WO2023148807A1 - Communication device, communication system, communication method, and program - Google Patents

Communication device, communication system, communication method, and program Download PDF

Info

Publication number
WO2023148807A1
WO2023148807A1 PCT/JP2022/003794 JP2022003794W WO2023148807A1 WO 2023148807 A1 WO2023148807 A1 WO 2023148807A1 JP 2022003794 W JP2022003794 W JP 2022003794W WO 2023148807 A1 WO2023148807 A1 WO 2023148807A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
authentication
communication
communication device
processing unit
Prior art date
Application number
PCT/JP2022/003794
Other languages
French (fr)
Japanese (ja)
Inventor
正則 今川
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Priority to PCT/JP2022/003794 priority Critical patent/WO2023148807A1/en
Priority to JP2023578212A priority patent/JP7546796B2/en
Publication of WO2023148807A1 publication Critical patent/WO2023148807A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present disclosure relates to communication equipment, communication systems, communication methods, and programs.
  • a user may want to monitor and operate a communication device from a web browser on a user terminal via a network such as the Internet or LAN (Local Area Network).
  • a network such as the Internet or LAN (Local Area Network).
  • the user in order to prevent unauthorized access, the user first enters an ID and password on the login screen from the user terminal and transmits them to the communication device, and the communication device performs user authentication using the ID and password.
  • the user terminal can operate the communication device by communicating with the communication device using mechanisms such as Web API and WebSocket.
  • this authentication must be performed each time the user terminal operates the communication device. Therefore, every time the user operates the communication device, the user is required to enter a password for authentication, resulting in poor operability.
  • the password entered by the user on the login screen is stored in the web browser, cookie, etc., and the password is automatically sent to the communication device each time communication is performed using Web API, WebSocket, etc.
  • a known method is to transmit to the .
  • frequent transmission of confidential information such as passwords poses a security problem.
  • a technology in which the communication device side issues an authentication token to the user terminal when the user authentication is successful, and the user terminal uses the token to automatically perform authentication.
  • a representative facility management apparatus performs user authentication first.
  • the representative facility management device When the user authentication is successful, the representative facility management device generates an authentication code for each facility management device by encrypting the authentication data to which the digital signature is added using the private key of the own device using the public key of each facility management device, Send to user terminal.
  • the user terminal adds the received authentication code and connects to the facility management apparatus by the WebSocket method.
  • the facility management device decrypts the authentication code received from the user terminal with its own private key and verifies the digital signature with the public key of the representative facility management device, thereby performing authentication. If the authentication succeeds, the user terminal becomes capable of monitoring the equipment management device.
  • the "authentication code” described in Patent Document 1 is information for authentication similar to the "token", and there is no substantial difference between the two.
  • the present disclosure has been made in view of the above circumstances, and provides a communication device, a communication system, and a communication method capable of easily performing authentication when one communication device operates another communication device without intervention of a user terminal. and to provide programs.
  • the communication device is One communication device among a plurality of communication devices each holding the same shared key and capable of communicating with each other via a network,
  • the own device operates an operation target device that is one of the plurality of communication devices, it generates a token obtained by adding a digital signature to the authentication data with the shared key, and uses the token to perform the operation.
  • a token generation processing unit that transmits to the target device; verifying, by using the shared key, the digital signature of the token received from the operating-side device when the own device is operated by an operating-side device that is one of the plurality of communication devices; a token authentication processing unit that performs authentication by a web server unit that enables the operation-side device to operate its own device when authentication by the token authentication processing unit is successful; Prepare.
  • a diagram showing the configuration of a communication system according to an embodiment of the present disclosure 1 is a block diagram showing the configuration of a communication device according to an embodiment of the present disclosure;
  • FIG. Block diagram showing the configuration of a user terminal according to an embodiment of the present disclosure Flowchart of processing for operating a communication device from a user terminal according to an embodiment of the present disclosure
  • a diagram schematically showing the structure of a token according to an embodiment of the present disclosure Flowchart of processing for operating another communication device from a communication device according to an embodiment of the present disclosure Flowchart of token update processing according to an embodiment of the present disclosure
  • the communication system 100 includes, as shown in FIG. 1, a plurality of communication devices 2A, 2B, 2C, .
  • the communication system 100 has a function of connecting the user terminal 3 to the communication device 2 and operating the communication device 2 .
  • the communication system 100 also has a function of voluntarily connecting one communication device 2 to the other communication device 2 and operating the other communication device 2 without using the user terminal 3 . It should be noted that this "operation" means causing the communication device 2 to perform some processing.
  • the user terminal 3 and the communication device 2 on the operating side can control and monitor the operated communication device 2, obtain information from the operated communication device 2, and the like.
  • communication between the communication devices 2 that does not involve the user terminal 3 is also referred to as inter-device communication.
  • the communication device 2 is a device capable of communicating with the user terminal 3 and other communication devices 2 via the network 1, such as an air conditioning controller.
  • the communication device 2 is not assumed to be operated directly by the user, and is indirectly operated by the user terminal 3 and other communication devices 2 via the network 1 .
  • the communication device 2 includes a communication section 21, a storage section 22, and a control section .
  • the communication unit 21 is an interface for connecting the communication device 2 to the network 1.
  • the communication unit 21 has a reverse proxy function that restricts connections from communication devices other than the communication device 2 that constitute the communication system 100 . This makes it possible to prevent unauthorized access from a third party.
  • the storage unit 22 is a nonvolatile storage device such as a hard disk drive, flash memory, etc., and stores various information.
  • the storage unit 22 stores system configuration data 221 , user registration information 222 and shared key 223 .
  • the system configuration data 221 is data for identifying all communication devices 2 in the communication system 100, including the device itself, from the network 1.
  • the system configuration data 221 is data including the IP address, domain name, host name, etc. of each communication device.
  • the user registration information 222 is data used when performing user authentication, which will be described later.
  • the user registration information 222 includes a list of pairs of user IDs and passwords of users permitted to connect to the communication device 2 .
  • the user registration information 222 is not limited to the user ID and password, and may be data for using other means that can uniquely identify the user, such as data for fingerprint authentication or a digital certificate.
  • the shared key 223 is used to generate a token with a digital signature added to the authentication data in the token generation process described later. Also, the shared key 223 is used to verify the digital signature added to the token received from the user terminal 3 or the communication device 2 in token authentication processing, which will be described later. All communication devices 2 included in the communication system 100 hold the same shared key 223 . In initial setting processing when the communication system 100 is configured, settings are manually made such that the same shared key 223 is held in the storage units 22 of all the communication devices 2 . Note that if the same shared key 223 is stored in advance in the firmware of each communication device 2, such an initial setting process can be omitted, but in this case, there is a risk that the shared key 223 will be leaked to the outside. be.
  • the storage unit 22 stores an authentication token.
  • a token is information obtained by adding a digital signature to authentication data using the shared key 223, and is used to authenticate the communication device 2 on the operating side.
  • the control unit 23 includes a CPU (Central Processing Unit), RAM (Random Access Memory), ROM (Read Only Memory), etc., and the CPU uses the RAM as a workspace and executes a program stored in the ROM, so that the communication device 2 as a whole.
  • the control unit 23 has a user authentication unit 231, a token generation processing unit 232, a token authentication processing unit 233, a web server unit 234, and a token update unit 235 as functional configurations.
  • the user authentication unit 231 performs user authentication when receiving an operation request from the user terminal 3 . Specifically, the user authentication unit 231 performs user authentication by comparing the user ID, password, etc. included in the user authentication request from the user terminal 3 with the user registration information 222 .
  • the token generation processing unit 232 adds a digital signature to the authentication data with the shared key 223 when the user authentication unit 231 succeeds in user authentication, or when the other communication device 2 is operated from its own device through inter-device communication. Then, the generated token is transmitted to the user terminal 3 or the communication device 2 to be operated (operated device).
  • the token authentication processing unit 233 When the token authentication processing unit 233 is operated by the user terminal 3 or another communication device 2 (operating device), the token authentication processing unit 233 uses the shared key stored in the storage unit 22 as the digital signature of the received token. Authentication is performed by verifying using H.223.
  • the web server unit 234 functions as a web server for the communication device 2.
  • the web server unit 234 performs processing for enabling the user terminal 3 or the communication device 2 to operate itself.
  • the web server unit 234 receives operation commands by connecting to the user terminal 3 or the communication device 2 on the operating side using Web API, WebSocket, or the like.
  • the web server unit 234 then executes the received operation command and responds with the execution result.
  • the token update unit 235 performs processing for updating the expiration date of the token stored in the storage unit 22 when the expiration date is short.
  • the user terminal 3 is a console terminal that operates each communication device 2 from a web browser.
  • the user terminal 3 includes a communication unit 31, a storage unit 32, a control unit 33, a display unit 34, and an input unit 35, as shown in FIG.
  • the communication unit 31 is an interface for connecting the user terminal 3 to the network 1.
  • the storage unit 32 is a non-volatile storage device such as a hard disk drive, flash memory, etc., and stores various information.
  • the storage unit 32 stores an authentication token acquired from the communication device.
  • the control unit 33 includes a CPU, RAM, ROM, etc., and the CPU controls the entire user terminal 3 by executing a program stored in the ROM using the RAM as a work space.
  • the display unit 34 is, for example, an LCD (Liquid Crystal Display), and displays various screens under the control of the control unit 33.
  • the display unit 34 displays a login screen for user authentication.
  • the input unit 35 is, for example, a keyboard, a mouse, etc., receives input from the user, and outputs a signal corresponding to the input to the control unit 33 .
  • the input unit 35 receives input of a user ID and password from a login screen.
  • the control unit 33 acquires the web content for displaying the login screen from the communication device 2, and causes the display unit 34 to display the login screen (step S101).
  • the control unit 33 transmits a user authentication request including the input ID and password to the communication device (step S102).
  • the user authentication unit 231 of the communication device 2 Upon receiving the user authentication request, the user authentication unit 231 of the communication device 2 performs user authentication (step S103). Specifically, the user authentication unit 231 confirms that the set of ID and password included in the received user authentication request is registered in the user registration information 222 . Although not shown in the flowchart of FIG. 4, if the user authentication fails, the process ends as an error.
  • the token generation processing unit 232 After successful user authentication, the token generation processing unit 232 performs processing to generate a token for authentication. That is, first, the token generation processing unit 232 acquires authentication data indicating that user authentication has succeeded (step S104).
  • the authentication data is arbitrary data, and may be a random number that is meaningless information, but in this embodiment, at least the current date and time information and the IP address of the user terminal 3 that is the source of the operation are included in the authentication data.
  • the IP address of the user terminal 3 may be obtained from the IP address of the source of the received user authentication request. Further, instead of the IP address of the user terminal 3, other address information that can identify the user terminal 3 may be included in the authentication data.
  • the token generation processing unit 232 generates a token by adding a digital signature to the acquired authentication data using the shared key 223 (step S105). Specifically, the token generation processing unit 232 adds, as a digital signature, a MAC value calculated based on the shared key 223 and the authentication data using a hash-based message authentication code (HMAC) algorithm. As a result, a token having the structure shown in FIG. 5 is generated.
  • the hash function used for calculating the MAC value is SHA-2, SHA-3, etc., but all the communication devices 2 included in the communication system 100 must use the same hash function.
  • the token generation processing unit 232 transmits the generated token to the user terminal 3 (step S106).
  • the control unit 33 of the user terminal 3 adds the received token and tries to connect to the communication device 2 operated by the WebSocket method (step S107).
  • the WebSocket method is a technical standard for two-way communication between a web server and a web client. If the connection is made using the WebSocket method, unlike the HTTP protocol, it is possible to maintain a constant connection.
