WO2006038391A1 - Appareil de reseau et systeme de reseau - Google Patents

Appareil de reseau et systeme de reseau Download PDF

Info

Publication number
WO2006038391A1
WO2006038391A1 PCT/JP2005/015426 JP2005015426W WO2006038391A1 WO 2006038391 A1 WO2006038391 A1 WO 2006038391A1 JP 2005015426 W JP2005015426 W JP 2005015426W WO 2006038391 A1 WO2006038391 A1 WO 2006038391A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
network device
address
global
subdomain name
Prior art date
Application number
PCT/JP2005/015426
Other languages
English (en)
Japanese (ja)
Inventor
Kensuke Sumitomo
Original Assignee
Megachips System Solutions Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Megachips System Solutions Inc. filed Critical Megachips System Solutions Inc.
Publication of WO2006038391A1 publication Critical patent/WO2006038391A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • the present invention relates to a technique that enables connection to a network device via the Internet.
  • a network camera is connected to the Internet and used, an image captured by the network camera installed at home or the like can be viewed from a remote location.
  • the network camera has a function to distribute the captured video and audio via the Internet, and designates the IP (Internal Protocol) address of the network camera connected to the Internet on a Web browser such as another computer device. This allows you to view the video being captured. For example, when using a surveillance camera to check whether an abnormal situation has occurred at home by looking at the image of the home captured with a network camera during a long trip, such as There are various uses.
  • DNS Domain Name System
  • DDNS Dynamic Domain Name System
  • the subdomain name “.00” is assigned to a personal network camera.
  • a network camera such as an external camera
  • the FQDN Fluly Qualified Domain Name (hereinafter referred to as “address”)
  • the DDNS server with the domain name “00.000.co.jp” is a global IP that is registered in association with the subdomain name “xxx.00.co.jp”.
  • the network camera changes each time the global IP address assigned to it is changed.
  • the domain name can be used instead of the global IP address by dynamically re-registering the global IP address with the DDNS server.
  • a single global IP address is often used by a plurality of network devices such as network cameras and computer devices by using a router.
  • network devices such as network cameras and computer devices by using a router.
  • to use a network camera assigned a private IP address at home with a global IP address via the Internet use the port port function of the router.
  • the port forward function is a function that assigns and transfers an access to a specific port number from the Internet side to a network device having a specific private IP address in the home.
  • the network camera can be used as a Web server on the Internet.
  • the network camera automatically sends its global IP address to the DDNS server and requests the DDNS server to assign a domain name, it is obtained in advance by user connection to the DNS server.
  • the subdomain name is stored in the network camera, and the network camera requests the DDNS server to change the global IP address corresponding to the stored subdomain name to the sent global IP address.
  • the serial number is assigned to the same product with related contents such as a serial number
  • the subdomain name generated in accordance with the serial number can be easily guessed by a third party. Therefore, a third party can specify the address including the subdomain name guessed to There was a security problem in that video and audio were viewed by the third party when connected to the camera.
  • the first aspect of the network system according to the present invention that solves the above problem is that when connected to the network, the identification information of itself is encrypted and generated by the first cryptographic key operation.
  • a network device that transmits the subdomain name and the global IP address, and a DDNS server that assigns the subdomain name to the global IP address to which the network device power is also transmitted. .
  • the network system of the present invention it is possible to connect to a network camera using a domain name instead of a global IP address only by connecting a network device to the network.
  • the network device is connected using a subdomain generated by encrypting identification information such as a serial number, security related to access to the network device can be improved.
  • the subdomain name generated by encrypting its own identification information by the first encryption operation is transmitted.
  • a DDNS server that assigns the subdomain name to the global IP address of the extracted network device, including a network device that performs transmission data including the identification information transmitted from the network device.
  • a domain name can be obtained by simply connecting a network device to the network and not explicitly sending a global IP address.
  • the network device is connected using a subdomain name generated by encrypting identification information such as a serial number. The security related to can be improved.
  • the network device when connected to a network, the network device that transmits its own identification information and a global IP address, and the global IP that has also transmitted the network device capability are provided. And a DDNS server that assigns a subdomain name generated by encrypting the identification information by a first encryption operation to the address.
  • a DDNS server that assigns a subdomain name generated by encrypting the identification information by a first encryption operation to the address.
  • a network device when connected to a network, a network device that transmits its own identification information and a transmission including the identification information transmitted from the network device are provided.
  • a DDNS server that assigns a subdomain name generated by encrypting the identification information by a first encryption operation to a global IP address of the network device extracted from data.
  • the domain name can be obtained by simply connecting the network device to the network and not explicitly sending the global IP address.
  • it is connected using a subdomain name generated by encrypting identification information such as a serial number by a DDNS server. It is possible to improve security.
  • a subdomain name generated by encrypting an input keyword by a fourth encryption operation when connected to the network, a subdomain name generated by encrypting an input keyword by a fourth encryption operation, A network device that transmits a global IP address, and a DDNS server that assigns the subdomain name to the global IP address that has also transmitted the network device power.
  • the fifth aspect of the network system of the present invention it is possible to connect to a network device using a domain name instead of a global IP address only by connecting the network device to the network.
  • the connection is made using the subdomain name generated by encrypting the keyword by the network device, the security related to the access to the network device can be improved.
  • the sub-domain generated by encrypting the input keyword by the fourth encryption operation is used.
  • a DDNS server that assigns the subdomain name to the extracted global IP address of the network device. It is characterized by that.
  • the domain name is used instead of the global IP address even if the global IP address is not transmitted simply by connecting the network device to the network.
  • it is connected using the subdomain name generated by encrypting the keyword by the network device, so the security of access to the network device can be improved. it can.
  • the network device when connected to the network, the network device that transmits the input keyword and the global IP address and the network device power are also transmitted.
  • a D DNS server that assigns a sub-domain name generated by encrypting the keyword by a fourth cryptographic operation to the global IP address.
  • the seventh aspect of the network system of the present invention it is possible to connect to a network device using a domain name instead of a global IP address only by connecting the network device to the network. Furthermore, since the connection is made using the subdomain name generated by encrypting the keyword by the DDNS server, the security related to the access to the network device can be improved.
  • the network device when connected to a network, transmits an input keyword, and transmission data including the keyword transmitted from the network device.
  • a DDNS server that assigns a subdomain name generated by encrypting the keyword by a fourth cryptographic operation to the global IP address of the extracted network device. .
  • the domain name is used instead of the global IP address even if the global IP address is not explicitly transmitted by simply connecting the network device to the network.
  • it is connected using a subdomain name generated by encrypting the keyword by the DDNS server, improving security related to access to network devices. To do Can do.
  • a ninth aspect of the network system according to the present invention is the network system according to any of the fifth, eighth and eighth aspects, wherein the DDNS server is the fourth encryption.
  • the network device When the subdomain name generated by encryption by operation is already assigned to a global IP address other than the global IP address of the network device, the network device notifies this, and the network device Upon receipt of the notification, it requests the input of a new keyword, and the subdomain name generated by encrypting the input new keyword or the new keyword by the fourth encryption operation. Is retransmitted to the DDNS server.
  • the ninth aspect of the network system of the present invention it is determined whether or not the generated subdomain name is already assigned to another global IP address, and has already been assigned.
  • the subdomain name generated by changing the keyword can be changed.
  • a tenth aspect of the network system according to the present invention is the network system according to any one of the first to ninth aspects, wherein the network device is a random random number of domain names.
  • the communication is performed with the DDNS server having the one domain name selected in the above.
  • the network Security for third parties attempting to connect to the device can be improved.
  • An eleventh aspect of the network system according to the present invention is the network system according to any one of the first to ninth aspects, in which the DDNS server is the network node of the network device.
  • the DDNS server is the network node of the network device.
  • One domain name randomly selected from a plurality of domain names is assigned to the IP address together with the subdomain name.
  • the network system since one domain name selected from a plurality of domain names is assigned to the network device, the network system It is possible to improve security for a third party who tries to connect to the work device.
  • a twelfth aspect of the network system according to the present invention is the network system according to any one of the first to eleventh aspects, wherein the network device is connected to a router.
  • the port forward function of the router is set.
  • a thirteenth aspect of the network system according to the present invention is the network system according to any one of the first to twelfth aspects, wherein the network device transmits the identification information to the second A device password encrypted by cryptographic key operation is generated, and a connection to the network device is authenticated using the device password.
  • access to the network device is performed by performing connection authentication to the network device using a device password generated from identification information such as a serial number.
  • identification information such as a serial number.
  • the fourteenth aspect of the network system according to the present invention is the network system according to any one of the first to thirteenth aspects, wherein the network device uses the input keyword as the first. And a connection to the network device is authenticated using the first user password.
  • security related to access to the network device is obtained by performing connection authentication to the network device using a user password generated from the keyword. Will improve.
  • a fifteenth aspect of the network system according to the present invention is the network system according to any one of the first to fourteenth aspects, wherein the network device assigns the input keyword to the third A second user password encrypted by the encryption key calculation is generated, and the connection to the network device is authenticated using the second user password.
  • a sixteenth aspect of the network system according to the present invention is the network system according to any one of the thirteenth to fifteenth aspects, in which the network device is a new sub-system after the authentication.
  • the network device is a new sub-system after the authentication.
  • the new subdomain name is transmitted, and the DDNS server sends a request to the network IP address of the network device.
  • the new subdomain name transmitted from the network device is assigned.
  • a seventeenth aspect of the network system according to the present invention is the network system according to any one of the first to sixteenth aspects, wherein the DDNS server is configured to handle the global IP address.
  • the DDNS server is configured to handle the global IP address.
  • the user can connect to the network device according to the domain name by receiving an e-mail sent from the DDNS server. Recognize that it has become possible.
  • an eighteenth aspect of the network system according to the present invention is the network system according to any one of the first to sixteenth aspects, wherein the DDNS server corresponds to the global IP address.
  • the DDNS server corresponds to the global IP address.
  • the user is notified of the LED display etc. by the network device, and can connect to the network device by the domain name. Can be recognized.
  • the nineteenth aspect of the network system according to the present invention is the network according to the eighteenth aspect.
  • the notification performed by the network device is performed by transmitting an e-mail to a predetermined e-mail address.
  • the user can connect to the network device by the domain name by receiving the electronic mail transmitted from the network device. Can be recognized.
  • a subdomain name generated by encrypting its own identification information by a first encryption operation, And sending a global IP address to the DDNS server to request assignment of the subdomain name to the global IP address.
  • the network device According to the first aspect of the network device according to the present invention, it is possible to connect to the network device using the domain name instead of the global IP address only by connecting the network device to the network. Since the connection is made using the subdomain name generated by encrypting the identification information such as the serial number by the network device, the security related to the access to the network device can be improved.
  • the subdomain name generated by encrypting its own identification information by the first cryptographic operation is D It transmits to a DNS server, and requests the assignment of the subdomain name to its own global IP address.
  • the domain name is used instead of the global IP address even if the global IP address is not explicitly transmitted by simply connecting the network device to the network.
  • it is connected using the subdomain name generated by encrypting the identification information such as the serial number by the network device. Such security can be improved.
  • a subdomain name generated by encrypting an input keyword by a fourth encryption operation when connected to the network, a subdomain name generated by encrypting an input keyword by a fourth encryption operation, And sending a global IP address to the DDNS server to request assignment of the subdomain name to the global IP address.
  • the DDNS when connected to the network, the DDNS generates a subdomain name generated by encrypting the input keyword by a fourth encryption operation. It is transmitted to a server, and the assignment of the subdomain name to its own global IP address is requested.
  • the domain name is used instead of the global IP address even if the global IP address is not explicitly transmitted by simply connecting the network device to the network.
  • it is connected using the subdomain name generated by encrypting the keyword by the network device, so security related to access to the network device is improved. be able to.
  • a fifth aspect of the network device is the network device according to the third or fourth aspect, wherein the subdomain name is generated by being encrypted by the fourth encryption operation.
  • the subdomain name generated by encrypting by the cryptographic key operation is retransmitted to the DDNS server, and the new subdomain name is assigned to the global IP address of its own. It is characterized by requesting.
  • the subdomain generated by changing the keyword is used. You can change the domain name.
  • a sixth aspect of the network device according to the present invention is the network device according to any one of the first to fifth aspects, wherein the plurality of domain names are randomly selected. And communicating with the DDNS server having the one domain name.
  • the network device since the domain name constituting the address of the network device is selected and determined from a plurality of domain name models, the network device Security against third parties attempting to connect to the network.
  • a seventh aspect of the network device according to the present invention is the network device according to any one of the first to fifth aspects, in which the global IP address, together with the subdomain name, One domain name selected at random from among a plurality of domain names is assigned.
  • the seventh aspect of the network device of the present invention since a single domain name having a plurality of domain name powers selected is assigned to the network device, an attempt is made to connect to the network device. Security for third parties can be improved.
  • an eighth aspect of the network device according to the present invention is the network device according to any one of the first to seventh aspects, wherein when connected to a router, the port forwarding function of the router is It is characterized by setting.
  • the router's port forwarding function is automatically set, so that troublesome settings are made. There is no need.
  • a ninth aspect of the network device according to the present invention is the network device according to any one of the first to eighth aspects, wherein the identification information is obtained by a second encryption operation. An encrypted device password is generated, and the connection to the network device is authenticated using the device password.
  • access to the network device is performed by performing connection authentication to the network device using the generated device password using identification information such as a serial number.
  • identification information such as a serial number.
  • a tenth aspect of the network device according to the present invention is the network device according to any one of the first to ninth aspects, wherein the input keyword is set as the first user pass password. , Connect the network device to the first user pass It is characterized by authenticating using a password.
  • connection authentication to the network device using the user password that also generates the keyword power, security related to access to the network device. Will improve.
  • an eleventh aspect of the network device according to the present invention is the network device according to any one of the first to tenth aspects, wherein the input keyword is encrypted by a third cryptographic key operation. A second user password is generated, and the connection to the network device is authenticated using the second user password.
  • security related to access to the network device is obtained by performing connection authentication to the network device using the user password generated by the keyword power. Will improve.
  • a twelfth aspect of the network device according to the present invention is the network device according to any one of the first to eleventh aspects, wherein a new subdomain name is input after the authentication.
  • the new sub-domain name is transmitted to the DDNS server, and the new sub-domain name is changed to its own global IP address. It is characterized by requesting allocation.
  • a thirteenth aspect of the network device according to the present invention is the network device according to any one of the first to eleventh aspects, wherein the subdomain name corresponding to the global IP address by the DDNS server is When it is recognized that the assignment is complete, the assignment completion is notified.
  • the user is notified of the LED display etc. by the network device, and can connect to the network device by the domain name. Can be recognized.
  • the fourteenth aspect of the network device according to the present invention is the network device according to the thirteenth aspect, in which the notification sends an e-mail to a predetermined e-mail address. It is characterized by being performed by communication.
  • the user can connect to the network device according to the domain name by receiving the e-mail to which the network device power is also transmitted. Can be recognized.
  • FIG. 1 is a diagram showing a configuration of a network system according to an embodiment of the present invention.
  • FIG. 1 is a diagram showing a configuration of a network system according to the first embodiment of the present invention.
  • the basic configuration of the network system is the network such as the Internet 6 [Network connected via modem 4 for communication using ADSL (Asymmetnc Digital bubscnoer Line) ⁇ FTTH (Fiber To The Home) etc. It has a device 1 and a DDNS server 7 connected to the Internet 6 as well.
  • ADSL Almmetnc Digital bubscnoer Line
  • FTTH Fiber To The Home
  • a LAN (Local Area Network) 5 is configured by the network camera 1, the computer device 2, the router 3, and the modem 4.
  • the computer apparatus 2 is shown as an example of a general network apparatus connected to the router 3, and the network camera 1 corresponds to the network apparatus of the present invention.
  • the mobile phone 8 in the figure is shown as an example of a terminal for browsing video captured by the network camera 1 using this network system.
  • the network camera 1 has a function of distributing captured video and audio as a Web server. As a result, the user can connect to the network camera 1 using the mobile phone 8 and use the web browser or the like for video and audio captured and distributed by the network camera 1. Can be viewed.
  • the network camera 1 also has a function of generating a subdomain name and password, a function of requesting the DDNS server 7 to assign the subdomain name, and connection authentication using the generated password. It has a function to perform various operations for realizing security, such as a function to perform.
  • the network camera 1 has a UPnP (Universal Plug & Play) function, and can simply execute each of the above functions at a predetermined timing by simply connecting to the network.
  • UPnP Universal Plug & Play
  • the computer apparatus 2 is an example of a general network apparatus that is connected to the Internet 6 like the network camera 1.
  • Network camera 1 can be connected to the LAN using a private IP address via router 3, so you can view the video and audio captured by network camera 1 and make various settings for network camera 1. Can also be used.
  • the router 3 has a function of performing routing for using one global IP address assigned on the Internet 6 by a plurality of network devices 1 and 2 in the home.
  • the Dynamic Host Configuration Protocol (DHCP) function that assigns private IP addresses to multiple network devices 1 and 2 connected to LAN5, and these network devices 1 and 2 use the Internet 6.
  • DHCP Dynamic Host Configuration Protocol
  • the router 3 when the router 3 receives a connection request from the network device on the Internet 6 for the purpose of viewing the captured video and audio to the network camera 1 operating as a Web server, It has a port forward function that realizes data transmission and reception between the network device and network camera 1. Specifically, a specific port is released from the router 3 to the Internet 6 side, and data is transmitted / received through the port.
  • port number 80 For example, by assigning port number 80 to the private IP address of network camera 1, it is possible to respond to connection requests from the Internet 6 side that specify a global IP address. Network power that is connected to LAN5 at home and assigned a private IP address.
  • a terminal such as a mobile phone 8 connected to the network camera 1 from the outside via the Internet 6 can view video and audio captured by the network camera 1 using a Web browser or the like. It becomes possible.
  • FTP File Transfer
  • the global IP address used by the network camera 1 is assigned when the modem 4 connects to the Internet 6, but when the connection is terminated and reconnected, a new global IP address is assigned. It is done. Alternatively, the global IP address assigned every predetermined time may change. That is, the assigned global IP address is not fixed but changes dynamically.
  • the modem 4 is a device necessary for data communication via the Internet 6 using a global IP address assigned to the network device power of the network camera 1, the computer device 2, etc. It has a function to perform data communication by various methods such as FTTH.
  • the DDNS server 7 has a function of assigning a domain name and a subdomain name to a global IP address used by the network camera 1. As a result, when external power is connected to the network camera 1, it is possible to use an address including a domain name and a subdomain name that is not an IP address that is a list of numerical values.
  • the mobile phone 8 is connected to the network camera 1 via the Internet 6 and is used for viewing video and audio captured by the network camera 1.
  • a mobile phone is an example, and a terminal used for viewing video and audio may be a computer device or a PDA (Personal Digigal Assistant).
  • Router 3 and modem 4 are connected to the Internet 6, and The IP address is assigned.
  • a private IP address is assigned to the network camera 1 by the DHCP function of the router 3.
  • the network camera 1 automatically starts setting the port forward function of the router 3 at a predetermined timing using the UPnP function. Specifically, the router 3 that uses the global IP address is set to forward the connection to port 80, for example, to the private IP address assigned to the network camera 1. As a result, the network camera 1 can operate on the Internet 6 as a Web server ⁇ using the global IP address assigned to the router 3.
  • information for connecting to the DDNS server 7 is set in advance at the manufacturing stage.
  • the information includes the DNS server 7 address, information necessary for connection authentication, etc., and the network camera 1 uses the information to connect to the DDNS server 7 with authentication. Data transmission / reception and subdomain name assignment requests can be made.
  • the network camera 1 has a subdomain name that requests assignment to the DDNS server 7 and a user who requests connection to itself at a predetermined timing until connection to the DDNS server 7 is started.
  • the camera password (device password) for authenticating the password is set.
  • the subdomain name is obtained by encrypting a serial number, which is unique identification information assigned to each network camera 1, by a predetermined encryption operation (first encryption operation). Similarly, for the camera password, the serial number is assigned to a predetermined encryption operation (second It is encrypted by encryption operation). These are automatically generated in the network camera 1 and stored and managed in the network camera 1 together with the serial number and information related to the DDNS server 7.
  • the results generated by the encryption key need not be duplicated. If the serial number can be used as a sub-domain name and the operation result can be obtained with numerical power, the content of the encryption operation is not required, but a third party can obtain the operation result from information such as the serial number. It is desirable that it cannot be easily estimated.
  • the second encryption operation is used for connection authentication to the network camera 1 distinguished by each subdomain name, so a third party can easily guess the information power calculation result such as the serial number. If it can't be done, it doesn't matter if the calculation results overlap! /. However, in order to avoid having the same subdomain name and password, it is desirable to obtain an operation result different from the operation result of the first encryption operation.
  • the encryption operation for generating the subdomain name and the camera password and the setting to the network camera 1 may be performed at the manufacturing stage of the network camera 1, or may be performed by the user on the network camera 1. It may be a mode that is automatically performed at a predetermined timing after the power is turned on.
  • the information related to the FQDN (hereinafter referred to as the address) including the subdomain name and the domain name of the DDNS server 7, and the notification of the camera password for connecting to the network camera 1, It may be a mode in which the printed matter describing these is bundled with the network camera 1 at the manufacturing stage, or the display device (not shown) such as a liquid crystal provided in the network camera 1 or the network camera 1 at a predetermined timing. It may be a mode in which it is displayed on a display device or the like provided in the computer device 2 connected via LAN.
  • the identification information used for generating the subdomain name and camera password is unique to each network camera 1, information other than the serial number, such as a MAC (Media Access Control) address, is used. It doesn't matter.
  • MAC Media Access Control
  • the network camera 1 When the network camera 1 completes the setting of the port forward function of the router 3 and recognizes that the global IP address can be used, the network camera 1 next executes the preset information.
  • the information is used to connect to the DDNS server 7, notify the subdomain name generated by the cryptographic operation as described above, the global IP address and serial number, and request assignment of the subdomain name.
  • the DDNS server 7 assigns the received subdomain name to the global IP address received from the network camera 1, and manages the subdomain name in association with the serial number and the global IP address of the network camera 7. .
  • the DDNS server 7 notifies the network camera 1 of this.
  • the network camera 1 When the network camera 1 receives a notification from the DDNS server 7 that the setting of the subdomain name has been completed, the network camera 1 displays the notification on its own display device or a lamp such as an LED (not shown). The user is notified by lighting or the like. The user can recognize that the setting has been completed and the connection to the network camera 1 using the subdomain name has become possible through these notifications.
  • the subdomain name assignment request method to the DDNS server 7 is limited to a mode in which the encrypted subdomain name is transmitted from the network camera 1 to the DDNS server 7 as described above. is not. Specifically, the DDNS server 7 can execute the first encryption operation described above, and only the serial number is transmitted from the network camera 1, and the DDNS server 7 transmits the received serial number to the first It is also possible to generate and use a subdomain name by encrypting by the encryption key operation.
  • the method of notifying the user of the completion of the setting of the subdomain name is not limited to the above-described mode.
  • the DD NS server 7 may notify that the setting of the subdomain name is completed by sending an e-mail to the e-mail address.
  • the network camera 1 that is notified of the completion of setting from the DDNS server 7 may be in a mode of transmitting an e-mail.
  • the DDNS server 7 recognizes the global IP address of the network camera 1.
  • the method is not limited to the mode in which the global IP address is transmitted from the network camera 1 as described above.
  • the global IP address is not explicitly transmitted from the network camera 1, and the DDNS server 7 analyzes and includes the data including the serial number transmitted from the network camera 1. It may be a mode of extracting and using the global IP address.
  • the timing for transmitting information such as the serial number from the network camera 1 to the server 7 is not limited to immediately after the network camera 1 global IP address is available. For example, a predetermined time has elapsed. It may be a mode performed at an arbitrary timing set in advance, such as later.
  • the user uses the mobile phone 8 to designate the network camera 1 by specifying an address including the subdomain name assigned to the network camera 1 that is not an IP address that is an enumeration of numbers. Can be connected to one. If the camera password is input as the password required at this time, it is possible to view the video and audio captured by the network camera 1 using the Web server function of the network camera 1.
  • the global IP address assigned to the router 3 via the modem 4 may be dynamically changed as described above.
  • network camera 1 When network camera 1 recognizes that the global IP address assigned to router 3 has been changed, it sends information such as the global IP address to DDNS server 7 at predetermined intervals. In addition to changing the contents of the global IP address managed by, the serial number and the changed global IP address are sent to the DDNS server 7.
  • the global IP address corresponding to the managed serial number is also changed in the DDNS server 7.
  • the network camera 1 also sets the port forward function of the router 3 as described above if necessary.
  • the network camera 1 transmits the subdomain name instead of the serial number to the DDNS server 7 together with the changed global IP address, and the global IP address corresponding to the subdomain name. It may be an aspect of requesting the change. is there Alternatively, the DDNS server 7 that received only the serial number or subdomain name recognized the change of the global IP address of the network camera 1 from the global IP address obtained by analyzing the received data. , You may change the setting ⁇
  • network camera 1 information such as a serial number, a global IP address, a subdomain name, and a camera password is stored and managed.
  • the user can change the subdomain name, camera password, and the like managed by the network camera 1 by using the computer device 2 connected to the network camera 1 by LAN.
  • changing the subdomain name is not limited to changing the subdomain name that is stored and managed by the network camera 1, and notifying the DDNS server 7 of the change and changing the subdomain name assignment.
  • the user uses the computer device 2 or the mobile phone 8, and the network camera 1 stores and manages the information, such as the address of the DDNS server 7 and the user ID and password necessary for authentication. It is possible to connect to the DDNS server 7 based on the above and change the subdomain name of the network camera 1 stored and managed in the DDNS server 7.
  • the method of notifying the user of the information necessary for connecting to the DDNS server 7 may be a mode of notifying the information described in the printed matter in which the camera password described above is described, Notification may be made via the display device provided in the network camera 1 or the computer device 2 connected to the network camera 1 via LAN.
  • the DDNS server 7 notifies the network camera 1 of the change, and the changed content is reflected in the information stored and managed in the network camera 1. That is, the subdomain name can be changed by operating either the network camera 1 or the DDNS server 7.
  • a mode has been described in which the subdomain name generated by the cryptographic operation and the camera password are used based on the serial number that is the identification information of the network camera 1.
  • This embodiment is different from the first embodiment in that a user password is issued and authentication is performed based on a keyword input for each user.
  • the configuration of the network system is the same as that of the first embodiment, and only the functions and operations of the network camera 1 and the DDNS server 7 are different. Therefore, the details of the present embodiment will be described below with a focus on differences from the first embodiment with reference to FIG.
  • the UPnP function automatically sets the port forward function of the router 3 at a predetermined timing in the same manner as in the first embodiment.
  • information for connecting to the DDNS server 7 is set in the network camera 1 in advance in order to request assignment of a subdomain name, as in the first embodiment. It is.
  • the network camera 1 has a predetermined timing until connection to the DDNS server 7 is started, a subdomain name that requests assignment to the DDNS server 7, and the above-described description in the first embodiment.
  • a user password used to authenticate the user accessing the user is set.
  • the subdomain name is the same as described above in the first embodiment.
  • the serial number which is unique identification information assigned to each network camera 1, is encrypted by the first cryptographic operation and used as the subdomain name.
  • the user password is set for the network camera 1 by the user entering a keyword.
  • the specific setting is performed as follows. [0150] First, the network camera 1 connected to the router 3 notifies the user that the user password has not been set at a predetermined timing using a display device, an LED lamp, or the like. , Prompt for keywords.
  • a user who has received the request uses a display device and an operator (not shown) provided in the network camera 1 or a computer device 2 connected to the network camera 1 via a LAN, etc. Enter a keyword for 1.
  • the network camera 1 stores and manages it as a user password (first user password) together with a serial number, a global IP address, and the like stored therein.
  • the user password is not limited to a mode in which the keyword input by the user is used as it is. Specifically, it may be an aspect in which an input keyword encrypted by a third encryption operation is used as a user password (second user password).
  • a user password second user password
  • the generated user password is encrypted. Therefore, it is difficult for a third party to guess, and the security for connection to the network camera 1 is improved.
  • the third encryption operation is used for connection authentication to the network camera 1 distinguished by each subdomain name.
  • Information power such as information related to users and serial numbers
  • the calculation results may be duplicated as long as the calculation results cannot be easily estimated.
  • the network camera 1 When the network camera 1 completes the setting of the port forward function of the router 3 and the setting of the user password, the network camera 1 starts a connection request to the DDNS server 7 and a subdomain name assignment request.
  • DDNS Sano 7 assigns a subdomain name to the global IP address of network camera 1 and Notification of completion of subdomain name assignment for Mela 1 is performed.
  • the user can connect to the network camera 1 by using the mobile phone 8 and specifying an address including a subdomain name that is not an IP address that is a list of numbers. If the user password is entered as the password required at this time, it becomes possible to view the video and audio captured by the network camera 1 using the web server function of the network camera 1. .
  • the user password can also be changed by an operation on the network camera 1 in the same manner as the change of the subdomain name described in the first embodiment. After changing the user password, after connecting to the network camera 1, you can receive connection authentication by entering the changed user password and view the video and audio captured by the network camera 1. It becomes.
  • the authentication using the password is not limited to a mode in which any one of the camera password described in the first embodiment or the user password described in the present embodiment is used. You may be the aspect which utilizes.
  • the user password is not limited to the mode of using either the keyword itself entered by the user or the one encrypted by the third cryptographic key operation as described above.
  • the keyword itself may be used as the first user password
  • the keyword encrypted with the third encryption key operation may be used as the second user password.
  • a mode has been described in which a subdomain name and a camera password generated by cryptographic key operation are used based on identification information such as a serial number of the network camera 1.
  • This embodiment is different from the first embodiment in that a subdomain name generated based on a keyword input by a user is used.
  • the configuration of the network system is the same as that of the first embodiment, and only the functions and operations of the network camera 1 and the DDNS server 7 are different. Therefore, the details of the present embodiment will be described below with a focus on differences from the first embodiment with reference to FIG.
  • the UPnP function automatically sets the port forward function of the router 3 at a predetermined timing, similar to the first embodiment.
  • the network camera 1 is pre-set with information for connecting to the DDNS server 7 in order to request subdomain name assignment in the manufacturing stage, as in the first embodiment. It is.
  • the network camera 1 is set with a subdomain name that requests assignment to the DDNS server 7 and a password for the camera at a predetermined timing until the connection to the DDNS server 7 is started. .
  • the camera word is the same as that described above in the first embodiment.
  • the camera password is obtained by encrypting the serial number, which is unique identification information assigned to each network camera 1, by the second encryption key operation.
  • the subdomain name is set for the network camera 1 by the user entering a keyword.
  • the specific setting is performed as follows. First, the network camera 1 connected to the router 3 informs the user that the subdomain name has not been set using a display device, an LED lamp, or the like at a predetermined timing. To ask for keyword input.
  • a user who has received the request uses a display device and an operator (not shown) provided in the network camera 1 or a computer device 2 connected to the network camera 1 via a LAN, etc. Enter a keyword for 1.
  • the network camera 1 When a keyword is input, the network camera 1 generates and uses a subdomain name obtained by encrypting the keyword by the fourth encryption operation. Thus, for example, even when the user inputs a value that can be used to estimate the information power of the user, such as name and birthday, as a keyword, the generated subdomain name is encrypted. It becomes difficult for a third party to guess and security for the connection to the network camera 1 is improved.
  • the content of the cryptographic operation is not limited as long as it can obtain an operation result that can be used as a sub-domain name from the keyword entered by the user or a numerical value. It is desirable that the third party cannot easily estimate the calculation result from information related to the user or information such as a serial number. In addition, in order to avoid having the same password as that for the camera, it is desirable to obtain an operation result different from the operation result of the second encryption operation. As will be described later, when used together with the user password described above in the second embodiment, it is desirable to obtain an operation result that is different from the operation result of the third encryption operation.
  • the generated subdomain name is stored and managed in the network camera 1 together with the serial number, global IP address, etc. stored in the inside.
  • the network camera 1 When the network camera 1 completes the setting of the port forward function of the router 3 and the generation of the subdomain name, the network camera 1 starts the connection to the DDNS server 7 and the subdomain name assignment request.
  • the DDNS server 7 assigns a subdomain name and notifies the network camera 1 of the completion of subdomain name assignment.
  • the subdomain name sent from network camera 1 already has another global IP.
  • the DDNS server 7 When used in association with an address, the DDNS server 7 notifies the network capability 1 of this.
  • the network camera 1 Upon receiving notification from the DDNS server 7 that the subdomain name is not available, the network camera 1 displays this on its own display device or lights a lamp such as an LED. To inform the user.
  • the operations from the input of the user keyword to the assignment of the subdomain name in the DDNS server 7 are repeated until the generated subdomain name becomes usable in the DDNS server 7. It is. If the generated subdomain name does not overlap with that already used for other global IP addresses, the subdomain name is assigned to the network IP address of network camera 1.
  • notification of completion of sub-domain name assignment is made, and thereafter, the user uses the mobile phone 8 to enter an IP that is a list of numbers.
  • the setting of the subdomain name generated by the fourth cryptographic operation can also be changed by operating the network camera 1 as described above in the first embodiment. If the subdomain name is changed, the change is automatically reflected in the DDNS server 7 settings. After that, the network camera 1 can be connected by specifying the address including the changed subdomain name. The same can be said about the point where it becomes possible.
  • the method of requesting the subdomain name assignment to the DDNS server 7 is the same as that described above from the network camera 1 to the DDNS server 7. It is not limited to the mode in which the subdomain name is transmitted. Specifically, the DDN S server 7 can execute the fourth cryptographic operation and is used from the network camera 1. It is also possible to transmit only the keyword entered by the user, and the DDNS server 7 encrypts the received keyword by the fourth cryptographic key operation to generate a subdomain name and use it.
  • the method of the DDNS server 7 recognizing the global IP address of the network camera 1 is not limited to the mode of transmitting the global IP address from the network camera 1 as in the first embodiment. .
  • the global IP address is not explicitly transmitted from the network camera 1, and the DDNS server 7 analyzes the data including the subdomain name transmitted from the network camera 1, There may be a mode in which the global IP address included therein is extracted and used.
  • the authentication using the password is not limited to the mode using the camera node described in the first embodiment, but the mode using the user password described in the second embodiment. It does not matter.
  • the user password is not limited to the camera password, and a plurality of passwords may be used.
  • the user password used at this time is either the keyword itself entered by the user or the one encrypted by the third encryption operation.
  • the keyword entered by the user is used as the first user password
  • the keyword encrypted by the third encryption operation is used as the second user password. It may be an aspect.
  • the subdomain name encrypted with the serial number described above in the first embodiment instead of the subdomain name encrypted with the serial number described above in the first embodiment, the subdomain name encrypted with the keyword entered by the user is used. Thus, the same effect as in the first embodiment can be obtained.
  • the subdomain name encrypted with the serial number which is identification information
  • the connection to the network camera 1 is authenticated using the camera password with the serial number encrypted.
  • a user password generated based on a keyword input by the user is used instead of the camera password of the first embodiment or together with the camera password.
  • the security of network camera 1 is improved through authentication.
  • This embodiment is a technique for further improving the security for network camera 1 in the first to third embodiments.
  • an address including the domain name of the DDNS server 7 is stored and set in the network camera 1 at the manufacturing stage.
  • the subdomain name the serial number unique to each network camera 1 or the one encrypted by the first or fourth cryptographic operation from the keyword input by the user is used. [0199] Specifically, for example, when the DDNS server 7 has a domain name “00.jp”, the subdomain name generated by the encryption key is “smtm”. To connect to the network camera 1, specify an address such as “smtm.xxx.jp”.
  • the domain name of “DDNS server 7” “00.jp” is also selected from a plurality of medium strengths.
  • a plurality of domain names such as “mouth ⁇ .ne.jp” and “ ⁇ .netj” are prepared.
  • the domain name randomly selected from is stored in each network camera 1.
  • the network camera 1 with the subdomain name "smtm” does not necessarily have the address "smtm.00.jp", but "smtm. DD D. There is a possibility of an address such as “ne.jp” or “smtm. ⁇ .netj”.
  • the determination of the domain name to be assigned to each network camera 1 from among a plurality of domain names is not limited to the mode performed at the manufacturing stage of each network camera 1. Specifically, at the manufacturing stage of each network camera 1, as in the first to third embodiments, a single domain name is set, and the DDNS server 7 having the domain name uses the subdomain name. When allocating, the domain name randomly selected from a plurality of domain names may be simultaneously allocated and notified to the network camera 1 and the user.
  • each network camera 1 when the addresses of each network camera 1 are different only in the subdomain name, for example, one network camera 1 is obtained and the domain name is recognized. If a third party changes the subdomain name appropriately, it may be connected to the network camera 1 of a user other than itself.
  • the domain name portion there are a plurality of types in the domain name portion, and a third party who tries to connect to the network camera 1 other than the domain name is assigned to each network camera 1. I can't know the domain name of the DDNS server 7 assigned to, just how many domain names exist, and I can't even know the power of it! /.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

