WO2007132764A1 - Network system - Google Patents

Network system Download PDF

Info

Publication number
WO2007132764A1
WO2007132764A1 PCT/JP2007/059731 JP2007059731W WO2007132764A1 WO 2007132764 A1 WO2007132764 A1 WO 2007132764A1 JP 2007059731 W JP2007059731 W JP 2007059731W WO 2007132764 A1 WO2007132764 A1 WO 2007132764A1
Authority
WO
WIPO (PCT)
Prior art keywords
equipment
access
lan
identifier
center
Prior art date
Application number
PCT/JP2007/059731
Other languages
French (fr)
Japanese (ja)
Inventor
Hirotatsu Shinomiya
Original Assignee
Panasonic Electric Works Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Panasonic Electric Works Co., Ltd. filed Critical Panasonic Electric Works Co., Ltd.
Priority to CN2007800171376A priority Critical patent/CN101443777B/en
Publication of WO2007132764A1 publication Critical patent/WO2007132764A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units

Definitions

  • the present invention relates to a network system for realizing secure communication between equipment devices.
  • the client object uses an ID and a password as a key copy.
  • the key property server searches the key property list and permits the requested communication, the key property server issues a key ticket to the client object, and the communication between the client object and the target object. Is realized.
  • a device 120 that provides various services, a recording medium 130 for data recording, a user terminal 110, and the like are connected.
  • the home server 100 manages the user terminal 110, the device 120, and the recording medium 130 that are connected to the internal network 140. That is, the home server 100 selects control signals transmitted and received between these. Furthermore, the home server has a firewall function that rejects unauthorized access requested from the external network 150. That is, the control signal from the external network 150 to the internal network 140 is selected based on a predetermined condition. In this way, the home server 100 receives predetermined control signals between a plurality of devices connected to the internal network 140 and control signals from the external network 150 to the plurality of devices. It has a control signal selection function for selecting and selecting.
  • home server vendor terminal 160 is a terminal for setting network conditions such as predetermined conditions used by home server vendors to select control signals for home server 100 through external network 150.
  • the user terminal 110 or the home sano 100 is provided with setting request input means for requesting the terminal 160 to set the predetermined condition. Via this setting request input means, the user inputs how he / she wants to set the predetermined condition, and when the input setting request is transmitted to the terminal 160 via the home sano 100, the terminal 160 Information corresponding to the setting request is returned to the home server 100, and a predetermined condition is set in the home sano 100 based on this information.
  • a network system that combines high security with ease of use and ease of use is realized.
  • the present invention has been made in view of the above problems, and its object is to provide a LAN (local area) even if a WAN (wide area network) such as the Internet goes down. (Network) can secure an environment where secure communication is possible
  • the object is to provide a network system that can automatically update the information necessary for authentication processing of whether or not it is possible to permit access between devices.
  • the network system of the present invention includes a LAN to which a plurality of equipment and local servers each having an object with an identifier attached, and a WAN to which the LAN is connected.
  • a network server that is connected to the center server and at least one equipment having an identifier outside the object, and one of the equipment can make an object execution request to the other of the equipment using the identifier.
  • the center server includes a center storage unit in which a correspondence relationship of identifiers related to approval of access between facility devices is set for the facility devices connected to the LAN and the facility devices connected to the WAN.
  • a correspondence relationship of identifiers related to approval of access between facility devices is set for the facility devices connected to the LAN and the facility devices connected to the WAN.
  • the local server stores the correspondence between the identifiers received from the center sano, and when one of the facility devices makes an object execution request to another one of the facility devices, the object execution request is received.
  • a verification unit that determines whether the access is between facilities in the LAN and whether to allow the access based on the settings of the local storage unit,
  • the verification unit determines that the object execution request is an access between the equipment devices in the LAN and the access is permitted, an access permission signal is output from the local server, and the object request requested from one of the equipment devices is outside the object. Is executed by another one of the equipment.
  • At least one facility device connected to the WAN may be a facility device directly connected to the WAN (see Fig. 1), or a local server provided in another LAN. It may be equipment (see Fig. 6) that is indirectly connected to the WAN via a (gateway).
  • the collation unit sends an object execution request to the LAN.
  • the identifier used for the object execution request is transferred from the local server to the center server, and the center server checks the access by checking the contents of the center storage unit.
  • an access permission signal is output from the center server through the local server, and the object requested from one of the equipment is installed in the facility. Preferably it is performed by another one of the devices.
  • an access denial signal may be issued immediately, but as described above, the equipment in the LAN and the equipment in the LAN By re-determining whether or not access between facilities is approved by the center server, it is possible to manage secure communications regardless of inside or outside of the LAN, thus realizing a network system with higher customer satisfaction. .
  • the local server preliminarily acquires the identifiers of all the equipment in the LAN, notifies the center server of the acquired identifiers, and extracts the LAN extracted from the center sano based on this notification. It is preferable to have an initial setting function for setting the correspondence relationship of the identifiers regarding the approval of access between the facility devices in the local storage unit. In this case, it is possible to reduce the burden on the LAN user for the complicated initial setting work that does not require the setting of the WAN authentication server address on the equipment side in the initial setting.
  • an identifier used for authentication processing of access between facility devices includes a unique identifier (object identifier) that provides information related to the facility device to be executed outside the object, and the facility device.
  • object identifier a unique identifier
  • the interface identifier defined based on the contents of the object to be executed (for example, a variable indicating the current state of the equipment, a function for controlling the equipment, and event information indicating the occurrence of a change in the state of the equipment) It is preferable to include at least one.
  • a correspondence relationship between identifiers for access authorization between facility devices in the local storage capacity LAN a unique identifier of the facility device that requests execution of the object, and a unique identifier of the facility device that is requested to execute outside the object It is further preferable to include a table in which a correspondence relationship with a combination of interface identifiers is set.
  • the collation unit determines that the object execution request is an access between the equipment devices in the LAN and the access is permitted, the local server requests at least the object execution with an access permission signal. It is preferable to transmit to the equipment to be performed.
  • the collation unit determines that the object execution request is an access between the equipments in the LAN, but the access is not permitted, the local server requests at least the object execution with an access denial signal. It is preferable to send it to the equipment.
  • the center verification unit determines that the access is not permitted, it is preferable to transmit an access denial signal to at least the equipment that requests execution of the object via the center server.
  • FIG. 1 is a schematic diagram of a network system according to a first embodiment of the present invention.
  • FIG. 2 is a configuration diagram of a gateway of the network system.
  • FIG. 3 (A) is a configuration diagram of equipment in the network system, and (B) is a configuration diagram of MOS installed in the equipment.
  • FIG. 4 is a flowchart showing a method for initially setting access permission information in a gateway.
  • FIG. 5 is a diagram showing an example of extracting access permission information from the center server to the gateway.
  • FIG. 6 is a diagram showing another example of extracting access permission information from the center Sano to the gateway.
  • FIG. 7 is a flowchart showing the operation of the network system of the present invention.
  • FIG. 8 is a diagram showing an authentication key distribution method in the network system.
  • FIG. 9 is a diagram showing a modification of the distribution method in FIG.
  • FIG. 10 is a diagram showing another method for distributing the authentication key in the network system.
  • FIG. 11 is a diagram showing a modification of the distribution method in FIG.
  • FIG. 12 is a diagram showing still another method for distributing the authentication key in the network system.
  • FIG. 13 is a diagram showing another method for distributing the authentication key in the network system.
  • FIG. 14 is a diagram showing still another method of distributing the authentication key in the network system.
  • FIG. 15 is a schematic diagram of a network system according to the second embodiment of the present invention.
  • FIG. 16 is a diagram showing an operation example of the network system.
  • FIG. 17 is a schematic diagram of a network system that works on a modification of the second embodiment.
  • FIG. 18 is a schematic diagram of a conventional network system.
  • the network system of the present embodiment includes a WAN (wide area network) 4 such as the Internet to which the center sano 5 is connected, and a LAN connected to the WAN 4 via a gateway 3 that functions as a server.
  • WAN wide area network
  • LAN Local Area Network
  • the network system of the present embodiment includes a WAN (wide area network) 4 such as the Internet to which the center sano 5 is connected, and a LAN connected to the WAN 4 via a gateway 3 that functions as a server.
  • WAN wide area network
  • LAN Local Area Network
  • multiple equipment 2 connected to WAN4, and can execute an object execution request to any one of the equipment and another one of the equipment
  • the LAN 1 is constructed based on a communication standard such as Ethernet (registered trademark).
  • the gateway 3 connected to the LAN 1 includes a hub unit 30 for concentrating the LAN 1, a communication unit 31, a modem unit 32, and a server function unit (OAS: Object Access Saver) 33 called an object access server.
  • the server function unit 33 includes a local storage unit (not shown) for storing information related to access approval between the facility devices 2 only for the facility device 2 connected to the LAN 1, and a local storage unit.
  • a local authentication server 34 (Local Authentication Server: hereinafter referred to as Local AS 34) that has a function as a local verification unit that verifies whether or not to permit access by two devices. Is installed.
  • the center server 5 is installed on the Internet, which is the WAN 4, and the installed server function unit (OAS) 50 has substantially the same function as the server function unit 33 of the gateway 3.
  • the server function unit 50 includes a central storage unit (not shown) that stores information related to access approval between the facility devices 2 for all the facility devices connected to the LAN 1 and the WAN 4, and a center. Using the information stored in the storage unit, it functions as a center verification unit that verifies whether access is permitted between equipment 2 outside LAN1 or between equipment outside LAN and equipment inside LAN
  • a center authentication server 52 Center Authentications ever: hereinafter referred to as the center AS52) is provided!
  • the equipment 2 used in this network system is installed in a building or house having a communication function.
  • environmental equipment lighting, air conditioning
  • crime prevention / disaster prevention equipment There are a temperature sensor, a luminance sensor, a human sensor, a fire sensor, etc. to be used.
  • the basic configuration of the equipment device 2 includes a functional unit 20 for providing a service unique to the equipment device, and an interface unit 21 and a bus 22 connected to the functional unit 20.
  • Function for instructing operation (operation control), obtaining a variable indicating the current state of the function unit 20, and obtaining event information indicating that a change in the state of the function unit 20 has occurred.
  • An information processing unit 23 that performs processing and a communication unit 24 for network communication (Ethernet (registered trademark) standard communication) are provided.
  • the storage unit 25 in the information processing unit 23 implements an object function in this system.
  • Module part MOS Micro Object Server
  • the server function unit (OAS) 33 provided in the gateway 3 is a software and facility that realizes a function as an object router for hiding the network connection of the facility device 2 of this system.
  • OAS server function unit
  • the server function unit (OAS) 33 is a software and facility that realizes a function as an object router for hiding the network connection of the facility device 2 of this system.
  • various application software executed for the user to enjoy the service provided by the functional unit 20 of the facility device 2 and different protocols can be converted into the system seamlessly.
  • Protocol for connecting Bridge service and additional service functions such as firewall bridge service for converting the protocol used for communication with CenterSano 5 to SOAP (Simple Object Access Protocol) and passing through the firewall
  • the software is configured to achieve this.
  • the local AS 34 provided in the server function unit 33 of the gateway 3 is provided for each object included in the module unit MOS of the equipment 2 for each object identifier (and further, a secret key or a user name). , Password), a local storage unit that holds an identifier (or user name and permission information) having permission for the object, and a local verification unit as a computing means for performing authentication, an authentication key and access control described later. This is shared with the storage means and calculation means of the functional unit 33.
  • the server function unit 33 and the local AS 34 may be configured separately from each other in hardware and software.
  • a client terminal 6 such as a personal computer or a mobile terminal (terminal having a communication function such as a mobile phone or PDA) can be connected to the LAN 1 or WAN 4 It is.
  • the client terminal 6 also has the power of a computer device equipped with client software (OAL: Object Access Library) and client application (software) to enjoy the service provided in the network system.
  • Execution requests can be made to the MOS object of the module part of the equipment 2 from the WAN4, and the services provided by the equipment 2 by executing the client application, that is, control requests to the equipment 2 and the equipment 2 side Monitoring information (variables, event information) can be enjoyed in the desired form.
  • the network system of the present embodiment is composed of an OSI7 hierarchical model, and the module unit MOS of the information processing unit 23 of the equipment device 2 passes variables and event information to the client terminal 6 and other equipment devices 2. Or, configure the application layer from the original protocol (OAP) for receiving functions, etc., and use this OAP to exchange information between the server function unit (OAS) and the module unit MOS of the equipment 2 It has become.
  • the module part M OS is the information between the application part 26 for the equipment 2, the software communication module 27 corresponding to the OSI7 hierarchical model, and the function part 20. It consists of a hardware communication module 28 for sending and receiving.
  • the software communication module 27 is responsible for the protocols in the network layer to presentation layer of the OSI7 layer, and performs the above-mentioned OAP definition and integration of TCP and UDP.
  • each of the equipment devices 2 described above is used when the function unit 20 performs a process for providing a service. It has one or more equipment-side objects used in the module under the module MOS incorporated in the information processing section 23, and each equipment-side object is provided with information on the equipment on which the object is to be executed.
  • Unique identifier object identifier: OID
  • OID object identifier
  • the contents of the object executed in the equipment for example, a variable indicating the current state of the equipment 2, a function for controlling the equipment 2, a change in the state of the equipment 2
  • One or more interface identifiers (IID) defined by the event information indicating the occurrence of the event and the function executed by the facility device 2).
  • the unique identifier (OID) is unique to the object, and the interface identifier (IID) can be assigned to the same defined interface.
  • the information processing unit 23 receives an execution request using the unique identifier (OID) or interface identifier (IID) of the equipment-side object or a combination of both from the server function unit 33 in the gateway 3. It is done when. Specifically, in the case of an execution request corresponding to a specific interface under a specific facility-side object, a combination of OID and IID is used, and an interface with the same definition content has multiple facilities 2 facilities. If it is under the side object, an execution request can be made only with the IID of the interface.
  • the server function unit 33 of the gateway 3 performs a process of detecting the equipment 2 connected to the LAN 1 by broadcast or multicast, and the equipment 2 on the LAN 1 Acquire information necessary for network communication such as IP address.
  • the local AS 34 of the server function unit 33 requests each equipment device to report the OID of the equipment object or the IID of the interface below or the combination information of 01D and IID (step Sl ).
  • the local AS 34 acquires the identifier information sequentially sent from the equipment 2 (step S2), and uses the identifier information for network communication (TCP / It is stored in the local storage unit as a connected equipment information table in association with the IP address that is the identifier on the IP base.
  • TCP network communication
  • the IP address of gateway 3 may be acquired by network or multicast, and communication with local AS 34 of server function unit 33 of gateway 3 may be enabled.
  • the local AS3 4 is provided separately from the server function unit 33 of the gateway 3 on the LAN 1 (or when the local AS 34 is provided independently without providing the server function unit 33), By obtaining the IP address of the local AS 34 directly from each equipment device 2 by broadcast or multicast, communication with the local AS 34 becomes possible. In this embodiment, it is not necessary to set the IP address of the center server 5 (center AS 52) on the WAN 4 in advance on the equipment device 2 side.
  • the server function unit 33 of the gateway 3 sends the identifier information acquired from the subordinate equipment 2 to the Sano function unit 50 of the center Sano 5 on the Internet 4 as a function of the local AS 34. Processing is performed (step S3). This process is performed periodically or whenever there is a change in the environment setting of equipment 2 in LAN 1 (for example, addition or disposal of equipment).
  • the center AS 52 of the center server 5 extracts only identifier information relating to communication between the equipment 2 in the LAN 1 under the gateway 3 from the database of access permission information stored in the center storage unit.
  • the identifier information is sent to the local AS 34 of the gateway 3 as access permission information related to intra-LAN communication (step S4).
  • the access permission information acquired from the center AS 52 of the center sano 5, that is, the identifier information is set in the local storage unit of the gateway 3 (step S 5). In other words, access permission information can be automatically set in the gateway 3 by obtaining permission information from the center AS 52, without manual operation by the LAN user.
  • the center server 5 sends the identifier information of the object OID and interface IID to the server function unit 50 and the center for the equipment 2 connected to the Internet, which is WAN4. It can be obtained by the function of AS52.
  • setting of permission information in the local AS 34 is an object identifier (OID) and Z is an interface identifier ( IID) identifier information table Provided by That is, the object identifier (OID) and Z of the equipment device 2 on the access request side are the interface identifier (IID), and the object identifier (OID) and Z of the equipment device 2 on the access request side are the interface
  • the authorization information that is associated with the identifier (IID) and stored in a table is acquired from the center AS 52 and set in the local AS 34 as described above.
  • communication permission information between the equipment 2 in the LAN 1 and the equipment 2 outside the LAN 1 is set in the center AS 52 in advance. That is, in the center AS52, access permission information between the equipment 2 connected to the LAN 1 and the equipment 2 connected to the WAN 4 in addition to the access permission information between the equipment 2 connected to the LAN 1
  • the object identifier (OID) and Z or interface identifier (IID) of the equipment that requests access, and the object identifier (OID) and Z or interface identifier (IID) of the equipment that requests access It is preset by the association.
  • Tables 1 and 2 show permission information tables stored in the center storage unit of the center server 5.
  • OID outside-object identifier
  • Equipment information in this example, a combination of object identifier (OID) and interface identifier (IID)) and "r (read permission)", "w (write permission)", "x (execution permission)
  • IID interface identifier
  • * * indicates that any interface identifier that does not specify the interface identifier can be accessed.
  • OID3 OID 1 * * * * * * * r / w /
  • the center AS table shown in Table 2 includes a combination of the object identifier (OID) and interface identifier (IID) of the equipment that requests access, and the object identifier (OID) of the equipment that is permitted to access. And the interface identifier (IID) combination and the access permission type ("r / w / x") are listed.
