Network system
阅读说明:本技术 网络系统 (Network system ) 是由 帝都久利寿 于 2018-09-12 设计创作,主要内容包括:网络系统包括至少一个服务器装置、以及能够访问至少一个服务器装置中的任一个服务器装置的至少一个终端装置。终端装置构成为在与至少一个服务器装置中的任一个服务器装置之间对网络地址进行了认证后进行数据通信。服务器装置当接受到来自终端装置的请求时,提供与作为请求方的该终端装置具有的被认证的网络地址相应的服务。(The network system includes at least one server device and at least one terminal device capable of accessing any one of the at least one server device. The terminal device is configured to perform data communication after authenticating a network address with any one of the at least one server device. Upon receiving a request from a terminal device, a server device provides a service corresponding to an authenticated network address that the terminal device as a requester has.)
1. A network system is provided with:
at least one server device; and
at least one terminal device capable of accessing any one of the at least one server device,
wherein the terminal device is configured to perform data communication after authenticating a network address with any one of the at least one server device,
the server apparatus provides a service corresponding to an authenticated network address that the terminal apparatus as a requester has when receiving a request from the terminal apparatus.
2. The network system according to claim 1,
the server apparatus does not perform authentication processing in an application layer, and specifies the terminal apparatus as a requester using only a network address used for exchange with the terminal apparatus in a network layer.
3. The network system according to claim 1 or 2,
the terminal device includes a first communication program acting as a data link layer, a second communication program acting as a transport layer and a network layer, and an address authentication program connected between the first communication program and the second communication program,
the address authentication program authenticates a network address used in data transmission requested by the second communication program with a device as a communication destination.
4. The network system according to claim 1 or 2,
the terminal device includes a communication function module providing a communication function, and a semiconductor device hard-coded with the network address to be authenticated,
the semiconductor device authenticates a network address with the use of the communication function module with an apparatus as a communication destination.
Technical Field
The present invention relates to a network system using a new concept of authentication of a network address itself.
Background
Information and Communication Technology (ICT) has advanced remarkably in recent years, and devices connected to a network such as the internet are not limited to Information processing apparatuses such as conventional personal computers and smart phones, but are extended to various items (ings). Such a technical trend is called "IoT (Internet of Things)", and various technologies and services are continuously proposed and put into practical use. A world is envisioned in which billions of people on earth will be connected simultaneously with billions or millions of devices in the future. In order to achieve such a networked world, it is desirable to provide a solution that can be simpler, safer, and more freely connected.
Data communication between devices is typically accomplished over a network using network addresses that are statically or dynamically assigned to each device. As such a network address, an IP (Internet Protocol) address is typically used.
In general, an IP address has an address uniquely determined on the internet as a global address and an address allocated on a private network without duplication as a private address. There is also a configuration in which an IP address is dynamically allocated using DHCP (Dynamic host configuration Protocol) or the like.
In this manner, the IP address is set only in consideration of being assigned to the same network without overlapping to perform data communication. That is, the IP address is a network address arbitrarily set according to the target network.
For example, japanese patent application laid-open No. 2017-059868 (patent document 1) discloses a configuration for reducing the number of steps for setting an IP address.
Disclosure of Invention
Problems to be solved by the invention
As described above, the network address so far is identification information for determining a communication destination, but does not provide any reliability to the address itself. Therefore, although data communication is performed between devices using an IP address, authentication processing and the like are realized by a higher layer (for example, an application layer).
Therefore, in order to provide services requiring various authentication processes, it is necessary to provide an application program or the like for realizing the authentication process which becomes the basis of the services in advance or at a time, and this has been an obstacle to widespread use.
The present invention provides a solution to the above-described problem.
Means for solving the problems
A network system according to an aspect of the present invention includes at least one server device, and at least one terminal device capable of accessing any one of the at least one server device. The terminal device is configured to perform data communication after authenticating a network address with any one of the at least one server device. Upon receiving a request from a terminal device, a server device provides a service corresponding to an authenticated network address that the terminal device as a requester has.
Preferably, the server device does not perform authentication processing in the application layer, and specifies the terminal device as the requester using only the network address used for the exchange with the terminal device in the network layer.
Preferably, the terminal device includes a first communication program serving as a data link layer, a second communication program serving as a transport layer and a network layer, and an address authentication program connected between the first communication program and the second communication program. The address authentication program authenticates a network address used in data transmission requested by the second communication program with a device as a communication destination.
Preferably, the terminal device includes a communication function module providing a communication function, and a semiconductor device hard-coded with an authenticated network address. The semiconductor device authenticates a network address between the communication function module and a device as a communication destination.
ADVANTAGEOUS EFFECTS OF INVENTION
According to an aspect of the present invention, when providing a service corresponding to a device or a user using the device, a special application or the like is not required, and an additional authentication procedure is not required, so that response time or the like relating to service provision can be shortened.
Drawings
Fig. 1 is a schematic diagram showing an example of the overall configuration of a network system according to the present embodiment.
Fig. 2 is a schematic diagram showing an example of the device configuration of the terminal device according to the present embodiment.
Fig. 3 is a schematic diagram showing an example of the device configuration of the terminal device according to the present embodiment.
Fig. 4 is a schematic diagram showing another example of the device configuration of the terminal device according to the present embodiment.
Fig. 5 is a schematic diagram for explaining the exchange between devices in the network system according to the present embodiment.
Fig. 6 is a sequence diagram showing an example of a processing procedure related to service provision in the network system according to the present embodiment.
Fig. 7 is a diagram for explaining an example of an application program for providing a service using the network system according to the present embodiment.
Fig. 8 is a diagram for explaining another example of an application program for service provision using the network system according to the present embodiment.
Fig. 9 is a diagram for explaining an example of filtering of network addresses by the network system according to the present embodiment.
Detailed Description
Embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the drawings, the same or corresponding portions are denoted by the same reference numerals, and description thereof will not be repeated.
< A. summary >
According to the present embodiment, a service using an authenticated network address and a basis for providing the service are provided. That is, in the conventional network, there is no technical idea of authenticating the network address itself, and the network address is mainly used only for establishing a communication connection. After that, the authentication procedure is generally performed using an application program for performing authentication. In contrast, in the present embodiment, since the network address itself is authenticated, the establishment of the communication connection itself also has an authentication procedure, and an additional authentication procedure using an application program or the like is not necessary.
Therefore, when providing a service corresponding to a device or a user using the device, a special application or the like is not required, and an additional authentication procedure is not required, so that response time or the like relating to service provision can be shortened.
In this specification, "network address" refers to identification information used to uniquely identify a device on some network, and is generally composed of a character string including a combination of letters, numbers, symbols, and the like. A typical example of the network address is an IP (Internet Protocol) address, but may be a lower layer address such as a MAC (Media Access control address) or a higher layer address such as a host name and a URL (Uniform Resource Locator) managed by a DNS (Domain name system). Further, the network may be different between a global network and a private network, and the protocol used may be arbitrarily selected. As the network address, an address unique to the protocol used can be used.
As a representative example, when an IP address is used, the predetermined number of bits differs depending on the version. A 32-bit address range is defined in IPv4(Internet Protocol Version 4: Internet Protocol Version 4) that is currently being established, and a 128-bit address range is defined in IPv6(Internet Protocol Version 6: Internet Protocol Version 6) that is currently being established. In the present embodiment, an IP address based on IPv6 will be mainly described as a network address.
In this specification, the "authenticated network address" refers to a state in which authenticity (authenticity) of the network address assigned to each device is guaranteed to a communication destination or a third party. That is, the present invention is intended to ensure that the network address used by each device for data communication is not disguised by adopting a configuration as described later.
In this specification, a "device" includes any object capable of data communication via a network. Typically, the device is sometimes constructed as a single unit of communication equipment, and also sometimes as part of or incorporated into something.
< B. overall Structure of network System >
First, the overall configuration of the network system 1 according to the present embodiment will be described.
Fig. 1 is a schematic diagram showing an example of the overall configuration of a network system 1 according to the present embodiment. Referring to fig. 1, a network 2 such as the internet is connected to terminal apparatuses 100-1, 100-2, 100-3, · (hereinafter, sometimes collectively referred to as "terminal apparatus 100"), which are examples of devices, and server apparatuses 200-1, 200-2, 200-3, · (hereinafter, sometimes collectively referred to as "server apparatus 200"), which are examples of devices.
The terminal device 100-1 is assumed to be, for example, a smartphone, a mobile phone, or the like, and is connected to the network 2 via a base station 6 or the like arranged by a mobile network operator. The terminal device 100-2 is assumed to be a tablet computer or the like, for example, and the terminal device 100-3 is assumed to be a notebook-type personal computer or the like, for example. The terminal devices 100-2 and 100-3 are connected to the network 2 via the access point 4, for example.
Each of the server devices 200-1, 200-2, 200-3, · is an apparatus that provides an arbitrary service. Each of the server apparatuses 200 receives an access from any of the terminal apparatuses 100 and provides a requested service.
As described above, the network system 1 includes at least one server apparatus 200 (second device) and at least one terminal apparatus 100 (first device) capable of accessing any one server apparatus 200 of the at least one server apparatus 200.
In the network system 1 according to the present embodiment, the server apparatus 200 can acquire an authenticated network address of the terminal apparatus 100 as an access party. Similarly, the terminal device 100 can acquire an authenticated network address with respect to the server device 200 as an access destination.
Between the terminal device 100 and the server device 200, a process of authenticating network addresses with each other is executed, and data communication is started based on the success of authentication of the network addresses. That is, the terminal device 100 is configured to perform data communication after authenticating a network address with any one of the at least one server device. By adopting such a configuration for performing data communication, the terminal device 100 and the server device 200 can acquire an authenticated network address of a communication destination from each other.
For example, upon receiving a request from the terminal device 100, the server device 200 provides a service corresponding to the authenticated network address of the terminal device 100 that is the requesting party. That is, the server apparatus 200 can provide the service corresponding to the acquired authenticated network address to the requesting terminal apparatus 100. An example of the service corresponding to the network address will be described later. Further, since the terminal device 100 can also acquire the authenticated network address of the server device 200, it can also transmit a unique command corresponding to the server device 200 as the communication destination.
As described above, in the network system 1 according to the present embodiment, since the authenticated network address of each terminal device 100 with respect to the terminal device 100 can be acquired, it is possible to provide a service unique to each terminal device 100 of the terminal devices 100 without requiring an application program or the like for realizing the authentication process. Further, since performing data communication between the terminal device 100 and a device such as the server device 200 means acquiring an authenticated network address, the time and the like required to provide a service unique to the terminal device 100 is extremely short, and the waiting time and the like required to provide the service can be reduced compared to a configuration in which authentication processing is performed by an application program.
< C. apparatus Structure of an apparatus for realizing authentication of network Address >
Next, an example of the device configuration of the device for realizing authentication of a network address used in the network system 1 according to the present embodiment will be described. For example, assume a hardware installation and a software installation to achieve authentication of a network address. Next, an example of each embodiment will be described.
(c 1: hardware mounting)
Fig. 2 is a schematic diagram showing an example of the device configuration of the terminal device 100A according to the present embodiment. Referring to fig. 2, the terminal device 100A includes a
The
The
The
The
The communication module 110 is a main component for providing an authenticated network address, and includes an address authentication chip 112, a WiFi module 114, and an LTE module 118.
The address authentication chip 112 is a semiconductor device that hard-codes an authenticated network address and information necessary for authentication, and authenticates the network address when performing data communication with another device using the WiFi module 114 and/or the LTE module 118.
More specifically, the address authentication chip 112 performs a process of authenticating an authenticated network address provided in advance with another device in data communication using the WiFi module 114 or the LTE module 118. As described above, the address authentication chip 112 authenticates the network address with the device as the communication destination by using the communication function module (the WiFi module 114 and/or the LTE module 118). The address authentication chip 112 preferably has a circuit structure with tamper resistance.
The WiFi module 114 and/or the LTE module 118 provide functions of a physical layer and a data link layer of an OSI (Open Systems Interconnection) reference model. The WiFi module 114 is connected to an antenna 116 to provide a wireless communication function according to a wireless access method such as wireless LAN (Local Area Network) or WiMAX. The LTE module 118 is connected to the antenna 120, and provides a wireless communication function according to a radio Access scheme such as LTE (Long Term Evolution), W-CDMA (wideband code Division Multiple Access), and CDMA 2000.
For convenience of explanation, the communication module 110 including the WiFi module 114 and/or the LTE module 118 is illustrated, but both modules are not necessarily required to be included, and either module may be mounted, or one or more modules for providing another communication function may be mounted. In this case, the communication function is not limited to the wireless communication function, and may be a wired communication function.
As described above, the communication module 110 includes a communication function module (the WiFi module 114 and/or the LTE module 118) that provides a communication function, and a semiconductor device (the address authentication chip 112) that hard-codes an authenticated network address.
By adopting the hardware installation as described above, it is possible to provide and acquire an authenticated network address in the terminal device 100A.
(c 2: software installation)
Fig. 3 is a schematic diagram showing an example of the device configuration of the
The
For convenience of explanation, the configuration including the
In the
Fig. 3 (B) shows a schematic diagram for explaining processing related to data communication in the
Generally, TCP/
In contrast, in the
The
The authentication of the network address with the external authentication server apparatus or the like is not limited to the authentication of the network address with the communication destination apparatus performing data communication.
In this manner, the
Further, fig. 3 shows a configuration in which the
For example, the TCP/
The corresponding components among the components of the
By adopting the software installation as described above, the
(c 3: other means of software installation)
The present invention is not limited to the functional configuration related to data communication shown in fig. 3 (B), and other mounting methods may be employed. Fig. 4 is a schematic diagram showing another example of the device configuration of the terminal device according to the present embodiment.
In the installation example shown in fig. 4 (a), the
In the installation example shown in fig. 4 (a), when data exchange is started between the TCP/
In the installation method as shown in fig. 4 (a), since the TCP/
In the installation example shown in fig. 4B, the
In the installation example shown in fig. 4 (B), when the
By adopting the installation method as shown in fig. 4 (B), secure communication with a communication destination having an authenticated network address can be performed without changing the structure of the communication layer such as the
(c 4: exchange between devices)
Next, an example of the exchange between devices, for example, the exchange between the terminal device 100 and the server device 200, will be described.
Fig. 5 is a schematic diagram for explaining the exchange between devices in the network system 1 according to the present embodiment. Fig. 5 shows an example of processing in the case of exchanging data between the device 1 and the device 2.
Referring to fig. 5, each of the device 1 and the device 2 has a network authentication function (corresponding to the address authentication chip 112 shown in fig. 2 or the
The authenticated network address may be notified to an application, or may be notified to a TCP/IP socket that performs packet generation, packet reception, and the like.
By adopting the configuration shown in fig. 5, it is not necessary to perform a special authentication process or the like on the application side, and the authenticated network addresses can be used for each other.
< example of treatment Process >
Next, an example of a processing procedure in the network system 1 according to the present embodiment will be described.
Fig. 6 is a sequence diagram showing an example of a processing procedure related to service provision in the network system 1 according to the present embodiment. Fig. 6 shows a typical example of processing for providing a requested service by the server apparatus 200 in response to an access to the server apparatus 200 by the terminal apparatus 100.
Specifically, referring to fig. 6, first, when the user performs some operation on the application 134 (step S2), an access request to the server apparatus 200 by the
The server apparatus 200 performs necessary processing upon receiving the access request transmitted from the terminal apparatus 100 by the network authentication function, and then transfers the access request to the application (step S10). The application program of the server apparatus 200 identifies the network address used for data communication of the access request received from the terminal apparatus 100 (step S12), and determines the service to be provided based on the identified network address (step S14).
Then, the application of the server device 200 transmits data corresponding to the determined service to the terminal device 100 (step S16). After receiving the data by the network authentication function of the server device 200, the terminal device 100 performs necessary processing and transmits the data to the server device (step S18).
The terminal device 100 receives the data transmitted from the server device 200 by the network authentication function, performs necessary processing, and then transfers the data to the application 134 (step S20). Then, the content corresponding to the received data is presented to the user by the application 134 (step S22).
In the network system 1 according to the present embodiment, when receiving an access from the terminal device 100, the server device 200 authenticates the network address included in the access, and therefore can provide a service unique to the terminal device 100 without performing additional authentication processing. That is, the server apparatus 200 does not perform the authentication process in the application layer, and specifies the requesting terminal apparatus 100 using only the network address used for the exchange with the terminal apparatus 100 in the network layer.
< E. application example >
Next, an example of a service provided in the network system 1 shown in fig. 6 will be described.
(e1 first application example)
First, the following configuration will be explained as an example: assuming that the Web server is the server device 200, the inherent Web page is provided based on the network address of the terminal device 100 as the access party.
Fig. 7 is a diagram for explaining an example of an application program for service provision using the network system 1 according to the present embodiment. Fig. 7 (a) shows an example of the network management table 210 held by the server apparatus 200. In the network management table 210,
Upon receiving an access from the terminal device 100, the server device 200 refers to the network management table 210 with the network address provided to the terminal device 100 as a key, and determines the corresponding
Fig. 7 (B) shows an example of a Web screen in a case where the server device 200 provides a service for internet banking, as an example. For example, basic buttons for account management such as "transfer procedure", "account balance confirmation", and "transfer procedure" are arranged on the
Such an initial screen can be determined by referring to the
As described above, the initial screen and various service contents provided when accessing the server device 200 can be defined based on the network address provided to the terminal device 100.
(e 2: application example two)
Next, the following configuration will be described as an example: the use management server of a hotel or the like is assumed as the server device 200, and the terminal device 100 is used as an electronic key (use certificate).
Fig. 8 is a diagram for explaining another example of the application program for providing a service using the network system 1 according to the present embodiment. Fig. 8 (a) shows an example of the usage management table 230 held by the server apparatus 200. The usage management table 230 stores contents of the reservation (room number 234 and available time 236) in association with the network address 232 provided to the terminal device 100 used for the reservation operation reserved by the reservation site or the like.
That is, when the user operates the terminal device 100 of the user to make an accommodation reservation through the reservation site, the server device 200 adds the reservation content to the usage management table 230 together with the network address provided to the terminal device 100 used in the accommodation reservation.
As shown in fig. 8 (B), a wireless communication unit 242 is disposed in front of each room of the accommodation facility 240. When a user who is scheduled to stay holds a terminal device 100 used in stay reservation close to a reserved room, the wireless communication unit 242 performs wireless communication with the terminal device 100. The wireless communication between terminal device 100 and wireless communication section 242 may be started automatically, or may be started after the user has performed an operation explicitly.
When the network address provided to the terminal device 100 held by the user matches any entry in the network address 232 of the usage management table 230, the server device 200 unlocks the room to be reserved based on the corresponding room number 234 and available time 236.
Fig. 8 illustrates a typical example in which the terminal device 100 is used as a key for each room of an accommodation facility such as a hotel, but the present invention is not limited thereto, and can be used as an arbitrary certificate of use. For example, the terminal device 100 itself can be used as a ticket for various facilities such as an entertainment facility and various events such as a concert. The terminal device 100 itself can also be used as a ticket for trains and airplanes.
As described above, in the network system 1 according to the present embodiment, since the network address itself provided to the terminal device 100 is authenticated, an application program or the like for displaying a ticket is not required unlike the conventional art, and it is possible to reduce the barrier to the spread of a system in which the terminal device 100 itself is used as a certificate of use.
As described above, the terminal device 100 can be easily used as an arbitrary certificate of utilization based on the network address provided to the terminal device 100.
(e 3: application example III)
Next, a configuration for realizing the authentication process of the network address itself in more ways will be described. Fig. 9 is a diagram for explaining an example of filtering using a network address of the network system 1 according to the present embodiment. As an example, fig. 9 shows a configuration example as follows: the
In fig. 9, as a structure for realizing the filtering,
The
Fig. 9 (a) shows an example in which the filtering function is installed in the
On the other hand, the
Fig. 9 (B) shows an example of installing the filter function in the
When the network address of the sender of the received packet matches any of the entries defined in the
As described above, by combining the authentication function of the network address itself and the filter function using the black list/white list, a network system with higher practicability can be realized.
< F. other embodiments >
In the above-described embodiment, the network system including one or more terminal apparatuses 100 and one or more server apparatuses 200 has been exemplified as an example of a configuration using a network address authenticated between devices, but the present invention is not limited to this, and can also be applied to data communication between terminal apparatuses 100 or between server apparatuses 200. The present invention can be used for data communication between arbitrary devices regardless of the configuration of the terminal device 100 or the server device 200.
< G. advantage >
According to the present embodiment, a service using an authenticated network address and a basis for providing the service are provided. Since the network address itself is authenticated, the establishment of the communication connection itself also serves as an authentication procedure, and an additional authentication procedure using an application program or the like is not required. Thereby, various services suitable for IoT can be provided.
It is intended that all points of the embodiments disclosed herein are to be considered illustrative and not restrictive. The scope of the present invention is indicated by the appended claims rather than by the foregoing description, and all changes that come within the meaning and range of equivalency of the claims are intended to be embraced therein.
Description of the reference numerals
1: a network system; 4: an access point; 6: a base station; 100. 100A, 100B: a terminal device; 102: a processor; 104: a main memory; 106: a display; 108: an input section; 110: a communication module; 112: an address authentication chip; 114. 144, and (3) 144: a WiFi module; 116. 120, 146, 150: an antenna; 118. 148: an LTE module; 130: a secondary storage device; 132: an OS; 134: an application program; 136: an address authentication procedure; 138: authentication management information; 200: a server device; 210: a network management table; 212: network address (IP address); 214: initial picture information; 216: preference information; 220A, 220B: example of a picture; 230: using the management table; 232: a network address; 234: numbering rooms; 236: the available time; 240: accommodation facilities; 242: a wireless communication unit; 1322: a data link driver; 1324: TCP/IP sockets.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:速率调整技术