JP4713881B2 - Tunnel automatic setting device, tunnel automatic setting method, and tunnel automatic setting program - Google Patents

Description

  The present invention relates to a tunnel automatic setting device and a tunnel automatic setting method for automatically setting a virtual link (tunnel) between nodes.

The Internet, which started from the US ARPANET (Advanced Research Projects Agency Network) in 1969, developed and introduced TCP / IP (Transmission Control Protocol / Internet Protocol), the core technology of the Internet, from the 1970s to the 1980s. With the start of commercial services and the development of WWW (World Wide Web) technology, the use expanded explosively. Currently, IPv4 (Internet Protocol Version 4) is mainly used as a network layer protocol in the Internet, but an IPv4 IP address (hereinafter referred to as “IPv4 address”) is 32 bits. As a result of this configuration, IP address exhaustion has become a problem as a result of expanded use. In order to solve this problem, IPv6 (Internet Protocol Version 6) that expands the IP address to 128 bits has been developed. IPv6 not only expanded the IP address to 128 bits compared to IPv4, but also provided standard equipment such as a hierarchical address system that can be aggregated, multicast function, mobility function and security function, and NDP (Neighbor Discovery Protocol, neighbor It has features such as address resolution by a discovery protocol), and convenience is improved.
Although it is desired to migrate IPv6 having such characteristics to the Internet, it is difficult to migrate a large number of nodes such as host computers, server computers, router devices, etc. using IPv4, which is currently widespread, to IPv6 all at once. is there. For this reason, during the transition period from IPv4 to IPv6, the IPv4 network and the IPv6 network coexist. In this coexistence environment, a technique for communicating between networks of the same protocol via networks of other protocols is required. One of them is the application of tunneling.

This tunneling is performed by encapsulating transmission information in a frame or packet of another protocol at a node at the exit of the network to which the source device is connected, passing through the network of another protocol, and entering the network to which the destination device is connected. In this technique, the capsule is unwrapped at the node and the original transmission information is restored. Examples of such tunneling techniques include 6to4, ISATAP, DTCP, and the like (see, for example, Non-Patent Documents 1 and 2).
“RFC2473 Generic Packet Tunneling in IPv6 Specification”, [online], JP-NIC, [searched on January 22, 2003], Internet <http: // rfc-jp. nic. ad. jp / rfc / rfc2473. txt> Yuichiro Tsuji, “6to4 Open Relay Router Operation Experiment”, KDDI R & D Labs., [Search on March 3, 2004], Internet <URL; http: // www. 6to4. jp />

  By the way, in communication using an open network, it is necessary to ensure high security such as personal authentication using a third party organization, data integrity and data confidentiality (confidentiality, confidentiality) The tunneling technologies described above are not sufficiently secure. That is, the above 6to4 and ISATAP are not provided with means for ensuring security. DTCP uses Authenticated Post Office Protocol (APOP) when constructing a tunnel, so it only performs identity verification using a password and performs strict identity authentication using a third-party organization. In other words, so-called impersonation can occur especially when a password is leaked.

  Furthermore, even if all nodes migrate to IPv6, all nodes, especially end nodes may not have a security function or only a part of the security function may occur in terms of cost and performance. obtain. Even in such a case, secure communication may be desired.

  The present invention has been made in view of the above circumstances, and provides a tunnel automatic setting device that automatically constructs a tunnel while improving security by performing mutual authentication through a third-party organization. Objective. And it aims at providing the tunnel automatic setting method applied to such a tunnel automatic setting apparatus. Furthermore, it aims at providing the tunnel automatic setting program of such a tunnel automatic setting method.

In order to achieve the above object, a tunnel automatic setting device for automatically setting a tunnel in a network according to an aspect of the present invention is an automatic setting device identifier that identifies a tunnel automatic setting device, The connection destination of the tunnel is stored in a storage unit that stores an automatic setting device identifier in the tunnel automatic setting device of the connection destination, and an authentication server that manages the public key certificate of the tunnel automatic setting device in association with the automatic setting device identifier. A public key certificate acquisition unit for transmitting an automatic setting device identifier in the tunnel automatic setting device and acquiring a public key certificate in the tunnel automatic setting device of the tunnel connection destination, and a tunnel automatic setting device of the connection destination in the tunnel comprising a tunnel setter configured to set the tunnel after the mutual authentication by using the public key certificate with the It is characterized in.

  The tunnel automatic setting device further includes an input unit that inputs IPsec setting information indicating whether or not to apply IPsec to the tunnel, and the tunnel setting unit includes the tunnel setting unit according to the IPsec setting information. It is characterized by setting a tunnel.

Further, in the above-mentioned tunnel automatic setting device, and further comprising a tunnel deletion unit that deletes the tunnel after the mutual authentication by using the public key certificate and the destination tunnel automatic setting device.

  Further, the above-described automatic tunnel setting device further includes a clock unit for measuring the date and time, and the tunnel setting unit acquires the revocation list of the public key certificate and the clock unit before using the public key certificate. It is characterized in that it is determined whether or not the public key certificate is valid based on the date and time, and when the public key certificate is not valid, the public key certificate is updated.

  The above automatic tunnel setting device further includes a clock unit for measuring the date and time, and the tunnel deletion unit acquires the revocation list of the public key certificate and the clock unit before using the public key certificate. It is characterized in that it is determined whether or not the public key certificate is valid based on the date and time, and when the public key certificate is not valid, the public key certificate is updated.

  In the above tunnel automatic setting device, the clock unit acquires a current date and time from an NTP server in the network, and synchronizes with the acquired date and time.

  Furthermore, in the above-described tunnel automatic setting device, the tunnel setting unit updates the public key certificate at the time of activation.

  In the tunnel automatic setting device described above, the tunnel deleting unit deletes the tunnel when a failure occurs in the tunnel.

  In the above-described automatic tunnel setting device, the tunnel deletion unit may cause the tunnel setting unit to reset the tunnel after deleting the tunnel.

  Furthermore, in the above-described tunnel automatic setting device, the tunnel setting unit can set a plurality of tunnels.

  In order to achieve the above-described object, according to one aspect of the present invention, the self-setting device identifier for identifying the automatic tunnel setting device, the automatic setting device identifier in the tunnel automatic setting device to which the tunnel is connected, and the self-setting device identifier A tunnel automatic setting method in which a tunnel automatic setting device that automatically stores a tunnel internal address automatically sets the tunnel in a network is configured such that an IP address assigned with connection to the network is assigned to the outside of the tunnel from which the tunnel is connected Obtaining the IP address; transmitting the assigned IP address and the self-automatic device identifier to an information server that manages the tunnel external IP address in association with the automatic device identifier; and Automatic setting device identification in the tunnel automatic setting device of the connection destination To the information server, acquiring the tunnel external IP address of the tunnel connection destination, and managing the public key certificate of the automatic tunnel configuration device in association with the automatic configuration device identifier to disclose the automatic tunnel configuration device Transmitting an automatic setting device identifier in a tunnel automatic setting device of a tunnel connection destination to an authentication server that issues a key certificate, and obtaining a public key certificate in a tunnel automatic setting device of a connection destination of the tunnel; Receiving a first type of challenge character string generated by the tunnel automatic setting device of the tunnel connection destination from the tunnel automatic setting device of the tunnel connection destination; and a predetermined calculation method of the first type of challenge character string Encrypt the operation result calculated in step 1 with the public key of your own public key certificate and the private key that composes the encryption key pair. To generate a first type of response character string, and to send the generated first type of response character string to the tunnel automatic setting device connected to the tunnel, and to generate a second type of challenge character string. Transmitting the generated second type challenge character string to the tunnel automatic setting device of the tunnel connection destination, and the tunnel automatic setting device of the tunnel connection destination receiving the second type challenge character string as a predetermined value. By encrypting the calculation result calculated by the calculation method with the public key of the public key certificate of the tunnel automatic setting device and the private key constituting the encryption key pair in the tunnel automatic setting device of the tunnel connection destination, the second type A response character string is generated, and the generated second type response character string is transmitted from the tunnel automatic setting device to which the tunnel is connected. Receiving the second type response character string received from the tunnel automatic setting device of the tunnel connection destination with the public key of the public key certificate of the tunnel automatic setting device in the tunnel automatic setting device of the tunnel connection destination A step of determining whether or not the decrypted decryption result and the computation result obtained by computing the second type challenge character string by the predetermined computation method match, and if they match, the tunnel to which the tunnel is connected And exchanging a tunnel internal address and other setting information necessary for setting the tunnel with the automatic setting device, and setting the tunnel using the setting information.

  In order to achieve the above object, according to one aspect of the present invention, the self-setting device identifier for identifying the automatic tunnel setting device, the automatic setting device identifier in the tunnel automatic setting device to which the tunnel is connected, and the self-setting device identifier A tunnel automatic setting program for automatically setting a tunnel in a network for causing a tunnel automatic setting device that stores a tunnel internal address to execute an IP address assigned with connection to the network. Acquiring as a tunnel external IP address of the connection source, and transmitting the assigned IP address and the self-automatic device identifier to an information server that manages the tunnel external IP address in association with the automatic device identifier To the tunnel auto-configuration device connected to the tunnel Transmitting the automatic setting device identifier to the information server, obtaining the tunnel external IP address of the tunnel connection destination, and managing the public key certificate of the tunnel automatic setting device in association with the automatic setting device identifier The automatic setting device identifier in the tunnel automatic setting device that is the connection destination of the tunnel is transmitted to the authentication server that issues the public key certificate of the automatic setting device, and the public key certificate in the tunnel automatic setting device that is the connection destination of the tunnel is transmitted A step of obtaining, a step of receiving a first type challenge character string generated by the tunnel automatic setting device of the tunnel connection destination from the tunnel automatic setting device of the tunnel connection destination, and the first type of range character string Compiles the result of computation using the specified computation method and configures the public key and encryption key pair of its own public key certificate A first type of response character string is generated by encrypting with a secret key to be transmitted, and the generated first type response character string is transmitted to the tunnel automatic setting device connected to the tunnel; Generating the challenge character string and transmitting the generated second type challenge character string to the tunnel automatic setting device that is the tunnel connection destination, and the tunnel automatic setting device that is the tunnel connection destination is the second type The operation result obtained by calculating the challenge character string by a predetermined calculation method is encrypted with the public key of the tunnel automatic setting device and the secret key constituting the encryption key pair in the tunnel automatic setting device of the tunnel connection destination. To generate a second type of response character string, and the generated second type of response character string Receiving from the tunnel automatic setting device, and the second type response character string received from the tunnel automatic setting device of the tunnel connection destination, the public key certificate of the tunnel automatic setting device in the tunnel automatic setting device of the tunnel connection destination Determining whether the decryption result decrypted with the public key of the certificate matches the computation result obtained by computing the second type challenge character string by the predetermined computation method; Exchanging a tunnel internal address and other setting information necessary for setting the tunnel with the connection-destination tunnel automatic setting device, and setting the tunnel using the setting information. .

  A tunnel automatic setting device, a tunnel automatic setting method, and a tunnel automatic setting program according to the present invention are issued by a public key-based certificate authority that is a third party for a connection source and a destination tunnel automatic setting device for setting a tunnel. Since mutual authentication is performed using a public key certificate, a tunnel can be set up with a genuine tunnel automatic setting device intended to set up a tunnel.

Embodiments according to the present invention will be described below with reference to the drawings. In addition, the structure which attached | subjected the same code | symbol in each figure shows that it is the same structure, The description is abbreviate | omitted. Moreover, when referring generically, it shows with the reference mark which abbreviate | omitted the alphabetic suffix, and shows the reference symbol which attached | subjected the alphabetic suffix when showing an individual structure.
(Configuration of the embodiment)
The present embodiment is an embodiment of a tunnel automatic setting device that can automatically set a tunnel on an IPv4 network between tunnel automatic setting devices in two IPv6 networks. A tunnel set in an IPv4 network in order to enable communication between IPv6 nodes is called an IPv6 over IPv4 tunnel (Tunnel) (hereinafter abbreviated as “6o4 tunnel”).

  FIG. 1 is a diagram illustrating an overall configuration of a network in the embodiment. FIG. 2 is a block diagram showing a configuration of a network including a tunnel automatic setting device. FIG. 3 is a diagram showing a configuration of a setting tunnel management information table in the tunnel automatic setting device. FIG. 4 is a diagram showing the configuration of the provided tunnel setting information table in the information server. FIG. 5 is a diagram showing the configuration of the login authentication information registration table in the registration server. FIG. 6 is a diagram showing the configuration of the automatic setting device principal information registration table in the registration server. FIG. 7 is a diagram illustrating a configuration of a repository in the authentication server.

  In FIG. 1, a network 1 is a communication network in which a plurality of IPv6 networks and a plurality of IPv4 networks coexist.

  In the IPv6 network constituting the network 1, a tunnel automatic setting device (hereinafter abbreviated as “automatic setting device”) that automatically sets a 6o4 tunnel by performing mutual authentication using a third party organization. There is an IPv6 network 2 including 11. The IPv6 network 2 includes, for example, a local area network (LAN) in which one or a plurality of devices or the like are connected by a communication line, and a remote monitoring control device that remotely monitors and controls these devices. Including LAN. In FIG. 1, three IPv6 networks 2-A, 2-B, and 2-C are shown, and each IPv6 network 2-A, 2-B, and 2-C is connected to each automatic setting device 11-. A, 11-B, and 11-C are included.

  Among the IPv4 networks constituting the network 1, there are an ISP network 3 and an ISP network 3 constructed by an Internet service provider (hereinafter abbreviated as “ISP”) to which the automatic setting device 11 is connected. There is a network 4 to be connected. In FIG. 1, the ISP network 3 is shown with three IPv4 ISP networks 3-A, 3-B, 3-C. Each ISP network 3-A, 3-B, 3-C Services for connecting to the Internet are provided to the automatic setting devices 11-A, 11-B, and 11-C, respectively. In each ISP network 3-A, 3-B, 3-C, a DHCP (Dynamic Host Configuration Protocol) server 26 that automatically allocates an unallocated IP address to a client that requests connection to receive a service for connecting to the Internet. -A, 26-B, and 26-C, respectively, and a communicable computer (ISP computer, not shown) that provides a service for connecting to the Internet. The network 4 is a network composed of nodes such as router devices, gateway devices, server computers, and host computers that use IPv4.

  The network 1 includes an information server 21 that provides information necessary for setting the 6o4 tunnel when the automatic setting device 11 automatically sets the 6o4 tunnel, and a public key certificate for the public key of the automatic setting device 11. A registration server 22 that performs personal authentication for issuance and registers and manages information related to the user (automatic setting device 11), and a public key of the automatic setting device 11 that the registration server 22 authenticates and authenticates. An authentication server 23 that issues a public key certificate and an NTP (Network Time Protocol) server 24 that returns a time in response to a request from a client (including the automatic setting device 11 and the authentication server 23) are included.

  The registration server 22 and the authentication server 23 respectively serve as a registration authority (Registration Authority) and a certification authority (Certification Authority) in a so-called Public Key Infrastructure (PKI). By separating the registration server 22 and the authentication server 23 in this way, the authentication server 23 can concentrate hardware resources and software resources in issuing public key certificates, and can reduce the burden. The registration server 22 and the authentication server 23 may be realized by the same computer.

  The network 1 is, for example, a telephone network, a digital communication network, a wireless communication network, and the like, and a communication signal containing information is transmitted using a predetermined communication protocol. In the present embodiment, the network 1 uses HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), POP3 (Post Office Protocol ver. 3), SMTP (Simple Mail Transfer Protocol), Telnet, TCP (Transmission) as communication protocols. The Internet is configured using Internet protocol groups such as Control Protocol (UDP), User Datagram Protocol (UDP), and Internet Protocol (IP). Note that a plurality of versions of IP, that is, version 4 and version 6 are used in this embodiment.

  In this embodiment, the automatic setting device 11 included in the IPv6 network 2 is incorporated in a router device arranged at the boundary between the IPv6 network 2 and another network constituting the network 1 to form the network 1, for example. Routing communication packets transmitted from other networks, communication packets transmitted from the IPv6 network 2 to which the automatic setting device 11 belongs, communication packets transmitted by the automatic setting device 11 itself, and the like (route selection) And a 6o4 tunnel is automatically set up with the automatic setting device 11 in another IPv6 network. In the example shown in FIG. 1, the automatic setting device 11-A in the IPv6-network 2-A is connected to the automatic setting device 11-B in the IPv6-network 2-B, and in the IPv6-network 2-C. IPv6 over IPv4 tunnels 5-AB and 5-AC are automatically set with the automatic setting device 11-C.

  For example, in the example shown in FIG. 2, the automatic setting device 11 is incorporated in a router device of an IPv6 network 2 installed in a building such as a detached house, an apartment house, a public facility, or an office building. The IPv6 network 2 includes an automatic setting device 11, one or more devices 12 (12 -A, 12 -B,...) That operate using electricity as an energy source, and communication that connects the automatic setting device 11 and the device 12. A line 13, for example, Ethernet (registered trademark) is provided to constitute an intranet.

  The device 12 includes a communication unit 81 that communicates with the automatic setting device 11 via the communication line 13, and a function unit 82 that executes the function of the device 12, and the state of the function unit 82 (for example, power supply) (On / off, operating state, failure state, etc.) are transmitted to the remote monitoring and control devices in other networks using the communication unit 81 via the communication line 13 and the automatic setting device 11, and the state of the function unit 82 is also changed. A control command to be controlled is received from a remote monitoring control device or the like in another network using the communication unit 81 via the automatic setting device 11 and the communication line 13, and is controlled according to the control command. The control command is transmitted from a terminal device such as a mobile phone, a PDA (Personal Digital Assistants), or a personal computer that accesses the remote monitoring control device or the like. For example, when the device 12 is a gas meter for measuring the amount of gas used, the function unit 82 is a measuring function for measuring the amount of gas used. In addition to the gas meter, the device 12 includes, for example, an electric meter that measures the amount of electricity used, a meter such as a water meter that measures the amount of water used, a dwelling environment such as a lighting fixture and an air conditioner, and an office environment. Devices, smoke sensors, sensors such as temperature sensors and humidity sensors, dwelling equipment such as electronic lock devices, home appliances such as televisions, video tape recorders, DVD recorders and washing machines, information processing devices such as computers, telephones And communication equipment such as a facsimile machine, and medical equipment such as a pulse meter, a thermometer, a blood oximeter, and an electrocardiograph.

  As shown in FIG. 2, the automatic setting device 11 includes a local area network side interface unit (hereinafter abbreviated as “LAN side interface unit”) 51, a control unit 52, a storage unit 53, and an input unit. 54 and a wide area network side interface unit (hereinafter abbreviated as “WAN side interface unit”) 55.

  The LAN-side interface unit 51 is an interface circuit that transmits and receives communication signals to and from the device 12 in the IPv6 network 2 to which the automatic setting device 11 belongs. For example, a network card such as an Ethernet card It is. The input unit 54 stores various information such as IPsec (IP security) setting information indicating whether or not to apply IPsec to the 6o4 tunnel, and an automatic setting device identifier in the connection destination automatic setting device 11 that sets the 6o4 tunnel. A device that inputs data to the automatic setting device 11, such as a dip switch, a jumper switch, or a numeric keypad. In addition, when the input unit 54 is an input device such as a numeric keypad or a keyboard, it is preferable to further include a display unit such as a liquid crystal display device in order to confirm input contents. The WAN-side interface unit 55 is an interface circuit that transmits and receives communication signals to and from other networks that constitute the network 1, and is, for example, a modem such as a 56K modem, a terminal adapter, or an ADSL modem.

  The storage unit 53 includes a tunnel setting information storage unit 71 that stores tunnel setting information, a security information storage unit 72 that stores security information, and a setting tunnel management information storage unit 73 that stores setting tunnel management information. Various programs such as a tunnel automatic setting program for automatic setting, a program for using the Internet, a routing program for routing communication packets, and information related to tunnel setting and information generated during execution of various programs Etc. are stored. The storage unit 53 includes, for example, a volatile memory such as a RAM (Random Access Memory) and a nonvolatile memory such as a ROM (Read Only Memory) or a rewritable EEPROM (Electrically Erasable Programmable Read Only Memory). Composed.

  The tunnel setting information is information stored in advance that is necessary for automatically setting a tunnel. In this embodiment, the tunnel setting information is assigned in advance to identify the IP address of the information server 21 and the automatic setting device 11. Unique (unique) identifier (automatic setting device identifier). The automatic setting device identifier is, for example, a symbol string composed of one or a plurality of symbols. In the present embodiment, the automatic setting device identifier is also used as IPv6 address generation information (including a prefix and the like) of the automatic setting device 11. For this reason, since the IPv6 address generation information of the automatic setting device 11 is stored at the manufacturing stage, the shipping stage, and the like, the manufacturing company can manage the IPv6 address generation information of the automatic setting device 11.

  When the 6o4 tunnel is automatically set, the tunnel internal IP address of the connection source for setting the 6o4 tunnel (in the case of a network including a plurality of IP addresses, additional information related to the network such as an IP address and a prefix length). Hereinafter, the network is also referred to as a tunnel internal IP address.) And a tunnel external IP address and a tunnel internal IP address and a tunnel external IP address of a connection destination are required. The tunnel internal IP address corresponds to the IP address of the IP header in the communication packet to be encapsulated (encapsulated), that is, the IP address of the IP header in the communication packet accommodated in the payload of the communication packet after encapsulation. The address corresponds to the IP address of the IP header in the communication packet after encapsulation. In this embodiment, since the IPv6 over IPv4 tunnel is automatically set, the IPv6 address of the connection source (corresponding to the tunnel internal IP address), the IPv4 address (corresponding to the tunnel external IP address), and the IPv6 address of the connection destination (tunnel internal IP address) And an IPv4 address (corresponding to the tunnel external IP address). The connection source IPv6 address is generated from the connection source automatic setting device identifier. As will be described later, the connection source IPv4 address is stored in the ISP network 3 when the connection source automatic setting device is connected to the ISP network 3. Assigned by the DHCP server. Similarly, the IPv6 address of the connection destination is generated from the automatic setting device identifier of the connection destination. As will be described later, the IPv4 address of the connection destination is the ISP network when the connection destination automatic setting device is connected to the ISP network 3. 3 assigned by a DHCP server. Then, the connection source automatic setting device acquires the IPv4 address of the connection destination from the information server 21.

  The security information is information necessary for performing personal authentication using a third party organization, and includes information stored in advance and information stored by an operation described later. The information stored in advance includes the IP address of the registration server 22, the IP address of the authentication server 23, the IP address of the NTP server 24, a set of ID and password for logging in to the registration server 22, and IPsec. The IPsec-related information necessary in this case, and the information stored by the operation described later includes the encryption key pair of the automatic setting device 11, the public key certificate of the automatic setting device 11, and the public key certificate of the authentication server 23 And the public key certificate of the connection destination automatic setting device 11. As will be described later, the IPsec-related information includes a source port number, a destination port number, a transport layer protocol, an action, a security protocol, an encapsulation mode, an encryption algorithm, and an authentication algorithm in this embodiment.

  The set tunnel management information is information related to the 6o4 tunnel set between the opposite connection destination automatic setting device 11, and the connection source tunnel internal IP address and tunnel external IP address, and the connection destination tunnel internal IP address and tunnel. And at least an external IP address.

  In this embodiment, the set tunnel management information includes the tunnel name for identifying the 6o4 tunnel, the tunnel internal IP address and the tunnel external IP address in the connection source automatic setting device 11, and the automatic in the connection destination automatic setting device 11. A setting device identifier, a tunnel internal IP address and a tunnel external IP address, IPsec setting information, and tunnel setting state information indicating a setting state of the 6o4 tunnel whether the 6o4 tunnel has been set or is being deleted. The set tunnel management information is stored in a table format, for example, as shown in FIG. 3, and the set tunnel management information table 101 for registering the set tunnel management information is a management number field for registering a management number for identifying each record. 110, a tunnel name field 111 for registering a tunnel name, a connection source tunnel external IP address field 113 for registering a tunnel external IP address in the connection source automatic setting device 11, and a tunnel internal IP in the connection source automatic setting device 11 Connection source tunnel internal IP address field 114 for registering the address, connection destination automatic setting device identifier field 115 for registering the automatic setting device identifier in the connection destination automatic setting device 11, and tunnel external IP in the connection destination automatic setting device 11 Register an address Destination tunnel external IP address field 116, connection source tunnel internal IP address field 117 for registering the tunnel internal IP address in the connection destination automatic setting device 11, IPsec setting information field 118 for registering IPsec setting information, and tunnel setting And a tunnel setting state information field 119 for registering state information, and a record is created for each tunnel name, that is, for each set 6o4 tunnel.

  As described above, the automatic setting apparatus 11 includes the setting tunnel management information table 101, and by managing each 6o4 tunnel, a plurality of 6o4 tunnels can be simultaneously set to a plurality of other automatic setting apparatuses 11. Then, the control unit 52 operates a plurality of 6o4 tunnels set at the same time in a time division manner. Further, by providing the setting tunnel management information table 101 with the tunnel setting state information field 119, the 6o4 tunnel has been set by referring to the information in the tunnel setting state information field 119 from the terminal device via the network 1, for example. Or whether it is being deleted.

  When various information and various programs are not stored in the storage unit 53, the various information and various programs are stored in a drive (not shown) using a recording medium such as a CD-ROM or DVD-ROM that records them. You may install via an apparatus, or you may install by downloading via the network 1 from the server which manages these various information and various programs.

  The control unit 52 controls the entire automatic setting device 11 by executing various programs to perform communication packet routing, 6o4 tunnel automatic setting, and the like, and functionally routing a communication packet. 61, a tunnel setting unit 62 that sets one or a plurality of 6o4 tunnels, a connection destination tunnel internal IP address generation unit 63 that generates a tunnel internal IP address in the connection destination automatic setting device 11, and a public key that manages public key certificates The certificate management unit 64 includes a tunnel deletion unit 65 that deletes the set 6o4 tunnel, and a clock unit 66 that measures the date and time. For example, the control unit 52 includes a microprocessor.

  The information server 21 is a communicable server computer that provides information necessary for setting the tunnel when the automatic setting device 11 automatically sets the 6o4 tunnel. The information server 21 sets the 6o4 tunnel to be provided in the storage unit. Provided tunnel setting information storage unit for storing necessary information (provided tunnel setting information) in association with the automatic setting device identifier.

  The provided tunnel setting information is at least a tunnel external address. For example, as shown in FIG. 4, the provision tunnel setting information table 102 which is stored in a table format and registers provision tunnel setting information includes a management number field 121 for registering a management number for identifying each record, and an automatic setting device identifier. And an external tunnel IP address field 124 for registering a tunnel external IP address, and a record is created for each automatic configuration apparatus identifier.

  The registration server 22 is a communicable server computer that authenticates the person with respect to the issuance of the public key certificate for the public key of the automatic setting device 11 and registers and manages information about the person (automatic setting device 11). A login authentication information registration table storage unit that stores a login authentication information registration table in advance, and an automatic setting device personal information registration table storage unit that stores an automatic setting device personal information registration table.

  The login authentication information registration table registers in advance the ID and password of the automatic setting device 11 set in the automatic setting device 11 that permits login to the registration server 22. As shown in FIG. 5, for example, the login authentication information registration table 103 includes a management number field 131 for registering a management number for managing each record, and an ID field for registering an ID (Identification) for identifying the automatic setting device 11. 132, and a password field 133 for registering a password used for identifying whether the user is an authorized user in combination with the ID, and a record is created for each ID.

  The automatic setting device personal information registration table is a table for registering information (automatic setting device personal information) related to the automatic setting device 11 authenticated by the registration server 22 in order for the authentication server 23 to issue a public key certificate. In the embodiment, a public key for verifying a digital signature of the automatic setting device 11 (a public key of the automatic setting device 11) and information related to the automatic setting device 11 (automatic setting device personal information). In the present embodiment, the automatic setting device identity information is, for example, the automatic setting device identifier of the automatic setting device 11, the address of the installation location, the name of the person in charge of handling, and the contact information of the person in charge. Therefore, in the present embodiment, for example, as shown in FIG. 6, the automatic setting device personal information registration table 104 includes a management application number field 141 for registering a management number for managing each record, and the automatic setting device 11. Each field includes a public key field 142 for registering a public key and an automatic setting device principal information field 143 for registering automatic setting device principal information. A record is created for each public key of the automatic setting device 11. . The automatic setting device identification information field 143 includes an automatic setting device identifier field 1431 for registering the automatic setting device identifier of the automatic setting device 11, an installation location address field 1432 for registering the address of the installation location of the automatic setting device 11, and automatic setting. Each of the sub-fields includes a person name field 1433 for registering the name of the person in charge who handles the device 11 (including the company name of the management company) and a contact field 1434 for registering the contact information of the person in charge. The Here, the contact address is a destination of communication means using the network 1 such as a telephone number, a facsimile number, and an e-mail address.

  The authentication server 23 is a communicable server computer that issues a public key certificate to the public key of the automatic setting device 11 that the registration server 22 authenticates and authenticates. Information related to the public key certificate of the server 23, that is, an authentication server public key certificate storage unit that stores the public key certificate and expiration date of the authentication server 23, a repository storage unit that stores a repository, and a certificate revocation list are stored And a self-signing encryption key pair storage unit for storing a self-signing encryption key pair to be described later. The authentication server 23 includes a clock unit that acquires the current time from the NTP server 24 and adjusts the internal clock to this time.

  The repository is a table that registers the public key certificate of the automatic setting device 11 in association with the automatic setting device identifier of the automatic setting device 11. The format of the public key certificate is PKCS # 6 (Extended-Certificate Syntax Standard) or ITU (International Telecommunication Union). There are various types such as X.509. For example, as shown in FIG. 7, the repository 105 has a management number field 151 for registering a management number for managing each record, an automatic setting device identifier (corresponding to the owner of the public key). And a public key certificate field 153 for registering the public key certificate of the automatic setting device 11, and a record is created for each automatic setting device 11. Here, X. The public key certificate according to 509 includes the public key certificate serial number, the digital certificate algorithm, the public key algorithm, the start date of the valid period represented by year / month / day / hour / minute / second, and year / month / day / hour / minute / second. The valid period ends, the public key, the standard version of the public key certificate, the certificate issuer, the certificate owner, and the signature by the authentication server 23.

  The certificate revocation list (revocation list, Certificate Revocation List, CRL) is a list of revoked public key certificates. More specifically, a list of serial numbers of revoked public key certificates The certificate authority that issued the discarded public key certificate has a digital signature.

  The authentication server 23 issues a public key certificate that has been digitally signed with respect to the public key of the automatic setting device 11, but the secret key of the authentication server 23 is necessary to perform the digital signature. It is necessary to distribute the public key of the authentication server 23 constituting the private key and the encryption key pair to the automatic setting device 11. This is because a certain automatic setting device 11 is necessary for verifying the public key certificate of another automatic setting device 11. When distributing the public key of the authentication server 23, the automatic setting device 11 needs to determine whether or not the public key of the distributed authentication server 23 is authentic. In this embodiment, the authentication server 23 itself employs a self-signature that digitally signs the public key of the authentication server 23. The public key certificate that the authentication server 23 itself has digitally signed the public key of the authentication server 23 is the public key certificate of the authentication server 23. Here, an encryption key pair for performing a self-signature is referred to as a self-signature encryption key pair, and the secret key and the public key are referred to as a self-signature secret key and a self-signature public key, respectively. . This self-signature public key serves as a public key for verifying the public key certificate of the authentication server 23. In this embodiment, the self-signature is adopted. However, the public key of the authentication server 23 is obtained by another public key infrastructure certificate authority, for example, a government public key infrastructure (GPKI) certificate authority. You may comprise so that it may authenticate.

  The NTP server 24 is a communicable server computer that returns time in response to a request from a client. The NTP generally has a hierarchical structure in which another NTP server or host computer and the NTP server are at the top, and the top NTP server obtains the standard time from an accurate clock such as an atomic clock or GPS, and the lower host A computer (including a subordinate NTP server) refers to it and synchronizes the nodes in the network by adjusting the time in its own clock at that time. The automatic setting device 11 and the authentication server 23 can acquire the date and time from the NTP server 24, and can synchronize with the acquired date and time by matching a clock, for example, a software clock, provided therein. .