Système de réseau selon lequel dès la connexion d’un appareil de réseau (1), un processus provenant d’un établissement d’une fonction directe de port d’un routeur (3) à une demande d’attribution d’un nom de sous-domaine au niveau d’un serveur DDNS (7) est automatiquement effectué, de sorte qu'un téléphone mobile (8) peut accéder à l’appareil de réseau (1) avec un nom de domaine. Un mot de passe demandé pour acquérir le nom de sous-domaine et demandé pour se connecter à l’appareil de réseau est généré, au moyen d’un cryptage, à partir d’informations d’identification inhérentes dans l’appareil de réseau, de sorte qu’un tiers peut difficilement estimer le mot de passe et ainsi, la sécurité pour l’appareil de réseau peut être renforcée.
PCT/JP2005/015426 2004-09-30 2005-08-25 Appareil de reseau et systeme de reseau WO2006038391A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004286683A JP2006101330A (ja) 2004-09-30 2004-09-30 ネットワーク装置およびネットワークシステム
JP2004-286683 2004-09-30

Publications (1)

Publication Number Publication Date
WO2006038391A1 true WO2006038391A1 (fr) 2006-04-13

Family

ID=36142476

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/015426 WO2006038391A1 (fr) 2004-09-30 2005-08-25 Appareil de reseau et systeme de reseau

Country Status (3)

Country Link
JP (1) JP2006101330A (fr)
CN (1) CN1765107A (fr)
WO (1) WO2006038391A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4528105B2 (ja) * 2004-11-29 2010-08-18 株式会社アイ・オー・データ機器 ダイナミックdnsサービスを利用したネットワーク機器の設定方法、ダイナミックdnsサービスサーバ、プログラム及びネットワーク機器の接続方法
US20080201487A1 (en) * 2007-02-16 2008-08-21 Microsoft Corporation Open dynamic domain name system
JP2009165041A (ja) * 2008-01-09 2009-07-23 Sony Corp ネットワーク機器、アドレス変更通知方法及びアドレス変更通知プログラム
JP6357780B2 (ja) * 2013-02-06 2018-07-18 株式会社リコー ネットワークシステム及び情報通知方法
JP6361417B2 (ja) * 2014-09-24 2018-07-25 株式会社村田製作所 データ通信システム、データ通信方法、中央装置、及び該中央装置で実行することが可能なコンピュータプログラム
CN106209753B (zh) * 2015-05-08 2019-11-19 深圳市腾讯计算机系统有限公司 业务控制方法、管理服务器、客户端、业务服务器及系统
EP3759678A1 (fr) * 2018-03-01 2021-01-06 Kodak Alaris Inc. Système de suivi et de routage de kiosques de vendeurs dans un réseau local, et procédé d'utilisation

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002033773A (ja) * 2000-07-17 2002-01-31 Web On Demand:Kk Webオンデマンドシステム
JP2002199027A (ja) * 2000-12-27 2002-07-12 Kyocera Communication Systems Co Ltd インターネット電話システムおよびインターネット電話方法
JP2003273896A (ja) * 2002-03-18 2003-09-26 Matsushita Electric Ind Co Ltd Ddnsサーバとddnsクライアント端末、及びddnsシステム
JP2003308291A (ja) * 2002-04-18 2003-10-31 Fuji Photo Film Co Ltd ディジタル・コンテンツ・システム
JP2004112018A (ja) * 2002-09-13 2004-04-08 Johnson Controls Inc インターネットアクセスWeb監視制御システム
JP2004120125A (ja) * 2002-09-24 2004-04-15 Yamaha Corp ルータおよびルータ設定情報処理方法
JP2004153643A (ja) * 2002-10-31 2004-05-27 Mega Chips Corp ネットワークユニット及びネットワーク装置

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002033773A (ja) * 2000-07-17 2002-01-31 Web On Demand:Kk Webオンデマンドシステム
JP2002199027A (ja) * 2000-12-27 2002-07-12 Kyocera Communication Systems Co Ltd インターネット電話システムおよびインターネット電話方法
JP2003273896A (ja) * 2002-03-18 2003-09-26 Matsushita Electric Ind Co Ltd Ddnsサーバとddnsクライアント端末、及びddnsシステム
JP2003308291A (ja) * 2002-04-18 2003-10-31 Fuji Photo Film Co Ltd ディジタル・コンテンツ・システム
JP2004112018A (ja) * 2002-09-13 2004-04-08 Johnson Controls Inc インターネットアクセスWeb監視制御システム
JP2004120125A (ja) * 2002-09-24 2004-04-15 Yamaha Corp ルータおよびルータ設定情報処理方法
JP2004153643A (ja) * 2002-10-31 2004-05-27 Mega Chips Corp ネットワークユニット及びネットワーク装置

Also Published As

Publication number Publication date
CN1765107A (zh) 2006-04-26
JP2006101330A (ja) 2006-04-13

Similar Documents

Publication Publication Date Title
EP2291979B1 (fr) Accès distant entre dispositifs upnp
US7856023B2 (en) Secure virtual private network having a gateway for managing global ip address and identification of devices
TWI274491B (en) Network interconnection apparatus, network interconnection method, name resolution apparatus and computer program
WO2007068167A1 (fr) Procede et dispositif de reseau permettant de configurer le nom de domaine dans un reseau d'acces ipv6
KR20030073180A (ko) 통신망을 통한 원격제어서비스 제공장치, 시스템 및 방법
US20140137267A1 (en) Distributing overlay network ingress information
US20130227660A1 (en) Registration server, gateway apparatus and method for providing a secret value to devices
WO2006038391A1 (fr) Appareil de reseau et systeme de reseau
JP4726190B2 (ja) ネットワークカメラ、ddnsサーバおよび映像配信システム
JP4524906B2 (ja) 通信中継装置、通信中継方法、および通信端末装置、並びにプログラム記憶媒体
WO2006040881A1 (fr) Systeme d’acheminement video et camera de reseau
WO2008023934A1 (fr) Système de commande à distance depuis l'extérieur et procédé associé pour un dispositif domotique
KR20120083827A (ko) 홈 네트워크를 이용한 통화 방법 및 장치
WO2009079895A1 (fr) Procédé permettant d'attribuer une adresse ip secondaire sur la base d'une authentification d'accès dhcp
JP4576637B2 (ja) ネットワークカメラ、管理サーバおよび映像配信システム
JP5953991B2 (ja) 通信制御方法、通信制御装置、通信機器、及びプログラム
JP4886712B2 (ja) アクセス制御システム、アクセス制御方法、アクセス制御装置およびアクセス制御プログラム
KR20070018196A (ko) 원격에서의 국부망 액세스에 대한 보안을 확보하는 방법 및장치
JP2007259384A (ja) 通信制御システム、通信制御装置、端末、通信制御方法、およびそのプログラム
JP2004078280A (ja) リモートアクセス仲介システム及び方法
JP2008028899A (ja) 通信システム、端末装置、vpnサーバ、プログラム、及び、通信方法
JP2008010934A (ja) ゲートウェイ装置、通信制御方法、プログラム、およびプログラムを記録した記憶媒体
KR100853587B1 (ko) 통신단말기의 네트워크 환경을 변경 없이 사용가능하도록하는 아이피공유장치 및 이를 이용한 접속 방법
JP2006209406A (ja) 通信機器
JP2006197094A (ja) 通信システム

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 20058001268

Country of ref document: CN

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase