JP2005341238A - Remote control system using electronic message - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent alteration of a command message by a malicious third party or pretending a normal transmitter in a remote control system using an electronic message which receives the electronic message, and performs control corresponding to the message content. <P>SOLUTION: The system includes an electronic message receiver 101, a user table 105 which corresponds a transmitter identifier and a user password, a password extractor 106 which extracts the user password corresponding to the transmitter identifier of the command message from the user table 105, a MAC (Media Access Control) calculator 107 which calculates a message authentication code based on a part of data registered in the command message and the extracted user password, a message authentication part 108 which compares the message authentication code and performs message authentication, and a command processor 111 which performs processing of the authenticated command message. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a remote control system that receives an electronic message transmitted from an information terminal having a message transmission function and performs control according to the content of the message, and in particular, authentication of the sender and content of the received message. The present invention relates to an excellent remote control system.

  An electronic message sent from a message sending terminal such as a cellular phone or PHS (Personal Handy System) equipped with a message sending function is received and analyzed by a receiving device equipped with a function for receiving the message, and the message receiving device itself Alternatively, Patent Document 1 discloses a computer system in which a control target terminal connected to the receiving apparatus performs various operations according to analysis contents.

In this patent document 1, the sender's authentication ID and password are registered in an electronic message transmitted from the message transmission terminal, and the message reception device uses a combination of the authentication ID and password registered in advance as the received message. The received message is authenticated based on whether it matches the combination of the authentication ID and password registered in.
Japanese Patent Laid-Open No. 2002026717

  In the above-described prior art, the sender identifier and password are registered in the electronic message transmitted from the message transmission terminal. Therefore, a malicious third party who has received the message has altered the message content or is authorized. It was possible to send an illegal message impersonating the sender.

  In addition, when the sender uses a terminal that has an email transmission function such as a mobile phone or a personal computer as a message transmission terminal and a terminal that has only a short mail (SMS) transmission function, the sender has an email transmission function. In the electronic message transmitted from the terminal, the mail address is registered as the sender identifier. In contrast, a sender telephone number is registered as a sender identifier in an electronic message transmitted from a terminal having a short mail transmission function. Therefore, in the data table for managing the sender information, an entry of the same sender must be created for each sender identifier, so that not only a large storage capacity is required but also the data management becomes complicated. End up.

  A first object of the present invention is to provide a system that can reliably prevent command message tampering by a malicious third party and impersonation of a legitimate sender.

  A second object of the present invention is to provide a system capable of managing sender identifiers that are different for each electronic message format with a common identifier even though the senders are the same.

  In order to achieve the first object described above, the present invention is characterized in that the following measures are taken.

  (1) Means for receiving an electronic message including at least a sender identifier, a user table associating a sender identifier with a user password, and whether or not the received message is a command message including a control command and a message authentication code. A message based on the means for identifying, the means for extracting a user password corresponding to the sender identifier of the command message from the user table, a part of the data registered in the command message and the extracted user password Means for calculating an authentication code; means for comparing the message authentication code registered in the command message with the calculated message authentication code; and authenticating the message; and registering in the authenticated command message Control commands Characterized in that it comprises a management command processing means.

  (2) In a remote control system using an electronic message, a means for receiving a command message including at least a sender identifier and a control command and a plurality of sender identifiers assigned to the same sender are uniquely assigned to each sender. A means for associating with the common identifier, an execution authority table for managing presence / absence of the execution authority of the control command for each combination of the common identifier and the control command, and a sender identifier of the received command message An execution authority determination unit that determines the presence or absence of an execution authority based on a common identifier, and a command processing unit that processes a control command registered in a command message transmitted from a sender having the execution authority. And

According to the present invention, the following effects are achieved.
(1) Since the password is not registered in the command message, it is possible to prevent a malicious third party from falsifying the command message and impersonating the authorized sender.
(2) Since the sender identifier that is different for each electronic message format can be managed by a common identifier even though the sender is the same, the storage capacity can be saved and the data management can be simplified.

  Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a block diagram of a remote control system using an electronic message according to the present invention, in which a mail message or a command message is transmitted from a message transmission terminal 2, and these electronic messages are transmitted to a radio base station 3 and a network 5. Is received by the message processing device 1. In each electronic message, a sender identifier (ID) is registered, text data is further registered for a mail message, and a control command and a message authentication code (MAC) are further registered for a command message.

  The format of the sender identifier depends on the transmission form of the message. In the case of E-mail, it becomes a mail address unique to the sender, and in the case of short mail communication (SMS), it becomes the sender telephone number of the message transmission terminal 2. The message authentication code (MAC) is obtained by executing a known calculation on a password already registered in the message transmitting terminal 2 or manually input by the user and a data string in a predetermined area of the received message. If the received message is a command message including a control command, the message processing device 1 interprets the control command and executes it, or transfers the control command to the control device 4 at the next stage and executes it. Each control device 4 interprets and executes the control command transferred from the message processing device 1.

  FIG. 2 is a functional block diagram of the message processing device 1. The message receiving unit 101 receives a mail message or a command message transmitted from the message transmitting terminal 2 via a network. The message identifying unit 102 identifies whether the received message is a mail message or a command message based on a data string registered at a predetermined position of the received message. The mail processing unit 103 decodes the mail message and outputs the content of the message to the display unit 104.

  In the user table 105, as exemplified in FIG. 6, a plurality of entries that associate a sender identifier (ID) with a user password are registered in advance. The password extraction unit 106 extracts a user password corresponding to the sender identifier of the command message from the user table 105. The MAC calculation unit 107 calculates a message authentication code (MAC) based on the data string registered in a predetermined area of the command message and the extracted user password. The message authentication unit 108 compares the message authentication code registered in the command message with the calculated message authentication code, and authenticates the message based on whether or not they match.

  In the execution authority table 109, as shown in an example in FIG. 7, for each combination of a sender identifier and a control command, a plurality of entries associated with an execution authority flag indicating the presence or absence of the execution authority of the control command are registered. ing. The execution authority determination unit 110 searches the execution authority table 109 based on the combination of the sender identifier of the authenticated command message and the control command, and refers to the execution authority flag associated with the combination. If the execution authority flag is set, the command processing unit 111 is notified of the authority. If the execution authority flag is reset, the command processing unit 111 is notified of no authority.

  When the command processing unit 111 receives the authority notification from the execution authority determining unit 110, the command processing unit 111 executes the control command registered in the command message by itself, or sends the control command to the control device 4 at the next stage. Forward with identifier. The command processing result in the command processing unit 111 is registered in the log file 112 together with a time stamp.

  FIG. 3 is a functional block diagram of the control device 4. The receiving unit 401 receives the sender identifier and the control command transferred from the message processing device 1. In the execution authority table 409, an execution authority flag is registered for each combination of the sender identifier and the control command. The execution authority determination unit 410 searches the execution authority table 409 based on the received combination of the sender identifier and the control command, and refers to the execution authority flag associated with the combination. If the execution authority flag is set, the command processing unit 411 is notified of the authority. If the execution authority flag is reset, the command processing unit 411 is notified of no authority. When the command processing unit 411 receives the authority notification from the execution authority determining unit 410, the command processing unit 411 executes the control command.

  Next, the operation of the present embodiment will be described along the flowchart of FIG. When an electronic message is received by the message receiving unit 101 in step S1, the message processing apparatus 1 determines whether the message is a mail message or a command message in the message identification unit 102 in step S2. . In the present embodiment, as shown in FIG. 5, a command identifier field, a control command field, and a MAC field are reserved in the data portion following the header portion of the message packet in the case of a command message. Special character codes that are not used in normal mail messages are registered in the field. Therefore, the message identification unit 102 refers to an area corresponding to the command identifier field of the data part, and if a special character code is registered in the area, the received message is identified as a command message. If a normal character code is registered in the area, it is identified as a mail message. If it is identified as a mail message, the process proceeds to step S21, where the character code registered in the data part of the message packet is interpreted by the mail processing unit 103 and converted into a character string. In step S22, the character string is displayed on the display unit 104.

  On the other hand, if the received message is identified as a command message, the process proceeds to step S3, where the “sender identifier” registered in the header part of the message and the “control command” and “ MAC (1) "is read. In step S4, the password extraction unit 106 refers to the user table 105 based on the read sender identifier, and extracts a password associated with the sender identifier. In step S5, MAC (2) is calculated based on the data string registered in the predetermined area of the command message and the extracted password. In this embodiment, the “command identifier” and “control command” of the command message are adopted as the data string, and the MAC (2) is calculated based on the data string and the password.

  In step S6, the MAC (1) read from the command message is compared with the calculated MAC (2). If the two match, the content of the command message has not been tampered with, and the sender is authenticated as a legitimate sender, and the process proceeds to step S7. In steps S7 and S8, the execution authority table 109 is referenced based on the “sender identifier” and “control command” read from the command message. If the execution authority flag corresponding to the combination of the sender identifier and the control command is set, the execution authority determination unit 110 determines that the sender of the command message has the authority to execute the control command. Then, the process proceeds to step S9. In step S9, the command processing unit 111 processes the control command (executes itself or transfers it to the control device 4). In step S10, the command processing result is stored in the log file 112 together with a time stamp.

  In step S6, it is determined that the MAC (1) read from the command message does not match the calculated MAC (2), or in step S8, it is transmitted from a sender who does not have execution authority. If it is determined that the command message has been received, the process immediately proceeds to step S10 without processing the control command, and the processing result of the command is stored in the log file 112 together with a time stamp.

  According to this embodiment, since the password is not registered in the command message, it is possible to prevent the malicious third party from falsifying the command message and impersonating the authorized sender.

  FIG. 8 is a block diagram of a remote control system using an electronic message according to the second embodiment of the present invention. The same reference numerals as those described above represent the same or equivalent parts. In this embodiment, the registration contents of the user table 105a and the execution authority table 109a of the message processing apparatus 1 and the registration contents of the execution authority table 409a of the control device 4 are the same as the user table 105 and each execution authority table of the first embodiment. 109 and 409.

  In the user table 105a, as shown in an example in FIG. 9, a combination of a sender identifier and a password is further added as a common identifier. In the execution authority tables 109a and 409a, as shown in an example in FIG. 10, a combination of the common identifier and the control command is associated with an execution authority flag. The common identifier is a unique identifier for each sender that is given in common to entries of the same sender even if the entries have different sender identifiers.

  In other words, when a sender uses a terminal having an e-mail transmission function and a terminal having only a short mail (SMS) transmission function, an electronic message transmitted from a terminal having an e-mail transmission function is An email address is registered as the sender identifier. In contrast, a sender telephone number is registered as a sender identifier in an electronic message transmitted from a terminal having a short mail transmission function. Therefore, the message processing device 1 and the control device 4 must create and manage an entry of the same sender for each sender identifier in the execution authority tables 109 and 409.

  In the present embodiment, in order to eliminate such inconvenience, as shown in FIG. 9, even if the sender identifiers are different, the same sender is separately given a common identifier as a unique identifier, and thereafter Uses a common identifier to identify the sender.

  Regarding the control command to be processed by itself, the message processing device 1 determines the presence / absence of the authority by referring to the execution authority table 109a using the common identifier associated with the sender identifier, and the control command for which the authority is confirmed is the command On the other hand, regarding the control command to be processed by the processing unit 111 while being processed by the control device 4 at the next stage, the control command is transferred to the control device 4 together with the common identifier. In the control device 4, the execution authority table 409 a is referred to by using the received common identifier to determine the authority, and the command processing unit 411 processes the control command for which the authority is confirmed.

  According to the present embodiment, a sender identifier that is different for each electronic message format even though the sender is the same can be managed by a common identifier, so a data table for managing sender information (described above) In the embodiment, entries of the same sender can be combined into one in the execution authority table.

1 is a block diagram of a remote control system using an electronic message according to the present invention. 3 is a functional block diagram of the message processing device 1. FIG. 3 is a functional block diagram of a control device 4. FIG. It is the flowchart which showed the operation | movement of 1st Embodiment of this invention. It is a figure explaining the difference in the format of a command message and a mail message. It is the figure which showed an example of the user table. It is the figure which showed an example of the execution authority table. It is a block diagram of the remote control system using the electronic message which concerns on 2nd Embodiment of this invention. It is the figure which showed an example of the user table in 2nd Embodiment. It is the figure which showed an example of the execution authority table in 2nd Embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Message processing apparatus, 2 ... Message transmission terminal, 3 ... Wireless base station, 4 ... Control apparatus, 5 ... Network, 101 ... Message receiving part, 102 ... Message identification part, 103 ... Mail processing part, 104 ... Display part, 105 ... User table, 106 ... Password extraction unit, 107 ... MAC calculation unit, 108 ... Message authentication unit, 109 ... Execution authority table, 110 ... Execution authority determination unit, 111 ... Command processing unit, 112 ... Log file

Claims (8)

Means for receiving an electronic message including at least a sender identifier;
A user table that associates a sender identifier with a user password;
Means for identifying whether the received message is a command message including a control command and a message authentication code;
Means for extracting a user password corresponding to the sender identifier of the command message from the user table;
Means for calculating a message authentication code based on a part of the data registered in the command message and the extracted user password;
Means for comparing the message authentication code registered in the command message and the calculated message authentication code to authenticate the message;
A remote control system using an electronic message, comprising command processing means for processing a control command registered in the authenticated command message. For each combination of sender identifier and control command, an execution authority table that manages the presence or absence of the execution authority of the control command,
Execution authority determination means for determining whether or not a sender of the authenticated command message has the execution authority;
The remote control system using an electronic message according to claim 1, wherein the command processing means processes only a control command received from a sender having execution authority. Among the received messages, means for processing mail messages;
The remote control system using an electronic message according to claim 1 or 2, further comprising means for displaying a message content of the mail message.   4. The remote control system using an electronic message according to claim 1, wherein the command processing means executes a control command registered in the authenticated command message by itself.   4. The remote using electronic message according to claim 1, wherein the command processing means transfers a control command registered in the authenticated command message to a control device in the next stage. 5. Control system. Means for associating a plurality of sender identifiers assigned to the same sender with a unique common identifier for each sender;
The execution authority table manages the presence or absence of the execution authority of the control command for each combination of the common identifier and the control command,
The electronic message according to claim 2, wherein the execution authority determination unit determines whether or not the execution authority exists based on a common identifier associated with a sender identifier of the authenticated command message. Remote control system. In a remote control system using electronic messages,
Means for receiving a command message including at least a sender identifier and a control command;
Means for associating a plurality of sender identifiers assigned to the same sender with a unique common identifier for each sender;
For each combination of the common identifier and the control command, an execution authority table that manages the presence or absence of the execution authority of the control command;
Execution authority determination means for determining presence or absence of execution authority based on a common identifier associated with a sender identifier of the received command message;
A remote control system using an electronic message, comprising command processing means for processing a control command registered in a command message transmitted from a sender having the execution authority.   The said command processing means transfers the control command contained in the said authenticated command message to the next-stage control apparatus with the common identifier corresponding to the sender identifier, The control device of Claim 6 or 7 characterized by the above-mentioned. Remote control system using electronic messages.

Images