JP2004194313A - Server for routing connection to client apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an Internet connection system in which two-way communications between a domestic network and the Internet are made possible by a comparatively simple means and a maker manufacturing a client side network electrical appliance for domestic use or the like may find out an original added value. <P>SOLUTION: A method of connecting the client apparatus and a server is implemented in the Internet connection system having a client apparatus, a repeater, and a server which is connected to the Internet and to which the client apparatus is connected via the repeater and the Internet, and has steps of: notifying the repeater of an IP address of the server (a); establishing a TCP/IP session using tunneling connection between the repeater and the server by the repeater using the allocated IP address (b); and routing communication from the server through the TCP/IP session to the client apparatus by the repeater (c). <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

  The present invention provides a connection between a client device and a server that enables two-way communication between a home network and the Internet by relatively simple means under the current infrastructure environment where IPv4 (Internet Protocol version 4) has spread. The present invention relates to a method, a server used for the method, and a network-compatible home appliance.

  Generally, in a service providing environment through a public network centered on the Internet, the value of all information is collected not on the client side but on the server side.

  In other words, the terminal device as each client is basically merely a viewer for browsing information on the Internet. Also, each client issues various information requests to the Internet side, and the Internet side can obtain such information of each client. In other words, all information is collected on the Internet side, and the Internet side only provides fixed information unilaterally. For this reason, it is difficult for a maker that manufactures a client terminal to create added value.

  In order to change such a situation, it is necessary to reverse the access direction and reverse the positions of the server and the client. That is, when there is a home network connected to the Internet, it is necessary to create a state in which access to the home network is started from the Internet side and a service is provided from the home network side to the Internet side.

  For this purpose, it is necessary that each device connected to the home network can be uniquely identified from the internetwork side, and that routing problems in the home and security problems must be solved. IPv6 (Internet Protocol version 6: 6th generation Internet Protocol) is a technology that can solve such a problem and find one solution.

  However, in view of the current environment surrounding Japanese carriers and Internet service providers, it is expected that IPv6 will take a considerable amount of time to spread. For example, the amortization of currently used IPv4 equipment requires at least two to three years, and only a test service is provided.

  The only way for manufacturers to implement an IPv6-compatible network right now is to start with ISP-level services, but this is very costly and impractical for many manufacturers. Because the circumstances of home networks are various and very different, and the connection mechanism differs greatly depending on the carrier and ISP, a mechanism to absorb these differences and realize an IPv6 environment with a uniform approach. is necessary.

Although this does not deny the novelty or inventive step of the invention according to this application, the following prior art documents relate to the above-mentioned circumstances.
JP 2001-274845 A

  When trying to realize two-way access between a home network and the Internet as realized by an IPv6 network in a conventional IPv4 environment, there are the following problems.

  For example, in the current IPv4 environment, when installing network home appliances at home, the home appliances are connected to a router connected to the Internet through a home network. For this reason, the IP address of the network home appliance becomes a private address and cannot be accessed from other than the home network.

  Therefore, in the past, in order to access network home appliances at home, a dedicated router with a function to control network home appliances was used, or information for controlling network home appliances was once stored in a data center installed on the Internet. It had to be accumulated and polled from network home appliances to get it.

  However, when a dedicated router is used, the versatility is reduced and the cost is increased. When polling for control information, real-time access is not possible and the load on the network and the server increases.

  The present invention has been made in view of such circumstances, and enables two-way communication between a home network and the Internet by relatively simple means. It is intended to provide an Internet connection system that can find value.

  To achieve the above object, according to a first main aspect of the present invention, a client device, a relay device, and a server connected to an Internet network, wherein the client device is connected via the relay device and the Internet And (b) notifying the relay device of an IP address of the server, the method being executed in an Internet connection system having: Establishing a TCP / IP session by tunneling connection between the relay device and the server using the IP address allocated above; and (c) the relay device transmits the TCP / IP Routing communications over the IP session to the client device. It is provided.

  According to such a configuration, all communications relating to client devices such as network home appliances are performed via the server on the Internet regardless of the carrier or ISP. And the server can be freely set and controlled by the server owner. As a result, it is possible to solve all the problems of the individual recognition of the client device in the private network from the server on the Internet, the home routing and the security, which are the conventional problems, and realize the construction of an extremely open and closed network. Becomes possible.

  According to one embodiment of the present invention, the relay device is installed in each client device.

  According to another embodiment, in the step (a), the relay device connects to a tunnel mediation server provided on the Internet, and receives an IP address of the server from the mediation server. .

  According to yet another embodiment, the step (b) comprises: (b-1) the relay apparatus connecting to the server using the assigned server IP address; -2) the server notifying the relay device of an IP address for the relay device for establishing a TCP / IP session by tunneling; and (b-3) between the server and the relay device. And establishing a TCP / IP session by tunneling. In this case, the step (b-1) includes a step in which the server performs connection authentication of the relay device, and the step (b-2) includes an IP address of the relay device according to a result of the connection authentication. It is preferable to include a step of generating

  Further, according to a second main aspect of the present invention, a control unit for receiving a packet including a predetermined command and controlling the network home appliance based on the command, the control unit comprising: A server address storage unit for storing a global address of a server placed in the server; a tunneling establishment unit for establishing a tunneling connection between the network-compatible home appliance and the server based on the server address; And a packet processing device for encapsulating / decapsulating packets communicated with the server and routing the packets to the control unit or the server. Here, the network-compatible home appliance accesses the mediation server based on the mediation server address, which stores an address of a tunneling mediation server placed on the Internet, and the mediation server receives the server from the mediation server. And a server address obtaining unit that receives the address of the server.

  According to such a configuration, all communications relating to the network-compatible home appliance are performed via the server on the Internet regardless of the carrier or the ISP. Can be freely set and controlled by the server owner. As a result, the conventional problems of individual recognition of a network-compatible device in a private network from a server on the Internet, home routing, and security can all be solved, and an extremely open and closed network can be constructed. It becomes possible.

  According to a third main aspect of the present invention, an Internet connection comprising a client device, a relay device, and a server connected to the Internet network and connected to the client device via the relay device and the Internet. The server used in the system, wherein a tunneling establishment unit that establishes a tunneling connection with the relay device, a client device management device that manages client devices in association with the relay device or the tunneling connection, A routing device for routing a connection from the Internet to the client device to a tunneling connection to a relay device to which the client device is connected, based on management by the management device. .

  According to such a configuration, all communication relating to the network-compatible home appliance is performed through the server regardless of the carrier or the ISP. Therefore, the network home appliance or the server on the home network at home or work is connected to the server. Can be set and controlled freely. As a result, the conventional problems of individual recognition of a network-compatible device in a private network from a server on the Internet, home routing, and security can all be solved, and an extremely open and closed network can be constructed. It becomes possible.

  According to one embodiment of the present invention, the server further includes a model determining unit that determines whether the client device and / or the relay device is a predetermined model, and a server based on a determination result by the model determining unit. A command conversion unit for converting a command to be transmitted to the client device into a command of a predetermined format for controlling the client device. In this case, the client device or / and the relay device are controlled by a model determining unit that determines whether or not the relay device is a predetermined model, and an instruction to transmit the client device to the client device based on a determination result by the model determining unit. And a command conversion unit that converts the command into a command of a predetermined format. Further, the server further includes a communication session disconnecting unit that disconnects the communication session or restricts transmission and reception of the packet based on the client device or the relay device when the model determination unit determines that the client device or the relay device is not a predetermined type. It is desirable to be provided.

  According to another embodiment of the present invention, the client device includes a peripheral device that can communicate with the relay device but cannot connect to the Internet by itself.

  According to still another embodiment of the present invention, the server further includes a network for determining whether an environment of the first network to which the client device or / and the relay device is connected is of a predetermined type. A type determining unit is provided. In this case, further, when it is determined that the private network environment to which the client device or the relay device is connected is not a predetermined type, the communication device further includes a communication session disconnecting unit that disconnects the communication session or restricts transmission and reception of packets based on the determined type. Is preferred.

  According to yet another embodiment of the present invention, the server further obtains at least one or more of an operation state, a use state, and location information of the client device or / and the relay device. It has an information acquisition unit.

  According to such a configuration, all communications relating to client devices such as network home appliances are performed via the server on the Internet regardless of the carrier or ISP. And the server can be freely set and controlled by the server owner. As a result, it is possible to solve all the problems of the individual recognition of the client device in the private network from the server on the Internet, the home routing and the security, which are the conventional problems, and realize the construction of an extremely open and closed network. Becomes possible.

  Still other features and remarkable effects of the present invention will be understood by those skilled in the art by referring to the embodiments and drawings described in the following best mode for carrying out the invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  FIG. 1 shows an example of a network configuration according to this embodiment.

  In FIG. 1, reference numeral 1 denotes a home network to which various types of client network home appliances 2 (hereinafter, referred to as "network home appliances") which communicate with each other using IPv4 (first communication protocol) are connected. The home network 1 is constituted by, for example, a LAN installed in each home. The relay device 3 of the present invention is installed in each network home appliance 2.

  The home network 1 is connected to the Internet 4 via a communication carrier / ISP. In the Internet network 4, communication is performed using IPv4 (second communication protocol).

  The Internet network 4 is connected to an InterServer 6 (“server” of the present invention) that controls communication of the network home appliances 2 on the home network 1. The InterServer 6 establishes a connection between the network home appliance 2 and all network home appliances 2a, personal computers 2b, and servers 2c on the Internet network 4 or another home / global network 1a, as described in detail later. It has a function to mediate.

  Here, the relay device 3 and the InterServer 6 are intended to be manufactured by the same manufacturer or under a unified standard, and are designed to be linked in advance. As will be described later, a private address of the InterServer 6 in IPv4 is assigned to the relay device 3 so that a TCP / IP session by tunneling connection is established to the InterServer 6 irrespective of an ISP or a carrier so that communication can be performed. It has become. Also, the network home appliances 2 connected to the home network 1 are intended to be manufactured by the same manufacturer as the relay device 3 or the like or under a unified standard. The IP address 3 is uniquely generated based on the model of the network home appliance 2 and other information.

  Note that the network home appliance 2 may be a home appliance such as a video or a television that cannot connect to the Internet by itself. In this case, the relay device 3 and the network home appliance 2 are connected via a predetermined communication interface (IEEE 1394), and a virtual IP address may be assigned to the ID (unique ID) of each home appliance 2.

  FIG. 2 is a schematic configuration diagram illustrating the network home appliance 2 and the relay device 3.

  The relay device 3 includes a server address storage unit 10 for storing the IPv4 global address of the InterServer 6, a relay device address storage unit 9 for storing an IPv4 private address assigned to the relay device 3, and an InterServer 6 A tunneling session establishing unit 11 for establishing a tunneling connection with the InterServer 6 based on the address, and a packet in IPv4 encapsulated / decapsulated in IPv4 and between the I / F / control unit 20 on the network home appliance side with the InterServer 6. A capsulation processor 12 for performing tunneling transmission / reception, and a router for routing the decapsulated packet from the InterServer 6 to the network home appliance 2. Having a Ingu processing unit 13, and a packet transmission unit 14 for transmitting and receiving packets. In addition, the relay device 3 is provided with an address generation unit 15 for generating an address of the network home electric appliance 2 and the like.

  According to such a configuration, a packet from the network home appliance 2 or a packet to the network home appliance 2 can be transmitted and received through a tunnel based on IPv4 established between the InterServer 6 and the relay device 3.

  FIG. 3 is a schematic configuration diagram showing the InterServer 6.

  The InterServer 6 includes an IPv4 private address 16a (information for specifying a tunneling session) of the relay device 3 and an IPv6 global address 16b of the client device in association with each other. A tunneling session establishing unit 17 for establishing a tunneling connection with the relay device 3 based on the address, and encapsulating / decapsulating IPv4 packets with IPv4 to enable communication with the network home appliance 2. And a routing unit 19 that routes communication between the network home appliance 2 and another terminal / server. Further, the InterServer 6 determines a type of the network home appliance 2 based on the IPv4 address of the network home appliance 2 or the relay device 3 and a model determining unit 21 that issues a command to the network home appliance 2 based on the determination result. A command setting unit 22 that converts the command into a command and sets it, a filter unit 23 that filters IPv4 packets transmitted through the tunnel according to a predetermined rule, and a communication session disconnecting unit 24 that disconnects a communication session in a predetermined case. The transmission / reception of the packet is performed by the transmission / reception processing unit 25.

  The InterServer 6 is connected to the user management server 30. As will be described in detail later, the user management server 30 manages information of users of each relay device 3 and each of the network home appliances 2, and stores user information such as ID, password, and billing information of each user. , A user information management DB 31 for storing model information, a network, and the like.

  The information in the user management DB 31 is used when the tunneling session establishment unit 17 establishes a tunneling session. That is, as shown in FIG. 3A, the tunneling session establishment unit 17 further includes a user authentication unit 28 that authenticates each user based on the user information, and an IPv4 private network for establishing a tunneling session to the relay device 3. A relay device IP address allocating unit 29 for allocating an address is provided. Here, as the IP address assigned to each relay device, any address system can be used as long as it is IPv4. ×××. ×××. A private address such as xxxx can be assigned. It is generated according to a predetermined rule according to the information of the user, model, and network. Note that the address generation method of the relay device 3 is not limited to this.

  Further, the InterServer 6 has a Web server 32 published on the Internet 4 (IPv4 network), and enables various settings to be performed in response to requests from the user of the relay device 3 or the network home appliance 2. . For example, at least a part of the filter rules by the filter unit 23 can be appropriately changed by the user through the Web server 32. The access to the Web server 32 may be via the relay device 3 and the InterServer 6, or via the Internet 4 which does not go through these.

  As shown in FIG. 4, the filter unit 23 includes a filter rule storage unit 33 and a filter rule setting unit 34. The filter rule storage unit 33 and the filter rule setting unit 34 are connected to the Web server 32 published on the Internet, and the Web server 32 has an InterServer interactive interface generation unit 35 as shown in FIG. Installed. The user connected to the Web server 32 can input / change a filter rule by displaying the interface generated by the interface generating unit 35 on his / her own terminal. As the filter rules that can be set here, for example, those relating to security can be considered.

  The security filter rules can be roughly divided into (1) a server that does not permit any access to the home network from outside, and (2) a server (Web) that permits access to the home network from outside in advance. (3) not permitting access to the home network side from outside except for the site or the network. Further, as a filtering method in this case, a method that does not permit access at all may be used, but only a specific port may be passed.

  Here, if the access from the home network 1 to the outside can be restricted so as not to access the server set in advance, it is possible to prevent children from accessing harmful contents, or to prevent the user from illegally accessing the contents in general (trapping It is possible to prevent access to sites that seem to be working.

  The setting of the filter rule can be performed after the authentication of the ID and the password by the user authentication unit 36 provided in the Web server 32 and connectable to the user management server 30.

  The filter rule setting unit 34 sets the filter rule based on the user's input as described above. In addition, the filter rule setting unit 34 stores the member information (charging) stored in the user management server 30 regardless of the setting from the user. Information and information on the terminal model) to automatically generate a filter rule. For example, it is possible to set as a gateway such that connection is not permitted or connection to only a specific server is possible, depending on the attribute of the member or the status of payment of the membership fee.

  The filter rules as the gateway can be used to control the vendors that provide the pay business through the InterServer 6. For example, as shown in FIG. 3, a proxy server 38 is provided in the InterServer 6 to manage the access destination of the user in the DB 39 so that the user can connect only to the access destination set in the filter rule setting unit 34. May be. In this case, in addition to the user ID and the password, what service (server) the user has contracted under what conditions is managed by the user management DB 31, and the transaction is controlled according to the conditions. It is preferable to implement the function. Further, with respect to a specific vendor, a setting may be made such that only a sample is shown to a user who has not completed the registration procedure, and the main body is not shown.

  FIG. 5 is a flowchart showing the processing in the filter unit 23. First, when a tunneling session is started, a filter rule is set based on the member information received from the user management server 30 (step S1). Next, information on the connection request destination of the user (for example, an address of a Web site) is received from the proxy server 38 (step S2). Next, the information of the connection destination is applied to the filter rule to determine whether or not the connection is possible (step S3). If the connection cannot be permitted, the communication session disconnecting unit 24 disconnects the communication session (step S4). If the connection can be permitted, it is determined whether the session is still valid (step S5). If the session is valid, the processes of steps SS2 to S5 are repeated. If it is not valid, the process ends.

  Alternatively, the proxy server 38 may measure the amount of data communication, and may not allow access from a person who has not paid a fee. In this case, only the user ID is given to the vendor, and the user's password and IP address are not guided. As a result, the user only needs to manage a pair of IDs and passwords for InterServer 6. In addition, since the IP address may be changed for the convenience of the user or for other reasons, it is appropriate to have the ID confirmed each time using the ID as a key in terms of system consistency. It is appropriate because the danger of doing so can be eliminated.

  The execution of the filter rule and the execution of the communication session disconnection or connection based on the filter rule are performed by the communication session disconnecting unit 24. Note that a filtering method using the set filter rules, a gateway method, and other methods are known, and thus description thereof is omitted.

  The InterServer 6 has a network home appliance search unit 26 (FIG. 3) that provides a function for a person who does not know the address of the network home appliance 2 to search for the network home appliance 2. The search unit 26 searches for and specifies a desired network home appliance 2 based on information specified by the user, for example, the operating status of the network home appliance 2 and the operating status of the network.

  For this reason, as shown in FIG. 6, the search unit 26 receives a status information receiving unit 40 for receiving status information such as an operation state of the network home appliance 2 and a network status, and transmits the information to the IP address and relay of the network home appliance. It has a state information storage unit 41 for storing information in association with the IP address of the device 3 and a network home appliance control unit 42.

  The status information receiving unit 40 receives the status of each network home appliance 2 for each tunneling domain (home network or relay device 3) accommodating the network home appliances 2. The information receiving unit 40 may receive the status by inquiring the status at a predetermined cycle for each domain, or may obtain the status by inquiring when there is a reference request for each domain. It may be. In the former method, for example, an inquiry about ON / OFF of the power of each terminal 2 is made every minute for each relay device registered in the relay device address storage unit 16a.

  The status information storage unit 41 stores the status information of each of the network home appliances 2 in association with the network home appliances 2 and the relay device 3. Here, the acquired state information is roughly divided into an operation state, a use state, position information, information indicating characteristics, information indicating information held by a node (relay device 3 or network home appliance 2), and other nodes. At least one or more pieces of information effective for

  The operation information is at least one or more of a power supply state, a network connection state, and a communication state. The usage state is at least one or more of information about the user, information about the operation time, and information about the load. The position information is at least a geographical position and coordinate information, a postal code, a room number, and the like. The information indicating the characteristic is one or more of information such as the type, function, shape, color, device information, software information, function, and administrator of the node.

  The models determined by the model determining unit 21 are also stored individually as state information. The status information receiving unit 40 can specify information obtained from the network home appliance 2 based on the model information, and can obtain necessary information in a format suitable for them.

  The search unit 26 further includes a connection request authentication unit 27 that connects to the user management server 30 to authenticate a person who makes the search or connection request, and permits search and connection requests. For example, the search and connection of a user's home network (relay device 3) other than a specific user who is permitted to connect with respect to that network are not permitted. If the authentication unit 27 determines that the answer is affirmative, the search unit 26 accesses the state information storage unit 41 and the address storage unit 16 to search for the address of the desired terminal 2 (the relay device 3 is Identify.

  For example, when the user uses a personal computer to search for the relay device 3 of his or her home network from outside using a personal computer, all the network home appliances 2 connected to the relay device 3 are listed together with the state. It may be displayed. FIG. 7 shows an example of a search screen, and FIG. 8 shows an example of a list display relating to the relay device 3 / home network 1 specified as a result of the search. In the example of the search interface illustrated in FIG. 7, an input field 43 for searching for the relay device 3 and an input field 44 for searching for the network home appliance 2 are provided. Have been.

  In the example of the search result list display of FIG. 8, all terminals 2 connected to the relay device 3 are displayed in a list together with information on the owner, state, type, and model name. Then, by pressing an operation screen display button indicated by 45 in the figure, the network home appliance control unit 42 is activated, and an operation screen (not shown) corresponding to the type and model of the terminal 2 is displayed.

  FIG. 9 is a conceptual diagram of the control by the control unit 42.

  First, in a state where the relay device 3 is connected to the InterServer 6 through the tunneling session, the network home appliance 2 notifies its operation state by a request from the state information acquisition unit 40 (step S11). At this time, the above-mentioned operation state may not be obtained unless the user logs in to the control unit 42 from the network home appliance 2 side. The acquisition of the operating state is performed at a constant cycle, and is stored and updated in the state information storage unit 41 (step S12).

  Next, the user of the network home appliance 2 logs in from the outside using an ID and a password from the outside, identifies a terminal to be controlled from the list as described above, and activates the control unit 42 (step S13). The control unit 42 processes all commands on the server side, gives appropriate commands to the terminal device, and controls them.

  Further, by selecting a terminal name from the list, the terminal may be routed and connected to the selected network home appliance 2. Further, a search may be performed by inputting a specific state as a search condition, and when the terminal is found, the terminal may be directly connected to the terminal. Note that even when a search for the terminal is performed from the outside through a Web server without using the tunneling connection via the InterServer 6, the connection to the terminal is established after the tunneling connection is established.

  Here, the “tunneling” is a technology for connecting IPv4 and IPv6 networks (routers) via an IPv4 network. In particular, here, devices belonging to different networks are connected by VPN (virtual private).・ Tunneling to terminate at (network). In this embodiment, IPv4 packets communicated between the devices are exchanged by encapsulating them with IPv4.

  In addition, each of the components 10 to 42 of the relay device 3 and the InterServer 6 is a fixed area secured on a hard disk provided in a computer system, a computer software program installed therein, and these hard disks. It comprises a peripheral device such as a CPU, a RAM, and other input / output devices for controlling and reading and executing the program.

  In addition, the relay device 3 is preferably configured by one computer system including each network home appliance 2, but the InterServer 6 is configured by a plurality of computer systems connected to each other to distribute a load. Is preferred. For example, it is preferable that the terminal search unit 26 that manages the status of the relay device 3, the network home appliance 2, and the home network is configured by a server having a dedicated transmission / reception interface and a control unit. This is because a session for managing ON / OFF and other states of each device is expected to be enormous, and it is necessary to distribute the load. In addition, when one InterServer 6 is compatible with a plurality of relay devices and network home appliances of different manufacturers, a plurality of encapsulation processing units 18, a command setting unit 22, a filter unit 23, and the like may be provided.

  Next, the operations of the relay device 3 and the InterServer 6 will be described in detail with reference to communication examples shown in FIG.

  FIG. 10 shows a case where the network home appliance 2 of the home network to which the relay device 3 is connected and another terminal not provided with the relay device 3 communicate via the InterServer 6.

  In this figure, based on the address of the InterServer 6, the IP address assigned to the relay device 3, and the address of the network home appliance 2, the tunneling session establishing units 17 and 11 communicate with the relay device 3 in the tunneling connection. Indicates that the session has been established.

  When the tunneling communication session is established, the packet to the network home appliance 2 is encapsulated by the encapsulation processing unit 18 as an IPv4 packet for the relay device 3 and transmitted. In the relay device 3, the encapsulation processing unit 12 decapsulates the packet, and the routing processing unit 13 performs a routing process to the network home appliance 2 based on the address of the network home appliance 2 included in the packet. In this way, for example, connection to the network home appliance 2 on the home network in the home can be performed by activation from the external IPv6 server 7 side.

  For example, assuming that the network home appliance 2 is a home surveillance camera, the user can connect his / her PDA or the like to a nearby IPv6 network and connect the camera via the InterServer 6 and the relay device 3 even when going out. It can be started and controlled.

  Further, in this example, a network home appliance model determining unit 21, a command setting unit 22, and a filter unit 23 provided in the InterServer 6 according to the model of the network home appliance 2 function.

  The model determining unit 21 is configured to determine the model and the network environment of the network home appliance 2 based on, for example, the address of the relay device 3 or the network home appliance 2 (the address itself or information associated with the address). ing. In this embodiment, it is assumed that the network home appliance 2, the relay device 3, and the InterServer 6 are manufactured by the same manufacturer or based on a unified standard, and in this case, the network home appliance 2 or the By setting a certain rule for the IP address assigned (or generated) to the relay device 3, the type of this model and the network environment can be easily determined only by knowing this address.

  When a special command is required for controlling the network home appliance 2, the model-specific command setting unit 22 converts a command included in the communication from the IPv6 server 7 into a command for the model and sets the command. For example, a predetermined command may be generated from a message described in the HTML language. Further, a command from one server 7 may be converted into a command for a plurality of network home appliances 2.

  Further, the filter unit 23 has a function of filtering packets passing through the InterServer 6 based on a predetermined rule. This filtering rule may be set, for example, for each connection destination relay device 3 or network home appliance 2, or may be set for each network. The communication session disconnecting unit disconnects the communication session when the model determining unit 21 determines that the communication environment is not a predetermined model or network environment, or when the filter unit 23 determines that the communication environment is not appropriate. Have been. Further, even when the connection destination network home electric appliance cannot be connected because the power supply is turned off or the like, if the other network device can be replaced by another IPv6 device connected to the same relay device, the other network device can be replaced based on the model and type information. You may make it route to household appliances.

  FIG. 11 shows an example in which IPv6 home networks each having the relay devices 3 and 3 ′ are connected to each other via the InterServer 6. A network home appliance A and a network home appliance B are connected to each home network, respectively, and a case where communication is performed between the two network home appliances A and B will be described as an example.

  Also in this case, the InterServer 6 stores the addresses of the network home appliances A and B or other information in association with the IPv4 addresses of the respective relay devices 3.

  Then, when a connection from one network home appliance A to the other network home appliance B is requested, first, a communication session within a tunnel connection is established between the relay device 3 on the network home appliance A side and the InterServer 6. Then, the relay device 3 'is specified based on the address of the network home appliance B included in the packet, whereby a tunneling communication session is established between the InterServer 6 and the relay device 3'. Then, the relay device 3 'performs routing in the network based on the IPv6 address of the network home appliance B included in the packet.

  As a result, the two network home appliances 2 can communicate with each other via the InterServer 6.

  When communication is to be performed between the two network home appliances 2, the address of the network home appliance to be connected may not be known. In this case, the connection source user accesses the InterServer 6 and activates the network home appliance search unit 26. At this time, for security, the connection request authentication unit 27 authenticates the user, determines whether the request is a valid connection request, and then permits search for network home appliances and users to be connected. When a desired network home appliance can be specified, a tunnel communication session is established based on the IPv6 address of the network home appliance.

  According to the above configuration, all communications regarding the network home appliance 2 are performed via the InterServer 6, regardless of the carrier or ISP. The owner of the InterServer 6 can freely set and control. As a result, the conventional problems of the individual recognition of the network home appliances 2 in the private network from the server on the Internet, the home routing, and the security can all be solved, and an extremely open and closed network can be constructed. It becomes possible.

  In addition, it is assumed that the owner of the InterServer 6 is a manufacturer that is a manufacturer of the network home appliance 2. Therefore, this manufacturer can create added value using the Internet by preparing its own lineup of IPv6 devices corresponding to this InterServer6.

  Next, sign-up of the network home appliance 2 will be described with reference to FIG.

  That is, in the above description, the IP address of the network home appliance 2 is received from the relay device 3 side, but actually, various methods other than this method are conceivable. In addition, the manufacturer or the owner of the InterServer 6 may want to know the information of the owner (user) of the network home appliance 2. Further, as for the method of generating the address of the network home appliance 2, there may be a case where a fixed IPv6 address is previously written to each network home appliance in a RAM or the like at the stage of factory shipment as described above. It may be determined depending on the IPv6 prefix.

  Therefore, in this embodiment, for example, as shown in FIG. 12, the user of the network home appliance 2 or the relay device 3 first connects to the user management server 30 and performs user registration. This user registration may be performed through the relay device 3 using the network home appliance 2 or may be performed using an existing IPv4 communication-compatible device such as a personal computer. Here, a case where the processing is performed through the network home appliance 2 and the relay device 3 will be described. In the following, an example will be described in which the network home appliance 2 is a terminal that cannot connect to the network by itself, and the address of the network home appliance 2 is generated by the relay device 3 as a MAC address of each network home appliance 2 and a virtual address used. I do.

  In this case, first, when the user connects the network home appliance to the relay device 3, the relay device 3 connects to the user management server 30 via the ISP / carrier. As a result, information necessary for tunneling connection from the relay device 3 to the InterServer 6 is notified to the user management server 30. Further, the user manages information for specifying the user, the relay device 3 or the network home appliance 2, information on the type of the network home appliance 2, information on the network 1, and other information necessary for billing through the relay device 3. Notify the server 30. In this example, an ID and a password are issued for the relay device 3 or each user, and information on the relay device 3 and the user is registered in the database 31 in association with the ID and the password. Note that the information required for registration is not limited to this, and other information may be required. Conversely, when passwords and billing information are not required, it is not necessary to register such information. Absent.

  The user management server 30 as described above may be connected to the InterServer 6, or may be provided independently of the Internet.

  On the other hand, FIG. 13 shows an embodiment regarding a specific method of establishing a tunneling connection and a communication session therein. The reference numerals of S21 to S26 shown in the figure correspond to the following steps S21 to S27.

  First, in the embodiment described above, the relay device 3 stores the IPv4 address of the InterServer 6, but this may be a method in which the manufacturer records the IPv4 address in the RAM before shipment from the factory, or the actual tunneling. A method of receiving and setting from another server or the like at the time of connection may be used. When the InterServer 6 is single, the former may be used, but when there are a plurality of InterServers 6, the latter method is considered to be more efficient.

  The example in this figure is the latter case, and a tunnel broker 52 is provided for that purpose. In preparation for this case, the IPv4 global address of the tunnel broker 52 is set in advance in the tunnel broker address storage unit of the relay device 3. It is also assumed that the ID and password (if necessary) set above are already set in the relay device 3.

  In this case, the relay device 3 first connects to the tunnel broker 52 (step S21). The tunnel broker 52 selects the InterServer 6 to establish a tunnel connection from the address database 53 (step S22), and notifies the relay device 3 of the IPv4 address of the InterServer 6 (step S23). Thus, the relay device 3 can identify the InterServer 6, and can establish a tunneling session (steps S24 and S25). That is, in the tunneling server, authentication for establishing a tunneling connection and assignment of an IP address based thereon are performed, and a TCP / IP connection by tunneling is established.

  Next, the InterServer 6 announces the routing to the relay device 3 or / and the network home appliance 2 to which the tunneling connection has been established to the other InterServers 6 (step S26). As a result, all the routing to the relay device 3 and / or the network home appliance 2 is performed through the InterServer 6.

  According to such a configuration, even when there are a plurality of InterServers 6, a tunneling connection can be reliably established with one of them.

  The embodiment described above is merely one embodiment of the present invention, and it goes without saying that various embodiments can be adopted without changing the gist of the invention.

  For example, in the above-described embodiment, the tunneling connection can be established from both the relay device 3 side and the InterServer 6 side. However, it is general that only the activation from the relay device 3 is performed in an actual commercial service. it is conceivable that. This is because IPv4 fixed IP service itself is rare. That is, in this case, once the tunneling (actually, the IPv4 connection itself) is established, the setting remains as it is, and once the IPv4 session is disconnected, it is determined that the IPv4 of the relay device 3 is the same next. This is because routing is not possible if the IPv4 session itself is actually disconnected.

  In the above-described embodiment, the first protocol is described as an example of IPv4, and the second protocol is described as an example of IPv4. However, the present invention is not limited to this. The first protocol may be IPv6. Further, both the first and second protocols may be IPv6. Further, both may be protocols other than the above.

  In the embodiment, the relay device 3 is provided integrally with each network home appliance. However, the relay device 3 may be provided separately and a single relay device 3 may be shared by a plurality of network home appliances. . The network home appliance and the relay device may be connected via a LAN.

FIG. 1 is a diagram showing an example of a network configuration according to an embodiment of the present invention. The schematic block diagram which shows the example of a relay apparatus similarly. FIG. 3A is a schematic configuration diagram showing an example of the InterServer. FIG. 3B is a diagram illustrating an example of a tunneling session establishment unit. The figure which shows the schematic structure of a filter part. 9 is a flowchart illustrating processing in a filter unit. The figure which shows the schematic structure of a network household appliance search part. The figure which shows the example of a search screen. The figure which shows the example of a search result list display regarding a relay apparatus. The figure which shows the concept of the control by a network household appliance control part. FIG. 3 is a functional diagram showing a communication example according to the embodiment. FIG. 9 is a functional diagram showing another communication example according to the embodiment. The figure which shows the example of a setup of a relay apparatus or a network household appliance. The figure which shows the example of the tunneling connection between a relay apparatus and InterServer.

Explanation of reference numerals

1. IPv6 home network 2. Network home appliances (client devices)
3. Relay device (relay device)
4: Internet network 6: InterServer (server)
7 ... IPv6 server 10 ... Server address storage unit 11 ... Tunneling session establishment unit 12 ... Capsuling processing unit 13 ... Routing processing unit 14 ... Packet transmission / reception unit 15 ... Prefix storage unit 16a ... Relay device global address storage unit 16b ... Client device global address Storage unit 16 Address storage unit 17 Tunneling session establishment unit 18 Capsulation processing unit 19 Routing unit 21 Network home appliance model discrimination unit 22 Command setting unit 23 Filter unit 24 Communication session disconnection unit 25 Transmission / reception processing unit 26 ... Network home appliance search unit 27 ... Connection request authentication unit 30 ... User management server 31 ... User information management DB
Reference numeral 32: Web server 33: Filter rule storage unit 34: Filter rule setting unit 35: Dialog interface generation unit 36: User authentication unit 38: Proxy server 39: DB
40 state information receiving unit 40 information receiving unit 40 state information acquiring unit 41 state information accumulating unit 42 network home electric appliance control unit 52 tunnel tunnel broker 53 address database

Claims (15)

A connection method between a client device and a server, the method being executed in an Internet connection system including a client device, a relay device, and a server connected to the Internet network and the client device connected to the relay device and the Internet. And
(A) notifying the relay device of the IP address of the server;
(B) the relay device establishing a TCP / IP session through a tunneling connection between the relay device and the server using the IP address assigned above;
(C) routing the communication from the server through the TCP / IP session to a client device. The method of claim 1, wherein
The method according to claim 1, wherein the relay device is installed in each client device. The method of claim 1, wherein
In the method (a), the relay device connects to a tunnel mediation server provided on the Internet, and receives the IP address of the server from the mediation server. The method of claim 1, wherein
The step (b) comprises:
(B-1) a step in which the relay device connects to the server using the assigned IP address of the server;
(B-2) a step in which the server notifies the relay device of an IP address for the relay device for establishing a TCP / IP session by tunneling;
(B-3) establishing a TCP / IP session by tunneling between the server and the relay device. The method of claim 4, wherein
The step (b-1) includes a step in which the server performs connection authentication of the relay device,
The method (b-2), further comprising: generating an IP address of the relay device according to a result of the connection authentication. Network-compatible home appliances,
A control unit for receiving a packet including a predetermined command, and controlling the network home appliance based on the command;
A server address storage unit for storing a global address of a server placed on the Internet,
A tunneling establishment unit for establishing a tunneling connection between the network-compatible home appliance and the server based on the server address;
A packet processing device that encapsulates / decapsulates a packet communicated with the server via the tunneling connection and routes the packet to the control unit or the server;
Network-compatible home appliances characterized by having: The network-compatible home appliance according to claim 6,
further,
An intermediary server address storage unit that stores an address of a tunneling intermediary server placed on the Internet;
A server address acquisition unit that accesses the mediation server based on the mediation server address and receives an address of the server from the mediation server. The server used in an Internet connection system having a client device, a relay device, and a server connected to the Internet network and connected to the client device via the relay device and the Internet,
A tunneling establishment unit that establishes a tunneling connection with the relay device;
A client device management device that manages the client device in association with the relay device or the tunneling connection,
A routing device that routes a connection from the Internet to the client device to a tunneling connection to a relay device to which the client device is connected, based on management by the management device. The server according to claim 8,
further,
A model determining unit that determines whether the client device or / and the relay device are a predetermined model;
A command conversion unit configured to convert a command to be transmitted to the client device based on a determination result by the model determination unit into a command of a predetermined format for controlling the client device. The method of claim 9,
A model determining unit that determines whether the client device or / and the relay device are a predetermined model;
A command conversion unit configured to convert a command to be transmitted to the client device based on a determination result by the model determination unit into a command of a predetermined format for controlling the client device. The server according to claim 9,
Further, when the model discriminating unit determines that the client device or the relay device is not of a predetermined type, a communication session disconnecting unit for disconnecting the communication session or restricting transmission / reception of packets based on the determined result is provided. Features server. The server according to claim 8,
The server, wherein the client device includes a peripheral device that can communicate with the relay device but cannot connect to the Internet by itself. The server according to claim 8,
The server further includes a network type determination unit that determines whether the environment of the first network to which the client device and / or the relay device is connected is a predetermined type. The server according to claim 13,
Further, when a private network environment to which the client device or the relay device is connected is determined not to be of a predetermined type, a communication session disconnecting unit for disconnecting the communication session or restricting transmission / reception of packets based on the determined type is provided. Server. The server according to claim 8,
The server further includes a status information acquisition unit that acquires at least one or a plurality of pieces of information such as an operation state, a use state, and location information of the client device or / and the relay device.

Images