JP2010041605A - Device for controlling external connection of indoor apparatus - Google Patents

Abstract

The present invention realizes limited connection control in which a user can access a home device permitted in advance but cannot access other home devices.
Means for managing an application identifier for specifying a service, a user identifier for specifying a user, and a device identifier for specifying an in-home device, a user identifier for specifying a user, and a usage Means for associating and managing the home gateway address of the home gateway device in the customer's home, the device identifier for identifying the home device, and the device address, and the device identifier or device in response to the notification of device information change from the home gateway device Means for updating the address, and means for responding to the corresponding home gateway address and device address based on information to be managed when receiving a device information acquisition request accompanied by a user identifier and a device identifier from the service providing device With.
[Selection] Figure 1

Description

  The present invention relates to a technique used in an information home appliance connection system or the like for connecting to a home device from a remote terminal.

  Connect to devices such as digital cameras and sensors at home by connecting from a remote terminal to the home, such as digital cameras and sensors, while connecting to a device such as a video deck from the remote terminal. Video reservation services that perform recording reservation operations have been proposed.

In general, a home gateway is installed at the connection point with the Internet in the home to securely access devices connected to the home network from devices outside the home connected to the Internet. A method of accessing home devices from the center system is used (see Patent Document 1 and the like). In this system, filtering information is set in advance in the firewall of the home gateway so that a specific external device and a home device can be securely connected.
JP 2001-156777 A

  Conventional information home appliance connection systems and the like have been configured as described above, but the following problems have been pointed out.

  That is, since the home gateway sets the IP address of the center system that provides the service as filtering information, it is necessary to prepare a home gateway for each application (service). Therefore, when using a large number of services, it is necessary to install a large number of home gateways in the house, and there is a problem that the location is troublesome and the management becomes complicated.

  In addition, all devices connected to the home gateway via the home network can be referred to from the application provider side, causing a security problem.

  In view of the conventional problems described above, when a user uses various services provided by an application service provider or the like, a plurality of in-home devices are connected to a home gateway installed in the user's home. Even in the situation, it is an object to realize limited connection control in which a user can access a home device permitted in advance but cannot access other home devices.

  In the in-home equipment external connection management device according to one embodiment, an application identifier for specifying a service provided by a service providing device, a user identifier for specifying a user, and a home device used by the user when using the service are specified. Means for associating and managing device identifiers, a user identifier for identifying a user, a home gateway address of a home gateway device in the user's home that the user uses when using the service, and a service provided by the user A device identifier for specifying a home device to be used at the time of use and a device address of the home device in association with each other, and a device information change notification received from the home gateway device to update the device identifier or the device address With a user identifier and a device identifier from the service providing device When receiving the vessel information acquisition request, and a means responsive to the home gateway address and device address corresponding based on the information managed.

  In the service providing apparatus according to one embodiment, an application identifier that identifies a service to be provided, a user identifier that identifies a user, and a device identifier that identifies a home device that the user uses when using the service are associated with each other. And a means for acquiring a corresponding device identifier based on information to be managed when a connection request to a home device with an application identifier and a user identifier is received from a remote terminal operated by the user; From the home device external connection management device that specifies the acquired device identifier and user identifier and manages the user identifier, the home gateway address of the home gateway device, and the device identifier of the home device in association with each other, the corresponding home gateway Means for obtaining address and device address, and obtained home gate To the home gateway device Eiadoresu, and means for performing a connection request to the home device corresponding to specify the device address.

  In the home gateway device which is one embodiment, the home gateway device, the device identifier of the home device connected to the home gateway device, the unit address of the home device and the device address of the home device are associated with each other and connected to the home gateway device When a change occurs in the device information of the home device, the home device external connection management device that manages the user identifier, the home gateway address of the home gateway device, the device identifier of the home device, and the device address of the home device in association with each other On the other hand, it comprises means for notifying device information change and means for permitting external connection only for the corresponding in-home device when a connection request with a device address is received from the service providing apparatus.

  In the disclosed technology, when users use various services provided by application service providers, etc., multiple home devices are connected to the home gateway installed in the user's home In this case, it is possible to realize limited connection control that allows access to in-home devices that the user has permitted in advance but cannot access other in-home devices.

  Hereinafter, preferred embodiments of the present invention will be described.

<Configuration>
FIG. 1 is a diagram showing a configuration example of a system according to an embodiment of the present invention.

  In FIG. 1, a user home 1 includes a home gateway (HGW) 11 connected to a network 2 such as the Internet, and home devices 13 </ b> A to 13 </ b> A connected to the home gateway 11 via a wired or wireless home network 12. 13C,... Are provided. The in-home devices 13A to 13C are information home appliances such as a video deck and a digital camera, various sensors, etc., corresponding to IP (Internet Protocol), and individually assigned IP addresses (fixed or dynamically assigned). It is done.

  The home gateway 11 is provided with a center server connection management unit 111 for connecting to a center server (home device external connection management device) 3 to be described later via the network 2. In addition, the home gateway 11 includes a home device information management unit that stores and manages device information of the home devices 13A to 13C connected to the home gateway 11 via the home network 12 in the home device information database 113. 112, and a home device connection management unit 114 that permits or prohibits connection from the external device via the network 2 to the home devices 13A to 13C,.

  On the other hand, a center server 3 managed by a communication carrier or the like and a plurality of application servers (service providing devices) 4 managed by an application service provider or the like are connected to the network 2. The managers of the center server 3 and the individual application servers 4 may be the same or different.

  The center server 3 includes an application server connection management unit 31 that connects to the application server 4 via the network 2, and a home gateway connection management unit that connects to the home gateway 11 of the user premises 1 via the network 2. 32 is provided. In addition, the center server 3 includes an application information management unit 33 that stores and manages home device information for each application (service) in the home information database 34 for each application, and home device information for each user. A user information management unit 35 that is held and managed in the database 36 is provided.

  The application server 4 includes a remote terminal connection management unit 41 that performs connection (via a mobile communication system or the like) with a remote terminal 5 possessed by a user, and a center that performs connection with the center server 3 via the network 2. A server connection management unit 42 is provided. In addition, the application server 4 is provided with a user registration information management unit 43 that holds and manages information for each service contractor in the information database 44 for each service contractor.

  In the present embodiment, the application server 4 is separated from the center server 3 and the application server 4 that control connection to the home devices 13 (13A to 13C,...) Accommodated in the home gateway 11 installed in the user home 1. The server 4 is a secure connection method in which only information related to the user's home device 13 permitted by the center server 3 can be referred to. When the application server 4 provides a service, the center server 3 is requested to control the home gateway 11 installed in the user premises 1 and establishes a connection route so that it can be used with the remote terminal 5 or the application server 4. A connection is made with the home device 13 in the customer's home 1.

  FIG. 2 is a diagram showing an example of the home device information database 113 in the home gateway 11, “home gateway address” indicating the IP address of the home gateway 11, and home devices connected to the home gateway 11 via the home network 12. 13 includes an item “device identifier” indicating an identifier 13 and an “IP address” indicating an IP address of the home device 13. The “home gateway address” may be stored separately from the home appliance information database 113. The “device identifier” and “IP address” are added / deleted by adding / removing the home device 13 in the user home 1.

  FIG. 3 is a diagram showing an example of the application-specific in-home information database 34 in the center server 3. The “application identifier” indicating the identifier of the application (service), the “user identifier” indicating the identifier of the user, There are items of “device identifier” indicating an identifier of the home device 13 to be used and “valid identifier” indicating an identifier of a valid device that is the home device 13 used for the application. Note that the initial contents of the application-specific home information database 34 are set by an operator's operation based on a user's application or a user's direct operation from a Web page or the like. The “valid identifier” is set by notification from the home gateway 11.

  FIG. 4 is a diagram showing an example of the home information database 36 for each user in the center server 3. “User identifier” indicating the user identifier, “Home gateway address” indicating the IP address of the home gateway 11, It has items of “device identifier” indicating the identifier of the device 13 and “IP address” indicating the IP address of the home device 13. Of the items in the home information database 36 for each user, the “user identifier”, “home gateway address”, and “device identifier” are the operator's operations based on the user's application or the user's web page directly. Set by operation. The item “IP address” is set and updated based on a notification from the home gateway 11 in the user premises 1 by an operation described later.

  FIG. 5 is a diagram showing an example of the information database 44 for each service contractor in the application server 4. For each application server 4 specified by the application identifier, a “user identifier” indicating a user identifier, a home device 13. And “valid identifier” indicating the identifier of the valid home device 13. In the figure, (a) and (b) show the service contractor information database 44 of different application servers 4.

<Operation>
FIG. 6 is a sequence diagram showing a processing example when updating in-home information in the above embodiment.

  In FIG. 6, when the in-home device 13 is added / removed or the IP address is changed in the user home 1 and the home device information management unit 112 of the home gateway 11 recognizes this, the home device information management unit 112 displays the center server. The connection management unit 111 is notified of changes in home device information (step S101).

  In response to this, the center server connection management unit 111 starts connection with the home gateway connection management unit 32 of the center server 3 and performs authentication processing by EAP (Extensible Authentication Protocol) or the like (step S102).

  If the authentication is successful, the center server connection management unit 111 in the user home 1 notifies the home gateway connection management unit 32 in the center server 3 of the change in home device information (step S103). This notification includes the home gateway address (notification source), the changed device identifier, and the device address (IP address).

  In response to this, the home gateway connection management unit 32 requests the user information management unit 35 to register the changed home device information database (step S104). The user information management unit 35 registers the home device information in the home information database 36 for each user.

  Next, the user information management unit 35 requests the application information management unit 33 to reflect the changed home device information database (step S105). The application information management unit 33 reflects the home device information in the home information database 34 for each application.

  On the other hand, as a periodic process, the application information management unit 33 of the center server 3 determines whether there is a change in home device information to be notified to the application server 4. A change in home device information is notified (step S111).

  In response to this, the application server connection management unit 31 starts connection with the center server connection management unit 42 of the application server 4 and performs authentication processing by EAP or the like (step S112).

  If the authentication is successful, the application server connection management unit 31 of the center server 3 notifies the center server connection management unit 42 of the application server 4 of the change in home device information (step S113).

  In response to this, the center server connection management unit 42 requests the user registration information management unit 43 to reflect the home appliance information database (step S114). The user registration information management unit 43 reflects the in-home device information in the service subscriber information database 44.

  7A and 7B are sequence diagrams illustrating an example of processing when using a service from the remote terminal 5 in the above embodiment.

  7A and 7B, when the user starts connection from the remote terminal 5 to the remote terminal connection management unit 41 of the application server 4, authentication processing by EAP or the like is performed (step S201).

  If the authentication is successful, the remote terminal 5 makes a connection request to the home device to the remote terminal connection management unit 41 of the application server 4 (step S202). This request includes an application identifier, a user identifier, and a remote terminal IP address. Here, as an example, application identifier: AID01, user identifier: P1, and remote terminal IP address: IPa1.

  In response to this, the remote terminal connection management unit 41 makes a connection control request to the user registration information management unit 43 (step S203). This request includes an application identifier, a user identifier, and a remote terminal IP address.

  Then, the user registration information management unit 43 confirms user registration based on whether or not the combination of the passed application identifier and user identifier is registered in the information database 44 for each service contractor. Acquires the corresponding device identifier (step S204). In the above example, since the application identifier: AID01 and the user identifier: P1 are registered in the service contractor information database 44 of FIG. 5A, it is determined that the user registration is valid, and the corresponding device Identifiers: EQ11 and EQ14 are acquired.

  Next, the user registration information management unit 43 makes a connection control request to the center server connection management unit 42 (step S205). This request includes a user identifier, a device identifier, and a remote terminal IP address.

  In response, when the center server connection management unit 42 starts connection with the application server connection management unit 31 of the center server 3, the center server connection management unit 42 performs authentication processing by EAP or the like (step S 206).

  If the authentication is successful, the center server connection management unit 42 of the application server 4 makes a device information acquisition request to the application server connection management unit 31 of the center server 3 (step S207). This request includes a user identifier and a device identifier.

  In response, the application server connection management unit 31 makes a device information acquisition request to the user information management unit 35 (step S208). This request includes a user identifier and a device identifier.

  In response to this, the user information management unit 35 acquires a home gateway address and a home device IP address from the passed user identifier and device identifier (step S209). In the above example, the home gateway address: HGW1 and the home device IP address: IP11, IP14 are acquired from the per-user home information database 36 shown in FIG. 4 based on the user identifier: P1 and the device identifiers: EQ11, EQ14.

  Next, the user information management unit 35 responds to the application server connection management unit 31 with the acquired home gateway address and home appliance IP address (step S210).

  In response to this, the application server connection management unit 31 returns a home gateway address and a home device IP address to the home gateway connection management unit 32 (step S211).

  In response to this, when the home gateway connection management unit 32 of the center server 3 starts connection with the center server connection management unit 111 of the home gateway 11, authentication processing by EAP or the like is performed (step S212).

  If the authentication is successful, the home gateway connection management unit 32 makes a connection control request to the center server connection management unit 111 (step S213). This request includes the home device IP address and the remote terminal IP address.

  In response, the center server connection management unit 111 makes a connection control request to the in-home device connection management unit 114 (step S214). This request includes the home device IP address and the remote terminal IP address.

  In response, the in-home device connection management unit 114 establishes a connection path from the corresponding remote terminal 5 to the in-home device 13 (step S215), and notifies the center server connection management unit 111 of completion (step S216). The completion notification is sent from the center server connection management unit 111 to the home gateway connection management unit 32, application information management unit 33, application server connection management unit 31, center server connection management unit 42, user registration information management unit 43, remote terminal connection management. Is transmitted to the unit 41 and the remote terminal 5 (steps S217 to S223).

  Receiving this, the remote terminal 5 starts connection to the home device 13 and performs authentication processing by EAP or the like (step S224).

  If the authentication is successful, communication is performed between the remote terminal 5 and the home device 13 (step S225), and data transmission from the home device 13 to the remote terminal 5 or data from the remote terminal 5 to the home device 13 is performed. Transmission is performed. For example, in the case of a security service, an image or sensor signal around the home can be confirmed on the remote terminal 5 from the home device 13 such as a digital camera or a sensor. In the case of a video reservation service, a recording reservation operation or the like can be performed from the remote terminal 5 on the home device 13 such as a video deck. The in-home device connection management unit 114 of the home gateway 11 releases the connection path when communication is not performed for a predetermined time (step S226).

  FIG. 8 is a diagram showing an example of an authentication sequence by EAP that can be used for authentication processing performed in each place of FIGS. 6 and 7A.

  In FIG. 8, when the EAP start is notified from the requesting side X to the authentication side Y (step S301), the authentication side Y requests the requesting side X for EAP Identity (step S302).

  In response, when the EAP Identity is transmitted from the requesting side X to the authenticating side Y (step S303), the authenticating side Y transmits a RADIUS access request and EAP Identity to the authentication server Z (step S304).

  In response to this, when the authentication server Z notifies the authentication side Y of the RADIUS access challenge and the start of EAP-TLS (step S305), the authentication side Y notifies the requesting side X of the start of EAP-TLS (step S305). S306).

  In response to this, the requesting side X makes a client response to the authentication side Y (step S307), and the authentication side Y makes a client response to the authentication server Z (step S308).

  In response to this, the server response and the server certificate are transmitted from the authentication server Z to the authentication side Y and the request side X (steps S309 and S310).

  In response to this, a client certificate and authentication completion are transmitted from the requesting side X to the authentication side Y and the authentication server Z (steps S311 and S312).

  In response to this, the authentication server Z notifies the authentication side Y and request side X of the notification of the encryption specification and the end of authentication (steps S313 and S314).

  In response, the request side X responds to the authentication side Y and the authentication server Z (steps S315 and S316).

  In response to this, the authentication server Z notifies the authentication side Y of RADIUS access / accept and EAP success (step S317), and the authentication side Y notifies the requesting side X of EAP success (step S318). Then, the authentication side Y notifies the requesting side X of the WEP key (step S319), and communication in a secure environment is started. The same sequence is performed for re-authentication.

<Summary>
As described above, the present embodiment has the following advantages.
(1) Even when a user subscribes to a plurality of services, the user can safely use the service with only one home gateway that accommodates devices that can be connected to the home IP.
(2) Since application service providers can provide application services without building their own secure network, it is possible for new application providers to enter and capital investment can be reduced. Therefore, the provision of various IP network use services in the future can be promoted, and it can be expected that the number of subscribers to telecommunications carriers will increase and application services will be enhanced.
(3) When the number of in-home devices increases or decreases, or when the IP address of the in-home device changes, only in the case of a change in in-home device information that can be used by an external application system, the communication traffic is sent to notify the change Can be reduced.

  The present invention has been described above by the preferred embodiments of the present invention. While the invention has been described with reference to specific embodiments, various modifications and changes may be made to the embodiments without departing from the broad spirit and scope of the invention as defined in the claims. Obviously you can. In other words, the present invention should not be construed as being limited by the details of the specific examples and the accompanying drawings.

It is a figure which shows the structural example of the system concerning one Embodiment of this invention. It is a figure which shows the example of a household appliance information database. It is a figure which shows the example of a home information database for every application. It is a figure which shows the example of an in-home information database for every user. It is a figure which shows the example of the information database for every service contractor. It is a sequence diagram which shows the process example at the time of in-home information update. It is a sequence diagram (the 1) which shows the example of a process at the time of service utilization from a remote terminal. It is a sequence diagram (the 2) which shows the example of a process at the time of service use from a remote terminal. It is a figure which shows the example of the authentication sequence by EAP.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 User's home 11 Home gateway 111 Center server connection management part 112 Home equipment information management part 113 Home equipment information database 114 Home equipment connection management part 12 Home network 13, 13A-13C Home equipment 2 Network 3 Center server 31 Application server connection management Unit 32 Home gateway connection management unit 33 Application information management unit 34 In-home information database for each application 35 User information management unit 36 In-house information database for each user 4 Application server 41 Remote terminal connection management unit 42 Center server connection management unit 43 User registration Information Management Department 44 Information database for each service contractor 5 Remote terminal

Claims (6)

Means for associating and managing an application identifier for identifying a service provided by a service providing apparatus, a user identifier for identifying a user, and a device identifier for identifying a home device used by the user when using the service;
A user identifier that identifies a user, a home gateway address of a home gateway device in a user's home that the user uses when using the service, a device identifier that identifies a home device that the user uses when using the service, Means for associating and managing the device address of the home device;
Means for receiving a notification of device information change from the home gateway device and updating the device identifier or device address;
And a means for responding a corresponding home gateway address and device address based on information to be managed when a device information acquisition request accompanied by a user identifier and a device identifier is received from a service providing device. Home appliance external connection management device. Managing an application identifier that identifies a service provided by a service providing apparatus, a user identifier that identifies a user, and a device identifier that identifies a home device that the user uses when using the service;
A user identifier that identifies a user, a home gateway address of a home gateway device in a user's home that the user uses when using the service, a device identifier that identifies a home device that the user uses when using the service, A process of associating and managing the device address of the home device;
Receiving the notification of device information change from the home gateway device and updating the device identifier or device address;
A step of responding a corresponding home gateway address and device address based on information to be managed when a device information acquisition request accompanied by a user identifier and a device identifier is received from a service providing device. Home device external connection management method. Means for managing an application identifier that identifies a service to be provided, a user identifier that identifies a user, and a device identifier that identifies a home device that the user uses when using the service;
Means for acquiring a corresponding device identifier based on information to be managed when a connection request to a home device with an application identifier and a user identifier is received from a remote terminal operated by a user;
Specify the acquired device identifier and user identifier, and the corresponding home gateway address from the home device external connection management device that manages the user identifier, the home gateway address of the home gateway device, and the device identifier of the home device in association with each other And means for obtaining the device address;
A service providing apparatus comprising: means for specifying a device address and requesting connection to a corresponding in-home device for the home gateway device having the acquired home gateway address. Managing an application identifier that identifies a service to be provided, a user identifier that identifies a user, and a device identifier that identifies a home device that the user uses when using the service;
When receiving a connection request to a home device with an application identifier and a user identifier from a remote terminal operated by a user, obtaining a corresponding device identifier based on information to be managed;
Specify the acquired device identifier and user identifier, and the corresponding home gateway address from the home device external connection management device that manages the user identifier, the home gateway address of the home gateway device, and the device identifier of the home device in association with each other And obtaining the device address;
A service provision management method comprising: a step of designating a device address and requesting connection to a corresponding in-home device for the home gateway device having the acquired home gateway address. Means for managing the home gateway address of the home device, the device identifier of the home device connected to the home device, and the device address of the home device in association with each other;
A home that manages the user identifier, the home gateway address of the home gateway device, the device identifier of the home device, and the device address of the home device in association with changes in the device information of the home device connected to itself Means for notifying device external connection management device of device information change;
A home gateway device comprising means for permitting external connection only for a corresponding home device when a connection request with a device address is received from a service providing device. Managing the home gateway address of the home device, the device identifier of the home device connected to the home device, and the device address of the home device in association with each other;
A home that manages the user identifier, the home gateway address of the home gateway device, the device identifier of the home device, and the device address of the home device in association with changes in the device information of the home device connected to itself A step of notifying the device external connection management device of device information change;
A home gateway management method comprising: a step of permitting external connection only for a corresponding home device when a connection request with a device address is received from a service providing device.

Images