JP6832025B1 - Communication system for IoT device management - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication system adopting a strong and lightweight encryption method applied between an IoT device and a gateway device or the like. SOLUTION: In encrypted communication between an IoT device and a gateway device or the like, a message exchange protocol having a short message length specialized for the IoT device, a strong encryption method with a low calculation processing load, and an authentication procedure each time are unnecessary. A combination of the encryption method and the communication method that uses multiple transmission paths together according to the attributes of the transmission data is adopted. [Selection diagram] Fig. 1

Description

The present invention relates to a communication system applied between an IoT device and a gateway device, a server device, a client terminal, etc., and more particularly to a communication system adopting a lightweight encryption method according to the performance of the IoT device. is there.

An IoT (Internet of Things) device is an electronic device of any kind that has an information processing function and a communication function and can interact with other devices by connecting to a network. For example, various measuring devices, imaging devices, security devices, sensors, robots, in-vehicle devices, unmanned aerial vehicles, home appliances, housing equipment, etc. have already been put into practical use as IoT devices. These IoT devices communicate with gateway devices, server devices, client terminals, etc., and transmit operation information and measurement information of their own devices, so that the system operator can monitor, manage, and deal with problems in real time on site. , Real-time and flexible control of IoT devices is possible.

With the recent development of AI technology and the fourth industrial revolution and the spread of 5G, which is the next-generation wireless communication standard, it is expected that the spread of IoT devices will progress at a stretch. On the other hand, conventional IoT devices are extremely vulnerable to cyber attacks, and may be the target of attacks such as data theft, spoofing, and data tampering, or may be used as a stepping stone for such attacks. ing.

As a countermeasure, the encryption methods conventionally used for Internet communication and wireless communication between electronic devices, for example, common key encryption methods such as DES and AES, and public key encryption methods such as RSA and SSL / TLS are used. It has been proposed to encrypt the communication between the IoT device and the gateway device, the server device, the client terminal, and the like.

JP-A-2019-57867

IBM "MQTT V3.1 Protocol Specification" (http://public.dhe.ibm.com/software/dw/jp/websphere/wmq/mqtt31_spec/mqtt-v3r1_ja.pdf) The SIMON and SPECK Families of Lightweight Block Ciphers (https://eprint.iacr.org/2013/404)

The characteristics of IoT devices are that many of them have limited information processing performance (computing ability, circuit scale, usable power, throughput, communication speed, etc.), and that it is difficult for humans to perform detailed management.
Regarding the former feature, even if you try to apply strong encryption methods such as AES and RSA, which are widely used at present, the computational load is high, which puts pressure on the resources for executing the original functions of the device, and eventually it is applied. There was a problem that it was not done or there was no choice but to apply a lighter but weaker encryption method.
Regarding the latter feature, the encryption key once stored in the IoT device is rarely changed, so if the encryption key is stolen or leaked, it will take a long time to be discovered and it will be recovered. There was a problem that the damage was not good enough.

The present invention has been made in view of such circumstances, and an object of the present invention is to provide a communication system adopting a strong and lightweight encryption method applied between an IoT device and a gateway device or the like. is there.

As a result of diligent research in view of the above-mentioned problems, the present inventor has been involved in encrypted communication between an IoT device and a gateway device or the like.
Message exchange protocol with a short message length specialized for IoT devices A strong encryption method with a low calculation processing load An encryption method that does not require an authentication procedure each time Communication that uses multiple transmission paths together according to the attributes of the transmission data By adopting the method, it was conceived that the above problems could be solved, and the present invention was achieved.

More specifically, the present invention constantly acquires sensing data about an object, and senses from the IoT device and the IoT device that transmit the sensing data and a message regarding the state of the own device or the object. An storage server that receives and stores data, an external posting server that receives a message from the IoT device and posts it to an external service based on at least a predetermined definition regarding the message content and the posting destination, the IoT device and the external posting. It is a communication system for managing IoT devices including a gateway server that relays message transmission / reception with and from the server, and the gateway server receives messages from each of the IoT devices and the external posting server. It stores the subscribe information that specifies the target IoT device or the external posting server, and when a message is received from the IoT device or the external posting server, each of the target IoT devices is based on the subscribing information. It provides a communication system characterized by transmitting the message to the device and / or the external posting server.

In the communication system for managing IoT devices of the present invention, the IoT device has a means for analyzing sensing data and detecting the occurrence of an abnormality in an object, and transmits the detection of the occurrence of an abnormality by including it in the message content. It is characterized by that.

The communication system for managing IoT devices of the present invention further includes an analysis server having means for analyzing sensing data and detecting the occurrence of an abnormality in an object, and the gateway server receives from the IoT device. When the content of the message to be sent includes the detection of the occurrence of an abnormality, the message is transmitted to the analysis server, and the analysis server acquires and acquires the sensing data of the object based on the message from the storage server that stores the object. When the sensing data is analyzed and an abnormality occurrence in the object is detected, the detection of the abnormality occurrence is included in the message content and transmitted to the gateway server.

In the communication system for managing IoT devices of the present invention, the IoT device is a camera having a means for analyzing image pickup data and detecting an abnormality in an object, recognizes a human body from the imaged data, and recognizes the human body. By estimating the basic skeleton and estimating the posture of the human body, it is determined whether or not the human body is in a fall state, and if it is in a fall state, the detection of the occurrence of a fall is included in the message content and transmitted. It is characterized by that.

In the communication system for managing IoT devices of the present invention, the MQTT protocol is applied to send and receive messages between the IoT device, the external posting server and / or the analysis server, and the transmitted / received data is at least destination information. It is characterized in that it is composed of an MQTT header including transmission condition information and an MQTT message unit for a message based on a predetermined message definition.

In the communication system for managing IoT devices of the present invention, the IoT device, the external posting server and / or the analysis server encrypts transmission / reception data by the MQTT protocol, and the encrypted data is used as an MQTT message unit. Add the same MQTT header as the transmission / reception data of, generate new transmission / reception data, and transmit it.
The IoT device, the external posting server, and / or the analysis server that have received the transmission / reception data are characterized in that the MQTT message unit is decoded to acquire the original transmission / reception data.

In the communication system for IoT device management of the present invention, the MQTT message unit included in the transmission / reception data by the MQTT protocol is the identification information of the own device or the communication partner device, the identification information of the installation facility, the time stamp, and the data storage in the storage server. It is characterized by containing at least one piece of information about the location.

As described above, according to the present invention, there is provided a communication system that employs a lightweight encryption method according to the performance of an IoT device.

It is a figure which shows outline the whole structure of the communication system for IoT device management which concerns on one Embodiment of this invention. It is a figure which shows outline the whole structure of the communication system for IoT device management which concerns on one Embodiment of this invention. It is a figure which conceptually shows the communication system between the IoT device, the gateway server, the external posting server, and the administrator terminal shown in FIGS. 1 and 2. It is a figure which shows typically the procedure of the encryption process in the communication between the IoT device, the gateway server, the external posting server, and the administrator terminal shown in FIGS. 1 and 2. It is a figure which shows typically the internal structure of the gateway server shown in FIG. 1 and FIG. It is a figure which shows typically the internal structure of the external posting server shown in FIGS. 1 and 2. It is a figure which shows typically the internal structure of the administrator terminal (subscriber) shown in FIG. 1 and FIG. It is a sequence diagram which shows the flow of the process which detects the abnormality of the device in the communication system for IoT device management which concerns on one Embodiment of this invention. It is a sequence diagram which shows the flow of the process of acquiring the state of a device in the communication system for IoT device management which concerns on one Embodiment of this invention. It is a figure which shows outline the whole structure of the communication system for IoT device management which concerns on one Embodiment of this invention. It is a figure which shows an example of abnormality detection by an AI camera in the communication system for IoT device management which concerns on one Embodiment of this invention. It is a figure explaining the outline of the operation of each device in the fall detection system using the surveillance camera which concerns on one Embodiment of this invention. It is a figure which shows an example of abnormality detection by an AI camera in the communication system for IoT device management which concerns on one Embodiment of this invention.