Next, the operation of this embodiment will be described.
(Operation of the embodiment)
First, a public key certificate acquisition process for the automatic setting apparatus 11 to have the authentication server 23 issue a public key certificate will be described. This public key certificate acquisition processing is processing performed in advance before the automatic setting device 11 automatically sets the 6o4 tunnel. The public key certificate is data issued by the authentication server 23 and is data certifying that the public key of the automatic setting device 11 for digital signature verification is authentic.

  FIG. 8 is a sequence diagram showing the operation of the public key certificate acquisition process. FIG. 9 is a flowchart showing an operation in the public key certificate issuance process of the automatic setting device. FIG. 10 is a flowchart showing an operation in the public key certificate storing process of the automatic setting device.

  In FIG. 8, the public key certificate management unit 64 in the control unit 52 of the automatic setting device 11 includes a public key (public key of the automatic setting device 11) and a private key (private key of the automatic setting device 11) in public key cryptography. The encryption key pair is generated (S11).

  With public key cryptography (asymmetric key cryptography), data encrypted with a private key can only be decrypted with the corresponding public key (the public key that constitutes the private key and encryption key pair), and encrypted with the public key. The encrypted data can be decrypted only with the corresponding secret key (the secret key constituting the public key and the encryption key pair). Usually, the public key is a key that is widely disclosed among the encryption key pairs, and the secret key is a key that is strictly managed and concealed so that only the principal can be understood among the encryption key pairs. Since public key cryptography does not require the transport of keys over a secure path, key management is easier than common key cryptography (symmetric cryptography and secret key cryptography) where encryption and decryption are performed using the same key. High safety.

  There are various types of public key cryptosystems using various algorithms, for example, RSA (Rivest-Shamir-Adleman) system, ElGamal system, Rabin system, and elliptic curve cryptosystem. In public key cryptography, when data is encrypted to ensure data confidentiality, the sender encrypts the data with the public key and the receiver decrypts it with the private key. In the case of a digital signature to be performed, the signer encrypts data with a private key (corresponding to creation of a signature), and the verifier decrypts it with a public key (corresponding to signature verification). Then, by authenticating the signer's public key with a trustworthy certificate authority (issuing the public key certificate), the device side that has received the public key with the public key certificate can authenticate the public key. You can trust that it is your public key.

  Next, the public key certificate management unit 64 of the automatic setting device 11 uses the automatic setting device 11 created in step S11 so that the registration server 22 performs personal authentication and the authentication server 23 issues a public key certificate. A communication signal (public key certificate issuance request signal) that accommodates the public key and the automatic setting device identity information of the automatic setting device 11 is created (S12).

  Then, the public key certificate management unit 64 of the automatic setting device 11 receives the Internet connection service by connecting to the ISP network 3 and accesses the registration server 22 using the IP address of the registration server 22 of the security information storage unit 72. Then, the ID and password that are set and stored in advance are transmitted to the registration server 22 and logged in to the registration server 22 (S13). The registration server 22 refers to the login authentication information registration table 103 to determine whether or not the pair of ID and password transmitted from the automatic setting device 11 is registered in the login authentication information registration table 103. In this case, it is recognized that the automatic setting device 11 is valid, and the login of the automatic setting device 11 is permitted. If it is not registered, login is refused and the connection is terminated.

  Next, when the login is successful, the automatic setting device 11 transmits a public key certificate issuance request signal to the registration server 22 in order to obtain a public key certificate for the public key of the automatic setting device 11 (S14). Upon receiving the public key certificate issuance request signal, the registration server 22 adds a new management number to the automatic setting device principal information registration table 104, adds a new record, and is accommodated in the public key certificate issuance request signal. The public key of the automatic setting device 11 and the automatic setting device principal information are registered in the public key field 142 and the automatic setting device principal information field 143 in the newly added record (S15).

  In the present embodiment, the fact that the automatic setting device 11 that requests issuance of a digital signature is a genuine automatic setting device 11 (so-called identity verification) means that the automatic setting device 11 logs into the registration server 22 as described above. Judging by being possible. The reliability of the public key certificate depends on the reliability of the authentication server 23. In particular, the reliability of the identity verification is important. In this embodiment, however, the manufacturing company or the sales company of the automatic setting device 11 are automatically set by the automatic setting device 11. The ID and password pair is incorporated in the automatic setting device 11 in advance before sale, or is distributed to the purchaser by mail or telephone, thereby ensuring the reliability of this identity verification. In the case of mail or telephone, the ID and password are stored in the automatic setting device 11 from the input unit 54.

  Further, from the viewpoint of preventing password leakage and further improving the reliability of identity verification, a one-time password technique may be used in the processing of step S13. In this one-time password technology, first, a server (registration server 22 in this embodiment) sends a random character string (challenge character string) that becomes a “seed” of an authentication character string to a client (automatic setting device 11 in this embodiment). And send this challenge character string, the client performs an operation according to a predetermined procedure using the challenge character string and the password, returns the operation result (authentication character string, response character string) to the server, and the server generates This is a technique for determining whether the client is a legitimate client by verifying the response character string returned from the client using the challenge character string and the stored password. Further, from the viewpoint of improving the reliability of identity verification, processing is performed when the IP address of the automatic setting device 11 is further registered in the login authentication information registration table 103 in association with the ID and a public key certificate issuance request signal is received. In step S13, the IP address corresponding to the ID permitted to log in is searched from the login authentication information registration table 103, and a communication signal (person himself / herself) asking whether or not a public key certificate issuance request signal having the searched IP address as a destination is transmitted. Confirmation of identity may be performed by transmitting a confirmation signal) and receiving a reply that the public key certificate issuance request signal has been transmitted.

  Next, the registration server 22 requests the authentication server 23 to issue a public key certificate to the automatic setting device 11 that has transmitted the public key certificate issuance request signal. A communication signal (issue request signal) containing the setting device identifier and the public key of the automatic setting device 11 is created and transmitted to the authentication server 23 (S16). In the present embodiment, the registration server 22 is configured to unconditionally transmit the issuance request signal to the authentication server 22 when receiving the public key certificate issuance request signal. For the sake of clarity, the public key certificate issuance request signal further contains information requesting the authentication server 23 to issue a public key certificate, and the registration server 22 includes this information in the public key certificate issuance request signal. When it is accommodated, an issue request signal may be transmitted to the authentication server 22.

  When the authentication server 23 receives the issuance request signal from the registration server 22, the authentication server 23 trusts the personal authentication for the automatic setting device 11 of the registration server 22, and immediately issues a public key certificate issuance process for the public key of the automatic setting device 11. (S17).

  The public key certificate issuance process will be described in more detail. In FIG. 9, the authentication server 23 first refers to the authentication server public key certificate storage unit so that the public key certificate of the authentication server 23 exists. It is determined whether or not it is effective (S21). It is determined whether or not the public key certificate of the authentication server 23 exists and whether or not the public key certificate of the authentication server 23 is within the validity period, and in the certificate revocation list. This is done by determining whether or not it is listed. If it is within the expiration date and not on the certificate revocation list, it is determined to be valid, and if it is out of the expiration date or is on the certificate revocation list, it is determined not to be valid. .

  As a result of the determination, if the public key certificate of the authentication server 23 does not exist or is not valid (No), the authentication server 23 uses the encryption necessary for creating the public key certificate of the automatic setting device 11. An authentication server is generated by generating a key pair (public key and private key of the authentication server 23) (S22) and digitally signing the public key of the authentication server 23 newly generated in step S22 using the self-signature private key 23 is created (S23), the created public key certificate of the authentication server 23 is stored in the authentication server public key certificate storage unit (S24), and the newly created authentication server 23 is published. The key certificate is distributed to all automatic setting apparatuses 11 (S25). This distribution is performed, for example, by setting the automatic setting device 11 in a state in which the public key certificate of the authentication server 23 can be acquired from the authentication server 23. This obtainable state is realized, for example, by installing the public key certificate of the authentication server 23 at a location that can be accessed without authentication via a Web server or an LDAP server. In the present embodiment, since the signature is a self-signature, the authentication server 23 created the public key certificate of the authentication server 23 in step S23. However, if another certificate authority performs a digital signature, The other certificate authority is requested to issue a public key certificate for the public key generated in step S22. In the operation shown in FIG. 9, the self-signing encryption key pair is valid, but a process for checking the validity of the self-signing encryption key pair may be further added.

  On the other hand, if the public key certificate of the authentication server 23 exists and is valid as a result of the check (Yes), and a new public key certificate of the authentication server 23 is created by executing the processing S22 to S25. In this case, the authentication server 23 creates the public key certificate of the automatic setting device 11 using the encryption key pair of the authentication server 23. That is, the authentication server 23 uses the private key of the authentication server 23 to digitally sign the public key of the automatic setting device. Furthermore, in other words, the authentication server 23 adds the signature of the authentication server 23 to the public key of the automatic setting device 11 with the secret key of the authentication server 23 (S26). Next, the authentication server 23 registers the created public key certificate of the automatic setting device 11 in the repository 105 in association with the automatic setting device identifier (S27). That is, the serial number in the public key certificate of the automatic setting device 11, the algorithm of the digital certificate, the algorithm in the public key, the start time of the valid period represented by year / month / day / hour / minute / second, and year / month / day / hour / minute / second. End of validity period, public key, public key certificate standard version, certificate issuer, certificate owner, and public key certificate including signature by authentication server 23 are automatically set device identifier (encryption In the repository 105 in association with the key pair owner).

  As the automatic setting device 11, the registration server 22, and the authentication server 23 operate as described above, a public key certificate is issued by the authentication server 23 to the public key of the encryption key pair generated by the automatic setting device 11.

  Returning to FIG. 8, when the automatic setting device 11 desires to issue the public key certificate, the automatic setting device 11 automatically discloses the automatic setting device identifier of the automatic setting device 11 and the automatic setting device 11. A communication signal (delivery request signal) containing information requesting the issuance of the key certificate is transmitted to the authentication server 23 (S18), and when the authentication server 23 receives this issuance request signal, the authentication server 23 The repository 105 is searched based on the automatic setting device identifier contained in the request signal, and the communication signal (delivery signal) containing the public key certificate of the automatic setting device 11 is sent to the automatic setting device 11 based on the search result. Transmit (S19). When the public key certificate management unit 64 of the automatic setting device 11 receives this communication signal accommodating the public key certificate of the automatic setting device 11 from the authentication server 23, the public key certificate storage unit 64 of the automatic setting device 11 performs the storage process. Perform (S20).

  The storage process of the public key certificate of the automatic setting device will be described in more detail. In FIG. The key certificate is verified (S31). The public key certificate management unit 64 of the automatic setting device 11 compares the public key of the automatic setting device 11 obtained by the verification of this processing S31 with the public key of the automatic setting device generated in the processing S11 of FIG. It is determined whether or not they match (S32). As a result of the determination, if the public key certificate management unit 64 of the automatic setting device 11 does not match (does not match), the public key certificate acquisition process from the process S11 of FIG. 8 is performed again (S34). For coincidence, it is determined whether or not the public key certificate of the automatic setting device 11 is valid (S33). As a result of the determination, the public key certificate management unit 64 of the automatic setting device 11 executes the process S34 when it is not valid (No), and on the other hand when it is valid (Yes). The public key certificate is stored (S35).

  By performing such an operation, the automatic setting device 11 can acquire the public key certificate of the automatic setting device 11 from the authentication server 23. Here, by configuring such public key certificate acquisition processing when the automatic setting device 11 is started, the generation of the encryption key pair is performed each time, so that the security can be improved. . In this embodiment, the authentication server 23 issues the public key certificate of the automatic setting device 11 after receiving the grant request signal from the automatic setting device 11. It may be configured so that it is issued immediately when the is issued.

  Here, in the issuance processing of the public key certificate for the public key of the automatic setting device 11 executed by receiving the issuance request signal from the registration server 22, the authentication server 23 has the public key certificate of the authentication server 23. The validity of the public key certificate of the authentication server 23 is also periodically checked. If the validity is not valid, the public key certificate of the authentication server 23 is updated. is doing. The update process for the public key certificate of the authentication server for updating the public key certificate of the authentication server 23 performed periodically will be described.

  FIG. 11 is a sequence diagram showing an operation in the update process for the public key certificate of the authentication server. FIG. 12 is a flowchart showing an operation in the update process for the public key certificate of the authentication server.

  In FIG. 11, when it is time to perform an update process on the public key certificate of the authentication server 23, the authentication server 23 contains a communication signal containing information requesting the NTP server 24 for the date and time for synchronization. (Time request signal) is transmitted (S41). When receiving the time request signal, the NTP server 24 returns a communication signal (time reply signal) containing the current date and time to the authentication server 23 (S42).

  Upon receiving the time reply signal, the authentication server 23 synchronizes the internal clock with the date and time contained in this signal, and performs an update process on the public key certificate of the authentication server 23 (S43). .

  The update process for the public key certificate of the authentication server 23 will be described in more detail. In FIG. 12, the authentication server 23 first refers to the authentication server public key certificate storage unit, thereby It is determined whether the certificate is valid (S51). This validity check is performed by determining whether the public key certificate of the authentication server 23 is within the expiration date and whether it is on the certificate revocation list.

  If the result of the determination is that it is not valid (No), the authentication server 23 performs encryption key pair generation processing (S52), performs public key certificate generation processing of the authentication server 23 (S53), and authenticates the authentication server. 23 is stored (S54), public key distribution processing of the newly created authentication server 23 is performed (S55), and the process is terminated. Since these processes S52 to S55 are the same as the processes S22 to S25 described with reference to FIG. 9, the description thereof is omitted. On the other hand, if the result of the determination is that it is valid (Yes), the authentication server 23 ends the process.

  By operating in this way, the authentication server 23 appropriately synchronizes with the time of the NTP server 24 and synchronizes with each node in the network 1, thereby appropriately adjusting the validity of the public key certificate of the authentication server 23. Judgment can be made. If the public key certificate of the authentication server 23 is not valid, the authentication server 23 acquires a new public key certificate of the authentication server 23 and updates the public key certificate of the authentication server 23. .

  Next, tunnel automatic setting processing for automatically setting a tunnel using the authentication server 23 will be described. The tunnel automatic setting process is an initial process for registering information necessary for automatically setting a tunnel to exchange information with another automatic setting device 11 in the information server 21, and a tunnel construction process for automatically setting a tunnel. And tunnel deletion processing for automatically deleting a tunnel.

  FIG. 13 is a sequence diagram showing the operation of the initial process in the tunnel automatic setting process. 14 to 18 are sequence diagrams (No. 1 to No. 5) showing the operation of the tunnel construction process in the automatic tunnel setting process. FIG. 19 is a flowchart showing the operation of the tunnel construction process in the tunnel automatic setting process. FIG. 20 is a sequence diagram showing an operation in the update process for the public key certificate of the automatic setting device. FIG. 21 is a flowchart showing the operation of the usability determination process in the public key certificate of the automatic setting device.

  First, the initial process of the tunnel automatic setting process will be described. In FIG. 13, for example, when the power of the automatic setting device 11 is turned on and the IPsec setting information and the automatic setting device identifier in the automatic setting device 11 to which the 6o4 tunnel is connected are input from the input unit 54, The tunnel setting unit 62 in the control unit 52 transmits a connection request to the ISP network 3 (S61). In the ISP network 3, upon receiving a connection request, the ISP computer allocates an IPv4 address to the automatic setting device 11 using the DHCP server 26, and provides an Internet connection service such as the allocated IPv4 address and default route information. Necessary information is transmitted to the automatic setting device 11, and an Internet connection service is started (S62).

  Next, the tunnel setting unit 62 of the automatic setting device 11 uses the Internet connection service of the ISP network 3 to access the information server 21 using the IP address of the information server 21 in the tunnel setting information storage unit 71 and automatically Create a communication signal (tunnel external IP address setting information signal) containing a setting device identifier, a tunnel external IP address, and information indicating that registration of these information is requested in the provided tunnel setting information table 102 and send it to the information server 21 Transmit (S63). The tunnel external IP address is the IPv4 address allocated by the DHCP server 26 in step S62. Upon receiving the tunnel setting information signal, the information server 21 creates a new record and registers the automatic setting device identifier and the tunnel external IP address accommodated in the tunnel external IP address setting information signal in the provided tunnel setting information table 102 (S64).

