KR100969906B1 - Network system - Google Patents

Abstract

The present invention relates to a network system, and provides a network system for stably realizing secure communication in a LAN. This system includes a WAN such as the Internet, a LAN connected to the WAN through a local server, and a plurality of equipment connected to the LAN and the WAN, wherein the local server is assigned to an object of all the equipments in the LAN. Is obtained and notified to the center server connected to the WAN. In the center server, correspondence relations of the identifiers for the approval of access of the equipments are stored for all the equipments, and only the correspondence relations of the identifiers for the approval of the access of the equipments in the LAN are corresponding to the notification. Is extracted and set on the local server.

Description

Network System {NETWORK SYSTEM}

The present invention relates to a network system for realizing secure communication between equipment.

Background Art Conventionally, in order to realize secure communication by a network system, when an access request is made between communication devices, it has been proposed to perform authentication processing on whether to permit access to the authentication server.

For example, according to the information processing system described in JP-A-10-49443, if there is a communication request between the client object and the target object, the client object sends the ID and password to a service capability server. present. When the serviceable server retrieves the serviceable list and permits the requested communication, the serviceable server issues a serviceable ticket to the client object, and communication between the client object and the target object is realized.

In addition, as shown in FIG. 18, the network system described in Japanese Laid-Open Patent Publication No. 2004-21666 includes a device 120 that provides various services, a recording medium 130 for data recording, a user terminal 110, and the like. A home server 100 connected between an internal network 140 to be connected, an external network 150 such as the Internet, and an internal network 140, and a terminal 160 for a home server provider connected to an external network 150. It is mainly composed of).

The home server 100 manages the user terminal 110, the device 120, and the recording medium 130 connected in the internal network 140. That is, the home server 100 selects and selects control signals transmitted and received between them. The home server also has the function of a firewall that denies unauthorized access required from the external network 150. That is, the control signal from the external network 150 to the internal network 140 is selected according to a predetermined condition. In this way, the home server 100 categorizes and selects a control signal between a plurality of devices connected to the internal network 140 and a control signal from the external network 150 to the plurality of devices based on predetermined conditions. The control signal cooking selection function is provided.

On the other hand, the home server vendor terminal 160 is a terminal for performing network setting such as a predetermined condition used by the home server provider for the selection of the control signal of the home server 100 via the external network 150. The user terminal 110 or the home server 100 is provided with setting request input means for requesting the terminal 160 to set the predetermined condition. Through this setting request input means, the user inputs how to set a predetermined condition, and when the input setting request is transmitted to the terminal 160 via the home server 100, the terminal 160 responds to this setting request. The corresponding information is returned to the home server 100, and a predetermined condition is set in the home server 100 based on this information. As a result, a network system having both a high security level and a good usability is realized.

However, in the former prior art, as the number of client objects and target objects managed under the serviceable server increases, the amount of storage of information required for access authentication processing, such as IDs and passwords of client objects and target objects, increases. On the other hand, when a plurality of access requests are concentrated, there is a possibility that the burden of information processing on the service enabled server is increased and the responsiveness to the access request is lowered. In addition, when the serviceable server is down, authentication processing between the client object and the target object cannot be performed.

Further, in the latter prior art, whenever a control condition between a plurality of devices connected to the internal network 140 and a predetermined condition for catering to a control signal from the external network 150 to the plurality of devices are changed. Since the user must update by using the setting request input means installed in the user terminal 110 or the home server 100, there is a troublesome work.

Accordingly, the present invention has been made in view of the above-described problems, and an object thereof is to provide an environment in which secure communication can be performed within a local area network (LAN) even if a wide area network (WAN) such as the Internet is down. A network system that can be secured and can automatically update information required for authentication processing of whether or not to permit access of equipments within a LAN when there is a change in the configuration of equipments in the LAN. Is to provide.

That is, the network system of the present invention includes a plurality of equipments each having an object to which an identifier is assigned, a LAN to which a local server is connected, and a WAN to which a LAN is connected, wherein a WAN is provided with a center server and an identifier. A network system in which at least one equipment having an object is connected, wherein one of the equipments can make an execution request of an object by using the identifier with respect to the other of the equipments.

The center server includes a center storage unit in which correspondences of identifiers relating to the approval of access between the equipments are set for the equipments connected to the LAN and the equipments connected to the WAN. If received from the local server, based on the identifier information, only the correspondence of the identifier relating to the approval of the access between the equipments in the LAN is extracted from the correspondence between the identifiers stored in the center storage unit, and transmitted to the local server.

The local server stores a local storage unit that stores the correspondence relationship between the identifiers received from the center server, and when one of the equipments makes a request for executing the object to the other of the equipments, the execution request of the objects is in the LAN. And an inquiry unit for judging whether or not the facilities of the respective devices are to be accessed and whether or not to permit the access according to the setting contents of the local storage unit.

The inquiring unit outputs an access permission signal from a local server when determining that the execution request of the object is access between equipments in the LAN, and permits the access, and the object requested from one of the equipments is in the equipment. It is characterized by being executed by the other.

In the network system, at least one equipment connected to the WAN may be equipment directly connected to the WAN (see FIG. 1) or indirectly connected to the WAN through a local server (gateway) installed in another LAN. The equipment may be used (see FIG. 6).

In the above-mentioned network system, when the inquiry section determines that the execution request of the object is not an access between facility devices in the LAN, the identifier used for the execution request of the object is transmitted from the local server to the center server, and the center server Has a center inquiry section for judging whether to permit the access by checking the contents of the center storage section, and in the case of allowing the access, an access permission signal is output from the center server through a local server, and one of the equipments is provided. It is preferable that the object requested from is executed by the other of the equipment. The inquiry unit may immediately issue an access denied signal when it is determined that the object execution request is not an access between the equipments in the LAN. However, as described above, the inquiry unit may be configured between the equipment outside the LAN and the equipment in the LAN. By judging at the center server whether or not to grant access, secure communication can be managed regardless of inside and outside of the LAN, thereby realizing a network system with higher customer satisfaction.

In addition, the local server acquires the identifiers of all the equipments in the LAN in advance, and notifies the center server of the acquired identifiers, and authorizes the access of the equipments in the LANs extracted from the center server based on this notification. It is desirable to have an initial setting function for setting the correspondence of the identifiers related to the local storage. In this case, it is not necessary to set the address of the authentication server on the WAN side on the equipment side in the initial setting, and the burden on the LAN user due to the troublesome initial setting work can be reduced.

In the above-described network system, the identifiers used for the authentication processing of accesses between equipments include unique identifiers (object identifiers) for providing information about equipments on which objects are to be executed, and contents of objects executed in equipments ( For example, it is preferable to include at least one of an interface identifier defined based on a variable indicating a current state of the equipment, a function for controlling the equipment, and event information indicating the occurrence of a change in equipment equipment. In addition, the local storage unit is a corresponding relationship between the identifiers for the approval of the access of the equipments in the LAN, and the unique identifier of the equipment to request the execution of the object, the unique identifier and the interface identifier of the equipment to which the object is requested to execute. It is more preferable to include a table in which the corresponding relation of the combination of? Is set.

In addition, when the inquiry unit determines that the execution request of the object is access between the facility devices in the LAN, and permits the access, the local server transmits an access permission signal to at least the facility device requesting the execution of the object. It is preferable. On the other hand, when the inquiry unit determines that the execution request of the object is access between equipments in the LAN, the access is not permitted, the local server transmits an access denied signal to at least the equipment requesting the execution of the object. It is desirable to.

In addition, when the center inquiry unit determines that the access is not permitted, it is preferable that the center server transmits an access denied signal to at least the facility equipment requesting execution of the object via the local server.

The novel features of the present invention and the effects they bring will be more clearly understood on the basis of the embodiments of the invention described below.

1 is a schematic diagram of a network system according to a first embodiment of the present invention.

2 is a configuration diagram of a gateway of the network system.

FIG. 3A is a configuration diagram of equipment of the network system, and FIG. 3B is a configuration diagram of M0S mounted on the equipment.

4 is a flowchart illustrating a method of initially setting access permission information in a gateway.

Fig. 5 is a diagram showing an example of extracting access permission information from the center server to the gateway.

Fig. 6 is a diagram showing another example of extraction of access permission information from the center server to the gateway.

7 is a flowchart illustrating the operation of the network system of the present invention.

8 is a diagram illustrating a method for distributing an authentication key in the network system.

9 is a diagram illustrating a modification of the distribution method of FIG. 8.

10 is a diagram illustrating a separate distribution method of an authentication key in the network system.

11 is a diagram illustrating a modification of the distribution method of FIG. 10.

12 is a diagram illustrating a separate distribution method of an authentication key in the network system.

13 is a diagram showing another method for distributing an authentication key in the network system.

14 is a view showing another distribution method of the authentication key in the network system.

15 is a schematic diagram of a network system according to a second embodiment of the present invention.

Fig. 16 is a diagram illustrating an operation example of the network system.

17 is a schematic diagram of a network system according to a modification of the second embodiment.

18 is a schematic diagram of a conventional network system.

Hereinafter, the network system of the present invention will be described in detail based on the preferred embodiments.

(First embodiment)

As shown in Fig. 1, the network system of the present embodiment is connected to the WAN 4 through a wide area network (WAN) 4 such as the Internet to which the center server 5 is connected, and a gateway 3 functioning as a server. A local area network (LAN) 1 to be connected, and a plurality of equipments 2 connected to the LAN 1 and the WAN 4, and from any one of the equipments to another of the equipments. An object execution request can be made.

The LAN 1 is constructed based on a communication standard such as Ethernet (registered trademark). As shown in FIG. 2, the gateway 3 connected to the LAN 1 includes a hub unit 30 that aggregates the LAN 1, a communication unit 31, a modem unit 32, and an object access server. A server function unit (OAS: Object Access Server) 33 called " O " is provided, and the server function unit 33 is provided only for the facility apparatus 2 connected to the LAN 1, As a local storage unit (not shown) in which information about the access authorization is stored, and as a local inquiry unit for inquiring whether or not to permit access between the facility devices 2 using permission information stored in the local storage unit. A local authentication server 34 (hereinafter referred to as a local AS 34) having a function is provided.

The center server 5 is installed on the Internet, which is the WAN 4, and the server function unit (OAS) 50 to be mounted has substantially the same function as the server function unit 33 of the gateway 3. Have In this server function unit 50, a center storage unit (not shown) that stores information on approval of accesses between the facility devices 2 with respect to all facility devices connected to the LAN 1 and the WAN 4. And the information stored in the center storage unit as a center inquiry unit for inquiring whether to allow access between facility equipment 2 outside the LAN 1 or between facility equipment outside the LAN and facility equipment within the LAN. A center authentication server 52 (hereinafter referred to as a center AS 52) having a function is provided.

The equipment 2 used in this network system is installed in a building or a house having a communication function. For example, environmental equipment (lighting, air conditioning), security / disaster prevention equipment, and temperature sensors used in these equipments. , Brightness sensor, human body sensor, fire detection sensor and so on.

As shown in FIG. 3A, the basic configuration of the equipment 2 includes a functional unit 20 for providing the equipment unique service, and an interface unit 21 and a bus connected to the functional unit 20. A function for instructing operation (operation control) is given through (22), a variable indicating the current state of the functional unit 20 is acquired, and further, event information indicating that a change in the state of the functional unit 20 has occurred. And a communication unit 24 for network communication (communication according to the Ethernet (registered trademark) standard), and the storage unit 25 in the information processing unit 23 includes an object of the present system. The module part M0S (Micro 0bject Server) is built in to realize the function.

Here, the server function unit (OAS) 33 included in the gateway 3 includes software and equipment for realizing a function as an object router for concealing a method of connecting the network of the equipment 2 of the system. By accessing the object of (2), various application software executed by the user to enjoy the service provided by the functional unit 20 of the facility equipment 2, and further, heterogeneous protocols are converted into a seamless system. Additional service functions such as a protocol bridge service for connecting to a network connection, and a firewall bridge service for converting a protocol used for communication between the center server 5 into a simple object access protocol (SOAP) to pass through the firewall It consists of software to implement.

In addition, the local AS 34 installed in the server function unit 33 of the gateway 3 of the present embodiment has an identifier (also a secret key or a key) for each object of the module unit MOS of the equipment 2. A server function unit (a local storage unit that holds an identifier (or user name and permission information) having permission for the object, and a local inquiry unit as an operation means for performing authentication or authentication keys and access control described later). 33) is shared with the storage means and arithmetic means. The server function unit 33 and the local AS 34 may be configured separately in hardware or software.

In the network system of the present invention, in addition to the equipment 2 described above, client terminals 6 such as PCs and portable terminals (terminals having communication functions such as mobile phones and PDAs) include LAN 1 and WAN 4. ) Can be accessed. The client terminal 6 is composed of a computer device equipped with client software (OAL: Object Access Library) or a client application (software) for enjoying the services provided by the network system. 4) The execution request for the object of the module unit M0S of the equipment 2 can be executed from above, and the service provided by the equipment 2 is controlled by executing the client application program, that is, the equipment 2. The request and monitoring information (variables, event information) from the facility equipment 2 side can be enjoyed in a desired form.

The network system of this embodiment has a 0SI7 hierarchical model, and the module unit MOS of the information processing unit 23 of the equipment unit 2 transmits variable and event information to the client terminal 6 or other equipment 2. The application layer is constructed from an original protocol (OAP) for passing or receiving functions, and the OAP is used to exchange information between the server function unit (OAS) and the module unit MOS of the equipment 2. It is supposed to. Here, as shown in FIG. 3B, the module unit MOS includes an application program unit 26 for the equipment 2, a software communication module 27 corresponding to the 0SI7 layer model, and a functional unit. It consists of a hardware communication module 28 for the transmission and reception of information between the (20). The software communication module 27 is responsible for the protocols in the network layer to the presentation layer of the 0SI7 layer, and integrates the above-described definition of OAP, TCP and UDP.

By the way, each facility apparatus 2 mentioned above has one or more facility side objects which the function part 20 uses when carrying out the process for service provision under the module part M0S built in the information processing part 23, Each of the equipment-side objects includes a unique identifier (object identifier: OID) that provides information about equipment to be executed by the object and the contents of the object (for example, equipment 2) that is executed in the equipment. Interface identifiers (IIDs) defined by variables representing the current state, functions for controlling the equipment 2, event information indicating the occurrence of changes in the equipment 2 state, functions executed by the equipment 2, and the like. ) To have one or more. Therefore, the unique identifier (OID) is an object unique, and the interface identifier (IID) can be assigned to an interface having the same definition. The execution of the equipment-side object is executed by the information processing unit 23 on the server in the gateway 3 by the execution request using the unique identifier (OID), the interface identifier (IID), or a combination of both. It is performed when received from the functional part 33. Specifically, in the case of an execution request corresponding to a specific interface under a specific equipment-side object, a combination of OID and IID is used, and when the interface having the same definition content is under the equipment-side object of the plurality of equipment 2, The execution request may be made only with the IID of the interface.

In the network system of the present invention, a description will be given of a method of initially setting access permission information in the local AS 34 of the gateway 3 before explaining the operation in the case of performing secure communication.

At the time of system startup, as shown in FIG. 4, the server function unit 33 of the gateway 3 performs a process of detecting the equipment 2 connected to the LAN 1 by broadcast or multicast. Information necessary for network communication, such as an IP address of the equipment 2 on the LAN 1, is acquired. Then, after the connection process, the local AS 34 of the server functional unit 33 requests each facility device to report the OID of the facility object or the IID of the interface below it or the combination information of the OID and IID ( Step S1).

In response to this request, the local AS 34 acquires identifier information sequentially sent from the equipment 2 (step S2), and transmits the identifier information to network communication (TCP / IP) of the equipment in the LAN 1. Corresponding to the IP address as the identifier on the base), the memory is stored as a table for connection facility information in the local storage unit. The IP address of the gateway 3 is obtained from the equipment 2 by broadcast or multicast, and communication between the local AS 34 of the server functional unit 33 of the gateway 3 is enabled. You may also do it. In addition, when the local AS 34 is installed separately from the server function unit 33 of the gateway on the LAN 1 (or without installing the server function unit 33, the local AS 34 alone. Also provided), the communication between the local ASs 34 is also possible by acquiring the IP address of the local ASs 34 directly by broadcasting or multicasting from each equipment 2. In this embodiment, it is not necessary to set the IP address of the center server 5 (center AS 52) on the WAN 4 in advance on the facility equipment 2 side.

Thereafter, the server function unit 33 of the gateway 3 serves as a function of the local AS 34 to the server function unit 50 of the center server 5 on the Internet 4 under its control. The process of sending the identifier information acquired from 2) is performed (step S3). This process is performed periodically or whenever there is a change in the environmental setting (for example, addition or disposal of equipment) of the equipment 2 in the LAN 1.

The center AS 52 of the center server 5 relates to the communication between the facility devices 2 in the LAN 1 under the control of the gateway 3 from a database of access permission information stored in the center storage unit. Only the identifier information is extracted, and the identifier information is sent to the local AS 34 of the gateway 3 as access permission information relating to intra-LAN communication (step S4). The access permission information acquired from the center AS 52 of the center server 5, that is, the identifier information, is set in the local storage of the gateway 3 (step S5). In other words, the setting of the access permission information in the gateway 3 can be automatically performed by acquiring permission information from the center AS 52 even if the LAN user does not perform it manually.

The center server 5 supplies the identifier information of the OID of the object and the IID of the interface to the equipment 2 connected to the Internet, which is the WAN 4, similarly to the case of the gateway 3. The function can be acquired by the functions of the 50 and the center AS 52.

In addition, the setting of the permission information in the local AS 34, that is, the access permission information for the execution request of the object between the facility devices 2 in the LAN 1 may be the object identifier (OID) and / or It is provided by a table of identifier information of the interface identifier (IID). That is, the object identifier (OID) and / or interface identifier (IID) of the equipment 2 on the side requesting access, and the object identifier (OID) and / or interface identifier (IID) of the equipment 2 on the side requesting access ( Authorization information obtained by mapping the IIDs to a table is acquired from the center AS 52, and set in the local AS 34 as described above.

The communication permission information between the facility equipment 2 in the LAN 1 and the facility equipment 2 outside the LAN 1 is set in advance in the center AS 52. That is, in the center AS 52, in addition to the access permission information between the facility equipment 2 connected to the LAN 1, the facility equipment 2 connected to the LAN 1 and the facility equipment connected to the WAN 4 ( 2) The object permission (OID) and / or the interface identifier (IID) of the equipment on the side of the request for access, and the object identifier (OID) and / or interface of the equipment on the side of the request for access are provided. It is set in advance by a corresponding part with the identifier IID.

As an example, Table 1 and Table 2 show permission information tables stored in the center storage unit of the center server 5. In the center AS table shown in Table 1, the object identifiers (OID) of the equipments that require access to all the equipments 2 connected to the network system, both inside and outside the LAN, and the equipments to which access is permitted. Access permission indicated by identifier information (combination of object identifier (OID) and interface identifier (IID) in this example) and by "r (read permission)", "w (write permission)", and "x (execution permission)" Correspondence relationship with types is listed. In the table, "***" indicates that the arbitrary interface identifiers can be accessed instead of the interface identifiers. In addition, when "***" is added to the object identifier, access to the equipment having the common interface is permitted regardless of the object identifier. In other words, when only an object identifier is specified, objects within a system allow access to all interfaces to each other, and when only an interface identifier is specified, no object is specified for an interface specific to a system or an application program. This allows only application-specific functions to be accessed regardless of the object.

TABLE 1

In addition, the center AS table shown in Table 2 includes a combination of an object identifier (OID) and an interface identifier (IID) of the equipment to be requested for access, and an object identifier (OID) and an interface identifier (IID) of the equipment to which access is permitted. And a correspondence relationship with the type of access permission ("r / w / x") are listed.

By setting such combinations of identifiers, it is possible to make special settings for an object such that access is granted only under certain conditions.

TABLE 2

In addition, since only the OID of the equipment to request access is displayed in the center AS table of Table 1, when extracting the permission information set in the gateway (local server), the equipment 3 below the gateway 3 is extracted. Only the OID of is notified to the center server 5. On the other hand, since the combination of the OID and IID of the equipment to request access is displayed in the center AS table of Table 2, when extracting the permission information set to the gateway, the equipment 3 of the lower equipment from the gateway 3 is extracted. The center server 5 is notified of the combination of the OID and the IID. In short, in the case of extracting permission information set in the gateway from the center server, the lower-level equipment device (from the gateway 3) is based on the contents (access permission information) of the center AS table held by the center server 5. At least one of the object identifier and the interface identifier of 2) is transmitted. As shown in the lowermost part of Table 2, when only the interface identifier of the equipment requesting access is specified, it is possible to consider a use such as allowing access to other equipment only when an event corresponding to the interface occurs. .

Next, a method of extracting permission information of the identifier set in the local AS table of the gateway 3 among the permission information of the identifier registered in the center AS table will be described in more detail with reference to FIGS. 5 and 6. .

In the network system of FIG. 5, the equipment A is divided into three objects defined by corresponding to each of a plurality of functions of the object identifiers OID1 (OID1, IID1), (OID1, IID2), (OID1, IID3) and the equipment A. Having three sets of identifier information consisting of a combination of the interface identifiers IID1 to IID3, the equipment B has a plurality of functions possessed by the object identifiers OID2 and the equipment B which are (OID2, IID1), (OID2, IID2). It has two sets of identifier information consisting of a combination with two interface identifiers IID1 and IID2 defined in correspondence with each of. The gateway 3 receives identifier information from these two equipments 2 in the LAN 1 and transmits it to the center server 5. On the other hand, in the center server 5, a table in which permission information of facility equipment accessible to all the equipments of the LAN 1 and the WAN 4 is indicated by the correspondence relationship between the identifiers is stored. Also for the equipment C and the equipment D connected to the WAN 4, identifier information of accessible equipment is listed.

The information received from the equipment 2 in the LAN 1 may be at least one of an object identifier and an interface identifier, and preferably receives both an object identifier and an interface identifier. Further, after the gateway 3 receives both the object identifier and the interface identifier from the subordinate facility equipment 2, only the necessary identifier information is based on the contents of the access permission information table stored in the center server. You may send it to.

In the center AS table shown in FIG. 5, the combination of identifiers (OID2, ***) of the equipment B in the LAN is allowed to access the access request from the equipment A (0ID1). Here, since "***" shows that the interface identifier is arbitrary, it means that each of (OID2, IID1) and (OID2, IID2) of the equipment B is specifically allowed to access. On the other hand, with respect to the access request from the equipment B (OID2), the equipment A in the LAN is permitted to access the combination of the identifiers (OID1, IID2) and (OID1, IID3), but the combination of the identifiers (OID1, IIDl). ) Is not allowed.

When the center server 5 receives the notification of the identifier information of the equipments A and B in the LAN transmitted from the gateway 3, only the access permission information for the equipments A and B is extracted from the center AS table. Is transmitted to the gateway 3, and is set in the local AS table as shown in the lower right table of FIG. In the table, the types of access permission are displayed corresponding to the identifier information by "r (read permission)", "w (write permission)", and "x (execution permission)".

FIG. 6 shows a center server via a WAN 4 in which a first LAN (LAN-1) to which equipments A and B are connected and a second LAN (LAN-2) to which equipments C and D are connected are the Internet. An example of extracting access permission information from another network system connected to (5) is shown. In the local AS table of the first LAN, only the access permission information between the equipments A and B is extracted and set from the center AS table by a method similar to that of FIG. 5, and the local AS table of the second LAN is shown in FIG. 5. By the same method as that, only the access permission information between the equipment C and the D is extracted from the center AS table and set.

In the above-described network system, the gateway 3 does not mount the server function unit 33, but converts the protocol between the WAN 4 and the LAN 1, which are just the Internet, and the equipment 2 on the LAN. You just need to have the root function to access the Internet. In this case, the local AS 34 performs a process of detecting the equipment 2 by broadcast or multicast, and acquires information necessary for network communication such as an IP address of the equipment 2 on the LAN. A center for requesting the identifier of the object mounted on each of the equipment 2 in the LAN after the connection process to obtain the identifier (OID and IID to be described later) of each object, and also to describe the identifier of the acquired object later. The AS 52 may be notified and the permission information sent from the center AS 52 may be acquired and initially set in response to this notification.

In the network system constructed as described above, an authentication operation in the case of making an access request for execution of an object from one of the equipment (equipment equipment A) to another equipment (equipment equipment B) is performed based on FIG. It demonstrates in detail.

First, if there is an access request from the equipment A in the network to the equipment B (step S6), this access request is received by the server functional unit 33 of the gateway 3 once, and is localized in the server functional unit 33. In the AS 34, the equipment B in the LAN is determined by whether the execution request, that is, the OID of the object of the equipment B on the receiving side exists in the table set in the local storage of the gateway 3, or not. It is determined whether or not it is recognized (step S7). In addition, when the equipment B is a equipment in the LAN, the identifier information (for example, OID) of the equipment A on the transmitting side that has made the execution request, and the identifier information of the equipment B on the receiving side, i.e. (E.g., a combination of OID and IID) is queried whether or not a relationship exists in a table set as access permission information in the local storage unit (step S8). This inquiry operation is performed by executing a predetermined program, for example, a local inquiry unit provided in the server function unit 33 of the gateway 3.

When the access is permitted, the permission notification and the distribution of the authentication key are performed to the equipment A and B (step S9). Thereby, secure communication is performed between the equipment A-B which received the authentication key with permission notification, and the receipt of the information by object execution becomes possible (step S10). In this case, by executing the routing function using the connection facility information table of the server function unit 33 of the gateway 3, the equipments can communicate with each other without being particularly aware of the IP address. Then, when the access permission information does not exist in the table set in the local storage unit and access between the equipment devices AB is not allowed, the local AS 34 requests the execution of the object at least to request the execution of the object. Since it transmits to the device A (step S11), access can be preferably denied to achieve the purpose of secure communication.

Further, when it is determined that the equipment B is not a equipment in the LAN, that is, when the information on the equipment B is not listed in the table set in the local storage unit, the authentication request for executing the object is requested. Is transmitted to the center AS 52 via the server function unit 50 of the center server 5 (step S12).

In the center AS 52, the identifier information of the object of the equipment A which made the execution request, the identifier information of the object of the equipment B which is the execution request place, the information regarding the type of access permission, etc. are stored in the center storage unit. The information is inquired and it is determined whether or not to permit the access request (step S13). This inquiry operation is performed by, for example, executing a predetermined program by a center inquiry unit provided in the server function unit 50 of the center server 5.

As the information stored in the center storage unit, only the identifier information of the equipments to which access is permitted may be registered, or the presence or absence of an access permission may be displayed on the identifier information of all the equipments. That is, as shown in FIG. 5 or FIG. 6, at least one of the object identifier (OID) or the interface identifier (IID) of the equipment on the side of the request for access, and the object identifier (OID) of the equipment on the side of the request for access, or What is necessary is just to be able to determine whether to permit access to the equipment outside the LAN, based on the table in which the correspondence relationship with at least one of the interface identifiers IID is set, and the identifier information provided from the gateway 3.

When the center server 5 permits access, distribution of the permission notification and the authentication key is performed to the local AS 34 (step S14), and the local AS 34 is provided with the permission notification and the authentication key distributed. It distributes to apparatus A, B (step S15). Thereby, secure communication is performed between the equipment A-B which received the authentication key with permission notification, and the receipt of the information by object execution becomes possible (step S16). In this case, by executing the routing function using the connection facility information tables of the server function units 33 and 50 of the gateway 3 and the center server 5, the equipments communicate with each other without being particularly aware of the IP address. Can be.

On the other hand, when the center server 5 does not permit access, a disallow notification is made to the local AS 34 (step S17), and the local AS 34 requests execution of at least an object from the disallowed notification distributed. It distributes to the equipment A of the side of the said side, and rejects the execution request of the said object from the equipment A to the equipment B (step S18).

In this way, if there is an access request between equipments in the LAN and outside the LAN, it is determined whether to permit the access, and preferably, the access request is rejected, thereby achieving the purpose of secure communication. have.

The network system of the present invention described above is authenticated by the gateway 3 as a local server instead of the center server 5 with respect to access requests between the equipments in the LAN. Communication in the LAN can be ensured in a normal state. In addition, at the time of system startup, the local AS 34 periodically acquires identifier information of the equipment in the LAN and notifies the center AS 52, and only the access permission information of the equipment in the LAN from the center server 5 is obtained. Since it is extracted and automatically updated and set in the local AS 34, the user can perform initial setting without being particularly conscious, and there is no need for the user to perform troublesome setting work even if there is a change in the environment setting in the LAN. In addition, in the local AS 34, only the access permission information between the facility devices in the LAN is set, and there is an advantage that the amount of information processing that the gateway 3 should perform is reduced.

In addition, in the case of an access request with equipment outside the LAN, whether or not to permit access from the center server 5 is determined, and thus secure communication can be secured between the equipment outside the LAN and the equipment inside the LAN.

Hereinafter, a description will be given of a method for distributing an authentication key when access is granted with reference to FIGS. 8 to 14.

In the distribution method of the authentication key shown in FIG. 8, it is a case where the equipment A in LAN requests access to the equipment B in LAN. The authentication request includes the identifier information of the equipment A, the identifier information of the equipment B, and the access request authority (r / w / x). The equipment B which has received an access request from the equipment A asks for authentication of whether to allow access to the local AS 34. If the above access is granted in the access permission information table of the local AS 34, the local AS 34 distributes an authentication key to the equipment B, and the authentication key is distributed from the equipment B to the equipment A. The authentication key includes the equipment A and the equipment B, and is encrypted with each secret key. Thereby, the equipment A and the equipment B can draw out the communication encryption key (the session communication key common to the equipment A and the equipment B) using each secret key from the authentication key, and can perform secure communication. .

As shown in FIG. 9, the equipment A in the LAN may directly request the local AS 34 to access the equipment B in the LAN. In this case, when the access request is approved, the authentication key is distributed to the equipment A, and the authentication key is distributed from the equipment A to the equipment. Thereby, the equipment A and the equipment B can take out the communication encryption key using each secret key from the authentication key, and can perform secure communication.

The method of distributing the authentication key shown in FIG. 10 is the same as in the case of FIG. 8 in that the equipment A in the LAN requests access to the equipment B in the LAN, and the equipment B requests authentication to the local AS 34. In other words, the local AS 34 distributes an authentication key to each of the equipment A and the equipment B. The authentication key distribution method shown in FIG. 11 is the same as the case of FIG. 9 in that the equipment A in the LAN requests the local AS 34 directly to access the equipment B in the LAN. It is characterized in that (34) distributes an authentication key to each of the equipment A and the equipment B. Also in these cases, secure communication is performed between the equipment A and the equipment B which received the authentication key.

Fig. 12 shows a method for distributing authentication keys when a plurality of equipments in a LAN have a group ID. In this case, the equipment A presents the identifier information, the group ID, and the access request authority (r / w / x) of the equipment A to the local AS 34, and has the same equipment ID (2). Request permission from each other. Similarly, the equipment B presents the identifier information, the group ID, and the access request authority (r / w / x) of the equipment B to the local AS 34, and the equipments 2 having the same group ID are used. Require permission to access from. The local AS 34 determines whether or not it is allowable for each request, and distributes an authentication key to each of the equipment if it is permitted. The equipment A and the equipment B which have received the authentication key extract the communication encryption key (communication key for the session common to the equipment A and the equipment B) using each secret key, and perform secure communication.

Fig. 13 shows a method for distributing the authentication key when the equipment A in the LAN does not have a group ID. That is, since the equipment B has a group ID, the identifier information, the group ID, and the access request authority (r / w / x) of the equipment B are presented to the local AS 34 to provide the same group ID. Branch requires permission of access from facility equipment 2 to each other. The local AS 34 judges whether or not the request from the equipment B is allowable, and distributes the authentication key to the equipment B if it is allowable. On the other hand, when the equipment A requests access to the equipment B, the equipment B informs the equipment A that the group ID is required for authentication of the access (group notification). As a result, the equipment A presents the identifier information of the equipment A, the group ID obtained by the group notification from the equipment B, and the access request authority (r / w / x) to the local AS 34. Thus, permission of access from the facility equipment 2 having the same group ID is requested. The local AS 34 judges whether or not the request from the equipment A is allowable, and distributes the authentication key to the equipment A when it is permitted. As a result, the equipment A and the equipment B which received the authentication key extract the communication encryption key (communication key for the session common to the equipment A and the equipment B) using the respective secret keys, and perform secure communication. You can run

Fig. 14 shows a method for distributing the authentication key in the case where the equipment B holds the encryption key in advance, and the encryption key necessary for accessing the equipment B is managed by the local AS 34. Figs. In other words, the equipment A in the LAN that wants to access the equipment B receives the identifier information of the equipment A, the identifier information of the equipment B, and the access request authority (r / w / x) to the local AS 34. When presenting and requesting authentication, the local AS 34 determines whether or not the request from the facility A is allowable, and if so, distributes the authentication key to the facility A. Since the authentication key of the equipment B is encrypted with the secret key of the equipment A, the equipment A can securely communicate with the equipment B by extracting the encryption key for communication with the equipment B from the authentication key. .

(2nd Example)

As shown in Fig. 15, the present embodiment is constructed by using the network system of the present invention for a remote control system of equipment in a home that is a user area. The first embodiment includes a gateway 3, a center server 5, and the like. Duplicate description of the same configuration as will be omitted.

In the network system of the present embodiment, the lighting equipment 2a, the air conditioning equipment 2b, the electric lock 2c, the alarm monitoring device 2d, on which the configuration of the facility equipment 2 shown in Fig. 3A is mounted, The recording transmission device 2e, the dedicated client terminal device 2f, the PC 6, and the like are connected to the gateway 3 by a cable of the LAN 1 installed in the home.

The alarm monitoring device 2d has a function of wirelessly collecting the state of abnormal occurrence detection sensors 60 such as various crime prevention sensors and disaster prevention sensors, and outputting alarm information when an abnormal occurrence is detected. In addition to the wireless receiving unit which wirelessly receives the detection signal from the detection sensor 60, a processing for receiving a detection signal received by the wireless receiving unit and anomaly detection upon detecting abnormality, or outputting the baling information to the outside. The functional part corresponds to the functional part 20 of FIG. 3A, and transmits the bulletin information to the information processing part 23. As shown in FIG.

The recording transmission device 2e has a function of distributing recorded video of a visitor captured by a television camera (not shown) of the intercom system 70 to an external or home monitor, and has a recording unit for storing recorded video data. In the unit 20, the recorded video data recorded and stored in the function unit 20 is delivered to the information processing unit 23.

As in the first embodiment, the gateway 3 is connected to the center server 5 via a WAN 4 such as the Internet provided by a connection service provider such as an ADSL or an optical fiber communication network. In the local AS 34 of the gateway 3, the access permission information between the facility devices is set for the facility device 2 in the LAN 1 described above. Like the first embodiment, the WAN 4 can be connected to the desired equipment 2 in addition to the client terminal 6 made of a PC or a mobile phone.

Next, the operation of the network system of the present embodiment will be described. First, at the time of system startup, the gateway 3 performs a detection process of a device connected to LAN1 and requests that information and identifier information necessary for network communication such as each IP address are provided. In addition, the module unit MOS of each of the equipments 2a to 2f provides information on the OID or OID of the installation side object on its own module unit MOS and the IID of the interface below it. To provide.

On the other hand, the service function unit 33 of the gateway 3 transmits the identifier information of the equipment-side object received from the equipment 2a to 2f to the center server 5. The center server 5 sends only the permission information of the access of the equipments in the LAN to the gateway 3 among the access permission information registered in the center AS 52, and the access permission corresponding to the current environment setting in the LAN. The information is set to update to the local AS 34. Such an update is performed whenever there is a change in the LAN setting such as increase or decrease of equipment.

The execution request of the object to the equipment in the LAN 1 which is the user area can be made in substantially the same manner as in the first embodiment. That is, each object identifier (OID) from one of the equipments in the LAN 1 (for example, the client terminal apparatus 2f) to the other of the equipments (for example, the lighting apparatus 2a). Or an execution request using an interface identifier (IID) or a combination of both is made through the gateway 3, a query is made by the local AS 34 of the gateway 3 whether to permit access between the equipments. do. If access is granted, an authentication key is distributed, and a desired object is executed by secure communication between the equipment requesting access and the equipment allowed access (in this case, 2f and 2a).

As a more specific operation of the network system, for example, as shown in Fig. 16, when the client terminal device 2f issues an object execution request to the air conditioner 2b and the electric lock 2c, the client Correspondence relationship between the object identifier OID ("going out") of the terminal device 2f and the object identifier OID ("air conditioning equipment") of the air conditioning apparatus 2b and the identifier IID ("stopping operation of air conditioning") of the interface, and the client The correspondence relationship between the object identifier OID ("going out") of the terminal device 2f, the object identifier OID ("electric lock") of the electric lock 2c, and the identifier IID ("locking") of the interface, respectively, It is inquired whether or not it is registered as access permission information in the local AS 34 of the gateway 3. If access is granted, two objects, the operation stop of the air conditioner 2b and the locking of the electric lock 2c, are executed by secure communication.

When the object execution request is made from the client terminal device connected to the WAN 4, which is the Internet, since the access request is from outside the LAN, the identifier information is transmitted from the gateway 3 to the center server 5 once. It is inquired whether or not it is registered in the center AS 52 of the center server 5 as access permission information, and it is determined whether or not to permit the above access. In the case of allowing access, the authentication key and permission information are notified to the gateway 3, and secure communication is performed between the equipment in a LAN and equipment outside a LAN similarly to the above.

Further, the scene of viewing the video with a monitor device (not shown) on the LAN by lowering the illuminance of the lighting fixture 2a and simultaneously operating the recording transmission device 2e is provided from the client terminal device 2f. It can also be created by making an object execution request to the device. That is, in the recording transmission device 2e, the transmission of the recorded video data is the equipment-side object of the module unit MOS, and in the lighting apparatus 2a, the dimming is the equipment-side object of the module unit M0S. Access to each equipment is allowed, and the program for the above-mentioned object is executed, and it becomes possible to enjoy the composite service which makes the above-mentioned scene.

In addition, according to the present invention, when a fire detector or a human body detecting sensor as an equipment device detects an abnormality (when an event occurs), the residents are notified of the abnormality by blinking a lighting device that is another equipment device connected to a LAN in the home. You can also build a network system. In addition, by matching the identifiers of the equipment on the side requesting the object with the identifiers of the equipment on the side executing the object, the execution of the plurality of objects can be enjoyed simultaneously in one execution request.

17 shows a modification of the network system of the present embodiment. The network system includes a centralized control controller (2g) for remotely controlling the lighting fixtures 82, the air conditioning equipment 84, and the electric lock 86 on the first floor of a two-story house, and two of the two-story house. The centralized control controller 2h for remotely controlling the lighting fixture 82 and the air conditioner 84 on the floor is connected to the gateway 3 as the equipment 2 via the LAN 1, respectively. There is this. The centralized control controllers 2g and 2h generate a control signal corresponding to the JEMA standard (Japanese Electric Industry Association standard) to the lighting fixture 82, the air conditioning device 84, and the electric lock 86 via the signal line 80. A functional unit having a function and a function of receiving an operation signal as monitoring information and receiving information corresponding to these signals between the information processing unit 23 as the functional unit 20 of FIG. 3A described above. Equipped.

In this network system, each of the equipments in the LAN 1 (for example, the client terminal device 2f) is different from one of the equipments (for example, the centralized control controller 2g). When an execution request using an object identifier (OID) or an interface identifier (IID) or a combination of both is made through the gateway 3, whether or not to permit access between the equipments is determined by the local AS 34 of the gateway 3. Is queried by). When the access is permitted, the information processing unit 23 controls the control information of the operation stop of the air conditioning device 84 or the locking of the electric lock 86 to the functional unit 20 of the centralized control controller 2g via the module unit MOS. The process of passing information as a function is performed. Based on this control information, the function unit 20 sends a control signal for stopping the operation of the air conditioning apparatus 84 or a control signal for locking the electric lock 86 through the signal line 80 to which each is connected. It is supposed to do. Thus, according to this network system, when the user goes out, the locking of the electric lock 86 and the operation stop of the air conditioning apparatus 84 can be remotely controlled.

The network system of the present invention is not limited to distributing authentication keys and permission information when access between equipment devices is allowed, and equipment equipment on the side of executing the object other than equipment equipment on the side requesting the object. The access permission signal may also be transmitted. In addition, although it does not specifically limit also about where to transmit access denial information when the access between equipments is denied, it is preferable in operation | movement of a system to transmit to the equipment which requests an object.

As described above, in the network system of the present invention, by providing a server in the LAN that can perform authentication processing for access between facility devices in the LAN, secure communication within 1AN can be secured even if an abnormality occurs in the WAN. have. In addition, since only the information necessary for the authentication processing of whether or not to allow access between facility devices in the LAN is transmitted from the center server and is set in the local server, the burden on the information processing in the local server is small. In addition, when there is a change in the configuration of equipment in the LAN (addition or removal of equipment, addition of functions to equipment), identifier information is sent from the local server to the center server, and the authentication processing in the LAN is performed. Since the necessary information is automatically updated, it is possible to easily construct a system that can perform secure communication with high reliability within a LAN.

As described above, the present invention provides a network system that is optimal for an information society that has recently become increasingly important in improving the safety of access control, and its use value is high.

Claims (8)

A plurality of facility devices each having an object to which an identifier is assigned and a local area network (LAN) to which a local server is connected, and a wide area network (WAN) to which the LAN is connected, wherein the WAN includes a center server and an identifier. A network system in which at least one equipment having an assigned object is connected, and one of the equipments can make an execution request of an object using the identifier with respect to the other of the equipments. The center server includes a center storage unit in which correspondences of identifiers relating to approval of access of facility devices are set for facility devices connected to the LAN and facility devices connected to the WAN. Receiving the identifier information from the local server, based on the identifier information, only the correspondence relation of the identifier relating to the approval of the access between the equipments in the LAN is extracted from the correspondence relation of the identifier stored in the center storage unit. Send to the local server, The local server includes a local storage unit that stores a correspondence relationship between the identifiers received from the center server, and a request to execute the object when one of the equipments makes an object execution request to the other of the equipments. An inquiry unit for determining whether or not the access is between equipments in the LAN and whether or not to permit the access, based on the setting contents of the local storage unit, The inquiry unit outputs an access permission signal from the local server when determining that the execution request of the object is an access between facility devices in the LAN and permits the access, thereby requesting from one of the facility devices. A network system, wherein an object is executed by another one of the facility devices. The method of claim 1, When the inquiry unit determines that the execution request of the object is not an access between facility devices in the LAN, an identifier used for the execution request of the object is transmitted from the local server to the center server, and the center The server includes a center inquiry unit that determines whether to permit the access by inquiring with the contents of the center storage unit, In the case of granting the access, an access permission signal is output from the center server through the local server so that an object requested from one of the equipment is executed by the other of the equipment. The method of claim 1, The local server acquires the identifiers of all the equipments in the LAN in advance, and notifies the center server of the acquired identifiers, and approves the access of the equipments in the LANs extracted from the center server based on the notification. And an initial setting function for setting a corresponding relation of identifiers relating to the local storage unit. The method of claim 1, And the identifier includes at least one of a unique identifier providing information about the equipment on which the object should be executed, and an interface identifier defined based on the content of the object executed on the equipment. The method of claim 4, wherein The local storage unit is a corresponding relationship between the identifiers for the approval of the access of the equipments in the LAN, the unique identifier of the equipment to request the execution of the object, the unique identifier and the interface of the equipment to which the object is requested to be executed. And a table in which a correspondence of the combination of identifiers is established. The method of claim 1, And the local server transmits an access permission signal to a facility device requesting at least execution of the object. The method of claim 1, The inquiry unit, when determining that the execution request of the object is access between the facility devices in the LAN, but does not permit the access, the local server requests an execution rejection signal of at least the object device. To the network system. The method of claim 2, And when the center inquiry unit determines that the access is not permitted, the center server transmits an access denial signal to at least a facility device requesting execution of the object via a local server.

Images