Hereinafter, the best mode for implementing the communication system for IoT device management of the present invention will be described in detail with reference to the accompanying drawings. 1 to 13 are diagrams illustrating embodiments of the present invention, in which the parts with the same reference numerals represent the same objects, and the basic configuration and operation are the same. To do.

Overall Configuration FIGS. 1 and 2 are diagrams schematically showing the overall configuration of a communication system for IoT device management according to an embodiment of the present invention.
In FIG. 1, this system includes various IoT devices, gateway servers, and facility administrator terminals installed in the target facility, and storage servers, external posting servers, management servers, and administrator terminals (subscribers) outside the target facility. It is composed of. These devices and terminals can always communicate via the Internet.
In FIG. 2, unlike FIG. 1, the gateway server is installed outside the target facility, but other devices and terminals are the same as those shown in FIG. 1, so that exactly the same information processing can be executed. It has become.

In this system, the facilities for which IoT devices are installed are factories, workshops, stores, warehouses, meetinghouses, schools, hospitals, nursing homes, etc., where monitoring, fixed point observation, and sensing by IoT devices are necessary or useful. Can include any site.
The IoT devices to be installed include surveillance cameras, temperature / humidity / illuminance sensors, temperature control devices, fire alarms, window door open / close sensors, fire alarms, smart locks, emergency buttons, etc., regarding the installation location or sensing target. This applies to any device that can acquire and transmit some information. Some IoT devices have an Ai function that analyzes sensing information, which will be described later.
In addition to having a wireless communication function as shown in the figure, the IoT device may have a separate wired communication means. In this case, communication for message exchange, which will be described later, can be used for wireless communication, and sensing data transmission can be used for wired communication, depending on the amount of data and urgency. The wireless communication function includes, for example, a physical layer / data link layer such as WiFi (IEEE802.11), WiMAX (IEEE802.16), 3GPP, LPWAN (Low Power Wide Area Network), FAN (Factory Area Network), and Bluetooth. Adopt communication standard.

The gateway server mediates information communication between various IoT devices, a storage server, an external posting server, a management server, and an administrator terminal (subscriber). That is, the gateway server is equipped with a communication protocol for exchanging messages including sensing information between the IoT device and the devices that use the IoT device. This will be described later.

The facility manager terminal shown in FIG. 1 is a terminal that manages IoT devices and gateway servers installed in the facility. The facility manager terminal shown in FIG. 2 is a terminal that manages IoT devices and routers installed in the facility and manages a portion of the gateway server installed outside the facility related to the facility. The facility manager terminal can also be a subscriber (described later).

The storage server is a device that stores information and data transmitted from the IoT device of the target facility. For example, sensing information over time such as temperature and humidity, various observation data, captured images / moving images, device operation information, and the like. Communication protocols such as FTP, SFTP, and SCP are used to continuously exchange large volumes of data with various IoT devices on a one-to-one basis.

The administrator terminal (subscriber) performs information communication with the IoT device, sends a message to the IoT device, receives a message from the IoT device, and performs various operations on the gateway server.

The external posting server (subscriber) performs information communication with the IoT device, sends a message to the IoT device, receives a message from the IoT device, and performs various operations on the gateway server. In addition, posting to an external service is performed according to the message received from the IoT device.

The management server manages the entire system. It mainly controls and manages gateway servers, storage servers, external posting servers, etc., but it is also possible for your machine to function as a publisher (described later) or a subscriber.

Communication method FIG. 3 is a diagram conceptually showing a communication method between various IoT devices, gateway servers, external posting servers, and administrator terminals shown in FIGS. 1 and 2.
In this system, a publish / subscribe type communication method is adopted as a communication method between the IoT device, the gateway server, the external posting server, and the administrator terminal.
The external posting server and the administrator terminal subscribe to a specific type of notification from a specific IoT device in advance. For example, the notification of sequential or periodic measurement execution by the sensing device may be subscribed, or only the notification of an abnormal value may be subscribed. Various IoT devices send a notification (publish) regarding the status of their own device to the gateway server.
In this way, as shown in FIG. 3, the gateway server that has received the notification (publish) from the IoT device can notify the terminal that wishes to receive the notification in advance (subscribe).
In this system, MQTT (Non-Patent Document 1) is adopted as this publish / subscribe type communication method. MQTT is a protocol that is easy to operate and lightweight, and can reduce the processing load of IoT devices. Further, since the protocol header length, which is the overhead of communication, is a minimum of 2 bytes, messages can be quickly transmitted and received without squeezing the bandwidth even in a low-speed wireless communication environment.