  By operating in this way, a tunnel external IP address necessary for setting the 6o4 tunnel is assigned, and the assigned tunnel external IP address is registered in the information server 21 and centrally managed collectively. In particular, it is possible to cope with a case where the tunnel external IP address is changed every time a 6o4 tunnel is set, as in the case of dial-up connection or the like.

  Next, the tunnel setting unit 62 of the automatic setting device 11 uses the tunnel internal IP address generation unit 63 to allocate an IPv6 address of the LAN side interface unit 51 in the automatic setting device 11 according to a predetermined procedure. Thus, an IPv6 address (tunnel internal IP address) is created (S65).

  The predetermined procedure for generating the IPv6 address may be any procedure as long as it is a non-overlapping global address. However, in this embodiment, since the automatic setting device identifier is IPv6 address generation information, the creation of the IPv6 address is For example, the IPv6 address is generated by using the network prefix of the IPv6 address generation information included in the automatic setting device identifier as it is as the network prefix of the IPv6 address to be generated and further adding the interface ID. Any interface ID may be used as long as the interface ID does not overlap with the interface ID of another device connected to the network 2, but in this embodiment, the interface ID included in the IPv6 address allocated to the LAN side interface unit 51 is , All 0.

  Next, the tunnel setting unit 62 of the automatic setting device 11 sets the IPv6 address generated by the tunnel internal IP address generation unit 63 as the IP address (tunnel internal IP address) of the LAN side interface unit 51 (S66).

  Next, the tunnel setting unit 62 of the automatic setting device 11 activates an RA daemon that performs router advertisement (Router Advertisement) for the router device (the automatic setting device 11 in this embodiment) to notify the host computer under its control. (S67). Next, the tunnel setting unit 62 of the automatic setting device 11 activates an IKE daemon that performs IKE (Internet Key Exchange) (S68). IKE is a protocol that is used for setting IPsec and that generates and manages SA (Security Association). Then, the tunnel setting unit 62 of the automatic setting device 11 performs tunnel construction processing (S69).

  Next, tunnel construction processing of tunnel automatic setting processing will be described. 14 to 18, the tunnel setting unit 62 in the control unit 52 of the connection source automatic setting device 11 performs an update process for updating the public key certificate of the automatic setting device 11 (S101). Thus, since the automatic setting device 11 performs the update process, it is possible to improve security, and it is possible to continue automatic setting of the 6o4 tunnel with a valid public key certificate.

  The update process for the public key certificate of the automatic setting device 11 will be described in more detail. In FIG. 20, the tunnel setting unit 62 of the automatic setting device 11 uses the clock unit 66 in the control unit 52 to receive a time request containing information indicating that the date and time are requested from the NTP server 24 for synchronization. A signal is transmitted (S201). When receiving the time request signal, the NTP server 24 returns a time reply signal containing the current date and time to the automatic setting device 11 (S202). When receiving the time reply signal, the clock unit 66 of the automatic setting device 11 sets the internal clock with the date and time stored in the signal (S203).

  By operating in this way, the automatic setting device 11 adjusts the clock of the clock unit 66 to the date and time of the NTP server 24. For example, the automatic setting device 11 that does not have a backup power supply is turned off, Even when the clock of the automatic setting device 11 is out of order due to poor accuracy, the automatic setting device 11 can synchronize the authentication server 23 with the current time. Therefore, it is possible to appropriately determine the validity of the public key certificate of the authentication server 23 and the validity of the public key certificate of the automatic setting device 11.

  Next, the tunnel setting unit 62 of the automatic setting device 11 creates a communication signal (authentication server public key certificate issuance request signal) containing information indicating that the authentication server 23 requests the issuance of the public key certificate. It transmits to the authentication server 23 (S204). Upon receiving the authentication server public key certificate grant request signal, the authentication server 23 receives a communication signal (authentication server public key certificate) containing the public key certificate of the authentication server 23 stored in the authentication server public key certificate storage unit. A document delivery signal) is generated and returned to the automatic setting device 11 (S205).

  When receiving the authentication server public key certificate grant signal, the tunnel setting unit 62 of the automatic setting device 11 determines whether or not the public key certificate of the authentication server 23 accommodated in this signal is valid (S206). This determination as to whether or not it is valid is performed by determining whether or not the time of the clock unit 66 is within the valid period described in the acquired public key certificate of the authentication server 23. Is determined to be effective. If it is not valid, the process is executed again from step S201 after a predetermined time has elapsed.

  Next, the tunnel setting unit 62 of the automatic setting device 11 uses the public key certificate management unit 64 of the control unit 52 to determine availability of the public key certificate of the automatic setting device 11. (S207), the update process is terminated, and a process S102 described later in the tunnel construction process is performed.

  The availability determination process for the public key certificate of the automatic setting device 11 will be described in more detail. In FIG. It is determined whether 11 public key certificates exist (S211).

  As a result of the determination, if the public key certificate of the automatic setting device 11 does not exist (No), the public key certificate management unit 64 of the automatic setting device 11 sends the public key certificate of the automatic setting device 11 from the authentication server 23. In order to obtain the certificate, an issuance request signal containing information requesting issuance of the automatic setting device identifier of the automatic setting device 11 and the public key certificate of the automatic setting device 11 is transmitted to the authentication server 23 (S212). . When the public key certificate management unit 64 of the automatic setting device 11 receives a reply from the authentication server 23 that receives the reply of the delivery reply signal containing the public key certificate of the automatic setting device 11 (S213), the public key certificate management unit 64 performs the process S214. Execute. On the other hand, when the public key certificate of the automatic setting device 11 exists as a result of the determination (Yes), the public key certificate management unit 64 of the automatic setting device 11 executes the process S214.

  In step S214, the public key certificate management unit 64 of the automatic setting device 11 determines whether or not the public key certificate of the automatic setting device 11 is valid. This determination as to whether or not the certificate is valid is made by determining whether or not the public key certificate of the automatic setting device 11 is within the expiration date and whether or not it is on the certificate revocation list.

  As a result of the determination, if it is not valid (No), the public key certificate management unit 64 of the automatic setting device 11 performs the above-described public key certificate acquisition process described with reference to FIG. 8 (S215), Continue the tunnel construction process. On the other hand, if the result of the determination is that it is valid (Yes), the public key certificate management unit 64 of the automatic setting device 11 continues the tunnel construction process (S216).

  As described above, the tunnel setting unit 62 in the control unit 52 of the connection source automatic setting device 11 operates to perform update processing for updating the public key certificate of the connection source automatic setting device 11.

  14 to 18, the tunnel setting unit 62 in the control unit 52 of the connection source automatic setting device 11 connects to the information server 21 using the IP address of the information server 21 in the tunnel setting information storage unit 71. Then, a communication signal (connection destination tunnel external IP address request signal) containing information for requesting the automatic setting device identifier of the connection destination automatic setting device 11 and the tunnel external IP address of the connection destination automatic setting device 11 is created. To the information server 21 (S102). When the information server 21 receives this connection destination tunnel external IP address request signal, the tunnel external IP corresponding to this automatic setting device identifier is provided from the provided tunnel setting information table 102 based on the automatic setting device identifier accommodated in this signal. The address is searched (S103). Then, the information server 21 creates an automatic setting device identifier and a communication signal (connection destination tunnel external IP address reply signal) containing the tunnel external IP address corresponding to the searched automatic setting device identifier. 11 (S104). Here, if the automatic setting device identifier accommodated in the connection destination tunnel external IP address request signal is not in the provided tunnel setting information table 102 in the process S102, the information server 21 uses the tunnel corresponding to the automatic setting device identifier. Information indicating that there is no external IP address (non-registration information) is accommodated in a connection destination tunnel external IP address reply signal and returned to the automatic setting device 11. Non-registration information is represented by a symbol string such as “***”, “vacant”, “Null”, and the like.

  Next, when the tunnel setting unit 62 in the connection source automatic setting device 11 receives the connection destination tunnel external IP address reply signal, whether or not the connection destination tunnel external IP address accommodated in this signal is valid. Is determined (S105). This determination as to whether or not it is valid is performed by determining whether or not non-registration information is accommodated in the connection destination tunnel external IP address return signal instead of the connection destination tunnel external IP address. If it is not information, it is determined to be valid, and if it is unregistered information, it is determined not to be valid.

  If the result of the determination is that it is not valid, it is determined that the connection-destination automatic setting device 11 has not executed the initial processing described with reference to FIG. 13, and the processing is returned to step S102 after a predetermined time has elapsed. If it is valid, the tunnel setting unit 62 in the connection source automatic setting device 11 establishes a connection with the connection destination automatic setting device 11 by, for example, a three-way handshake, and automatically connects the connection destination. The setting device is connected to be communicable (S106). In the three-way handshake, the transmission source host computer (in this embodiment, the connection source automatic setting device) transmits a communication start request to the transmission destination host computer (in this embodiment, the connection destination automatic setting device) ( First step) If the destination host computer is OK for communication, an acknowledgment is returned (second step), and the source host computer sends a connection establishment notification to the destination host computer. (Third step) is a procedure for establishing a connection.

  The tunnel setting unit 62 in the control unit 52 of the connection destination automatic setting device 11 performs update processing for updating the public key certificate of the automatic setting device 11 (S107). Since this update process is the same as the above-described update process described with reference to FIGS. 20 and 21, the description thereof is omitted.

  When the connection is established, the tunnel setting unit 62 in the automatic setting device 11 of the connection source creates a communication signal (automatic setting device identifier notification signal) that accommodates the automatic setting device identifier of the automatic setting device 11 to automatically connect the connection destination. It transmits to the setting apparatus 11 (S108).

  When this automatic setting device identifier notification signal is received from the connection source automatic setting device 11, the tunnel setting unit 62 in the connection destination automatic setting device 11 accommodates the automatic setting device identifier of itself (connection destination automatic setting device 11). A communication signal (automatic setting device identifier notification signal) is generated and transmitted to the automatic setting device 11 of the connection source (S109).

  Next, each of the connection source and connection destination automatic setting devices 11 obtains the public key certificate of the other automatic setting device 11, and whether or not the obtained public key certificate of the other dynamic setting device 11 is authentic. There are two ways to obtain this public key certificate.

  First, a method for obtaining the public key certificate of the other automatic setting device 11 from the authentication server in the automatic setting device 11 of the connection source and the connection destination will be described.

  The tunnel setting unit 62 in the connection destination automatic setting device 11 includes information indicating that the automatic setting device identifier in the connection source automatic setting device 11 and the public key certificate in the connection source automatic setting device 11 are requested to be issued. The accommodated communication signal (grant request signal) is created and transmitted to the authentication server 23 (S110).

  Upon receiving this grant request signal, the authentication server 23 refers to the repository 105 based on the received automatic request device identifier of the grant request signal, and the automatic setting device corresponding to the automatic setting device identifier in the connection source automatic setting device 11. 11 public key certificates are searched (S111). The authentication server 23 creates a communication signal (delivery signal) that accommodates the public key certificate of the searched connection source automatic setting device 11 and sends it back to the connection destination automatic setting device 11 (S112).

  When receiving this grant signal, the tunnel setting unit 62 in the connection destination automatic setting device 11 uses the public key certificate of the authentication server 23 to check whether the public key certificate of the connection source automatic setting device 11 is authentic. (S113).

  Further, when receiving this automatic setting device identifier notification signal from the connection destination automatic setting device 11 (S109), the tunnel setting unit 62 in the connection source automatic setting device 11 causes the automatic setting device 11 in the connection destination automatic setting device 11 to perform automatic setting. A communication signal (grant request signal) containing the identifier and information indicating that a public key certificate is requested in the connection destination automatic setting device 11 is created and transmitted to the authentication server 23 (S114).

  Upon receipt of this grant request signal, the authentication server 23 refers to the repository 105 based on the received automatic request device identifier of the grant request signal, and the automatic setting device corresponding to the automatic setting device identifier in the connection destination automatic setting device 11. 11 public key certificates are searched (S115). The authentication server 23 creates a communication signal (grant signal) that accommodates the public key certificate of the connection-destination automatic setting device 11 that has been searched, and sends it back to the connection-source automatic setting device 11 (S116).

  Upon receiving this grant signal, the tunnel setting unit 62 in the connection source automatic setting device 11 uses the public key certificate of the authentication server 23 to determine whether the public key certificate of the connection destination automatic setting device 11 is authentic. (S117).

  Next, a method of obtaining the other public key certificate by exchanging the public key certificate of the automatic setting device 11 with each other between the connection source and the connection destination automatic setting device 11 will be described.

  The tunnel setting unit 62 in the connection source automatic setting device 11 creates a communication signal (public key certificate notification signal) containing the public key certificate of the automatic setting device 11 of itself (connection source automatic setting device 11). To the connection destination automatic setting device 11 (S118).

  The tunnel setting unit 62 in the connection destination automatic setting device 11 that has received the public key certificate notification signal from the connection source automatic setting device 11 automatically connects the connection source contained in the received public key certificate notification signal. It is verified whether the public key certificate of the setting device 11 is authentic by using the public key certificate of the authentication server 23 (S119). Then, the tunnel setting unit 62 in the connection-destination automatic setting device 11 determines the result verified in the process S118, whereby the public key certificate of the connection-source automatic setting device 11 is authentic. It is determined whether or not it is a certificate (S120). In the present embodiment, since the public key certificate of the authentication server 23 is a self-signature, the reliability of the public key of the automatic setting device 11 is improved by performing such processing S120.

  The tunnel setting unit 62 in the connection destination automatic setting apparatus 11 creates and transmits a communication signal (determination result notification signal) containing the determination result to the connection source automatic setting apparatus 11 (S121). If it is not a public key certificate, it is determined that the connection-source automatic setting device 11 is not a genuine automatic setting device 11, and this processing is terminated. On the other hand, if it is determined that the certificate is a genuine public key certificate, the tunnel setting unit 62 in the connection destination automatic setting device 11 has the public key of the automatic setting device 11 of itself (connection destination automatic setting device 11). A communication signal (public key certificate notification signal) containing the certificate is transmitted to the automatic setting device 11 of the connection source (S122).

  The tunnel setting unit 62 in the connection-source automatic setting device 11 that has received this public key certificate notification signal from the connection-destination automatic setting device 11 automatically connects the connection destination accommodated in the received public key certificate notification signal. It is verified whether the public key certificate of the setting device 11 is authentic using the public key certificate of the authentication server 23 (S123). Then, the tunnel setting unit 62 in the connection-source automatic setting device 11 determines the result verified in the process S123, so that the public key certificate of the connection-destination automatic setting device 11 is authentic. It is determined whether it is a certificate (S124).

  The tunnel setting unit 62 in the connection source automatic setting device 11 creates and transmits a communication signal (determination result notification signal) containing the determination result to the connection destination automatic setting device 11 (S125). If it is not a public key certificate, it is determined that the connection-destination automatic setting device 11 is not a genuine automatic setting device 11, and this processing is terminated. On the other hand, if the result of the determination is that the certificate is a genuine public key certificate, the tunnel setting unit 62 in the connection source automatic setting device 11 randomly generates a challenge character string (S126). Then, the connection-source automatic setting device 11 creates a communication signal (challenge character string notification signal) that accommodates the generated challenge character string and transmits it to the connection-destination automatic setting device 11 (S127).

  When the tunnel setting unit 62 in the connection destination automatic setting device 11 receives the challenge character string notification signal, the tunnel calculation unit 62 determines a challenge character string accommodated in this signal with the automatic setting device 11 in advance. The response character string is generated by encrypting the calculation result with the private key of the automatic setting device 11 of the own (connection destination automatic setting device 11) (the secret key of the connection destination automatic setting device 11) ( S128). The predetermined calculation method may be any calculation method. For example, in the present embodiment, the predetermined calculation method is a one-way hash function. Therefore, the tunnel setting unit 62 in the connection destination automatic setting device 11 obtains a hash value of the challenge character string, and generates a response character string by encrypting the obtained hash value with the private key of its own automatic setting device 11. To do. Next, the tunnel setting unit 62 in the connection destination automatic setting device 11 creates a communication signal (response character string notification signal) containing the response character string and transmits it to the connection source automatic setting device 11 (S129).

  When the tunnel setting unit 62 in the connection source automatic setting device 11 receives the response character string notification signal, the tunnel character setting unit 62 stores the calculation result obtained by calculating the challenge character string generated in step S126 by the above-described predetermined calculation method. Is compared with the decryption result obtained by decrypting the response character string being decrypted with the public key of the connection destination automatic setting device 11 included in the public key certificate of the connection destination automatic setting device 11 to determine whether or not they match. (S130).

  The tunnel setting unit 62 in the connection source automatic setting device 11 creates and transmits a communication signal (determination result notification signal) containing the determination result to the connection destination automatic setting device 11 (S131). If not, it is determined that the connection-destination automatic setting device 11 is not a genuine automatic setting device 11, and this processing is terminated. On the other hand, if they match as a result of the determination, the tunnel setting unit 62 in the connection source automatic setting device 11 continues the process described later.

  When the determination result notification signal is received, the tunnel setting unit 62 in the connection destination automatic setting device 11 randomly generates a challenge character string (S132), and creates a challenge character string notification signal that accommodates the generated challenge character string. To the connection source automatic setting device 11 (S133).

  When the tunnel setting unit 62 in the connection source automatic setting device 11 receives this challenge character string notification signal, the tunnel setting unit 62 calculates the challenge character string accommodated in this signal by the above-described predetermined calculation method, and calculates the calculation result of its own. A response character string is generated by encrypting with the private key of the automatic setting device 11 (the private key of the automatic setting device 11 of the connection destination) (S134). Next, the tunnel setting unit 62 in the connection-source automatic setting device 11 creates a response character string notification signal that accommodates the response character string and transmits it to the connection-destination automatic setting device 11 (S135).

  When the tunnel setting unit 62 in the connection destination automatic setting device 11 receives the response character string notification signal, the tunnel setting unit 62 stores the calculation result obtained by calculating the challenge character string generated in step S132 by the above-described predetermined calculation method and the signal. Is compared with a decryption result obtained by decrypting the response character string being decrypted with the public key of the connection source automatic setting device 11 included in the public key certificate of the connection source automatic setting device 11 to determine whether or not they match. (S136). The tunnel setting unit 62 in the connection destination automatic setting device 11 creates and transmits a determination result notification signal containing the determination result to the connection source automatic setting device 11 (S137). Then, it is determined that the connection source automatic setting device 11 is not a genuine automatic setting device 11, and this processing is terminated. On the other hand, as a result of the determination, if they match, the tunnel setting unit 62 in the connection destination automatic setting device 11 continues the process described later.

  As described above, in the present embodiment, the challenge / response authentication technology is used with the encryption key pair as a password.

  By executing the processes S101 to S137, the connection source automatic setting device 11 and the connection destination automatic setting device 11 perform mutual authentication using the authentication server 23, which is a third party organization.

  If the mutual authentication is successful, the tunnel setting unit 62 in the connection source automatic setting device 11 and the tunnel setting unit 62 in the connection destination automatic setting device 11 exchange information necessary for setting the 6o4 tunnel with each other. That is, the tunnel setting unit 62 in the connection source automatic setting device 11 instructs the tunnel external IP address, the tunnel internal IP address and its prefix length, the IPsec setting information, and the tunnel construction in its own automatic setting device 11. A communication signal (tunnel construction instruction signal) containing the above information is generated and transmitted to the connection destination automatic setting device 11 (S138). A connection source by creating a communication signal (tunnel construction instruction signal) containing a tunnel external IP address, a tunnel internal IP address and its prefix length, IPsec setting information, and information for instructing tunnel construction in the setting device 11 To the automatic setting device 11 (S139). Here, the tunnel internal IP address and its prefix length are information necessary for setting an IPsec security policy.

  The tunnel setting unit 62 in the connection source automatic setting device 11 determines whether or not a 6o4 tunnel can be set based on the stored information (S140). The determination as to whether or not the tunnel can be set is the presence or absence of the connection source tunnel external address, the connection source tunnel internal IP address, the connection destination tunnel external IP address, the connection destination tunnel internal IP address, and the IPsec setting information. If any of these pieces of information is missing, it is determined that the 6o4 tunnel cannot be set. As a result of the determination, if it is determined that the connection is not possible, the tunnel setting unit 62 in the connection source automatic setting device 11 creates a communication signal (determination result notification signal) that accommodates the determination result, and the connection destination automatic setting device. 11 (S149), and the process for automatically setting the 6o4 tunnel is terminated. On the other hand, if it is determined as a result of the determination, the tunnel setting unit 62 in the connection source automatic setting device 11 creates a communication signal (determination result notification signal) that accommodates the determination result to automatically connect the connection destination. It transmits to the setting apparatus 11 (S141).

  On the other hand, the tunnel setting unit 62 in the connection destination automatic setting device 11 determines whether or not the 6o4 tunnel can be set based on the stored information (S142). If it is determined as a result of the determination that the determination is impossible, the tunnel setting unit 62 in the connection destination automatic setting device 11 creates a communication signal (determination result notification signal) that accommodates the determination result, and the connection source automatic setting device. 11 (S155), and the process for automatically setting the 6o4 tunnel is terminated. On the other hand, if it is determined as a result of the determination, the tunnel setting unit 62 in the connection destination automatic setting device 11 creates a communication signal (determination result notification signal) that accommodates the determination result to automatically connect the connection source. It transmits to the setting apparatus 11 (S143).

  When receiving the determination result notification signal containing the determination result that it is determined that the 6o4 tunnel can be set from the other automatic setting device 11, the tunnel setting unit 62 in the connection source and connection destination automatic setting devices 11 Each process of canceling the connection is performed (S144). When the connection is canceled, the tunnel setting unit 62 in the connection-source automatic setting device 11 and the tunnel setting unit 62 in the connection-destination automatic setting device 11 perform tunnel construction processing for building a 6o4 tunnel, respectively (S145, S146). .

  This tunnel construction process will be described in more detail. In FIG. 19, the tunnel setting unit 62 in the control unit 52 of the automatic setting device 11 generates a tunnel name of a 6o4 tunnel that is to be automatically set according to a predetermined procedure ( S151).

  The predetermined procedure for generating the tunnel name may be any procedure as long as the tunnel name is not generated redundantly, such as a procedure for assigning numerical values in sequence or a procedure for assigning alphabets in order, but in this embodiment, This is a procedure in which alphabets are sequentially added to “6o4” which is an abbreviation of IPv6 over IPv4 tunnel indicating the type of tunnel.

  Next, the tunnel setting unit 62 in the control unit 52 of the automatic setting device 11 determines whether or not to set IPsec by referring to the IPsec setting information contained in the tunnel construction instruction signal (S152). As a result of the determination, when IPsec is not set (not set), the tunnel setting unit 62 of the automatic setting device 11 executes processing S155 described later.

  On the other hand, when IPsec is set (set) as a result of the determination, the tunnel setting unit 62 of the automatic setting device 11 sets a security policy (Security Policy) that defines a method of processing IP packets for the tunnel to be constructed ( S153). That is, the tunnel setting unit 62 of the automatic setting device 11 registers a security policy database (hereinafter referred to as “SPD”) that associates and registers an IP packet processing method and information (selector) for specifying an IP packet. The created SPD is stored in the storage unit 53. The selector is a security policy number, a source IP address, a destination IP address, a source port number, a destination port number, and a transport layer protocol. A policy that specifies a method for processing an IP packet is a method for processing an IP packet (action ), Security protocol, encapsulation mode, input / output direction transmission, IP address of the source side security gateway, and destination IP address of the destination side security gateway. The processing method of the IP packet is discarding of the IP packet, passage of non-IPsec application, and passage of IPsec application. These are set for the tunnel to be built. That is, when the connection source automatic setting device 11 sets a security policy with the connection destination automatic setting device 11 such that the input / output direction is out of the security policy, the security policy number is set. Are sequentially assigned numbers, the source IP address is set with the tunnel internal IP address and its prefix length in the connection source automatic setting device 11, and the destination IP address is the connection destination automatic acquired in step S139. The tunnel internal IP address and its prefix length in the setting device 11 are set, and the source port number, destination port number, transport layer protocol, action, security protocol, and encapsulation mode (for example, in this embodiment, fixed to the tunnel mode) Is stored in the automatic setting device 11. 53 is set based on the IPsec-related information stored in advance in 53, and the tunnel external IP address in the automatic setting device 11 of the connection source is set to the IP address of the transmission source side security gateway, and the destination IP address of the destination side security gateway Is set with the tunnel external IP address in the connection destination automatic setting device 11 accommodated in the connection destination tunnel external IP address return signal acquired from the information server 21 in step S104. The IP packet processing method is set to pass IPsec application. When the connection source automatic setting device 11 sets a security policy with the connection destination automatic setting device 11 such that the input / output direction of the security policy is in, the security policy number includes: Numbers are assigned in order, the tunnel internal IP address and its prefix length in the connection destination automatic setting device 11 acquired in step S139 are set as the source IP address, and the connection source automatic setting device is set as the destination IP address. 11, the tunnel internal IP address and the prefix length thereof are set, and the source port number, the destination port number, the transport layer protocol, the action, the security protocol, and the encapsulation mode (for example, in this embodiment, the tunnel mode is fixed). ) In the storage unit 53 of the automatic setting device 11 The IP address of the source side security gateway is set based on the stored IPsec related information, and the connection destination automatic IP address reply signal acquired from the information server 21 in step S104 is stored in the connection destination automatic. The tunnel external IP address in the setting device 11 is set, the tunnel external IP address in the connection source automatic setting device 11 is set in the destination IP address of the destination side security gateway, and the IPsec application method is applied to IPsec. Pass is set. On the other hand, when the connection destination automatic setting device 11 sets a security policy with the connection destination automatic setting device 11 such that the input / output direction is out of the security policy, the security policy number is set. Are sequentially assigned numbers, the source IP address is set with the tunnel internal IP address and its prefix length in the connection destination automatic setting device 11, and the destination IP address is set in the connection source automatic setting device in step S138. 11, the tunnel internal IP address and its prefix length in the connection source automatic setting device 11 transmitted from 11 are set, and the source port number, destination port number, transport layer protocol, action, security protocol, and encapsulation mode (for example, this In the embodiment, the mode is fixed to the tunnel mode. Is set based on IPsec-related information stored in advance in the storage unit 53 of the automatic setting device 11, and the tunnel external IP address in the automatic setting device 11 of the connection destination is set as the IP address of the transmission source side security gateway. The destination IP address of the destination side security gateway is automatically set as the connection source acquired from the connection information established between the connection source automatic setting device 11 and the connection destination automatic setting device 11 in the tunnel construction process. A tunnel external IP address in the device 11 is set. The IP packet processing method is set to pass IPsec application. When the connection destination automatic setting device 11 sets a security policy with the connection destination automatic setting device 11 such that the input / output direction is in, of the security policy, the security policy number includes: Numbers are assigned in order, the tunnel internal IP address and its prefix length in the connection source automatic setting device 11 acquired in step S138 are set as the source IP address, and the connection destination automatic setting device is set as the destination IP address. 11, the tunnel internal IP address and its prefix length are set, and the transmission source port number, destination port number, transport layer protocol, action, security protocol, and encapsulation mode (for example, in this embodiment, the tunnel mode is fixed). ) In the storage unit 53 of the automatic setting device 11 The IP address of the source side security gateway is set between the connection-source automatic setting device 11 and the connection-destination automatic setting device 11 in the tunnel construction process. The tunnel external IP address in the connection source automatic setting device 11 acquired from the connection information is set, and the tunnel external IP address in the connection destination automatic setting device 11 is set in the destination IP address of the destination side security gateway.

  Next, the tunnel setting unit 62 of the automatic setting device 11 establishes a security association (Security Association, hereinafter abbreviated as “SA”) from the connection source to the connection destination and from the connection destination to the connection source (S154). . That is, for each of the SA from the connection source to the connection destination and the SA from the connection destination to the connection source, the tunnel setting unit 62 of the automatic setting device 11 presents and determines the encryption algorithm and exchanges the encryption key using IKE. The negotiation is performed to determine the SA, and the determined SA is registered in a security association database (hereinafter abbreviated as “SAD”). The SAD is stored in the storage unit 53. The encryption algorithm presented using IKE is a common key encryption method such as DES-CBC, 3DES-CBC, CAST-128, RC-5, IDEA, and Blowfish.

  Next, the tunnel setting unit 62 of the automatic setting device 11 includes the tunnel name generated in step S151, the IP address allocated by the DHCP server 26 in step S153 (connection source tunnel external IP address), and the connection source tunnel internal IP address. The connection destination automatic setting device identifier input from the input unit 54 and stored in the storage unit 53, the connection destination tunnel external IP address acquired from the information server 21 in the process 103, the connection destination tunnel internal IP address generated in the process S151, The IPsec setting information input from the input unit 54 and stored in the storage unit 53, and “set” that is information indicating the setting are registered in the corresponding fields of the setting tunnel management information table 101 (S155). .

  Then, the tunnel setting unit 62 of the automatic setting device 11 determines whether or not the constructed tunnel can be normally used (S156). As a result of the determination, the automatic setting device 11 starts operation of the 6o4 tunnel when it is normally usable (Yes) (S157), and when it is not normally usable (No), the automatic setting device 11 starts the tunnel from the process S61. The automatic setting process is performed again (S158). For example, the tunnel setting unit 62 of the automatic setting device 11 transmits a ping to the constructed 6o4 tunnel, and determines whether or not a reply is received. If a ping reply is received, it is determined that the constructed 6o4 tunnel has been successfully constructed. If a ping reply is not received, the constructed 6o4 tunnel is not constructed normally. It is judged that

  The tunnel setting unit 62 in the connection source automatic setting device 11 and the tunnel setting unit 62 in the connection destination automatic setting device 11 execute such processing S151 to S158, respectively, thereby creating a 6o4 tunnel and using the 6o4 tunnel. Communication is possible.

  Then, when setting a plurality of 6o4 tunnels, the automatic setting device 11 executes the initial processing of processing S61 to processing S68, and then performs processing S101 to processing S146 (including tunnel construction processing of processing S151 to processing S155). The tunnel construction process is executed for each 6o4 tunnel. For example, as shown in FIG. 1, when the automatic setting device 11-A sets 6o4 tunnels between the automatic setting device 11-B and the automatic setting device 11-C, the automatic setting device 11-A First, initial processing of processing S61 to processing S68 is executed, and then tunnel construction processing of processing S101 to processing S146 is executed with the automatic setting device 11-B to set 6o4 tunnel 5-AB. And the tunnel construction process of process S101 thru | or process S146 is performed between the automatic setting apparatuses 11-C, and 6o4 tunnel 5-AC is set. The automatic setting device 11-A may set the 6o4 tunnel 5-AB after setting the 6o4 tunnel 5-AC, and the order of setting the 6o4 tunnel is arbitrary.

  As described above, the automatic setting device 11 can automatically set the 6o4 tunnel after performing mutual authentication using a third party organization. This prevents a 6o4 tunnel from being set up with the unintended automatic setting device 11 such as impersonation. Further, since IPsec can be used, highly secure communication can be performed.

  The use of IPsec can be selected for each 6o4 tunnel by inputting from the input unit 54 and registered in the set tunnel management information table 101 for each 6o4 tunnel. Since IPsec can be used, the amount of information processing of the automatic setting device 11 can be reduced and the load on the automatic setting device 11 can be reduced when performing communication.

  When the use of the 6o4 tunnel is terminated, tunnel disconnection processing for automatically disconnecting the tunnel using the authentication server 23 is executed.

  Next, tunnel disconnection processing will be described. 22 to 26 are sequence diagrams (No. 1 to No. 5) showing the operation of the tunnel deletion process in the tunnel automatic setting process.

  22 to 26, the tunnel deletion unit 65 in the control unit 52 of the automatic setting device 11 that is the disconnection source firstly sets the tunnel setting state information of the record corresponding to the 6o4 tunnel to be disconnected in the set tunnel management information table 101. In the field 119, “disconnecting”, which is information indicating that the 6o4 tunnel is being disconnected, is registered (S303).

  Next, the tunnel deletion unit 65 of the automatic setting device 11 that is the disconnection source performs update processing for updating the public key certificate of the automatic setting device 11 in order to check the validity of the public key certificate of the automatic setting device 11. (S304). Since this update process is the same as the above-described update process described with reference to FIGS. 20 and 21, the description thereof is omitted.

  Next, the tunnel deletion unit 65 in the disconnection-source automatic setting device 11 creates a communication signal (disconnection start notification signal) containing information indicating that disconnection of the 6o4 tunnel is started, and sends the communication signal to the disconnection-destination automatic setting device 11. Transmit (S305).

  When receiving the disconnection start notification signal, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination updates the public key certificate of the automatic setting device 11 in order to check the validity of the public key certificate of the automatic setting device 11. Update processing is performed (S306). Since this update process is the same as the above-described update process described with reference to FIGS. 20 and 21, the description thereof is omitted. Then, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination creates a communication signal (disconnection approval notification signal) that contains information that acknowledges the start of tunnel disconnection, and returns the communication signal to the automatic setting device 11 that is the disconnection source. (S307).

  When the disconnection approval notification signal is received, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source creates an automatic setting device identifier notification signal and transmits it to the automatic setting device 11 that is the disconnection destination (S308).

  When this automatic setting device identifier notification signal is received from the automatic setting device 11 that is the disconnection source, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination stores the automatic setting device identifier of itself (the automatic setting device 11 that is the disconnection destination). A communication signal (automatic setting device identifier notification signal) to be generated is generated and transmitted to the automatic setting device 11 that is the disconnection source (S309).

  Next, the automatic setting device 11 of the cutting source and the cutting destination respectively obtain the public key certificate of the other automatic setting device 11 and check whether the obtained public key certificate of the other dynamic setting device 11 is authentic. There are two methods for obtaining this public key certificate.

  First, a method of obtaining the public key certificate of the other automatic setting device 11 from the authentication server in the automatic setting device 11 of the cutting source and the cutting destination will be described.

  The tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination creates an issuance request signal and sends it to the authentication server 23 in order to receive the public key certificate from the automatic setting device 11 that is the disconnection source (S310).

  Upon receiving this delivery request signal, the authentication server 23 refers to the repository 105 based on the received automatic request device identifier of the delivery request signal, and the automatic setting device corresponding to the automatic setting device identifier in the automatic setting device 11 that is the disconnection source. 11 public key certificates are searched (S311). The authentication server 23 creates a delivery signal based on the search result and returns it to the automatic setting device 11 that is the cutting destination (S312).

  Upon receiving this grant signal, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination uses the public key certificate of the authentication server 23 to determine whether the public key certificate of the automatic setting device 11 that is the disconnection source is authentic. (S313).

  Further, when this automatic setting device identifier notification signal is received from the automatic setting device 11 of the disconnection destination (S309), the tunnel deletion unit 65 in the automatic setting device 11 of the disconnection source public key certification in the automatic setting device 11 of the disconnection destination In order to receive the certificate, a certificate request signal is generated and transmitted to the authentication server 23 (S314).

  Upon receiving this delivery request signal, the authentication server 23 refers to the repository 105 based on the received automatic setting device identifier of the delivery request signal, and the automatic setting device corresponding to the automatic setting device identifier in the automatic setting device 11 to be disconnected. 11 public key certificates are searched (S315). The authentication server 23 creates a delivery signal based on the search result and sends it back to the automatic setting device 11 that is the cutting source (S316).

  When receiving this delivery signal, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source uses the public key certificate of the authentication server 23 to determine whether or not the public key certificate of the automatic setting device 11 that is the disconnection destination is authentic. (S317).

  Next, a method of obtaining the other public key certificate by exchanging the public key certificate of the automatic setting device 11 with each other in the automatic setting device 11 of the cutting source and the cutting destination will be described.

  The tunnel deletion unit 65 in the disconnection-source automatic setting device 11 creates a public key certificate notification signal of itself (disconnection-source automatic setting device 11) and transmits it to the disconnection-destination automatic setting device 11 (S318).

  The tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination that has received this public key certificate notification signal from the automatic setting device 11 that is the disconnection source automatically disconnects the disconnection source that is accommodated in the received public key certificate notification signal. It is verified whether the public key certificate of the setting device 11 is authentic by using the public key certificate of the authentication server 23 (S319). Then, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination judges the result verified in the process S319, so that the public key certificate of the automatic setting device 11 that is the disconnection source automatic setting device 11 is authentic. It is determined whether it is a certificate (S320).

  The tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination creates and transmits a determination result notification signal to the automatic setting device 11 that is the disconnection source (S321), and when the determination result shows that the certificate is not a genuine public key certificate. Determines that the automatic setting device 11 that is the cutting source is not a genuine automatic setting device 11, and ends this processing. On the other hand, if the result of the determination is that the certificate is a genuine public key certificate, the tunnel deletion unit 65 in the automatic setting device 11 at the disconnection destination sends the public key certificate notification signal of itself (the automatic setting device 11 at the disconnection destination). The data is transmitted to the automatic setting device 11 that is the cutting source (S322).

  The tunnel deletion unit 65 in the automatic setting device 11 that has received the public key certificate notification signal from the automatic setting device 11 that is the disconnection destination automatically disconnects the disconnection destination that is accommodated in the received public key certificate notification signal. It is verified whether the public key certificate of the setting device 11 is authentic by using the public key certificate of the authentication server 23 (S323). Then, the tunnel deletion unit 65 in the disconnection-source automatic setting device 11 determines the result verified in the process S323, and thereby the public key certificate of the automatic setting device 11 in which the public key certificate of the disconnection-destination automatic setting device 11 is authentic is authentic. It is determined whether it is a certificate (S324).

  The tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source creates and transmits a determination result notification signal to the automatic setting device 11 that is the disconnection destination (S325), and when the determination result shows that the certificate is not a genuine public key certificate. Determines that the automatic setting device 11 to be cut is not a genuine automatic setting device 11, and ends this processing. On the other hand, as a result of the determination, if it is a genuine public key certificate, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source randomly generates a challenge character string (S326). Then, the tunnel deletion unit 65 in the disconnection-source automatic setting device 11 creates a challenge character string notification signal and transmits it to the disconnection-destination automatic setting device 11 (S327).

  When the tunnel deletion unit 65 in the automatic setting device 11 to be disconnected receives the challenge character string notification signal, the predetermined character calculation method negotiated with the automatic setting device 11 in advance for the challenge character string accommodated in this signal. The response character string is generated by encrypting the calculation result with the private key of the automatic setting device 11 of itself (the automatic setting device 11 at the cutting destination) (the private key of the automatic setting device 11 at the cutting destination). S328). Next, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination creates a response character string notification signal and transmits it to the automatic setting device 11 that is the disconnection source (S329).

  Upon receiving the response character string notification signal, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source stores the calculation result obtained by calculating the challenge character string generated in step S326 by the above-described predetermined calculation method and the signal. Is compared with the decryption result obtained by decrypting the response character string being decrypted with the public key of the automatic setting device 11 of the cutting destination accommodated in the public key certificate of the automatic setting device 11 of the cutting destination. Judgment is made (S330). The tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source creates and transmits a determination result notification signal to the automatic setting device 11 that is the disconnection destination (S331). It is determined that the setting device 11 is not a genuine automatic setting device 11, and this processing is terminated. On the other hand, if the result of the determination is that they match, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source continues processing that will be described later.

  When the determination result notification signal is received, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination randomly generates a challenge character string (S332), creates a challenge character string notification signal, and automatically sets the disconnection source automatic setting device 11 (S333).

  When the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source receives this challenge character string notification signal, the tunnel deletion unit 65 calculates the challenge character string accommodated in this signal by the above-described predetermined calculation method, and calculates the calculation result thereof. A response character string is generated by encrypting with the private key of the automatic setting device 11 (the private key of the automatic setting device 11 to be disconnected) (S334). Next, the tunnel deleting unit 65 in the disconnection-source automatic setting device 11 creates a response character string notification signal and transmits it to the disconnection-destination automatic setting device 11 (S335).

  Upon receipt of the response character string notification signal, the tunnel deletion unit 65 in the automatic setting device 11 at the disconnection destination stores the calculation result obtained by calculating the challenge character string generated in step S332 by the above-described predetermined calculation method and the signal. Is compared with the decryption result obtained by decrypting the response character string being decrypted with the public key of the cutting-source automatic setting device 11 accommodated in the public key certificate of the cutting-source automatic setting device 11, and whether or not they match Judgment is made (S336). The tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination creates and transmits a determination result notification signal to the automatic setting device 11 that is the disconnection source (S337). It is determined that the setting device 11 is not a genuine automatic setting device 11, and this processing is terminated. On the other hand, if the result of the determination is that they match, the tunnel deletion unit 65 in the automatic setting apparatus 11 that is the disconnection destination continues processing that will be described later.

  By executing the above processing S304 to S337, the automatic setting device 11 that is the cutting source and the automatic setting device 11 that is the cutting destination perform mutual authentication using the authentication server 23 that is a third party organization.

  When the mutual authentication is successful, the tunnel deleting unit 65 in the disconnection automatic setting device 11 and the tunnel deleting unit 65 in the disconnecting automatic setting device 11 exchange information necessary for disconnecting the 6o4 tunnel with each other. That is, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source receives a communication signal (tunnel disconnection instruction signal) containing information for identifying the tunnel to be disconnected and information for instructing disconnection of the 6o4 tunnel. It is created and transmitted to the automatic setting device 11 that is the cutting destination (S338). On the other hand, the tunnel deleting unit 65 in the automatic setting device 11 that is the cutting destination also creates a tunnel cutting instruction signal and sends it to the automatic setting device 11 that is the cutting source. (S339). Here, the information for identifying the tunnel to be disconnected includes, for example, the tunnel external address of the connection source, the tunnel internal address and the automatic setting device identifier, the tunnel external address of the connection destination, the tunnel internal address and the automatic setting device identifier, It is a tunnel name.

  When the tunnel disconnection instruction signal is received from the automatic setting device 11 that is the disconnection destination, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection source determines whether or not the tunnel can be disconnected based on the stored information (S340). The determination as to whether or not the tunnel can be set is based on the presence or absence of the corresponding tunnel information on the provided tunnel table. If there is such information, it is determined that the 6o4 tunnel can be disconnected, and any of these information is missing. If it is, it is determined that the 6o4 tunnel cannot be disconnected. If it is determined as a result of the determination that the determination is impossible, the tunnel deleting unit 65 in the automatic setting device 11 that is the disconnection source ends the process of automatically disconnecting the 6o4 tunnel. On the other hand, if it is determined as a result of the determination, the tunnel deleting unit 65 in the automatic setting device 11 that is the disconnection source creates a determination result notification signal and transmits it to the automatic setting device 11 that is the disconnection destination (S341). .

  On the other hand, when the tunnel deletion unit 65 in the automatic setting device 11 of the disconnection destination receives this determination result notification signal from the automatic setting device 11 of the disconnection source, the tunnel deletion unit 65 in the automatic setting device 11 of the disconnection destination stores it. It is determined whether or not the 6o4 tunnel can be disconnected based on the existing information (S342). If it is determined as a result of the determination that the determination is impossible, the tunnel deleting unit 65 in the automatic setting device 11 to be disconnected ends the present process of automatically disconnecting the 6o4 channel. On the other hand, if it is determined that the determination is possible, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination creates a determination result notification signal and transmits it to the automatic setting device 11 that is the disconnection source (S343). .

  When receiving the determination result notification signal containing the determination result that it is determined that the 6o4 tunnel can be disconnected from the other automatic setting device 11, the tunnel deletion unit 65 in the automatic setting device 11 of the disconnection source and the disconnection destination Processing for canceling the connection is performed (S344). When the connection is canceled, the tunnel deletion unit 65 in the disconnection automatic setting device 11 and the tunnel deletion unit 65 in the disconnection automatic setting device 11 execute 6o4 tunnel disconnection (S345 and S346). The disconnection of the 6o4 tunnel is performed by deleting the record corresponding to the disconnected 6o4 tunnel from the set tunnel management information table 101, and deleting the security policy and the security association corresponding to the disconnected 6o4 tunnel from the SPD and SAD, respectively. .

  Since the 6o4 tunnel is disconnected after performing mutual authentication in this way, unauthorized disconnection can be avoided, and the information corresponding to the 6o4 tunnel to be disconnected can also be deleted by the automatic connection device 11 of the tunnel connection destination. Resources such as the control unit 52 and the storage unit 53 can be saved.

  In the above-described embodiment, the automatic setting device 11 is preliminarily embedded with IPv6 address generation information at the time of shipment, and is used as its own automatic setting device identifier. However, any character string that is unique at the time of shipment, for example, The product serial number and the like may be embedded, and the IPv6 address generation information may be obtained from the information server 21 by using an arbitrary character string that is unique in the initial processing.

  FIG. 27 is a diagram showing a configuration of a tunnel internal IP address generation information table in the information server when IPv6 generation information is acquired from the information server. FIG. 28 is a part of a sequence diagram showing an operation of initial processing of the automatic setting device when acquiring IPv6 generation information from the information server. FIG. 29 is a flowchart showing the operation of the information server in a part of the initial processing of the automatic setting device when IPv6 generation information is acquired from the information server.

  In FIG. 27, the tunnel internal IP address generation information table registers the tunnel internal IP address generation information allocated in response to a request from the automatic setting device 11 in association with the automatic setting device identifier of the automatic setting device 11. The tunnel internal IP address generation information table 106 includes, for example, as shown in FIG. 27, a management number field 161 for registering a management number for managing each record, and an automatic setting device identifier field for registering an automatic setting device identifier of the automatic setting device 11. 162 and each of the automatic setting devices 11 configured to include the tunnel internal IP address generation information field 163 for registering the tunnel internal IP address generation information allocated to the automatic setting device 11 and to which the tunnel internal IP address generation information is allocated. A record is created.

  The process shown in FIG. 28 is performed between the process S64 and the process S65 described with reference to FIG. 13 in the above-described embodiment. That is, in FIG. 28, the tunnel setting unit 62 of the automatic setting device 11 sends a communication signal (tunnel internal IP address generation information request signal) containing information indicating that an automatic setting device identifier and tunnel internal IP address generation information are requested. It is created and transmitted to the information server 21 (S171). Upon receiving the tunnel internal IP address generation information request signal, the information server 21 allocates tunnel internal IP address generation information to the automatic setting device identifier accommodated in this signal (S172).

  Next, the process S172 will be described in more detail. In FIG. 28, when the information server 21 receives the tunnel internal IP address generation information request signal, the information server 21 converts the tunnel internal IP address generation information table 106 into the automatic setting device identifier based on the automatic setting device identifier accommodated in this signal. The corresponding tunnel external IP address is searched, and it is determined whether or not the tunnel internal IP address generation information corresponding to the automatic setting device identifier has been registered (S81). The determination as to whether or not the registration has been made is based on the fact that a record in which the automatic setting device identifier accommodated in the tunnel internal IP address generation information request signal is registered in association with the tunnel internal IP address generation information is registered in the tunnel internal IP address. It is determined by searching whether or not the address generation information table 106 exists. If a record exists, it is determined that it has been registered. If no record exists, it is determined that it has not been registered. As a result of the determination, if it is determined that the information has not been registered, the information server 21 selects a network prefix of the unallocated IPv6 address from among the network prefixes of the IPv6 address prepared in advance, and the tunnel internal IP A new management number is assigned to the address generation information table 106 to create a new record, and the tunnel internal IP address generation information request signal is added to the automatic setting device identifier field 162 and the tunnel internal IP address generation information field 163 in the generated record. And automatically register the network prefix of the selected IPv6 address (S82). On the other hand, if it is determined as a result of the determination that the information has been registered, the information server 21 automatically sets the device identifier contained in the tunnel internal IP address generation information request signal, which exists in the tunnel internal IP address generation information table 106. And tunnel internal IP address generation information are acquired from a record registered in association with the tunnel internal IP address generation information (S83).

  Then, the information server 21 creates a communication signal (tunnel internal IP address generation information reply signal) containing the allocated IPv6 address network prefix as tunnel internal IP address generation information, and sends it back to the tunnel automatic setting device 11 ( S173). Subsequently, when receiving the set tunnel internal IP address registration reply signal from the information server 21, the tunnel setting unit 62 of the automatic setting device 11 continues the processing from step S65.

  By operating in this way, the information server 21 collectively manages the IPv6 addresses allocated to the automatic setting device 11 and used as the tunnel internal IP address, and the IPv6 addresses are allocated in response to requests from the automatic setting device 11. The IPv6 address registered from the table 106 is deleted for a long time, and the IPv6 address is collected when the automatic setting device 11 is discarded or no longer used. And IPv6 addresses can be reused efficiently.

  In the above-described embodiment, during the tunnel construction process, the connection destination automatic setting device 11 does not check whether the connection from the connection source automatic setting device 11 is valid. You may comprise. Further, in the above-described embodiment, during the tunnel deletion process, the disconnection automatic setting device 11 does not check whether the connection from the automatic setting device 11 that is the disconnection source is valid. It may be configured.

  FIG. 30 is a part of a sequence diagram showing an operation of tunnel construction processing of the automatic setting device when checking the tunnel external IP address. FIG. 31 is a part of a sequence diagram showing an operation of tunnel deletion processing of the automatic setting device when checking the tunnel external IP address.

  The process shown in FIG. 30 is performed between the process S108 described with reference to FIG. 14 in the above-described embodiment and the process S109 of FIG. That is, in FIG. 30, the tunnel setting unit 62 in the connection-destination automatic setting device 11 has the connection-source automatic setting device contained in the automatic setting device identifier notification signal received from the connection-source automatic setting device 11 in step S108. 11 generates a communication signal (connection source tunnel external IP address request signal) containing information indicating that the automatic setting device identifier in 11 and the tunnel external IP address in the connection source automatic setting device 11 are requested. Transmit (S161). When the information server 21 receives the connection source tunnel external IP address request signal, the tunnel external IP corresponding to the automatic setting device identifier from 102 is provided from the provided tunnel setting information table based on the automatic setting device identifier accommodated in this signal. The address is searched (S162). Then, the information server 21 creates a communication signal (connection source tunnel external IP address reply signal) containing the searched tunnel external IP address and sends it back to the connection destination automatic setting device 11 (S163). When the connection source tunnel external IP address return signal is received from the information server 21, the tunnel setting unit 62 in the connection destination automatic setting device 11 determines whether or not the connection from the connection source automatic setting device 11 is authentic ( S164). The determination as to whether or not the connection is authentic is based on the connection source tunnel contained in the connection source tunnel external IP address return signal acquired from the information server 21 and the IP address of the connection source automatic setting device 11 that has established the connection. This is performed by comparing with the external IP address. If both IP addresses match, it is determined to be authentic, and if both IP addresses do not match, it is determined not to be authentic. As a result of the determination, if it is determined that it is not authentic, the tunnel setting unit 62 in the connection destination automatic setting device 11 ends this processing for automatically setting the 6o4 tunnel. On the other hand, if it is determined as authentic as a result of the determination, the tunnel setting unit 62 in the connection destination automatic setting device 11 continues the processing from step S109.

  Then, the process shown in FIG. 31 is performed between the process S308 described with reference to FIG. 22 and the process S309 of FIG. That is, in FIG. 31, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination includes the automatic setting device that is the disconnection source that is accommodated in the automatic setting device identifier notification signal received from the automatic setting device 11 that is the disconnection source in step S308. 11 creates a communication signal (disconnection source tunnel external IP address request signal) containing information indicating that the automatic setting device identifier in 11 and the tunnel external IP address in the disconnection source automatic setting device 11 are requested. Transmit (S361). When the information server 21 receives the disconnection-source tunnel external IP address request signal, the tunnel external IP corresponding to the automatic setting device identifier from 102 is provided from the provided tunnel setting information table based on the automatic setting device identifier accommodated in this signal. The address is searched (S362). Then, the information server 21 creates a communication signal (disconnection source tunnel external IP address reply signal) containing the searched tunnel external IP address, and returns the communication signal to the automatic setting device 11 of the disconnection destination (S363). When the disconnection source tunnel external IP address reply signal is received from the information server 21, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination determines whether or not the connection from the automatic setting device 11 that is the disconnection source is authentic ( S364). The determination as to whether or not the connection is authentic is based on the IP address of the disconnection source automatic setting device 11 establishing the connection and the disconnection source tunnel accommodated in the disconnection source tunnel external IP address return signal acquired from the information server 21. This is performed by comparing with the external IP address. If both IP addresses match, it is determined to be authentic, and if both IP addresses do not match, it is determined not to be authentic. As a result of the determination, if it is determined that it is not authentic, the tunnel deletion unit 65 in the automatic setting device 11 to be disconnected ends this processing for automatically setting the 6o4 tunnel. On the other hand, if it is determined as authentic as a result of the determination, the tunnel deletion unit 65 in the automatic setting device 11 that is the disconnection destination continues the processing from step S309.

  By operating in this way, in the tunnel construction process, the connection destination automatic setting device 11 checks whether the connection source automatic setting device 11 is the automatic setting device 11 having a genuine tunnel external IP address, Security can be increased, and if the connection source automatic setting device is illegal by executing immediately after the start of the tunnel construction processing, the subsequent tunnel construction processing is not executed, thereby reducing the load on the automatic configuration device 11. it can. Further, in the tunnel deletion process, the automatic setting device 11 that is the disconnection destination can check whether the automatic setting device 11 that is the disconnection source is the automatic setting device 11 having a genuine tunnel external IP address, thereby improving security. If the automatic setting device that is the disconnection source is illegal by executing immediately after the start of the tunnel deletion processing, the load on the automatic setting device 11 can be reduced by not performing the subsequent tunnel deletion processing.

  Further, in the above-described embodiment, at the time of tunnel construction processing, the connection destination automatic setting device 11 does not check whether the tunnel internal IP address transmitted from the connection source automatic setting device 11 is valid. However, it may be configured to check. In the above-described embodiment, in the tunnel construction process, the connection source automatic setting device 11 does not check whether the tunnel internal IP address transmitted from the connection destination automatic setting device 11 is valid. However, it may be configured to check.

  FIG. 32 is a diagram showing the configuration of a tunnel internal IP address table that has been set in the information server when the tunnel internal IP address is checked. FIG. 33 is a part of a sequence diagram showing the operation of the initial processing of the automatic setting device when the tunnel internal IP address is checked. FIG. 34 and FIG. 35 are a part of a sequence diagram showing the operation of the tunnel construction processing of the automatic setting device when the tunnel external IP address is checked.

  In FIG. 32, the already set tunnel internal IP address table registers the tunnel internal IP address set in the LAN side interface unit of the automatic setting device 11 in association with the request of the automatic setting device 11 in association with the automatic setting device identifier. . The set tunnel internal IP address table 107 includes, for example, as shown in FIG. 32, a management number field 171 for registering a management number for managing each record, and an automatic setting device identifier field for registering an automatic setting device identifier of the automatic setting device 11. 172 and a set tunnel internal IP address field 173 for registering the tunnel internal IP address set in the LAN side interface unit of the automatic setting device 11, and the tunnel internal IP address is set in the LAN side interface A record is created for each automatic setting device 11.

  The processing shown in FIG. 33 is performed between the processing S66 and the processing S67 described with reference to FIG. 13 in the above embodiment. That is, in FIG. 33, the tunnel setting unit 62 of the automatic setting device 11 registers the automatic setting device identifier, the set tunnel internal IP address (the tunnel internal address set in the LAN side interface), and the set tunnel internal IP address. A communication signal (set tunnel internal IP address registration request signal) containing information to request is created and transmitted to the information server 21 (S91). When the information server 21 receives the set tunnel internal IP address registration request signal, the information server 21 creates a new record by assigning a new management number to the set tunnel internal IP address table 107, and the automatic setting device identifier in the generated record In the field 172 and the configured tunnel internal IP address field 173, the automatic setting device identifier accommodated in the configured tunnel internal IP address registration request signal and the tunnel internal IP address accommodated in the configured tunnel internal IP address registration request signal Are respectively registered (S92). Then, the information server 21 creates a communication signal (configured tunnel internal IP address registration reply signal) containing information of everyone who has completed registration of the configured tunnel internal IP address and returns the communication signal to the automatic tunnel configuration apparatus 11 ( S93). Subsequently, when receiving the set tunnel internal IP address registration reply signal from the information server 21, the tunnel setting unit 62 of the automatic setting device 11 continues the processing from step S 67.

  Then, the process shown in FIG. 34 is performed between the process S139 described with reference to FIG. 17 in the above-described embodiment and the process S140 of FIG. That is, in FIG. 34, when the tunnel setting unit 62 in the connection source automatic setting device 11 receives the tunnel construction instruction signal from the connection destination automatic setting device 11 in step S139, the automatic setting identifier in the connection destination automatic setting device 11 Then, a communication signal containing all the information requesting the tunnel internal IP address in the connection destination automatic setting device 11 (set connection destination tunnel internal IP address request signal) is generated and transmitted to the information server 21 (S171). .

  Upon reception of the set connection destination tunnel internal IP address request signal, the information server 21 sets the automatic setting device identifier of the connection destination automatic setting device 11 accommodated in the received set connection destination tunnel internal IP address request signal. Based on this, the set tunnel internal IP address table 107 is referred to, and the set tunnel internal IP address corresponding to the automatic setting device identifier of this connection destination automatic setting device 11 is searched (S172). The information server 21 creates a communication signal (set connection destination tunnel internal IP address reply signal) that accommodates the searched set connection destination tunnel internal IP address and sends it back to the connection source automatic setting device 11 (S173). When the set connection destination tunnel internal IP address return signal is received, the tunnel setting unit 62 in the connection source automatic setting device 11 transmits the tunnel internal IP address transmitted from the connection destination automatic setting device 11 in step S139 and this information server. By comparing the set connection destination tunnel internal IP address accommodated in the set connection destination tunnel internal IP address response signal acquired from the connection destination 21, the tunnel internal IP address transmitted from the connection destination automatic setting device 11 is authentic. It is determined whether or not (S174). This determination is determined to be authentic when the tunnel internal IP address transmitted from the connection destination automatic setting device 11 matches the set connection destination tunnel internal IP address, and is transmitted from the connection destination automatic setting device 11. When the set tunnel internal IP address and the set connection destination tunnel internal IP address do not match, it is determined that it is not authentic. As a result of the determination, if it is determined that the connection is not authentic, the tunnel setting unit 62 in the connection source automatic setting device 11 creates a communication signal (determination result notification signal) that accommodates the determination result and automatically sets the connection destination. This is transmitted to the apparatus 11 (S149), and this process of automatically setting the 6o4 tunnel is terminated. On the other hand, if it is determined as authentic as a result of the determination, the tunnel setting unit 62 in the connection source automatic setting device 11 continues the processing from step S140.

  The process shown in FIG. 35 is performed between the process S141 and the process S142 described with reference to FIG. 18 in the above-described embodiment. That is, in FIG. 35, when the tunnel setting unit 62 in the connection destination automatic setting device 11 receives the tunnel construction instruction signal from the connection source automatic setting device 11 in step S138, the automatic setting device in the connection source automatic setting device 11 A communication signal (a set connection source tunnel internal IP address request signal) containing the identifier and the information of everyone requesting the tunnel internal IP address in the connection source automatic setting device 11 is generated and transmitted to the information server 21 (S181). ).

  When this set connection source tunnel internal IP address request signal is received by itself, the information server 21 sets the automatic setting device identifier of the connection source automatic setting device 11 contained in the received set connection source tunnel internal IP address request signal. Based on this, the set tunnel internal IP address table 107 is referred to, and the set tunnel internal IP address corresponding to the automatic setting device identifier of the connection source automatic setting device 11 is searched (S182). The information server 21 creates a communication signal (set connection source tunnel internal IP address reply signal) that accommodates the searched set connection source tunnel internal IP address and sends it back to the connection destination automatic setting device 11 (S183). When the set connection source tunnel internal IP address reply signal is received, the tunnel setting unit 62 in the connection destination automatic setting device 11 transmits the tunnel internal IP address transmitted from the connection source automatic setting device 11 in step S139 and this information server. By comparing the set connection source tunnel internal IP address accommodated in the set connection source tunnel internal IP address response signal acquired from the connection source 21, the tunnel internal IP address transmitted from the connection source automatic setting device 11 is authentic. It is determined whether or not (S184). This determination is determined to be authentic when the tunnel internal IP address transmitted from the connection source automatic setting device 11 matches the set connection source tunnel internal IP address, and is transmitted from the connection source automatic setting device 11. When the set tunnel internal IP address and the set connection source tunnel internal IP address do not match, it is determined that the tunnel internal IP address is not authentic. As a result of the determination, when it is determined that the connection is not authentic, the tunnel setting unit 62 in the connection destination automatic setting device 11 creates a communication signal (determination result notification signal) that accommodates the determination result and automatically sets the connection source. This is transmitted to the apparatus 11 (S149), and this process of automatically setting the 6o4 tunnel is terminated. On the other hand, if it is determined as authentic as a result of the determination, the tunnel setting unit 62 in the connection destination automatic setting device 11 continues the processing from step S142.

  By operating in this way, in the tunnel construction processing, the connection source automatic setting device 11 checks whether the connection destination automatic setting device 11 is the automatic setting device 11 having a genuine tunnel internal IP address, Security can be increased. Further, in the tunnel construction process, the connection destination automatic setting device 11 can improve security by checking whether the connection source automatic setting device 11 is the automatic setting device 11 having a genuine tunnel internal IP address. .

  Furthermore, in the above-described embodiment, the automatic setting device 11 generates a plurality of logical interfaces for one physical WAN side interface unit 55 to thereby generate a plurality of 6o4 to a plurality of other automatic setting devices 11. Although the tunnels are set simultaneously, a plurality of 6o4 tunnels may be set simultaneously to a plurality of other automatic setting devices 11 by providing a plurality of physical WAN side interface units.

  FIG. 36 is a block diagram showing a configuration of a network including a tunnel automatic setting device including a plurality of WAN side interface units. FIG. 37 is a diagram illustrating a configuration of a setting tunnel management information table according to a tunnel automatic setting device including a plurality of WAN side interface units. FIG. 38 is a diagram illustrating a configuration of a provided tunnel setting information table of the information server when the tunnel automatic setting device includes a plurality of WAN side interface units.

  36, the automatic setting apparatus 11 ′ includes a LAN side interface unit 51, a control unit 52 ′, a storage unit 53 ′, an input unit 54, and a plurality of WAN side interface units 55 ′ (55′-0, 55). '-1, ..., 55'-n). The LAN side interface unit 51, the control unit 52 ′, the storage unit 53 ′, the input unit 54, and the WAN side interface unit 55 ′ have a plurality of WAN side interface units 55 ′, and each WAN side interface unit 55′-0, The WAN side interface device name, which is an identifier for identifying 55′-1,..., 55′-n, is the WAN side interface unit 55′-0, 55′-1,. 37, the setting tunnel management information table 101 ′ stored in the setting tunnel management information storage unit 73 ′ as shown in FIG. 37 registers the WAN side interface device name field 112 in which the WAN side interface device name is registered in FIG. The setting tunnel management information table 101 shown in FIG. The LAN side interface unit 51, the control unit 52, the storage unit 53, the input unit 54, and the WAN side, except that the WAN side interface device name is used when the channel setting unit 62 ′ automatically sets the 6o4 tunnel. Since it is the same as that of the interface part 55, the description is abbreviate | omitted.

  Then, the information server 21 provides the provided tunnel setting in order to individually manage the tunnel external IP address assigned to each WAN side interface unit 55′-0, 55′-1,..., 55′-n. The information is stored in the provided tunnel setting information storage unit in association with the set of the WAN side interface device name and the automatic setting device identifier. For example, as shown in FIG. 38, the provided tunnel setting information table 102 ′ stored in the provided tunnel setting information storage unit includes a provided tunnel side interface device name field 122 for registering the WAN side interface device name shown in FIG. The setting information table 102 is further provided, and a record is created for each set of the WAN side interface device name and the automatic setting device identifier.

  Then, in the processing of processing S64, processing S65, processing S108, processing S109, processing S110, and processing S111, a set of an automatic setting device identifier and a WAN side interface device name is used instead of the automatic setting device identifier. If the connection-destination automatic setting device 11 includes a plurality of WAN-side interface units 55, the tunnel setting unit 62 ′ in the connection-source automatic setting device 11 ′ is performed by performing steps S102 to S104. Obtains a plurality of tunnel external IP addresses from the information server 21, but the tunnel setting unit 62 ′ in the connection source automatic setting device 11 arbitrarily selects one tunnel external IP from the plurality of tunnel external IP addresses. An address may be used.

  In the case of tunnel disconnection processing, the 6o4 tunnel to be disconnected is specified by receiving the tunnel disconnection instruction signal. Therefore, even when a plurality of 6o4 tunnels are set, the above-described processing S303 to S343 are executed. As a result, the 6o4 tunnel can be disconnected.