  • the control unit 33 of the user terminal 3 adds a token as a parameter to the URL for connecting to the communication device 2 to be operated using the WebSocket method, and attempts to connect to the communication device 2 using the URL. Therefore, the token must be data in a format that can be used as a URL. If the token is data in binary format, it must be converted into a format that can be used in a URL using a method such as Base64. It is conceivable that the token is included in the message first transmitted from the user terminal 3 to the communication device 2 when connecting using the WebSocket method. Therefore, it is preferable to include the token in the URL parameter since it greatly affects the communication system 100 as a whole.
  • the token authentication processing unit 233 of the communication device 2 uses the held shared key 223 to authenticate the digital signature of the token included as a parameter in the URL of the connection. is verified (step S108). Specifically, the token authentication processing unit 233 calculates the MAC value based on the authentication data included in the token and the shared key 223 held in the storage unit 22 using the HMAC algorithm. The token authentication processing unit 233 then verifies that the calculated MAC value and the MAC value included in the token match.
  • step S108 if it is determined that the MAC values do not match and the digital signature is not normal (step S109; No), the token authentication processing unit 233 returns an authentication error to the user terminal 3, and is disconnected (step S111). The user terminal 3 notified of the authentication error ends with an error.
  • the token authentication processing unit 233 checks the date and time information contained in the authentication data in the token and the IP address of the connection source. It is determined whether or not the address is normal (step S110). Specifically, the token authentication processing unit 233 determines whether or not the period from the date and time indicated by the date and time information to the present is within the predetermined validity period of the token. By this determination, old authentication data that has been used in the past can be prevented from being illegally reused, and replay attacks can be prevented.
  • the token authentication processing unit 233 also determines whether or not the IP address of the currently connected user terminal 3 is the same as the IP address of the connection source included in the authentication data. By this determination, the intercepted authentication data can be prevented from being illegally used by other terminals, and spoofing attacks can be prevented.
  • step S110 If it is determined that the date and time information or the IP address of the connection source is not normal (step S110; No), the token authentication processing unit 233 returns an authentication error to the user terminal 3 and disconnects the connection (step S111). .
  • the user terminal 3 notified of the authentication error ends with an error.
  • the token authentication processing unit 233 returns a normal response to the user terminal 3 assuming that the token is correct (step S112).
  • the user terminal 3 receives the normal response, a permanent connection is established between the user terminal 3 and the web server unit 234 of the communication device 2 by the WebSocket method (step S113). It becomes possible to operate the communication device 2 from the terminal 3 . After that, when the connection by the WebSocket method is terminated, the token used for authentication is deleted from the user terminal 3 .
  • the token generation processing unit 232 of the communication device 2A on the operating side transmits an IP address acquisition request of its own device to the communication device 2B on the operated side (step S201). It is necessary to include the IP address of the communication device 2A, which is the connection source, in the authentication data of the token generated in the steps described later. Must. For example, when a NAT router is installed between the communication device 2A and the communication device 2B, when the communication device 2A connects to the communication device 2B, the IP address of the communication device 2A as the connection source is rewritten by the NAT router. It reaches the device 2B. Since the communication device 2A cannot obtain this rewritten IP address by itself, it transmits an IP address acquisition request to the communication device 2B.
  • the control unit 23 of the communication device 2B When receiving the IP address acquisition request, the control unit 23 of the communication device 2B, which is the operated side, sends the IP address of the transmission source of the request, that is, the IP address of the communication device 2A as seen from the communication device 2B to the communication device 2A. A reply is sent (step S202).
  • the token generation processing unit 232 of the communication device 2A Upon receiving the IP address from the communication device 2B, the token generation processing unit 232 of the communication device 2A performs processing for generating a token for authentication. That is, first, the token generation processing unit 232 acquires authentication data (step S203).
  • the authentication data is arbitrary data, and may be a random number that is meaningless information, but in this embodiment, at least the current date and time information and the IP address of the communication device 2A that is the operation source are included in the authentication data.
  • This IP address is the IP address returned from the communication device 2B in step 202, that is, the IP address of the communication device 2A viewed from the communication device 2B.
  • the authentication data may include other address information that can identify the communication device 2A instead of the IP address of the communication device 2A.
  • the token generation processing unit 232 of the communication device 2A generates a token by adding a digital signature to the acquired authentication data using the shared key 223 (step S204).
  • This token is a token similar to the token generated when operating the communication device 2 from the user terminal 3, and has a digital signature by HMAC.
  • the web server unit 234 of the communication device 2A adds the generated token and attempts to connect to the communication device 2B operated by the WebSocket method (step S205).
  • the web server unit 234 of the communication device 2A adds the generated token and attempts to connect to the communication device 2B operated by the WebSocket method (step S205).
  • the token authentication processing unit 233 of the communication device 2B uses the held shared key 223 to verify the digital signature of the token included in the URL of the connection (step S206).
  • step S207 When it is determined that the digital signature is not normal as a result of the verification in step S206 (step S207; No), the token authentication processing unit 233 of the communication device 2B returns an authentication error to the communication device 2A and disconnects the connection. (Step S209). The communication device 2A notified of the authentication error terminates due to an error.
  • step S207 the token authentication processing unit 233 of the communication device 2B obtains the date and time information included in the authentication data in the token, and It is determined whether or not the IP address of the connection source is normal (step S208). Specifically, the token authentication processing unit 233 determines whether or not the period from the date and time indicated by the date and time information to the present is within the predetermined validity period of the token. By this determination, old authentication data that has been used in the past can be prevented from being illegally reused, and replay attacks can be prevented.
  • the token authentication processing unit 233 determines whether or not the IP address of the currently connected equipment 2A is the same as the IP address of the connection source included in the authentication data. By this determination, the intercepted authentication data can be prevented from being illegally used by other terminals, and spoofing attacks can be prevented.
  • the token authentication processing unit 233 If it is determined that the date and time information or the IP address of the connection source is not normal (step S208; No), the token authentication processing unit 233 returns an authentication error to the communication device 2A and disconnects the connection (step S209). . The user terminal notified of the authentication error terminates with an error.
  • the token authentication processing unit 233 determines that the token is correct and returns a normal response to the communication device 2A (step S210).
  • a constant connection is established between the communication device 2A and the communication device 2B using the WebSocket method (step S211). In the following, it becomes possible to operate the communication device 2B from the communication device 2A without requiring authentication. After that, when the connection by the WebSocket method is terminated, the token used for authentication is deleted from the communication device 2B.
  • the token received from the operating-side communication device 2A is stored in the storage unit 22 of the operated-side communication device 2B.
  • the constant connection is maintained for a long time.
  • the expiration date of the token stored in the communication device 2B may expire, and the constant connection may be disconnected. Therefore, in order to prevent such a situation, the operated-side communication device 2B executes a token update process for updating the token by itself.
  • the token update process is executed at predetermined time intervals while the constant connection by WebSocket is maintained. Token update processing will be described with reference to the flowchart of FIG.
  • the token update unit 235 of the communication device 2B determines whether the period from the date and time indicated by the date and time information included in the authentication data of the token stored in the storage unit 22 to the present has passed the valid period of the token. (step S301). If the validity period has not expired (step S301; No), the token update process ends because there is no need to update the token.
  • the token updating unit 235 of the communication device 2B corrects the date and time information contained in the authentication data of the held token to the current date and time information (step S302). Then, the token update unit 235 calculates the MAC value by HMAC based on the authentication data with corrected date information and the shared key, and updates the digital signature of the token with the calculated MAC value (step S303). With this, the token update process ends. After that, the token updated by the token update process is deleted from the storage unit 22 of the communication device 2B when the constant connection by WebSocket is disconnected.
  • token update processing is periodically executed during constant connection to update the digital signature of expired tokens and reuse them as valid tokens. This allows the constant connection to be maintained.
  • the token update process described above when the expiration date has expired (step S301; Yes), the token is updated (steps S302 and S303). becomes shorter, steps S302 and S303 may be executed. Alternatively, steps S302 and S303 may be uniformly executed to update the token without checking the expiration date. By doing so, the token is updated to the latest date and time each time the token update process is executed, but the token is updated each time, which increases the load on the communication device 2B.
  • all the communication devices 2 forming the communication system 100 hold the same shared key 223 .
  • Each communication device 2 has a function of generating an authentication token by itself using the shared key 223 when operating another communication device 2 .
  • Each communication device 2 also has a function of performing authentication by verifying the digital signature of the received token using the shared key 223 when operated by another communication device 2 . That is, all the communication devices 2 have a token issuing function and an authentication function. Therefore, when a token is used for authentication when a communication device 2 operates another communication device 2 in device-to-device authentication, the conventional problem that it is difficult to specify the communication device 2 to which the token can be issued is solved. can be resolved. Therefore, it becomes easy to use the token for authentication when one communication device 2 operates the other communication device 2 without the intervention of the user terminal 3, and the authentication can be easily performed. .
  • the operation-side user terminal 3 or communication device 2 is connected to the operated-side communication device 2 by WebSocket at all times to perform operations.
  • the connection method is not limited to WebSocket. do not have.
  • the user terminal 3 or the communication device 2 on the operating side may connect to the communication device 2 on the operated side via the Web API to perform the operation.
  • the Web API unlike WebSockets, there is no constant connection, so authentication using a token is required each time a command is sent or received after connecting via the Web API.
  • the HMAC algorithm is used as the digital signature using the shared key 223, but the digital signature method is not limited to this.
  • a message code authentication algorithm other than HMAC may be used to add a digital signature to the authentication data using the shared key 223 .
  • the authentication data of the token includes the date and time information and the IP address of the connection source, but it is not necessary to include them.
  • the authentication data may be random numbers.
  • the "token” described in this embodiment may be described as “ticket”, “authentication code”, etc. in other documents, but these are substantially the same information. This disclosure does not interpret "tokens” narrowly.
  • control unit 23 of the communication device 2 by applying the program executed by the control unit 23 of the communication device 2 to an existing computer, it is possible to cause the computer to function as the control unit 23 according to the present disclosure.
  • Computer-readable recording media such as CD-ROM (Compact Disk Read-Only Memory), DVD (Digital Versatile Disk), MO (Magneto Optical Disk), memory card, etc. may be stored and distributed in , or may be distributed via a communication network such as the Internet.
  • communication system 1 (2A, 2B, 2C) communication device 21 communication unit 22 storage unit 221 system configuration data 222 user registration information 223 shared key 23 control unit 231 user authentication unit 232 Token generation processing unit, 233 token authentication processing unit, 234 web server unit, 235 token update unit, 3 user terminal, 31 communication unit, 32 storage unit, 33 control unit, 34 display unit, 35 input unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A communication system (100) comprises a plurality of communication devices 2 (2A, 2B, 2C …) that are capable of communicating with each other via a network (1), and that each have the same shared key. Each of the communication devices 2, when operating any other of the plurality of communication devices 2, generates a token for which a digital signature is attached to authentication data using a shared key, and transmits the token to the communication device (2) to be operated. Each of the communication devices 2, when operated from any other of the plurality of communication devices (2), verifies the digital signature of the token received from the operating-side communication device (2), using the shared key to thereby perform authentication, and, if the authentication is successful, allows the operating-side communication device (2) to operate the communication device 2.

Description

通信機器、通信システム、通信方法及びプログラムCommunication equipment, communication system, communication method and program
 本開示は、通信機器、通信システム、通信方法及びプログラムに関する。 The present disclosure relates to communication equipment, communication systems, communication methods, and programs.
 ユーザがユーザ端末のウェブブラウザから、インターネット、LAN(Local Area Network)等のネットワークを介して通信機器を監視、操作したい場合がある。この場合、まずユーザは、不正アクセスを防ぐため、ユーザ端末からIDとパスワードをログイン画面に入力して通信機器に送信し、通信機器側でIDとパスワードとを用いたユーザ認証を行う。ユーザ認証成功後、Web API、WebSocket等のしくみを用いてユーザ端末が通信機器と通信することで、ユーザ端末から通信機器の操作が可能となる。この通信をする際にも、ユーザ認証とは別の認証を新たに行う必要がある。この認証は、原則としてユーザ端末から通信機器を操作する度に実行する必要がある。そのため、通信機器を操作する度に、ユーザは認証用のパスワードの入力が必要となり、操作性が悪くなる。 A user may want to monitor and operate a communication device from a web browser on a user terminal via a network such as the Internet or LAN (Local Area Network). In this case, in order to prevent unauthorized access, the user first enters an ID and password on the login screen from the user terminal and transmits them to the communication device, and the communication device performs user authentication using the ID and password. After successful user authentication, the user terminal can operate the communication device by communicating with the communication device using mechanisms such as Web API and WebSocket. When performing this communication, it is necessary to newly perform authentication other than user authentication. In principle, this authentication must be performed each time the user terminal operates the communication device. Therefore, every time the user operates the communication device, the user is required to enter a password for authentication, resulting in poor operability.
 このような操作性の悪化を防ぐために、ログイン画面でユーザが入力したパスワードをウェブブラウザ、Cookie等に記憶しておき、Web API、WebSocket等による通信を行う度に、自動的にパスワードを通信機器に送信して認証を行う方法が知られている。しかしながら、パスワードのような機密情報を頻?に送信するのはセキュリティ上問題がある。 In order to prevent such deterioration of operability, the password entered by the user on the login screen is stored in the web browser, cookie, etc., and the password is automatically sent to the communication device each time communication is performed using Web API, WebSocket, etc. A known method is to transmit to the . However, frequent transmission of confidential information such as passwords poses a security problem.
 また、上記問題を回避するために、ユーザ認証の成功時に通信機器側が認証用のトークンをユーザ端末に対して発行し、ユーザ端末がトークンを使用することで、認証を自動的に行う技術が開示されている。例えば、特許文献1には、ユーザ端末から複数の設備管理装置を監視操作する際に、まず代表の設備管理装置がユーザ認証を行う。ユーザ認証が成功すると代表の設備管理装置は、自装置の秘密鍵でデジタル署名を付加した認証データを各設備管理装置の公開鍵を用いて暗号化した認証コードを設備管理装置ごとに生成し、ユーザ端末に送信する。ユーザ端末は、受信した認証コードを付加してWebSocket方式で設備管理装置に接続する。設備管理装置は、ユーザ端末から受信した認証コードを、自装置の秘密鍵で復号し、代表の設備管理装置の公開鍵でデジタル署名を検証することにより、認証を行う。認証に成功するとユーザ端末は、設備管理装置の監視操作が可能となる。なお、特許文献1に記載されている「認証コード」は、「トークン」と同様な認証用の情報であり、両者に実質的な差異はない。 Also, in order to avoid the above problem, a technology is disclosed in which the communication device side issues an authentication token to the user terminal when the user authentication is successful, and the user terminal uses the token to automatically perform authentication. It is For example, in Japanese Unexamined Patent Application Publication No. 2002-100001, when a plurality of facility management apparatuses are monitored and operated from a user terminal, a representative facility management apparatus performs user authentication first. When the user authentication is successful, the representative facility management device generates an authentication code for each facility management device by encrypting the authentication data to which the digital signature is added using the private key of the own device using the public key of each facility management device, Send to user terminal. The user terminal adds the received authentication code and connects to the facility management apparatus by the WebSocket method. The facility management device decrypts the authentication code received from the user terminal with its own private key and verifies the digital signature with the public key of the representative facility management device, thereby performing authentication. If the authentication succeeds, the user terminal becomes capable of monitoring the equipment management device. Note that the "authentication code" described in Patent Document 1 is information for authentication similar to the "token", and there is no substantial difference between the two.
国際公開2014/068632号WO2014/068632
 操作対象の通信機器が複数存在し、ユーザ端末を介さずに、通信機器同士で自発的に相手側を操作したい場合も考えられる。このような場合も同様に、Web API、WebSocket等で通信機器間の通信をする際に認証が必要であり、上述したトークンを利用することが考えられる。ここで、ユーザ端末から通信機器を操作する場合は、ユーザ端末がトークン発行機能を有する通信機器にアクセスし、当該通信機器がユーザ認証成功時に認証用のトークンを発行することで、ユーザ端末は発行されたトークンを用いて操作対象とする通信機器と通信することができる。これに対し、ユーザ端末が介在しない通信機器間の通信では、トークンを発行可能な通信機器の特定ができないため、認証を行うのが困難となる。 There may be cases where there are multiple communication devices to be operated, and the communication devices want to operate the other side spontaneously without going through the user terminal. Similarly, in such a case, authentication is required when communicating between communication devices using Web API, WebSocket, etc., and it is conceivable to use the above-mentioned token. Here, when operating the communication device from the user terminal, the user terminal accesses the communication device having the token issuing function, and the communication device issues an authentication token when the user authentication is successful. Using the received token, it is possible to communicate with the communication device to be operated. On the other hand, in communication between communication devices in which a user terminal does not intervene, it is difficult to perform authentication because communication devices capable of issuing tokens cannot be specified.
 本開示は上記実情に鑑みてなされたものであり、ユーザ端末が介さずに一方の通信機器から他方の通信機器を操作する際の認証を容易に行うことができる通信機器、通信システム、通信方法及びプログラムを提供することを目的とする。 The present disclosure has been made in view of the above circumstances, and provides a communication device, a communication system, and a communication method capable of easily performing authentication when one communication device operates another communication device without intervention of a user terminal. and to provide programs.
 上記目的を達成するため、本開示に係る通信機器は、
 ネットワークを介して相互に通信可能な、同一の共有鍵をそれぞれ保持する複数の通信機器のうちの一の通信機器であって、
 自機が、前記複数の通信機器のうちの何れかの通信機器である操作対象機器を操作する場合に、認証データに前記共有鍵でデジタル署名を付加したトークンを生成し、当該トークンを前記操作対象機器に送信するトークン生成処理部と、
 自機が、前記複数の通信機器のうちの何れかの通信機器である操作側機器から操作される場合に、前記操作側機器から受信したトークンのデジタル署名を前記共有鍵を用いて検証することにより認証を行うトークン認証処理部と、
 前記トークン認証処理部による認証に成功した場合に、前記操作側機器による自機に対する操作を可能とするウェブサーバ部と、
 を備える。 In order to achieve the above object, the communication device according to the present disclosure is
One communication device among a plurality of communication devices each holding the same shared key and capable of communicating with each other via a network,
When the own device operates an operation target device that is one of the plurality of communication devices, it generates a token obtained by adding a digital signature to the authentication data with the shared key, and uses the token to perform the operation. a token generation processing unit that transmits to the target device;
verifying, by using the shared key, the digital signature of the token received from the operating-side device when the own device is operated by an operating-side device that is one of the plurality of communication devices; a token authentication processing unit that performs authentication by
a web server unit that enables the operation-side device to operate its own device when authentication by the token authentication processing unit is successful;
Prepare.
 本開示によれば、ユーザ端末が介さずに一方の通信機器から他方の通信機器を操作する際の認証を容易に行うことができる。 According to the present disclosure, it is possible to easily perform authentication when one communication device operates another communication device without the intervention of a user terminal.
本開示の実施形態に係る通信システムの構成を示す図A diagram showing the configuration of a communication system according to an embodiment of the present disclosure 本開示の実施形態に係る通信機器の構成を示すブロック図1 is a block diagram showing the configuration of a communication device according to an embodiment of the present disclosure; FIG. 本開示の実施形態に係るユーザ端末の構成を示すブロック図Block diagram showing the configuration of a user terminal according to an embodiment of the present disclosure 本開示の実施形態に係るユーザ端末から通信機器を操作する処理のフローチャートFlowchart of processing for operating a communication device from a user terminal according to an embodiment of the present disclosure 本開示の実施形態に係るトークンの構造を模式的に示す図A diagram schematically showing the structure of a token according to an embodiment of the present disclosure 本開示の実施形態に係る通信機器から他の通信機器を操作する処理のフローチャートFlowchart of processing for operating another communication device from a communication device according to an embodiment of the present disclosure 本開示の実施形態に係るトークン更新処理のフローチャートFlowchart of token update processing according to an embodiment of the present disclosure
 以下、本開示の実施形態について、図面を参照しながら詳細に説明する。なお、図中同一または相当部分には同一符号を付す。 Hereinafter, embodiments of the present disclosure will be described in detail with reference to the drawings. The same reference numerals are given to the same or corresponding parts in the drawings.
 本開示の実施形態に係る通信システムについて説明する。通信システム100は、図1に示すように、インターネット、LAN等であるネットワーク1に接続された複数の通信機器2A、2B、2C、・・・と、ユーザ端末3と、を備えている。なお、以下の説明において通信機器2A、2B、2C、・・・を区別しない場合は、通信機器2とも表記する。通信システム100は、ユーザ端末3が通信機器2に接続して、通信機器2を操作する機能を有している。さらに、通信システム100は、ユーザ端末3を介さずに、自発的に一方の通信機器2が他方の通信機器2と接続して、他方の通信機器2を操作する機能も有している。なお、この「操作」とは、通信機器2になんらかの処理を実行させることを意味する。これにより、操作側のユーザ端末3、通信機器2は、操作される通信機器2の制御、監視、操作される通信機器2からの情報取得等が可能となる。なお、以下の説明では、ユーザ端末3を介さない通信機器2同士の通信を機器間通信とも表記する。 A communication system according to an embodiment of the present disclosure will be described. The communication system 100 includes, as shown in FIG. 1, a plurality of communication devices 2A, 2B, 2C, . In the following description, the communication devices 2A, 2B, 2C, . . . The communication system 100 has a function of connecting the user terminal 3 to the communication device 2 and operating the communication device 2 . Furthermore, the communication system 100 also has a function of voluntarily connecting one communication device 2 to the other communication device 2 and operating the other communication device 2 without using the user terminal 3 . It should be noted that this "operation" means causing the communication device 2 to perform some processing. As a result, the user terminal 3 and the communication device 2 on the operating side can control and monitor the operated communication device 2, obtain information from the operated communication device 2, and the like. In the following description, communication between the communication devices 2 that does not involve the user terminal 3 is also referred to as inter-device communication.
 通信機器2は、ネットワーク1を介して、ユーザ端末3、および他の通信機器2と通信可能な機器であり、例えば、空調コントローラである。通信機器2は、ユーザからの直接操作は想定されておらず、ネットワーク1を介して、ユーザ端末3および他の通信機器2から間接的に操作される。図2に示すように、通信機器2は、通信部21と、記憶部22と、制御部23とを備える。 The communication device 2 is a device capable of communicating with the user terminal 3 and other communication devices 2 via the network 1, such as an air conditioning controller. The communication device 2 is not assumed to be operated directly by the user, and is indirectly operated by the user terminal 3 and other communication devices 2 via the network 1 . As shown in FIG. 2, the communication device 2 includes a communication section 21, a storage section 22, and a control section .
 通信部21は、通信機器2がネットワーク1に接続するためのインタフェースである。通信部21は、通信システム100を構成する通信機器2以外の通信機器からの接続を制限するリバースプロキシ機能を有している。これにより、第三者からの不正アクセスを防止することができる。 The communication unit 21 is an interface for connecting the communication device 2 to the network 1. The communication unit 21 has a reverse proxy function that restricts connections from communication devices other than the communication device 2 that constitute the communication system 100 . This makes it possible to prevent unauthorized access from a third party.
 記憶部22は、ハードディスクドライブ、フラッシュメモリ等の不揮発性の記憶装置であり、種々の情報を記憶する。例えば、記憶部22は、システム構成データ221と、ユーザ登録情報222と、共有鍵223とを記憶する。 The storage unit 22 is a nonvolatile storage device such as a hard disk drive, flash memory, etc., and stores various information. For example, the storage unit 22 stores system configuration data 221 , user registration information 222 and shared key 223 .
 システム構成データ221は、自機も含めた通信システム100内の全ての通信機器2をネットワーク1上から特定するためのデータである。例えば、システム構成データ221は、各通信機器のIPアドレス、ドメイン名、ホスト名等を含むデータである。 The system configuration data 221 is data for identifying all communication devices 2 in the communication system 100, including the device itself, from the network 1. For example, the system configuration data 221 is data including the IP address, domain name, host name, etc. of each communication device.
 ユーザ登録情報222は、後述するユーザ認証を行う際に利用されるデータである。ユーザ登録情報222には、通信機器2に接続を許可するユーザのユーザIDとパスワードの組の一覧が含まれている。なお、ユーザ登録情報222は、ユーザID、パスワードに限定されるものではなく、指紋認証用のデータやデジタル証明書など、ユーザを一意に特定できる他の手段を用いるためのデータとしてもよい。 The user registration information 222 is data used when performing user authentication, which will be described later. The user registration information 222 includes a list of pairs of user IDs and passwords of users permitted to connect to the communication device 2 . Note that the user registration information 222 is not limited to the user ID and password, and may be data for using other means that can uniquely identify the user, such as data for fingerprint authentication or a digital certificate.
 共有鍵223は、後述するトークン生成処理で認証データにデジタル署名を付加したトークンを生成するために利用される。また、共有鍵223は、後述するトークン認証処理でユーザ端末3又は通信機器2から受信したトークンに付加されているデジタル署名を検証するために利用される。通信システム100に含まれる全ての通信機器2で同一の共有鍵223が保持されている。通信システム100を構成した際の初期設定処理で、全ての通信機器2の記憶部22に同一の共有鍵223が保持されるような設定が手動でなされる。なお、各通信機器2のファームウェアに予め同一の共有鍵223を保持させておけばこのような初期設定処理を省略することもできるが、この場合は共有鍵223が外部に漏洩してしまう虞がある。 The shared key 223 is used to generate a token with a digital signature added to the authentication data in the token generation process described later. Also, the shared key 223 is used to verify the digital signature added to the token received from the user terminal 3 or the communication device 2 in token authentication processing, which will be described later. All communication devices 2 included in the communication system 100 hold the same shared key 223 . In initial setting processing when the communication system 100 is configured, settings are manually made such that the same shared key 223 is held in the storage units 22 of all the communication devices 2 . Note that if the same shared key 223 is stored in advance in the firmware of each communication device 2, such an initial setting process can be omitted, but in this case, there is a risk that the shared key 223 will be leaked to the outside. be.
 また、通信機器2がユーザ端末3若しくは他の通信機器2から操作される場合、記憶部22には認証用のトークンが記憶される。トークンは、認証データに共有鍵223でデジタル署名を付加した情報であり、操作側の通信機器2を認証するために使用される。 Also, when the communication device 2 is operated from the user terminal 3 or another communication device 2, the storage unit 22 stores an authentication token. A token is information obtained by adding a digital signature to authentication data using the shared key 223, and is used to authenticate the communication device 2 on the operating side.
 制御部23は、CPU(Central Processing Unit)、RAM(Random Access Memory)、ROM(Read Only Memory)等を備え、CPUがRAMをワークスペースとしてROMに格納されたプログラムを実行することにより、通信機器2の全体を制御する。制御部23は、機能的な構成として、ユーザ認証部231と、トークン生成処理部232と、トークン認証処理部233と、ウェブサーバ部234と、トークン更新部235とを有する。 The control unit 23 includes a CPU (Central Processing Unit), RAM (Random Access Memory), ROM (Read Only Memory), etc., and the CPU uses the RAM as a workspace and executes a program stored in the ROM, so that the communication device 2 as a whole. The control unit 23 has a user authentication unit 231, a token generation processing unit 232, a token authentication processing unit 233, a web server unit 234, and a token update unit 235 as functional configurations.
 ユーザ認証部231は、ユーザ端末3からの操作要求を受信した場合にユーザ認証を行う。具体的には、ユーザ認証部231は、ユーザ端末3からのユーザ認証要求に含まれるユーザID、パスワード等と、ユーザ登録情報222とを照合することによりユーザ認証を行う。 The user authentication unit 231 performs user authentication when receiving an operation request from the user terminal 3 . Specifically, the user authentication unit 231 performs user authentication by comparing the user ID, password, etc. included in the user authentication request from the user terminal 3 with the user registration information 222 .
 トークン生成処理部232は、ユーザ認証部231がユーザ認証に成功した場合、若しくは、機器間通信によって自機から他の通信機器2を操作する場合に、認証データに共有鍵223でデジタル署名を付加したトークンを生成し、ユーザ端末3、若しくは操作対象となる通信機器2(操作対象機器)に生成したトークンを送信する。 The token generation processing unit 232 adds a digital signature to the authentication data with the shared key 223 when the user authentication unit 231 succeeds in user authentication, or when the other communication device 2 is operated from its own device through inter-device communication. Then, the generated token is transmitted to the user terminal 3 or the communication device 2 to be operated (operated device).
 トークン認証処理部233は、自機がユーザ端末3、若しく他の通信機器2(操作側機器)から操作される場合に、受信したトークンのデジタル署名を記憶部22に保持している共有鍵223を用いて検証することにより認証を行う。 When the token authentication processing unit 233 is operated by the user terminal 3 or another communication device 2 (operating device), the token authentication processing unit 233 uses the shared key stored in the storage unit 22 as the digital signature of the received token. Authentication is performed by verifying using H.223.
 ウェブサーバ部234は、通信機器2のウェブサーバとして機能する。ウェブサーバ部234は、トークン認証処理部233で認証に成功すると、ユーザ端末3又は通信機器2による自機に対する操作を可能とするための処理を行う。具体的にはウェブサーバ部234は、Web API、WebSocket等で操作側のユーザ端末3又は通信機器2と接続して操作コマンドを受信する。そして、ウェブサーバ部234は、受信した操作コマンドを実行して、実行結果を応答する。 The web server unit 234 functions as a web server for the communication device 2. When the token authentication processing unit 233 succeeds in authentication, the web server unit 234 performs processing for enabling the user terminal 3 or the communication device 2 to operate itself. Specifically, the web server unit 234 receives operation commands by connecting to the user terminal 3 or the communication device 2 on the operating side using Web API, WebSocket, or the like. The web server unit 234 then executes the received operation command and responds with the execution result.
 トークン更新部235は、記憶部22に記憶されているトークンの有効期限が短い場合に、有効期限を更新するための処理を行う。 The token update unit 235 performs processing for updating the expiration date of the token stored in the storage unit 22 when the expiration date is short.
 図1に戻り、ユーザ端末3は、ウェブブラウザから各通信機器2を操作するコンソール端末である。ユーザ端末3は、図3に示すように、通信部31と、記憶部32と、制御部33と、表示部34と、入力部35とを備える。 Returning to FIG. 1, the user terminal 3 is a console terminal that operates each communication device 2 from a web browser. The user terminal 3 includes a communication unit 31, a storage unit 32, a control unit 33, a display unit 34, and an input unit 35, as shown in FIG.
 通信部31は、ユーザ端末3がネットワーク1に接続するためのインタフェースである。 The communication unit 31 is an interface for connecting the user terminal 3 to the network 1.
 記憶部32は、ハードディスクドライブ、フラッシュメモリ等の不揮発性の記憶装置であり、種々の情報を記憶する。例えば、記憶部32には、通信機器から取得した認証用のトークンが記憶される。 The storage unit 32 is a non-volatile storage device such as a hard disk drive, flash memory, etc., and stores various information. For example, the storage unit 32 stores an authentication token acquired from the communication device.
 制御部33は、CPU、RAM、ROM等を備え、CPUがRAMをワークスペースとしてROMに格納されたプログラムを実行することにより、ユーザ端末3の全体を制御する。 The control unit 33 includes a CPU, RAM, ROM, etc., and the CPU controls the entire user terminal 3 by executing a program stored in the ROM using the RAM as a work space.
 表示部34は、例えば、LCD(Liquid Crystal Display)であり、制御部33の制御に基づいて各種の画面を表示する。例えば、表示部34には、ユーザ認証を行うためのログイン画面が表示される。 The display unit 34 is, for example, an LCD (Liquid Crystal Display), and displays various screens under the control of the control unit 33. For example, the display unit 34 displays a login screen for user authentication.
 入力部35は、例えば、キーボード、マウス等であり、ユーザからの入力を受け付け、当該入力に対応した信号を制御部33に出力する。例えば、入力部35は、ログイン画面からユーザのIDとパスワードの入力を受け付ける。 The input unit 35 is, for example, a keyboard, a mouse, etc., receives input from the user, and outputs a signal corresponding to the input to the control unit 33 . For example, the input unit 35 receives input of a user ID and password from a login screen.
 続いて、通信システム100の動作について説明する。始めに、ユーザ端末3から通信機器2を操作するときの処理について、図4のフローチャートを用いて説明する。 Next, the operation of the communication system 100 will be explained. First, processing when operating the communication device 2 from the user terminal 3 will be described using the flowchart of FIG.
 まず、ユーザは、ユーザ端末3の入力部35を操作して操作対象とする通信機器2に接続するためのURLをブラウザに入力する。これにより、制御部33は、通信機器2からログイン画面表示用のWebコンテンツを取得し、ログイン画面を表示部34に表示させる(ステップS101)。 First, the user operates the input unit 35 of the user terminal 3 to enter the URL for connecting to the communication device 2 to be operated into the browser. As a result, the control unit 33 acquires the web content for displaying the login screen from the communication device 2, and causes the display unit 34 to display the login screen (step S101).
 続いてユーザは、ユーザ端末3の入力部35を操作して、ログイン画面に自分のIDとパスワードを入力し、当該入力を確定する操作をする。これにより制御部33は、入力されたID、パスワードを含んだユーザ認証要求を通信機器に送信する(ステップS102)。 Subsequently, the user operates the input unit 35 of the user terminal 3 to enter his/her own ID and password on the login screen, and confirms the input. Accordingly, the control unit 33 transmits a user authentication request including the input ID and password to the communication device (step S102).
 ユーザ認証要求を受信すると通信機器2のユーザ認証部231は、ユーザ認証を行う(ステップS103)。具体的には、ユーザ認証部231は、受信したユーザ認証要求に含まれるID、パスワードの組がユーザ登録情報222に登録されていることを確認する。図4のフローチャートには示していないが、ユーザ認証に失敗すると、エラーとして処理は終了する。 Upon receiving the user authentication request, the user authentication unit 231 of the communication device 2 performs user authentication (step S103). Specifically, the user authentication unit 231 confirms that the set of ID and password included in the received user authentication request is registered in the user registration information 222 . Although not shown in the flowchart of FIG. 4, if the user authentication fails, the process ends as an error.
 ユーザ認証に成功した後、トークン生成処理部232は、認証用のトークンを生成する処理を行う。即ち、まず、トークン生成処理部232は、ユーザ認証に成功したことを示す認証データを取得する(ステップS104)。認証データは、任意のデータであり、意味を有さない情報である乱数でもよいが、本実施形態では少なくとも現在の日時情報と操作元であるユーザ端末3のIPアドレスとを認証データに含める。ユーザ端末3のIPアドレスは、受信したユーザ認証要求の送信元のIPアドレスから取得すればよい。また、ユーザ端末3のIPアドレスに代えて、ユーザ端末3を特定できる他のアドレス情報を認証データに含めてもよい。 After successful user authentication, the token generation processing unit 232 performs processing to generate a token for authentication. That is, first, the token generation processing unit 232 acquires authentication data indicating that user authentication has succeeded (step S104). The authentication data is arbitrary data, and may be a random number that is meaningless information, but in this embodiment, at least the current date and time information and the IP address of the user terminal 3 that is the source of the operation are included in the authentication data. The IP address of the user terminal 3 may be obtained from the IP address of the source of the received user authentication request. Further, instead of the IP address of the user terminal 3, other address information that can identify the user terminal 3 may be included in the authentication data.
 そして、トークン生成処理部232は、取得した認証データに共有鍵223でデジタル署名を付加したトークンを生成する(ステップS105)。具体的には、トークン生成処理部232は、ハッシュベースメッセージ認証符合(HMAC)のアルゴリズムによって、共有鍵223と認証データとを元に算出したMAC値をデジタル署名として付加する。これにより、図5に示す構造のトークンが生成される。なお、MAC値を算出するために利用するハッシュ関数は、SHA-2、SHA-3等であるが、通信システム100に含まれる全ての通信機器2で同一のハッシュ関数を使用する必要がある。 Then, the token generation processing unit 232 generates a token by adding a digital signature to the acquired authentication data using the shared key 223 (step S105). Specifically, the token generation processing unit 232 adds, as a digital signature, a MAC value calculated based on the shared key 223 and the authentication data using a hash-based message authentication code (HMAC) algorithm. As a result, a token having the structure shown in FIG. 5 is generated. The hash function used for calculating the MAC value is SHA-2, SHA-3, etc., but all the communication devices 2 included in the communication system 100 must use the same hash function.
 図4に戻り、トークン生成処理部232は、生成したトークンをユーザ端末3に送信する(ステップS106)。 Returning to FIG. 4, the token generation processing unit 232 transmits the generated token to the user terminal 3 (step S106).
 続いて、ユーザ端末3の制御部33は、受信したトークンを付加してWebSocket方式で操作する通信機器2に接続を試みる(ステップS107)。ここで、WebSocket方式とは、ウェブサーバとWebクライアントとの双方向通信用の技術規格である。WebSocket方式で接続すれば、HTTPプロトコルとは異なり、常時接続しておくことが可能となる。 Subsequently, the control unit 33 of the user terminal 3 adds the received token and tries to connect to the communication device 2 operated by the WebSocket method (step S107). Here, the WebSocket method is a technical standard for two-way communication between a web server and a web client. If the connection is made using the WebSocket method, unlike the HTTP protocol, it is possible to maintain a constant connection.
 具体的には、ユーザ端末3の制御部33は、操作する通信機器2にWebSocket方式で接続するためのURLにパラメータとしてトークンを付加し、当該URLによって通信機器2に接続を試みる。従って、トークンはURLとして使用可能な形式のデータである必要がある。トークンがバイナリ形式のデータである場合には、Base64等の方式を用いてURLで使用可能な形式に変換する必要がある。なお、WebSocket方式で接続する際に、ユーザ端末3から通信機器2に最初に送信する電文にトークンを含ませることも考えられるが、通信システム100のベンダが独自に定めた通信仕様を修正することとなり、通信システム100全体に与える影響が大きいことから、URLのパラメータにトークンを含ませる方式の方が望ましい。 Specifically, the control unit 33 of the user terminal 3 adds a token as a parameter to the URL for connecting to the communication device 2 to be operated using the WebSocket method, and attempts to connect to the communication device 2 using the URL. Therefore, the token must be data in a format that can be used as a URL. If the token is data in binary format, it must be converted into a format that can be used in a URL using a method such as Base64. It is conceivable that the token is included in the message first transmitted from the user terminal 3 to the communication device 2 when connecting using the WebSocket method. Therefore, it is preferable to include the token in the URL parameter since it greatly affects the communication system 100 as a whole.
 通信機器2のトークン認証処理部233は、ユーザ端末3からWebSocket方式での接続があると、保持している共有鍵223を用いて、当該接続のURLにパラメータとして含まれているトークンのデジタル署名を検証する(ステップS108)。具体的には、トークン認証処理部233は、HMACのアルゴリズムによって、トークンに含まれる認証データと記憶部22に保持されている共有鍵223とを元にMAC値を算出する。そして、トークン認証処理部233は、算出したMAC値とトークンに含まれるMAC値とが一致することを検証すればよい。 When there is a WebSocket connection from the user terminal 3, the token authentication processing unit 233 of the communication device 2 uses the held shared key 223 to authenticate the digital signature of the token included as a parameter in the URL of the connection. is verified (step S108). Specifically, the token authentication processing unit 233 calculates the MAC value based on the authentication data included in the token and the shared key 223 held in the storage unit 22 using the HMAC algorithm. The token authentication processing unit 233 then verifies that the calculated MAC value and the MAC value included in the token match.
 ステップS108の検証の結果、MAC値が一致せずにデジタル署名が正常でないと判断された場合(ステップS109;No)、トークン認証処理部233は、認証エラーをユーザ端末3に返信するとともに、接続を切断する(ステップS111)。認証エラーを通知されたユーザ端末3はエラー終了する。 As a result of the verification in step S108, if it is determined that the MAC values do not match and the digital signature is not normal (step S109; No), the token authentication processing unit 233 returns an authentication error to the user terminal 3, and is disconnected (step S111). The user terminal 3 notified of the authentication error ends with an error.
 一方、ステップS108の検証の結果、デジタル署名が正常であると判断された場合(ステップS109;Yes)、トークン認証処理部233は、トークン内の認証データに含まれる日時情報、及び接続元のIPアドレスが正常であるか否かを判定する(ステップS110)。具体的には、トークン認証処理部233は、日時情報が示す日時から現在までの期間が予め定めたトークンの有効期間内であるか否かを判定する。この判定により、過去に利用した古い認証データを不正に再利用できないようにすることができ、リプレイ攻撃を防ぐことが可能となる。また、トークン認証処理部233は、現在接続されているユーザ端末3のIPアドレスが、認証データに含まれる接続元のIPアドレスと同一であるか否かを判定する。この判定により、盗聴した認証データを他端末で不正に利用されないようにすることができ、なりすまし攻撃を防ぐことができる。 On the other hand, if it is determined that the digital signature is normal as a result of the verification in step S108 (step S109; Yes), the token authentication processing unit 233 checks the date and time information contained in the authentication data in the token and the IP address of the connection source. It is determined whether or not the address is normal (step S110). Specifically, the token authentication processing unit 233 determines whether or not the period from the date and time indicated by the date and time information to the present is within the predetermined validity period of the token. By this determination, old authentication data that has been used in the past can be prevented from being illegally reused, and replay attacks can be prevented. The token authentication processing unit 233 also determines whether or not the IP address of the currently connected user terminal 3 is the same as the IP address of the connection source included in the authentication data. By this determination, the intercepted authentication data can be prevented from being illegally used by other terminals, and spoofing attacks can be prevented.
 日時情報、又は接続元のIPアドレスが正常でないと判断された場合(ステップS110;No)、トークン認証処理部233は、認証エラーをユーザ端末3に返信するとともに、接続を切断する(ステップS111)。認証エラーを通知されたユーザ端末3はエラー終了する。 If it is determined that the date and time information or the IP address of the connection source is not normal (step S110; No), the token authentication processing unit 233 returns an authentication error to the user terminal 3 and disconnects the connection (step S111). . The user terminal 3 notified of the authentication error ends with an error.
 一方、日時情報、および接続元のIPアドレスが正常であると判断された場合(ステップS110;Yes)、トークン認証処理部233は、トークンが正しいものとしてユーザ端末3に正常応答を返信する(ステップS112)。ユーザ端末3が正常応答を受信すると、ユーザ端末3と通信機器2のウェブサーバ部234との間でWebSocket方式による常時接続が確立し(ステップS113)、以下は、認証を必要せずに、ユーザ端末3から通信機器2を操作することが可能となる。その後、WebSocket方式による接続が終了した場合は、認証に利用したトークンはユーザ端末3から削除される。 On the other hand, if it is determined that the date and time information and the IP address of the connection source are normal (step S110; Yes), the token authentication processing unit 233 returns a normal response to the user terminal 3 assuming that the token is correct (step S112). When the user terminal 3 receives the normal response, a permanent connection is established between the user terminal 3 and the web server unit 234 of the communication device 2 by the WebSocket method (step S113). It becomes possible to operate the communication device 2 from the terminal 3 . After that, when the connection by the WebSocket method is terminated, the token used for authentication is deleted from the user terminal 3 .
 続いて、機器間通信により、通信機器2Aから通信機器2Bを操作するときの処理について、図6のフローチャートを用いて説明する。例えば、予めスケジューリングされている日時となったときこの処理は開始される。 Next, the processing when the communication device 2A operates the communication device 2B through inter-device communication will be described using the flowchart of FIG. For example, this process is started when the pre-scheduled date and time comes.
 まず、操作側である通信機器2Aのトークン生成処理部232は、自機のIPアドレス取得要求を被操作側である通信機器2Bに送信する(ステップS201)。後述するステップで生成するトークンの認証データには接続元である通信機器2AのIPアドレスを含ませる必要があるが、このIPアドレスは接続先である通信機器2Bから見た通信機器2AのIPアドレスでなければならない。例えば、通信機器2Aと通信機器2Bとの間にNATルータが設置されている場合、通信機器2Aから通信機器2Bに接続すると、NATルータによって接続元の通信機器2AのIPアドレスが書き換えられて通信機器2Bに到達する。通信機器2Aが単独でこの書き換えられたIPアドレスを取得することはできないため、IPアドレス取得要求を通信機器2Bに送信している。 First, the token generation processing unit 232 of the communication device 2A on the operating side transmits an IP address acquisition request of its own device to the communication device 2B on the operated side (step S201). It is necessary to include the IP address of the communication device 2A, which is the connection source, in the authentication data of the token generated in the steps described later. Must. For example, when a NAT router is installed between the communication device 2A and the communication device 2B, when the communication device 2A connects to the communication device 2B, the IP address of the communication device 2A as the connection source is rewritten by the NAT router. It reaches the device 2B. Since the communication device 2A cannot obtain this rewritten IP address by itself, it transmits an IP address acquisition request to the communication device 2B.
 被操作側である通信機器2Bの制御部23は、IPアドレス取得要求を受信すると、当該要求の送信元のIPアドレス、即ち、通信機器2Bから見た通信機器2AのIPアドレスを通信機器2Aに返信する(ステップS202)。 When receiving the IP address acquisition request, the control unit 23 of the communication device 2B, which is the operated side, sends the IP address of the transmission source of the request, that is, the IP address of the communication device 2A as seen from the communication device 2B to the communication device 2A. A reply is sent (step S202).
 通信機器2Aのトークン生成処理部232は、通信機器2BからIPアドレスを受信すると、認証用のトークンを生成する処理を行う。即ち、まずトークン生成処理部232は、認証データを取得する(ステップS203)。認証データは、任意のデータであり、意味を有さない情報である乱数でもよいが、本実施形態では少なくとも現在の日時情報と操作元である通信機器2AのIPアドレスとを認証データに含める。このIPアドレスは、ステップ202で通信機器2Bから返信されたIPアドレス、即ち通信機器2Bから見た通信機器2AのIPアドレスである。なお、通信機器2AのIPアドレスに代えて、通信機器2Aを特定できる他のアドレス情報を認証データに含めてもよい。 Upon receiving the IP address from the communication device 2B, the token generation processing unit 232 of the communication device 2A performs processing for generating a token for authentication. That is, first, the token generation processing unit 232 acquires authentication data (step S203). The authentication data is arbitrary data, and may be a random number that is meaningless information, but in this embodiment, at least the current date and time information and the IP address of the communication device 2A that is the operation source are included in the authentication data. This IP address is the IP address returned from the communication device 2B in step 202, that is, the IP address of the communication device 2A viewed from the communication device 2B. Note that the authentication data may include other address information that can identify the communication device 2A instead of the IP address of the communication device 2A.
 そして、通信機器2Aのトークン生成処理部232は、取得した認証データに共有鍵223でデジタル署名を付加したトークンを生成する(ステップS204)。このトークンは、ユーザ端末3から通信機器2を操作する際に生成したトークンと同様のトークンであり、HMACによるデジタル署名が付されている。 Then, the token generation processing unit 232 of the communication device 2A generates a token by adding a digital signature to the acquired authentication data using the shared key 223 (step S204). This token is a token similar to the token generated when operating the communication device 2 from the user terminal 3, and has a digital signature by HMAC.
 続いて、通信機器2Aのウェブサーバ部234は、生成したトークンを付加してWebSocket方式で操作される通信機器2Bに接続を試みる(ステップS205)。ここでは、ユーザ端末3から通信機器2を操作する場合と同様に、パラメータにトークンを含めたURLによって通信機器2Bに接続を試みればよい。 Subsequently, the web server unit 234 of the communication device 2A adds the generated token and attempts to connect to the communication device 2B operated by the WebSocket method (step S205). Here, as in the case of operating the communication device 2 from the user terminal 3, it is sufficient to try to connect to the communication device 2B using the URL including the token in the parameter.
 通信機器2Bのトークン認証処理部233は、通信機器2AからWebSocket方式での接続があると、保持している共有鍵223を用いて、当該接続のURLに含まれるトークンのデジタル署名を検証する(ステップS206)。 When the communication device 2A connects with the WebSocket method, the token authentication processing unit 233 of the communication device 2B uses the held shared key 223 to verify the digital signature of the token included in the URL of the connection ( step S206).
 ステップS206の検証の結果、デジタル署名が正常でないと判断された場合(ステップS207;No)、通信機器2Bのトークン認証処理部233は、認証エラーを通信機器2Aに返信するとともに、接続を切断する(ステップS209)。認証エラーを通知された通信機器2Aはエラー終了する。 When it is determined that the digital signature is not normal as a result of the verification in step S206 (step S207; No), the token authentication processing unit 233 of the communication device 2B returns an authentication error to the communication device 2A and disconnects the connection. (Step S209). The communication device 2A notified of the authentication error terminates due to an error.
 一方、ステップS206の検証の結果、デジタル署名が正常であると判断された場合(ステップS207;Yes)、通信機器2Bのトークン認証処理部233は、トークン内の認証データに含まれる日時情報、及び接続元のIPアドレスが正常であるか否かを判定する(ステップS208)。具体的には、トークン認証処理部233は、日時情報が示す日時から現在までの期間が予め定めたトークンの有効期間内であるか否かを判定する。この判定により、過去に利用した古い認証データを不正に再利用できないようにすることができ、リプレイ攻撃を防ぐことが可能となる。また、トークン認証処理部233は、現在接続されている設備機器2AのIPアドレスが、認証データに含まれる接続元のIPアドレスと同一であるか否かを判定する。この判定により、盗聴した認証データを他端末で不正に利用されないようにすることができ、なりすまし攻撃を防ぐことができる。 On the other hand, if it is determined that the digital signature is normal as a result of the verification in step S206 (step S207; Yes), the token authentication processing unit 233 of the communication device 2B obtains the date and time information included in the authentication data in the token, and It is determined whether or not the IP address of the connection source is normal (step S208). Specifically, the token authentication processing unit 233 determines whether or not the period from the date and time indicated by the date and time information to the present is within the predetermined validity period of the token. By this determination, old authentication data that has been used in the past can be prevented from being illegally reused, and replay attacks can be prevented. Also, the token authentication processing unit 233 determines whether or not the IP address of the currently connected equipment 2A is the same as the IP address of the connection source included in the authentication data. By this determination, the intercepted authentication data can be prevented from being illegally used by other terminals, and spoofing attacks can be prevented.
 日時情報、又は接続元のIPアドレスが正常でないと判断された場合(ステップS208;No)、トークン認証処理部233は、認証エラーを通信機器2Aに返信するとともに、接続を切断する(ステップS209)。認証エラーを通知されたユーザ端末はエラー終了する。 If it is determined that the date and time information or the IP address of the connection source is not normal (step S208; No), the token authentication processing unit 233 returns an authentication error to the communication device 2A and disconnects the connection (step S209). . The user terminal notified of the authentication error terminates with an error.
 一方、日時情報、および接続元のIPアドレスが正常であると判断された場合(ステップS208;Yes)、トークン認証処理部233は、トークンが正しいものとして通信機器2Aに正常応答を返信する(ステップS210)。通信機器2Aが正常応答を受信すると、通信機器2Aと通信機器2Bとの間でWebSocket方式による常時接続が確立する(ステップS211)。以下は、認証を必要せずに、通信機器2Aから通信機器2Bを操作することが可能となる。その後、WebSocket方式による接続が終了した場合は、認証に利用したトークンは通信機器2Bから削除される。 On the other hand, if it is determined that the date and time information and the IP address of the connection source are normal (step S208; Yes), the token authentication processing unit 233 determines that the token is correct and returns a normal response to the communication device 2A (step S210). When the communication device 2A receives the normal response, a constant connection is established between the communication device 2A and the communication device 2B using the WebSocket method (step S211). In the following, it becomes possible to operate the communication device 2B from the communication device 2A without requiring authentication. After that, when the connection by the WebSocket method is terminated, the token used for authentication is deleted from the communication device 2B.
 続いて、トークン更新処理について説明する。上述した処理によって、被操作側である通信機器2Bの記憶部22には、操作側の通信機器2Aから受信したトークンが記憶される。ここで、通信機器2Aと通信機器2Bとの間には、WebSocketによる常時接続が確立しているので、接続時は有効期限内であっても、このまま常時接続が維持されたまま長時間が経過すると通信機器2Bに記憶されているトークンの有効期限を過ぎ、常時接続が切断されてしまう事態も考えられる。そこで、このような事態を防ぐため被操作側の通信機器2Bでは、トークンを自力で更新するトークン更新処理が実行される。トークン更新処理は、WebSocketによる常時接続が維持されている間、予め定めた時間間隔で実行される。トークン更新処理について、図7のフローチャートを用いて説明する。 Next, we will explain the token update process. Through the above-described processing, the token received from the operating-side communication device 2A is stored in the storage unit 22 of the operated-side communication device 2B. Here, since a constant connection by WebSocket is established between the communication devices 2A and 2B, even if the connection is within the validity period, the constant connection is maintained for a long time. Then, the expiration date of the token stored in the communication device 2B may expire, and the constant connection may be disconnected. Therefore, in order to prevent such a situation, the operated-side communication device 2B executes a token update process for updating the token by itself. The token update process is executed at predetermined time intervals while the constant connection by WebSocket is maintained. Token update processing will be described with reference to the flowchart of FIG.
 まず、通信機器2Bのトークン更新部235は、記憶部22に記憶されているトークンの認証データに含まれている日時情報が示す日時から現在までの期間が、トークンの有効期間を過ぎているか否かを判別する(ステップS301)。有効期間をすぎていない場合(ステップS301;No)、トークンを更新する必要はないため、トークン更新処理は終了する。 First, the token update unit 235 of the communication device 2B determines whether the period from the date and time indicated by the date and time information included in the authentication data of the token stored in the storage unit 22 to the present has passed the valid period of the token. (step S301). If the validity period has not expired (step S301; No), the token update process ends because there is no need to update the token.
 一方、有効期間をすぎている場合(ステップS301;Yes)、通信機器2Bのトークン更新部235は、保持しているトークンの認証データに含まれている日時情報を現在の日時情報に修正する(ステップS302)。そして、トークン更新部235は、日時情報を修正した認証データと共有鍵とを元にHMACでMAC値を算出して、算出したMAC値でトークンのデジタル署名を更新する(ステップS303)。以上でトークン更新処理は終了する。その後、トークン更新処理で更新されたトークンは、WebSocketによる常時接続が切断されたときに、通信機器2Bの記憶部22から削除される。 On the other hand, if the validity period has passed (step S301; Yes), the token updating unit 235 of the communication device 2B corrects the date and time information contained in the authentication data of the held token to the current date and time information ( step S302). Then, the token update unit 235 calculates the MAC value by HMAC based on the authentication data with corrected date information and the shared key, and updates the digital signature of the token with the calculated MAC value (step S303). With this, the token update process ends. After that, the token updated by the token update process is deleted from the storage unit 22 of the communication device 2B when the constant connection by WebSocket is disconnected.
 このように、本実施形態では、常時接続中にトークン更新処理を定期的に実行して有効期限の切れたトークンのデジタル署名を更新して、有効なトークンとして再利用する。これにより、常時接続を維持することができる。なお、上述したトークン更新処理では、有効期限が切れた場合に(ステップS301;Yes)、トークンを更新する処理(ステップS302、S303)がなされたが、有効期限までの期間が予め定めた期間よりも短くなった場合に、ステップS302、S303を実行してもよい。若しくは、有効期限の確認をせずに、一律にステップS302、S303を実行してトークンを更新してもよい。このようにすることで、トークン更新処理が実行される度に、トークンは最新の日時に更新されるが、毎回トークンの更新がなされるため、通信機器2Bにかかる負荷は大きくなる。 Thus, in this embodiment, token update processing is periodically executed during constant connection to update the digital signature of expired tokens and reuse them as valid tokens. This allows the constant connection to be maintained. In the token update process described above, when the expiration date has expired (step S301; Yes), the token is updated (steps S302 and S303). becomes shorter, steps S302 and S303 may be executed. Alternatively, steps S302 and S303 may be uniformly executed to update the token without checking the expiration date. By doing so, the token is updated to the latest date and time each time the token update process is executed, but the token is updated each time, which increases the load on the communication device 2B.
 このように、本実施形態に係る通信システム100によれば、通信システム100を構成する全ての通信機器2で同一の共有鍵223が保持されている。そして、各通信機器2は、他の通信機器2を操作する場合に、共有鍵223を用いて自力で認証用のトークンを生成する機能を有する。また、各通信機器2は、他の通信機器2から操作される場合に、受信したトークンのデジタル署名を共有鍵223を用いて検証することにより認証を行う機能を有する。即ち、全ての通信機器2がトークンの発行機能と認証機能とを有している。そのため、機器間認証で通信機器2が他の通信機器2を操作するときの認証にトークンを利用する場合に、トークンを発行可能な通信機器2を特定することが困難であるという従来の課題を解決することができる。よって、ユーザ端末3が介在せずに一方の通信機器2から他方の通信機器2を操作する際の認証にもトークンを利用することが容易になり、当該認証を容易に行うことが可能となる。 As described above, according to the communication system 100 according to the present embodiment, all the communication devices 2 forming the communication system 100 hold the same shared key 223 . Each communication device 2 has a function of generating an authentication token by itself using the shared key 223 when operating another communication device 2 . Each communication device 2 also has a function of performing authentication by verifying the digital signature of the received token using the shared key 223 when operated by another communication device 2 . That is, all the communication devices 2 have a token issuing function and an authentication function. Therefore, when a token is used for authentication when a communication device 2 operates another communication device 2 in device-to-device authentication, the conventional problem that it is difficult to specify the communication device 2 to which the token can be issued is solved. can be resolved. Therefore, it becomes easy to use the token for authentication when one communication device 2 operates the other communication device 2 without the intervention of the user terminal 3, and the authentication can be easily performed. .
(変形例)
 なお、本開示は、上記実施形態に限定されず、本開示の要旨を逸脱しない範囲での種々の変更は勿論可能である。 (Modification)
It should be noted that the present disclosure is not limited to the above embodiments, and various modifications are of course possible without departing from the gist of the present disclosure.
 上記実施形態では、操作側のユーザ端末3又は通信機器2が、WebSocketで被操作側の通信機器2に常時接続して操作を行う処理について説明したが、接続方式はWebSocketに限定されるものではない。例えば、操作側のユーザ端末3又は通信機器2が、Web APIで被操作側の通信機器2に接続して操作を行ってもよい。なお、Web APIの場合は、WebSocketとは異なり、常時接続とはならないため、Web APIで接続してコマンドを送受信する毎にトークンを用いた認証が必要となる。 In the above-described embodiment, the operation-side user terminal 3 or communication device 2 is connected to the operated-side communication device 2 by WebSocket at all times to perform operations. However, the connection method is not limited to WebSocket. do not have. For example, the user terminal 3 or the communication device 2 on the operating side may connect to the communication device 2 on the operated side via the Web API to perform the operation. In the case of the Web API, unlike WebSockets, there is no constant connection, so authentication using a token is required each time a command is sent or received after connecting via the Web API.
 上記実施形態では、共有鍵223を用いたデジタル署名として、HMACのアルゴリズムを採用したが、デジタル署名の手法はこれに限定されるものではない。例えば、HMAC以外のメッセージ符号認証のアルゴリズムによって、共有鍵223を用いて認証データにデジタル署名を付加してもよい。 In the above embodiment, the HMAC algorithm is used as the digital signature using the shared key 223, but the digital signature method is not limited to this. For example, a message code authentication algorithm other than HMAC may be used to add a digital signature to the authentication data using the shared key 223 .
 上記実施形態では、トークンの認証データに日時情報と接続元のIPアドレスとを含めたが、必ずしもこれらを含める必要はない。例えば、認証データを乱数としてもよい。 In the above embodiment, the authentication data of the token includes the date and time information and the IP address of the connection source, but it is not necessary to include them. For example, the authentication data may be random numbers.
 本実施形態に記載の「トークン」は、他の文献では「チケット」、「認証コード」等と記載されている場合もありうるが、これらは実質的に同一の情報である。本開示は「トークン」を狭く解釈するものではない。 The "token" described in this embodiment may be described as "ticket", "authentication code", etc. in other documents, but these are substantially the same information. This disclosure does not interpret "tokens" narrowly.
 また、上記実施形態において、通信機器2の制御部23が実行するプログラムを、既存のコンピュータに適用することで、当該コンピュータを本開示に係る制御部23として機能させることも可能である。 Further, in the above embodiment, by applying the program executed by the control unit 23 of the communication device 2 to an existing computer, it is possible to cause the computer to function as the control unit 23 according to the present disclosure.
 このようなプログラムの配布方法は任意であり、例えば、CD-ROM(Compact Disk Read-Only Memory)、DVD(Digital Versatile Disk)、MO(Magneto Optical Disk)、メモリカード等のコンピュータ読み取り可能な記録媒体に格納して配布してもよいし、インターネット等の通信ネットワークを介して配布してもよい。 Any method of distributing such a program can be used. For example, computer-readable recording media such as CD-ROM (Compact Disk Read-Only Memory), DVD (Digital Versatile Disk), MO (Magneto Optical Disk), memory card, etc. may be stored and distributed in , or may be distributed via a communication network such as the Internet.
 本開示は、本開示の広義の精神と範囲を逸脱することなく、様々な実施形態及び変形が可能とされるものである。また、上述した実施形態は、本開示を説明するためのものであり、本開示の範囲を限定するものではない。つまり、本開示の範囲は、実施形態ではなく、請求の範囲によって示される。そして、請求の範囲内及びそれと同等の開示の意義の範囲内で施される様々な変形が、本開示の範囲内とみなされる。 Various embodiments and modifications of the present disclosure are possible without departing from the broad spirit and scope of the present disclosure. Moreover, the embodiments described above are for explaining the present disclosure, and do not limit the scope of the present disclosure. In other words, the scope of the present disclosure is indicated by the claims rather than the embodiments. Various modifications made within the scope of the claims and within the scope of equivalent disclosure are considered to be within the scope of the present disclosure.
 100 通信システム、1 ネットワーク、2(2A,2B,2C) 通信機器、21 通信部、22 記憶部、221 システム構成データ、222 ユーザ登録情報、223 共有鍵、23 制御部、231 ユーザ認証部、232 トークン生成処理部、233 トークン認証処理部、234 ウェブサーバ部、235 トークン更新部、3 ユーザ端末、31 通信部、32 記憶部、33 制御部、34 表示部、35 入力部 100 communication system 1 network 2 (2A, 2B, 2C) communication device 21 communication unit 22 storage unit 221 system configuration data 222 user registration information 223 shared key 23 control unit 231 user authentication unit 232 Token generation processing unit, 233 token authentication processing unit, 234 web server unit, 235 token update unit, 3 user terminal, 31 communication unit, 32 storage unit, 33 control unit, 34 display unit, 35 input unit

Claims (11)

  1.  ネットワークを介して相互に通信可能な、同一の共有鍵をそれぞれ保持する複数の通信機器のうちの一の通信機器であって、
     自機が、前記複数の通信機器のうちの何れかの通信機器である操作対象機器を操作する場合に、認証データに前記共有鍵でデジタル署名を付加したトークンを生成し、当該トークンを前記操作対象機器に送信するトークン生成処理部と、
     自機が、前記複数の通信機器のうちの何れかの通信機器である操作側機器から操作される場合に、前記操作側機器から受信したトークンのデジタル署名を前記共有鍵を用いて検証することにより認証を行うトークン認証処理部と、
     前記トークン認証処理部による認証に成功した場合に、前記操作側機器による自機に対する操作を可能とするウェブサーバ部と、
     を備える通信機器。     One communication device among a plurality of communication devices each holding the same shared key and capable of communicating with each other via a network,
    When the own device operates an operation target device that is one of the plurality of communication devices, it generates a token obtained by adding a digital signature to the authentication data with the shared key, and uses the token to perform the operation. a token generation processing unit that transmits to the target device;
    verifying, using the shared key, the digital signature of the token received from the operating device when the device itself is operated by an operating device that is one of the plurality of communication devices; a token authentication processing unit that performs authentication by
    a web server unit that enables the operation-side device to operate its own device when authentication by the token authentication processing unit is successful;
    communication equipment.
  2.  前記トークン生成処理部は、ハッシュベースメッセージ認証符合のアルゴリズムによって、前記認証データと前記共有鍵とを元に算出したMAC値をデジタル署名として付加した前記トークンを生成する、
     請求項1に記載の通信機器。     The token generation processing unit uses a hash-based message authentication code algorithm to generate the token to which a MAC value calculated based on the authentication data and the shared key is added as a digital signature.
    A communication device according to claim 1.
  3.  前記トークン生成処理部は、前記操作対象機器に接続するためのURLのパラメータに前記トークンを付加することにより、前記トークンを前記操作対象機器に送信する、
     請求項1又は2に記載の通信機器。     The token generation processing unit transmits the token to the operation target device by adding the token to a parameter of a URL for connecting to the operation target device.
    A communication device according to claim 1 or 2.
  4.  前記トークン生成処理部は、前記トークンを前記URLのパラメータとして付加可能な形式のデータに変換する、
     請求項3に記載の通信機器。     The token generation processing unit converts the token into data in a format that can be added as a parameter of the URL.
    A communication device according to claim 3.
  5.  前記トークン生成処理部は、前記認証データに日時情報を含ませ、
     前記トークン認証処理部は、前記日時情報に基づいて認証を行う、
     請求項1から4の何れか1項に記載の通信機器。     The token generation processing unit includes date and time information in the authentication data,
    The token authentication processing unit performs authentication based on the date and time information,
    A communication device according to any one of claims 1 to 4.
  6.  前記トークン生成処理部は、前記認証データに自機のアドレス情報を含ませ、
     前記トークン認証処理部は、前記アドレス情報に基づいて認証を行う、
     請求項1から5の何れか1項に記載の通信機器。     The token generation processing unit includes address information of the device itself in the authentication data,
    The token authentication processing unit performs authentication based on the address information,
    A communication device according to any one of claims 1 to 5.
  7.  前記トークン生成処理部は、自機のアドレス取得要求を前記操作対象機器に送信することによって前記操作対象機器から見た自機のアドレス情報を取得し、取得した自機のアドレス情報を前記認証データに含ませる、
     請求項1から6の何れか1項に記載の通信機器。     The token generation processing unit acquires the address information of the device as seen from the operation target device by transmitting a request to acquire the address of the device itself to the operation target device, and converts the acquired address information of the device into the authentication data. include in
    A communication device according to any one of claims 1 to 6.
  8.  前記トークンの認証データに含まれる日時情報を修正し、修正後の認証データに付されているデジタル署名を前記共有鍵に基づいて更新するトークン更新部を備える、
     請求項1から7の何れか1項に記載の通信機器。     a token updating unit that modifies date and time information included in the authentication data of the token and updates a digital signature attached to the corrected authentication data based on the shared key;
    A communication device according to any one of claims 1 to 7.
  9.  請求項1から8の何れか1項に記載の通信機器を複数有する通信システム。 A communication system having a plurality of communication devices according to any one of claims 1 to 8.
  10.  ネットワークを介して相互に通信可能な、同一の共有鍵をそれぞれ保持する複数の通信機器のうちの一の通信機器が行う通信方法であって、
     前記一の通信機器が前記複数の通信機器のうちの何れかの通信機器である操作対象機器を操作する場合に、認証データに前記共有鍵でデジタル署名を付加したトークンを生成し、当該トークンを前記操作対象機器に送信し、
     前記一の通信機器が前記複数の通信機器のうちの何れかの通信機器である操作側機器から操作される場合に、前記操作側機器から受信したトークンのデジタル署名を前記共有鍵を用いて検証することにより認証を行い、
     前記認証に成功した場合に、前記操作側機器による自機に対する操作を可能とする、
     通信方法。     A communication method performed by one communication device among a plurality of communication devices each holding the same shared key and capable of communicating with each other via a network,
    When the one communication device operates an operation target device that is one of the plurality of communication devices, a token is generated by adding a digital signature to the authentication data with the shared key, and the token is generated. transmitting to the operation target device;
    When the one communication device is operated by an operating device that is one of the plurality of communication devices, the digital signature of the token received from the operating device is verified using the shared key. Authenticate by
    When the authentication is successful, the operating device can operate the device itself;
    Communication method.
  11.  ネットワークを介して相互に通信可能な、同一の共有鍵をそれぞれ保持する複数の通信機器のうちの一の通信機器を、
     自機が、前記複数の通信機器のうちの何れかの通信機器である操作対象機器を操作する場合に、認証データに前記共有鍵でデジタル署名を付加したトークンを生成し、当該トークンを前記操作対象機器に送信するトークン生成処理部、
     自機が、前記複数の通信機器のうちの何れかの通信機器である操作側機器から操作される場合に、前記操作側機器から受信したトークンのデジタル署名を前記共有鍵を用いて検証することにより認証を行うトークン認証処理部、
     前記トークン認証処理部による認証に成功した場合に、前記操作側機器による自機に対する操作を可能とするウェブサーバ部、
     として機能させるプログラム。     One communication device among a plurality of communication devices each holding the same shared key and capable of communicating with each other via a network,
    When the own device operates an operation target device that is one of the plurality of communication devices, it generates a token obtained by adding a digital signature to the authentication data with the shared key, and uses the token to perform the operation. a token generation processing unit that transmits to the target device;
    verifying, by using the shared key, the digital signature of the token received from the operating-side device when the own device is operated by an operating-side device that is one of the plurality of communication devices; a token authentication processing unit that performs authentication by
    a web server unit that enables the operation-side device to operate its own device when authentication by the token authentication processing unit is successful;
    A program that acts as a
PCT/JP2022/003794 2022-02-01 2022-02-01 Communication device, communication system, communication method, and program WO2023148807A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2022/003794 WO2023148807A1 (en) 2022-02-01 2022-02-01 Communication device, communication system, communication method, and program
JP2023578212A JP7546796B2 (en) 2022-02-01 2022-02-01 Communication device, communication system, communication method and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/003794 WO2023148807A1 (en) 2022-02-01 2022-02-01 Communication device, communication system, communication method, and program

Publications (1)

Publication Number Publication Date
WO2023148807A1 true WO2023148807A1 (en) 2023-08-10

Family

ID=87553319

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/003794 WO2023148807A1 (en) 2022-02-01 2022-02-01 Communication device, communication system, communication method, and program

Country Status (2)

Country Link
JP (1) JP7546796B2 (en)
WO (1) WO2023148807A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005102163A (en) * 2003-09-03 2005-04-14 Sony Corp Equipment authentication system, server, method and program, terminal and storage medium
CN101114900A (en) * 2006-07-27 2008-01-30 上海贝尔阿尔卡特股份有限公司 Multicast service authentication method and device, system
JP2013033437A (en) * 2011-06-29 2013-02-14 Canon Inc Print control device, print control method, information processing system, information processor, information processing method, and computer program
JP2015184752A (en) * 2014-03-20 2015-10-22 富士ゼロックス株式会社 relay device and program
JP2016018529A (en) * 2014-07-11 2016-02-01 株式会社リコー Authentication system, authentication method, program, and communication system
WO2020071164A1 (en) * 2018-10-01 2020-04-09 二村 憲人 Information communication apparatus, authentication program for information communication apparatus, and authentication method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104756126B (en) 2012-10-29 2018-09-07 三菱电机株式会社 Equipment management device, equipment management system and device management method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005102163A (en) * 2003-09-03 2005-04-14 Sony Corp Equipment authentication system, server, method and program, terminal and storage medium
CN101114900A (en) * 2006-07-27 2008-01-30 上海贝尔阿尔卡特股份有限公司 Multicast service authentication method and device, system
JP2013033437A (en) * 2011-06-29 2013-02-14 Canon Inc Print control device, print control method, information processing system, information processor, information processing method, and computer program
JP2015184752A (en) * 2014-03-20 2015-10-22 富士ゼロックス株式会社 relay device and program
JP2016018529A (en) * 2014-07-11 2016-02-01 株式会社リコー Authentication system, authentication method, program, and communication system
WO2020071164A1 (en) * 2018-10-01 2020-04-09 二村 憲人 Information communication apparatus, authentication program for information communication apparatus, and authentication method

Also Published As

Publication number Publication date
JPWO2023148807A1 (en) 2023-08-10
JP7546796B2 (en) 2024-09-06

Similar Documents

Publication Publication Date Title
CN109428947B (en) Authority transfer system, control method thereof and storage medium
US10277577B2 (en) Password-less authentication system and method
US11082225B2 (en) Information processing system and control method therefor
US7904952B2 (en) System and method for access control
EP3850510B1 (en) Infrastructure device enrolment
JP4879524B2 (en) COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND PROGRAM
JP2019046059A (en) Delegation-of-authority system, control method and program
KR101686167B1 (en) Apparatus and Method for Certificate Distribution of the Internet of Things Equipment
JP6609788B1 (en) Information communication device, authentication program for information communication device, and authentication method
JP2007013597A (en) Communication system, certificate update apparatus, certificate update program, communication apparatus, and substitute update program
WO2004090738A1 (en) Password change system
US20190386835A1 (en) Information processing apparatus, method for controlling the same, and program therefor
US11665539B2 (en) Communication system
JP2009277024A (en) Connection control method, communication system and terminal
US20240039723A1 (en) Information processing apparatus, non-transitory computer readable medium, and information processing system
US20130067543A1 (en) Printer server, printer control method, and storage medium
WO2023148807A1 (en) Communication device, communication system, communication method, and program
KR102062851B1 (en) Single sign on service authentication method and system using token management demon
JP6833658B2 (en) Server equipment, equipment, certificate issuing method, certificate requesting method, certificate issuing program and certificate requesting program
US9882891B2 (en) Identity verification
JP2020053100A (en) Information processing system, control method thereof and program
JP2009181194A (en) Authentication system, control device to be used for the same, authentication method and program for authentication
JP2008051569A (en) Automatic analyzer
JP2022191825A (en) Communication system and communication method
WO2022026965A1 (en) Device fingerprint encoding component attributes

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22924720

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2023578212

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE