JP2023060297A - Relay device, relay method, and relay program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a relay device capable of controlling communication according to a day of week and time at the time of operation.

SOLUTION: A relay device includes: storage means for storing a list of frames to be subjected to a first process after the relay device receives; analysis means for matching the received frame with the list; and control means, at the time of matching by the analysis means, for performing the first process on the received frame if the received frame matches a frame described in the list, and performing a second process on the received frame if there is no match. There are a plurality of lists according to days of week and time. The analysis means compares the received frame with a list corresponding to the day of the week and time at the time of operation.

SELECTED DRAWING: Figure 7

COPYRIGHT: (C)2023,JPO&INPIT

Description

The present invention relates to a relay device, a communication system, a relay method, and a relay program for relaying data in data communication.

In recent years, as collectively referred to as IoT (Internet of Things), everything has come to be connected to the Internet. For example, original protocols are being used to newly connect the control networks of factories and plants that have been communicating with the Internet.

By connecting to the Internet in this way, various benefits such as new added value and equipment management can be obtained. You will also be exposed to threats.

However, it is not easy to take countermeasures against threats from malicious persons, for example, for machine tools, sensors, and cameras installed in factories and plants. This is because machine tools, sensors, cameras, and other devices may not be equipped with functions for taking such countermeasures in the first place.

Therefore, it is important that the relay device that relays the communication of these devices, not the devices themselves, have a security function to deal with threats from malicious persons.

Under such circumstances, for example, Patent Literature 1 discloses a network switch that pre-stores a list of packets conforming to permitted communication regulations and permits communication of packets conforming to the list.

JP 2015-050767 A JP 2014-1201381 A

However, in the device according to Patent Document 1, there is a problem that it is not possible to deal with a case where a specific terminal does not want to communicate normally but wants to communicate only at a certain time on a certain day of the week. Furthermore, in the regular communication flow, if the traffic volume for a specific port increases or decreases compared to normal times, the regular communication flow cannot be cut off, detoured, or communication control including bandwidth control is not possible. There was a problem.

In this regard, for example, in Patent Document 2, a list is generated in which the correspondence between user operations and abnormalities that occurred when the operations were performed is described together with the date and time when the abnormalities occurred. An invention is disclosed that warns a user's operation that is likely to occur. However, in the invention according to Patent Document 2, the date and time described in the list are only the past times, and the data in the list is only the accumulated past results, so the operation is controlled according to the schedule after the present time. not something to do. Furthermore, it does not switch the list to be referenced according to the current date and time.

SUMMARY OF THE INVENTION Accordingly, it is an object of the present invention to provide a relay device capable of controlling communication according to the day of the week and time of day of operation. Further, the present invention provides a relay device capable of performing control such as blocking, detouring, bandwidth control, monitoring, etc., for a regular communication flow when the traffic in the regular communication flow increases or decreases compared to normal times. for the purpose.

According to a first aspect of the present invention, the relay device comprises storage means for storing a list of frames to be subjected to first processing after reception by the relay device, and one PLC (Programmable Logic Controller). a first connection port that connects to only one IoT device; a second connection port that connects to only one IoT device; an analysis means for matching a frame received from the first or second connection port with the list; When the received frame matches a frame described in the list when collated by the analysis means, the received frame is subjected to the first process, and if not matched, the received frame is subjected to the second process. wherein the list includes information identifying the first or second connection port, and the analysis means, at the time of collation, further processes the first or second connection A repeater is provided that is contingent on information that identifies a port.

According to a second aspect of the present invention, a relay device and a setting terminal connected to the relay device are provided, and the relay device is subjected to a first process after reception by the relay device. Storage means for storing a list of frames, a first connection port that connects only one PLC, a second connection port that connects only one IoT device, and reception from the first or second connection port analysis means for collating the received frame with the list, and if the received frame matches a frame described in the list during collation by the analysis means, performing the first processing on the received frame, and and control means for performing a second process on the received frame if there is no match, wherein the list includes information identifying the first or second connection port, and the analysis means performs the At the time of collation, further, with the information identifying the first or second connection port as a condition, the setting terminal responds to the user's operation received by the setting terminal, and A communication system is provided for modifying some or all of the contents of the list.

According to a third aspect of the present invention, there is provided a relay method used in a relay device, comprising the steps of: storing a list of frames to be subjected to a first process after reception by the relay device; or a second connection port connected to only one IoT device against the list; performing the first processing on the received frame if it matches a frame on the list, and subjecting the received frame to the second processing if it does not match; wherein the list includes information identifying the first or second connection port, and in the matching step, the matching is further conditioned on information identifying the first or second connection port; A relay method is provided.

According to a fourth aspect of the present invention, there is provided a relay program that causes a computer to function as a relay device, wherein the computer stores a list of frames to be subjected to a first process after being received by the relay device. storage means; analysis means for collating a frame received from a first connection port that connects only one PLC or a second connection port that connects only one IoT device with the list; Sometimes, if the received frame matches a frame on the list, then subjecting the received frame to the first process, otherwise subjecting the received frame to the second process. and control means, wherein the list includes information identifying the first or second connection port, and the analysis means further includes information identifying the first or second connection port during the matching. A relay program is provided that functions as a relay device on the condition that

ADVANTAGE OF THE INVENTION According to this invention, it becomes possible to perform an appropriate process at the time of a relay.

It is a figure showing the basic composition of the whole each embodiment of this invention. FIG. 4 is a diagram showing an example of communication for each day of the week and hour in the first embodiment of the present invention; FIG. 3 is a diagram showing a list of permission lists for each day of the week and hour in the first embodiment of the present invention; FIG. It is a figure which shows the example of the permission list in the 1st Embodiment of this invention. It is a figure which shows the example of the permission list in the 1st Embodiment of this invention. FIG. 4 is a diagram showing an example of operation settings according to the first embodiment of the present invention; FIG. It is a figure which shows the structural example of the relay apparatus in the 1st Embodiment of this invention. 4 is a flow chart showing the operation flow of the relay device according to the first embodiment of the present invention; 4 is a flow chart showing the operation flow of the relay device according to the first embodiment of the present invention; FIG. 10 is a diagram showing an example of communication for each amount of communication according to the second embodiment of the present invention; FIG. FIG. 10 is a diagram showing a list of permission lists for each traffic volume in the second embodiment of the present invention; FIG. FIG. 11 is a diagram showing an example of a permission list according to the second embodiment of the present invention; FIG. FIG. 11 is a diagram showing an example of a permission list according to the second embodiment of the present invention; FIG. It is a figure which shows the structural example of the relay apparatus in the 2nd Embodiment of this invention. 9 is a flow chart showing an operation flow of a relay device according to the second embodiment of the present invention; 9 is a flow chart showing an operation flow of a relay device according to the second embodiment of the present invention; FIG. 11 is a diagram showing an example of communication for each day of the week, time, and traffic volume in the third embodiment of the present invention; FIG. 13 is a diagram showing a list of permission lists for each day of the week, time, and traffic volume in the third embodiment of the present invention; FIG. 11 is a diagram showing an example of a permission list according to the third embodiment of the invention; FIG. FIG. 11 is a diagram showing an example of a permission list according to the third embodiment of the invention; FIG. FIG. 11 is a diagram showing an example of a permission list according to the third embodiment of the invention; FIG. FIG. 11 is a diagram showing a configuration example of a relay device according to a third embodiment of the present invention; It is a flow chart which shows the operation flow of the relay device in a 3rd embodiment of the present invention. It is a flow chart which shows the operation flow of the relay device in a 3rd embodiment of the present invention.

