JP6989457B2 - External information receiving / distributing device, data transmission method, and program - Google Patents

Description

The present invention relates to an external information receiving / distributing device, a data transmission method, and a program.

In recent years, with the development of IoT (Internet of Things) technology, the types and number of devices (IoT devices) that can be connected to communication networks such as the Internet are increasing. The IoT device is generally housed in a private network such as a LAN (Local Area Network), and communicates with an external communication device via a gateway device connecting the LAN and the Internet. As a result, for example, it is possible to operate an IoT device installed indoors from the outside using a communication device such as a smartphone, upload the data of the IoT device to a server device in the cloud, and use the network. The morphology is diversifying.

Improving security is a major issue in network systems including IoT devices. As one of the techniques for improving the security in a network system including an IoT device, a communication system in which IoT edge computing is applied to a gateway device is known (see, for example, Patent Document 1). This type of technology improves security by logically separating access routes between IoT devices, gateway devices, and external server devices and using different routes for communication between multiple systems.

Japanese Unexamined Patent Publication No. 2017-175264

Some network systems including IoT devices transmit various data from the outside of a private network such as a LAN accommodating IoT devices to a communication device accommodated in the LAN. In this type of network system, it is a big problem to take measures against the intrusion into the LAN via the gateway device and the modification or alteration of the destination or the content of the data transmitted from the IoT device to the external server device. It is one of. For example, IoT devices housed in LANs (in-hospital networks) built in hospitals in the healthcare industry, etc., have low value when viewed as individual data, but new value is achieved by aggregating and analyzing the data. May be born. In such a situation, the data collected by the IoT device may be aggregated in an external server device, but if the destination of the data is changed or incorrect data is aggregated in the server device, the aggregated data will be aggregated. It becomes difficult to make effective use of it.

In one aspect, the present invention aims to improve the security against intrusion from the outside in the network accommodating the IoT device.

The external information receiving / distributing device according to the first aspect of the present invention includes a first information processing device connected to a first network accommodating a plurality of communication devices including an IoT device, and the first network. The second information processing apparatus connected to the second network having a different address system includes the communication protocol between the first information processing apparatus and the first network, the second information processing apparatus, and the second information processing apparatus. An external information receiving / distributing device that performs serial communication according to a dedicated protocol different from the communication protocol with the network, and the first information processing device is collected by the IoT device housed in the first network. When the data is received, the received data is transferred to the second information processing apparatus by the serial communication, and the second information processing apparatus transfers the data transferred from the first information processing apparatus to the second information processing apparatus. Transfer to an external device connected to the second network.

Further, when the first information processing apparatus in the external information receiving / distributing device receives the data of the IoT device, the data edging that deletes the portion of the received data that can be deleted without any problem is further added. The first information processing apparatus transfers the data partially deleted by the data edging to the second information processing apparatus.

The data transmission method according to the second aspect of the present invention is an address system in which a first information processing device connected to a first network accommodating a plurality of communication devices including an IoT device and the first network are connected to each other. Data for transmitting data from the IoT device housed in the first network to a server device connected to the second network via a second information processing device connected to a second network different from each other. In the transmission method, after the first information processing device permits the connection of the IoT device to the first information processing device, the IoT device transmits the data to the first information processing device. The first information processing device is a dedicated protocol different from the communication protocol between the first information processing device and the first network and the communication protocol between the second information processing device and the second network. The data received from the IoT device is transferred to the second information processing apparatus by serial communication according to the above, and the second information processing apparatus transfers the data received from the first information processing apparatus to the second information processing apparatus. This is a data transmission method for transferring data to a server device.

The program according to the third aspect of the present invention connects the IoT device housed in the first network to the computer included in the external information receiving / distributing device connecting the first network and the second network. After permitting, the data transmitted by the IoT device is used for communication between the computer and the first network and communication between the second network and another information processing device included in the external information receiving / distributing device. It is a program including a process of transmitting to the other information processing apparatus by serial communication according to a dedicated protocol different from the protocol.

In addition, when the program has a discrepancy between the information of the file held by the computer and the information of the file corresponding to the file and which is guaranteed to be secure, the program sets the current file as described above. A service information database in which information on services running on the computer and information indicating services permitted to be executed by the computer are registered, as well as processing to replace and recover files that are guaranteed to be secure. When there is a difference between the information of the running service registered in, the execution program of the running service is replaced with the execution program guaranteed to be secure, and the process is restored. Further includes.

According to the present invention, it is possible to improve the security against intrusion from the outside in the network accommodating the IoT device.

It is a figure which shows the configuration example of the network system which concerns on one Embodiment. It is a figure which shows the functional configuration of the external information receiving and distribution apparatus which concerns on one Embodiment. It is a figure which shows the example of the device information DB and the service information DB. It is a flowchart explaining the method of registering a device information. It is a sequence diagram explaining the operation of the external information receiving and distribution device and the IoT device which concerns on one Embodiment. It is a sequence diagram explaining the content of the data upload process of the IoT device and the data transfer process of the first information processing apparatus. It is a flowchart explaining the process which the 1st information processing apparatus performs at the time of restart. It is a flowchart explaining the monitoring process for the service performed by the 1st information processing apparatus. It is a figure which shows the hardware configuration of a computer.

FIG. 1 is a diagram showing a configuration example of a network system according to an embodiment. FIG. 1 shows a network system 1 including an in-hospital network 2 and a server device 11.

The in-hospital network 2 is a private network that accommodates a plurality of terminal devices 3 (3A, 3B) installed in the hospital, an external information receiving / distributing device 4, and a plurality of IoT devices 7. The plurality of terminal devices 3, the external information receiving / distributing device 4, and the plurality of IoT devices 7 in the hospital network 2 have an address system (private address) different from that of the communication network 10 such as the Internet existing outside the hospital network 2, respectively. ) Is assigned an address.

Each of the plurality of terminal devices 3 (3A, 3B) is an information processing device such as a computer used by a medical worker such as a doctor. The terminal device 3 is used, for example, for inputting, storing, and browsing a patient's medical record (medical record). Further, any one of the plurality of terminal devices 3 (3A, 3B) (for example, the terminal device 3A) may be a server device that stores various data including a patient's medical examination record.

The external information receiving / distributing device 4 is a gateway device that connects the hospital network 2 and the communication network 10 existing outside the hospital network 2. The external information receiving / distributing device 4 in the network system 1 according to the present embodiment is a device capable of wireless communication with a wireless communication device on the private side (in-hospital network 2 side).

Each of the plurality of IoT devices 7 (7A, 7B) is a communication device including a sensor for collecting desired data and a communication unit. For example, the IoT device 7A includes a temperature sensor that measures the temperature in a hospital and a wireless communication unit capable of wireless communication conforming to the BLE (Bluetooth Low Energy. Bluetooth is a registered trademark) standard. Further, for example, IoT device 7B includes a sensor for monitoring the operating state of the medical device, and a communication unit capable of communication complying with ^{I 2 C (Inter-Integrated Circuit} ) bus standard.

The server device 11 in the network system 1 according to the present embodiment is a device that aggregates various data input to the terminal device 3 and various data collected by the IoT device 7. Various data aggregated in the server device 11 are not only stored as a backup, but also, for example, sharing of patient's medical examination records with users (medical workers, etc.) of the in-hospital network of other hospitals, improving the environment in the hospital, etc. Used for.

