阅读说明：本技术 网络系统 (Network system ) 是由 帝都久利寿 于 2018-09-12 设计创作，主要内容包括：网络系统包括至少一个服务器装置、以及能够访问至少一个服务器装置中的任一个服务器装置的至少一个终端装置。终端装置构成为在与至少一个服务器装置中的任一个服务器装置之间对网络地址进行了认证后进行数据通信。服务器装置当接受到来自终端装置的请求时,提供与作为请求方的该终端装置具有的被认证的网络地址相应的服务。(The network system includes at least one server device and at least one terminal device capable of accessing any one of the at least one server device. The terminal device is configured to perform data communication after authenticating a network address with any one of the at least one server device. Upon receiving a request from a terminal device, a server device provides a service corresponding to an authenticated network address that the terminal device as a requester has.)

1. A network system is provided with:

at least one server device; and

at least one terminal device capable of accessing any one of the at least one server device,

wherein the terminal device is configured to perform data communication after authenticating a network address with any one of the at least one server device,

the server apparatus provides a service corresponding to an authenticated network address that the terminal apparatus as a requester has when receiving a request from the terminal apparatus.

2. The network system according to claim 1,

the server apparatus does not perform authentication processing in an application layer, and specifies the terminal apparatus as a requester using only a network address used for exchange with the terminal apparatus in a network layer.

3. The network system according to claim 1 or 2,

the terminal device includes a first communication program acting as a data link layer, a second communication program acting as a transport layer and a network layer, and an address authentication program connected between the first communication program and the second communication program,

the address authentication program authenticates a network address used in data transmission requested by the second communication program with a device as a communication destination.

4. The network system according to claim 1 or 2,

the terminal device includes a communication function module providing a communication function, and a semiconductor device hard-coded with the network address to be authenticated,

the semiconductor device authenticates a network address with the use of the communication function module with an apparatus as a communication destination.

Technical Field

The present invention relates to a network system using a new concept of authentication of a network address itself.

Background

Information and Communication Technology (ICT) has advanced remarkably in recent years, and devices connected to a network such as the internet are not limited to Information processing apparatuses such as conventional personal computers and smart phones, but are extended to various items (ings). Such a technical trend is called "IoT (Internet of Things)", and various technologies and services are continuously proposed and put into practical use. A world is envisioned in which billions of people on earth will be connected simultaneously with billions or millions of devices in the future. In order to achieve such a networked world, it is desirable to provide a solution that can be simpler, safer, and more freely connected.

Data communication between devices is typically accomplished over a network using network addresses that are statically or dynamically assigned to each device. As such a network address, an IP (Internet Protocol) address is typically used.

In general, an IP address has an address uniquely determined on the internet as a global address and an address allocated on a private network without duplication as a private address. There is also a configuration in which an IP address is dynamically allocated using DHCP (Dynamic host configuration Protocol) or the like.

In this manner, the IP address is set only in consideration of being assigned to the same network without overlapping to perform data communication. That is, the IP address is a network address arbitrarily set according to the target network.

For example, japanese patent application laid-open No. 2017-059868 (patent document 1) discloses a configuration for reducing the number of steps for setting an IP address.

Disclosure of Invention

Problems to be solved by the invention

As described above, the network address so far is identification information for determining a communication destination, but does not provide any reliability to the address itself. Therefore, although data communication is performed between devices using an IP address, authentication processing and the like are realized by a higher layer (for example, an application layer).

Therefore, in order to provide services requiring various authentication processes, it is necessary to provide an application program or the like for realizing the authentication process which becomes the basis of the services in advance or at a time, and this has been an obstacle to widespread use.

The present invention provides a solution to the above-described problem.

Means for solving the problems

A network system according to an aspect of the present invention includes at least one server device, and at least one terminal device capable of accessing any one of the at least one server device. The terminal device is configured to perform data communication after authenticating a network address with any one of the at least one server device. Upon receiving a request from a terminal device, a server device provides a service corresponding to an authenticated network address that the terminal device as a requester has.

Preferably, the server device does not perform authentication processing in the application layer, and specifies the terminal device as the requester using only the network address used for the exchange with the terminal device in the network layer.

Preferably, the terminal device includes a first communication program serving as a data link layer, a second communication program serving as a transport layer and a network layer, and an address authentication program connected between the first communication program and the second communication program. The address authentication program authenticates a network address used in data transmission requested by the second communication program with a device as a communication destination.

Preferably, the terminal device includes a communication function module providing a communication function, and a semiconductor device hard-coded with an authenticated network address. The semiconductor device authenticates a network address between the communication function module and a device as a communication destination.

ADVANTAGEOUS EFFECTS OF INVENTION

According to an aspect of the present invention, when providing a service corresponding to a device or a user using the device, a special application or the like is not required, and an additional authentication procedure is not required, so that response time or the like relating to service provision can be shortened.

Drawings

Fig. 1 is a schematic diagram showing an example of the overall configuration of a network system according to the present embodiment.

Fig. 2 is a schematic diagram showing an example of the device configuration of the terminal device according to the present embodiment.

Fig. 3 is a schematic diagram showing an example of the device configuration of the terminal device according to the present embodiment.

Fig. 4 is a schematic diagram showing another example of the device configuration of the terminal device according to the present embodiment.

Fig. 5 is a schematic diagram for explaining the exchange between devices in the network system according to the present embodiment.

Fig. 6 is a sequence diagram showing an example of a processing procedure related to service provision in the network system according to the present embodiment.

Fig. 7 is a diagram for explaining an example of an application program for providing a service using the network system according to the present embodiment.

Fig. 8 is a diagram for explaining another example of an application program for service provision using the network system according to the present embodiment.

Fig. 9 is a diagram for explaining an example of filtering of network addresses by the network system according to the present embodiment.

Detailed Description

Embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the drawings, the same or corresponding portions are denoted by the same reference numerals, and description thereof will not be repeated.

< A. summary >

According to the present embodiment, a service using an authenticated network address and a basis for providing the service are provided. That is, in the conventional network, there is no technical idea of authenticating the network address itself, and the network address is mainly used only for establishing a communication connection. After that, the authentication procedure is generally performed using an application program for performing authentication. In contrast, in the present embodiment, since the network address itself is authenticated, the establishment of the communication connection itself also has an authentication procedure, and an additional authentication procedure using an application program or the like is not necessary.

Therefore, when providing a service corresponding to a device or a user using the device, a special application or the like is not required, and an additional authentication procedure is not required, so that response time or the like relating to service provision can be shortened.

In this specification, "network address" refers to identification information used to uniquely identify a device on some network, and is generally composed of a character string including a combination of letters, numbers, symbols, and the like. A typical example of the network address is an IP (Internet Protocol) address, but may be a lower layer address such as a MAC (Media Access control address) or a higher layer address such as a host name and a URL (Uniform Resource Locator) managed by a DNS (Domain name system). Further, the network may be different between a global network and a private network, and the protocol used may be arbitrarily selected. As the network address, an address unique to the protocol used can be used.

As a representative example, when an IP address is used, the predetermined number of bits differs depending on the version. A 32-bit address range is defined in IPv4(Internet Protocol Version 4: Internet Protocol Version 4) that is currently being established, and a 128-bit address range is defined in IPv6(Internet Protocol Version 6: Internet Protocol Version 6) that is currently being established. In the present embodiment, an IP address based on IPv6 will be mainly described as a network address.

In this specification, the "authenticated network address" refers to a state in which authenticity (authenticity) of the network address assigned to each device is guaranteed to a communication destination or a third party. That is, the present invention is intended to ensure that the network address used by each device for data communication is not disguised by adopting a configuration as described later.

In this specification, a "device" includes any object capable of data communication via a network. Typically, the device is sometimes constructed as a single unit of communication equipment, and also sometimes as part of or incorporated into something.

< B. overall Structure of network System >

First, the overall configuration of the network system 1 according to the present embodiment will be described.

Fig. 1 is a schematic diagram showing an example of the overall configuration of a network system 1 according to the present embodiment. Referring to fig. 1, a network 2 such as the internet is connected to terminal apparatuses 100-1, 100-2, 100-3, · (hereinafter, sometimes collectively referred to as "terminal apparatus 100"), which are examples of devices, and server apparatuses 200-1, 200-2, 200-3, · (hereinafter, sometimes collectively referred to as "server apparatus 200"), which are examples of devices.

The terminal device 100-1 is assumed to be, for example, a smartphone, a mobile phone, or the like, and is connected to the network 2 via a base station 6 or the like arranged by a mobile network operator. The terminal device 100-2 is assumed to be a tablet computer or the like, for example, and the terminal device 100-3 is assumed to be a notebook-type personal computer or the like, for example. The terminal devices 100-2 and 100-3 are connected to the network 2 via the access point 4, for example.

Each of the server devices 200-1, 200-2, 200-3, · is an apparatus that provides an arbitrary service. Each of the server apparatuses 200 receives an access from any of the terminal apparatuses 100 and provides a requested service.

As described above, the network system 1 includes at least one server apparatus 200 (second device) and at least one terminal apparatus 100 (first device) capable of accessing any one server apparatus 200 of the at least one server apparatus 200.

In the network system 1 according to the present embodiment, the server apparatus 200 can acquire an authenticated network address of the terminal apparatus 100 as an access party. Similarly, the terminal device 100 can acquire an authenticated network address with respect to the server device 200 as an access destination.

Between the terminal device 100 and the server device 200, a process of authenticating network addresses with each other is executed, and data communication is started based on the success of authentication of the network addresses. That is, the terminal device 100 is configured to perform data communication after authenticating a network address with any one of the at least one server device. By adopting such a configuration for performing data communication, the terminal device 100 and the server device 200 can acquire an authenticated network address of a communication destination from each other.

For example, upon receiving a request from the terminal device 100, the server device 200 provides a service corresponding to the authenticated network address of the terminal device 100 that is the requesting party. That is, the server apparatus 200 can provide the service corresponding to the acquired authenticated network address to the requesting terminal apparatus 100. An example of the service corresponding to the network address will be described later. Further, since the terminal device 100 can also acquire the authenticated network address of the server device 200, it can also transmit a unique command corresponding to the server device 200 as the communication destination.

As described above, in the network system 1 according to the present embodiment, since the authenticated network address of each terminal device 100 with respect to the terminal device 100 can be acquired, it is possible to provide a service unique to each terminal device 100 of the terminal devices 100 without requiring an application program or the like for realizing the authentication process. Further, since performing data communication between the terminal device 100 and a device such as the server device 200 means acquiring an authenticated network address, the time and the like required to provide a service unique to the terminal device 100 is extremely short, and the waiting time and the like required to provide the service can be reduced compared to a configuration in which authentication processing is performed by an application program.

< C. apparatus Structure of an apparatus for realizing authentication of network Address >

Next, an example of the device configuration of the device for realizing authentication of a network address used in the network system 1 according to the present embodiment will be described. For example, assume a hardware installation and a software installation to achieve authentication of a network address. Next, an example of each embodiment will be described.

(c 1: hardware mounting)

Fig. 2 is a schematic diagram showing an example of the device configuration of the terminal device 100A according to the present embodiment. Referring to fig. 2, the terminal device 100A includes a processor 102, a main memory 104, a display 106, an input unit 108, a communication module 110, and a secondary storage device 130.

The processor 102 is a processing subject that executes various processes in the terminal device 100A. The processor 102 expands and executes a program, various commands, and the like stored in the secondary storage device 130 in the main memory 104.

The main Memory 104 is a volatile Memory device such as a DRAM (Dynamic Random Access Memory) or an SRAM (Static Random Access Memory). The secondary storage device 130 is a nonvolatile storage device such as a flash memory or a hard disk. An OS (operating system) 132 and one or more arbitrary application programs 134 are stored in the secondary storage device 130.

The Display 106 is a component for presenting the processing result and the like in the processor 102 to the outside, and includes, for example, an LCD (Liquid Crystal Display), an organic EL (Electro-Luminescence) Display, and the like.

The input unit 108 is a component for receiving an operation from a user, and includes any input device such as a keyboard, a touch panel, and a mouse.

The communication module 110 is a main component for providing an authenticated network address, and includes an address authentication chip 112, a WiFi module 114, and an LTE module 118.

The address authentication chip 112 is a semiconductor device that hard-codes an authenticated network address and information necessary for authentication, and authenticates the network address when performing data communication with another device using the WiFi module 114 and/or the LTE module 118.

More specifically, the address authentication chip 112 performs a process of authenticating an authenticated network address provided in advance with another device in data communication using the WiFi module 114 or the LTE module 118. As described above, the address authentication chip 112 authenticates the network address with the device as the communication destination by using the communication function module (the WiFi module 114 and/or the LTE module 118). The address authentication chip 112 preferably has a circuit structure with tamper resistance.

The WiFi module 114 and/or the LTE module 118 provide functions of a physical layer and a data link layer of an OSI (Open Systems Interconnection) reference model. The WiFi module 114 is connected to an antenna 116 to provide a wireless communication function according to a wireless access method such as wireless LAN (Local Area Network) or WiMAX. The LTE module 118 is connected to the antenna 120, and provides a wireless communication function according to a radio Access scheme such as LTE (Long Term Evolution), W-CDMA (wideband code Division Multiple Access), and CDMA 2000.

For convenience of explanation, the communication module 110 including the WiFi module 114 and/or the LTE module 118 is illustrated, but both modules are not necessarily required to be included, and either module may be mounted, or one or more modules for providing another communication function may be mounted. In this case, the communication function is not limited to the wireless communication function, and may be a wired communication function.

As described above, the communication module 110 includes a communication function module (the WiFi module 114 and/or the LTE module 118) that provides a communication function, and a semiconductor device (the address authentication chip 112) that hard-codes an authenticated network address.

By adopting the hardware installation as described above, it is possible to provide and acquire an authenticated network address in the terminal device 100A.

(c 2: software installation)

Fig. 3 is a schematic diagram showing an example of the device configuration of the terminal device 100B according to the present embodiment. Referring to fig. 3 (a), the terminal device 100B includes a processor 102, a main memory 104, a display 106, an input unit 108, a secondary storage device 130, a WiFi module 144, and an LTE module 148.

The processor 102 is a processing subject that executes various processes in the terminal device 100B. The processor 102 expands and executes a program, various commands, and the like stored in the secondary storage device 130 in the main memory 104. In addition to OS 132 and one or more arbitrary application programs 134, an address authentication program 136 and authentication management information 138 are stored in secondary storage device 130.

WiFi module 144 and/or LTE module 148 provide the functionality of the physical layer and data link layer of the OSI reference model. The WiFi module 144 is connected to an antenna 146 to provide a wireless communication function according to a wireless access method such as wireless LAN and WiMAX. The LTE module 148 is connected to the antenna 150 and provides a wireless communication function according to a wireless access scheme such as LTE, W-CDMA, and CDMA 2000.

For convenience of explanation, the configuration including the WiFi module 144 and/or the LTE module 148 is illustrated, but both modules are not necessarily required to be included, and either module may be mounted, or one or more modules for providing another communication function may be mounted. In this case, the communication function is not limited to the wireless communication function, and may be a wired communication function.

In the terminal device 100B, the provision of the authenticated network address is realized by executing the address authentication program 136. In the following, a software structure for providing an authenticated network address is exemplified.

Fig. 3 (B) shows a schematic diagram for explaining processing related to data communication in the terminal device 100B. As shown in fig. 3 (B), the WiFi module 144 and/or the LTE module 148 providing the functions of the physical layer implement exchange of real signals (data) through a data link driver 1322 (the functions of a part of the OS 132).

Application 134, such as a Web browser, utilizes TCP/IP socket 1324 for data communications. TCP/IP socket 1324 may be provided as a function of a portion of OS 132. Note that, although the example of (B) in fig. 3 shows the TCP/IP socket 1324, for example, a UDP/IP socket may be used.

Generally, TCP/IP sockets 1324 exchange data internally with data link drivers 1322, thereby enabling data transmission to and reception from other devices.

In contrast, in the terminal device 100B according to the present embodiment, the address authentication program 136 is arranged between the TCP/IP socket 1324 and the data link driver 1322. The address authentication program 136 authenticates the network address assigned to each device with the device as the communication destination in a specific session, and transmits and receives data using the specific session only when the authentication is successful. With such a configuration, when viewed from the application 134, the presence of the address authentication program 136 is not recognized, and transparency can be maintained. That is, the application 134 may transmit a packet including necessary data, and the application 134 may reliably use a network address included in a header of a packet received from any device.

The address authentication program 136 authenticates the network address to each other with other devices based on information held in the authentication management information 138 prepared in a secure manner in advance. The authentication management information 138 includes, in addition to the network address assigned to each device, a code for making the network address a legitimate address (i.e., an authenticated address) reliable. The address authentication program 136 transmits the additional information included in the authentication management information 138 to the communication destination together with the network address specified in the authentication management information 138, thereby authenticating the network addresses with each other.

The authentication of the network address with the external authentication server apparatus or the like is not limited to the authentication of the network address with the communication destination apparatus performing data communication.

In this manner, the terminal device 100B includes a communication program (data link driver 1322) serving as a data link layer, a communication program (TCP/IP socket 1324) serving as a transport layer and a network layer, and the address authentication program 136 connected between the data link driver 1322 and the TCP/IP socket 1324.

Further, fig. 3 shows a configuration in which the address authentication program 136 is logically arranged between the TCP/IP socket 1324 and the data link driver 1322, but the present invention is not limited to this, and any installation method may be used as long as the address authentication program 136 can authenticate the network address with the communication destination.

For example, the TCP/IP socket 1324 and the address authentication program 136 may be logically arranged in parallel, and the TCP/IP socket 1324 may not start transmission and reception of a packet unless the address authentication program 136 and the communication destination device authenticate each other. In this case, if the address authentication program 136 authenticates the network address, then the exchange of data continues between the TCP/IP socket 1324 and the data link driver 1322, and the address authentication program 136 may not participate in the internal data transfer.

The corresponding components among the components of the terminal device 100B are the same as those of the terminal device 100A, and therefore detailed description thereof will not be repeated.

By adopting the software installation as described above, the terminal device 100B can be provided with an authenticated network address.

(c 3: other means of software installation)

The present invention is not limited to the functional configuration related to data communication shown in fig. 3 (B), and other mounting methods may be employed. Fig. 4 is a schematic diagram showing another example of the device configuration of the terminal device according to the present embodiment.

In the installation example shown in fig. 4 (a), the data link driver 1322 and the TCP/IP socket 1324 are arranged in this order in the general layer configuration, i.e., the upper layer of the physical layer and the data link layer (the WiFi module 144 and/or the LTE module 148). Any of the applications 134 utilize TCP/IP sockets 1324 for data communications.

In the installation example shown in fig. 4 (a), when data exchange is started between the TCP/IP socket 1324 and a communication destination node or while data exchange is being performed, the address authentication program 136 is requested to perform authentication of the communication destination node and the like. The address authentication program 136 performs the authentication processing as described above, authenticates whether or not the destination of communication is a trusted node, or whether or not data exchanged with the destination of communication is not falsified, and responds the result to the TCP/IP socket 1324. TCP/IP socket 1324 sends the authentication result and the like to application 134. The basic processing of the address authentication program 136 is the same as the address authentication program 136 shown in fig. 3 (B) described above.

In the installation method as shown in fig. 4 (a), since the TCP/IP socket 1324 requests the address authentication program 136 to execute necessary authentication processing, it is possible to perform secure communication with a communication destination having an authenticated network address through the same interface as in normal communication when viewed from the application 134.

In the installation example shown in fig. 4B, the data link driver 1322 and the TCP/IP socket 1324 are arranged in this order in the general layer configuration, i.e., the upper layer of the physical layer and the data link layer (the WiFi module 144 and/or the LTE module 148). Any application 134 utilizes TCP/IP sockets 1324 for data communications and also performs the required exchanges related to authentication with the address authentication program 136.

In the installation example shown in fig. 4 (B), when the application 134 starts data exchange with a node as a communication destination or while data exchange is being performed, the address authentication program 136 is requested to perform authentication of the communication destination or the like. The address authentication program 136 exchanges data with the TCP/IP socket 1324 and performs the authentication processing as described above, whereby the address authentication program 136 authenticates whether or not the communication destination is a trusted node, whether or not there is no falsification or the like of data exchanged with the communication destination. Address authentication program 136 then responds with the authentication result to application 134. The basic processing of the address authentication program 136 is the same as the address authentication program 136 shown in fig. 3 (B) described above.

By adopting the installation method as shown in fig. 4 (B), secure communication with a communication destination having an authenticated network address can be performed without changing the structure of the communication layer such as the data link driver 1322 and the TCP/IP socket 1324.

(c 4: exchange between devices)

Next, an example of the exchange between devices, for example, the exchange between the terminal device 100 and the server device 200, will be described.

Fig. 5 is a schematic diagram for explaining the exchange between devices in the network system 1 according to the present embodiment. Fig. 5 shows an example of processing in the case of exchanging data between the device 1 and the device 2.

Referring to fig. 5, each of the device 1 and the device 2 has a network authentication function (corresponding to the address authentication chip 112 shown in fig. 2 or the address authentication program 136 shown in fig. 3). The network authentication functions of the respective devices perform authentication processing with respect to network addresses each other. The authentication process is basically performed at the network layer. When the authentication process is completed, the network authentication function of each device is used as a network address when data is exchanged by an application (application layer) executed by each device.

The authenticated network address may be notified to an application, or may be notified to a TCP/IP socket that performs packet generation, packet reception, and the like.

By adopting the configuration shown in fig. 5, it is not necessary to perform a special authentication process or the like on the application side, and the authenticated network addresses can be used for each other.

< example of treatment Process >

Next, an example of a processing procedure in the network system 1 according to the present embodiment will be described.

Fig. 6 is a sequence diagram showing an example of a processing procedure related to service provision in the network system 1 according to the present embodiment. Fig. 6 shows a typical example of processing for providing a requested service by the server apparatus 200 in response to an access to the server apparatus 200 by the terminal apparatus 100.

Specifically, referring to fig. 6, first, when the user performs some operation on the application 134 (step S2), an access request to the server apparatus 200 by the application 134 is transmitted to the network authentication function (the address authentication chip 112 shown in fig. 2, or the address authentication program 136 shown in fig. 3) (step S4). The network authentication function of the terminal device 100 and the network authentication function of the server device 200 (corresponding to the functions of the address authentication chip 112 shown in fig. 2 and the address authentication program 136 shown in fig. 3) perform authentication processing on the network addresses of each other (step S6). When the authentication process is completed, the terminal device 100 transmits the requested access request to the server device 200 using the authenticated network address (step S8).

The server apparatus 200 performs necessary processing upon receiving the access request transmitted from the terminal apparatus 100 by the network authentication function, and then transfers the access request to the application (step S10). The application program of the server apparatus 200 identifies the network address used for data communication of the access request received from the terminal apparatus 100 (step S12), and determines the service to be provided based on the identified network address (step S14).

Then, the application of the server device 200 transmits data corresponding to the determined service to the terminal device 100 (step S16). After receiving the data by the network authentication function of the server device 200, the terminal device 100 performs necessary processing and transmits the data to the server device (step S18).

The terminal device 100 receives the data transmitted from the server device 200 by the network authentication function, performs necessary processing, and then transfers the data to the application 134 (step S20). Then, the content corresponding to the received data is presented to the user by the application 134 (step S22).

In the network system 1 according to the present embodiment, when receiving an access from the terminal device 100, the server device 200 authenticates the network address included in the access, and therefore can provide a service unique to the terminal device 100 without performing additional authentication processing. That is, the server apparatus 200 does not perform the authentication process in the application layer, and specifies the requesting terminal apparatus 100 using only the network address used for the exchange with the terminal apparatus 100 in the network layer.

< E. application example >

Next, an example of a service provided in the network system 1 shown in fig. 6 will be described.

(e1 first application example)

First, the following configuration will be explained as an example: assuming that the Web server is the server device 200, the inherent Web page is provided based on the network address of the terminal device 100 as the access party.

Fig. 7 is a diagram for explaining an example of an application program for service provision using the network system 1 according to the present embodiment. Fig. 7 (a) shows an example of the network management table 210 held by the server apparatus 200. In the network management table 210, initial screen information 214 indicating an initial screen and preference information 216 indicating a preference are defined in association with a network address (IP address) 212 that has been accessed in the past or has a terminal device 100 scheduled to access. The contents of the network management table 210 may be manually updated by the user, or may be updated by the server apparatus 200 in accordance with the operation of the user.

Upon receiving an access from the terminal device 100, the server device 200 refers to the network management table 210 with the network address provided to the terminal device 100 as a key, and determines the corresponding initial screen information 214 and preference information 216. Then, the server apparatus 200 decides the content of the Web page provided to the terminal apparatus 100 as the access party based on the decided initial screen information 214 and preference information 216.

Fig. 7 (B) shows an example of a Web screen in a case where the server device 200 provides a service for internet banking, as an example. For example, basic buttons for account management such as "transfer procedure", "account balance confirmation", and "transfer procedure" are arranged on the Web screen 220A presented on the display of the terminal device 100 to which the IP address 1 is provided. On the other hand, in the Web screen 220B presented on the display of the terminal device 100 to which the IP address 2 is provided, the buttons related to the foreign exchange such as "buy foreign exchange" and "sell foreign exchange" are arranged together with the graph showing the chronological change of the exchange rate.

Such an initial screen can be determined by referring to the initial screen information 214 of the network management table 210, for example. By referring to the preference information 216 or the like of the network management table 210, not only the initial screen but also a service according to the preference can be provided for each terminal device 100 (i.e., the user who operates the terminal device 100).

As described above, the initial screen and various service contents provided when accessing the server device 200 can be defined based on the network address provided to the terminal device 100.

(e 2: application example two)

Next, the following configuration will be described as an example: the use management server of a hotel or the like is assumed as the server device 200, and the terminal device 100 is used as an electronic key (use certificate).

Fig. 8 is a diagram for explaining another example of the application program for providing a service using the network system 1 according to the present embodiment. Fig. 8 (a) shows an example of the usage management table 230 held by the server apparatus 200. The usage management table 230 stores contents of the reservation (room number 234 and available time 236) in association with the network address 232 provided to the terminal device 100 used for the reservation operation reserved by the reservation site or the like.

That is, when the user operates the terminal device 100 of the user to make an accommodation reservation through the reservation site, the server device 200 adds the reservation content to the usage management table 230 together with the network address provided to the terminal device 100 used in the accommodation reservation.

As shown in fig. 8 (B), a wireless communication unit 242 is disposed in front of each room of the accommodation facility 240. When a user who is scheduled to stay holds a terminal device 100 used in stay reservation close to a reserved room, the wireless communication unit 242 performs wireless communication with the terminal device 100. The wireless communication between terminal device 100 and wireless communication section 242 may be started automatically, or may be started after the user has performed an operation explicitly.

When the network address provided to the terminal device 100 held by the user matches any entry in the network address 232 of the usage management table 230, the server device 200 unlocks the room to be reserved based on the corresponding room number 234 and available time 236.

Fig. 8 illustrates a typical example in which the terminal device 100 is used as a key for each room of an accommodation facility such as a hotel, but the present invention is not limited thereto, and can be used as an arbitrary certificate of use. For example, the terminal device 100 itself can be used as a ticket for various facilities such as an entertainment facility and various events such as a concert. The terminal device 100 itself can also be used as a ticket for trains and airplanes.

As described above, in the network system 1 according to the present embodiment, since the network address itself provided to the terminal device 100 is authenticated, an application program or the like for displaying a ticket is not required unlike the conventional art, and it is possible to reduce the barrier to the spread of a system in which the terminal device 100 itself is used as a certificate of use.

As described above, the terminal device 100 can be easily used as an arbitrary certificate of utilization based on the network address provided to the terminal device 100.

(e 3: application example III)

Next, a configuration for realizing the authentication process of the network address itself in more ways will be described. Fig. 9 is a diagram for explaining an example of filtering using a network address of the network system 1 according to the present embodiment. As an example, fig. 9 shows a configuration example as follows: the address authentication program 136 is arranged at layer 3 (network layer) of the OSI reference model, and TCP (or UDP) is arranged at layer 4 (transport layer).

In fig. 9, as a structure for realizing the filtering, authentication management information 138 is configured. The authentication management information 138 may include a blacklist 1382 and/or a whitelist 1384. Further, it is not necessary to prepare both the black list 1382 and the white list 1384 in advance, and only one of them may be prepared.

The black list 1382 is a list for specifying network addresses to which access should be blocked, and the white list 1384 is a list for specifying network addresses to which access should be allowed.

Fig. 9 (a) shows an example in which the filtering function is installed in the address authentication program 136. More specifically, when the network address for which the communication destination is authenticated matches any one of the entries defined in the blacklist 1382, the address authentication program 136 cuts off or prohibits communication with the communication destination (blacklisted node) having the authenticated network address. That is, packets from the blacklisted node are cut off in the address authentication program 136 and are not provided to the application 134.

On the other hand, the address authentication program 136 allows communication with a destination (white list node) having the authenticated network address to pass only when the authenticated network address matches any one of the entries defined in the white list 1384. That is, packets from the whitelist node are provided from address authentication program 136 to application 134. Application 134 provides services based on the network address itself and the received packets that were authenticated in address authentication program 136.

Fig. 9 (B) shows an example of installing the filter function in the application 134. More specifically, when receiving a packet from the address authentication program 136, the application 134 determines whether the network address of the sender of the packet (authenticated by the address authentication program 136) matches any entry in the blacklist 1382 or the whitelist 1384.

When the network address of the sender of the received packet matches any of the entries defined in the blacklist 1382, the application 134 cuts the packet. On the other hand, when the network address of the sender of the received packet matches any of the entries defined in the white list 1384, the application 134 processes the packet and provides the requested service.

As described above, by combining the authentication function of the network address itself and the filter function using the black list/white list, a network system with higher practicability can be realized.

< F. other embodiments >

In the above-described embodiment, the network system including one or more terminal apparatuses 100 and one or more server apparatuses 200 has been exemplified as an example of a configuration using a network address authenticated between devices, but the present invention is not limited to this, and can also be applied to data communication between terminal apparatuses 100 or between server apparatuses 200. The present invention can be used for data communication between arbitrary devices regardless of the configuration of the terminal device 100 or the server device 200.

< G. advantage >

According to the present embodiment, a service using an authenticated network address and a basis for providing the service are provided. Since the network address itself is authenticated, the establishment of the communication connection itself also serves as an authentication procedure, and an additional authentication procedure using an application program or the like is not required. Thereby, various services suitable for IoT can be provided.

It is intended that all points of the embodiments disclosed herein are to be considered illustrative and not restrictive. The scope of the present invention is indicated by the appended claims rather than by the foregoing description, and all changes that come within the meaning and range of equivalency of the claims are intended to be embraced therein.

Description of the reference numerals

1: a network system; 4: an access point; 6: a base station; 100. 100A, 100B: a terminal device; 102: a processor; 104: a main memory; 106: a display; 108: an input section; 110: a communication module; 112: an address authentication chip; 114. 144, and (3) 144: a WiFi module; 116. 120, 146, 150: an antenna; 118. 148: an LTE module; 130: a secondary storage device; 132: an OS; 134: an application program; 136: an address authentication procedure; 138: authentication management information; 200: a server device; 210: a network management table; 212: network address (IP address); 214: initial picture information; 216: preference information; 220A, 220B: example of a picture; 230: using the management table; 232: a network address; 234: numbering rooms; 236: the available time; 240: accommodation facilities; 242: a wireless communication unit; 1322: a data link driver; 1324: TCP/IP sockets.