<Outline of each embodiment of the present invention>
First, an outline of each embodiment of the present invention will be described.

In the embodiment of the present invention, a list is made of information specifying communication destinations that are considered to have no problem (such a list is hereinafter referred to as a "permission list"), and frames that match this permission list are not forwarded. A method of permitting and discarding frames that do not match this permit list is adopted.

Here, in the present invention, a plurality of permission lists are prepared. For example, a permission list for each day of the week from 8:30 to 17:29 and a permission list for each day from 17:30 to 8:29 are prepared according to the day of the week and time. This makes it possible to provide a security switch that switches communication control methods according to the day of the week and time.

Alternatively, depending on the amount of communication, a permission list for when the amount of communication is normal and a permission list for when the amount of communication is abnormal are prepared. As a result, it is possible to provide a security switch capable of performing control such as blocking of a normal communication flow when an abnormality is found in the traffic.

Additionally, embodiments of the present invention provide the ability to automatically generate at least a portion of such permission lists.

Specifically, the relay device is provided with a registration period and an operation period. Then, the permission list is automatically generated by adding the frames input to the relay device during the registration period to the permission list. At this time, the automatically generated permission list may be manually added or deleted by the user's operation.

After that, the registration period is switched to the operation period, the frame input to the relay device is compared with the permission list automatically generated in the registration period, and if they match, the frame is passed, and if they do not match, the frame is discarded.

As a result, it is possible to automatically generate a permission list and perform security management using the permission list.

The above is the outline of the embodiment of the present invention.

Next, embodiments of the present invention will be described in detail with reference to the drawings. Here, three embodiments of the present invention will be described below.
First, in the first embodiment, a permission list is generated for each day of the week and time, and the permission list to be referenced is switched according to the day of the week and time during operation.
Next, the second embodiment is a form in which a permission list is generated for each traffic volume, and the permission list to be referred to is switched according to the traffic volume during operation.
Furthermore, the third embodiment is a form in which a permission list is generated for each day of the week, time, and traffic volume, and the permission list to be referenced is switched according to the day of the week, time, and traffic volume during operation.
These three embodiments will be described in turn below.

<First embodiment>
A first embodiment of the present invention will be described in detail below with reference to FIGS. 1 to 8-2.

Referring to FIG. 1, this embodiment includes a security switch 100, a plurality of communication terminals 10-1 to 10-n (here, these are also collectively referred to as "communication terminals 10"), a setting terminal 50, a firewall 500, and the Internet. 700 included. (A security switch is also referred to as a “relay device” in this specification.)

Here, the security switch 100 is a security switch for relaying communications between the communication terminals 10 and communications by the communication terminals 10 via the firewall 500 and the Internet 700 .

In this regard, in this embodiment, a firewall 500 is provided between the security switch 100 and the Internet 700 as illustrated. By setting the firewall 500 according to the user's policy, it is possible to prevent the inflow of malicious data such as viruses from the Internet 700 and the unintended outflow of data to the Internet 700. can.

However, firewall 500 functions in communication with devices existing on Internet 700 , but does not function in communication between communication terminals 10 . Therefore, in this embodiment, in order to prevent inappropriate communication between the communication terminals 10, a security switch 100 equipped with a security function is connected instead of a mere relay device.

Then, the security switch 100 prevents malicious frames from being transferred by performing processing using the permission list described above. The security switch 100 is provided with a plurality of connection ports, and each communication terminal 10 and the firewall 500 are connected to these ports.

A plurality of communication terminals 10 are terminals each having a communication function. Communication terminal 10 communicates with other communication terminals 10 via security switch 100 . Such communication is performed in compliance with general protocols such as IP (Internet Protocol), TCP (Transmission Control Protocol), and FTP (File Transfer Protocol), for example.
There is no particular restriction on the content of data actually exchanged, that is, what content is included in the payload portion.

Also, for example, some communication terminals 10 may have a function of communicating with terminals existing on the Internet 700 . Furthermore, the communication terminal 10 may be implemented by a terminal that is directly operated by a user, or may be implemented by devices such as machine tools, sensors, and cameras installed in factories and plants. Alternatively, a device such as a PLC (Programmable Logic Controller) that controls a machine tool may be used.

The setting terminal 50 is a terminal for setting the security switch 100 . The setting terminal 50 is used by an administrator or the like who manages this embodiment. The setting terminal 50 may be realized as a dedicated terminal for setting the security switch 100, but may be realized as a general-purpose terminal such as a personal computer to which software or the like for setting the security switch 100 is added. Also good.

The Internet 700 is connected to the security switch 100 via the firewall 500 so that the communication terminals 10 and the like communicate with the outside.

The firewall 500 has a function of monitoring data transmitted/received to/from the Internet 700 and discarding data considered to be malicious.

Here, as shown in FIG. 2A, for example, during weekdays (Monday to Friday) from 8:30 to 17:29, between the PC 10-1 and the server PC 10-3, and between the PC 10-2 and server PC 10-3. On the other hand, during weekdays (Monday to Friday) from 17:30 to 8:29, as shown in FIG. 2B, only communication between the server PC 10-3 and the backup server PC 10-4 shall be permitted.

Therefore, a plurality of permission lists are prepared as shown in FIG. That is, it is assumed that a permission list is generated for each time slot of 8:30 to 17:29 and 17:30 to 8:29 on each day of the week and referred to during operation. For example, in order to operate the security switch 100 in the time zone of 8:30 to 17:29 on Sunday, a permission list of "day-daytime" is generated, and in the time zone, the permission list of "day-daytime" is generated. to control communications. Similarly, for the operation of the security switch 100 in the time zone of 17:30 to 8:29 on Sunday, a permission list of "day-night" is generated, and the permission list of "day-night" is generated in this time zone. Refer to the list to control communication. In the same way, a permission list is generated for each time zone from 8:30 to 17:29 and 17:30 to 8:29 from Monday to Saturday, and the permission list is generated in the time zone corresponding to each permission list. The security switch 100 is operated by referring to it.

FIG. 4 shows an example of a permission list corresponding to a time slot of 8:30 to 17:29 on weekdays (Monday to Friday). That is, it is an example of the permission list named "Monday-Noon", "Tuesday-Noon", "Wednesday-Noon", "Thursday-Noon", and "Friday-Noon" in the table of FIG.

Specifically, for example, item number 1 indicates that the MAC-DA (destination address) of the frame received from reception port 1 is "M-PC3", MAC-SA (source address) )) is "M-PC1", Type is "0x0800" (IPv4), VID is "0", IP-SA (source IP address) is "IP-PC1", IP-DA (destination IP address) is " IP-PC3", protocol is "6" (TCP), L4SP (source port number in TCP header) is "3000", and L4DP (destination port number in TCP header) is "23".

Also, FIG. 5 shows an example of the permission list corresponding to the time period from 17:30 to 8:29 on weekdays (Monday to Friday). That is, it is an example of the permission list of “Monday-Night”, “Tuesday-Night”, “Wednesday-Night”, “Thursday-Night”, and “Friday-Night” in the table of FIG.

Specifically, for example, item number 5 indicates that the MAC-DA (destination MAC address) of the frame received from the receiving port 3 is "M-PC4" and the MAC-SA (source MAC address) is "M-PC3". , Type is "0x0800" (IPv4), VID is "0", IP-SA (source IP address) is "IP-PC3", IP-DA (destination IP address) is "IP-PC4", Protocol is " 6” (TCP), L4SP (source port number in TCP header) is “any”, and L4DP (destination port number in TCP header) is “any”.

Frame information of frames to be allowed to pass through the security switch 100 is set in the permission list, for example. Specifically, frame information for specifying a frame of a protocol used in each communication terminal 10, and a frame for specifying a frame containing an address representing a destination or a source used in each communication terminal 10. Information is included in the allow list.

In this case, the device, layer 2, layer 3, and layer 4 are used as the elements that make up the permission list. elements may be added.

Shown in FIG. 6 is a table showing an example of operational settings when a frame matches and does not match the allow list illustrated in FIGS. 4 and 5 . Specifically, in the table of FIG. 6, a frame that matches the permission list is allowed to pass through the security switch 100 and is not notified to the setting terminal 50 . On the other hand, a frame that does not match the permission list is discarded, and the discarded frame is notified to the setting terminal 50 .

Next, functional blocks included in the security switch 100 according to the first embodiment will be described with reference to FIG. Referring to FIG. 7 , security switch 100 includes frame analysis section 110 , permission list generation section 120 , permission list storage section 130 , day/time management section 140 , and communication control section 150 . Here, the frame analysis section 110 is also referred to as "analysis means", the permission list storage section 130 is also referred to as "storage means", and the communication control section 150 is also referred to as "control means".

The frame analysis unit 110 analyzes the received input frame each time the security switch 100 receives an input frame from the outside. Here, analysis means extracting predetermined information (hereinafter referred to as "frame information") from the received input frame.

The frame information is, for example, predetermined information defined by each protocol used for communication. Specific examples are reception port numbers, layer 2 (MAC header) information, and information required for upper layers above layer 3 (IP header) information depending on the frame type. In the present embodiment, by using frame information that complies with such a general-purpose protocol, processing such as embedding special information or the like in the payload portion can be made unnecessary.

Further, in the present embodiment, all of the information may be used in the frame information and each list, but a combination of some of the information may be used. For example, only layer 2 (MAC header) information may be used, or a combination of layer 2 (MAC header) information and layer 3 (IP header) information may be used.

Also, for example, if layer 2 (MAC header) information is used, all layer 2 (MAC header) information may be used. A source address (MAC-SA) may be used, or a combination thereof may be used.

Two settings, “registration period setting” and “operation setting”, are made in the frame analysis unit 110 by the setting terminal 50 .

Here, in the present embodiment, as described above, there are two periods, namely, the registration period and the operating period, and the setting for switching between the registration period and the operating period is performed by setting the registration period. Specifically, for example, when creating a "Monday-Noon" list, the registration period is set to 8:30 to 17:29 on Monday.

Further, in the operation setting, it is set what kind of operation is to be performed when the frame information of the received input frame matches each list and when it does not match each list. For example, if it matches the allow list, it can be set to pass the corresponding frame. Also, if the frame does not match the permission list, the corresponding frame can be set to be discarded. Here, passing means that the received input frame is passed through the frame analysis unit 110 and output, thereby transferring the frame to the destination corresponding to the destination address in the frame.

In addition to this, it is also possible to set whether or not to notify when there is a match with each list or when there is no match. The content of the notification may be only that it matches with each list or that it does not match, but the frame corresponding to the frame information may be duplicated and the duplicated frame may be included in the notification. Then, for example, a virtual communication system may be created by the setting terminal 50, and the effect of the malicious frame may be known by transmitting duplicate frames in the virtual communication system.

The notification destination may be, for example, the setting terminal 50, or may be another server device or the like. Also, instead of or together with the notification, the security switch 100 may record a frame corresponding to the frame information. An administrator or the like who manages the present embodiment can grasp the communication status in the present embodiment by referring to the content of such notification and the content recorded in the security switch 100 as a log.

Further, when the input frame is received and it is during the registration period, the frame analysis unit 110 extracts the frame information from the received input frame, and extracts the current day of the week/time received from the day of the week/time management unit 140 (to be described later). After adding data, it is passed to the permission list generation unit 120 described later.

Furthermore, when the input frame is received, the frame analysis unit 110 extracts frame information from the received input frame if it is during the operation period. Then, the extracted frame information is compared with the permission list stored in the permission list storage unit 130 that corresponds to the current day of the week and time.

As a result of the comparison, if the frame information matches the allow list, it operates according to the setting of the corresponding operation setting. For example, if the setting is “pass, do not notify”, the frame is output by passing the frame through the frame analysis unit 110 . However, no notification will be given.

On the other hand, as a result of the comparison, if the frame information does not match the permission list, it operates according to the setting of the corresponding operation setting. For example, if the setting is "discard, notify", the frame is discarded and the setting terminal 50 is notified of the discard.

Permission list generating section 120 starts operating when frame information is received from frame analyzing section 110 during the registration period. Permission list information is generated from the received frame information, and the permission list information is stored in the permission list storage unit 130 .

The permission list storage unit 130 is a storage unit that stores a permission list. The permission list stored in permission list storage unit 130 is generated by permission list generation unit 120 during the registration period. The permission list stored in the permission list storage unit 130 is referred to and used by the frame analysis unit 110 during the operation period.

For example, frame information of frames to be allowed to pass through the frame analysis unit 110 is set in the permission list. Specifically, frame information for specifying a frame of a protocol used in each communication terminal 10, and a frame for specifying a frame containing an address representing a destination or a source used in each communication terminal 10. Information is included in the allow list.

Note that the permission list is generated by the permission list generation unit 120 during the registration period, as described above. In addition to this, the permission list may be modified by “list setting” from the setting terminal 50 . For example, an administrator who uses the setting terminal 50 may be able to delete part of the permission list or add new frame information to the permission list. In this way, for example, when a new communication terminal 10 is added, it is possible to allow frames related to the newly added communication terminal 10 to pass without obtaining a registration period again. In addition, for example, when a part of the existing communication terminal 10 is removed, frame information related to the removed communication terminal 10 can be deleted from the permission list without obtaining a registration period again.

In this case, the device, layer 2, layer 3, and layer 4 are used as the elements that make up the permission list. elements may be added.

The day-of-the-week/time management unit 140 plays the role of a so-called calendar, and outputs current day-of-the-week/time data.

The communication control unit 150 actually processes frames according to the operation settings set in the frame analysis unit 110 while referring to the permission list stored in the permission list storage unit 130 as necessary.

Next, the operation of this embodiment during the registration period will be described with reference to the flowchart of FIG. 8-1.

First, in step S101, the day of the week and the time of the permission list to be generated are registered. For example, if you set "Monday: 8:30 to 17:29", the learning period will be from 8:30 to 17:29 on Monday, and it will be referenced during operation from 8:30 to 17:29 on Monday. An allow list is generated.

Next, in step S102, the security switch 100 determines whether or not the frame analysis section 110 is set to the registration period. Here, if the registration period is set (S102: Yes), the process proceeds to step S103. On the other hand, if it is not set in the registration period (S102: No), that is, if it is set in the operation period, the process proceeds to step S108 in FIG. 8B.

Next, in step S<b>103 , frame analysis section 110 analyzes the frame and transmits frame information to permission list generation section 120 . At this time, the actual frame is output as an output frame via the communication control section 150. FIG.

Next, in step S<b>104 , the day-of-week/time management unit 140 adds the current day-of-the-week and time data to the frame information transmitted by the frame analysis unit 110 .

Next, in step S105, the permission list generation unit 120 receives the frame information to which the current day of the week and time data is added, and generates permission list information.

Next, in step S<b>106 , permission list generation section 120 transfers the generated permission list information to permission list storage section 130 .

Next, in step S107, permission list storage unit 130 stores the transferred permission list information.

Next, in step S108, the security switch 100 determines whether or not the registration period has expired. If the registration period has expired (S108: Yes), the process proceeds to step S109 in FIG. 8-2. If the registration period has not expired (S108: No), the process returns to step S103.

Next, the operation when using the permission list generated and updated in this way during the operation period will be described with reference to FIG. 8-2.

First, in step S109, when the security switch 100 receives an input frame during operation, the frame analysis unit 110 extracts frame information by analyzing the received input frame.

Next, in step S110, the day-of-the-week/time management unit 140 instructs the frame analysis unit 110 to select a day-of-the-week/time range corresponding to the current day-of-the-week/time. For example, if the current time is 12:30 on Monday, the selection of "Monday-Noon" is instructed.

Next, in step S<b>111 , the frame analysis unit 110 refers to the permission list corresponding to the day of the week/time range selected and instructed by the day of the week/time management unit 140 . For example, in the above example, we refer to the "Monday-Daytime" permission list.

Next, in step S112, the frame analysis unit 110 compares the extracted frame information with the referenced permission list, and determines whether or not they match.

If the two match (S112: Yes), the frame analysis unit 110 processes the frame corresponding to the frame information that matches the permission list in accordance with the instruction of the operation setting when the permission list matches (step S113). For example, if the setting is “pass, do not notify”, the frame is output by passing the frame through the frame analysis unit 110 .
However, no notification will be given.

When the process of step S113 is completed, the process returns to step S109, and the above operations are repeated for the newly received frame.

If the two do not match (S112: No), the frame analysis unit 110 processes the frame corresponding to the frame information that does not match the permission list in accordance with the instruction of the operation setting when the permission list does not match. (step S114). For example, if the setting is "discard, notify", the frame is discarded and the setting terminal 50 is notified of the discard.

When the process of step S114 is completed, the process returns to step S109, and the above operations are repeated for the newly received frame.

According to the first embodiment described above, it is possible to allow a specific terminal to communicate only at a certain time on a certain day of the week, thereby further improving security. The reason for this is that the permission list to be referenced from the permission list storage unit is switched for each day of the week and hour, and the frame analysis unit compares and determines with the received frame data.

In the above-described first embodiment, when generating a permission list for a specific day of the week and time, learning is set during the specific day of the week and time at the stage of setting the initial learning period. Instead, for example, the learning period is set to one week, and once a permission list is generated in units of one week, and the permission list in units of one week is divided into units of days of the week and hours by directly operating the permission list storage unit. You may

<Second embodiment>
The second embodiment of the present invention will be described in detail below with reference to FIGS. 9 to 14-2.

The second embodiment has a basic configuration similar to that of FIG. 1 according to the first embodiment. However, although illustration is omitted, a security switch 200 is provided instead of the security switch 100 in FIG.

In the first embodiment, a permission list is generated for each day of the week and time, and the permission list to be referenced is switched according to the day of the week and time during operation. On the other hand, in the second embodiment, a permission list is generated according to the traffic, and the permission list to be referenced is switched according to the traffic at the time of operation.

As shown in FIG. 9, when the communication volume is normal, only communication between the PC 10-1 and the server PC 10-3 and between the PC 10-2 and the server PC 10-3 is permitted as shown in (A). Suppose. On the other hand, as shown in (B), when the traffic is abnormal, no communication is permitted.

Therefore, as shown in FIG. 10, the permission list to be referenced is switched according to the amount of communication. For example, when the traffic is between 0 Mbps and 5 Mbps, the communication is controlled by referring to the permission list named "Normal", which is used when the traffic is normal. On the other hand, when the traffic exceeds 5 Mbps, the communication is controlled by referring to the permission list named "abnormal", which is used when the traffic is abnormal. The amount of communication described here may be the amount of communication per security switch, or the amount of communication per port.

FIG. 11 shows an example of a permission list to be referenced when traffic is normal. That is, this is an example of the permission list named "Normal" in the table of FIG.

As in the table of FIG. 4 according to the first embodiment, specifically, for example, item number 1 indicates that the MAC-DA (destination MAC address) of the frame received from the receiving port 1 is "M-PC3", MAC-SA (source MAC address) is "M-PC1", Type is "0x0800" (IPv4), VID is "0", IP-SA (source IP address) is "IP-PC1", IP-DA (destination IP address) is "IP-PC3", protocol is "6" (TCP), L4SP (source port number in TCP header) is "3000", L4DP (destination port number in TCP header) is "23" ” frame.

Also, FIG. 12 shows an example of a permission list to be referred to when the traffic is abnormal. That is, this is an example of the permission list named "abnormal" in the table of FIG.

No data is registered in the table of FIG. That is, when referring to the permission list in the table of FIG. 12, there is no frame matching the permission list.

An example of operation setting when a frame matches or does not match the permission list illustrated in FIGS. 11 and 12 is the same as that in FIG. Specifically, frames matching the permission list shown in FIG. On the other hand, frames that do not match the permission list are discarded, and the setting terminal 50 is notified of the discard. Also, when referring to the permission list shown in FIG. 12, since there is no frame that matches the permission list, all frames are discarded and the setting terminal 50 is notified of the discard.

Next, functional blocks included in the security switch 200 according to the second embodiment will be described with reference to FIG. In addition, in FIG. 13, the same reference numerals are used for the same components as those of the security switch 100 according to the first embodiment.

The security switch 200 does not include the day/time management unit 140 and the communication control unit 150, but instead includes the traffic monitoring unit 210, the traffic management unit 220, and the communication control unit 230. is different from the security switch 100 according to

The traffic monitoring unit 210 monitors the traffic of passing data and periodically notifies the traffic management unit 220 of the traffic. The granularity of monitoring may be per physical port or per device. The range of traffic to be monitored follows instructions from the traffic management unit 220 .

The communication amount management unit 220 sets the communication amount expected value in the learning period by the communication amount setting means. The settings are set with a certain amount of width. For example, "0 Mbps or more and 5 Mbps or less" may be set, or "5 Mbps±20%" may be set. If the actual traffic is within this range, it is determined that the traffic is normal, and if it exceeds this range, it is determined that the traffic is abnormal. This traffic volume expected value is attached to the frame information when the frame information is transferred from the frame analysis unit 110 to the permission list generation unit 120 . Thereafter, when the permission list is stored in the permission list storage unit 130, the expected traffic volume value is simultaneously stored as an attribute of the permission list.

In addition, the communication traffic management unit 220 periodically obtains the communication traffic from the communication traffic monitoring unit 210 and also obtains the data of the communication traffic expected value corresponding to the permission list from the permission list storage unit 130 . Further, the traffic volume obtained from the traffic monitoring unit 210 is periodically compared with the traffic volume expected value data obtained from the permission list storage unit 130, and if the actual traffic volume is outside the range of the traffic volume expected value. instructs selection of a permission list that the frame analysis unit 110 refers to. In addition, the communication control unit 230 may be instructed to perform band control or the like. When the actual traffic volume returns to within the range of the traffic volume expected value, selection of the permission list referred to by the frame analysis section 110 and instruction to the communication control section 230 are executed again.

The communication control section 230 actually processes frames according to the operation settings set in the frame analysis section 110 . Furthermore, communication control such as bandwidth control may be performed according to instructions from the traffic management unit 220 .

Next, the operation of this embodiment during the registration period will be described with reference to the flowchart of FIG. 14-1.

First, in step S201, the security switch 200 determines whether or not the frame analysis unit 110 is set to the registration period. Here, if the registration period is set (S201: Yes), the process proceeds to step S202. On the other hand, if it is not set in the registration period (S201: No), that is, if it is set in the operation period, the process proceeds to step S209 in FIG. 14B.

Next, in step S<b>202 , frame analysis section 110 analyzes the frame and transmits frame information to permission list generation section 120 . At this time, the actual frame is output as an output frame via the traffic monitoring section 210 and the communication control section 230 .

Next, in step S<b>203 , the traffic management unit 220 adds data of the expected traffic volume to the frame information transmitted by the frame analysis unit 110 . For example, when the traffic volume of 0 Mbps to 5 Mbps is within the range of normal traffic volume, the data "0 Mbps to 5 Mbps" is added.

Next, in step S204, the permission list generating unit 120 receives the frame information to which the traffic volume expected value is assigned, and generates permission list information for the case where the actual traffic volume is within the range of the traffic volume expected value. .

Next, in step S<b>205 , permission list generation section 120 transfers the generated permission list information to permission list storage section 130 .

Next, in step S206, permission list storage unit 130 stores the transferred permission list information.

Next, in step S207, the security switch 100 determines whether or not the registration period has expired. If the registration period has expired (S207: Yes), the process proceeds to step S208. If the registration period has not expired (S207: No), the process returns to step S202.

Next, in step S208, the user directly operates the permission list storage unit 130 to generate a permission list for when the communication traffic is out of the communication traffic expected value range, for example, the permission list in FIG. . Note that, for example, if it is predetermined that the permission list when the communication volume is outside the range of the communication volume expected value will be an empty list as shown in FIG. Alternatively, the permission list generation unit 120 may automatically generate a permission list for cases where the communication traffic is out of the communication traffic expected value range.

The operation when using the permission list generated and updated in this manner during the operation period will be described with reference to FIG. 14-2.

First, in step S209, when the security switch 100 receives an input frame during the operation period, the frame analysis unit 110 extracts frame information by analyzing the received input frame.

Next, in step S<b>210 , the traffic monitoring unit 210 transmits the current traffic to the traffic management unit 220 .

Next, in step S211, the communication volume management unit 220 compares the current communication volume with the range of the communication volume expected value that is the attribute of the permission list stored in the permission list storage unit 130, and analyzes the frame. The section 110 is instructed to select a traffic volume expected value range corresponding to the current traffic volume. For example, if the current traffic volume is 2 Mbps, select item number 1 in the table of FIG. 10, "normal traffic volume". 2, "abnormal traffic" is selected.

Next, in step S212, the frame analysis unit 110 refers to the permission list corresponding to the traffic volume range whose selection was instructed by the traffic management unit 220 in step S211.

Next, in step S213, frame analysis section 110 compares the extracted frame information with the referenced permission list, and determines whether or not they match.

If both match (S213: Yes), the frame analysis unit 110 processes the frame corresponding to the frame information that matches the permission list according to the instruction of the operation setting when the permission list matches (step S214). For example, if the setting is “pass, do not notify”, the frame is output by passing the frame through the frame analysis unit 110 .
However, no notification will be given.

When the process of step S214 is completed, the process returns to step S209, and the above operations are repeated for the newly received frame.

If the two do not match (S213: No), the frame analysis unit 110 processes the frame corresponding to the frame information that does not match the permission list in accordance with the instruction of the operation setting when the permission list does not match. (step S215). For example, if the setting is "discard, notify", the frame is discarded and the setting terminal 50 is notified of the discard.

When the process of step S215 is completed, the process returns to step S209, and the above operations are repeated for the newly received frame.

According to the above-described second embodiment, communication control (blocking, detouring, bandwidth control, etc.) can be performed when the traffic of the regular communication flow exceeds a certain range compared to normal times. Become. The reason for this is that the communication amount monitored by the communication amount monitoring unit 210 is compared with the normal communication amount expected value by the communication amount management unit 220, and if it is out of range, the communication control unit 230 controls the communication. be.

In the above description, only two types of permission lists are shown for normal traffic and abnormal traffic, but the present embodiment is not limited to this. You may generate and refer to the permission list.

<Third Embodiment>
The third embodiment of the present invention will be described in detail below with reference to FIGS. 15 to 21-2.

The third embodiment has a basic configuration similar to that of FIG. 1 according to the first embodiment. However, although illustration is omitted, a security switch 300 is provided instead of the security switch 100 in FIG.

In the first embodiment, a permission list is generated for each day of the week and time, and the permission list to be referenced is switched according to the day of the week and time during operation. Further, in the second embodiment, a permission list is generated according to the amount of communication, and the permission list to be referred to is switched according to the amount of communication at the time of operation. In the third embodiment, a combination of these, that is, a permission list is generated according to the day of the week, time, and traffic volume, and the permission list to be referenced is generated according to the day of the week, time, and traffic volume at the time of operation. switch.

As shown in FIG. 15A, for example, when the communication traffic is normal during the hours of 8:30 to 17:29 on weekdays (Monday to Friday), , and only communication between the PC 10-2 and the server PC 10-3. In addition, when the traffic is normal during the time period from 17:30 to 8:29 on weekdays (Monday to Friday), as shown in FIG. shall only allow communication between Furthermore, when the amount of communication is abnormal on weekdays (Monday to Friday), no communication is allowed as shown in FIG. 15(C).

Therefore, a plurality of permission lists are prepared as shown in FIG. That is, for each time period from 8:30 to 17:29 and from 17:30 to 8:29 on each day of the week, an authorization list is generated for normal and abnormal communication traffic, and referred to during operation. Suppose. For example, in order to operate the security switch 300 when the traffic is normal during the time period from 8:30 to 17:29 on Sunday, a permission list of "Sunday-Noon-Normal" is generated and During operation, communication is controlled by referring to the permission list of "Sunday-Noon-Normal". In addition, for the operation of the security switch 300 when the traffic is abnormal during the time period from 8:30 to 17:29 on Sunday, a permission list of "day-noon-abnormal" is generated and controls communication by referring to the permission list of "day-day-abnormal".
Similarly, for the operation of the security switch 100 when the traffic is normal during the time period from 17:30 to 8:29 on Sunday, a permission list of "Day-Night-Normal" is generated and During operation in , communication is controlled by referring to the permission list of "Day-Night-Normal". In addition, for the operation of the security switch 100 when the traffic is abnormal during the time period from 17:30 to 8:29 on Sunday, a permission list of "day-night-abnormal" is generated and During operation, communication is controlled by referring to a permission list of "Day-Night-Abnormality". Similarly, for each time slot from 8:30 to 17:29 and 17:30 to 8:29 from Monday to Saturday, create a permission list for normal and abnormal traffic, The security switch 100 is operated by referring to the permission list during the time zone corresponding to each permission list.

FIG. 17 shows an example of a permission list corresponding to a case where traffic is normal during the hours of 8:30 to 17:29 on weekdays (Monday to Friday). That is, the names of “Monday-Noon-Normal”, “Tuesday-Noon-Normal”, “Wednesday-Noon-Normal”, “Thursday-Noon-Normal”, and “Friday-Noon-Normal” in the table of FIG. This is an example of an allow list.

Specifically, for example, item number 1 indicates that the MAC-DA (destination MAC address) of the frame received from reception port 1 is "M-PC3" and the MAC-SA (source MAC address) is "M-PC1". , Type is "0x0800" (IPv4), VID is "0", IP-SA (source IP address) is "IP-PC1", IP-DA (destination IP address) is "IP-PC3", Protocol is " 6” (TCP), L4SP (source port number in TCP header) is “3000”, and L4DP (destination port number in TCP header) is “23”.

Also, FIG. 18 shows an example of a permission list corresponding to a case where the communication traffic is normal during the time period from 17:30 to 8:29 on weekdays (Monday to Friday). That is, in the table of FIG. 3, the permission list of "Monday-Night-Normal", "Tuesday-Night-Normal", "Wednesday-Night-Normal", "Thursday-Night-Normal", and "Friday-Night-Normal" is an example of

Specifically, for example, item number 5 indicates that the MAC-DA (destination MAC address) of the frame received from the receiving port 3 is "M-PC4" and the MAC-SA (source MAC address) is "M-PC3". , Type is "0x0800" (IPv4), VID is "0", IP-SA (source IP address) is "IP-PC3", IP-DA (destination IP address) is "IP-PC4", Protocol is " 6” (TCP), L4SP (source port number in TCP header) is “any”, and L4DP (destination port number in TCP header) is “any”.

Also, FIG. 19 shows an example of a permission list to be referred to when the traffic is abnormal. That is, “Monday-day-abnormal”, “Monday-night-abnormal”, “Tuesday-day-abnormal”, “Tuesday-night-abnormal”, “Wednesday-day-abnormal”, and “Water-day-abnormal” in the table of FIG. Examples of permission lists named "Night-Abnormal", "Thurs-Day-Abnormal", "Thurs-Night-Abnormal", "Fri-Day-Abnormal", "Fri-Night-Abnormal".

No data is registered in the table of FIG. That is, when referring to the permission list shown in the table of FIG. 19, there is no frame matching the permission list.

An example of operation setting when a frame matches or does not match the permission list illustrated in FIGS. 17 to 19 is the same as that in FIG. Specifically, frames that match the permission list shown in FIGS. 17 and 18 are allowed to pass through the security switch 300 and are not notified to the setting terminal 50 . On the other hand, frames that do not match the permission list are discarded, and the setting terminal 50 is notified of the discard. Also, when referring to the permission list shown in FIG. 19, since there is no frame matching the permission list, all frames are discarded and the setting terminal 50 is notified of the discard.

Next, functional blocks included in the security switch 300 according to the third embodiment will be described with reference to FIG. In FIG. 20, the same symbols are used for the same components as those of the security switch 100 according to the first embodiment and the security switch 200 according to the second embodiment.

The security switch 300 includes a frame analysis unit 110, a permission list generation unit 120, and a permission list storage unit 130, which are shared by the security switch 100 according to the first embodiment and the security switch 200 according to the second embodiment. . The security switch 300 also includes the day/time management unit 140 included in the security switch 100 according to the first embodiment. Furthermore, the security switch 300 includes a traffic monitoring unit 210, a traffic management unit 220, and a communication control unit 230 that the security switch 200 according to the second embodiment has.

Among the operations of each block of the security switch 300, the points that differ from the operations of the corresponding blocks included in the security switch 100 and the security switch 200 are as follows.

When the frame analysis unit 110 receives the input frame and it is during the registration period, the frame information is extracted from the received input frame. After adding the data of the current day of the week and time received from , it is passed to the permission list generation unit 120 described later.

Also, when the input frame is received, the frame analysis unit 110 extracts frame information from the received input frame if it is during the operation period. Then, the extracted frame information is compared with a permission list stored in the permission list storage unit 130 that corresponds to the current day of the week, time, and traffic volume.

Further, the granularity of the communication traffic monitored by the traffic monitoring unit 210 may be per physical port, per device, or per day of the week/time range to which each permission list corresponds.

Next, the operation of this embodiment during the registration period will be described with reference to the flowchart of FIG. 21-1.

First, in step S301, the day of the week and the time of the permission list to be generated are registered. For example, if you set "Monday: 8:30 to 17:29", the learning period will be from 8:30 to 17:29 on Monday, and it will be referenced during operation from 8:30 to 17:29 on Monday. An allow list is generated.

Next, in step S302, the security switch 300 determines whether or not the frame analysis section 110 is set to the registration period. Here, if the registration period is set (S302: Yes), the process proceeds to step S303. On the other hand, if it is not set in the registration period (S302: No), that is, if it is set in the operation period, the process proceeds to step S311 in FIG. 21-2.

Next, in step S<b>303 , frame analysis section 110 analyzes the frame and transmits frame information to permission list generation section 120 . At this time, the actual frame is output as an output frame via the traffic monitoring section 210 and the communication control section 230 .

Next, in step S<b>304 , the traffic management unit 220 adds data of expected traffic volume to the frame information transmitted by the frame analysis unit 110 . For example, when the traffic volume of 0 Mbps to 5 Mbps is within the range of normal traffic volume, the data "0 Mbps to 5 Mbps" is added.

Next, in step S305, the day-of-week/time management unit 140 further adds the current day-of-the-week and time data to the frame information to which the traffic volume expected value has been added.

Next, in step S306, the permission list generating unit 120 receives the frame information to which the data of the current day of the week and time and the data of the expected traffic value are added, and generates permission list information.

Next, in step S<b>307 , permission list generation section 120 transfers the generated permission list to permission list storage section 130 .

Next, in step S308, permission list storage unit 130 stores the transferred permission list.

Next, in step S309, the security switch 100 determines whether the registration period has expired. If the registration period has expired (S309: Yes), the process proceeds to step S310. If the registration period has not expired (S309: No), the process returns to step S303.

Next, in step S310, the user directly operates the permission list storage unit 130 to generate a permission list for when the communication traffic is out of the communication traffic expected value range, for example, the permission list in FIG. . Note that, for example, if it is predetermined that the permission list when the communication volume is outside the range of the communication volume expected value will be an empty list as shown in FIG. Alternatively, the permission list generation unit 120 may automatically generate a permission list for cases where the communication traffic is out of the communication traffic expected value range.

The operation of using the permission list generated and updated in this manner during the operation period will be described with reference to FIG. 21-2.

First, in step S311, when the security switch 300 receives an input frame during operation, the frame analysis unit 110 extracts frame information by analyzing the received input frame.

Next, in step S<b>312 , the traffic monitoring unit 210 transmits the current traffic to the traffic management unit 220 .

Next, in step S313, the traffic management unit 220 compares the current traffic with the range of expected traffic that is an attribute of the permission list stored in the permission list storage unit 130, and analyzes the frame. The section 110 is instructed to select a traffic volume expected value range corresponding to the current traffic volume. For example, when the current traffic is 2 Mbps, the selection of "normal traffic" is instructed, and when the current traffic is 10 Mbps, the selection of "abnormal traffic" is instructed.

Next, in step S314, the day-of-the-week/time management unit 140 instructs the frame analysis unit 110 to select a day-of-the-week/time range corresponding to the current day-of-the-week/time. For example, if the current time is 12:30 on Monday, the user is instructed to select "Monday-Noon".

Next, in step S315, the frame analysis unit 110 determines the communication volume range selected and instructed by the communication volume management unit 220 in step S313, and the day of the week/time selected and instructed by the day/time management unit 140 in step S314. Refer to the allow list corresponding to the scope. For example, when "normal traffic" is selected in step S313 and "month-daytime" is selected in step S314, the permission list of "month-daytime-normal" is referred to.

Next, in step S316, frame analysis section 110 compares the extracted frame information with the referenced permission list, and determines whether or not they match.

If both match (S316: Yes), the frame analysis unit 110 processes the frame corresponding to the frame information that matches the permission list in accordance with the operation setting instructions for the case of matching with the permission list (step S317). For example, if the setting is “pass, do not notify”, the frame is output by passing the frame through the frame analysis unit 110 .
However, no notification will be given.

When the process of step S317 is completed, the process returns to step S311, and the above operations are repeated for the newly received frame.

If the two do not match (S316: No), the frame analysis unit 110 processes the frame corresponding to the frame information that does not match the permission list according to the instruction of the operation setting when the permission list does not match. (step S318). For example, if the setting is "discard, notify", the frame is discarded and the setting terminal 50 is notified of the discard.

When the process of step S318 is completed, the process returns to step S311, and the above operations are repeated for the newly received frame.

According to the above-described third embodiment, it is possible to allow a specific terminal to communicate only at a certain time on a certain day of the week, thereby further improving security. The reason for this is that the permission list to be referenced from the permission list storage unit is switched for each day of the week and hour, and the frame analysis unit compares and determines with the received frame data. Furthermore, communication control (blocking, detouring, bandwidth control, etc.) can be performed when the communication volume of the regular communication flow exceeds a certain range compared to normal times. The reason for this is that the traffic management unit 220 compares the traffic monitored by the traffic monitoring unit 210 with the traffic during normal times, and if the traffic is out of range, the communication control unit 230 controls the communication.

In the above-described third embodiment, when generating a permission list for a specific day of the week and time, learning is set during the specific day of the week and time at the stage of setting the initial learning period. Instead, for example, the learning period is set to one week, and once a permission list is generated in units of one week, and the permission list in units of one week is divided into units of days of the week and hours by directly operating the permission list storage unit. You may

Each of the security switch, communication terminal, and setting terminal described above can be realized by hardware, software, or a combination thereof. Also, the relay method performed by the security switch, communication terminal, and setting terminal can be realized by hardware, software, or a combination thereof. Here, "implemented by software" means implemented by a computer reading and executing a program.

The program can be stored and delivered to the computer using various types of non-transitory computer readable media. Non-transitory computer-readable media include various types of tangible storage media. Examples of non-transitory computer-readable media include magnetic recording media (e.g., flexible discs, magnetic tapes, hard disk drives), magneto-optical recording media (e.g., magneto-optical discs), CD-ROMs (Read Only Memory), CD- R, CD-R/W, semiconductor memory (eg, mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (random access memory)).

In addition, although the above-described embodiments are preferred embodiments of the present invention, the scope of the present invention is not limited to only the above-described embodiments, and various changes have been made without departing from the gist of the present invention. Any form of implementation is possible.

For example, it is possible to modify each embodiment as follows.

Although the security switch is connected to the Internet in each of the above-described embodiments, it does not necessarily have to be connected to the Internet. Malicious frames generated when, for example, a malicious user connects an unauthorized terminal to the company network can be detected even when not connected to the Internet.

In each of the above-described embodiments, the operating period starts after a predetermined period of time has passed since the registration period started, and the operation continues. In this case, the operation period may be changed to the registration period again, and after a predetermined time has elapsed after the transition, the operation period may be changed again. In other words, the permission list may be updated by performing re-registration.

For example, when a new communication terminal is added after the operating period transitions, the frames related to the added communication terminal may be added to the permission list by performing re-registration. In this case, the permission list may be left blank and recreated from scratch, or new frame information may be added to the existing permission list.

Some or all of the above-described embodiments can also be described in the following supplementary remarks, but are not limited to the following.

(Appendix 1)
A relay device,
storage means for storing a list of frames to be subjected to the first process after being received by the relay device;
analysis means for matching received frames against said list;
When the received frame matches a frame described in the list when collated by the analyzing means, the first process is performed on the received frame, and if the received frame does not match, the received frame is subjected to the first process. and a control means for performing the process of 2,
A relay device, wherein a plurality of said lists exist according to the day of the week and the time, and the analyzing means compares the received frame with the list corresponding to the day of the week and the time of operation.

(Appendix 2)
The relay device according to appendix 1,
In addition to the day of the week and the time, a plurality of the lists exist according to the traffic during operation, and the analyzing means stores the received frame and the list corresponding to the day of the week, time, and traffic during operation. A relay device characterized by collation.

(Appendix 3)
A relay device,
storage means for storing a list of frames to be subjected to the first process after being received by the relay device;
analysis means for matching received frames against said list;
When the received frame matches a frame described in the list when collated by the analyzing means, the first process is performed on the received frame, and if the received frame does not match, the received frame is subjected to the first process. and a control means for performing the process of 2,
A relay device, wherein a plurality of said lists exist according to traffic during operation, and said analyzing means compares said received frame with a list corresponding to said traffic during operation.

(Appendix 4)
The relay device according to any one of Appendices 1 to 3,
The relay device, wherein the first processing includes forwarding the frame to the destination of the frame, and the second processing does not include forwarding the frame to the destination of the frame.

(Appendix 5)
The relay device according to any one of Appendices 2 to 4,
A relay apparatus characterized in that, as the communication amount during operation, a communication amount for each relay apparatus is monitored.

(Appendix 6)
The relay device according to any one of Appendices 2 to 4,
A relay device characterized in that, as the communication traffic during operation, a communication traffic per physical port of the relay device is monitored.

(Appendix 7)
The relay device according to any one of Appendices 2 to 4,
A relay device characterized in that, as the communication traffic during operation, the communication traffic on the day of the week and on the hour unit basis is monitored.

(Appendix 8)
A communication system comprising the relay device according to any one of appendices 1 to 7 and a setting terminal connected to the relay device,
A communication system characterized in that part or all of the contents of each of the processes and the contents of the list are changed according to an operation from a user accepted by the setting terminal.

(Appendix 9)
A relay method used in a relay device,
storing a list of frames to be subjected to a first process after reception by the relay device;
matching received frames against the list;
When the received frame matches a frame described in the list when collated by the analyzing means, the first process is performed on the received frame, and if the received frame does not match, the received frame is subjected to the first process. and a step of processing 2;
A relay method, wherein a plurality of said lists exist according to the day of the week and the time, and the analyzing means compares the received frame with a list corresponding to the day of the week and the time of operation.

(Appendix 10)
A relay program that causes a computer to function as a relay device,
said computer,
storage means for storing a list of frames to be subjected to a first process after being received by the relay device;
analysis means for matching received frames against said list;
When the received frame matches a frame described in the list when collated by the analyzing means, the first process is performed on the received frame, and if the received frame does not match, the received frame is subjected to the first process. and a control means for performing the process of 2,
A relay program in which a plurality of said lists exist according to the day of the week and the time, and the analysis means functions as a relay device for matching the received frame with the list corresponding to the day of the week and time during operation.

INDUSTRIAL APPLICABILITY The present invention is suitable for security measures in relay devices.

10 10-1 10-2 10-3 10-4 10-n Communication terminal 50 Setting terminal 100 200 300 Security switch 110 Frame analysis unit 120 Permission list generation unit 130 Permission list storage unit 140 Day/time management unit 150 Communication control Unit 210 Traffic monitoring unit 220 Traffic management unit 230 Communication control unit 500 Firewall 700 Internet

Claims (11)

A relay device,
a first connection port that connects only to one PLC (Programmable Logic Controller);
a second connection port that connects only to one IoT (Internet Of Things) device;
storage means for storing a first list including information identifying the first or second connection port of the frame to be processed by the first process;
a relay means for relaying communication between the PLC and the IoT device;
matching means for matching a frame received from the first or second connection port with the first list using information identifying the first or second connection port;
control means for performing the first process if the received frame matches the first list as a result of the collation, and notifying an administrator if the received frame does not match;
A relay device. wherein the first process is a process of transferring the received frame to the destination of the received frame;
2. The relay device of claim 1. 3. The relay device according to claim 1, further discarding the received frame if there is no match as a result of the collation. the storage means stores a plurality of lists including information identifying the first or second connection port of the frame to be processed by the first process;
4. The relay device according to any one of claims 1 to 3, wherein said first list is selected from said plurality of lists based on a predetermined condition. the storage means stores three or more lists containing information identifying the first or second connection port of the frame to be processed by the first process;
4. The relay device according to any one of claims 1 to 3, wherein said first list is selected from said plurality of lists based on a predetermined condition. the relay device
Storing a first list including information identifying a first connection port connected only to one PLC or a second connection port connected only to one IoT device of a frame to be processed by the first process. death,
relaying communication between the PLC and the IoT device;
Matching a frame received from the first or second connection port to the first list using information identifying the first or second connection port;
As a result of the collation, if the received frame matches the first list, perform the first process, and if not match, notify an administrator;
Intermediate method for processing. wherein the first process is a process of transferring the received frame to the destination of the received frame;
The relay method according to claim 6. 8. The relay method according to claim 6, further comprising discarding said received frame if there is no match as a result of said collation. In the storing process, a plurality of lists including information identifying the first or second connection port of the frame to be processed by the first process are stored;
9. The relay method according to any one of claims 6 to 8, wherein said first list is selected from said plurality of lists based on a predetermined condition. In the storing process, three or more lists containing information identifying the first or second connection port of the frame to be processed by the first process are stored;
9. The relay method according to any one of claims 6 to 8, wherein said first list is selected from said plurality of lists based on a predetermined condition. to the computer,
Storing a first list including information identifying a first connection port connected only to one PLC or a second connection port connected only to one IoT device of a frame to be processed by the first process. death,
relaying communication between the PLC and the IoT device;
Matching a frame received from the first or second connection port to the first list using information identifying the first or second connection port;
As a result of the collation, if the received frame matches the first list, perform the first process, and if not match, notify an administrator;
A relay program that executes processing.

Images