In this type of network system 1, for example, the terminal device 12 illegally accesses the hospital network 2 from outside the hospital network 2 via the communication network 10, and various data and programs in the terminal device 3 and the IoT device 7 are used. There is a risk of altering or tampering with the various collected data. For example, the data collected by each of the plurality of IoT devices 7 may have low value when viewed individually, but if altered or tampered data is mixed in, the data aggregated in the server device 11 can be effectively used. It will be difficult.

FIG. 2 is a diagram showing a functional configuration of an external information receiving / distributing device according to an embodiment.

As shown in FIG. 2, the external information receiving / distributing device 4 according to the present embodiment includes a first information processing device 5 and a second information processing device 6. The first information processing device 5 is a device on the hospital network 2 side, and is connected to a plurality of terminal devices 3 and a plurality of IoT devices 7 accommodated in the hospital network 2 (see FIG. 1). The second information processing device 6 is a device on the external network side and is connected to the communication network 10 (see FIG. 1).

The first information processing device 5 includes a software component 51 and a communication device 59.

The software configuration unit 51 is a function realized by various software including an OS (Operating System) 58. The software component 51 of the first information processing apparatus 5 includes functions of business logic (mobile server program) 52, device control 53, communication management 54, white list management 55, performance monitoring 56, and OS 58.

The business logic 52 operates under the OS 58, and includes the functions of device control management 52a, communication management 52b, data edging 52c, and common processing 52d. The device control management 52a manages the control of the device by the device control 53. The communication management 52 manages various communications such as transmission and reception of telegrams to and from the second information processing apparatus 6. The data edging 52c performs a data edging process on the data received from the IoT device 7 (in other words, a process of deleting a portion of the data that can be deleted and reducing the amount of data transmitted to the server device 11). conduct. The common process 52d receives and generates a telegram, manages various data, and the like. The business logic (mobile server program) 52 in the first information processing apparatus 5 may include, for example, functions (not shown) such as patient data management, display data management, patient data, and reception information acquisition process. Patient data management manages data about patients. The display data management manages the data to be displayed on the patient guidance display board installed in the hospital, for example. Patient data stores data about the patient.

The device control 53 controls the device included in the first information processing device 5 and the device connected to the first information processing device 5. The device control 53 includes a plurality of control modules including the control module 53a. One of the plurality of control modules included in the device control 53 controls the communication device 59 included in the first information processing device 5. The communication device 59 performs serial communication with the communication device 69 included in the second information processing device 6 according to a dedicated protocol. Here, the dedicated protocol used for communication between the communication devices 59 and 69 includes the communication protocol between the first information processing device 5 and the hospital network 2 (for example, TCP / IP and BLE, etc.) and the second information processing device 6. It is a protocol different from the communication protocol (for example, TCP / IP, etc.) with the communication network 10. Further, the control module included in the device control 53 includes a control module that controls each of the plurality of IoT devices 7 (7A, 7B) connected to the first information processing device 5.

The communication management 54 controls the general functions of the transmission / reception management 54a and the LAN 54b, and manages the communication with the in-hospital system 2 and the communication with the second information processing device 6.

The white list management 55 manages a device that is permitted to connect to the first information processing device 5 and a service that is permitted to be executed in the first information processing device 5 by a white list method. The white list management 55 includes a white list type device information DB 55a and a service information DB 55b. The device information DB 55a stores information indicating a device that is permitted to connect to the first information processing device 5. The service information DB 55b stores information indicating a service (executable file) permitted to be executed by the first information processing apparatus 5. Further, when the information about the service (executable file) executed by the first information processing apparatus 5 and the information registered in the service information DB 55b are different from each other, the white list management 55 performs the service (executable file). (Executable file) is restored to the same state.

The performance monitoring 56 monitors the performance of the first information processing apparatus 5, such as traffic, a state after restarting, and a state after updating. In the performance monitoring 56, for example, when there is a discrepancy between the current information about the file installed in the first information processing device 5 and the information at the time of installation, the information of the installed file becomes the information at the time of installation. To recover.

Further, the second information processing device 6 includes the software component unit 61 and the communication device 69 as in the first information processing device 5.

The software configuration unit 61 is a function realized by various software including an OS (Operating System) 68. The software configuration unit 61 of the second information processing apparatus 6 includes functions of business logic (external distribution server program) 62, device control 63, communication management 64, white list management 65, performance monitoring 66, and OS 68.

The business logic 62 operates under the OS 68, and includes device control management 62a, communication management 62b, and common processing 62d. The device control management 62a manages the control of the device by the device control 63. The communication management 62b manages various communications such as transmission and reception of a telegram to and from the first information processing apparatus 5. The common process 62d receives and generates a telegram, manages various data, and the like. The business logic (external distribution server program) 62 in the second information processing apparatus 6 may include functions such as an email fixed phrase and an external information linkage process (not shown), for example. The mail fixed phrase manages the fixed phrase of the mail to be transmitted to the server device 11 or the like. The external information linkage process is, for example, a function of transmitting a mail request message to the server device 11 based on a request from the first information processing device 5, and a function of receiving access information from the server device 11 and the first information processing device. Includes a function to notify 5.

The device control 63 controls the device included in the second information processing device 6 and the device connected to the second information processing device 6. The device control 63 includes a plurality of control modules including the control module 63a. One of the plurality of control modules included in the device control 63 controls the communication device 69 included in the second information processing device 6. The communication device 69 performs serial communication with the communication device 59 included in the first information processing device 5 according to a dedicated protocol.

The communication management 64 controls each function of the transmission / reception management 64a, the global IP 64b, and the WAN (Wide Area Network) 64c, and manages the communication with the communication network 10 and the communication with the first information processing device 5. Here, the global IP 64b is, for example, a global IP address assigned to the external information receiving / distributing device 4 according to the address system of the communication network 10.

The white list management 65 manages a device that is permitted to connect to the second information processing device 6 and a service that is permitted to be executed in the second information processing device 6 by a white list method. The white list management 65 includes a white list type device information DB 65a and a service information DB 65b. The device information DB 65a stores information indicating a device that is permitted to connect to the second information processing device 6. The service information DB 65b stores information indicating a service (executable file) permitted to be executed by the second information processing apparatus 6. Further, when the information about the service (executable file) executed by the second information processing apparatus 6 and the information registered in the service information DB 65b are different from each other, the white list management 65 provides the service (executable file). (Executable file) is restored to the same state.

The performance monitoring 66 monitors the performance of the second information processing apparatus 6, such as traffic, a state after restarting, and a state after updating. In the performance monitoring 56, for example, when there is a discrepancy between the current information about the file installed in the second information processing device 6 and the information at the time of installation, the information of the installed file becomes the information at the time of installation. To recover.

As described above, the external information receiving / distributing device 4 according to the present embodiment is a dedicated protocol between the first information processing device 5 on the in-hospital network 2 side and the second information processing device 6 on the external network side. Perform serial communication according to the rules. Therefore, for example, when the terminal device 12 (see FIG. 1) attempts an unauthorized access to the hospital network 2 from outside the hospital network 2, the intrusion into the first information processing device 5 is blocked. Is possible.

Further, the first information processing device 5 and the second information processing device 6 allow the device to be connected based on the white list type device information DBs 55a and 65a, respectively, and the white list type service information DB 55b. And allow the service to run based on 65b. Therefore, the external information receiving / distributing device 4 according to the present embodiment can more reliably prevent unauthorized access to the in-hospital network 2.

FIG. 3 is a diagram showing an example of a device information DB and a service information DB. FIG. 3 shows an example of the device information DB 55a and the service information DB 55b of the white list management 55 in the first information processing apparatus 5.

As described above, the first information processing device 5 is an information processing device on the hospital network 2 side in the external information receiving / distributing device 4, and is a plurality of terminal devices 3 and a plurality of terminal devices 3 accommodated in (belonging to) the hospital network 2. It is connected to the IoT device 7. Therefore, in the device information DB 55a of the white list management 56 in the first information processing device 5, information indicating a plurality of terminal devices 3 and a plurality of IoT devices 7 accommodated in the hospital network 2 is stored (registered). Will be). The device information (hereinafter, also referred to as “device information”) stored in the device information DB 55a includes a device name, an address, a registration date and time, and validity, as shown in FIG. The ID in the device information DB 55a of FIG. 3 is a number assigned to each device information in order to identify the stored device information.

The device name in the device information DB 55a is, for example, a device name (identification information) set for each device in order to identify each of the plurality of devices accommodated in the hospital network 2. The address in the device information DB 55a is, for example, a private address (local address) assigned only to each device accommodated in the hospital network 2 and valid only in the hospital network 2. The registration date and time in the device information DB 55a is the date and time when the device information is registered in the device information DB 55a. The validity in the device information DB 55a is information indicating whether or not the device information is valid in the management of the connection of the device to the first information processing apparatus 5 based on the device information DB 55a. That is, the first information processing apparatus 5 permits only the connection of the device whose device information is registered in the device information DB 55a and whose validity is "valid".

On the other hand, in the service information DB 55b of the white list management 55 in the first information processing device 5, information indicating a service permitted to be executed by the first information processing device 5 is stored (registered). The service information (hereinafter, also referred to as “service information”) stored in the service information DB 55b includes a service name, an executable file name, an installation date and time, and validity, as shown in FIG. The ID in the service information DB 55b of FIG. 3 is a number assigned to each service information in order to identify the stored service information.

The service name in the service information DB 55b is a service name (identification information) set for each of the various services regardless of whether or not the first information processing apparatus 5 is permitted to execute the service name. The executable file name in the service information DB 55b is, for example, a file name of a program executed by the first information processing apparatus 5 when providing a service. The date and time of installation in the service information DB 55b is the date and time when the program was installed in the first information processing apparatus 5. The validity of the service information DB 55b is information indicating whether or not the service information is valid in the management of whether or not the service can be executed based on the service information DB 55b. That is, the first information processing apparatus 5 executes only the service whose service information is registered in the service information DB 55b and whose effectiveness is "valid".

As described above, even if the device information is registered in the device information DB 55a, the first information processing apparatus 5 does not allow the connection of the device if the validity is not "valid". .. Similarly, even if the service information is registered in the service information DB 55b, the first information processing apparatus 5 does not execute the service if the validity is not "valid".

Further, although the description with reference to the figure is omitted, the device information DB 65a and the service information DB 65b of the whitelist management 65 in the second information processing apparatus 6 have the device information DB 55a and the service information DB of FIG. 3, respectively. Stores (registers) the same information as 65b.

Next, with reference to FIG. 4, a method of registering device information in the device information DB 55a of the first information processing apparatus 5 will be described.

FIG. 4 is a flowchart illustrating a method of registering device information.

When registering device information in the device information DB 55a of the first information processing device 5, the first information processing device 5 first performs an administrator authentication process as shown in FIG. 4 (step S11). Here, the administrator is the administrator of the in-hospital network 2 (external information receiving / distributing device 4).

If the administrator is successfully authenticated in step S11, the first information processing apparatus 5 then effectively changes the write right of the first information processing apparatus 5 to the device information DB 55a (step S12). The process of step S12 is performed by, for example, the white list management 55 of the first information processing apparatus 5.

Next, the first information processing apparatus 5 receives a request for registration of device information (step S13).

Next, the first information processing apparatus 5 performs an authentication process for the write right to the device information DB 55a (step S14), and if the authentication is successful, registers the device information in the device information DB 55a (step S15). ). The white list management 55 performs the processes of steps S14 and S15.

When the registration of the device information in the device information DB 55a is completed, the first information processing apparatus 5 invalidates the write right to the device information DB 55a (step S16), and ends the process of registering the device information. do.

As described above, in the first information processing apparatus 5 according to the present embodiment, the device information DB is performed only when the two authentications of the administrator authentication (step S11) and the write right authentication (step S14) are successful. Device information can be registered in 55a. Therefore, for example, it is possible to prevent a situation in which unintended (connection is not permitted) device information is registered in the device information DB 55a by a user or the like without administrator authority.

Although the description with reference to the figure is omitted, the addition (registration) of the service information to the service information DB 55b of the first information processing apparatus 5 is also performed by the same procedure as the above procedure. Further, the addition (registration) of the device information to the device information DB 65a of the second information processing apparatus 6 and the addition (registration) of the service information to the service information DB 65b are also performed by the same procedure as the above procedure. Therefore, it is possible to prevent a situation in which unintended information is registered in each of the service information DB 55b, the device information DB 65a, and the service information DB 65b by a user or the like without administrator authority.

The process of steps S11 to S16 in FIG. 4 is only an example of the process of registering device information in each of the device information DBs 55a and 65a. The process of registering device information is not limited to the process according to the flowchart of FIG. 4, and can be changed as appropriate. Similarly, the process of registering the service information in each of the service information DBs 55b and 65b can be appropriately changed.

When information is registered in the device information DB 55a and the service information 55b of the first information processing device 5 and the device information DB 65a and the service information 65b of the second information processing device 6, the external information receiving / distributing device 4 is used as a gateway. It becomes possible to operate as a device. As described above, the external information receiving / oscillating device 4 operating as a gateway device is a server device 11 installed outside the hospital network 2 for various data collected by each of the plurality of IoT devices 7 housed in the hospital network 2. And so on. Hereinafter, the operations of the external information receiving / distributing device 4 and the IoT device 7 in the network system 1 of the present embodiment will be described with reference to FIGS. 5 and 6.

FIG. 5 is a sequence diagram illustrating the operation of the external information receiving / distributing device and the IoT device according to the embodiment. FIG. 6 is a sequence diagram illustrating the contents of the data upload process of the IoT device and the data transfer process of the first information processing apparatus.

In the network system 1 according to the present embodiment, for example, as shown in FIG. 5, when the predetermined first time T1 arrives, the first information processing device 5 in the external information receiving / delivering device 4 activates various programs. Along with (step S51), the second information processing apparatus 6 activates various programs (step S61). In step S51, the first information processing apparatus 5 starts the OS 58 and then starts a program including various processes performed by the software configuration unit 51. Further, in step S61, the second information processing apparatus 6 starts the OS 68 and then starts a program including various processes performed by the software configuration unit 62.

After that, the first information processing device 5 and the second information processing device 6 open communication ports (steps S52 and S62), respectively, and confirm whether they are alive or dead (confirmation of whether or not they are in a communicable state). (Steps S53 and S63). At this time, the first information processing device 5 and the second information processing device 6 confirm the life or death by serial communication according to the dedicated protocol.

When it is confirmed in steps S53 and S63 that they can communicate with each other, the first information processing apparatus 5 generates a connection start message and transmits it to the second information processing apparatus 6 (step S54). The connection start message is generated by the common process 52d of the business logic (mobile server program) 52 in the first information processing device 5. The connection start message is transmitted from the communication device 59 of the first information processing device 5 to the communication device 69 of the second information processing device 6 by serial communication.

The second information processing apparatus 6 that has received the connection start message performs a predetermined response process, generates a response message, and returns it to the first information processing apparatus 5 (step S64). The response message is generated by the common process 62d of the business logic (external distribution server program) 62 in the second information processing apparatus 6. The response message is transmitted from the communication device 69 of the second information processing device 6 to the communication device 59 of the first information processing device 5 by serial communication.

Upon receiving the response message, the first information processing device 5 establishes a connection with the second information processing device 6 (step S55). After completing the above processing, the external information receiving / distributing device 4 starts operating as a gateway device. After that, the external information receiving / distributing device 4 transmits data from the terminal device 3 and the IoT device 7 housed in the hospital network 2 to the external server device 11, and the terminal device 3 transmits the data of the server device 11. It becomes possible to acquire.

After the connection between the first information processing device 5 and the second information processing device 6 is established, for example, when a predetermined second time T2 arrives, the IoT device 7 uses its own sensor to provide predetermined data. Is performed in a data upload process (step S7) of collecting and transmitting the data to the server device 11. At this time, the data collected by the IoT device 7 is first transmitted to the first information processing device 5. Therefore, when the IoT device 7 executes the data upload process, the first information processing device 5 performs a data transfer process (step S56) for transferring the data transmitted by the IoT device 7 to the second information processing device 6. ..

When the IoT device 7 starts the data upload process, the first information processing device 5 collates the device information of the IoT device 7 with the device information registered in the device information DB 55a, and the IoT device 7 is connected. Determines if the device is an authorized device. Then, only when it is determined that the IoT device 7 is a device for which connection is permitted, the first information processing device 5 transfers the data transmitted by the IoT device 7 to the second information processing device 6. Specific examples of the data upload process (step S7) of the IoT device 7 and the data transfer process (step S56) of the first information processing apparatus 5 will be described later.

When the data transmitted by the IoT device 7 is transferred from the first information processing device 5 to the second information processing device 6, the second information processing device 6 transmits the transferred data to the server device 11. (Step S66). In the process of step S66, the second information processing apparatus 6 packetizes the data received from the first information processing apparatus 5 with the global IP 64b as the source address and transmits the data to the server apparatus 11. When the server device 11 receives the data transmitted by the second information processing device 6, the server device 11 stores the data in the storage device (S110).

When the predetermined third time T3 arrives after the upload of data from the IoT device 7 to the server device 11 is completed, the first information processing device 5 and the second information processing device 6 send a predetermined message to each other. Is sent and received to disconnect the connection (steps S57 and S67).

When the connection is disconnected, the first information processing apparatus 5 terminates the various programs being executed (step S58) and restarts the various programs (step S59). Similarly, when the connection is disconnected, the second information processing apparatus 6 terminates the various programs being executed (step S68) and restarts the various programs (step S69). After restarting the various programs, the first information processing apparatus 5 performs the processing after step S52, and the second information processing apparatus 6 performs the processing after step S62. After that, the external information receiving / distributing device 4 restarts various programs of the first information processing device 5 and the second information processing device 6 every time a predetermined time arrives. The time for restarting the various programs of the first information processing device 5 and the second information processing device 6 may be appropriately set. For example, once a day, when a predetermined time arrives, the various programs of the first information processing device 5 and the second information processing device 6 are set to be restarted.

It should be noted that one IoT device 7 is used a plurality of times during the period from the establishment of the connection between the first information processing device 5 and the second information processing device 6 to the arrival of the time T3 for restarting various programs. , Data upload processing (step S7) may be performed. Further, when a plurality of IoT devices 7 are accommodated in the hospital network 2, each of the plurality of IoT devices 7 performs a data upload process (step S7) at a predetermined timing. Therefore, each time each of the plurality of IoT devices 7 executes a data upload process, the first information processing device 5 and the second information processing device 6 perform a process of transferring data (steps S56 and S66).

As described above, in the network system 1 according to the present embodiment, the IoT device 7 housed in the in-hospital network 2 is set to a predetermined time each time a predetermined time arrives during the period when the external information receiving / distributing device 4 is operating. The data is collected and uploaded to the first information processing apparatus 5. At this time, an example of the data upload process (step S7) performed by the IoT device 7 and the data transfer process (step S56) performed by the first information processing apparatus 5 will be described with reference to FIG. FIG. 6 is a sequence diagram illustrating the contents of the data upload process of the IoT device and the data transfer process of the first information processing apparatus. It is assumed that the IoT device 7 shown in FIG. 6 is one of the communication devices accommodated in the hospital network 2, and the device information is registered in the device information DB 55a as described above.

When a predetermined time arrives, the IoT device 7 performs, for example, a process as in steps S71 to S75 of FIG. 6 as a data upload process (step S7). The IoT device 7 that has started the data upload process first transmits its own device information including the device name and the assigned address to the first information processing device 5 (step S71).

When the first information processing apparatus 5 receives the device information of the IoT device 7, the first information processing apparatus 5 performs, for example, the processes of steps S561 to S564 of FIG. 6 as the data transfer process (step S56). The first information processing apparatus 5 that has started the data transfer process first collates the device information received from the IoT device 7 with the device information registered in the device information DB 55a, and permits connection based on the collation result. Notification of whether or not to do so is transmitted to the IoT device 7 (step S561). When the device information received from the IoT device 7 is registered in the device information DB 55a, the first information processing device 5 transmits a notification permitting the connection to the IoT device 7. On the other hand, when the device information received from the IoT device 7 is not registered in the device information DB 55a, the first information processing device 5 transmits a notification that the connection is not permitted to the IoT device 7. The IoT device 7 in the sequence of FIG. 6 is one of the communication devices accommodated in the hospital network 2, and the device information is registered in the device information DB 55a as described above. Therefore, the first information processing apparatus 5 transmits a notification permitting the connection to the IoT device 7.

Upon receiving the notification from the first information processing device 5, the IoT device 7 performs data transmission processing (steps S72 to S75) of transmitting the data collected by the sensor included in the IoT device 5 to the first information processing device 5. FIG. 6 shows a loop process of transmitting data 60 times in one data upload process as an example of the data transmission process performed by the IoT device 7.

At the beginning (step S72) of the data transmission process (loop process), the IoT device 7 is, for example, the second time in the data transmission process currently being performed to transmit data to the first information processing device 5. Count. In this case, the IoT device 7 sets the initial value of the variable t indicating the number of times of data transmission in the process of step S72 in the first loop process to 1, and thereafter sets the variable t to 1 each time the process returns to step S72. Is added.

Next, the IoT device 7 reads the data output by its own sensor for one second (step S73), and transmits the read data to the first information processing device 5 (step S74).

After that, the IoT device 7 determines whether or not the number of times of data transmission in the data transmission processing currently being performed is 60 times or more (that is, t ≧ 60) at the end (step S75) in the data transmission processing (loop processing). judge. When the number of times of data transmission is 59 times or less (t <60), the IoT device 7 repeats the processes after step S72. On the other hand, when the number of times of data transmission becomes 60 times or more, the IoT device 7 ends the data transmission process of steps S72 to S75, and ends the data upload process (step S7).

Here, the description returns to the description of the data transfer process (step S56) performed by the first information processing apparatus 5. When the first information processing apparatus 5 transmits the notification permitting the connection to the IoT device 7 in the process of step S561, the first information processing apparatus 5 waits in a state where the data from the IoT device 7 can be received. Then, while the IoT device 7 is performing the data transmission process (steps S72 to S75), the first information processing apparatus 5 expands the received data into the memory each time the data is received from the IoT device 7 (steps S72 to S75). Step S562). When the first information processing apparatus 5 receives data from the IoT device 7 60 times, the first information processing apparatus 5 ends the process of step S562, and then performs the data edging process (step S563).

The data edging process in step S563 is performed by, for example, the data edging 52c of the first information processing apparatus 5. The data edging 52c deletes a portion of the data received from the IoT device 7 and expanded to the memory that can be deleted without any problem, and reduces the amount of data to be transferred to the server device 11. For example, in the data edging 52c, among the data received from the IoT device 7, the data whose data does not change other than the date and time is deleted from the memory leaving the last one record.

When the data edging process is completed, the first information processing device 5 transfers the data in the memory to the second information processing device 6 (step S564), and ends the data transfer process (step S56). At this time, the data transfer from the first information processing device 5 to the second information processing device 6 is performed by serial communication according to the dedicated protocol as described above. When the second information processing device 6 receives the data from the IoT device, the second information processing device 6 transfers the received data to the server device via the communication network 7.

As described above, in the external information receiving / distributing device 4 of the present embodiment, the data that the first information processing device 5 that has received the data from the IoT device 7 deletes the portion that does not cause any problem even if it is deleted from the received data. Perform edging processing. Therefore, in the external information receiving / distributing device 4 of the present embodiment, it is possible to reduce the amount of data transmitted from the first information processing device 5 to the server device 11 or the like via the second information processing device 6. Therefore, it is possible to prevent delays due to an increase in traffic and the like.

Further, in the external information receiving / distributing device 4 of the present embodiment, communication between the first information processing device 5 and the second information processing device 6 is performed by serial communication according to a dedicated protocol. Therefore, in the external information receiving / distributing device 4 of the present embodiment, for example, it is possible to prevent unauthorized access to the hospital network 2 from the outside of the hospital network 2 (second information processing device 6 side). .. Therefore, it is possible to prevent the IoT device 7 from malfunctioning due to an attack on the IoT device 7 and to effectively use various data collected by the IoT device 7.

Further, as described above, when a communication device not registered in the device information DB 55a attempts to connect to the first information processing device 5, the first information processing device 5 permits the connection to the communication device. Do not send notifications. Therefore, the external information receiving / distributing device 4 of the present embodiment can prevent, for example, a DoS attack (Denial of Service attack) from a communication device that does not allow connection to the first information processing device 5. It becomes.

The process of steps S71 to S75 in the sequence of FIG. 6 is only an example of the data upload process (step S7) performed by the IoT device 7. The content of the data upload process can be appropriately changed according to the content of the data collected by the IoT device 7. For example, the number of times data is transmitted from the IoT device 7 to the first information processing device 5 is not limited to 60 times, and may be one time or a plurality of times other than 60 times. Further, one piece of data transmitted from the IoT device 7 to the first information processing device 5 is not limited to data for one second, but may be momentary data for less than one second, or more than one second. The data may be for a longer period. Further, the IoT device 7 may notify the first information processing apparatus 5 of the end of the data upload process (step S7), for example.

Further, the processing of steps S561 to S564 in the sequence of FIG. 6 is only an example of the data transfer processing (step S56) performed by the first information processing apparatus 5. The content of the data transfer process can be appropriately changed according to the content of the data received from the IoT device 7. For example, the data transfer process includes a process of determining whether or not to perform the data edging process (step S563) according to the data amount (capacity) of the data received from the IoT device 7, and the data amount is equal to or less than the threshold value. In that case, the data edging process may be omitted. Further, for the data transfer process, for example, it may be determined whether or not the data edging process (step S563) is performed for each IoT device 7.

Here, the description of the sequence of FIG. 5 is returned to. In the sequence of FIG. 5, the first information processing apparatus 5 and the second information processing apparatus 6 terminate the program, respectively, and then restart the program (steps S59 and S69). When the program is restarted, the first information processing apparatus 5 performs a process of recovering a file that may have been altered or tampered with to a file that is guaranteed to be secure by the performance monitoring 56. Similarly, when the program is restarted, the second information processing apparatus 6 performs a process of recovering a file that may have been altered or tampered with to a file that is guaranteed to be secure by the performance monitoring 66. conduct. Hereinafter, the process of recovering the above file performed by the first information processing apparatus 5 at the time of restart will be described with reference to FIG. 7.

FIG. 7 is a flowchart illustrating a process performed by the first information processing apparatus at the time of restart.

The performance monitoring 56 of the first information processing apparatus 5 performs the processes of steps S21 to S23 of FIG. 7 on the file to be monitored when restarting various programs including the OS 58. Here, the processes of steps S21 to S23 may be performed at the timing of restarting the program. That is, the processes of steps S21 to S23 may be performed in the process of terminating the program (step S58 in FIG. 5) or in the process of restarting the program (step S59 in FIG. 5).

When the first information processing device 5 restarts the program, as shown in FIG. 7, the first information processing device 5 obtains the information of the currently valid file in the own device (first information processing device 5) and the information of the file at the time of installation. (Step S21). Here, the file at the time of installation is a file created at the time of installation without any problem. In step S21, the performance monitoring 56 of the first information processing apparatus 5 compares information having the same value if it is the same file, such as a file version, an update date and time, and a capacity.

Next, the performance monitoring 56 determines whether or not there is a discrepancy between the current file and the installation file based on the comparison result of the file information (step S22). If there is a discrepancy (step S22; YES), the performance monitoring 56 performs a recovery process that replaces the current file with the latest file that is guaranteed to be secure (step S23). In step S23, the performance monitoring 56 reads the latest file from the backup data stored in a storage device such as a flash memory included in the first information processing device 5 in a non-writable state, and reads the current file. Overwrite with the file. On the other hand, when there is no discrepancy (step S22; NO), the performance monitoring 56 omits step S23 and ends the process of recovering the file.

When the performance monitoring 56 has a plurality of files to be monitored, the performance monitoring 56 performs the processes of steps S21 to S23 for each of the plurality of files.

Further, although the repeated description is omitted, the performance monitoring 66 in the second information processing apparatus 6 also performs the processes of the above steps S21 to S23 when the program is restarted.

As described above, the external information receiving / distributing device 4 of the present embodiment periodically restarts the program, and at the timing of restarting, it is guaranteed that the file that may have been modified or tampered with is secure. Restore to the existing file. Therefore, for example, even if the file is altered or tampered with by an attack from an external communication device of the hospital network 2, it is possible to restore the file to a file that is guaranteed to be secure at an early stage. Therefore, in the external information receiving / distributing device 4 of the present embodiment, it is possible to prevent the state in which the security level is lowered from continuing for a long time due to the modification or alteration of the file.

The file information to be compared with the file information currently valid in step S21 is not limited to the file information at the time of installation, but is the latest file guaranteed to be secure (for example, the file created at the time of update). Etc.) information may be used.

Further, when the processes of steps S21 to S23 are performed in the process of restarting the program (step S59 in FIG. 5), for example, when the process of step S23 is performed, the program may be restarted after the process is completed.

Further, during the operation (operation) of the network system 1, the first information processing device 5 and the second information processing device 6 in the external information receiving / distributing device 4 according to the present embodiment have service information DBs 55b and 65b, respectively. Monitor the running service based on. Hereinafter, with reference to FIG. 8, the monitoring process for the service being executed by the first information processing apparatus 5 will be described.

FIG. 8 is a flowchart illustrating a monitoring process for a service performed by the first information processing apparatus.

As described above, the service permitted to be executed by the first information processing apparatus 5 is only the service registered in the service information DB 55b. However, during the operation of the network system 1, the first information processing device 5 may be accessed from a communication device that does not allow connection. Therefore, in the first information processing apparatus 5, the execution program of the service registered in the service information DB 55b may be modified or tampered with during operation, or an unintended service (for example, registered in the service information DB 55b). Services that have not been done) may be executed. Therefore, the first information processing apparatus 5 performs the monitoring process of steps S31 to S35 in FIG. 8 at a predetermined timing, and maintains an environment in which only the services permitted to be executed are securely executed. The timing for performing the monitoring process in steps S31 to S35 may be appropriately set. For example, the monitoring process of steps S31 to S35 may be performed when the execution of the service is started, or may be performed when a predetermined time has arrived.

When the monitoring process for the service being executed is started, the first information processing apparatus 5 first collates the information about the service being executed with the information registered in the service information DB 55b, as shown in FIG. (Step S31).

Next, the first information processing apparatus 5 determines whether or not a service not registered in the service information DB 55b is being executed (step S32). In the determination process of step S32, even if the service name and the execution file name are registered in the service information DB 55b but the validity is not "valid", it is determined that the service is not registered in the service information DB 55b.

When the service not registered in the service information DB 55b is being executed (step S32; YES), the first information processing apparatus 5 terminates the service not registered in the service information DB 55b (step S33). After that, the first information processing apparatus 5 determines whether or not a service having a difference from the information registered in the service information DB 55b is being executed (step S34). When all the services being executed are registered in the service information DB 55b (step S32; YES), the first information processing apparatus 5 omits the process of step S33 and makes a determination in step S34.

In step S34, for example, any one of the service name, the executable file name, and the installation date and time information matches, and one or two of the other two information do not match. In some cases, it is determined that there is a difference.

If there is a difference (step S34; YES), the first information processing apparatus 5 carries out a recovery process for recovering the executable file of the service to a state without the difference (step S35). In step S35, the first information processing apparatus 5 uses, for example, an executable program guaranteed to be secure from the backup data stored in the storage device in a non-writable state after terminating the corresponding service. Read and overwrite the current executable file with the read executable file. On the other hand, when there is no difference (step S34; NO), the first information processing apparatus 5 omits the process of step S35 and ends the monitoring process for the service being executed.

Further, although the repeated description is omitted, the second information processing apparatus 6 also performs the processes of the above steps S31 to S35 at predetermined timings.

In this way, the external information receiving / distributing device 4 of the present embodiment monitors the running service and restores the executable file that may have been modified or altered to the executable file that is guaranteed to be secure. .. Therefore, for example, even if the executable file is modified or tampered with by an attack from an external communication device of the hospital network 2, it is possible to recover the executable file that is guaranteed to be secure at an early stage. Become. Therefore, in the external information receiving / distributing device 4 of the present embodiment, it is possible to prevent the state in which the security level is lowered from continuing for a long time due to the modification or alteration of the executable file.

As described above, the external information receiving / distributing device 4 according to the present embodiment has a first information processing device 5 connected to the first network (hospital network 2) and a second network (communication network 10). The communication between the first information processing device 5 and the second information processing device 6 is performed by serial communication according to a dedicated protocol, including the second information processing device 6 connected to the first information processing device 5. Therefore, it is possible to block the intrusion from the second network side into the first network. In particular, in the external information receiving / distributing device 4 according to the present embodiment, when the first information processing device 5 receives the data collected by the IoT device 7 housed in the first network, the received data is serially communicated. The second information processing device 6 transfers the data transferred from the first information processing device 5 to an external device (for example, a server device 11) connected to the second network 6. ). Therefore, the external information receiving / distributing device 4 according to the present embodiment prevents the IoT device 7 from malfunctioning due to an attack on the IoT device 7 from the second network side, and effectively utilizes various data collected by the IoT device 7. Is possible.

Further, when the first information processing apparatus 5 receives the data collected by the IoT device 7, the first information processing apparatus 5 performs a data edging process for deleting a portion of the received data that can be deleted without any problem. Therefore, the external information receiving / distributing device 4 according to the present embodiment can reduce the amount of data when transmitting the data collected by the IoT device 7 to the external device (for example, the server device 11), and the traffic increases. It is possible to prevent delays due to such factors.

Further, the first information processing device 5 and the second information processing device 6 according to the present embodiment limit the devices that are allowed to be connected to their own devices based on the white list type device information DBs 55a and 65a, respectively. do. Therefore, intrusion into the first network (hospital network 2) by communication devices not registered in the device information DBs 55a and 65a, and modification or alteration of various data transmitted / received via the external information receiving / distributing device 4. Can be prevented.

Further, the first information processing device 5 and the second information processing device 6 according to the present embodiment limit the services permitted to be executed by the own device based on the white list type service information DBs 55b and 65b, respectively. do. Therefore, it is possible to prevent a decrease in the security level due to erroneous execution of a service not registered in the service information DBs 55b and 65b. Further, the first information processing device 5 and the second information processing device 6 monitor the running service, and if the problematic service is being executed, the execution program of the service is secure. Restores to the guaranteed executable program. Therefore, even if the service execution program is modified or tampered with by a communication device or the like that is not registered in the device information DBs 55a and 65a, the execution program can be restored at an early stage.

Moreover, the first information processing device 5 and the second information processing device 6 according to the present embodiment each restart the program periodically, and at the time of restarting, whether or not there is a problem with the currently valid file. Is determined. Then, if there is a problem with the file, it will be restored to a file that is guaranteed to be secure on the spot. Therefore, even if the file is modified or tampered with by a communication device or the like that is not registered in the device information DBs 55a and 65a, the file can be recovered at an early stage.

From the above, by using the external information receiving / distributing device 4 according to the present embodiment as a gateway device, it is possible to prevent unauthorized access to a private network such as the in-hospital network 2 and various network attacks. ..

The private network connected to the first information processing device 5 in the external information receiving / distributing device 4 of the present embodiment is not limited to the above-mentioned in-hospital network 2 but is another private network (for example, an in-house LAN of a company). It may be.

Further, the first information processing device 5 and the second information processing device 6 in the external information receiving / distributing device 4 according to the present embodiment can be realized by a computer and a program to be executed by the computer, respectively. Hereinafter, the second information processing apparatus 5 realized by the computer and the program will be described with reference to FIG.

FIG. 9 is a diagram showing a hardware configuration of a computer.

As shown in FIG. 9, the computer 15 includes a CPU (Central Processing Unit) 1501, a memory 1502, an auxiliary storage device 1503, an input interface 1504, a display control device 1505, a communication control device 1506, and a medium drive device 1507. And prepare. These elements 1501 to 1508 in the computer 15 are connected to each other by a bus 1510, and data can be exchanged between the elements.

The CPU 1501 is an example of a processor that controls the overall operation of the computer 15 by executing various programs including an operating system. For example, the CPU 1501 executes a program including the processing of each step of steps S51 to S58 of FIG. Further, the CPU 1501 executes, for example, a program including the processing of each step of steps S21 to S23 of FIG. 7 and a program including processing of each step of steps S31 to S35 of FIG.

The memory 1502 includes a ROM (Read Only Memory) and a RAM (Random Access Memory) (not shown). In the ROM of the memory 1502, for example, a predetermined basic control program or the like read by the CPU 1501 when the computer 15 is started is recorded in advance. Further, the RAM of the memory 1502 is used as a work storage area by the CPU 1501 as needed when executing various programs. The RAM of the memory 1502 can be used, for example, for storing various data received from the device information DB 55a, the service information DB 55b, and the IoT device 7.

The auxiliary storage device 1503 is, for example, a magnetic disk such as an HDD (Hard Disk Drive) and a non-volatile memory such as a flash memory. The auxiliary storage device 1503 can store various programs, various data, and the like executed by the CPU 1501. The auxiliary storage device 1503 is, for example, a program including the processing of each step of steps S51 to S58 in FIG. 5, a program including processing of each step of steps S21 to S23 of FIG. 7, and each of steps S31 to S35 of FIG. It can be used to store programs including step processing. Further, the auxiliary storage device 2003 stores, for example, device information DB 55a and service information DB 55b, various data received from the IoT device 7, and backup data including files and execution programs guaranteed to be secure. It is available.

The input interface 1504 is a hardware interface that receives input information from, for example, an input device of a keyboard device 16, a mouse device 17, and a touch panel device (not shown).

The display control device 1505 controls the display of the display device 18 such as a liquid crystal display device, for example. The display control device 1505 creates, for example, screen data including information indicating an operating state of the computer 15 and displays it on the display device 18.

The communication control device 1506 controls communication between the computer 15 and other communication devices. The communication control device 1506 includes a serial communication interface 1506a, a wired LAN interface 1506b, and a wireless LAN interface 1506c as hardware interfaces. The serial communication interface 1506a is used for communication with the second information processing apparatus 6 according to the dedicated protocol. The wired LAN interface 1506b is used, for example, for communication with a terminal device 3 housed in a private network such as a hospital network 2. The wireless LAN interface 1506c is used for communication with the IoT device 7 housed in a private network such as the hospital network 2, for example.

The medium drive device 1507 reads out the programs and data recorded in the portable recording medium 19, and writes the data stored in the auxiliary storage device 1503 to the portable recording medium 19. As the portable recording medium 19, for example, there is a memory card (flash memory) of the Secure Digital (SD) standard. The portable recording medium 19 is, for example, a program including processing of each step of steps S51 to S58 of FIG. 5, a program including processing of each step of steps S21 to S23 of FIG. 7, and a program of steps S31 to S35 of FIG. It can be used to store programs and the like including the processing of each step. Further, the portable recording medium 19 stores, for example, device information DB 55a and service information DB 55b, various data received from the IoT device 7, and backup data including files and execution programs guaranteed to be secure. It is available for. When the computer 15 is equipped with an optical disk drive that can be used as the medium drive device 1507, various optical disks that can be recognized by the optical disk drive can be used as the portable recording medium 19. Optical discs that can be used as the portable recording medium 19 include, for example, Compact Disc (CD), Digital Versatile Disc (DVD), Blu-ray Disc (Blu-ray is a registered trademark), and the like.

After the power is turned on, the computer 15 has a program in which the CPU 1501 includes processing of each step of steps S51 to S58 of FIG. 5, a program including processing of each step of steps S21 to S23 of FIG. A program or the like including the processing of each step of steps S31 to S35 in FIG. 8 is read and executed. While executing these programs, the CPU 1501 functions (operates) as a software component 51 in the first information processing apparatus 5 shown in FIG. Further, while executing the above program, the serial communication interface 1506a functions (operates) as a communication device 59 in the first information processing apparatus 5 shown in FIG. Further, while executing the above program, the memory 1502, the auxiliary storage device 2003, and the portable recording medium 19 each function as a storage unit for storing the device information DB 55a and the service information 55b, respectively.

Further, although detailed description is omitted, it goes without saying that the computer 15 can be used not only as the first information processing device 5 but also as the second information processing device 6.

The computer 15 operated as the first information processing device 5 and the second information processing device 6 does not need to include all of the elements 1501 to 1508 shown in FIG. 9, and some of them are used depending on the application and conditions. It is also possible to omit the element. For example, the computer 15 may omit the medium driving device 1507.

1 Network system 2 In-hospital network 3, 3A, 3B, 12 Terminal device 4 External information reception / distribution device 5 First information processing device 6 Second information processing device 7, 7A, 7B IoT device 10 Communication network 11 Server device 51, 61 Software components 52, 62 Business logic 52a, 62a Device control management 52b, 62b Communication management 52c Data edging 52d, 62d Common processing 53, 63 Device control 53a, 63a Control module 54, 64 Communication management 54a, 64a Transmission management 54b LAN
64b Global IP
64c WAN
55,65 White list management 55a, 65a Device information DB
55b, 65b Service information DB
56,66 Performance monitoring 58,68 OS
59,69 Communication device 15 Computer 1501 CPU
1502 Memory 1503 Auxiliary storage device 1504 Input interface 1505 Display control device 1506 Communication control device 1506a Serial communication interface 1506b Wired LAN interface 1506c Wireless LAN interface 1507 Media drive device 1510 Bus 16 Keyboard device 17 Mouse device 18 Display device 19 Portable recording medium

Claims (8)

A first information processing device connected to a first network accommodating a plurality of communication devices including an IoT device, and a second information processing device connected to a second network having an address system different from that of the first network. Performs serial communication according to a dedicated protocol different from the communication protocol between the first information processing device and the first network and the communication protocol between the second information processing device and the second network. It is an external information receiving and delivering device,
When the first information processing apparatus receives the data collected by the IoT device housed in the first network, the first information processing apparatus transfers the received data to the second information processing apparatus by the serial communication.
The second information processing device transfers the data transferred from the first information processing device to an external device connected to the second network .
The first information processing device connects the first information processing device and the communication device based on a device information database including information indicating the communication device that is permitted to connect to the first information processing device. And white list management that manages the services executed by the first information processing device based on the service information database including the information indicating the services permitted to be executed by the first information processing device. If there is a discrepancy between the information in a file that may have been modified or tampered with and the information in the corresponding file that is guaranteed to be secure, the file that may have been modified or tampered with. Is replaced with the file guaranteed to be secure to recover, and there is a difference between the information of the running service and the information of the running service registered in the service information database. The first information processing device is restarted according to a predetermined schedule, including performance monitoring in which the execution program of the running service is replaced with an execution program guaranteed to be secure and restored. Whether or not there is a discrepancy between the information of the file that may have been modified or tampered with and the information of the file that is guaranteed to be secure corresponding to the file when the restart is performed. An external information receiving / delivering device characterized by determining whether or not. A first information processing device connected to a first network accommodating a plurality of communication devices including an IoT device, and a second information processing device connected to a second network having an address system different from that of the first network. Performs serial communication according to a dedicated protocol different from the communication protocol between the first information processing device and the first network and the communication protocol between the second information processing device and the second network. It is an external information receiving and delivering device,
When the first information processing apparatus receives the data collected by the IoT device housed in the first network, the first information processing apparatus transfers the received data to the second information processing apparatus by the serial communication.
The second information processing device transfers the data transferred from the first information processing device to an external device connected to the second network.
The second information processing device connects the second information processing device and the external device based on a device information database including information indicating the communication device that is permitted to connect to the second information processing device. And white list management that manages the services executed by the second information processing device based on the service information database including the information indicating the services permitted to be executed by the second information processing device. If there is a discrepancy between the information in a file that may have been modified or tampered with and the information in the corresponding file that is guaranteed to be secure, the file that may have been modified or tampered with. Is replaced with the file guaranteed to be secure to recover, and there is a difference between the information of the running service and the information of the running service registered in the service information database. The second information processing device is restarted according to a predetermined schedule, including performance monitoring in which the execution program of the running service is replaced with an execution program guaranteed to be secure and restored. Whether or not there is a discrepancy between the information of the file that may have been modified or tampered with and the information of the file that is guaranteed to be secure corresponding to the file when the restart is performed. An external information receiving / delivering device characterized by determining whether or not. The first information processing apparatus further includes data edging that deletes a portion of the received data that can be deleted without any problem when the data of the IoT device is received.
The external information receiving / distributing device according to claim 1 or 2 , wherein the first information processing device transfers the data partially deleted by the data edging to the second information processing device. .. The second information processing device receives information transmitted from the external device connected to the second network to the communication device accommodated in the first network by the serial communication. Transfer to the information processing device of
Claim 1 or 2 characterized in that the first information processing apparatus transfers the information transferred from the second information processing apparatus to a predetermined communication apparatus accommodated in the first network. External information receiving and delivering device described in. A first information processing device connected to a first network accommodating a plurality of communication devices including an IoT device, and a second information processing device connected to a second network having an address system different from that of the first network. A data transmission method for transmitting data from the IoT device housed in the first network to a server device connected to the second network via the above.
After the first information processing device permits the connection of the IoT device to the first information processing device, the IoT device transmits the data to the first information processing device.
The first information processing device has a dedicated protocol different from the communication protocol between the first information processing device and the first network and the communication protocol between the second information processing device and the second network. According to the serial communication, the data received from the IoT device is transferred to the second information processing apparatus.
The second information processing apparatus transfers the data received from the first information processing apparatus to the server apparatus .
The first information processing device connects the first information processing device and the communication device based on a device information database including information indicating the communication device that is permitted to connect to the first information processing device. And white list management that manages the services executed by the first information processing device based on the service information database including the information indicating the services permitted to be executed by the first information processing device. If there is a discrepancy between the information in a file that may have been modified or tampered with and the information in the corresponding file that is guaranteed to be secure, the file that may have been modified or tampered with. Is replaced with the file guaranteed to be secure to recover, and there is a difference between the information of the running service and the information of the running service registered in the service information database. The first information processing device is restarted according to a predetermined schedule, including performance monitoring in which the execution program of the running service is replaced with an execution program guaranteed to be secure and restored. Whether or not there is a discrepancy between the information of the file that may have been modified or tampered with and the information of the file that is guaranteed to be secure corresponding to the file when the restart is performed. A data transmission method characterized by determining whether or not a file is transmitted. A first information processing device connected to a first network accommodating a plurality of communication devices including an IoT device, and a second information processing device connected to a second network having an address system different from that of the first network. A data transmission method for transmitting data from the IoT device housed in the first network to a server device connected to the second network via the above.
After the first information processing device permits the connection of the IoT device to the first information processing device, the IoT device transmits the data to the first information processing device.
The first information processing device has a dedicated protocol different from the communication protocol between the first information processing device and the first network and the communication protocol between the second information processing device and the second network. According to the serial communication, the data received from the IoT device is transferred to the second information processing apparatus.
The second information processing apparatus transfers the data received from the first information processing apparatus to the server apparatus.
The second information processing device connects the second information processing device and the server device based on a device information database including information indicating the communication device that is permitted to connect to the second information processing device. And white list management that manages the services executed by the second information processing device based on the service information database including the information indicating the services permitted to be executed by the second information processing device. If there is a discrepancy between the information in a file that may have been modified or tampered with and the information in the corresponding file that is guaranteed to be secure, the file that may have been modified or tampered with. Is replaced with the file guaranteed to be secure to recover, and there is a difference between the information of the running service and the information of the running service registered in the service information database. The second information processing device is restarted according to a predetermined schedule, including performance monitoring in which the execution program of the running service is replaced with an execution program guaranteed to be secure and restored. Whether or not there is a discrepancy between the information of the file that may have been modified or tampered with and the information of the file that is guaranteed to be secure corresponding to the file when the restart is performed. A data transmission method characterized by determining whether or not a file is transmitted. To the computer included in the external information receiving / distributing device that connects the first network and the second network,
After permitting the connection of the IoT device accommodated in the first network, the data transmitted by the IoT device is included in the communication protocol between the computer and the first network and the external information receiving / distributing device. Processing to be transmitted to the other information processing device by serial communication according to a dedicated protocol different from the communication protocol between the information processing device of the above and the second network , and
Information indicating services that are allowed to be executed by the computer while managing the connection between the computer and the IoT device based on a device information database containing information indicating the IoT device that is permitted to connect to the computer. Whitelist management to manage services performed on the computer based on the included service information database, information on files that may have been altered or tampered with, and files that are guaranteed to be secure corresponding to the files. If there is a discrepancy with the information in, the file that may have been modified or tampered with is replaced with the file that is guaranteed to be secure, and the file is restored. Performance monitoring that recovers by replacing the execution program of the running service with an execution program that is guaranteed to be secure when there is a difference from the information of the running service registered in the service information database. The computer restarts according to a predetermined schedule, and the information of the file that may have been altered or tampered with at the time of the restart and the security corresponding to the file. A program characterized by executing a process of determining whether or not there is a discrepancy with the information of a file for which is guaranteed. To the computer included in the external information receiving / distributing device that connects the first network and the second network,
After permitting the connection of the IoT device accommodated in the first network, the data transmitted by the IoT device is included in the communication protocol between the computer and the first network and the external information receiving / distributing device. The process of transmitting to the other information processing device is executed by serial communication according to a dedicated protocol different from the communication protocol between the information processing device of the above and the second network, and
To the other information processing device
The connection between the other information processing device and the external device is managed based on the device information database including information indicating the communication device that is permitted to connect to the other information processing device, and the other information processing device executes the operation. Whitelist management that manages services performed in the other information processing device based on a service information database that includes information indicating services that are permitted to be performed, information on files that may have been modified or tampered with, and the above. If there is a discrepancy between the file and the corresponding information in the guaranteed secure file, replace the potentially altered or tampered file with the guaranteed secure file. If there is a difference between the information of the running service and the information of the running service registered in the service information database, the execution program of the running service can be secure. The other information processing device is restarted according to a predetermined schedule, and is modified or tampered with at the time of the restart, including the performance monitoring of replacing with the guaranteed execution program and recovering. A program characterized by executing a process of determining whether or not there is a discrepancy between the information of a potentially file and the information of a file corresponding to the file and which is guaranteed to be secure.

Images