  • the center AS table in Table 1 displays only the OID of the equipment that requests access. Therefore, when extracting the permission information set in the gateway (local server), only the OID of the equipment 2 under the control of the gateway 3 needs to be notified to the center Sano 5. On the other hand, since the combination of the OID and IID of the equipment that requests access is displayed in the center AS table in Table 2, when extracting the permission information set for the gateway, the gateway 3 subordinates it. The combination of OID and IID of equipment 2 is notified to the center server 5. In short, when extracting the permission information set for the gateway from the center one server, the gateway 3 manages the equipment 2 subordinate to it from the gateway 3 based on the contents of the center AS table held by the center server 5 (access permission information).
  • At least one of the object identifier and the interface identifier is transmitted. As shown in the bottom row of Table 2, if only the interface identifier of the equipment requesting access is specified, there are uses such as permitting access to other equipment only when an event corresponding to the interface occurs. Conceivable.
  • equipment A corresponds to each of the object identifier OID1 (OIDIJIDI), (OID1, IID2), (0 ID1, IID3) and the functions of equipment A.
  • OIDIJIDI object identifier
  • equipment B has object identifiers OID2 (0ID2, IID1) and (OID2, IID2).
  • OID2 object identifiers
  • IID1, IID2 two interface identifiers
  • Gateway 3 receives the identifier information from these two equipment 2 in LAN 1 and transmits it to Center Sano 5.
  • the center server 5 stores a table in which permission information of facility equipment that can be accessed for all of the equipment of LAN1 and WAN4 is indicated by the correspondence between identifiers. For equipment C and D connected to WAN4, the identifier information of accessible equipment is listed.
  • the information received from the equipment 2 in the LAN 1 includes the object identifier and the It is preferable to receive both an object identifier and an interface identifier, preferably just at least one of the interface identifiers.
  • gateway 3 receives both the object identifier and the interface identifier from subordinate equipment 2, only necessary identifier information is obtained based on the contents of the access permission information table stored in the center server. It can be sent to the center server.
  • the center server 5 When the center server 5 receives the notification of the identifier information of the equipment (A, B) in the LAN transmitted from the gateway 3, the center AS table power also accesses the equipment (A, B). Only the authorization information is extracted and sent to Gateway 3, and is set in the local AS table as shown in the lower right table in Fig. 5. In the table, “r (read permission)”, “w (write permission)”, and “X (execution permission)” indicate the type of access permission associated with each identifier information.
  • Figure 6 shows the first LAN (LAN-1) to which equipment A and B are connected, the second LAN (LAN-2) to which equipment C and D are connected, and the power via WAN4, which is the Internet.
  • WAN4 which is the Internet.
  • An example of extracting access permission information in another network system connected to Center Isano 5 is shown.
  • the first LAN's local AS table only the access permission information between equipment A and B is extracted and set using the same method as in Fig. 5.
  • Using the same method as in Fig. 5 only the access permission information between equipment C and D is extracted and set for the center AS table.
  • the gateway 3 does not include the server function unit 33, and simply converts the protocol between the WAN 4 and the LAN 1, which are the Internet, on the LAN. It may be provided with a routing function for connecting the facility equipment 2 to the Internet.
  • the local AS 34 performs processing for detecting the equipment 2 by broadcast or multicast, and acquires information necessary for network communication such as the IP address of the equipment 2 on the LAN.
  • one of the facility devices makes an access request regarding execution outside the object to another facility device (facility device B).
  • the authentication operation in this case will be described in detail with reference to FIG.
  • Step S6 when there is an access request from the equipment A in the network to the equipment B (Step S6), this access request is received by the server function unit 33 of the gateway 3, and the server function unit In the local AS 34 in 33, the equipment device B in the LAN depends on whether it exists in the table set in the local storage unit of the gateway 3 of the execution request destination, that is, the equipment device B on the receiving side. Is determined (step S7).
  • the equipment device B is an equipment device in the LAN
  • the identifier information for example, OID
  • the information for example, a combination of OID and IID
  • This collation work is performed, for example, by executing a predetermined program of the local collation unit provided in the server function unit 33 of the gateway 3.
  • the permission notice and the authentication key are distributed to the equipment devices A and B (step S9).
  • secure communication is performed between the equipment (A—B) that has received the authentication key together with the permission notification, and information can be exchanged by executing the object (step S10).
  • the routing function using the connection facility information table of the sano function section 33 of the gateway 3 allows communication between the facility devices without special awareness of the IP address or the like.
  • the access permission information is set in the local storage unit. If the access between the equipment A and B is not permitted, the local AS 34 delivers a disapproval notice to at least the equipment A that requests the execution of the object ( In step S11), the object of secure communication can be achieved by denying undesired access.
  • the equipment device B is not a LAN equipment device, that is, if the information related to the equipment device B is not listed in the table set in the oral storage unit.
  • the authentication request for performing the object execution request is transferred to the center AS 52 via the server function unit 50 of the center sano 5 (step S12).
  • the identifier information of the object of the equipment A that made the execution request is checked against the information stored in the file to determine whether or not to permit the access request (step S13).
  • This collation work is performed, for example, by executing a center collation unit force predetermined program provided in the server function unit 50 of the center server 5.
  • the center storage unit only the identifier information of the equipment that is permitted to access is registered! Alternatively, the presence / absence of access permission may be displayed for the identifier information of all the equipment devices.
  • the object identifier (OID) or interface identifier (IID) of the equipment requesting access and the object identifier of the equipment requested to access Whether access to equipment outside the LAN is permitted based on a table in which a correspondence relationship with at least one of (OID) or interface identifier (IID) is set, and identifier information provided from gateway 3 If it can be judged.
  • the authorization notification and authentication key are distributed to the local AS 34 (step S14), and the local AS 34 distributes the authorization notification and authentication key distributed to the equipment A , B is distributed (step S15).
  • secure communication is performed between the equipment devices A and B that have received the authentication key together with the permission notification, and information can be exchanged Z by executing the object (step S16).
  • the connection facility information table of the server function part (33, 50) of the gateway 3 and the center server 5 is used.
  • step S17 a non-permission notification is sent to the local AS 3 4 (step S17), and at least the non-permission notification distributed by the local AS 34 is executed outside the object. Is transmitted to the equipment A on the requesting side, and the object execution request from the equipment A to the equipment B is rejected (step S18).
  • the access request between the equipments in the LAN is authenticated by the gateway 3 as a local server that follows the center server 5, and the network outside the LAN Even if the environment (for example, the Internet) is disconnected, communication within the LAN can be ensured in a normal state.
  • the local AS 34 periodically obtains the identifier information of the equipment in the LAN and notifies the center AS 52, and only the access permission information between the equipment in the LAN from the center server 5 Is extracted and automatically updated to the local AS34, so initial settings can be made without the user's particular awareness, and even if there is a change in the environment settings in the LAN, the user needs to perform troublesome settings. Absent.
  • the low-power AS34 has the advantage that only the access permission information between the equipments in the LAN is set, and the amount of information processing that the gateway 3 should perform can be reduced.
  • the equipment device A in the LAN requests access to the equipment device B in the LAN.
  • the authentication request includes the identifier information for equipment A, the identifier information for equipment B, and the access request authority (r / w / x).
  • the Equipment Equipment A Equipment Equipment B that has received an access request from Rikigo, requests authentication to permit access to the local AS34. If the access is permitted in the access permission information table of the local AS 34, the local AS 34 distributes the authentication key to the equipment B, and the equipment A distributes the authentication key from the equipment B. Is done.
  • the authentication keys include those for equipment A and equipment B, and are encrypted with their private keys. As a result, the equipment devices A and B can extract the communication encryption key (the communication key for the session common to the equipment device A and equipment device B) using the respective secret key and other secure keys and execute secure communication.
  • the equipment device A in the LAN may directly request access to the equipment device B in the LAN from the local AS 34.
  • the authentication key is distributed to the equipment A and the authentication key is distributed from the equipment A to the equipment B.
  • the equipment devices A and B can perform secure communication by extracting the encryption key for communication using the secret key of each of the authentication keyers.
  • the authentication key distribution method shown in FIG. 10 is illustrated in that the equipment A in the LAN requests access to the equipment B in the LAN, and the equipment B sends an authentication request to the local AS 34. Same as the case of 8, except that the local AS34 distributes the authentication keys for equipment A and B, respectively.
  • the authentication key distribution method shown in Fig. 11 is the same as in Fig. 9 in that equipment A in the LAN directly requests access to the equipment B in the LAN from the local AS34. It is characterized in that the local AS34 distributes authentication keys for equipment A and B respectively. In these cases, secure communication is performed between the equipment A and B that have received the authentication key.
  • FIG. 12 shows an authentication key distribution method when a plurality of facility devices in the LAN have a group ID.
  • the equipment device A presents the equipment device A identifier information and group ID and access request authority (r / w / x) to the local AS 34, and the equipment devices 2 having the same group ID Request permission for access.
  • the equipment device B presents the equipment device B identifier information, group ID, and access request authority (r / w / x) to the local AS 34, and the equipment devices 2 having the same group ID share each other. Request permission for access.
  • Local AS34 grants for each request Judgment is made on whether or not it is possible.
  • the equipment devices A and B that have received the authentication key can use the respective secret keys to extract the communication encryption key (the communication key for the session that is common to the equipment devices A and B) and execute secure communication.
  • FIG. 13 shows a method for distributing the authentication key when the equipment device A in the LAN does not have a group ID. That is, since equipment B has a group ID, the same information is provided by providing the equipment AS B identifier information, group ID, and access request authority (r / w / x) to the local AS 34. Request permission for access between two equipment with group IDs. The local AS 34 determines whether or not the request from the equipment B can be permitted. If the request is permitted, the local AS 34 distributes the authentication key to the equipment B. On the other hand, when equipment A requests access to equipment B, equipment B notifies equipment A that a group ID is required for access authentication (group notification).
  • equipment A presents the identifier information of equipment A, the group ID obtained from the group notification from equipment B, and the access request authority (r / w / x) to local AS34. Request permission for access between the equipment devices 2 having the same group ID.
  • the local AS 34 determines whether or not the request from the equipment A can be permitted, and if so, distributes the authentication key to the equipment A.
  • facility devices A and B that have received the authentication key can use the respective private keys to extract the communication encryption key (session communication key common to facility device A and facility device B) and execute secure communication. .
  • FIG. 14 shows a method of distributing an authentication key when the equipment device B holds the encryption key in advance and the encryption key necessary for access to the equipment device B is managed by the local AS 34. That is, the equipment A in the LAN that desires access to the equipment B has the identifier information of the equipment A, the identifier information of the equipment B, and the access request authority (r / w / x ) To request authentication, the local AS 34 determines whether or not it is possible to permit this request for equipment A, and if so, distributes the authentication key to equipment A. As for the authentication key, the encryption key of the equipment device B is encrypted with the private key of the equipment device A. Secure communication with equipment B can be performed by extracting the encryption key.
  • a remote control system for in-house equipment which is a user area, is configured using the network system of the present invention.
  • a duplicate description of the same configuration as that of the embodiment is omitted.
  • a dedicated client terminal device 2f, a personal computer 6, etc. are connected to the gateway 3 via a LAN1 cable installed in the house.
  • the alarm monitoring device 2d has a function of wirelessly collecting the status of abnormality detection sensors 60 such as various security sensors and disaster prevention sensors, and outputting alarm information when the occurrence of an abnormality is detected.
  • Abnormality detection sensor In addition to the wireless receiver that wirelessly receives the detection signal of 60 forces, the detection signal received by the wireless receiver is received, and when an abnormality is detected, the alarm is sent to the alarm device, or the externally transmitted information 3 is provided, and this functional unit corresponds to the functional unit 20 in FIG. 3 (A), and the notification information is passed to the information processing unit 23.
  • the recording transfer device 2e has a function of distributing a recorded video of a visitor captured by a television camera (not shown) of the interphone system 70 to an external monitor or a home monitor, and stores the recorded video data.
  • the function unit 20 is used as a recording unit, and the recorded video data is transferred to the information processing unit 23 after being recorded and stored in the function unit 20.
  • the gateway 3 is connected to the center sano 5 via the WAN 4 such as the Internet provided by a connection service provider such as ADSL or an optical fiber communication network.
  • the WAN 4 such as the Internet provided by a connection service provider such as ADSL or an optical fiber communication network.
  • ADSL connection service provider
  • access permission information between the facility devices is set for the facility device 2 in the LAN 1 described above.
  • desired equipment 2 can be connected to the WAN 4 in addition to the client terminal 6 that also has the power of a personal computer and a mobile phone.
  • gateway 3 performs a detection process for devices connected to LAN1, and Requests to provide information necessary for network communication such as the IP address and identifier information.
  • the module part MOS of each equipment (2a to 2f) provides the service function part 33 of the gateway 3 with the OID of the object on the equipment side on its module part MOS or the IID information of the interface below it. .
  • the service function unit 33 of the gateway 3 transmits the identifier information of the equipment object received by the equipment (2a to 2f) force to the center sano 5.
  • the center server 5 sends only the access permission information registered in the center AS52 between the equipment in the LAN to the gateway 3, and the access permission information corresponding to the current environment setting in the LAN. Is updated to the local AS34. Such updates are made whenever there is a change in the LAN environment settings, such as increase or decrease of equipment.
  • An object execution request to the equipment in the LAN 1, which is the user area, can be performed in substantially the same manner as in the first embodiment. That is, the power of one of the equipment in LAN1 (for example, the client terminal device 2f) is also applied to another one of the equipment (for example, the lighting fixture 2a), and the object identifier (OID) or interface identifier ( When an execution request using IID) or a combination of both is made via the gateway 3, whether or not to allow access between the equipments is compared by the local AS 34 of the gateway 3. If access is permitted, an authentication key is distributed, and the desired object is executed by secure communication between the equipment that requests access and the equipment that is permitted access (in this case, 2f and 2a). .
  • the client terminal device 2 when an object execution request is made to the client terminal device 2, the air conditioner 2 b and the electric lock 2 c, the client terminal Correspondence between device 2f object outside identifier OID ("outing"), air conditioner 2b object identifier OID ("air conditioner”) and interface identifier IID ("air condition shutdown”), and client terminal Device 2f's object identifier OID ("going out"), electric lock 2c's object identifier OID (“electric lock”) and interface identifier IID (“locked”) It is verified whether it is registered as access permission information in S34. If access is permitted, the two objects are secured: the shutdown of the air conditioner 2b and the locking of the electric lock 2c. It is executed by communication.
  • OID outside identifier
  • air conditioner air conditioner
  • interface identifier IID air condition shutdown
  • client terminal Device 2f's object identifier OID going out
  • electric lock 2c's object identifier OID electric lock
  • interface identifier IID locked
  • the client terminal device 2 also performs scenes in which the illuminance of the lighting fixture 2a is reduced and the video recording / transferring device 2e is operated at the same time and a video is viewed on a monitor device (not shown) on the LAN. It can also be created by making an object execution request to other equipment.
  • the transfer of the recorded video data is set as the equipment side object of the module part MOS
  • the dimming is set as the equipment side object of the module part MOS. If access between each equipment is permitted, the above-mentioned program for the object is executed, and the compound service of creating the above-mentioned scene can be enjoyed.
  • a fire detector as a facility device detects a malfunction (when an event occurs)
  • a lighting device that is another facility device connected to the home LAN. It is also possible to build a network system that notifies the resident of the abnormality by blinking.
  • the identifiers of the objects that execute the object are assigned to one execution request. You can also enjoy execution at the same time.
  • FIG. 17 shows a modification example of the network system of the present embodiment.
  • This network system consists of a luminaire 82 on the first floor of a two-story house, a central controller 2g for remotely controlling the air conditioner 84, and an electric lock 86, and a luminaire on the second floor of a two-story house.
  • the central control controller 2h for remotely controlling the air conditioner 82 and the air conditioner 84 is connected to the gateway 3 via the LAN 1 as the equipment 2 respectively.
  • the centralized control controller (2g, 2h) is connected to the lighting fixture 82, air conditioner 84 and electric lock 86 via the signal line 80.
  • the power of one of the equipment in the LAN 1 is also applied to another one of the equipment (for example, the centralized controller 2g).
  • the local AS 34 of the gateway 3 verifies whether to permit access between the equipments. Is done.
  • the information processing unit 23 uses the module unit MOS as a function to the control unit 2g of the centralized control controller 2g as a function of the control information of the shutdown of the air conditioner 84 and the control information of the lock of the electric lock 86. Process to pass.
  • the function unit 20 sends a control signal for stopping the operation of the air conditioner 84 or a control signal for locking the electric lock 86 via the signal line 80 to which each is connected. I started to do it.
  • the function unit 20 sends a control signal for stopping the operation of the air conditioner 84 or a control signal for locking the electric lock 86 via the signal line 80 to which each is connected. I started to do it.
  • it is possible to remotely control the locking of the electric lock 86 and the operation stop of the air conditioner 84 when the user goes out.
  • the distribution destination of the authentication key and the permission information when access between the facility devices is permitted is not limited, and the facility device that requests the object is not limited.
  • An access permission signal may also be transmitted to the equipment that executes the object.
  • the transmission destination of the access denial information when access between facility devices is denied is not particularly limited, it is preferable in terms of system operation to transmit to the facility device that requests the object.
  • the present invention has a high utility value as providing an optimal network system for the information-oriented society in recent years, where improvement of access control security is increasingly important.