Next, the encryption method used in this system will be described.
The gateway shown in Patent Document 1 is used for communication between IoT devices, gateway servers, external posting servers, and administrator terminals in this system (including all other devices that perform publish / subscribe type communication by MQTT). Apply a common key encryption system with the server as the hub.

This encryption method uses a plurality of hash functions (H ₀ , H ₁ , H ₂ ) common to each terminal / device and numerical values unique to a plurality of terminals / devices (identification information ID _i and shared information ski _i , i _i ; device). It has a unique value i = 0, 1, 2, ...), And the gateway server holds all of this information.
When the gateway server communicates with each terminal / device, instead of exchanging the above common key, random numbers generated on the spot are exchanged, and this is combined with the numerical value unique to the terminal / device to perform hash calculation. The method is to exchange the obtained values again. As a result, after successful authentication, it is possible to generate a common encryption key by performing hash calculation by combining the numerical value unique to the terminal / device and the exchanged random number. In addition, the shared information unique to the terminal / device is periodically updated using a hash function in synchronization with the gateway server.
With such an encryption method, the gateway server and each terminal / device can authenticate each other by exchanging only information that does not cause any problem even if it is eavesdropped. Further, each person can generate the same encryption key through such authentication, and can send and receive an encrypted message using the same encryption key. It has been confirmed in Patent Document 1 that the information processing performance required for these processes is significantly lower than that of conventional encryption methods such as DES, AES, RSA, and SSL / TLS, and has the same strength as AES. There is.

FIG. 4 is a diagram schematically showing a procedure of encryption processing in communication between various IoT devices, gateway servers, external posting servers, and administrator terminals shown in FIGS. 1 and 2.
In the method of FIG. 4A, the MQTT message (consisting of the MQTT header and the message unit) exchanged between these terminals / devices is encrypted by the above encryption method and transmitted as the data unit unit of the wireless communication protocol. .. This method has an advantage that even if the IoT device does not have a TCP / IP connection environment as in the target facilities shown in FIGS. 1 and 2, encrypted communication can be performed as long as it can be connected to the gateway server by wireless communication. ..
In the method of FIG. 4B, the MQTT message (consisting of the MQTT header and the message part) exchanged between these terminals / devices is encrypted by the above encryption method, and this is used as a new MQTT message part. The same MQTT header as the MQTT message of is added and transmitted. In this method, the TCP / IP connection environment between the gateway server, external posting server, and administrator terminal can be used as it is (MQTT over TCP), high communication reliability is ensured, and it is easily implemented. There is an advantage that it can be done.

In this way, by applying a common key cryptosystem with a gateway server as a hub in this system, MQTT messages can be easily and quickly encrypted and sent and received. In addition, instead of the above-mentioned encryption method, SPEC (Non-Patent Document 2), which is said to have the same simplicity, light weight and strength, may be adopted.

Configuration of each node FIG. 5 is a diagram schematically showing the internal configuration of the gateway server shown in FIGS. 1 and 2.
In FIG. 5, the gateway server is a message definition database, a device / user information database, a request reception unit, a request processing unit, a processing result output unit, an authentication processing unit, an encryption processing unit, a device / user information registration unit, and a communication processing unit. have.

The message definition database stores MQTT protocol definitions (according to the provisions of Patent Document 1) and definitions of messages to be exchanged (arbitrarily defined in this system). The device / user information database contains information required for exchanging MQTT messages (publish / subscribe registration information, etc.) and information required for terminal / device authentication, in addition to identification information of devices / users who use this system. (Multiple hash functions (H ₀ , H ₁ , H ₂ ) common to each terminal / device and a plurality of device-specific numerical values (identification information ID _i and shared information ski _i , i _i ; device-specific values) described above. i = 0,1,2, ...) is included).

The request reception unit receives various requests in the MQTT protocol from IoT devices, external posting servers, administrator terminals, and the like. The request processing unit processes the request received based on the message definition database. The processing result output unit outputs the processing result of the request. For example, a message publish request, a publish release request, a subscribe / unsubscribe request, etc. are processed.
The MQTT message unit shown in FIG. 3 includes information such as identification information of the own device or the communication partner device, identification information of the installation facility, a time stamp, and a data storage location in the storage server. In addition, various information (device-specific information, shared information, hash function, random value, etc.) used in the above encryption method may be included.

The authentication processing unit performs authentication processing between the gateway server and the IoT device, the external posting server, the administrator terminal, and the like. The encryption processing unit encrypts / decrypts MQTT messages sent / received between the gateway server and the IoT device, the external posting server, the administrator terminal, and the like. A common key cryptosystem using the gateway server as a hub shown in Patent Document 1 described above is applied to the authentication process and the encryption process.

The device / user information registration unit registers necessary information in the device / user information database in response to a request from the system administrator or the like.

FIG. 6 is a diagram schematically showing the internal configuration of the external posting server shown in FIGS. 1 and 2.
In FIG. 6, the external post server includes a message definition database, an external post definition database, a request transmission unit, a message reception unit, a message processing unit, a processing result output unit, an external posting processing unit, an authentication processing unit, an encryption processing unit, and communication. It has a processing unit.
The message definition database, request transmission unit, message reception unit, message processing unit, processing result output unit, authentication processing unit, and encryption processing unit are the same as above.

The external posting processing unit posts predetermined contents to a predetermined external SNS, mail service, etc. in response to an MQTT message received from an IoT device or the like (in response to a command from the message processing unit). The external post definition database stores the definition for this process. The external posting definition includes, for example, the type of MQTT message to be targeted, the IoT device, its installation location, the posting destination address, the authentication information, and the posting content.

FIG. 7 is a diagram schematically showing the internal configuration of the administrator terminal (subscriber) shown in FIGS. 1 and 2.
In FIG. 7, the administrator terminal has a message definition database, a request transmission unit, a message reception unit, a message processing unit, a processing result output unit, an authentication processing unit, an encryption processing unit, and a communication processing unit. These are the same as above.
The facility manager terminal may also have the same configuration and function as the manager terminal as a subscriber.

Although not shown, each IoT device has a very simple and lightweight configuration and corresponds to a message definition database, a request transmission unit, a reception unit, a message processing unit, a processing result output unit, an authentication processing unit, and an encryption processing unit. It has a functional part to be used.

Outline of operation of this system The outline of operation of each device in this system will be described below.
FIG. 8 is a sequence diagram showing a flow of processing for detecting an abnormality in a device in this system.
In FIG. 8, first, the external posting server transmits a request for subscribing to the IoT device to be monitored to the gateway server. The gateway server processes this request and stores it in the device / user information database.
Here, it is assumed that the IoT device periodically publishes information on the state of its own device and the sensing target to the gateway server, and constantly transmits sensing data and the like to the storage server. The gateway server transfers the publish received from the IoT device to the external posting server which is its subscriber. If the content of this notification indicates normality, the external posting server does not have to take any action, or even if the content indicates normality, the device information notification message is displayed as a device information notification message at any time via the external SNS service. A notification may be sent to the user terminal.

When the notification content indicating an abnormality is published from the IoT device, the external posting server that receives this notification from the gateway server sends an abnormality detection notification to the user terminal via the external SNS service. In addition, an instruction is transmitted to the storage server so that the sensing data and the like received and stored from the IoT device can be transmitted in response to the download request. The monitor of the IoT device that receives the notification of abnormality detection to the user terminal via the external SNS service acquires the accumulated data for confirming the abnormality from the accumulation server.
In this way, the observer is promptly notified of the abnormality detection of the IoT device to be monitored, and the observer can immediately acquire the data for confirmation.
In addition, instead of the external posting server, an administrator terminal or a facility administrator terminal can perform the same function. In this case, the manager and the facility manager operate the manager terminal and the facility manager terminal to acquire the stored data from the storage server.

FIG. 9 is a sequence diagram showing a flow of processing for acquiring the state of the device in this system.
In FIG. 9, first, the external posting server and the IoT device to be monitored transmit a request to subscribe to each other to the gateway server. The gateway server processes these requests and stores them in the device / user information database.
Here, it is assumed that the IoT device constantly transmits sensing data and the like to the storage server.

The external posting server publishes a request for information acquisition from the IoT device to the gateway server according to an instruction from the monitor of the IoT device or according to preset conditions. The gateway server transfers the publish to the IoT device that subscribes to the external posting server. The IoT device periodically publishes information on the state of its own device and the sensing target to the gateway server in response to the request. The gateway server transfers the publish to an external posting server that subscribes to the IoT device. In addition, an instruction is sent to the storage server so that the sensing data, etc. received from the IoT device and stored can be transmitted in response to the download request (however, the notification content does not necessarily indicate an abnormality). , This process may be omitted.) If the content of this notification indicates normality, the external posting server does not have to take any action, or even if the content indicates normality, the device information notification message is displayed as a device information notification message at any time via the external SNS service. A notification may be sent to the user terminal. The monitor of the IoT device that has received the notification content to the user terminal via the external SNS service can acquire the accumulated data for confirming it from the storage server regardless of whether the content is normal or abnormal.
In this way, the observer can acquire the device information of the IoT device to be monitored at any time, constantly grasp the state, and take necessary measures promptly.
In addition, instead of the external posting server, an administrator terminal or a facility administrator terminal can perform the same function. In this case, the manager and the facility manager operate the manager terminal and the facility manager terminal to acquire the stored data from the storage server.

Application example of this system As a specific application example of this system, a fall detection system using a surveillance camera will be described.
FIG. 10 is a diagram schematically showing the overall configuration of this system.
In FIG. 10, this system is the same as that shown in FIG. 1 as an overall configuration, except that the IoT device is an AI camera and has a new analysis server. The other terminals / devices, processing units, etc. shown in FIG. 10 are the same as those described above.

In addition to the function of transmitting the imaging data (sensing data) to the storage server at any time and the status of the own machine as an MQTT message to the gateway server, the AI camera analyzes the captured image / video by the AI function and detects normal / abnormal conditions. It has a function of making a judgment and transmitting the judgment result as an MQTT message to the gateway server.

Here, as an example of abnormality detection by the AI camera, a method of detecting a person's fall will be described. The AI camera recognizes a human body from captured images / moving images, estimates the basic skeleton (or basic components) of the human body, and determines the posture of the human body based on this. A specific example thereof is shown in FIG. If it is determined that the human body has fallen based on this posture determination, the MQTT message for abnormality detection is published.

The analysis server analyzes the captured data (captured image / moving image) received from the AI camera upon request. Similar to the above, the human body is recognized from the captured image / moving image, the basic skeleton (or basic component) of the human body is estimated, and the posture of the human body is determined based on this. The analysis server can perform recognition / estimation / judgment processing with higher accuracy and a wider range than the AI camera that is set in the field and is always in operation.

The outline of the operation of each device in the fall detection system using the above-mentioned surveillance camera will be described below.
FIG. 12 is a sequence diagram showing a flow of processing for detecting an abnormality in a device in this fall detection system.
In FIG. 12, first, it is assumed that the external posting server subscribes to the AI camera to be monitored, and the AI camera constantly transmits the captured image / moving image data to the storage server.

When the AI camera detects a person's fall in the captured image / moving image, the AI camera publishes the abnormality detection information to the gateway server. The external posting server that receives this information via the gateway server sends a notification of abnormality detection to the analysis server and the user terminal. In addition, an instruction is transmitted to the storage server so that the captured image / moving image data received from the AI camera and stored can be transmitted in response to the download request. The analysis server that receives this notification acquires the captured image / moving image data from the storage server related to the notified abnormality. The analysis server determines whether or not a person has fallen from the captured image / video, and transmits the result to the external posting server. The external posting server sends the result to the user terminal. Further, it may be transmitted to an administrator terminal, a facility administrator terminal, or the like.
Thus, through the analysis of the 2-step by the analysis server AI camera and Calibration of a high abnormality detection information accuracy it is adapted to be notified immediately to the user terminal.
The AI camera generates an image / video in which the background is removed from the captured image / video, recognizes the human body based on the image / video, estimates the basic skeleton (or basic component) of the human body, and determines the basic skeleton (or basic component) of the human body. The posture of the human body may be determined. A specific example thereof is shown in FIG. By performing such pre-processing, the processing load of the AI camera is significantly reduced, and it becomes possible to perform analysis from 2.5 FPS to 3 FPS.

The communication system for managing IoT devices of the present invention has been described above by showing specific embodiments, but the present invention is not limited thereto. A person skilled in the art can make various changes and improvements to the configuration and the encrypted communication function of each device in each of the above embodiments without departing from the gist of the present invention.

As shown in FIGS. 1 to 13, the communication system for IoT device management of the present invention is an OS built on hardware resources including a computer CPU, memory, auxiliary storage device, display, input device, and the like. , Applications, databases, network systems, etc., and information processing of encrypted communication between IoT devices and gateway devices, etc. is specifically realized using the above hardware resources. Therefore, it corresponds to the technical idea utilizing the law of nature, and can be used in industries such as the manufacture of IoT devices and communication devices used therein.

Claims (6)

An IoT device that constantly acquires sensing data about an object and transmits the sensing data and a message regarding the state of the own device or the object, a storage server that receives and stores sensing data from the IoT device, and a storage server.
An external posting server that receives a message from the IoT device and posts it to an external service based on at least a predetermined definition of the message content and posting destination.
A communication system for managing IoT devices, which is composed of a gateway server that relays message transmission / reception between the IoT device and the external posting server.
The gateway server stores the subscribe information designating the IoT device or the external posting server to which each of the IoT device and the external posting server receives a message, and stores the IoT device or the external posting server. In the communication system that receives a message from the posting server and transmits the message to each target IoT device and / or the external posting server based on the subscribe information.
It also has an analysis server that has a means to analyze the sensing data and detect the occurrence of an abnormality in the object.
When the message content received from the IoT device includes detection of an abnormality, the gateway server transmits the message to the analysis server.
The analysis server acquires the sensing data of the object from the storage server that stores the object based on the message, analyzes the acquired sensing data, and when an abnormality occurs in the object, detects the occurrence of the abnormality in the message content. A communication system characterized by being included in the above and transmitting to the gateway server. The communication system according to claim 1, wherein the IoT device has a means for analyzing sensing data and detecting the occurrence of an abnormality in an object, and transmits the detection of the occurrence of the abnormality by including the detection in the message content. .. The IoT device is a camera having a means for analyzing imaging data and detecting an abnormality in an object, recognizes a human body from the imaging data, estimates the basic skeleton of the human body, and estimates the posture of the human body. The invention according to claim 1 or 2 , wherein it is determined whether or not the human body is in a fallen state, and if the human body is in a fallen state, the detection of the occurrence of the fall is included in the message content and transmitted. Communications system. The MQTT protocol is applied to send and receive messages between the IoT device, the external posting server and / or the analysis server.
The transmission / reception data is any one of claims 1 to 3 , wherein the transmission / reception data is composed of an MQTT header including at least destination information and transmission condition information, and an MQTT message unit for a message based on a predetermined message definition. The communication system described in. The IoT device, the external posting server and / or the analysis server encrypt the transmission / reception data by the MQTT protocol, use the encrypted data as the MQTT message unit, and add the same MQTT header as the original transmission / reception data to newly add. Generate and send transmission / reception data
The communication system according to claim 4 , wherein the IoT device, the external posting server, and / or the analysis server that have received the transmission / reception data decode the MQTT message unit to acquire the original transmission / reception data. The MQTT message part included in the data sent and received by the MQTT protocol is
Any one of claims 1 to 5 , characterized in that it contains at least one of the identification information of the own device or the communication partner device, the identification information of the installation facility, the time stamp, and the data storage location in the storage server. The communication system described in.