JP5772566B2 - Uninterruptible power management system, management device, computer, and uninterruptible power management method - Google Patents

Description

  The present invention relates to an uninterruptible power supply management system, a management apparatus, a computer, and an uninterruptible power supply management method for maintaining power supply to a computer even when power supply from a power supply is cut off.

  In an uninterruptible power management system in which a backup power supply is configured by an uninterruptible power supply (UPS), the uninterruptible power supply can start backup operation even if the power supply from the original power supply is cut off. Thus, power supply can be maintained until all of the power stored in the uninterruptible power supply is consumed. Therefore, each device connected to the uninterruptible power supply can continue to operate during that time, and the device itself can be safely stopped using that time.

  However, each device knows that the power supply from the original power supply has been cut off because the uninterruptible power supply maintains power supply even if it wants to move to the process of safely stopping the device itself. I can't. Therefore, the uninterruptible power supply itself or a management apparatus that manages the uninterruptible power supply (hereinafter simply referred to as “management apparatus etc.”) is independent that the power supply from the original power supply is cut off. There is a need to communicate to each device through communication means.

  As an example of such a communication means, Ethernet (registered trademark), which is a network standard for connecting devices, can be used. Such Ethernet networks are often built in a closed environment such as an in-house LAN (Local Area Network), in which case there is no threat of unauthorized access or data leakage by a third party, so it is relatively safe. Is recognized as a secure network.

  However, in recent years, the access form of the in-house LAN has been diversified, such as wireless LAN, VPN (Virtual Private Network), and Bluetooth (registered trademark). While such forms are allowed, they are illegally accessed in the in-house LAN. May also occur. For example, it is expected that a command issued by the management device etc. to the in-house LAN leaks to the outside, or an unauthorized third party impersonates the management device etc. and uses the shutdown command of each device. There is a risk that each device will stop. For this reason, important communication data related to system operation, such as commands for prompting shutdown, exchanged between the management device and each device must be encrypted to eliminate threats from unauthorized third parties. I must.

  As such communication data encryption technology, there is an encryption method standardized in an Ethernet protocol stack such as TCP (Transmission Control Protocol) or IP (Internet Protocol). In these encryption methods, the encryption strength (an index indicating the complexity of the process for encrypting data) and the algorithm are determined, and highly secure communication is possible by implementing the determined encryption process. It becomes. For example, Patent Document 1 discloses a technique for performing a response process according to control data only when a client PC and a UPS management server have a common key and are mutually authenticated.

JP 2005-92475 A

  Many of the standardized encryption methods such as the technique described in Patent Document 1 require a high processing load to ensure safety. Since IT devices such as personal computers and servers are equipped with a CPU (central processing unit) having a sufficiently high processing capacity and a memory having a sufficiently large capacity, the above-described encryption method can be applied. However, in a system such as an embedded device, there is a tendency to suppress resources for cost performance improvement, and it is difficult to simply apply the above encryption method.

  Therefore, in view of such problems, the present invention is an uninterruptible power supply management that can effectively use existing equipment with limited resources and ensure high safety of communication data within the processing capacity range. It is an object to provide a system, a management device, a computer, and an uninterruptible power management method.

  In order to solve the above problems, an uninterruptible power supply management system according to the present invention stores a computer, a power supply that supplies power to the computer, and stores power from the power supply, even if the power supply to the power supply is cut off. An uninterruptible power supply that maintains the power supply for a predetermined time, a management memory that holds an encrypted command table in which a plurality of encrypted commands obtained by encrypting commands with a plurality of encryption keys are associated with a plurality of identifiers, and An information acquisition unit that acquires internal information about the internal state of the power failure power supply, a command extraction unit that extracts an encrypted command associated with an identifier shared with a computer by referring to an encrypted command table according to the internal information, and A command to send the extracted encrypted command to a computer through a network accessible to a third party And a computer having a decryption key table, wherein the computer stores a decryption key table in which a plurality of decryption keys respectively corresponding to the plurality of encryption commands are associated with the same identifier as the encryption command. And a command decryption unit that decrypts an encrypted command into a command using a decryption key associated with an identifier shared with the management apparatus, and a command execution unit that executes the decrypted command.

  The shared identifier may be uniquely obtained from the mutual port number when the management apparatus and the computer establish a communication connection in the network.

  RSA encryption is used for encryption and decryption, and an encryption command encrypted with an encryption key based on a value obtained by multiplying two prime numbers is associated with the encryption command table. A decryption key based on a value obtained by subtracting 1 from each of the two prime numbers and multiplying the two prime numbers obtained by the subtraction may be associated.

  The command is a command for reducing or cutting off the power consumption of the computer, and the command execution unit may execute the command while the uninterruptible power supply device maintains power supply for a predetermined time.

  The network uses TCP / IP or UDP / IP.