Abstract

A network system for realizing a stable secure communication in a LAN is provided. The system includes a WAN such as the Internet, the LAN connected to the WAN through a local server, and a plurality of facility devices connected to the LAN and WAN. The local server acquires identifiers applied to the objects of all the facility devices in the LAN and reports them to a center server connected to the WAN. The center server contains the correspondence relationships of the identifiers with respect to the approval of access between all the facility devices, extracts only the correspondence relationship of the identifiers concerning the approval of the access between the facility devices in the LAN in response to the report, and sets them in the local server.

Description

明 細 書  Specification
ネットワークシステム  Network system
技術分野  Technical field
[0001] 本発明は、設備機器間においてセキュア通信を実現するためのネットワークシステ ムに関するものである。  The present invention relates to a network system for realizing secure communication between equipment devices.
背景技術  Background art
[0002] 従来、ネットワークシステムでセキュア通信を実現するため、通信機器間においてァ クセス要求があった場合に、アクセスを許可するかどうかの認証処理を認証サーバで 行うことが提案されている。  [0002] Conventionally, in order to realize secure communication in a network system, it has been proposed that when an access request is made between communication devices, authentication processing for determining whether to permit access is performed by an authentication server.
[0003] 例えば、 日本公開特許公報 10— 49443号に記載された情報処理システムによれ ば、クライアントオブジェクトとターゲットオブジェクトとの間に通信リクエストがあると、ク ライアントオブジェクトは、 IDとパスワードをケィパピリティサーバに提示する。ケィパピ リティサーバはケィパピリティリストを検索して、リクエストされた通信を許可する場合は 、ケィパピリティサーバがクライアントオブジェクトにケィパピリティチケットを発行し、ク ライアントオブジェクトとターゲットオブジェクトとの間の通信が実現される。  [0003] For example, according to the information processing system described in Japanese Patent Application Publication No. 10-49443, when a communication request is made between a client object and a target object, the client object uses an ID and a password as a key copy. To server. When the key property server searches the key property list and permits the requested communication, the key property server issues a key ticket to the client object, and the communication between the client object and the target object. Is realized.
[0004] また、 日本公開特許公報 2004— 21666号に記載されたネットワークシステムは、 図 18に示すように、各種サービスを提供する機器 120、データ記録用の記録媒体 130 およびユーザ端末 110等が接続される内部ネットワーク 140と、インターネット等の外部 ネットワーク 150と内部ネットワーク 140との間に接続されるホームサーノ 100と、外部ネ ットワーク 150に接続されるホームサーバ業者用の端末 160とで主として構成される。  [0004] In addition, in the network system described in Japanese Patent Application Publication No. 2004-21666, as shown in FIG. 18, a device 120 that provides various services, a recording medium 130 for data recording, a user terminal 110, and the like are connected. Main network 140, home sano 100 connected between external network 150 such as the Internet and internal network 140, and terminal 160 for home server vendors connected to external network 150. .
[0005] ホームサーバ 100は、内部ネットワーク 140内に接続されるユーザ端末 110、機器 120 、記録媒体 130の管理を行う。つまり、ホームサーバ 100は、これら相互間で送受信さ れる制御信号を取捨選択する。さらにホームサーバは、外部ネットワーク 150から要求 される不正なアクセスを拒絶するフアイヤーウォールの機能を持つ。つまり、外部ネッ トワーク 150から内部ネットワーク 140への制御信号を所定条件に基づいて取捨選択 する。このように、ホームサーバ 100は、内部ネットワーク 140に接続された複数の機器 間での制御信号、および外部ネットワーク 150から複数の機器への制御信号を所定 ヽて取捨選択する制御信号取捨選択機能を備えて ヽる。 The home server 100 manages the user terminal 110, the device 120, and the recording medium 130 that are connected to the internal network 140. That is, the home server 100 selects control signals transmitted and received between these. Furthermore, the home server has a firewall function that rejects unauthorized access requested from the external network 150. That is, the control signal from the external network 150 to the internal network 140 is selected based on a predetermined condition. In this way, the home server 100 receives predetermined control signals between a plurality of devices connected to the internal network 140 and control signals from the external network 150 to the plurality of devices. It has a control signal selection function for selecting and selecting.
[0006] 一方、ホームサーバ業者用端末 160は、外部ネットワーク 150を通じてホームサーバ 業者がホームサーバ 100の制御信号の取捨選択に用いる所定条件等のネットワーク 設定を行うための端末である。ユーザ端末 110またはホームサーノ 100には、この所 定条件の設定を端末 160に対して要求する設定要求入力手段が設けられている。こ の設定要求入力手段を介して、ユーザは所定条件をどのように設定して欲しいのか を入力し、入力された設定要求がホームサーノ 100を介して端末 160に送信されると、 端末 160はその設定要求に対応する情報をホームサーバ 100に返信し、この情報に 基づいてホームサーノ 100には所定条件が設定される。これにより、セキュリティの高 さと使 、勝手の良さを両立したネットワークシステムを実現して 、る。  On the other hand, home server vendor terminal 160 is a terminal for setting network conditions such as predetermined conditions used by home server vendors to select control signals for home server 100 through external network 150. The user terminal 110 or the home sano 100 is provided with setting request input means for requesting the terminal 160 to set the predetermined condition. Via this setting request input means, the user inputs how he / she wants to set the predetermined condition, and when the input setting request is transmitted to the terminal 160 via the home sano 100, the terminal 160 Information corresponding to the setting request is returned to the home server 100, and a predetermined condition is set in the home sano 100 based on this information. As a result, a network system that combines high security with ease of use and ease of use is realized.
[0007] し力しながら、前者の先行技術においては、ケィパピリティサーバの下で管理される クライアントオブジェクトおよびターゲットオブジェクトの数が多くなるにつれて、クライ アントオブジェクトとターゲットオブジェクトの IDやパスワードなどのアクセスの認証処 理に必要な情報の記憶量が増大するだけでなぐ複数のアクセス要求が集中した場 合には、ケィパピリティサーバにおける情報処理の負担が大きくなり、アクセス要求に 対する応答性が低下する恐れがある。また、ケィパピリティサーバがダウンした場合に は、クライアントオブジェクトとターゲットオブジェクトとの間の認証処理が行えなくなる  [0007] However, in the former prior art, as the number of client objects and target objects managed under the capacity server increases, access such as IDs and passwords of client objects and target objects is increased. When multiple access requests are concentrated just by increasing the amount of information required for authentication processing, the burden of information processing on the capacity server increases and response to access requests decreases. There is a fear. Also, if the key server goes down, authentication processing between the client object and the target object cannot be performed.
[0008] また、後者の先行技術においては、内部ネットワーク 140に接続された複数の機器 間での制御信号、および外部ネットワーク 150から複数の機器への制御信号を取捨 選択するための所定条件を変更する毎に、ユーザがユーザ端末 110またはホームサ ーバ 100に設けた設定要求入力手段を用いて更新を行わなければならず、作業が煩 雑であるという問題がある。 [0008] In the latter prior art, the predetermined conditions for selecting control signals between a plurality of devices connected to the internal network 140 and control signals from the external network 150 to the plurality of devices are changed. Each time, the user must update using the setting request input means provided in the user terminal 110 or the home server 100, and there is a problem that the work is complicated.
発明の開示  Disclosure of the invention
[0009] そこで、本発明は、上記問題点に鑑みて為されたものであり、その目的とするところ は、インターネットのような WAN (ワイドエリアネットワーク)がダウンしても、 LAN (ロー カルエリアネットワーク)内においてはセキュア通信を行える環境を確保できるとともに [0009] Therefore, the present invention has been made in view of the above problems, and its object is to provide a LAN (local area) even if a WAN (wide area network) such as the Internet goes down. (Network) can secure an environment where secure communication is possible
、 LAN内における設備機器の環境設定に変更がある度に、 LAN内における設備機 器同士のアクセスを許可する力否かの認証処理に必要な情報を自動的に更新する ことのできるネットワークシステムを提供することにある。 Every time there is a change in the environmental settings of the equipment in the LAN, the equipment in the LAN The object is to provide a network system that can automatically update the information necessary for authentication processing of whether or not it is possible to permit access between devices.
[0010] すなわち、本発明のネットワークシステムは、各々が識別子の付されたオブジェクト を有する複数の設備機器およびローカルサーバが接続される LANと、 LANが接続 される WANとを含み、 WANには、センターサーバおよび識別子の付されたォブジ ェ外を有する少なくとも一つの設備機器が接続され、設備機器の一つが設備機器の 別の一つに対して、前記識別子を用いてオブジェクトの実行要求を行えるネットヮー クシステムであって、  [0010] That is, the network system of the present invention includes a LAN to which a plurality of equipment and local servers each having an object with an identifier attached, and a WAN to which the LAN is connected. A network server that is connected to the center server and at least one equipment having an identifier outside the object, and one of the equipment can make an object execution request to the other of the equipment using the identifier. System,
センターサーバは、 LANに接続された設備機器および WANに接続された設備機 器について、設備機器同士のアクセスの承認に関する識別子の対応関係が設定さ れるセンター記憶部を含み、 LAN内の設備機器の識別子情報をローカルサーバか ら受け取ると、当該識別子情報に基づいて、センター記憶部に記憶された識別子の 対応関係のうち、 LAN内の設備機器同士のアクセスの承認に関する識別子の対応 関係のみを抽出してローカルサーバに送信し、  The center server includes a center storage unit in which a correspondence relationship of identifiers related to approval of access between facility devices is set for the facility devices connected to the LAN and the facility devices connected to the WAN. When the identifier information is received from the local server, based on the identifier information, only the correspondence relationship of the identifiers related to the approval of access between the equipment devices in the LAN is extracted from the correspondence relationships of the identifiers stored in the center storage unit. To the local server
ローカルサーバは、前記センターサーノから受信した前記識別子の対応関係を記 憶するローカル記憶部と、設備機器の一つが設備機器の別の一つにオブジェクトの 実行要求を行う時、オブジェクトの実行要求が LAN内における設備機器同士のァク セスであるかどうか、および当該アクセスを許可するかどうかについてローカル記憶 部の設定内容に基づいて判定する照合部とを有し、  The local server stores the correspondence between the identifiers received from the center sano, and when one of the facility devices makes an object execution request to another one of the facility devices, the object execution request is received. A verification unit that determines whether the access is between facilities in the LAN and whether to allow the access based on the settings of the local storage unit,
照合部が、オブジェクトの実行要求は LAN内における設備機器同士のアクセスで あり、当該アクセスを許可すると判定する時、ローカルサーバからアクセス許可信号 が出力され、設備機器の一つから要求されたオブジェ外が設備機器の別の一つに よって実行されることを特徴とする。  When the verification unit determines that the object execution request is an access between the equipment devices in the LAN and the access is permitted, an access permission signal is output from the local server, and the object request requested from one of the equipment devices is outside the object. Is executed by another one of the equipment.
[0011] 尚、上記ネットワークシステムにおいて、 WANに接続される少なくとも一つの設備 機器は、 WANに直接接続される設備機器(図 1参照)であっても良いし、他の LAN に設けたローカルサーバ (ゲートウェイ)を介して間接的に WANに接続される設備機 器(図 6参照)であっても良 、。 [0011] In the above network system, at least one facility device connected to the WAN may be a facility device directly connected to the WAN (see Fig. 1), or a local server provided in another LAN. It may be equipment (see Fig. 6) that is indirectly connected to the WAN via a (gateway).
[0012] 上記したネットワークシステムにおいて、照合部が、オブジェクトの実行要求は LAN 内における設備機器同士のアクセスでないと判定する時、オブジェクトの実行要求に 用いられた識別子がローカルサーノ からセンターサーバに転送され、センターサー バは、センター記憶部の内容と照合することにより当該アクセスを許可するかどうかを 判定するセンター照合部を有し、当該アクセスを許可する場合は、センターサーバか らローカルサーバを介してアクセス許可信号が出力され、設備機器の一つから要求 されたオブジェクトが設備機器の別の一つによって実行されることが好ましい。照合 部力 オブジェクトの実行要求は LAN内における設備機器同士のアクセスでないと 判定する場合に、即座にアクセス拒否信号を発行しても良いが、上記のように、 LAN 外の設備機器と LAN内の設備機器の間のアクセスを承認するかどうかをセンターサ 一バで再判定することにより、 LAN内外を問わずセキュア通信の管理を行えるので、 より顧客満足度の高いネットワークシステムを実現することができる。 [0012] In the network system described above, the collation unit sends an object execution request to the LAN. When it is determined that the access is not between the equipment in the network, the identifier used for the object execution request is transferred from the local server to the center server, and the center server checks the access by checking the contents of the center storage unit. When a center verification unit that determines whether or not to permit is permitted and the access is permitted, an access permission signal is output from the center server through the local server, and the object requested from one of the equipment is installed in the facility. Preferably it is performed by another one of the devices. Verification Force When it is determined that the object execution request is not an access between the equipment in the LAN, an access denial signal may be issued immediately, but as described above, the equipment in the LAN and the equipment in the LAN By re-determining whether or not access between facilities is approved by the center server, it is possible to manage secure communications regardless of inside or outside of the LAN, thus realizing a network system with higher customer satisfaction. .
[0013] また、ローカルサーバは、あら力じめ LAN内のすべての設備機器の識別子の取得 を行うとともに、取得した識別子をセンターサーバへ通知し、この通知に基づいてセ ンターサーノから抽出された LAN内の設備機器同士のアクセスの承認に関する識 別子の対応関係をローカル記憶部に設定する初期設定機能を有することが好ましい 。この場合は、初期設定において設備機器側で WAN側の認証サーバのアドレスを 設定する必要がなぐ煩雑な初期設定作業への LANユーザの負担を軽減すること ができる。 [0013] In addition, the local server preliminarily acquires the identifiers of all the equipment in the LAN, notifies the center server of the acquired identifiers, and extracts the LAN extracted from the center sano based on this notification. It is preferable to have an initial setting function for setting the correspondence relationship of the identifiers regarding the approval of access between the facility devices in the local storage unit. In this case, it is possible to reduce the burden on the LAN user for the complicated initial setting work that does not require the setting of the WAN authentication server address on the equipment side in the initial setting.
[0014] 上記したネットワークシステムにおいて、設備機器同士のアクセスの認証処理に使 用される識別子は、オブジェ外を実行すべき設備機器に関する情報を提供する固 有識別子 (オブジェクト識別子)と、設備機器において実行されるオブジェクトの内容 (例えば、設備機器の現在状態を示す変数、設備機器を制御するための関数、設備 機器の状態変化の発生を示すイベント情報)に基づ 、て定義されるインターフェース 識別子の少なくとも一方を含むことが好ましい。また、ローカル記憶部力 LAN内の 設備機器同士のアクセスの承認に関する識別子の対応関係として、オブジェクトの実 行を要求する設備機器の固有識別子と、オブジェ外の実行を要求された設備機器 の固有識別子およびインターフェース識別子の組み合わせとの対応関係が設定され るテーブルを含むことがさらに好ましい。 [0015] また、照合部が、オブジェクトの実行要求は LAN内における設備機器同士のァク セスであり、当該アクセスを許可すると判定する時、ローカルサーバは、アクセス許可 信号を少なくともオブジェクトの実行を要求する設備機器に送信することが好ましい。 一方、照合部が、オブジェクトの実行要求は LAN内における設備機器同士のァクセ スであるが、当該アクセスを許可しないと判定する時、ローカルサーバは、アクセス拒 否信号を少なくともオブジェクトの実行を要求する設備機器に送信することが好まし い。 [0014] In the network system described above, an identifier used for authentication processing of access between facility devices includes a unique identifier (object identifier) that provides information related to the facility device to be executed outside the object, and the facility device. The interface identifier defined based on the contents of the object to be executed (for example, a variable indicating the current state of the equipment, a function for controlling the equipment, and event information indicating the occurrence of a change in the state of the equipment) It is preferable to include at least one. In addition, as a correspondence relationship between identifiers for access authorization between facility devices in the local storage capacity LAN, a unique identifier of the facility device that requests execution of the object, and a unique identifier of the facility device that is requested to execute outside the object It is further preferable to include a table in which a correspondence relationship with a combination of interface identifiers is set. [0015] When the collation unit determines that the object execution request is an access between the equipment devices in the LAN and the access is permitted, the local server requests at least the object execution with an access permission signal. It is preferable to transmit to the equipment to be performed. On the other hand, when the collation unit determines that the object execution request is an access between the equipments in the LAN, but the access is not permitted, the local server requests at least the object execution with an access denial signal. It is preferable to send it to the equipment.
[0016] また、センター照合部が、当該アクセスを許可しないと判定する時、センターサーバ 力 一カルサーバを介してアクセス拒否信号を少なくともオブジェクトの実行を要求 する設備機器に送信することが好まし ヽ。  [0016] When the center verification unit determines that the access is not permitted, it is preferable to transmit an access denial signal to at least the equipment that requests execution of the object via the center server.
[0017] 本発明のさらなる特徴およびそれがもたらす効果は,以下に述べる発明を実施する ための最良の形態に基づいてより明確に理解されるだろう。 [0017] Further features of the present invention and the effects it provides will be more clearly understood based on the best mode for carrying out the invention described below.
図面の簡単な説明  Brief Description of Drawings
[0018] [図 1]本発明の第 1実施形態に力かるネットワークシステムの概略図である。 FIG. 1 is a schematic diagram of a network system according to a first embodiment of the present invention.
[図 2]同ネットワークシステムのゲートウェイの構成図である。  FIG. 2 is a configuration diagram of a gateway of the network system.
[図 3] (A)は同ネットワークシステムの設備機器の構成図であり、 (B)は設備機器に搭 載される MOSの構成図である。  [Fig. 3] (A) is a configuration diagram of equipment in the network system, and (B) is a configuration diagram of MOS installed in the equipment.
[図 4]ゲートウェイにアクセス許可情報を初期設定する方法を示すフローチャートであ る。  FIG. 4 is a flowchart showing a method for initially setting access permission information in a gateway.