  In the above-described embodiment, the case where the automatic setting devices 11 and 11 ′ are incorporated in the router device has been described. However, the present invention is not limited to this. For example, in addition to the routing function for routing communication packets, It may be incorporated into a gateway device further provided with a function for performing protocol conversion.

  In the above-described embodiment, the automatic setting devices 11 and 11 ′ are configured to store the location information of the information server 21, registration server 22, authentication server 23, and NTP server 24 in the storage unit 53 with IP addresses. A DNS (Domain Name System) server 25 that manages a database describing the correspondence between host names and IP addresses, searches for the IP address from the host name in response to a request from the client, and returns the search result to the client. 1 is further provided in the network 1 as shown by a broken line in FIG. 1, and the automatic setting devices 11 and 11 ′ have at least one location information among the information server 21, the registration server 22, the authentication server 23, and the NTP server 24 as a host name. May be configured to store in the storage unit 53. With this configuration, even when the IP address of the information server 21, the registration server 22, the authentication server 23, or the NTP server 24 is changed, the automatic setting devices 11 and 11 ′ can connect to the information server 21 and the like. it can. In particular, the location information of the information server 21 or the like is stored in the storage unit 53 at the manufacturing stage or the like, so even if the IP address of the information server 21 or the like is changed after the automatic setting devices 11 and 11 ′ are shipped, The setting devices 11 and 11 ′ can be connected to the information server 21 or the like.

  Further, in the above-described embodiment, two 6o4 tunnels are set, ie, a 6o4 tunnel to which IPsec is applied and a 6o4 tunnel to which IPsec is not applied, and the connection source and the connection destination are the same. By configuring one of the 6o4 tunnels to select one of the 6o4 tunnels, IPsec can be used when encryption is required according to the content of communication. The amount of information processing 52 can be reduced, and the burden on the control unit 52 can be reduced.

  In the above-described embodiment, the control units 52 and 52 ′ are configured to determine whether or not a failure has occurred in the set 6o4 tunnel and to delete the 6o4 tunnel even when a failure has occurred. May be. The presence / absence of a failure is determined, for example, by transmitting a ping (Ping) to the automatic setting device 11 or 11 'that is the setting destination of the 6o4 tunnel and receiving a reception response to the ping before timing out. If it times out, it is determined that there is a failure. With this configuration, it is possible to avoid leaving a 6o4 tunnel that can no longer be used due to a failure, and to eliminate waste of resources such as the control units 52 and 52 ′ and the storage units 53 and 53 ′. it can. When the 6o4 tunnel is deleted, the tunnel deletion unit 66 uses the tunnel setting unit 62 to automatically use the other automatic setting devices 11 and 11 ′ in the deleted 6o4 tunnel as a new connection destination. You may comprise so that it may reset. With this configuration, the failure can be automatically removed, so that the fault tolerance of the 6o4 tunnel itself can be improved, and the 6o4 tunnel can be maintained in a usable state.

  In the above-described embodiment, the automatic setting device 11 is an embodiment in which an IPv6 over IPv4 tunnel is formed with another automatic setting device 11 on the ISP network 3 of IPv4 and the network 4 of IPv4. Even when the IPv4 network sequentially adopts IPv6 to shift to the IPv6 network and the ISP network 3 and the network 4 in the above-described embodiment become IPv6, the one automatic setting device 11 performs the same operation, An IPv6 over IPv6 tunnel can be formed on the ISP network 3 and the network 4 with another automatic setting device 11. As described above, even when all the nodes of the network 1 operate with IPv6, the manufacturing company can manage the tunnel automatic setting device 11 by using the automatic setting device 11 according to the present invention. Instead, a secure (safe) communication path can be secured by setting a tunnel between the IPv2 networks 2.

It is a figure showing the whole network composition in an embodiment. It is a block diagram which shows the structure of the network containing a tunnel automatic setting apparatus. It is a figure which shows the structure of the setting tunnel management information table in a tunnel automatic setting apparatus. It is a figure which shows the structure of the provision tunnel setting information table in an information server. It is a figure which shows the structure of the login authentication information registration table in a registration server. It is a figure which shows the structure of the automatic setting apparatus principal information registration table in a registration server. It is a figure which shows the structure of the repository in an authentication server. It is a sequence diagram which shows the operation | movement of a public key certificate acquisition process. It is a flowchart which shows the operation | movement in the issuing process of the public key certificate of an automatic setting apparatus. It is a flowchart which shows the operation | movement in the memory | storage process of the public key certificate of an automatic setting apparatus. It is a sequence diagram which shows the operation | movement in the update process with respect to the public key certificate of an authentication server. It is a flowchart which shows the operation | movement in the update process with respect to the public key certificate of an authentication server. It is a sequence diagram which shows the operation | movement of the initial process of a tunnel automatic setting process. It is the sequence diagram (the 1) which shows the operation | movement of the tunnel construction process in a tunnel automatic setting process. FIG. 11 is a sequence diagram (part 2) illustrating the operation of the tunnel construction process in the tunnel automatic setting process. FIG. 11 is a sequence diagram (part 3) illustrating the operation of the tunnel construction process in the tunnel automatic setting process. FIG. 11 is a sequence diagram (part 4) illustrating the operation of the tunnel construction process in the tunnel automatic setting process. FIG. 10 is a sequence diagram (part 5) illustrating the operation of the tunnel construction process in the tunnel automatic setting process. It is a flowchart which shows the operation | movement of the tunnel construction process in a tunnel automatic setting process. It is a sequence diagram which shows the operation | movement in the update process with respect to the public key certificate of an automatic setting apparatus. It is a flowchart which shows the operation | movement of the usability judgment process in the public key certificate of an automatic setting apparatus. It is the sequence diagram (the 1) which shows the operation | movement of the tunnel deletion process in a tunnel automatic setting process. FIG. 11 is a sequence diagram (part 2) illustrating the operation of tunnel deletion processing in tunnel automatic setting processing. FIG. 12 is a sequence diagram (part 3) illustrating the operation of tunnel deletion processing in tunnel automatic setting processing. FIG. 11 is a sequence diagram (part 4) illustrating the operation of tunnel deletion processing in tunnel automatic setting processing. FIG. 11 is a sequence diagram (part 5) illustrating the operation of tunnel deletion processing in tunnel automatic setting processing; It is a figure which shows the structure of the tunnel internal IP address production | generation information table in an information server in the case of acquiring IPv6 production | generation information from an information server. It is a part of sequence diagram which shows the operation | movement of the initial process of the automatic setting apparatus concerning the case where IPv6 production | generation information is acquired from an information server. It is a flowchart which shows operation | movement of an information server in a part of initial process of the automatic setting apparatus concerning the case where IPv6 production | generation information is acquired from an information server. It is a part of sequence diagram which shows the operation | movement of the tunnel construction process of the automatic setting apparatus which concerns on the case of checking a tunnel external IP address. It is a part of sequence diagram which shows the operation | movement of the tunnel deletion process of the automatic setting apparatus which concerns on the case of checking a tunnel external IP address. It is a figure which shows the structure of the set tunnel internal IP address table in the information server which concerns on the case of checking a tunnel internal IP address. It is a part of sequence diagram which shows the operation | movement of the initial process of the automatic setting apparatus which concerns on the case of checking a tunnel internal IP address. It is a part of sequence diagram which shows the operation | movement of the tunnel construction process of the automatic setting apparatus which concerns on the case of checking a tunnel external IP address. It is a part of sequence diagram which shows the operation | movement of the tunnel deletion process of the automatic setting apparatus which concerns on the case of checking a tunnel external IP address. It is a block diagram which shows the structure of the network containing the tunnel automatic setting apparatus provided with several WAN side interface part. It is a figure which shows the structure of the setting tunnel management information table which concerns on the tunnel automatic setting apparatus provided with several WAN side interface part. It is a figure which shows the structure of the provision tunnel setting information table of the information server in case a tunnel automatic setting apparatus is provided with two or more WAN side interface parts.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Network 2 IPv6 network 3 IPv4 ISP network 4 IPv4 network 5 IPv6 over IPv4 tunnel 11, 11 'Tunnel automatic setting apparatus 21 Information server 22 Registration server 23 Authentication server 24 NTP server 25 DNS server 26 DHCP server 51 Local area network Side interface unit 52, 52 'control unit 53, 53' storage unit 54 input unit 55, 55 'wide area network side interface unit 62, 62' tunnel setting unit 63 destination tunnel internal IP address generation unit 64 public key certification Document management unit 65 Tunnel deletion unit 66 Clock unit 71 Tunnel setting information storage unit 72 Security information storage unit 73, 73 ′ Setting tunnel management information storage unit 101, 101 ′ Setting tunnel management information table Le 102, 102 'provide tunnel configuration information table 103 login authentication information registration table 104 automatic setting device identity information registration table 105 repository 106 tunnels internal IP address generation information table 107 configured tunnel internal IP address table

Claims (12)

In a tunnel auto-configuration device that automatically configures tunnels in the network,
An automatic setting device identifier for identifying a tunnel automatic setting device, and a storage unit for storing the automatic setting device identifier in the tunnel automatic setting device to which the tunnel is connected;
The tunnel auto-configuration device identifier is transmitted to the authentication server that manages the public key certificate of the tunnel auto-configuration device in association with the auto-configuration device identifier, and the tunnel connection destination A public key certificate acquisition unit for acquiring a public key certificate in the automatic tunnel configuration apparatus of
Tunnel automatic setting device, characterized in that it comprises a tunnel setter configured to set the tunnel after the mutual authentication by using the public key certificate with the destination of the tunnel automatic setting device in the tunnel. An input unit for inputting IPsec setting information indicating whether to apply IPsec to the tunnel;
The tunnel automatic setting device according to claim 1, wherein the tunnel setting unit sets the tunnel according to the IPsec setting information. Tunnel automatic setting device according to claim 1, wherein the further comprising a tunnel deletion unit for deleting the tunnel after the mutual authentication by using the public key certificate and the destination tunnel automatic setting device. It is further equipped with a clock unit that measures the date and time,
The tunnel setting unit determines whether or not the public key certificate is valid based on a revocation list of the public key certificate and a date and time obtained from the clock unit before using the public key certificate. The tunnel automatic setting device according to claim 1, wherein the public key certificate is updated when it is not valid. It is further equipped with a clock unit that measures the date and time,
The tunnel deletion unit determines whether the public key certificate is valid based on the revocation list of the public key certificate and the date and time acquired from the clock unit before using the public key certificate. The tunnel automatic setting device according to claim 3, wherein the public key certificate is updated when it is not valid. The tunnel automatic setting device according to claim 4 or 5, wherein the clock unit acquires a current date and time from an NTP server in the network and synchronizes with the acquired date and time. The tunnel automatic setting device according to claim 1, wherein the tunnel setting unit updates a public key certificate at startup. The tunnel automatic setting device according to claim 3, wherein the tunnel deletion unit deletes the tunnel when a failure occurs in the tunnel. The tunnel automatic setting device according to claim 8, wherein the tunnel deletion unit causes the tunnel setting unit to reset the tunnel after deleting the tunnel. The tunnel automatic setting device according to claim 1, wherein the tunnel setting unit is capable of setting a plurality of tunnels. A tunnel automatic setting device that automatically stores the self-setting device identifier for identifying the tunnel automatic setting device, the automatic setting device identifier in the tunnel automatic setting device to which the tunnel is connected and the self-tunnel internal address is automatically stored in the network. In the tunnel automatic setting method set to
Obtaining an IP address assigned with connection to the network as a tunnel external IP address of a connection source of the tunnel;
Transmitting the assigned IP address and the self-setting device identifier to an information server that manages the tunnel external IP address in association with the automatic setting device identifier;
Transmitting the automatic setting device identifier in the tunnel automatic setting device of the tunnel connection destination to the information server, and obtaining the tunnel external IP address of the tunnel connection destination;
An automatic setting device in the tunnel automatic setting device connected to the tunnel is connected to an authentication server that manages the public key certificate of the tunnel automatic setting device in association with the automatic setting device identifier and issues the public key certificate of the tunnel automatic setting device. Transmitting an identifier and obtaining a public key certificate in a tunnel automatic setting device that is a connection destination of the tunnel; and
Receiving a first type of challenge character string generated by the tunnel automatic setting device of the tunnel connection destination from the tunnel automatic setting device of the tunnel connection destination;
A first type of response character string is obtained by encrypting a calculation result obtained by calculating the first type of range character string by a predetermined calculation method with a public key of its own public key certificate and a secret key constituting an encryption key pair. And transmitting the generated first type response string to the tunnel automatic setting device that is the connection destination of the tunnel;
Generating a second type of challenge character string, and transmitting the generated second type of challenge character string to a tunnel automatic setting device to which the tunnel is connected;
A public key certificate of the tunnel automatic setting device in the tunnel automatic setting device of the tunnel connection destination is obtained by calculating a calculation result of the second type challenge character string by a predetermined calculation method by the tunnel automatic setting device of the tunnel connection destination. The second type response character string is generated by encrypting with the private key that constitutes the public key and the encryption key pair of the first, and the tunnel automatic setting device that is the connection destination of the tunnel is generated from the generated second type response character string Receiving from
A decryption result obtained by decrypting the second type response character string received from the tunnel automatic setting device of the tunnel connection destination with the public key of the public key certificate of the tunnel automatic setting device in the tunnel automatic setting device of the tunnel connection destination; Determining whether or not the calculation result obtained by calculating the second type challenge character string by the predetermined calculation method matches;
If they match, exchanging a tunnel internal address and other setting information necessary for setting the tunnel with a tunnel automatic setting device to which the tunnel is connected, and setting the tunnel using the setting information; A tunnel automatic setting method characterized by comprising: In the network for execution by the tunnel automatic setting device that stores the self-setting device identifier for identifying the tunnel automatic setting device, the automatic setting device identifier in the tunnel automatic setting device to which the tunnel is connected, and the self-tunnel internal address. In the tunnel auto-configuration program that automatically configures the tunnel,
Obtaining an IP address assigned with connection to the network as a tunnel external IP address of a connection source of the tunnel;
Transmitting the assigned IP address and the self-setting device identifier to an information server that manages the tunnel external IP address in association with the automatic setting device identifier;
Transmitting the automatic setting device identifier in the tunnel automatic setting device of the tunnel connection destination to the information server, and obtaining the tunnel external IP address of the tunnel connection destination;
An automatic setting device in the tunnel automatic setting device connected to the tunnel is connected to an authentication server that manages the public key certificate of the tunnel automatic setting device in association with the automatic setting device identifier and issues the public key certificate of the tunnel automatic setting device. Transmitting an identifier and obtaining a public key certificate in a tunnel automatic setting device that is a connection destination of the tunnel; and
Receiving a first type of challenge character string generated by the tunnel automatic setting device of the tunnel connection destination from the tunnel automatic setting device of the tunnel connection destination;
A first type of response character string is obtained by encrypting a calculation result obtained by calculating the first type of range character string by a predetermined calculation method with a public key of its own public key certificate and a secret key constituting an encryption key pair. And transmitting the generated first type response string to the tunnel automatic setting device that is the connection destination of the tunnel;
Generating a second type of challenge character string, and transmitting the generated second type of challenge character string to a tunnel automatic setting device to which the tunnel is connected;
A public key certificate of the tunnel automatic setting device in the tunnel automatic setting device of the tunnel connection destination is obtained by calculating a calculation result of the second type challenge character string by a predetermined calculation method by the tunnel automatic setting device of the tunnel connection destination. The second type response character string is generated by encrypting with the private key that constitutes the public key and the encryption key pair of the first, and the tunnel automatic setting device that is the connection destination of the tunnel is generated from the generated second type response character string Receiving from
A decryption result obtained by decrypting the second type response character string received from the tunnel automatic setting device of the tunnel connection destination with the public key of the public key certificate of the tunnel automatic setting device in the tunnel automatic setting device of the tunnel connection destination; Determining whether or not the calculation result obtained by calculating the second type challenge character string by the predetermined calculation method matches;
If they match, exchanging a tunnel internal address and other setting information necessary for setting the tunnel with a tunnel automatic setting device to which the tunnel is connected, and setting the tunnel using the setting information; A tunnel automatic setting program characterized by comprising:

Images