  In order to solve the above problems, a computer, an uninterruptible power supply that stores power from a power source that supplies power to the computer, and maintains the power supply to the computer for a predetermined time even when the power supply of the power source is cut off, and The management device of the present invention connected to a management memory for holding an encrypted command table in which a plurality of encrypted commands obtained by encrypting a command with a plurality of encryption keys are respectively associated with a plurality of identifiers, and an uninterruptible power supply An information acquisition unit that acquires internal information related to the internal state of the device, a command extraction unit that extracts an encrypted command associated with an identifier shared with a computer by referring to the encrypted command table according to the internal information, and extracted A command transmission unit that transmits the encrypted command to a computer through a network accessible by a third party. And wherein the Rukoto.

  In order to solve the above problems, an uninterruptible power supply apparatus that receives power supply from a power supply, stores power from the power supply, and maintains power supply to a computer for a predetermined time even when the power supply of the power supply is cut off. The computer of the present invention connected to the management device that manages the encrypted command includes a plurality of decryption keys respectively corresponding to a plurality of encrypted commands managed in association with a plurality of identifiers in the encrypted command table in the management device. A command that decrypts an encrypted command received from a management device into a command by using a computer memory that holds a decryption key table associated with the same identifier and a decryption key that is associated with an identifier that is shared with the management device by referring to the decryption key table A decoding unit and a command execution unit that executes the decoded command are provided.

  To solve the above problems, a computer, a power supply for supplying power to the computer, and storing power from the power supply, and maintaining the power supply to the computer for a predetermined time even if the power supply to the power supply is cut off An uninterruptible power supply management method of the present invention for managing power supply of a computer using a power supply device and a management device connected to the uninterruptible power supply and a computer, wherein the management device sends a command to a plurality of encryption keys. The encryption command table that associates the multiple encrypted commands encrypted with the multiple identifiers in advance is stored in advance to obtain internal information related to the internal state of the uninterruptible power supply. The encryption command associated with the identifier shared with the computer is extracted by referring to the encryption command table. The computer transmits to a computer through an accessible network, and the computer holds in advance a decryption key table in which a plurality of decryption keys respectively corresponding to a plurality of encryption commands are associated with the same identifier as the encryption command. The encrypted command is decrypted into a command with a decryption key associated with the identifier shared with the management apparatus, and the decrypted command is executed.

  As described above, according to the present invention, it is possible to effectively use an existing device with limited resources without adding a new dedicated device, and to achieve a high level of safety of communication data even in a low-spec processing capacity range. It becomes possible to ensure the sex.

It is explanatory drawing which showed the schematic relationship of each apparatus which comprises an uninterruptible power supply management system. It is the functional block diagram which showed the schematic function of the management apparatus. It is a functional block diagram showing a schematic function of a computer. It is explanatory drawing for demonstrating the table used in an uninterruptible power supply management system. It is the sequence diagram which showed the flow of the whole process of the uninterruptible power supply management method. It is the block diagram which showed the flow of the data by the uninterruptible power supply management method.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The dimensions, materials, and other specific numerical values shown in the embodiment are merely examples for facilitating understanding of the invention, and do not limit the present invention unless otherwise specified. In the present specification and drawings, elements having substantially the same function and configuration are denoted by the same reference numerals, and redundant description is omitted, and elements not directly related to the present invention are not illustrated. To do.

(Uninterruptible power management system 100)
FIG. 1 is an explanatory diagram showing a schematic relationship between devices constituting the uninterruptible power supply management system 100. The uninterruptible power supply management system 100 includes a computer 110, a power supply 120, an uninterruptible power supply apparatus 130, and a management apparatus 140. Of these, the computer 110 and the management apparatus 140 can communicate with each other. Are connected to the network 102. Here, various communication means capable of transmitting or receiving communication data can be applied to the network 102. Here, an Ethernet LAN using TCP / IP, which is a network standard for connecting devices, is exemplified. explain.

  As the computer 110, various electronic devices having a CPU (Central Processing Unit) such as a personal computer, a server, and a dedicated device can be applied. Many CPUs of the computer 110 have a relatively high processing capability and a large memory capacity. Therefore, the computer 110 can collectively manage a plurality of devices connected to the network 102. The power source 120 is composed of a commercial power source or the like, and supplies power to the computer 110.

  The uninterruptible power supply 130 is connected to the power supply 120 and the computer 110, and supplementarily supplies power to the computer 110 while storing the power from the power supply 120 therein. Further, when the power supply from the power source 120 is cut off for some reason, the uninterruptible power supply 130 supplies the stored power to the computer 110. Furthermore, the uninterruptible power supply 130 always grasps the power supply state of the power supply 120 and transmits internal information regarding the internal state to the management device 140.

  The management device 140 is provided integrally with the uninterruptible power supply 130 and is incorporated, for example, by being inserted into an expansion slot of the uninterruptible power supply 130, and manages the entire uninterruptible power management system 100. Moreover, the management apparatus 140 acquires the internal information of the uninterruptible power supply 130, generates a command to the computer 110 according to the internal information, and transmits it. For example, when the power supply from the power source 120 is cut off for some reason, the management device 140 recognizes the fact from the internal information and generates a command to reduce (resume) or disconnect (shut down) the power consumption of the computer 110. , And transmitted to the computer 110 through the network 102 accessible by a third party. The computer 110 receives such a command and safely stops the operation of the computer 110.