[図 5]センターサーバからゲートウェイへのアクセス許可情報の抽出例を示す図であ る。  FIG. 5 is a diagram showing an example of extracting access permission information from the center server to the gateway.
[図 6]センターサーノ からゲートウェイへのアクセス許可情報の別の抽出例を示す図 である。  FIG. 6 is a diagram showing another example of extracting access permission information from the center Sano to the gateway.
[図 7]本発明のネットワークシステムの動作を示すフローチャートである。  FIG. 7 is a flowchart showing the operation of the network system of the present invention.
[図 8]同ネットワークシステムにおける認証キーの配布方法を示す図である。  FIG. 8 is a diagram showing an authentication key distribution method in the network system.
[図 9]図 8の配布方法の変更例を示す図である。  FIG. 9 is a diagram showing a modification of the distribution method in FIG.
[図 10]同ネットワークシステムにおける認証キーの別の配布方法を示す図である。  FIG. 10 is a diagram showing another method for distributing the authentication key in the network system.
[図 11]図 10の配布方法の変更例を示す図である。 [図 12]同ネットワークシステムにおける認証キーのさらに別の配布方法を示す図であ る。 FIG. 11 is a diagram showing a modification of the distribution method in FIG. FIG. 12 is a diagram showing still another method for distributing the authentication key in the network system.
[図 13]同ネットワークシステムにおける認証キーの他の配布方法を示す図である。  FIG. 13 is a diagram showing another method for distributing the authentication key in the network system.
[図 14]同ネットワークシステムにおける認証キーのさらに他の配布方法を示す図であ る。  FIG. 14 is a diagram showing still another method of distributing the authentication key in the network system.
[図 15]本発明の第 2実施形態に力かるネットワークシステムの概略図である。  FIG. 15 is a schematic diagram of a network system according to the second embodiment of the present invention.
[図 16]同ネットワークシステムの動作例を示す図である。  FIG. 16 is a diagram showing an operation example of the network system.
[図 17]第 2実施形態の変更例に力かるネットワークシステムの概略図である。  FIG. 17 is a schematic diagram of a network system that works on a modification of the second embodiment.
[図 18]従来のネットワークシステムの概略図である。  FIG. 18 is a schematic diagram of a conventional network system.
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0019] 以下、本発明のネットワークシステムを好ましい実施形態に基づいて詳細に説明す る。 Hereinafter, the network system of the present invention will be described in detail based on a preferred embodiment.
(第 1実施形態)  (First embodiment)
図 1に示すように、本実施形態のネットワークシステムは、センターサーノ 5が接続さ れるインターネットのような WAN (ワイドエリアネットワーク) 4と、サーバとして機能する ゲートウェイ 3を介して WAN4に接続される LAN (ローカルエリアネットワーク) 1と、 L ANはび WAN4に接続される複数の設備機器 2とを含み、設備機器の任意の一つ 力 設備機器の別の一つに対してオブジェクトの実行要求を行えるようになつている  As shown in FIG. 1, the network system of the present embodiment includes a WAN (wide area network) 4 such as the Internet to which the center sano 5 is connected, and a LAN connected to the WAN 4 via a gateway 3 that functions as a server. (Local Area Network) 1 and LAN and multiple equipment 2 connected to WAN4, and can execute an object execution request to any one of the equipment and another one of the equipment Like
[0020] LAN1は、イーサネット(登録商標)のような通信規格に基づいて構築される。 LAN 1に接続されるゲートウェイ 3は、図 2に示すように、 LAN1を集線するハブ部 30、通信 部 31、モデム部 32、オブジェクトアクセスサーバというサーバ機能部(OAS : Object Ac cess Saver) 33とを備え、このサーバ機能部 33には、 LAN 1に接続された設備機器 2 のみに関して、設備機器 2同士のアクセスの承認に関する情報が記憶されるローカル 記憶部(図示せず)と、ローカル記憶部に記憶された許可情報を用いて設備機器 2同 士のアクセスを許可するかどうかを照合するローカル照合部としての機能を備えた口 一カル認証サーバ 34 (Local AuthenticationSever:以下、ローカル AS34と呼ぶ)が設 けられている。 [0021] センターサーバ 5は、 WAN4であるインターネット上に設置されるもので、搭載する サーバ機能部 (OAS) 50は、ゲートウェイ 3のサーバ機能部 33と実質的に同様な機能 を有する。このサーバ機能部 50には、 LAN1および WAN4に接続されたすベての設 備機器に関して、設備機器 2同士のアクセスの承認に関する情報が記憶されるセンタ 一記憶部(図示せず)と、センター記憶部に記憶された情報を用いて、 LAN1外の設 備機器 2同士あるいは LAN外の設備機器と LAN内の設備機器同士のアクセスを許 可するかどうかを照合するセンター照合部としての機能を備えたセンター認証サーバ 52 (Center Authentications ever:以下、センター AS52と呼ぶ)が設けられて!/、る。 [0020] The LAN 1 is constructed based on a communication standard such as Ethernet (registered trademark). As shown in FIG. 2, the gateway 3 connected to the LAN 1 includes a hub unit 30 for concentrating the LAN 1, a communication unit 31, a modem unit 32, and a server function unit (OAS: Object Access Saver) 33 called an object access server. The server function unit 33 includes a local storage unit (not shown) for storing information related to access approval between the facility devices 2 only for the facility device 2 connected to the LAN 1, and a local storage unit. A local authentication server 34 (Local Authentication Server: hereinafter referred to as Local AS 34) that has a function as a local verification unit that verifies whether or not to permit access by two devices. Is installed. The center server 5 is installed on the Internet, which is the WAN 4, and the installed server function unit (OAS) 50 has substantially the same function as the server function unit 33 of the gateway 3. The server function unit 50 includes a central storage unit (not shown) that stores information related to access approval between the facility devices 2 for all the facility devices connected to the LAN 1 and the WAN 4, and a center. Using the information stored in the storage unit, it functions as a center verification unit that verifies whether access is permitted between equipment 2 outside LAN1 or between equipment outside LAN and equipment inside LAN A center authentication server 52 (Center Authentications ever: hereinafter referred to as the center AS52) is provided!
[0022] 本ネットワークシステムに使用される設備機器 2は、通信機能を備えたビルや住宅 内に設置されるものであり、例えば、環境設備 (照明、空調)、防犯'防災設備、これら 設備に用いる温度センサ、輝度センサ、人感センサ、火災感知センサ等がある。  [0022] The equipment 2 used in this network system is installed in a building or house having a communication function. For example, environmental equipment (lighting, air conditioning), crime prevention / disaster prevention equipment, There are a temperature sensor, a luminance sensor, a human sensor, a fire sensor, etc. to be used.
[0023] 設備機器 2の基本構成は、図 3 (A)に示すように、設備機器独自のサービスを提供 するための機能部 20と、この機能部 20にインターフェース部 21とバス 22とを介して動 作指示 (動作制御)するための関数を与えたり、機能部 20の現在状態を示す変数を 取得したり、更には機能部 20の状態変化が発生したことを示すイベント情報を取得す る処理を行う情報処理部 23と、ネットワーク通信 (イーサネット(登録商標)規格の通信 )のための通信部 24とを備え、情報処理部 23内の記憶部 25には本システムにおける オブジェクト機能を実現するためのモジュール部 MOS (Micro Object Server)が組み 込まれている。  [0023] As shown in Fig. 3 (A), the basic configuration of the equipment device 2 includes a functional unit 20 for providing a service unique to the equipment device, and an interface unit 21 and a bus 22 connected to the functional unit 20. Function for instructing operation (operation control), obtaining a variable indicating the current state of the function unit 20, and obtaining event information indicating that a change in the state of the function unit 20 has occurred. An information processing unit 23 that performs processing and a communication unit 24 for network communication (Ethernet (registered trademark) standard communication) are provided. The storage unit 25 in the information processing unit 23 implements an object function in this system. Module part MOS (Micro Object Server) is built in.
[0024] ここで、ゲートウェイ 3が備えて 、るサーバ機能部(OAS) 33は、本システムの設備機 器 2のネットワークの繋がり方を隠すためのオブジェクトルータとしての機能を実現す るソフト、設備機器 2のオブジェクトにアクセスすることで、当該設備機器 2の機能部 20 が提供するサービスをユーザが享受するために実行される各種アプリケーションソフ ト、更に異種のプロトコルを変換して本システムにシームレスに繋ぐためのプロトコル ブリッジサービスや、センターサーノ 5との間の通信に用いるプロトコルを SOAP (Sim pleObject Access Protocol)に変換してフアイャウォールを通過させるためのフアイャ ウォール ·ブリッジ ·サービス等の追加可能なサービス機能を実現するソフト等力 構 成される。 [0025] また、本実施形態のゲートウェイ 3のサーバ機能部 33内に設けたローカル AS34は、 設備機器 2のモジュール部 MOSが有するオブジェクト毎に、当該オブジェクトの識別 子(更には秘密鍵若しくはユーザ名、パスワード)と、当該オブジェクトに対する許可 を持つ識別子 (又はユーザ名と許可情報)を保持するローカル記憶部と、認証や後 述する認証キー及びアクセスコントロールを行う演算手段としてのローカル照合部と をサーバ機能部 33の記憶手段及び演算手段と共用するようになっている。尚、サー バ機能部 33とローカル AS34とは、ハードウェア的にもソフトウェア的にも別体で構成し ても良い。 [0024] Here, the server function unit (OAS) 33 provided in the gateway 3 is a software and facility that realizes a function as an object router for hiding the network connection of the facility device 2 of this system. By accessing the object of the device 2, various application software executed for the user to enjoy the service provided by the functional unit 20 of the facility device 2, and different protocols can be converted into the system seamlessly. Protocol for connecting Bridge service and additional service functions such as firewall bridge service for converting the protocol used for communication with CenterSano 5 to SOAP (Simple Object Access Protocol) and passing through the firewall The software is configured to achieve this. In addition, the local AS 34 provided in the server function unit 33 of the gateway 3 according to the present embodiment is provided for each object included in the module unit MOS of the equipment 2 for each object identifier (and further, a secret key or a user name). , Password), a local storage unit that holds an identifier (or user name and permission information) having permission for the object, and a local verification unit as a computing means for performing authentication, an authentication key and access control described later. This is shared with the storage means and calculation means of the functional unit 33. The server function unit 33 and the local AS 34 may be configured separately from each other in hardware and software.
[0026] 本発明のネットワークシステムには、上記した設備機器 2の他に、パソコンや携帯端 末 (携帯電話機、 PDA等の通信機能付き端末)等のクライアント用端末 6が LAN1や WAN4に接続可能である。クライアント用端末 6は、当該ネットワークシステムにおい て提供サービスを享受するためのクライアント用ソフト(OAL: Object Access Library) やクライアント用アプリケーション (ソフト)等を搭載したコンピュータ装置力もなるもの で、インターネットのような WAN4上から設備機器 2のモジュール部 MOSのォブジェク トに対する実行要求が行え、またクライアント用アプリケーションを実行することで設備 機器 2が提供するサービス、つまり設備機器 2への制御要求や、設備機器 2側からの 監視情報 (変数、イベント情報)を所望する形で享受することができる。  [0026] In the network system of the present invention, in addition to the equipment 2 described above, a client terminal 6 such as a personal computer or a mobile terminal (terminal having a communication function such as a mobile phone or PDA) can be connected to the LAN 1 or WAN 4 It is. The client terminal 6 also has the power of a computer device equipped with client software (OAL: Object Access Library) and client application (software) to enjoy the service provided in the network system. Execution requests can be made to the MOS object of the module part of the equipment 2 from the WAN4, and the services provided by the equipment 2 by executing the client application, that is, control requests to the equipment 2 and the equipment 2 side Monitoring information (variables, event information) can be enjoyed in the desired form.
[0027] 本実施形態のネットワークシステムは、 OSI7階層モデルからなり、設備機器 2の情 報処理部 23のモジュール部 MOSがクライアント用端末 6や他の設備機器 2に変数、ィ ベント情報を渡したり、或いは関数を受け取る等のための独自プロトコル (OAP)から アプリケーション層を構成し、この OAPを用いてサーバ機能部(OAS)と設備機器 2の モジュール部 MOSとの間の情報授受を行うようになっている。ここに、モジュール部 M OSは、図 3 (B)に示すように、設備機器 2のためのアプリケーション部 26と、 OSI7階層 モデルに対応したソフトウェア通信モジュール 27と、機能部 20との間の情報の授受の ためのハードウェア通信モジュール 28とから構成される。ソフトウェア通信モジュール 27は、 OSI7階層のネットワーク層〜プレゼンテーション層におけるプロトコルを担うも のであって、上述の OAPの定義や TCP、 UDPの統合を行っている。  [0027] The network system of the present embodiment is composed of an OSI7 hierarchical model, and the module unit MOS of the information processing unit 23 of the equipment device 2 passes variables and event information to the client terminal 6 and other equipment devices 2. Or, configure the application layer from the original protocol (OAP) for receiving functions, etc., and use this OAP to exchange information between the server function unit (OAS) and the module unit MOS of the equipment 2 It has become. Here, as shown in FIG. 3 (B), the module part M OS is the information between the application part 26 for the equipment 2, the software communication module 27 corresponding to the OSI7 hierarchical model, and the function part 20. It consists of a hardware communication module 28 for sending and receiving. The software communication module 27 is responsible for the protocols in the network layer to presentation layer of the OSI7 layer, and performs the above-mentioned OAP definition and integration of TCP and UDP.
[0028] ところで、上述の各設備機器 2は、機能部 20がサービス提供のための処理を行う際 に用いる 1乃至複数の設備側オブジェクトを情報処理部 23内に組み込まれたモジュ ール部 MOSの下で有するとともに、夫々の設備側オブジェクトには、オブジェクトを実 行すべき設備機器に関する情報を提供する固有識別子 (オブジェクト識別子: OID) と、設備機器において実行されるオブジェクトの内容 (例えば、設備機器 2の現在状 態を示す変数、設備機器 2を制御するための関数、設備機器 2の状態変化の発生を 示すイベント情報、設備機器 2の実行する機能など)によって定義されるインターフエ ース識別子 (IID)を 1乃至複数持たせてある。したがって、固有識別子 (OID)はォブ ジェタト固有であり、インターフェース識別子(IID)は定義内容が同一のインターフエ ースに割り当てることができる。尚、設備側オブジェクトの実行は、設備側オブジェクト の固有識別子(OID)或いはインターフェース識別子 (IID)又は両者の組み合わせを 用いた実行要求を情報処理部 23がゲートウェイ 3内のサーバ機能部 33から受け取つ たときに為される。具体的には、特定の設備側オブジェクト下の特定のインターフエ ースに対応する実行要求の場合には、 OIDと IIDの組み合わせが用いられ、同じ定義 内容のインターフェースが複数の設備機器 2の設備側オブジェクト下にある場合は、 当該インターフェースの IIDのみで実行要求を行うこともできる。 [0028] By the way, each of the equipment devices 2 described above is used when the function unit 20 performs a process for providing a service. It has one or more equipment-side objects used in the module under the module MOS incorporated in the information processing section 23, and each equipment-side object is provided with information on the equipment on which the object is to be executed. Unique identifier (object identifier: OID) and the contents of the object executed in the equipment (for example, a variable indicating the current state of the equipment 2, a function for controlling the equipment 2, a change in the state of the equipment 2 One or more interface identifiers (IID) defined by the event information indicating the occurrence of the event and the function executed by the facility device 2). Therefore, the unique identifier (OID) is unique to the object, and the interface identifier (IID) can be assigned to the same defined interface. For execution of equipment-side objects, the information processing unit 23 receives an execution request using the unique identifier (OID) or interface identifier (IID) of the equipment-side object or a combination of both from the server function unit 33 in the gateway 3. It is done when. Specifically, in the case of an execution request corresponding to a specific interface under a specific facility-side object, a combination of OID and IID is used, and an interface with the same definition content has multiple facilities 2 facilities. If it is under the side object, an execution request can be made only with the IID of the interface.
[0029] 本発明のネットワークシステムにおいて、セキュア通信を実行する場合の動作を説 明する前に、ゲートウェイ 3のローカル AS34にアクセス許可情報を初期設定する方法 について説明する。 [0029] A method of initializing access permission information in the local AS 34 of the gateway 3 will be described before describing the operation in the case of executing secure communication in the network system of the present invention.
[0030] システム立ち上がり時には、図 4に示すように、ゲートウェイ 3のサーバ機能部 33は L AN1に接続されている設備機器 2をブロードキャスト又はマルチキャストによって検出 する処理を行って、 LAN1上の設備機器 2の IPアドレス等ネットワーク通信に必要な 情報を取得する。そして接続処理後、サーバ機能部 33のローカル AS34は各設備機 器に対して、設備側オブジェクトの OID或いはその下のインターフェースの IID又は 01 Dと IIDの組み合わせ情報を報告するよう要求する (ステップ Sl)。  [0030] At the time of starting the system, as shown in FIG. 4, the server function unit 33 of the gateway 3 performs a process of detecting the equipment 2 connected to the LAN 1 by broadcast or multicast, and the equipment 2 on the LAN 1 Acquire information necessary for network communication such as IP address. After the connection process, the local AS 34 of the server function unit 33 requests each equipment device to report the OID of the equipment object or the IID of the interface below or the combination information of 01D and IID (step Sl ).
[0031] この要求に対応して、ローカル AS34は、設備機器 2から順次送られてきた識別子情 報を取得し (ステップ S2)、これらの識別子情報を LAN1内の設備機器のネットワーク 通信 (TCP/IPベース)上の識別子である IPアドレスと対応付けてローカル記憶部に 接続設備情報用テーブルとして記憶保持する。尚、各設備機器 2からブロードキャス ト若しくはマルチキャストによりゲートウェイ 3の IPアドレスを取得し、ゲートウェイ 3のサ ーバ機能部 33のローカル AS34との間の通信を可能にしても良い。また、ローカル AS3 4を LAN1上にゲートウェイ 3のサーバ機能部 33とは別体に設けて 、る場合 (或いはサ ーバ機能部 33を設けず、ローカル AS34を単独に設けている場合)も、各設備機器 2か らブロードキャスト若しくはマルチキャストにより直接当該ローカル AS34の IPアドレスを 取得することで、ローカル AS34との間の通信が可能になる。尚、本実施形態におい ては、設備機器 2側で予め WAN4上のセンターサーバ 5 (センター AS52)の IPアドレス を設定する必要はない。 [0031] In response to this request, the local AS 34 acquires the identifier information sequentially sent from the equipment 2 (step S2), and uses the identifier information for network communication (TCP / It is stored in the local storage unit as a connected equipment information table in association with the IP address that is the identifier on the IP base. In addition, from each equipment 2 broadcast The IP address of gateway 3 may be acquired by network or multicast, and communication with local AS 34 of server function unit 33 of gateway 3 may be enabled. In addition, when the local AS3 4 is provided separately from the server function unit 33 of the gateway 3 on the LAN 1 (or when the local AS 34 is provided independently without providing the server function unit 33), By obtaining the IP address of the local AS 34 directly from each equipment device 2 by broadcast or multicast, communication with the local AS 34 becomes possible. In this embodiment, it is not necessary to set the IP address of the center server 5 (center AS 52) on the WAN 4 in advance on the equipment device 2 side.
