JP2008154133A - Device registration method and power line communication device for power line communication - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a device registration method for power line communication with which connection of a device that damages secrecy and normal operation in power line communication to a local area network can be prevented. <P>SOLUTION: The present invention relates to the device registration method for power line communication in a local area network using a power line as a signal transmission line. The disclosed method includes the steps of: distributing an authentication key to a non-registered device from a registered device which is registered in the local area network and has the authentication key, on the basis of a registration request from the non-registered device that does not have the authentication key; and registering the non-registered device in the local area network by all registered devices. In the step of distributing the authentication key, device identification information for identifying the non-registered device is collated with distribution prohibited device information, that a registered device having the authentication key has, for prohibiting the distribution of the authentication key to decide whether the authentication key can be distributed or not. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a device registration method in power line communication (PLC) using a power line as a signal transmission path, and a power line communication device used in this method.

  Power line communication is a communication method in which a data communication signal is superimposed on a commercial AC voltage (current) using a power line as a signal transmission line, and has an advantage that it is not necessary to newly perform communication wiring. In recent years, attention has been paid to power line communication using indoor wiring as a communication method for constructing a local area network (LAN) in a home. However, since the indoor wiring is usually physically connected to the adjacent house, communication may leak to the adjacent house. Therefore, the confidentiality of communication is maintained by having different authentication keys in each home and encrypting communication based on this authentication key. In this way, even if the power lines are physically connected, it is possible to logically separate and construct individual home LANs (see, for example, Patent Documents 1 and 2).

  When a device for power line communication is added in one home (house), the newly installed device receives an authentication key from the parent device among the registered devices and is registered as a member of the network. In this case, the new device transmits a registration request message for requesting distribution of the authentication key to the master device, and the master device that has received the registration request message sends the authentication key held by itself to the new device. To distribute. The registration operation including transmission / reception of the registration request message is usually started by pressing a push button provided on both the parent device and the new device.

Japanese Patent Laid-Open No. 63-204895 (Claims) JP-A-8-223092 (Claim 1)

  However, when distributing the authentication key, a malicious external person unrelated to the user of the local area network to which the authentication key is given can use the outlet, for example, provided on the outer wall of the house. There is a possibility that new equipment is connected to the local area network and information communicated in the local area network is used.

  Further, there is a possibility that a user of the local area network may connect a used device to the local area network without knowing that there is a problem such as containing a virus. If an authentication key is distributed to a device having such a problem and registered in the local area network, normal communication cannot be performed.

  The present invention has been made in view of such circumstances, and the device registration method for power line communication that can prevent the connection to the local area network of the device that hinders the confidentiality and normal operation of the power line communication, and An object is to provide a power line communication device.

The power line communication device registration method of the present invention is a power line communication device registration method in a local area network using a power line as a signal transmission path,
Based on a registration request for an unregistered device that does not have an authentication key, a registered device that is registered in the local area network and that has the authentication key distributes the authentication key to the unregistered device; and A registered device includes the step of registering the unregistered device in a local area network;
In the step of distributing the authentication key, device identification information that can identify the unregistered device is compared with determination information that is included in the registered device that has the authentication key and for determining whether or not the authentication key can be distributed. It is characterized by determining whether or not the authentication key can be distributed.

  In the device registration method for power line communication according to the present invention, the registered device registered in the local area network and having the authentication key can identify the unregistered device when distributing the authentication key to the unregistered device. And the determination information for determining whether or not the authentication key can be distributed, which is included in the registered device having the authentication key, and determining whether or not the authentication key can be distributed. As a result of the verification, if the device identification information of the unregistered device corresponds to distributable, the authentication key is distributed to the unregistered device. On the other hand, if the device identification information corresponds to distributable, Refuses distribution of authentication keys to registered devices. In this way, it is possible to prevent the connection to the local area network of the device that hinders the confidentiality and normal operation of the power line communication.

  The determination information may be distribution prohibited device information that can identify a device for which authentication key distribution is prohibited. This distribution-prohibited device information is information that should be referred to as a black list that should not be connected to the local area network, and is given to registered devices having an authentication key in advance. This black list includes information that identifies devices that include a risk of hindering the normal operation of devices such as viruses, devices related to stolen goods, and devices that need to be recalled. Based on such distribution-prohibited device information, it is determined whether or not an unregistered device can be registered. If the device identification information of the unregistered device corresponds to a device for which authentication key distribution is prohibited, distribution of the authentication key is rejected. Thus, it is possible to prevent obfuscation of the confidentiality and normal operation of power line communication.

All registered devices in the local area network have the authentication key and determination information,
In the authentication key distribution step, an unregistered device that does not have an authentication key transmits a registration request message for obtaining an authentication key based on a predetermined operation. It is preferable that an arbitrary registered device registered in the area network and having the authentication key enters a state of receiving the registration request message. In this case, since all the registered devices in the local area network have the authentication key and the determination information, the user does not need to search for the parent device among the registered devices when registering the unregistered device. Since any registered device in the vicinity may be operated, the operation of registering a new unregistered device in the local area network for power line communication can be facilitated.

  The determination information is transmitted from outside the local area network into the local area network, and the registered device that has received the determination information transmits the determination information to all other registered devices. Can do. According to this configuration, since the determination information is transmitted from outside the local area network to all registered devices in the local area network, the user does not need to create or update the determination information.

  The determination information is input by an operation of the input unit of a terminal device having an input unit connected to a registered device in the local area network, and the determination information transmitted to the registered device after the input is input. It can be configured to be transmitted to all other registered devices. According to this configuration, since the user can input (addition, deletion, or change) the determination information from the terminal device using a dedicated tool, the user can obtain a communication failure device obtained from a website or the like. Can be added to the determination information.

Moreover, the power line communication of the present invention is a power line communication device that should constitute a local area network using a power line as a signal transmission path,
When the power line communication device has an authentication key, when distributing the authentication key to the unregistered device based on a registration request of an unregistered device not having the authentication key, the unregistered device is identified. It has a function of collating the device identification information to be obtained with the determination information for determining whether or not the authentication key can be distributed, which the registered device having the authentication key has, and determining whether or not the authentication key can be distributed It is said.

  In the power line communication device of the present invention, when an already registered device having an authentication key distributes the authentication key to the unregistered device, device identification information that can identify the unregistered device and whether or not the authentication key can be distributed. Since it has a function to check whether or not the authentication key can be distributed by comparing with the determination information for determination, if an unregistered device falls into a device that cannot be distributed, Distribution of authentication key can be refused. Thereby, the connection to the local area network of the apparatus which inhibits the confidentiality and normal operation | movement of power line communication can be prevented.

  According to the power line communication device registration method and the power line communication device of the present invention, it is possible to prevent the power line communication from being connected to a local area network for the device that hinders confidentiality and normal operation.

  Hereinafter, embodiments of a power line communication device registration method and a power line communication device according to the present invention will be described in detail with reference to the accompanying drawings. FIG. 1 is a connection diagram illustrating a local area network constructed by power line communication in a detached house, for example.

  In FIG. 1, the voltage (for example, 6 kV) of the high-voltage distribution line 1 is stepped down by the pole transformer 2, and a predetermined voltage (100/200 V) is supplied to the low-voltage distribution line 3. This low-voltage distribution line 3 branches into a plurality of branch lines and becomes a lead-in line 5 to the house 4 and also a lead-in line to a plurality of houses (not shown) in the vicinity thereof.

  In the house 4, power line communication devices (hereinafter also simply referred to as “modems”) 7, 8, 9 are connected to the indoor wiring 6 (power line) from the lead-in line 5 through a watt hour meter or a circuit breaker (not shown). Has been. This connection is made by plugging the power cords of the modems 7, 8, and 9 into outlets. Among these, one modem 7 which is a master unit having a home gateway function is connected to a media converter 11 that performs optical / electrical signal conversion, and an optical fiber 12 is connected to the media converter 11 from outside. This is a configuration of FTTH (Fiber To The Home), but it may be connected to the modem 7 from a telephone line or a CATV cable via each terminal device.

  For example, personal computers 13, 14, and 15 are connected to the modems 7, 8, and 9, respectively. In addition to personal computers, information home appliances (for example, digital home appliances and game machines) may be connected. In the future, it is also conceivable to install a modem function in a home appliance (for example, a refrigerator) that does not have a communication function. Therefore, the modem and the connected device may be integrated as well as separated from each other.

  Each modem 7, 8, 9 in FIG. 1 and the personal computers 13, 14, 15 connected thereto constitute a local area network by power line communication and can communicate with each other via an indoor wiring 6 as a signal transmission path. It is. The personal computers 13, 14, and 15 can communicate with an upper network such as the Internet via the modem 7. Note that the number of devices such as modems and personal computers is merely an example, and which modem is the parent device differs depending on where the optical fiber 12 is drawn.

  FIG. 2 is a block diagram showing an example of an internal circuit configuration related to power line communication in the modem. Since the basic function of the modem is common to both the parent device and the child device, the modem 7 that is the parent device will be described below as a representative.

  The modem 7 is configured to be connectable to a power outlet provided in the house via a power plug 22 provided at the tip of a power cord 21 extending from a housing 20 formed of a housing constituting the modem 7. Has been. On the side surface of the housing 20, a power connector to which one end (the end opposite to the power plug 22) of the power cord 21 is connected and an Ethernet connector 34 to which an Ethernet (registered trademark) side cable 42 is connected are disposed. ing. In addition, a push button 74 for applying a “trigger” for starting the registration operation of the device is arranged on the upper surface of the housing 20, and this push button 74 and an unregistered one to be registered in the local area network from now on. A registration operation, which will be described later, is started by pressing a push button provided on the device. In this embodiment, the authentication key can be distributed not only from the master unit but also from the slave unit. Therefore, the push buttons 84 and 94 are also provided on the modems 8 and 9 as the slave units, respectively. Yes.

  In the housing 20, the power cord 21 is connected to the power source unit 23 and the PLC transmission / reception unit 24 via a coupler 30 that superimposes a PLC signal on the power line. The PLC transmitting / receiving unit 24 performs processing such as modulation / demodulation of a signal for PLC communication transmitted / received via a power line. The modem 7 also includes an arithmetic processing unit 25 that controls the PLC transmission / reception unit 24 and processes transmission / reception data. Further, the modem 7 according to the present embodiment includes a plurality of Ethernet connectors 34 so that a plurality of Ethernet-side cables 42 can be connected, and a PLC signal is transmitted to and from a plurality of terminal devices by the Ethernet switching transmission / reception unit 32. Can be sent and received.

  Connected to the arithmetic processing unit 25 are a push button 74 that transmits an on / off signal to the arithmetic processing unit 25 and a nonvolatile memory (ROM) 26 that is a storage unit. The nonvolatile memory 26 stores an authentication key 27, a black list 28 composed of identification information of devices that are prohibited from distributing the authentication key 27, and a network list 29. In this embodiment, each modem 7, 8, 9 has a common authentication key 27, black list 28, and network list 29.

  The modem 7 of the master unit manages and controls communication within the network. The authentication key 27 is unique information given to each house (or contracted household) and is different from the adjacent house. Accordingly, communication leakage does not occur between multiple houses under the pole transformer 2 in FIG. The network list 29 stores information on the modems 7, 8, and 9 that currently constitute the home LAN.

  The black list 28 includes information that can identify or identify a device that should be refused registration in the local area network, in other words, a device that should be prohibited from distributing the authentication key 27. For example, FIG. As shown, each item includes a MAC address, an expiration date, a valid location, and an information source. The black list 28 includes information for identifying devices including a device that has a risk of hindering the normal operation of the device such as a virus, devices related to stolen goods, devices that need to be recalled, and the like.

  As information for identifying a device, for example, a serial number of the device can be employed in addition to the MAC address, and is not particularly limited in the present invention. The expiration date indicates the time limit for distribution prohibition. For example, when the black list 29 becomes enormous, it can be used to delete information that is not updated. The valid location indicates the location where authentication key distribution is prohibited, and “all” means that authentication key distribution is prohibited regardless of where the local area network is built. Is shown. “Office only” means that authentication key distribution is prohibited when the local area network is built in “office”, but authentication key distribution is not prohibited in other locations. It is shown that. This “effective location” is related to the security level of power line communication performed in the local area network. When this security level is high, the effective location is “all”. The “information source” indicates a provider of information of each device constituting the black list. Specifically, either an SP (service provider) or a user is recorded.

  Information constituting the black list 28 can be transmitted by a communication carrier to devices in the local area network via the Internet. The registered device that has received the information transmits the information to all other registered devices, and each device that has received the information updates the black list held by itself. In this case, since the information constituting the black list 28 is transmitted from outside the local area network to all registered devices in the local area network, the user does not need to create or update the information.

  The information constituting the black list 28 may be input (added, deleted, or changed) by the user. In this case, the user inputs the information from the input means of the personal computer using the dedicated tool of the personal computer connected to the registered device in the local area network, and transmits it to the registered device after the input. This transmitted information is transmitted to all other registered devices, and the black list is updated. According to this configuration, since the user can input information constituting the black list 28 from the terminal device, the user can obtain information on a device having a risk of causing communication failure obtained from a website or the like in the black list 28. Can be added.

[Device registration method]
Next, an example of a procedure for device registration according to the present invention will be described with reference to FIGS. FIG. 3 is a sequence diagram showing a procedure for device registration according to an embodiment of the present invention, in which an authentication key is distributed. FIG. 4 is a sequence diagram showing a case in which authentication key distribution is also rejected. is there.

  3 to 4, the center is a newly-registered unregistered device, the left is an arbitrary registered device A, and the right is another registered device B. In the present embodiment, the modems 7, 8, and 9 each have a common authentication key 27 and black list 28, and the authentication key 27 can be distributed from any modem. of the already registered device a ", although not determined any in advance, it means one button press of the existing modem 7, 8, 9 is pressed. The “other registered device B” means a modem other than the registered device A. Note that the modem, which is an unregistered device, has the same internal configuration as the modems 7 to 9 and has a push button switch.

  (1) First, the user first presses a push button of a modem that is an unregistered device. As a result, the modem transmits a registration request message by broadcasting for a predetermined time. The registration request message includes information such as a MAC address that can identify or identify a device (hereinafter referred to as “device identification information”).

  (2) Next, the user selects one of the modems 7, 8, and 9 that is in the vicinity of the unregistered modem and presses the push button. For example, if the modem 9 is nearby and the push button 94 is pressed, the modem 9 becomes the registered device A, and enters a registration request message reception state for a certain period of time. There is a time delay from when the push button of the unregistered modem is pushed to when the push button 94 of the modem 9 is pushed, but the time delay is small because it is close, and before the transmission of the registration request message times out. , Can enter the reception system with a margin and receive the registration request message.

  On the other hand, registration request messages are also broadcasted to other modems 7 and 8 that are already registered devices B, but reception of registration request messages by these modems 7 and 8 that are not ready to receive registration request messages. Not done. Similarly, a registration request message may be delivered by broadcast to a modem in the house of another adjacent person, but no reception is performed.

  (3) Next, the arithmetic processing unit of the modem 9 as an already registered device collates the device identification information of the unregistered modem with the black list stored in the nonvolatile memory of the modem 9. If the device identification information of the unregistered modem is not included in the black list as a result of the collation, the authentication key is distributed toward the unregistered modem as shown in FIG. On the other hand, when the device identification information of the unregistered modem is included in the blacklist, as shown in FIG. 4, the modem 9 rejects the authentication key distribution to the unregistered modem. To be notified. Since the unregistered modem cannot receive the authentication key, it cannot perform power line communication within the local area network.

  (4) When an authentication key is distributed to an unregistered modem (FIG. 3), the modem that has received the authentication key returns a receipt report to the modem 9 of the distribution source.

  (5) Upon receiving the receipt report, the modem 9 knows that the distribution of the authentication key has been completed normally, and adds the device information of the unregistered modem to the network list it already has, and creates a new network list. create.

  (6) Then, the modem 9 broadcasts (notifies) the created new network list to all the modems (including unregistered modems) other than itself.

  (7) The modem that is an unregistered device receives and holds the new network list, and the modems 7 and 8 that are other registered devices B update the network list that has been held so far to the new network list. Thereby, the registration of the unregistered device is completed. The network list includes, for example, the MAC address of each modem.

  In the above-described embodiment, all the registered devices in the local area network have the authentication key and the blacklist. However, when the location of the parent device is easy to understand and the approach is easy, Only the base unit may have an authentication key and a black list. In this case, when registering a modem that is an unregistered device in the local area network, it is necessary to press the modem push button that is the unregistered device and the push button of the modem that is the parent device.

  The order of pressing the push buttons for starting the registration operation may be the reverse of the above-described embodiment. That is, after pressing the push button of any registered device, the push button of the unregistered device may be pushed. In this case, an already registered device enters a state of receiving a registration request message for a certain time by pressing a push button, and the push button of the unregistered device is pressed within this certain time, and a registration request from the unregistered device is received. When the registered device receives the message, the registered device enters the verification operation described above.

  Further, as the information for determining whether or not the authentication key can be distributed, a list (white list) including device identification information of devices that may be permitted to distribute the authentication key can be used instead of the black list. In this case, the user or administrator of the local area network enters in advance a white list of identification information of devices that may be connected to the local area network, and for the devices listed in the white list. Only the authentication key is distributed. Therefore, since the authentication key is not distributed to the above-mentioned problematic devices, as in the case of using a blacklist, it is necessary to prevent the confidentiality of power line communication and the connection to the local area network of the devices that hinder normal operation. Can do.

  It should be noted that the embodiment disclosed this time is merely an example in all respects and is not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the meanings described above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

For example, in a detached house, it is a connection diagram showing a local area network constructed by power line communication. It is an apparatus block diagram of one Embodiment of the power line communication apparatus of this invention. FIG. 9 is a sequence diagram showing a case of device registration according to an embodiment of the present invention, in which an authentication key is distributed. FIG. 10 is a sequence diagram showing a case of device registration procedures according to an embodiment of the present invention, in which authentication key distribution is rejected. It is a figure which shows the example of a black list.

Explanation of symbols

6 Indoor wiring (power line)
7, 8
DESCRIPTION OF SYMBOLS 9 Modem 23 Power supply part 24 PLC transmission / reception part 25 Arithmetic processing part 26 Non-volatile memory 27 Authentication key 28 Black list 29 Network list 30 Coupler 32 Ether switching transmission / reception part

Claims (6)

A device registration method for power line communication in a local area network using a power line as a signal transmission path,
Based on a registration request for an unregistered device that does not have an authentication key, a registered device that is registered in the local area network and that has the authentication key distributes the authentication key to the unregistered device; and A registered device includes the step of registering the unregistered device in a local area network;
In the step of distributing the authentication key, device identification information that can identify the unregistered device is compared with determination information that is included in the registered device that has the authentication key and for determining whether or not the authentication key can be distributed. A device registration method for power line communication, which determines whether or not an authentication key can be distributed.   2. The device registration method for power line communication according to claim 1, wherein the determination information is distribution prohibited device information that can identify a device for which authentication key distribution is prohibited. All registered devices in the local area network have the authentication key and determination information,
In the authentication key distribution step, an unregistered device that does not have an authentication key transmits a registration request message for obtaining an authentication key based on a predetermined operation. The device registration method for power line communication according to claim 1 or 2, wherein an arbitrary registered device registered in an area network and having the authentication key enters a state of receiving the registration request message.   The determination information is transmitted from outside the local area network into the local area network, and a registered device that has received the determination information transmits the determination information to all other registered devices. Registration method for power line communication.   The determination information is input by an operation of the input unit of a terminal device having an input unit connected to a registered device in the local area network, and the determination information transmitted to the registered device after the input is input. The device registration method for power line communication according to claim 3, wherein the device registration method is transmitted to all other registered devices. A power line communication device to constitute a local area network using a power line as a signal transmission path,
When the power line communication device has an authentication key, when distributing the authentication key to the unregistered device based on a registration request of an unregistered device not having the authentication key, the unregistered device is identified. It has a function of collating the device identification information to be obtained with the determination information for determining whether or not the authentication key can be distributed, which the registered device having the authentication key has, and determining whether or not the authentication key can be distributed A power line communication device.

Images