  Transmission / reception of commands from the management device 140 to the computer 110 requires a signal line independent of the power supply line. However, providing a dedicated signal line for transmitting a command to the management apparatus 140 or the computer 110 is not a good measure in terms of communication reliability and cost. Therefore, the above-described LAN network 102 that is set in advance so as to be connectable to the computer 110 is used. By doing so, communication between the management apparatus 140 and the computer 110 can be realized with high reliability and low cost. Further, it is possible to communicate with other devices via the network 102, and furthermore, since general-purpose parts can be used, it is possible to improve maintainability.

  However, in addition to the above advantages, the network 102 also has disadvantages. For example, when communication is performed in the network 102 described above, network paths via network devices (HUB and router) are established, and these network paths include network packet sniffing (sniffing), spoofing (spoofing, impersonation), There is a tampering threat. Therefore, in the present embodiment, data to be transmitted / received is encrypted in communication between the management apparatus 140 and the computer 110.

  Incidentally, encryption of data transmitted and received in TCP / IP communication is defined by each encryption method in each layer of the OSI (Open System Interconnection) reference model. For example, since the OSI reference model lower layers (physical layer, data link layer) depend on hardware, it is necessary to support an encryption method unified by both devices that perform communication. The initial cost increases when hardware is introduced and replaced.

  In the middle layer (network layer, transport layer), since it must be implemented at the driver level to access the hardware, it is necessary to determine the necessity of encryption at all communication opportunities, For an embedded system that uses a limited resource, such as the management apparatus 140 of the present embodiment, the influence of overhead is large, resulting in performance degradation. Further, there is a risk that resources will be insufficient due to an excessive communication attack such as DDoS (Distributed Denial of Service). Therefore, in order to build a robust system in the middle class, it is necessary to enhance security implementation.

  In addition, SSL / TLS (Secure Sockets Layer / Transport Layer Security), which is known for encryption in the upper layers (session layer, presentation layer, application layer), is troublesome in managing certificates and managing expiration dates. The cost and overhead until the encrypted communication is established (certificate confirmation to the CA, etc.) is large, resulting in an increase in cost and a decrease in performance. In this embodiment, existing equipment with limited processing capacity and limited resources is used effectively, and encrypted communication is executed in the application layer within the processing capacity range to ensure a high level of safety of communication data. To do. Hereinafter, the configuration will be described in the order of the management device 140 and the computer 110, and the encryption of both will be described in detail.

(Management device 140)
FIG. 2 is a functional block diagram illustrating a schematic function of the management apparatus 140. As shown in FIG. 2, the management apparatus 140 includes a management interface 210, a management communication unit 212, a management memory 214, and a central control unit 216.

  The management interface 210 is connected to the uninterruptible power supply 130 via a TTL level or RS232C level signal line and plays a role of managing the uninterruptible power supply 130. The management communication unit 212 is connected to the network 102 and plays a role of exchanging data with the computer 110 based on a predetermined communication protocol, for example.

  The management memory 214 includes a ROM, a flash memory, an HDD (Hard Disk Drive), and the like, and holds various information necessary for processing of each function unit of the central control unit 216, such as an encryption command table. Here, the encrypted command table is a table in which a plurality of encrypted commands obtained by encrypting a command with a plurality of encryption keys are respectively associated with a plurality of identifiers represented by exclusive numerical values. The encryption command table and identifier will be described in detail later.

  The central control unit 216 includes a semiconductor integrated circuit including a CPU, reads a program, parameters, and the like for operating the CPU itself from the ROM, and cooperates with the RAM as a work area and other electronic circuits to manage the management device 140. Manage and control the whole. The central control unit 216 also functions as a setting response unit 230, a setting execution unit 232, an information acquisition unit 234, a browsing response unit 236, a command extraction unit 238, and a command transmission unit 240.

  When the setting response unit 230 receives a setting command from another device via the management communication unit 212, the setting response unit 230 performs various settings in the management apparatus 140 according to the setting command. The setting execution unit 232 operates the uninterruptible power supply device 130 according to the information set by the setting response unit 230. For example, when the schedule operation is set, the setting execution unit 232 performs ON / OFF control of the uninterruptible power supply 130 according to the schedule indicated in the schedule operation via the management interface 210.

  The information acquisition unit 234 acquires internal information regarding the internal state of the uninterruptible power supply 130 via the management interface 210. The internal information includes, for example, whether or not power is supplied from the power supply 120 in a state where the power supply to the computer 110 can be maintained by the accumulated power of the uninterruptible power supply 130, or the failure state of the uninterruptible power supply 130 itself. Etc. When the browsing response unit 236 receives a browsing command from another device via the management communication unit 212, the browsing response unit 236 transmits the internal information acquired from the management apparatus 140 to the other device according to the browsing command.