[0032] その後、ゲートウェイ 3のサーバ機能部 33は、ローカル AS34の働きとしてインターネ ット 4上のセンターサーノ 5のサーノ機能部 50に対して自己の配下の設備機器 2から 取得した識別子情報を送る処理を行う(ステップ S3)。この処理は定期的に、または L AN1内の設備機器 2の環境設定 (たとえば、設備機器の追加や廃棄など)に変更が ある度に行われる。 [0032] After that, the server function unit 33 of the gateway 3 sends the identifier information acquired from the subordinate equipment 2 to the Sano function unit 50 of the center Sano 5 on the Internet 4 as a function of the local AS 34. Processing is performed (step S3). This process is performed periodically or whenever there is a change in the environment setting of equipment 2 in LAN 1 (for example, addition or disposal of equipment).
[0033] センターサーバ 5のセンター AS52は、センター記憶部に保存されているアクセス許 可情報のデータベースからゲートウェイ 3の配下にある LAN1内の設備機器 2同士の 通信に関する識別子情報のみを抽出し、この識別子情報を LAN内通信に関するァ クセス許可情報としてゲートウェイ 3のローカル AS34に送る(ステップ S4)。センターサ ーノ 5のセンター AS52から取得したアクセス許可情報、すなわち識別子情報は、ゲー トウエイ 3のローカル記憶部に設定される(ステップ S5)。つまり、ゲートウェイ 3でのァク セス許可情報の設定は、 LANユーザがマニュアルで行わなくても、センター AS52か らの許可情報を取得することによって自動的に行えることになる。  [0033] The center AS 52 of the center server 5 extracts only identifier information relating to communication between the equipment 2 in the LAN 1 under the gateway 3 from the database of access permission information stored in the center storage unit. The identifier information is sent to the local AS 34 of the gateway 3 as access permission information related to intra-LAN communication (step S4). The access permission information acquired from the center AS 52 of the center sano 5, that is, the identifier information is set in the local storage unit of the gateway 3 (step S 5). In other words, access permission information can be automatically set in the gateway 3 by obtaining permission information from the center AS 52, without manual operation by the LAN user.
[0034] 尚、センターサーバ 5は、 WAN4であるインターネットに接続されて ヽる設備機器 2 について、ゲートウェイ 3の場合と同様に、オブジェクトの OIDやインターフェースの IID の識別子情報をサーバ機能部 50及びセンター AS52の働きによって取得することがで きる。  [0034] As with the gateway 3, the center server 5 sends the identifier information of the object OID and interface IID to the server function unit 50 and the center for the equipment 2 connected to the Internet, which is WAN4. It can be obtained by the function of AS52.
[0035] また、ローカル AS34における許可情報の設定、つまり LAN1内における設備機器 2 同士の間でのオブジェクトの実行要求に対するアクセス許可情報は、オブジェクト識 別子 (OID)および Zある 、はインターフェース識別子 (IID)の識別子情報をテーブル 化したものによって提供される。すなわち、アクセス要求する側の設備機器 2のォブジ ェクト識別子(OID)及び Zある 、はインターフェース識別子 (IID)と、アクセス要求さ れる側の設備機器 2のオブジェクト識別子(OID)及び Zある 、はインターフェース識 別子 (IID)とを対応付けてテーブルィ匕した許可情報をセンター AS52から取得して上 述のようにローカル AS34に設定を行うのである。 [0035] In addition, setting of permission information in the local AS 34, that is, access permission information for an object execution request between the equipment 2 in the LAN 1, is an object identifier (OID) and Z is an interface identifier ( IID) identifier information table Provided by That is, the object identifier (OID) and Z of the equipment device 2 on the access request side are the interface identifier (IID), and the object identifier (OID) and Z of the equipment device 2 on the access request side are the interface The authorization information that is associated with the identifier (IID) and stored in a table is acquired from the center AS 52 and set in the local AS 34 as described above.
[0036] 尚、 LAN1内の設備機器 2と LAN1外の設備機器 2同士の通信許可情報は予めセ ンター AS52に設定される。すなわち、センター AS52には、 LAN1に接続された設備 機器 2同士のアクセス許可情報の他に LAN1に接続された設備機器 2と WAN4に接 続された設備機器 2同士の間のアクセス許可情報が、アクセス要求する側の設備機 器のオブジェクト識別子(OID)及び Zあるいはインターフェース識別子 (IID)と、ァク セス要求される側の設備機器のオブジェクト識別子(OID)及び Zあるいはインターフ エース識別子 (IID)との対応付けによって予め設定される。  Note that communication permission information between the equipment 2 in the LAN 1 and the equipment 2 outside the LAN 1 is set in the center AS 52 in advance. That is, in the center AS52, access permission information between the equipment 2 connected to the LAN 1 and the equipment 2 connected to the WAN 4 in addition to the access permission information between the equipment 2 connected to the LAN 1 The object identifier (OID) and Z or interface identifier (IID) of the equipment that requests access, and the object identifier (OID) and Z or interface identifier (IID) of the equipment that requests access It is preset by the association.
[0037] 一例として、センターサーバ 5のセンター記憶部に格納される許可情報テーブルを 表 1および表 2に示す。表 1に示すセンター ASテーブルには、 LAN内外を問わず、 ネットワークシステムに接続されたすベての設備機器 2に関して、アクセスを要求する 設備機器のオブジェ外識別子 (OID)と、アクセスが許可される設備機器の識別子情 報 (本例では、オブジェクト識別子(OID)とインターフェース識別子 (IID)の組み合わ せ)および" r (読み込み許可) "、 "w (書き込み許可) "、 "x (実行許可) "によって示さ れるアクセス許可の種類との対応関係がリストされている。尚、表中、 " * * * "は、ィ ンターフェース識別子についての指定はなぐ任意のインターフェース識別子に対し てアクセス可能であることを示している。また、オブジェクト識別子に" * * * "が付さ れた場合は、オブジェクト識別子によらず、インターフェースが共通する設備機器へ のアクセスが許可される。要するに、オブジェクト識別子のみを指定する場合は、ある システム内のオブジェクト同士では全てのインターフェースへのアクセスをお互いに 認め、インターフェース識別子だけ指定する場合は、あるシステムもしくはアプリケー シヨン特有のインターフェースに関して、オブジェクトを指定せずに許可することで、 アプリケーション特有の機能だけオブジェクトにかかわらずアクセス可能となる。 As an example, Tables 1 and 2 show permission information tables stored in the center storage unit of the center server 5. In the center AS table shown in Table 1, the outside-object identifier (OID) of the equipment that requests access to all equipment 2 connected to the network system, whether inside or outside the LAN, and access is permitted. Equipment information (in this example, a combination of object identifier (OID) and interface identifier (IID)) and "r (read permission)", "w (write permission)", "x (execution permission) The correspondence with the permission type indicated by "is listed. In the table, “* * *” indicates that any interface identifier that does not specify the interface identifier can be accessed. If "* * *" is added to the object identifier, access to equipment with a common interface is permitted regardless of the object identifier. In short, when specifying only an object identifier, objects in a system can mutually recognize access to all interfaces, and when specifying only an interface identifier, specify an object for an interface specific to a certain system or application. Permitting without making it possible to access only application-specific functions regardless of the object.
[0038] [表 1] アクセス要求する アクセス許可情報 [0038] [Table 1] Access requesting access permission information
設備機器の OID アクセス許可される アクセス許可される アクセス許可の  Equipment OID access is allowed Access is allowed Access is allowed
設備機器の OID 設備機器の IID 種類  Equipment equipment OID Equipment equipment IID types
OID 1 OID2 * 氺 氺 r/w/x  OID 1 OID2 * 氺 氺 r / w / x
OID3 * * * Γ  OID3 * * * Γ
木 * * IID 1 r/w/x  Thu * * IID 1 r / w / x
OID2 OID 1 IID2 r/ /  OID2 OID 1 IID2 r / /
OID 1 IID3 r/w/  OID 1 IID3 r / w /
OID3 * 木 r  OID3 * Thu r
OID3 OID 1 * * * r/w/  OID3 OID 1 * * * r / w /
OID2 * 氺 氺 r/w/  OID2 * 氺 氺 r / w /
OID4 * 氺 IID 1 r/w/x  OID4 * 氺 IID 1 r / w / x
[0039] また、表 2に示すセンター ASテーブルには、アクセス要求する設備機器のオブジェ タト識別子(OID)とインターフェース識別子 (IID)の組み合わせと、アクセスが許可さ れる設備機器のオブジェクト識別子 (OID)とインターフェース識別子 (IID)の組み合 わせ、およびアクセス許可の種類("r/w/x")との対応関係がリストされている。このよう な識別子の組み合わせ同士の設定を行うことにより、あるオブジェクトに対して、ある 条件のときのみアクセスを認めるような特殊な設定が可能になる。 [0039] In addition, the center AS table shown in Table 2 includes a combination of the object identifier (OID) and interface identifier (IID) of the equipment that requests access, and the object identifier (OID) of the equipment that is permitted to access. And the interface identifier (IID) combination and the access permission type ("r / w / x") are listed. By setting the combination of identifiers in this way, it is possible to make a special setting that allows access to an object only under certain conditions.
[0040] [表 2]  [0040] [Table 2]
[0041] 尚、表 1のセンター ASテーブルにはアクセス要求する設備機器の OIDのみが表示さ れているから、ゲートウェイ (ローカルサーバ)に設定される許可情報を抽出する際は、 ゲートウェイ 3からその配下の設備機器 2の OIDだけがセンターサーノ 5に通知されれ ばよい。一方、表 2のセンター ASテーブルにはアクセス要求する設備機器の OIDおよ び IIDの組み合わせが表示されているから、ゲートウェイに設定される許可情報を抽 出する際は、ゲートウェイ 3からその配下の設備機器 2の OIDと IIDの組み合わせがセ ンターサーバ 5に通知される。要するに、ゲートウェイに設定される許可情報をセンタ 一サーバから抽出する場合は、センターサーバ 5の保有するセンター ASテーブルの 内容 (アクセス許可情報)に基づいて、ゲートウェイ 3からその配下の設備機器 2のォ ブジェクト識別子とインターフェース識別子の少なくとも一方が送信されればよい。尚 、表 2の最下段にあるように、アクセス要求する設備機器のインターフェース識別子だ けが指定される場合は、インターフェースに対応するイベント発生時にのみ他の設備 機器へのアクセスを許可するなどの用途が考えられる。 [0041] The center AS table in Table 1 displays only the OID of the equipment that requests access. Therefore, when extracting the permission information set in the gateway (local server), only the OID of the equipment 2 under the control of the gateway 3 needs to be notified to the center Sano 5. On the other hand, since the combination of the OID and IID of the equipment that requests access is displayed in the center AS table in Table 2, when extracting the permission information set for the gateway, the gateway 3 subordinates it. The combination of OID and IID of equipment 2 is notified to the center server 5. In short, when extracting the permission information set for the gateway from the center one server, the gateway 3 manages the equipment 2 subordinate to it from the gateway 3 based on the contents of the center AS table held by the center server 5 (access permission information). It is sufficient that at least one of the object identifier and the interface identifier is transmitted. As shown in the bottom row of Table 2, if only the interface identifier of the equipment requesting access is specified, there are uses such as permitting access to other equipment only when an event corresponding to the interface occurs. Conceivable.
[0042] 次に、センター ASテーブルに登録されている識別子の許可情報のうち、ゲートゥェ ィ 3のローカル ASテーブルに設定される識別子の許可情報の抽出方法について、図 5および図 6を参照しながらより具体的に説明する。  [0042] Next, with respect to the identifier permission information registered in the center AS table, the method for extracting the identifier permission information set in the local AS table of gateway 3 will be described with reference to FIGS. 5 and 6. This will be described more specifically.
[0043] 図 5のネットワークシステムにおいて、設備機器 Aは、(OIDIJIDI), (OID1, IID2), (0 ID1, IID3)というオブジェクト識別子 OID1と設備機器 Aの有する複数の機能のそれぞ れに対応付けて定義される 3つのインターフェース識別子 (IID1〜IID3)との組み合わ せでなる 3組の識別子情報を有し、設備機器 Bは、(0ID2,IID1), (OID2, IID2)というォ ブジェクト識別子 OID2と設備機器 Bの有する複数の機能のそれぞれに対応付けて定 義される 2つのインターフェース識別子 (IID1,IID2)との組み合わせでなる 2組の識別 子情報を有している。ゲートウェイ 3は、 LAN1内にあるこれら 2つの設備機器 2から識 別子情報を受け取り、センターサーノ 5に送信する。一方、センターサーバ 5には、 L AN1および WAN4のすベての設備機器についてアクセス可能な設備機器の許可情 報が識別子同士の対応関係によって示されたテーブルが格納されており、本例では 、 WAN4に接続された設備機器 Cおよび Dについても、アクセス可能な設備機器の 識別子情報がリストされて 、る。  [0043] In the network system of FIG. 5, equipment A corresponds to each of the object identifier OID1 (OIDIJIDI), (OID1, IID2), (0 ID1, IID3) and the functions of equipment A. 3 sets of identifier information consisting of combinations of three interface identifiers (IID1 to IID3) defined in addition, and equipment B has object identifiers OID2 (0ID2, IID1) and (OID2, IID2). And two sets of identifier information consisting of combinations of two interface identifiers (IID1, IID2) defined in association with each of a plurality of functions of equipment B. Gateway 3 receives the identifier information from these two equipment 2 in LAN 1 and transmits it to Center Sano 5. On the other hand, the center server 5 stores a table in which permission information of facility equipment that can be accessed for all of the equipment of LAN1 and WAN4 is indicated by the correspondence between identifiers. For equipment C and D connected to WAN4, the identifier information of accessible equipment is listed.
[0044] 尚、 LAN1内にある設備機器 2から受け取る情報は、オブジェクト識別子およびイン ターフェース識別子の少なくとも一方だけでもよぐ好ましくはオブジェクト識別子およ びインターフェース識別子の両方を受け取ることが好ましい。また、ゲートウェイ 3が配 下の設備機器 2からオブジェクト識別子およびインターフェース識別子の両方を受け 取った後、センターサーバに保存されているアクセス許可情報テーブルの内容に基 づ 、て、必要な識別子情報のみをセンターサーバに送信するようにしても良 、。 [0044] The information received from the equipment 2 in the LAN 1 includes the object identifier and the It is preferable to receive both an object identifier and an interface identifier, preferably just at least one of the interface identifiers. After gateway 3 receives both the object identifier and the interface identifier from subordinate equipment 2, only necessary identifier information is obtained based on the contents of the access permission information table stored in the center server. It can be sent to the center server.
[0045] 図 5に示すセンター ASテーブルによれば、設備機器 A (OID1)力ものアクセス要求 に対して、 LAN内の設備機器 Bは、識別子の組み合わせ (OID2、 * * * )がァクセ ス許可されている。ここに、 " * * * "はインターフェース識別子が任意であることを示 しているので、具体的には、設備機器 Bの(OID2, IID1)および(OID2, IID2)のそれ ぞれがアクセス許可されていることを意味する。一方、設備機器 B (OID2)からのァク セス要求に対して、 LAN内の設備機器 Aは、識別子の組み合わせ(OIDl、 IID2)お よび(OIDl, IID3)にアクセスが許可されている力 識別子の組み合わせ(OIDl、 IID1 )についは許可されていないことがわかる。  [0045] According to the center AS table shown in Fig. 5, in response to an access request for equipment A (OID1), the equipment combination B in the LAN is permitted to access the combination of identifiers (OID2, * * *). Has been. Here, “* * *” indicates that the interface identifier is optional. Specifically, each of (OID2, IID1) and (OID2, IID2) of equipment B has permission to access. Means that On the other hand, in response to an access request from equipment B (OID2), equipment A in the LAN is authorized to access the identifier combinations (OIDl, IID2) and (OIDl, IID3). It can be seen that the combination of (OIDl, IID1) is not allowed.
[0046] センターサーバ 5が、ゲートウェイ 3から送信された LAN内の設備機器 (A、 B)の識 別子情報の通知を受けると、センター ASテーブル力も設備機器 (A、 B)に関するァク セス許可情報のみを抽出して、ゲートウェイ 3に送信し、図 5の右下表に示されるよう に、ローカル ASテーブルに設定される。尚、テーブルには、 "r (読み込み許可)"、 "w (書き込み許可) "、 "X (実行許可) "によってアクセス許可の種類がそれぞれの識別 子情報に対応付けて表示される。  [0046] When the center server 5 receives the notification of the identifier information of the equipment (A, B) in the LAN transmitted from the gateway 3, the center AS table power also accesses the equipment (A, B). Only the authorization information is extracted and sent to Gateway 3, and is set in the local AS table as shown in the lower right table in Fig. 5. In the table, “r (read permission)”, “w (write permission)”, and “X (execution permission)” indicate the type of access permission associated with each identifier information.
[0047] 図 6は、設備機器 Aおよび Bが接続される第 1LAN (LAN- 1)と、設備機器 Cおよび Dが接続される第 2LAN (LAN- 2)と力 インターネットである WAN4を介してセンタ 一サーノ 5に接続された別のネットワークシステムにおけるアクセス許可情報の抽出 例を示している。第 1LANのローカル ASテーブルには、図 5と同様の手法により、設 備機器 Aと Bの間のアクセス許可情報のみがセンター ASテーブル力も抽出、設定さ れ、第 2LANのローカル ASテーブルには、図 5と同様の手法により、設備機器 Cと D の間のアクセス許可情報のみがセンター ASテーブル力も抽出、設定されている。  [0047] Figure 6 shows the first LAN (LAN-1) to which equipment A and B are connected, the second LAN (LAN-2) to which equipment C and D are connected, and the power via WAN4, which is the Internet. An example of extracting access permission information in another network system connected to Center Isano 5 is shown. In the first LAN's local AS table, only the access permission information between equipment A and B is extracted and set using the same method as in Fig. 5. Using the same method as in Fig. 5, only the access permission information between equipment C and D is extracted and set for the center AS table.
[0048] 尚、上記したネットワークシステムにおいて、ゲートウェイ 3は、サーバ機能部 33を搭 載せず、単にインターネットである WAN4と LAN1との間のプロトコル変換と LAN上 の設備機器 2をインターネットに接続するためのルーティング機能とを備えただけのも のでも良い。この場合、ローカル AS34は、設備機器 2をブロードキャスト又はマルチキ ャストによって検出する処理を行って、 LAN上の設備機器 2の IPアドレス等ネットヮー ク通信に必要な情報を取得する。そして接続処理後 LAN内の各設備機器 2に対して 搭載して ヽるオブジェクトの識別子の要求を行って各オブジェクトの識別子 (後述す る OID及び IID)の取得を行うとともに、取得したオブジェクトの識別子を後述するセン ター AS52へ通知し、この通知に対応してセンター AS52から送られてくる許可情報を 取得して初期設定するようにしてもょ 、。 [0048] In the network system described above, the gateway 3 does not include the server function unit 33, and simply converts the protocol between the WAN 4 and the LAN 1, which are the Internet, on the LAN. It may be provided with a routing function for connecting the facility equipment 2 to the Internet. In this case, the local AS 34 performs processing for detecting the equipment 2 by broadcast or multicast, and acquires information necessary for network communication such as the IP address of the equipment 2 on the LAN. After connection processing, request the identifier of the object to be mounted on each equipment device 2 in the LAN to acquire the identifier of each object (OID and IID described later), and acquire the identifier of the acquired object. May be sent to the center AS52, which will be described later, and the authorization information sent from the center AS52 in response to this notification may be obtained and initialized.
[0049] 上記のように構築されたネットワークシステムにお ヽて、設備機器の一つ (設備機器 A)から別の設備機器 (設備機器 B)に対してオブジェ外の実行に関するアクセス要 求を行う場合の認証動作を図 7に基づいて詳述する。  [0049] In the network system constructed as described above, one of the facility devices (facility device A) makes an access request regarding execution outside the object to another facility device (facility device B). The authentication operation in this case will be described in detail with reference to FIG.
