the gateway is received from the endpoint, the gateway proxy forwards the request to the gateway.
A communication method characterized by having.

Images