  The command extraction unit 238 determines various commands for controlling the computer 110 according to the internal information. For example, when the internal information indicates that the power supply from the power source 120 has been cut off, a command for reducing or cutting off the power consumption of the computer 110 is determined according to the internal information. However, since the command for reducing or cutting the power consumption of the computer 110 is managed by the encrypted command table, the command extraction unit 238 refers to the encrypted command table and is associated with the identifier shared with the computer 110. The encrypted command will be extracted. The extraction of the encrypted command will be described in detail later together with the encrypted command table and the identifier.

  The command transmission unit 240 transmits the command determined by the command extraction unit 238 or the encrypted command extracted from the encrypted command table to the computer 110 through the management communication unit 212 and the network 102.

(Computer 110)
FIG. 3 is a functional block diagram showing schematic functions of the computer 110. As shown in FIG. 3, the computer 110 includes an operation unit 250, a display unit 252, a computer communication unit 254, a computer memory 256, and a central control unit 258.

  The operation unit 250 includes a keyboard, a pointing device, a cross key, a joystick, a jog dial, a touch panel, and the like. The operation unit 250 receives a user operation input and transmits the operation content to the central control unit 258. The display unit 252 includes a liquid crystal display, an organic EL (Electro Luminescence) display, and the like, and displays various images according to a control command from the central control unit 258.

  The computer communication unit 254 is connected to the network 102 and plays a role of exchanging data with the management device 140 based on a predetermined communication protocol, for example. The computer memory 256 includes a ROM, a flash memory, an HDD, and the like, and holds various information necessary for processing of each function unit of the central control unit 258, such as a decryption key table. Here, the decryption key table is a table in which a plurality of decryption keys respectively corresponding to a plurality of encryption commands in the encryption command table are associated with the same identifier as the encryption command. This decryption key table will also be described in detail later.

  The central control unit 258 is composed of a semiconductor integrated circuit including a CPU, reads a program, parameters, and the like for operating the CPU itself from a ROM, and cooperates with a RAM as a work area and other electronic circuits as a whole. Manage and control. The central control unit 258 also functions as a command decoding unit 270 and a command execution unit 272. Each of these functional units is generated by installing dedicated software on the computer 110 from the outside.

  The command decryption unit 270 refers to the decryption key table and decrypts the encrypted command received from the management apparatus 140 into the original command using the decryption key associated with the identifier shared with the management apparatus 140.

  If the command received from the management device 140 is not encrypted, the command execution unit 272 executes the command after confirming the validity of the transmission source. If the command is encrypted, the command execution unit 272 decrypts the command by the command decryption unit 270. Execute the command after For example, when the command is a command for reducing or cutting off the power consumption of the computer 110, the command execution unit 272 responds to the command while the uninterruptible power supply 130 maintains the power supply for a predetermined time. The computer 110 is safely stopped or shifted to the resume mode. In this way, it is possible to avoid a situation in which the computer 110 is inadvertently stopped, and it is possible to prevent destruction of system files and data.

  In the present embodiment, regarding an important command such as a command for reducing or cutting off the power consumption of the computer 110, the command execution unit 272 accepts only a command that has been successfully decoded. With this configuration, it is possible to avoid a situation where the computer 110 is easily stopped in response to an illegal command from the outside. In this way, only the encrypted command received from the legitimate management device 140 is decrypted as a legitimate command by the command decryption unit 270, so that an illegal encrypted command due to impersonation of a third party, etc. is executed by mistake. Can be avoided.

(Encryption processing)
As described above, encryption processing is executed between the management apparatus 140 and the computer 110. In particular, in the present embodiment, with regard to encryption processing, (1) RSA (Rivest Shamir Adleman) encryption method is used, (2) is managed by a table, (3) a port number is used for an index (index) of the table, It has the following characteristics. Hereinafter, such feature points will be described individually.

(1. Use RSA encryption method)
The RSA encryption method is a public key encryption method that uses two prime numbers having a large value and performs encryption and decryption using an encryption key and a decryption key obtained by a predetermined algorithm. In this RSA encryption method, if only two prime numbers are grasped individually, both encryption and decryption are possible. Here, only a value obtained by multiplying two prime numbers is provided as an encryption key (public key) to a device that performs encryption. In order to derive a decryption key (secret key) from such an encryption key, prime factorization of a value obtained by multiplying two prime numbers is required. The fact that such prime factorization requires a large processing load and processing time itself is the basis for the safety of the RSA encryption method.

…（数式１）
ここでｍｏｄは剰余演算を示し、法と呼ぶこともある。 The encryption process and the decryption process by the RSA encryption method in this embodiment will be briefly described. First, two prime numbers p and q having a large value and an arbitrary positive integer e are prepared. The management device 140 (device that performs encryption) has a value p · q (encryption key) based on a value obtained by multiplying two prime numbers p and q, and a positive integer e (two prime numbers). There is no information on p and q). The management device 140 derives the encryption command cc from the plaintext command c based on the following formula 1. However, the plaintext command c is divided into appropriate blocks (for example, 1 byte) and encrypted.

... (Formula 1)
Here, mod indicates a remainder operation and is sometimes called a modulus.

…（数式２）
ただし、ｌは正の整数。そして、コンピュータ１１０は、２つの素数ｐ、ｑを乗じた値ｐ・ｑとべき乗すべき値ｄとを用い、以下の数式３に基づいて暗号化コマンドｃｃを平文のコマンドｃに復号する。

…（数式３） Since the computer 110 (decryption device) that has received the encryption command cc thus determined knows both the two prime numbers p and q and the positive integer e, the following formula 2 Thus, 1 is subtracted from each of the two prime numbers p and q, and a value d (decryption key) to be raised to the encryption command based on a value obtained by multiplying the two prime numbers obtained by subtraction is derived.

... (Formula 2)
Where l is a positive integer. Then, the computer 110 uses the value p · q obtained by multiplying the two prime numbers p and q and the value d to be a power, and decrypts the encrypted command cc into a plaintext command c based on the following Equation 3.

... (Formula 3)

  As described above, the management device 140 side can easily perform encryption using a value p · q obtained by multiplying two prime numbers p and q and a positive integer e. When the prime numbers p and q cannot be prime factorized, (p−1) · (q−1) used for the encryption shown in Equation 2 cannot be obtained. Therefore, even if the management apparatus 140 and other devices illegally obtain the value p · q from the management apparatus 140, it is extremely difficult to decrypt the encrypted command cc using the value p · q. In this way, the reliability and safety of the command can be ensured.

(2. Managed by table)
FIG. 4 is an explanatory diagram for explaining a table used in the uninterruptible power supply management system 100. In particular, FIG. 4 (a) shows an encryption command table 310, and FIG. 4 (b) shows a decryption key table 320.

  The RSA encryption method uses two prime numbers as described above. The two prime numbers are desirably large values in order to make prime factorization of the multiplied value difficult. Also, assuming that the management device 140 and the computer 110 share two prime numbers (however, only a value obtained by multiplying the two shared prime numbers is provided to the management device 140), each time a command communication opportunity occurs, When a new combination of two prime numbers is used, the prime factorization of the multiplied value is not in time for an illegal decoding process, and it is possible to further increase the safety.

  However, just as time is required for prime factorization, it takes some time to derive a large prime number (for example, 100 MIPS). Therefore, in this embodiment, instead of calculating two prime numbers for each communication opportunity, a plurality of encryption keys based on a plurality of combinations of two prime numbers are calculated and prepared in advance, It will be selected every time.

  As described above, even when two prime numbers are fixedly used, in the encryption process, the plaintext command c must be raised to a positive integer e as shown in Equation 1. Therefore, in order to omit the process of raising the plaintext command c to the power of a positive integer e, a plurality of encrypted commands encrypted with the plurality of encryption keys are generated in advance and selected at each communication opportunity. To do. Such encrypted commands are managed by the encrypted command table 310. However, in the encryption process, it is assumed that the command character string is blocked in bytes, and encryption is performed for each block. In the encryption command table 310, as shown in FIG. 4A, a plurality of encryption commands 314 obtained by encrypting a predetermined command with a plurality of encryption keys 312 are exclusive numerical values, in this case, 0-999. Are respectively associated with a plurality of identifiers 316 represented by sequential numerical values. In FIG. 4A, the encryption key 312 is also associated with the encryption command table 310 for easy understanding, but in the present embodiment, only the encryption command 314 needs to be associated.

  In this embodiment, for example, 1000 encrypted commands 314 obtained by encrypting a predetermined command by the RSA encryption method are held in the management memory 214 as the encrypted command table 310, and the command extraction unit 238 performs dynamic and random processing. By selecting the encryption command 314 in the encryption command table 310, it is not necessary to perform a troublesome process of deriving a prime number or executing an encryption process at every communication opportunity. Therefore, an existing device with limited resources is effectively used, and only one encryption command 314 is selected unspecified from 1000 encryption commands 314 in the encryption command table 310 within this low-spec processing capability range. With such a light load, it is difficult to estimate the decryption key, and high security of communication data is ensured.

  Here, in order to make it difficult to estimate the decryption key, about 1000 encryption keys 312 and encryption commands 314 are prepared, but the number is not limited to 1000, and various numbers can be applied depending on the required security. can do. Also, two prime numbers p and q and an arbitrary positive integer e can be expressed by various numbers of digits according to necessary security. In general, the larger the value of the number of encryption commands 314, two prime numbers p and q, and an arbitrary positive integer e, the higher the encryption strength, and the higher the safety and reliability.

  In the decryption key table 320 shown in FIG. 4B, a plurality of decryption keys 322 respectively corresponding to the plurality of encryption commands 314 in the encryption command table 310 are indicated by double arrows in FIG. It is associated with the same identifier 316 as the encryption command 314. The command decryption unit 270 of the computer 110 grasps the identifier 316 of the encrypted command 314 extracted by the command extraction unit 238 of the management apparatus 140, reads the decryption key 322 associated with the same identifier 316 in the decryption key table 320, The encrypted command 314 received from the management apparatus 140 is decrypted into the original command using Equation 3.

  In the computer 110, although the process of raising the encryption command 314 to the power with the decryption key 322 must be performed, the trouble of deriving two prime numbers in synchronization with the management device 140 can be saved. The processing load can be reduced.

(3. Use port number for table index)
Further, an identifier shared by the management device 140 and the computer 110 is uniquely obtained from the mutual port numbers when the management device 140 and the computer 110 establish a communication connection.

…（数式４） Specifically, the command extraction unit 238 of the management apparatus 140 receives the port number (for example, 5770) of the computer 110 that is the transmission side from the response packet that is received when communication with the computer 110 is established, and the management that is the reception side. The port number of the device 140 itself (for example, 12345) is acquired. Then, the management device 140 derives the method of 1000 by the following formula 4 of the value obtained by adding the port number m of the computer 110 and the port number n of the management device 140 itself, and the encryption command table 310 and the decryption key An identifier k used for the index of the table 320 is used. For example, in the above example, m = 5770 and n = 1345, so the sum of 1000 is 115 and the identifier k is 115.

... (Formula 4)

  The command decoding unit 270 of the computer 110 also adds the port number n of the management device 140 and the port number m of the computer 110 itself in the response packet issued by the computer 110 itself, and is the same as the management device 140 based on Equation 4. Identifier k can be derived.

  The port number is information that can be known not only by the management apparatus 140 and the computer 110 that establish communication but also by a third party who has illegally accessed the network 102. However, even if this port number is obtained illegally, the algorithm “adds the port number of the management device 140 and the port number of the computer 110 itself, and refers to the table with the value obtained by the method of 1000”. Without even disclosing, it is difficult for a third party to guess the correlation between the port number and the encryption key or the decryption key.

  In this way, the encryption key 312 of the management apparatus 140 and the decryption key 322 of the computer 110 can be uniquely associated only by referring to the port number and performing simple calculations. The computer 110 can accept only the encrypted command 314 from the valid management device 140 as a regular command. At this time, if the command is a command that reduces or cuts off the power consumption of the computer 110, the command execution unit 272 of the computer 110 determines that the computer while the uninterruptible power supply 130 maintains power supply for a predetermined time. 110 is safely stopped or moved to the resume mode.

  As described above, in the encryption process, (1) using the RSA encryption method, (2) managing with the table, and (3) using the port number for the index of the table, the encryption process is hybridized. . That is, only the management apparatus 140 and the computer 110 have an algorithm that uses a port number for the table index, and secret information (classic encryption method) such as the size and arrangement order of the table, and the encryption method. Maintains the encryption strength by using the RSA encryption method which is a public key encryption method (modern encryption).

(Uninterruptible power management method)
Next, an uninterruptible power management method for managing the power supply of the computer 110 using the uninterruptible power management system 100 will be described. FIG. 5 is a sequence diagram showing an overall processing flow of the uninterruptible power management method, and FIG. 6 is a block diagram showing a data flow by the uninterruptible power management method.

  First, in the uninterruptible power supply management system 100, a plurality of (in this case, 1000) combinations of two prime numbers are randomly generated. Then, a combination of two prime numbers is associated with a plurality of identifiers 316 represented by sequential numerical values of 0 to 999.

  Next, an encrypted command table 310 is generated by associating a plurality of encrypted commands 314 obtained by encrypting a predetermined command with an encryption key 312 based on a combination of two prime numbers with an identifier 316 corresponding to the combination of the two prime numbers. And stored in the management memory 214 in advance (S400). Further, the decryption key table 320 is generated by associating the decryption key 322 based on the combination of two prime numbers with the identifier 316 corresponding to the combination of the two prime numbers, and stored in the computer memory 256 in advance (S402).

  When power supply from the power source 120 is started to the computer 110 and the uninterruptible power supply 130 starts to function, the information acquisition unit 234 of the management device 140 acquires the internal information of the uninterruptible power supply 130, and the uninterruptible power supply 130 The device 130 is monitored (S404). When the internal information acquired by the information acquisition unit 234 indicates that the power supply from the power source 120 has been cut off (S406), the command transmission unit 240 causes the computer 110 to reduce or cut off the power consumption of the computer 110. Communication with the computer 110 is established. Specifically, the command transmission unit 240 transmits a communication connection request for establishing communication to the computer 110 (S408), and shifts to a reception standby state for a response packet for establishing a communication port from the computer 110 for this transmission.

  On the other hand, the computer 110 that has received the communication connection request from the management apparatus 140 returns a response packet for establishing a communication port (S410) and, based on the above equation 4, the source port number m and destination address of the response packet. The identifier k of the decryption key table 320 on the computer 110 side is derived in advance by adding the port number n and deriving the method of 1000 (S412). Then, it shifts to a command reception standby state.

  The management device 140 that has received the response packet from the computer 110 obtains the port number m of the computer 110 and the port number n of the management device 140 itself from this response packet (S414). Then, the source port number m and the destination port number n are added, the method of 1000 is derived to derive the identifier k (S416), and the encrypted command table 310 shown in FIG. The encryption command 314 associated with the derived identifier k is extracted (S418).

  The command transmission unit 240 transmits the encrypted command 314 to the computer 110 through the network 102 (S420), and shifts to a reception waiting state for a response packet indicating completion of command execution from the computer 110 for this transmission.

  The command decryption unit 270 of the computer 110 that has received the encrypted command from the management device 140 refers to the decryption key table 320 shown in FIG. 4B and obtains the decryption key 322 associated with the identifier k that has been derived in advance. The encrypted command 314 is extracted and decrypted into a command (S422).

  Then, if the decrypted command is a command transmitted from the legitimate management device 140 and is a legitimate command, the command execution unit 272 executes the command (S424). For example, if the command is a command that reduces or cuts off the power consumption of the computer 110, the command execution unit 272 of the computer 110 causes the computer 110 to keep running while the uninterruptible power supply 130 maintains power supply for a predetermined time. Is safely stopped or shifted to the resume mode. When the command is executed, the command execution unit 272 sends a command execution completion response packet to the management device 140 (S426).

  Even if the command transmission unit 240 of the management apparatus 140 transmits an encrypted command (S440), if a response packet indicating completion of command execution is not returned from the computer 110 within a predetermined time (S442), it is determined as a communication error. (S444). When a communication error occurs, the command transmission unit 240 temporarily disconnects the communication connection (TCP connection) (FIN or RST) (S446), and retry (for example, up to three times) (S448), and again establish a communication connection. Try. However, depending on the retry, the port numbers m and n also change, so the identifier 316 for indexing the table also changes.

  By using the uninterruptible power supply management system 100 and the uninterruptible power supply management method described above, existing functions with limited resources can be effectively used without adding new dedicated equipment, and the functional unit according to the present embodiment is installed in the software. By installing through the update, it is possible to ensure the safety of communication data even in the low-spec processing capacity range.

  Also, in this embodiment, since the load spent on command transmission can be reduced, it can be applied not only when logging in to the computer 110 but also in general data communication, ensuring the safety of communication data for a long time. can do.

  In this embodiment, as described above, only the management apparatus 140 and the computer 110 have an algorithm that uses a port number for the table index, and secret information such as the size and arrangement order of the table. (Classical encryption method) While having a hybrid method such as using the RSA encryption method that is a public key encryption method (modern encryption), the encryption method can maintain a high encryption strength. Become.

  As mentioned above, although preferred embodiment of this invention was described referring an accompanying drawing, it cannot be overemphasized that this invention is not limited to this embodiment. It will be apparent to those skilled in the art that various changes and modifications can be made within the scope of the claims, and these are naturally within the technical scope of the present invention. Is done.

  For example, in the above-described embodiment, the example in which the RSA encryption method is used as the encryption method has been described. However, the present invention is not limited to this, and DES (Data Encryption Standard), AES (Advanced Encryption Standard), FEAL (Fast Various encryption schemes such as Data Encipherment ALgorithm), Camelia, RC6 (Ron's Code 6), IDEA (International Data Encryption Algorithm) can be applied.

  In the present embodiment, the command itself encrypted with the encryption key is associated with the encryption command table 310. However, the present invention is not limited to this, and only the encryption key may be associated. Two prime numbers that are key sources may be associated with each other. If two prime numbers are used, the management device 140 and the computer 110 can share a common table.

  Further, in the present embodiment, the example in which the command is encrypted once by the RAS encryption method has been described, but the number of times is not limited, and the command may be performed a plurality of times. As well as encryption with a common key.

  In this embodiment, TCP / IP is cited as the network. However, the present invention is not limited to this, and various network standards for connecting devices such as UDP (User Datagram Protocol) / IP should be adopted. Can do. For example, step S446 and step S448 are techniques unique to TCP / IP, but the other techniques described in this embodiment can also be applied to UDP / IP.

  In addition, a general-purpose computer-readable flexible disk, magneto-optical disk, ROM, EPROM, EEPROM, CD (Compact Disc), which records a program that causes a general-purpose computer to function as the management device 140 or the computer 110 of this embodiment. Storage media such as DVD (Digital Versatile Disc) and BD (Blu-ray Disc) are also provided.

  Note that each step of the uninterruptible power supply management method of the present specification does not necessarily have to be processed in time series in the order described as a sequence diagram, and may include parallel or subroutine processing.

  INDUSTRIAL APPLICABILITY The present invention can be used for an uninterruptible power management system, a management device, a computer, and an uninterruptible power management method that maintain power supply to a computer even when power supply from a power source is cut off. .

DESCRIPTION OF SYMBOLS 100 ... Uninterruptible power management system 102 ... Network 110 ... Computer 120 ... Power supply 130 ... Uninterruptible power supply 140 ... Management device 234 ... Information acquisition part 238 ... Command extraction part 240 ... Command transmission part 270 ... Command decoding part 272 ... Command execution Unit 310 ... Encryption command table 312 ... Encryption key 314 ... Encryption command 316 ... Identifier 320 ... Decryption key table 322 ... Decryption key

Claims (8)

A computer,
A power source for supplying power to the computer;
An uninterruptible power supply that stores electric power from the power source and maintains the power supply to the computer for a predetermined time even if the power supply of the power source is cut off,
A management memory that holds an encryption command table in which a plurality of encrypted commands obtained by encrypting a command with a plurality of encryption keys are associated with a plurality of identifiers, and information for acquiring internal information about the internal state of the uninterruptible power supply An acquisition unit, a command extraction unit that extracts an encryption command associated with an identifier shared with the computer by referring to the encryption command table according to the internal information, and the extracted encryption command A management device having a command transmission unit for transmitting to the computer through a network accessible by the three parties;
With
The computer includes a computer memory holding a decryption key table in which a plurality of decryption keys respectively corresponding to the plurality of encryption commands are associated with the same identifier as the encryption command, and refers to the decryption key table and the management device An uninterruptible power supply management system comprising: a command decryption unit that decrypts an encrypted command into the command using a decryption key associated with a shared identifier; and a command execution unit that executes the decrypted command.   The uninterruptible power supply management system according to claim 1, wherein the shared identifier is uniquely obtained from a mutual port number when the management apparatus and the computer establish a communication connection in a network.   An RSA encryption method is used for the encryption and decryption, and an encryption command encrypted with an encryption key based on a value obtained by multiplying two prime numbers is associated with the encryption command table. The uninterruptible power supply management system according to claim 1 or 2, wherein a decryption key based on a value obtained by subtracting 1 from each of the two prime numbers and multiplying the subtracted two prime numbers is associated. The command is a command for reducing or cutting off power consumption of the computer,
The uninterruptible power management according to any one of claims 1 to 3, wherein the command execution unit executes the command while the uninterruptible power supply device maintains power supply for a predetermined time. system.   The uninterruptible power supply management system according to any one of claims 1 to 4, wherein the network uses TCP / IP or UDP / IP. Management connected to a computer and an uninterruptible power supply that stores power from a power supply that supplies power to the computer and maintains the power supply to the computer for a predetermined time even if the power supply to the computer is cut off A device,
A management memory for holding an encrypted command table in which a plurality of encrypted commands obtained by encrypting a command with a plurality of encryption keys are respectively associated with a plurality of identifiers;
An information acquisition unit for acquiring internal information regarding the internal state of the uninterruptible power supply; and
A command extraction unit that extracts an encrypted command associated with an identifier shared with the computer by referring to the encrypted command table according to the internal information;
A command transmission unit that transmits the extracted encrypted command to the computer through a network accessible by a third party;
A management apparatus comprising: A management apparatus that manages an uninterruptible power supply that receives power supply from a power supply, stores power from the power supply, and maintains power supply to the computer for a predetermined time even when power supply to the power supply is cut off A connected computer,
A decryption key table in which a plurality of decryption keys respectively corresponding to a plurality of encryption commands managed in association with a plurality of identifiers in the encryption command table in the management apparatus is associated with the same identifier as the encryption command is held. Computer memory,
A command decryption unit that decrypts an encrypted command received from the management device into a command with a decryption key associated with an identifier shared with the management device by referring to the decryption key table;
A command execution unit for executing the decoded command;
A computer comprising: A computer, a power supply for supplying power to the computer, an uninterruptible power supply for storing power from the power supply, and maintaining the power supply to the computer for a predetermined time even when the power supply of the power supply is cut off, An uninterruptible power supply management method for managing power supply of the computer using the uninterruptible power supply and a management device connected to the computer,
The management device is
An encryption command table in which a plurality of encrypted commands obtained by encrypting a command with a plurality of encryption keys and associated with a plurality of identifiers is held in advance,
Obtaining internal information about the internal state of the uninterruptible power supply,
According to the internal information, refer to the encryption command table to extract an encryption command associated with an identifier shared with the computer,
The extracted encryption command is transmitted to the computer through a network accessible by a third party,
The computer is
A decryption key table in which a plurality of decryption keys respectively corresponding to the plurality of encryption commands are associated with the same identifier as the encryption command,
Decrypting the encrypted command into the command with a decryption key associated with an identifier shared with the management device with reference to the decryption key table;
An uninterruptible power supply management method characterized by executing the decoded command.

Images