[0050] まず、ネットワーク内の設備機器 A力も設備機器 Bに対してアクセス要求があると (ス テツプ S6)、このアクセス要求はー且ゲートウェイ 3のサーバ機能部 33が受け取り、サ ーバ機能部 33内のローカル AS34において、実行要求先、つまり受信側の設備機器 Bのオブジェクトの OID力 ゲートウェイ 3のローカル記憶部に設定されたテーブルに 存在するかどうかによって、設備機器 Bが LAN内の設備機器であるかどうかが判定さ れる (ステップ S7)。また、設備機器 Bが LAN内の設備機器である場合は、実行要求 を行った送信側の設備機器 Aの識別子情報 (例えば、 OID)と、実行要求先、つまり 受信側の設備機器 Bの識別子情報 (例えば、 OID及び IIDの組み合わせ)との関係が 、ローカル記憶部にアクセス許可情報として設定されたテーブル内に存在するかどう かが照合される (ステップ S8)。この照合作業は、たとえば、ゲートウェイ 3のサーバ機 能部 33に設けたローカル照合部力 所定のプログラムを実行することにより行う。  [0050] First, when there is an access request from the equipment A in the network to the equipment B (Step S6), this access request is received by the server function unit 33 of the gateway 3, and the server function unit In the local AS 34 in 33, the equipment device B in the LAN depends on whether it exists in the table set in the local storage unit of the gateway 3 of the execution request destination, that is, the equipment device B on the receiving side. Is determined (step S7). If the equipment device B is an equipment device in the LAN, the identifier information (for example, OID) of the sending equipment device A that made the execution request and the identifier of the equipment device B on the execution request destination, that is, the receiving equipment device B It is checked whether the relationship with the information (for example, a combination of OID and IID) exists in the table set as access permission information in the local storage unit (step S8). This collation work is performed, for example, by executing a predetermined program of the local collation unit provided in the server function unit 33 of the gateway 3.
[0051] アクセスが許可されて ヽる場合は、許可通知と認証キーの配信を設備機器 A、 Bに 対して行う (ステップ S9)。これにより許可通知とともに認証キーを受け取った設備機 器 (A— B)間でセキュア通信が行われ、オブジェクト実行による情報の授 Z受が可能 となる (ステップ S10)。この場合、ゲートウェイ 3のサーノ機能部 33の接続設備情報用 テーブルを用いたルーティング機能の働きにより設備機器同士では IPアドレス等を特 に意識することなく通信ができる。なお、アクセス許可情報がローカル記憶部に設定 されたテーブルに存在せず、設備機器 A—B間のアクセスが許可されてな ヽ場合に は、ローカル AS34は不許可通知を少なくともオブジェクトの実行を要求する側の設備 機器 Aに配信するので (ステップ S11)、好ましくないアクセスを拒否してセキュア通信 の目的を達成できる。 [0051] When the access is permitted, the permission notice and the authentication key are distributed to the equipment devices A and B (step S9). As a result, secure communication is performed between the equipment (A—B) that has received the authentication key together with the permission notification, and information can be exchanged by executing the object (step S10). In this case, the routing function using the connection facility information table of the sano function section 33 of the gateway 3 allows communication between the facility devices without special awareness of the IP address or the like. The access permission information is set in the local storage unit. If the access between the equipment A and B is not permitted, the local AS 34 delivers a disapproval notice to at least the equipment A that requests the execution of the object ( In step S11), the object of secure communication can be achieved by denying undesired access.
[0052] また、設備機器 Bが LAN内の設備機器ではないと判定された場合、すなわち、口 一カル記憶部に設定されたテーブルに設備機器 Bに関する情報がリストされていな い場合は、当該オブジェクトの実行要求を行うための認証要求がセンターサーノ 5の サーバ機能部 50を介してセンター AS52に転送される (ステップ S12)。  [0052] If it is determined that the equipment device B is not a LAN equipment device, that is, if the information related to the equipment device B is not listed in the table set in the oral storage unit, The authentication request for performing the object execution request is transferred to the center AS 52 via the server function unit 50 of the center sano 5 (step S12).
[0053] センター AS52では、実行要求を行った設備機器 Aのオブジェクトの識別子情報と、 実行要求先の設備機器 Bのオブジェ外の識別子情報と、アクセス許可の種類に関 する情報などがセンター記憶部に格納されている情報と照合され、当該アクセス要求 を許可するかどうかが判定される (ステップ S13)。この照合作業は、たとえば、センタ 一サーバ 5のサーバ機能部 50に設けたセンター照合部力 所定のプログラムを実行 することにより行う。  [0053] In the center AS52, the identifier information of the object of the equipment A that made the execution request, the identifier information outside the object of the equipment B of the execution request destination, the information on the type of access permission, etc. It is checked against the information stored in the file to determine whether or not to permit the access request (step S13). This collation work is performed, for example, by executing a center collation unit force predetermined program provided in the server function unit 50 of the center server 5.
[0054] 尚、センター記憶部に格納される情報としては、アクセスが許可される設備機器同 士の識別子情報のみが登録されて!、ても良!、し、あるいはすべての設備機器同士の 識別子情報についてアクセス許可の有無を表示するようにしても良い。要するに、図 5や図 6に示すように、アクセス要求する側の設備機器のオブジェクト識別子(OID)又 はインターフェース識別子 (IID)の少なくとも一方と、アクセス要求される側の設備機 器のオブジェクト識別子(OID)又はインターフェース識別子 (IID)の少なくとも一方と の対応関係が設定されたテーブルと、ゲートウェイ 3から提供される識別子情報と〖こ 基づ 、て、 LAN外の設備機器とのアクセスを許可するかどうかを判定できればょ 、。  [0054] As the information stored in the center storage unit, only the identifier information of the equipment that is permitted to access is registered! Alternatively, the presence / absence of access permission may be displayed for the identifier information of all the equipment devices. In short, as shown in Fig. 5 and Fig. 6, at least one of the object identifier (OID) or interface identifier (IID) of the equipment requesting access and the object identifier of the equipment requested to access ( Whether access to equipment outside the LAN is permitted based on a table in which a correspondence relationship with at least one of (OID) or interface identifier (IID) is set, and identifier information provided from gateway 3 If it can be judged.
[0055] センターサーバ 5がアクセスを許可する場合は、許可通知と認証キーの配信をロー カル AS34に対して行い(ステップ S14)、ローカル AS34では配信されてきた許可通知と 認証キーを設備機器 A、 Bに対して配信する (ステップ S15)。これにより、許可通知と ともに認証キーを受け取った設備機器 A— Bの間でセキュア通信が行われ、オブジェ タト実行による情報の授 Z受が可能となる (ステップ S16)。この場合、ゲートウェイ 3及 びセンターサーバ 5のサーバ機能部(33,50)の接続設備情報用テーブルを用いたル 一ティング機能の働きにより設備機器同士では IPアドレス等を特に意識することなく 通信ができる。 [0055] When the center server 5 permits access, the authorization notification and authentication key are distributed to the local AS 34 (step S14), and the local AS 34 distributes the authorization notification and authentication key distributed to the equipment A , B is distributed (step S15). As a result, secure communication is performed between the equipment devices A and B that have received the authentication key together with the permission notification, and information can be exchanged Z by executing the object (step S16). In this case, the connection facility information table of the server function part (33, 50) of the gateway 3 and the center server 5 is used. With the function of a single function, equipment can communicate with each other without being particularly aware of the IP address.
[0056] 一方、センターサーバ 5がアクセスを許可しない場合は、不許可通知をローカル AS3 4に対して行い(ステップ S17)、ローカル AS34では配信されてきた不許可通知を少な くともオブジェ外の実行を要求する側の設備機器 Aに配信し、設備機器 Aから設備 機器 Bへの当該オブジェクトの実行要求を拒否する (ステップ S18)。  [0056] On the other hand, if the center server 5 does not permit access, a non-permission notification is sent to the local AS 3 4 (step S17), and at least the non-permission notification distributed by the local AS 34 is executed outside the object. Is transmitted to the equipment A on the requesting side, and the object execution request from the equipment A to the equipment B is rejected (step S18).
[0057] このように、 LAN内、 LAN外を問わず、設備機器同士のアクセス要求があれば、当 該アクセスを許可するかどうかを判定して、好ましくないアクセス要求に対してはこれ を拒否することでセキュア通信の目的を達成できる。  [0057] In this way, if there is an access request between equipment devices, both inside and outside the LAN, it is determined whether or not the access is permitted, and this is denied for an undesired access request. By doing so, the purpose of secure communication can be achieved.
[0058] そして、上記した本発明ネットワークシステムによれば、 LAN内の設備機器同士の アクセス要求については、センターサーバ 5はなぐローカルサーバとしてのゲートゥ エイ 3で認証を行うことで、 LAN外のネットワーク環境 (例えば、インターネット)が切断 されるような事態が発生しても LAN内通信を正常な状態に確保することができる。ま た、システムスタート時の他に、ローカル AS34が定期的に LAN内の設備機器の識別 子情報を取得してセンター AS52へ通知し、センターサーバ 5から LAN内の設備機器 同士のアクセス許可情報のみを抽出してローカル AS34に自動的に更新設定される ので、ユーザが特に意識することなく初期設定を行えるとともに、 LAN内の環境設定 に変更がある場合も、ユーザが煩わしい設定作業を行う必要がない。さらに、ロー力 ル AS34には、 LAN内の設備機器同士のアクセス許可情報のみが設定され、ゲートゥ ィ 3が行うべき情報処理の量を低減できるという長所もある。  [0058] According to the network system of the present invention described above, the access request between the equipments in the LAN is authenticated by the gateway 3 as a local server that follows the center server 5, and the network outside the LAN Even if the environment (for example, the Internet) is disconnected, communication within the LAN can be ensured in a normal state. In addition to when the system is started, the local AS 34 periodically obtains the identifier information of the equipment in the LAN and notifies the center AS 52, and only the access permission information between the equipment in the LAN from the center server 5 Is extracted and automatically updated to the local AS34, so initial settings can be made without the user's particular awareness, and even if there is a change in the environment settings in the LAN, the user needs to perform troublesome settings. Absent. Furthermore, the low-power AS34 has the advantage that only the access permission information between the equipments in the LAN is set, and the amount of information processing that the gateway 3 should perform can be reduced.
[0059] 更に、 LAN外の設備機器とのアクセス要求である場合は、センターサーノ ¾におい てアクセスを許可するかどうかが再判定されるので、 LAN外の設備機器と LAN内の 設備機器との間でもセキュア通信を確保することができる。  [0059] Furthermore, in the case of an access request with equipment outside the LAN, since whether or not to permit access is re-determined in the center sano ¾, the equipment between the equipment outside the LAN and the equipment inside the LAN Secure communication can be ensured even between.
[0060] 以下、アクセスが許可された場合の認証キーの配布方法について、図 8〜図 14を 参照しながら説明する。  Hereinafter, a method for distributing an authentication key when access is permitted will be described with reference to FIGS.
[0061] 図 8に示す認証キーの配布方法においては、 LAN内の設備機器 Aが LAN内の設 備機器 Bに対してアクセスを要求する場合である。認証要求には、設備機器 Aの識 別子情報、設備機器 Bの識別子情報およびアクセス要求権限 (r/w/x)が含まれてい る。設備機器 A力ゝらのアクセス要求を受けた設備機器 Bは、ローカル AS34にアクセス を許可するかどうかの認証を要求する。ローカル AS34のアクセス許可情報テーブル にお 、て当該アクセスが許可されて 、れば、ローカル AS34が設備機器 Bに対して認 証キーを配布し、設備機器 Aには設備機器 Bから認証キーが配布される。認証キー は、設備機器 A用、設備機器 B用が含まれており、それぞれの秘密鍵で暗号化され ている。これにより、設備機器 A、 Bは認証キーカゝらそれぞれの秘密鍵を用いて通信 用暗号鍵 (設備機器 A、設備機器 B共通のセッション用通信鍵)を取り出し、セキュア 通信を実行できる。 In the authentication key distribution method shown in FIG. 8, the equipment device A in the LAN requests access to the equipment device B in the LAN. The authentication request includes the identifier information for equipment A, the identifier information for equipment B, and the access request authority (r / w / x). The Equipment Equipment A Equipment Equipment B that has received an access request from Rikigo, requests authentication to permit access to the local AS34. If the access is permitted in the access permission information table of the local AS 34, the local AS 34 distributes the authentication key to the equipment B, and the equipment A distributes the authentication key from the equipment B. Is done. The authentication keys include those for equipment A and equipment B, and are encrypted with their private keys. As a result, the equipment devices A and B can extract the communication encryption key (the communication key for the session common to the equipment device A and equipment device B) using the respective secret key and other secure keys and execute secure communication.
[0062] 尚、図 9に示すように、 LAN内の設備機器 Aが、 LAN内の設備機器 Bに対するァク セスをローカル AS34に直接要求してもよい。この場合、アクセス要求が承認されると、 設備機器 Aに対して認証キーが配布され、設備機器 Bには設備機器 Aから認証キー が配布される。これにより、設備機器 A、 Bは、認証キーカゝらそれぞれの秘密鍵を用い て通信用暗号鍵を取り出し、セキュア通信を実行できる。  Note that, as shown in FIG. 9, the equipment device A in the LAN may directly request access to the equipment device B in the LAN from the local AS 34. In this case, when the access request is approved, the authentication key is distributed to the equipment A and the authentication key is distributed from the equipment A to the equipment B. As a result, the equipment devices A and B can perform secure communication by extracting the encryption key for communication using the secret key of each of the authentication keyers.
[0063] 図 10に示す認証キーの配布方法は、 LAN内の設備機器 Aが LAN内の設備機器 Bに対してアクセス要求し、設備機器 Bがローカル AS34に認証要求して 、る点で図 8 の場合と同じであるが、ローカル AS34が設備機器 Aおよび Bのそれぞれ認証キーを 配布している点に特徴がある。また、図 11に示す認証キーの配布方法は、 LAN内 の設備機器 Aが、 LAN内の設備機器 Bに対するアクセスをローカル AS34に直接要 求している点で図 9の場合と同じである力 ローカル AS34が設備機器 Aおよび Bのそ れぞれ認証キーを配布して ヽる点に特徴がある。これらの場合も認証キーを受けた 設備機器 A、 B同士の間でセキュア通信が実行される。  [0063] The authentication key distribution method shown in FIG. 10 is illustrated in that the equipment A in the LAN requests access to the equipment B in the LAN, and the equipment B sends an authentication request to the local AS 34. Same as the case of 8, except that the local AS34 distributes the authentication keys for equipment A and B, respectively. The authentication key distribution method shown in Fig. 11 is the same as in Fig. 9 in that equipment A in the LAN directly requests access to the equipment B in the LAN from the local AS34. It is characterized in that the local AS34 distributes authentication keys for equipment A and B respectively. In these cases, secure communication is performed between the equipment A and B that have received the authentication key.
[0064] 図 12は、 LAN内の複数の設備機器がグループ IDを有している場合における認証 キーの配布方法を示している。この場合は、設備機器 Aがローカル AS34に対して、 設備機器 Aの識別子情報とグループ ID、およびアクセス要求権限 (r/w/x)を提示し て、同じグループ IDを有する設備機器 2同士でのアクセスの許可を要求する。同様に 、設備機器 Bがローカル AS34に対して、設備機器 Bの識別子情報とグループ ID、お よびアクセス要求権限 (r/w/x)を提示して、同じグループ IDを有する設備機器 2同士 でのアクセスの許可を要求する。ローカル AS34は、それぞれの要求に対して、許可 可能かどうかを判定し、許可可能である場合は、それぞれの設備機器に認証キーを 配布する。認証キーを受け取った設備機器 Aおよび Bは、それぞれの秘密鍵を用い て通信用暗号鍵 (設備機器 A、設備機器 B共通のセッション用通信鍵)を取り出し、セ キュア通信を実行できる。 FIG. 12 shows an authentication key distribution method when a plurality of facility devices in the LAN have a group ID. In this case, the equipment device A presents the equipment device A identifier information and group ID and access request authority (r / w / x) to the local AS 34, and the equipment devices 2 having the same group ID Request permission for access. Similarly, the equipment device B presents the equipment device B identifier information, group ID, and access request authority (r / w / x) to the local AS 34, and the equipment devices 2 having the same group ID share each other. Request permission for access. Local AS34 grants for each request Judgment is made on whether or not it is possible. The equipment devices A and B that have received the authentication key can use the respective secret keys to extract the communication encryption key (the communication key for the session that is common to the equipment devices A and B) and execute secure communication.
[0065] 図 13は、 LAN内の設備機器 Aがグループ IDを有していない場合における認証キ 一の配布方法を示している。すなわち、設備機器 Bは、グループ IDを有しているので 、ローカル AS34に対して、設備機器 Bの識別子情報とグループ ID、およびアクセス要 求権限 (r/w/x)を提示して、同じグループ IDを有する設備機器 2同士でのアクセスの 許可を要求する。ローカル AS34は、この設備機器 Bからの要求について許可可能か どうかを判定し、許可可能である場合は、設備機器 Bに認証キーを配布する。一方、 設備機器 Aが設備機器 Bにアクセスを要求すると、設備機器 Bは、設備機器 Aに対し てアクセスの認証にはグループ IDが必要であることを通知する(グループ通知)。この 結果、設備機器 Aは、ローカル AS34に対して、設備機器 Aの識別子情報と、設備機 器 Bからのグループ通知により得たグループ ID、およびアクセス要求権限 (r/w/x)を 提示して、同じグループ IDを有する設備機器 2同士でのアクセスの許可を要求する。 ローカル AS34は、この設備機器 Aからの要求について許可可能かどうかを判定し、 許可可能である場合は、設備機器 Aに認証キーを配布する。この結果、認証キーを 受け取った設備機器 Aおよび Bは、それぞれの秘密鍵を用いて通信用暗号鍵 (設備 機器 A、設備機器 B共通のセッション用通信鍵)を取り出し、セキュア通信を実行でき る。 FIG. 13 shows a method for distributing the authentication key when the equipment device A in the LAN does not have a group ID. That is, since equipment B has a group ID, the same information is provided by providing the equipment AS B identifier information, group ID, and access request authority (r / w / x) to the local AS 34. Request permission for access between two equipment with group IDs. The local AS 34 determines whether or not the request from the equipment B can be permitted. If the request is permitted, the local AS 34 distributes the authentication key to the equipment B. On the other hand, when equipment A requests access to equipment B, equipment B notifies equipment A that a group ID is required for access authentication (group notification). As a result, equipment A presents the identifier information of equipment A, the group ID obtained from the group notification from equipment B, and the access request authority (r / w / x) to local AS34. Request permission for access between the equipment devices 2 having the same group ID. The local AS 34 determines whether or not the request from the equipment A can be permitted, and if so, distributes the authentication key to the equipment A. As a result, facility devices A and B that have received the authentication key can use the respective private keys to extract the communication encryption key (session communication key common to facility device A and facility device B) and execute secure communication. .
[0066] 図 14は、設備機器 Bがその暗号鍵を予め保持し、設備機器 Bとのアクセスに必要な 暗号鍵がローカル AS34によって管理されている場合における認証キーの配布方法 を示している。すなわち、設備機器 Bとのアクセスを希望する LAN内の設備機器 Aは 、ローカル AS34に対して、設備機器 Aの識別子情報、設備機器 Bの識別子情報およ びアクセス要求権限 (r/w/x)を提示して認証要求すると、ローカル AS34は、この設備 機器 A力もの要求について許可可能力どうかを判定し、許可可能である場合は、設 備機器 Aに認証キーを配布する。認証キーは、設備機器 Bの暗号鍵が設備機器 Aの 秘密鍵で暗号化されているので、設備機器 Aは、認証キー力も設備機器 Bとの通信 用暗号鍵を取り出すことで設備機器 Bとセキュア通信を行える。 FIG. 14 shows a method of distributing an authentication key when the equipment device B holds the encryption key in advance and the encryption key necessary for access to the equipment device B is managed by the local AS 34. That is, the equipment A in the LAN that desires access to the equipment B has the identifier information of the equipment A, the identifier information of the equipment B, and the access request authority (r / w / x ) To request authentication, the local AS 34 determines whether or not it is possible to permit this request for equipment A, and if so, distributes the authentication key to equipment A. As for the authentication key, the encryption key of the equipment device B is encrypted with the private key of the equipment device A. Secure communication with equipment B can be performed by extracting the encryption key.
(第 2実施形態)  (Second embodiment)
本実施形態は、図 15に示すように、ユーザエリアである宅内の設備機器の遠隔制 御システムを本発明のネットワークシステムを用いて構成したものであり、ゲートウェイ 3やセンターサーノ 5など第 1実施形態と同様の構成については重複する説明を省略 する。  In the present embodiment, as shown in FIG. 15, a remote control system for in-house equipment, which is a user area, is configured using the network system of the present invention. A duplicate description of the same configuration as that of the embodiment is omitted.
[0067] 本実施形態のネットワークシステムには、図 3 (A)に示す設備機器 2の構成が搭載 された照明器具 2a、空調機器 2b、電気錠 2c、警報監視装置 2d、録画転送装置 2e、専 用のクライアント用端末装置 2f、 ノ ソコン 6等が宅内に設置した LAN1のケーブルによ つてゲートウェイ 3に接続されている。  [0067] In the network system of the present embodiment, the luminaire 2a, the air conditioner 2b, the electric lock 2c, the alarm monitoring device 2d, the recording transfer device 2e, and the equipment equipment 2 shown in FIG. A dedicated client terminal device 2f, a personal computer 6, etc. are connected to the gateway 3 via a LAN1 cable installed in the house.
[0068] 警報監視装置 2dは、各種防犯センサや防災センサなどの異常発生検出用センサ 6 0の状態を無線によって収集し、異常発生の検出があった時に警報情報を出力する 機能を有し、異常発生検出用センサ 60力 の検出信号を無線で受信する無線受信 部の他に、無線受信部で受信した検出信号を受信し異常検出時には警報器へ発報 する処理や、外部へ発報情報を出力処理する機能部を備えており、この機能部が図 3 (A)の機能部 20に相当し、情報処理部 23へ発報情報を渡すようになつている。  [0068] The alarm monitoring device 2d has a function of wirelessly collecting the status of abnormality detection sensors 60 such as various security sensors and disaster prevention sensors, and outputting alarm information when the occurrence of an abnormality is detected. Abnormality detection sensor In addition to the wireless receiver that wirelessly receives the detection signal of 60 forces, the detection signal received by the wireless receiver is received, and when an abnormality is detected, the alarm is sent to the alarm device, or the externally transmitted information 3 is provided, and this functional unit corresponds to the functional unit 20 in FIG. 3 (A), and the notification information is passed to the information processing unit 23.
[0069] 録画転送装置 2eは、インターホンシステム 70のテレビカメラ(図示せず)で捉えた来 訪者の録画映像を外部や宅内のモニタへ配信する機能を有し、録画映像データを 格納する録画部を機能部 20として、この機能部 20に録画保存されて 、る録画映像デ ータを情報処理部 23へ渡すようになって 、る。  [0069] The recording transfer device 2e has a function of distributing a recorded video of a visitor captured by a television camera (not shown) of the interphone system 70 to an external monitor or a home monitor, and stores the recorded video data. The function unit 20 is used as a recording unit, and the recorded video data is transferred to the information processing unit 23 after being recorded and stored in the function unit 20.
[0070] ゲートウェイ 3は、第 1実施形態と同様に、 ADSLや光ファイバ通信網など接続サー ビス業者が提供するインターネットのような WAN4を介してセンターサーノ 5に接続さ れている。ゲートウェイ 3のローカル AS34には、上記した LAN1内の設備機器 2に関し て、設備機器同士のアクセス許可情報が設定されている。 WAN4には、第 1実施形 態と同様に、ノ ソコンや携帯電話機力もなるクライアント用端末 6の他に、所望の設備 機器 2を接続することができる。  As in the first embodiment, the gateway 3 is connected to the center sano 5 via the WAN 4 such as the Internet provided by a connection service provider such as ADSL or an optical fiber communication network. In the local AS 34 of the gateway 3, access permission information between the facility devices is set for the facility device 2 in the LAN 1 described above. In the same manner as in the first embodiment, desired equipment 2 can be connected to the WAN 4 in addition to the client terminal 6 that also has the power of a personal computer and a mobile phone.
[0071] 次に、本実施形態のネットワークシステムの動作を説明する。まず、システム立ち上 力^時、ゲートウェイ 3は、 LAN1に接続されている機器の検出処理を行って、それぞ れの IPアドレス等のネットワーク通信に必要な情報と識別子情報を提供するよう要求 する。また、各設備機器(2a〜2f)のモジュール部 MOSは、自己のモジュール部 MOS 上の設備側オブジェクトの OIDあるいは OIDとその下のインターフェースの IIDの情報 をゲートウェイ 3のサービス機能部 33に提供する。 Next, the operation of the network system of this embodiment will be described. First, when the system is powered up, gateway 3 performs a detection process for devices connected to LAN1, and Requests to provide information necessary for network communication such as the IP address and identifier information. In addition, the module part MOS of each equipment (2a to 2f) provides the service function part 33 of the gateway 3 with the OID of the object on the equipment side on its module part MOS or the IID information of the interface below it. .
[0072] 一方、ゲートウェイ 3のサービス機能部 33は、設備機器 (2a〜2f)力 受け取った設 備側オブジェクトの識別子情報をセンターサーノ 5に送信する。センターサーバ 5は、 センター AS52に登録されているアクセス許可情報のうち、 LAN内の設備機器同士に おけるアクセスの許可情報のみをゲートウェイ 3に送り、 LAN内の現在の環境設定に 対応するアクセス許可情報がローカル AS34に更新設定される。このような更新は、設 備機器の増減などの LAN内環境設定に変化がある度に行われる。  On the other hand, the service function unit 33 of the gateway 3 transmits the identifier information of the equipment object received by the equipment (2a to 2f) force to the center sano 5. The center server 5 sends only the access permission information registered in the center AS52 between the equipment in the LAN to the gateway 3, and the access permission information corresponding to the current environment setting in the LAN. Is updated to the local AS34. Such updates are made whenever there is a change in the LAN environment settings, such as increase or decrease of equipment.
[0073] ユーザエリアである LAN1内の設備機器に対するオブジェクトの実行要求は、第 1 実施形態と実質的に同じ手法で行える。すなわち、 LAN1内の設備機器の一つ (例 えば、クライアント用端末装置 2f)力も設備機器の別の一つ (例えば、照明器具 2a)に 対して、それぞれのオブジェクト識別子(OID)或いはインターフェース識別子 (IID)又 は両者の組み合わせを用いた実行要求がゲートウェイ 3を介して為されると、当該設 備機器同士のアクセスを許可するかどうかがゲートウェイ 3のローカル AS34によって照 合される。アクセスが許可されれば、認証キーが配布され、アクセスを要求する設備 機器とアクセスが許可された設備機器 (この場合は、 2fと 2a)同士の間のセキュア通信 により所望のオブジェクトが実行される。  [0073] An object execution request to the equipment in the LAN 1, which is the user area, can be performed in substantially the same manner as in the first embodiment. That is, the power of one of the equipment in LAN1 (for example, the client terminal device 2f) is also applied to another one of the equipment (for example, the lighting fixture 2a), and the object identifier (OID) or interface identifier ( When an execution request using IID) or a combination of both is made via the gateway 3, whether or not to allow access between the equipments is compared by the local AS 34 of the gateway 3. If access is permitted, an authentication key is distributed, and the desired object is executed by secure communication between the equipment that requests access and the equipment that is permitted access (in this case, 2f and 2a). .
[0074] より具体的なネットワークシステムの動作として、例えば、図 16に示すように、クライ アント用端末装置 2 、空調機器 2bと電気錠 2cに対してオブジェクトの実行要求を 行う場合、クライアント用端末装置 2fのオブジェ外識別子 OID (「外出」)と、空調機器 2bのオブジェクト識別子 OID (「空調機器」 )およびインターフェースの識別子 IID (「空 調の運転停止」)との対応関係、およびクライアント用端末装置 2fのオブジェクト識別 子 OID (「外出」)と、電気錠 2cのオブジェクト識別子 OID (「電気錠」 )およびインターフ エースの識別子 IID (「施錠」)との対応関係のそれぞれ力 ゲートウェイ 3のローカル A S34にアクセス許可情報として登録されて 、るどうかが照合される。アクセスが許可さ れると、空調機器 2bの運転停止と電気錠 2cの施錠と 、う 2つのオブジェクトがセキュア 通信により実行される。 As a more specific operation of the network system, for example, as shown in FIG. 16, when an object execution request is made to the client terminal device 2, the air conditioner 2 b and the electric lock 2 c, the client terminal Correspondence between device 2f object outside identifier OID ("outing"), air conditioner 2b object identifier OID ("air conditioner") and interface identifier IID ("air condition shutdown"), and client terminal Device 2f's object identifier OID ("going out"), electric lock 2c's object identifier OID ("electric lock") and interface identifier IID ("locked") It is verified whether it is registered as access permission information in S34. If access is permitted, the two objects are secured: the shutdown of the air conditioner 2b and the locking of the electric lock 2c. It is executed by communication.
[0075] 尚、インターネットである WAN4に接続されたクライアント用端末装置力 オブジェ タトの実行要求を行う場合は、 LAN外力ゝらのアクセス要求であるので、識別子情報が ゲートウェイ 3からー且センターサーバ 5に転送され、センターサーバ 5のセンター AS5 2にアクセス許可情報として登録されているかどうかが照合され、当該アクセスを許可 するか否かが判定される。アクセスを許可する場合は、認証キーと許可情報がゲート ウェイ 3に通知され、上述と同様にして LAN内の設備機器と LAN外の設備機器同士 の間でセキュア通信が実行される。  [0075] When an execution request for the client terminal device power object connected to the WAN 4 which is the Internet is made, it is an access request from the LAN external force, so the identifier information is sent from the gateway 3 to the center server 5 And whether it is registered as access permission information in the center AS 5 2 of the center server 5 is determined, and it is determined whether or not to permit the access. When permitting access, the authentication key and permission information are notified to Gateway 3, and secure communication is executed between the equipment in the LAN and equipment outside the LAN in the same manner as described above.
[0076] また、照明器具 2aの照度を低下させるとともに、同時に録画転送装置 2eを動作させ て LAN上のモニタ装置(図示せず)で映像を見るようなシーンを、クライアント用端末 装置 2 もこれらの設備機器に対してオブジェクトの実行要求を行うことで作り出すこ ともできる。つまり、録画転送装置 2eにおいては、録画映像データの転送をモジユー ル部 MOSの設備側オブジェクトとし、照明器具 2aにおいては、調光をモジュール部 M OSの設備側オブジェクトとする。それぞれの設備機器同士のアクセスが許可されれ ば、上記したオブジェクトのためのプラグラムが実行され、上述のシーンを作り出すと いう複合のサービスを享受できることになる。  [0076] In addition, the client terminal device 2 also performs scenes in which the illuminance of the lighting fixture 2a is reduced and the video recording / transferring device 2e is operated at the same time and a video is viewed on a monitor device (not shown) on the LAN. It can also be created by making an object execution request to other equipment. In other words, in the video recording / transferring apparatus 2e, the transfer of the recorded video data is set as the equipment side object of the module part MOS, and in the lighting fixture 2a, the dimming is set as the equipment side object of the module part MOS. If access between each equipment is permitted, the above-mentioned program for the object is executed, and the compound service of creating the above-mentioned scene can be enjoyed.
[0077] さらに、本発明によれば、設備機器としての火災感知器ゃ人感センサが異常を検 知した場合 (イベント発生時)に、宅内 LANに接続された別の設備機器である照明 器具を点滅させることで住人に異常を通知するようなネットワークシステムを構築する こともできる。また、オブジェクトを要求する側の設備機器の識別子に対して、ォブジ ェ外を実行する側の複数の設備機器の識別子を対応付けておくことで、ひとつの実 行要求に対して複数のオブジェクトの実行を同時に享受することもできる。  [0077] Furthermore, according to the present invention, when a fire detector as a facility device detects a malfunction (when an event occurs), a lighting device that is another facility device connected to the home LAN. It is also possible to build a network system that notifies the resident of the abnormality by blinking. In addition, by associating the identifiers of the equipment that requests the object with the identifiers of the equipment that executes the object outside the object, the identifiers of the objects that execute the object are assigned to one execution request. You can also enjoy execution at the same time.
[0078] 本実施形態のネットワークシステムの変更例を図 17に示す。このネットワークシステ ムは、 2階建て住宅の 1階にある照明器具 82、空調機器 84、電気錠 86を遠隔制御す るための集中制御コントローラ 2gと、 2階建て住宅の 2階にある照明器具 82および空 調機器 84を遠隔制御するための集中制御コントローラ 2hとをそれぞれ設備機器 2とし てゲートウェイ 3に LAN1を介して接続している点に特徴がある。集中制御コントロー ラ(2g, 2h)は、信号線 80を介して照明器具 82、空調機器 84や電気錠 86に JEMA規 格(日本電機工業会規格)に対応した制御信号を生成する機能や、動作信号を監視 情報として受け取る機能を備えるとともに、これら信号に対応した情報を情報処理部 2 3との間で授受する機能部を上述の図 3 (A)の機能部 20として備えている。 FIG. 17 shows a modification example of the network system of the present embodiment. This network system consists of a luminaire 82 on the first floor of a two-story house, a central controller 2g for remotely controlling the air conditioner 84, and an electric lock 86, and a luminaire on the second floor of a two-story house. The central control controller 2h for remotely controlling the air conditioner 82 and the air conditioner 84 is connected to the gateway 3 via the LAN 1 as the equipment 2 respectively. The centralized control controller (2g, 2h) is connected to the lighting fixture 82, air conditioner 84 and electric lock 86 via the signal line 80. A function to generate control signals corresponding to the rating (Japan Electrical Manufacturers' Association standard) and a function to receive operation signals as monitoring information, and a function to exchange information corresponding to these signals with the information processing unit 23 Is provided as the functional unit 20 shown in FIG.
[0079] このネットワークシステムにおいて、 LAN1内の設備機器の一つ(例えば、クライアン ト用端末装置 2f)力も設備機器の別の一つ (例えば、集中制御コントローラ 2g)に対し て、それぞれのオブジェクト識別子(OID)或 、はインターフェース識別子 (IID)又は 両者の組み合わせを用いた実行要求がゲートウェイ 3を介して為されると、当該設備 機器同士のアクセスを許可するかどうかがゲートウェイ 3のローカル AS34によって照合 される。アクセスが許可されると、情報処理部 23はモジュール部 MOSを介して集中制 御コントローラ 2gの機能部 20に空調機器 84の運転停止の制御情報や電気錠 86の施 錠の制御情報を関数として渡す処理を行う。この制御情報に基づ 、て機能部 20は空 調機器 84の運転を停止させる制御信号、或いは電気錠 86を施錠する制御信号を夫 々が接続されて ヽる信号線 80を介して送る処理を行うようになって ヽる。このように、 本ネットワークシステムによれば、ユーザが外出するときに電気錠 86の施錠や空調機 器 84の運転停止を遠隔制御することができる。  [0079] In this network system, the power of one of the equipment in the LAN 1 (for example, the client terminal device 2f) is also applied to another one of the equipment (for example, the centralized controller 2g). When an execution request using the (OID) or interface identifier (IID) or a combination of both is made via the gateway 3, the local AS 34 of the gateway 3 verifies whether to permit access between the equipments. Is done. When access is permitted, the information processing unit 23 uses the module unit MOS as a function to the control unit 2g of the centralized control controller 2g as a function of the control information of the shutdown of the air conditioner 84 and the control information of the lock of the electric lock 86. Process to pass. Based on this control information, the function unit 20 sends a control signal for stopping the operation of the air conditioner 84 or a control signal for locking the electric lock 86 via the signal line 80 to which each is connected. I started to do it. As described above, according to the present network system, it is possible to remotely control the locking of the electric lock 86 and the operation stop of the air conditioner 84 when the user goes out.
[0080] 尚、本発明のネットワークシステムにおいては、設備機器同士の間のアクセスが許 可された場合における認証キーや許可情報の配布先は限定されず、オブジェクトを 要求する側の設備機器の他にオブジェクトを実行する側の設備機器にもアクセス許 可信号を送信してもよい。また、設備機器同士の間のアクセスが拒否された場合にお けるアクセス拒否情報の送信先についても特に限定されないが、オブジェクトを要求 する設備機器に対して送信することがシステムの運用上好ましい。  [0080] In the network system of the present invention, the distribution destination of the authentication key and the permission information when access between the facility devices is permitted is not limited, and the facility device that requests the object is not limited. An access permission signal may also be transmitted to the equipment that executes the object. In addition, although the transmission destination of the access denial information when access between facility devices is denied is not particularly limited, it is preferable in terms of system operation to transmit to the facility device that requests the object.
産業上の利用可能性  Industrial applicability
[0081] 上記したように、本発明のネットワークシステムにおいては、 LAN内の設備機器同 士のアクセスについて認証処理を行えるサーバを LAN内に設けたことで、 WANに 異常が発生しても LAN内でのセキュア通信を確保することができる。また、ローカル サーバには、 LAN内の設備機器同士のアクセスを許可するかどうかの認証処理に 必要な情報のみがセンターサーノから送信され、設定されるので、ローカルサーバ における情報処理の負担が少ない。さらに、 LAN内の設備機器の環境設定に変更( 設備機器の増設や除去、設備機器への機能の追加など)がある度に識別子情報が ローカルサーノ からセンターサーバに送信され、 LAN内での認証処理に必要な情 報が自動的に更新されるので、 LAN内で信頼性の高いセキュア通信を行えるシステ ムを容易に構築することができる。 [0081] As described above, in the network system of the present invention, by providing a server in the LAN that can perform authentication processing for access by the same equipment in the LAN, even if an abnormality occurs in the WAN, Secure communication can be ensured. In addition, since only the information necessary for authentication processing to determine whether or not to allow access between equipment on the LAN is sent to the local server and set from the center Sano, the information processing load on the local server is small. Furthermore, change to the environmental settings of the equipment in the LAN ( Whenever equipment is added or removed, functions are added to equipment, etc., identifier information is sent from the local server to the center server, and information required for authentication processing within the LAN is automatically updated. Therefore, it is possible to easily construct a system that can perform highly reliable and secure communication within a LAN.
このように、本発明は、アクセス制御の安全性向上が益々重要視されている近年の 情報化社会に最適なネットワークシステムを提供するものとしてその利用価値が高い  As described above, the present invention has a high utility value as providing an optimal network system for the information-oriented society in recent years, where improvement of access control security is increasingly important.

Claims

請求の範囲 The scope of the claims
[1] 各々が識別子の付されたオブジェクトを有する複数の設備機器およびローカルサー バが接続される LAN (ローカルエリアネットワーク)と、前記 LANが接続される WAN ( ワイドエリアネットワーク)とを含み、前記 WANには、センターサーバおよび識別子の 付されたオブジェ外を有する少なくとも一つの設備機器が接続され、前記設備機器 の一つが前記設備機器の別の一つに対して、前記識別子を用いてオブジェクトの実 行要求を行えるネットワークシステムであって、  [1] A LAN (local area network) to which a plurality of equipment and objects each having an object with an identifier are connected, and a WAN (wide area network) to which the LAN is connected, The WAN is connected to at least one facility device having a center server and an outside of the object with the identifier. One of the facility devices is connected to another one of the facility devices using the identifier. A network system that can execute requests,
前記センターサーバは、前記 LANに接続された設備機器および前記 WANに接 続された設備機器について、設備機器同士のアクセスの承認に関する識別子の対 応関係が設定されるセンター記憶部を含み、前記 LAN内の設備機器の識別子情報 を前記ローカルサーバから受け取ると、当該識別子情報に基づいて、前記センター 記憶部に記憶された識別子の対応関係のうち、前記 LAN内の設備機器同士のァク セスの承認に関する識別子の対応関係のみを抽出して前記ローカルサーバに送信 し、  The center server includes a center storage unit in which a correspondence relationship of identifiers related to approval of access between facility devices is set for the facility devices connected to the LAN and the facility devices connected to the WAN. When the identifier information of the equipment in the LAN is received from the local server, the access authorization between the equipment in the LAN is out of the correspondence relationship of the identifiers stored in the center storage unit based on the identifier information. Extract only the correspondence of identifiers for and send to the local server,
前記ローカルサーバは、前記センターサーノから受信した前記識別子の対応関係 を記憶するローカル記憶部と、前記設備機器の一つが前記設備機器の別の一つに オブジェクトの実行要求を行う時、前記オブジェクトの実行要求が前記 LAN内にお ける設備機器同士のアクセスであるかどうか、および当該アクセスを許可するかどうか について前記ローカル記憶部の設定内容に基づいて判定する照合部とを有し、 前記照合部が、前記オブジェクトの実行要求は前記 LAN内における設備機器同 士のアクセスであり、当該アクセスを許可すると判定する時、前記ローカルサーノ から アクセス許可信号が出力されて、前記設備機器の一つ力 要求されたオブジェクトが 前記設備機器の別の一つによって実行されることを特徴とするネットワークシステム。  The local server stores a correspondence between the identifiers received from the center sano, and when one of the facility devices makes an object execution request to another one of the facility devices, A verification unit that determines whether or not the execution request is an access between facility devices in the LAN and whether to permit the access based on the setting contents of the local storage unit, and the verification unit However, the execution request for the object is an access of the same equipment in the LAN, and when it is determined that the access is permitted, an access permission signal is output from the local sano, and one request for the power of the equipment is requested. The network system is characterized in that the executed object is executed by another one of the facility devices. .
[2] 前記照合部が、前記オブジェクトの実行要求は前記 LAN内における設備機器同士 のアクセスでな 、と判定する時、前記オブジェクトの実行要求に用いられた識別子が 前記ローカルサーノ から前記センターサーバに転送され、前記センターサーバは、 前記センター記憶部の内容と照合することにより当該アクセスを許可するかどうかを 判定するセンター照合部を有し、 当該アクセスを許可する場合は、前記センターサーノから前記ローカルサーバを 介してアクセス許可信号が出力されて、前記設備機器の一つ力 要求されたォブジ ェタトが前記設備機器の別の一つによって実行されることを特徴とする請求項 1に記 載のネットワークシステム。 [2] When the collation unit determines that the execution request for the object is not an access between facility devices in the LAN, the identifier used for the execution request for the object is transferred from the local server to the center server. The center server includes a center verification unit that determines whether to permit the access by verifying with the content of the center storage unit, When permitting the access, an access permission signal is output from the center sano via the local server, and the requested object of one of the facility devices is executed by another one of the facility devices. The network system according to claim 1, wherein:
[3] 前記ローカルサーバは、あら力じめ LAN内のすべての設備機器の識別子の取得を 行うとともに、取得した識別子を上記センターサーバへ通知し、この通知に基づいて 上記センターサーノ から抽出された LAN内の設備機器同士のアクセスの承認に関 する識別子の対応関係を上記ローカル記憶部に設定する初期設定機能を有するこ とを特徴とする請求項 1記載のネットワークシステム。  [3] The local server preliminarily acquires the identifiers of all equipment in the LAN, notifies the acquired identifiers to the center server, and is extracted from the center sano based on the notification. 2. The network system according to claim 1, further comprising an initial setting function for setting a correspondence relationship of identifiers related to access approval between facility devices in a LAN in the local storage unit.
[4] 上記識別子は、上記オブジェ外を実行すべき設備機器に関する情報を提供する固 有識別子と、上記設備機器にぉ ヽて実行されるオブジェクトの内容に基づ ヽて定義 されるインターフェース識別子の少なくとも一方を含むことを特徴とする請求項 1に記 載のネットワークシステム。  [4] The identifier is a unique identifier that provides information related to the equipment to be executed outside the object, and an interface identifier that is defined based on the contents of the object that is executed on the equipment. The network system according to claim 1, comprising at least one of them.
[5] 上記ローカル記憶部は、 LAN内の設備機器同士のアクセスの承認に関する識別子 の対応関係として、前記オブジェ外の実行を要求する設備機器の固有識別子と、前 記オブジェクトの実行を要求された設備機器の固有識別子およびインターフェース 識別子の組み合わせとの対応関係が設定されるテーブルを含むことを特徴とする請 求項 4に記載のネットワークシステム。  [5] The local storage unit was requested to execute the above-mentioned object and the unique identifier of the equipment requesting execution outside the object as a correspondence relationship of the identifier regarding the access approval between the equipment in the LAN. 5. The network system according to claim 4, further comprising a table in which a correspondence relationship with the combination of the unique identifier of the equipment and the interface identifier is set.
[6] 上記ローカルサーバは、アクセス許可信号を少なくとも前記オブジェクトの実行を要 求する設備機器に送信することを特徴とする請求項 1に記載のネットワークシステム。 6. The network system according to claim 1, wherein the local server transmits an access permission signal to at least a facility device that requests execution of the object.
[7] 上記照合部が、上記オブジェクトの実行要求は LAN内における設備機器同士のァ クセスであるが、当該アクセスを許可しないと判定する時、上記ローカルサーバは、ァ クセス拒否信号を少なくとも前記オブジェ外の実行を要求する設備機器に送信する ことを特徴とする請求項 1に記載のネットワークシステム。 [7] When the collation unit determines that the execution request for the object is an access between the equipment devices in the LAN, but the access is not permitted, the local server sends at least the object rejection signal to the object. 2. The network system according to claim 1, wherein the network system is transmitted to an equipment device that requests execution outside.
[8] 上記センター照合部が、当該アクセスを許可しないと判定する時、上記センターサー バはローカルサーバを介してアクセス拒否信号を少なくとも前記オブジェクトの実行 を要求する設備機器に送信することを特徴とする請求項 2に記載のネットワークシス テム。 [8] When the center verification unit determines that the access is not permitted, the center server transmits an access denial signal to at least the equipment that requests execution of the object via the local server. The network system according to claim 2.
PCT/JP2007/059731 2006-05-11 2007-05-11 Network system WO2007132764A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2007800171376A CN101443777B (en) 2006-05-11 2007-05-11 Network system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006-132930 2006-05-11
JP2006132930A JP3992067B1 (en) 2006-05-11 2006-05-11 Network system

Publications (1)

Publication Number Publication Date
WO2007132764A1 true WO2007132764A1 (en) 2007-11-22

Family

ID=38683352

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/059731 WO2007132764A1 (en) 2006-05-11 2007-05-11 Network system

Country Status (4)

Country Link
JP (1) JP3992067B1 (en)
KR (1) KR100969906B1 (en)
CN (1) CN101443777B (en)
WO (1) WO2007132764A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2011096155A (en) * 2009-11-02 2011-05-12 Hitachi Ltd Method for authentication of equipment in providing services thereto
US8341716B2 (en) 2007-11-07 2012-12-25 Fuji Xerox Co., Ltd. Information processing device, information processing method, and storage media storing user certification program
CN101783815B (en) * 2009-01-15 2013-10-30 索尼公司 Contents providing system, server device and contents transmission device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4640402B2 (en) * 2007-11-07 2011-03-02 富士ゼロックス株式会社 Information processing apparatus and user authentication program
JP5503500B2 (en) * 2010-11-02 2014-05-28 株式会社日立製作所 Access right management device, access right management system, access right management method, and access right management program
JP7331532B2 (en) * 2019-07-30 2023-08-23 京セラドキュメントソリューションズ株式会社 Information processing system, information processing device, and information processing method

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5941947A (en) * 1995-08-18 1999-08-24 Microsoft Corporation System and method for controlling access to data entities in a computer network
JP2001358717A (en) * 2000-06-12 2001-12-26 Nippon Telegr & Teleph Corp <Ntt> Method and device for managing network device or the like and program recording medium
JP2003229913A (en) * 2002-02-04 2003-08-15 Hitachi Ltd Network connection system, network connection method and network connection apparatus to be used therefor
JP2004120645A (en) * 2002-09-27 2004-04-15 Matsushita Electric Ind Co Ltd Terminal authentication system, terminal authentication method and terminal authentication server
JP2004334610A (en) * 2003-05-09 2004-11-25 Nec Corp Method for providing local network management service
WO2005101162A1 (en) * 2004-04-15 2005-10-27 Matsushita Electric Industrial Co., Ltd. Access control device and electronic device
JP2006058999A (en) * 2004-08-18 2006-03-02 Nippon Telegr & Teleph Corp <Ntt> Composite processing method for network operation service, network operation device, program, and storage medium
JP2006228063A (en) * 2005-02-18 2006-08-31 Fujitsu Ltd Equipment control service providing program, equipment control service providing system, and equipment control service providing method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1049443A (en) 1996-08-02 1998-02-20 Nippon Telegr & Teleph Corp <Ntt> Information processing system
JP2002056074A (en) 2000-08-07 2002-02-20 Matsushita Electric Works Ltd Equipment use contracting system using communication network
JP3575603B2 (en) * 2001-03-16 2004-10-13 ソニー株式会社 Information processing apparatus and method, recording medium, and program
JP2004021666A (en) 2002-06-18 2004-01-22 Hitachi Ltd Network system, server, and server setting method
JP3961439B2 (en) 2003-03-31 2007-08-22 富士通サポートアンドサービス株式会社 Fingerprint personal authentication system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5941947A (en) * 1995-08-18 1999-08-24 Microsoft Corporation System and method for controlling access to data entities in a computer network
JP2001358717A (en) * 2000-06-12 2001-12-26 Nippon Telegr & Teleph Corp <Ntt> Method and device for managing network device or the like and program recording medium
JP2003229913A (en) * 2002-02-04 2003-08-15 Hitachi Ltd Network connection system, network connection method and network connection apparatus to be used therefor
JP2004120645A (en) * 2002-09-27 2004-04-15 Matsushita Electric Ind Co Ltd Terminal authentication system, terminal authentication method and terminal authentication server
JP2004334610A (en) * 2003-05-09 2004-11-25 Nec Corp Method for providing local network management service
WO2005101162A1 (en) * 2004-04-15 2005-10-27 Matsushita Electric Industrial Co., Ltd. Access control device and electronic device
JP2006058999A (en) * 2004-08-18 2006-03-02 Nippon Telegr & Teleph Corp <Ntt> Composite processing method for network operation service, network operation device, program, and storage medium
JP2006228063A (en) * 2005-02-18 2006-08-31 Fujitsu Ltd Equipment control service providing program, equipment control service providing system, and equipment control service providing method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8341716B2 (en) 2007-11-07 2012-12-25 Fuji Xerox Co., Ltd. Information processing device, information processing method, and storage media storing user certification program
CN101783815B (en) * 2009-01-15 2013-10-30 索尼公司 Contents providing system, server device and contents transmission device
JP2011096155A (en) * 2009-11-02 2011-05-12 Hitachi Ltd Method for authentication of equipment in providing services thereto

Also Published As

Publication number Publication date
CN101443777A (en) 2009-05-27
KR100969906B1 (en) 2010-07-13
CN101443777B (en) 2012-05-23
JP2007306331A (en) 2007-11-22
KR20080082971A (en) 2008-09-12
JP3992067B1 (en) 2007-10-17

Similar Documents

Publication Publication Date Title
US11153081B2 (en) System for user-friendly access control setup using a protected setup
US8561147B2 (en) Method and apparatus for controlling of remote access to a local network
CN104813685B (en) The subscription informing mechanism of synchronization for distributions
US8037538B2 (en) Access control processing method
KR101662838B1 (en) System and method for establishing security of contrilled device by control point device in home network
US20050198040A1 (en) Network information management system
KR100678897B1 (en) System and method for making a secure connection between home network devices
WO2001082086A1 (en) Access right setting device and manager terminal
CN109005185A (en) Promote the multilayer authentication method communicated between intelligent home equipment and server based on cloud
JP2002044765A (en) Remote control system and gateway apparatus
US20100064351A1 (en) Universal Plug and Play Extender
JP2003085059A (en) Firewall setting method and system for the same
WO2007132764A1 (en) Network system
JPWO2007043381A1 (en) Network communication device, network communication method, address management device
JP2007534046A (en) Server device, client device, and network system
JP4161791B2 (en) Inter-device authentication system, inter-device authentication method, communication device, and computer program
WO2007114162A1 (en) Network system
WO2007114164A1 (en) Network system
TW200428850A (en) Terminal authentication system, terminal, first and second distributed server, distribution system, service server; program of and method of terminal, first and second distribution, distribution, service providing , and service server; memory medium
KR100777811B1 (en) home network control system of long distance computer power supply using home gateway
JP4916020B2 (en) Remote access system, auxiliary storage device used therefor, and remote access method
JP2005216260A (en) Information processing apparatus, authentication apparatus, authentication system, control program and computer readable recording medium with the control program recorded thereon
JP2006172186A (en) Network system for remote control of computer power source and management system for managing remote control of computer power source
KR20060062319A (en) Home network gateway for assigning authority and administering connection classfied by user and control method thereof
JP4501498B2 (en) Network-compatible analyzer and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07743166

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 1020087016557

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 200780017137.6

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07743166

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP