CN101075994A - Household gateway device - Google Patents

Abstract

In household gateway device for controlling the indoor machine connected with household network using outdoor location, the load to the server is reduced and the safety is increased and the communication is realized to be applicable for more models of outdoor location. The said device comprises storing part for keeping the information related to the preset device; visit control part for controlling the visit between the said outdoor location. The said visit control part sends the information which is related to the preset device and obtained from the storing part to the said exterior gateway device. In the said exterior gateway devic, when the information related to the outdoor location from the outdoor location is judged whether it conforms to the information related to the preset device, the control part performs the control of the communication of the said outdoor location not via exterior gateway device.

Description

Home gateway device

Technical field

The present invention relates to home gateway device and network access control system.

Background technology

To household electrical appliance such as TV, DVD/HDD video tape recorder, air conditioner, lighting devices, and/or residential equipment machines such as electric door lock and various transducers etc. (below, these are called " indoor machine ") home gateway device that connected is known by outdoor locations such as for example portable phones from external reference control room inner machine.

As the prior art that is used to prevent to the undelegated visit of above-mentioned home network, for example known have a technology described in the patent documentation 1.It discloses the access services apparatus that is connected with outdoor location via the internet and has carried out the authentication of outdoor location, the home gateway device that is disposed at the inlet of home network is only communicated by letter with above-mentioned access services apparatus, prevents the undelegated visit from outdoor location thus.

In addition, in patent documentation 2, special consideration load of server is disclosed, not via special server (gateway: Gatekeeper) carry out the IP phone device that equity (peer to peer) is communicated by letter.

[patent documentation 1] Japan Patent spy opens the 2002-77274 communique

[patent documentation 2] Japan Patent spy opens the 2003-158553 communique

Summary of the invention

But, in patent documentation 1 disclosed technology, to carry out under the situation of data communication at the outdoor location and the indoor machine of authorizing, above-mentioned data must be via above-mentioned access services apparatus.Therefore, under the situation that communication data is concentrated and carry out under the situation that large-capacity data communicates by letter the burden increase of access services apparatus.Thus, in this case, with the communication speed reduction of home network, the perhaps possibility that exists communication to be blocked.

On the other hand, in patent documentation 2 described technology, though,, undelegated visit is not considered so alleviated for the high burden of server etc. because do not need special server (gateway).In order to prevent undelegated visit, be necessary to be undertaken the authentication of outdoor location by each indoor machine.In the case, if increase the outdoor location of communicating by letter, then produce the trouble that to upgrade the authentication function of each indoor machine one by one with indoor machine.

In addition, same, in patent documentation 2 described technology, when being not disclosed in the outdoor location visit from the different various types of the specification of display frame, display frame is altered to each type that is suitable for this outdoor location.Therefore, because of the type difference of outdoor location, the display frame of the outdoor location when existing peer-to-peer communications is not best possibility.

The present invention makes in view of above-mentioned problem, and its purpose is to provide a kind of and alleviates load of server, safe and can adapt to the access technique to home network of the type of more outdoor location.

To achieve these goals, the invention provides following technology.That is to say that home gateway device of the present invention is via network and outdoor location and the home gateway device that the exterior gateway device is connected, and has: the storage part of information that keeps relating to the device of regulation; And the access control portion of the visit between control and the above-mentioned outdoor location, the information of the device that relates to afore mentioned rules that above-mentioned access control portion will obtain from above-mentioned storage part sends to the said external gateway apparatus, judge that at the said external gateway apparatus information conforms that relates to above-mentioned outdoor location obtain from above-mentioned outdoor location relates under the situation of information of device of afore mentioned rules, above-mentioned access control portion does not carry out and above-mentioned outdoor location control of communication via the said external gateway apparatus.

According to above-mentioned formation, for example, via server unit carried out about behind the authentication success from the visit of outdoor location, outdoor location can carry out peer-to-peer communications with home gateway device.Thus, can alleviate, and can guarantee high fail safe load of server.

To achieve these goals, the present invention also provides following technology.That is to say, according to home gateway device of the present invention, be via network and outdoor location, exterior gateway device and the home gateway device that the connection management device is connected, and has: the storage part of information that keeps relating to the device of regulation; And the access control portion of the visit between control and the above-mentioned outdoor location; Become life portion with the picture display message, the information of the device that relates to afore mentioned rules that above-mentioned access control portion will obtain from above-mentioned storage part sends to the said external gateway apparatus, judge that at the said external gateway apparatus information conforms that relates to above-mentioned outdoor location obtain from above-mentioned outdoor location relates under the situation of information of device of afore mentioned rules, above-mentioned access control portion do not carry out via the said external gateway apparatus and above-mentioned outdoor location between control of communication.Aforementioned image information generating unit, under the situation of the information conforms that relates to above-mentioned outdoor location about the information of the device of afore mentioned rules, the information that relates to above-mentioned outdoor location that use obtains from above-mentioned outdoor location generates the picture display message corresponding to above-mentioned outdoor location.

According to above-mentioned formation, for example, can provide the various types that are suitable for the different outdoor location of display image quality and performance, can build the environment for use good to the user.

According to the present invention, both alleviated load of server, guaranteeing high fail safe again and communicating with home network becomes possibility.

According to the present invention, can provide the various types that are suitable for the different outdoor location of display image quality and performance in addition, build the environment for use good the user.

Description of drawings

Fig. 1 is the summary pie graph of the indoor and outdoor communication system of an embodiment of the invention.

Fig. 2 is the hardware structure diagram of the information processor of an embodiment of the invention.

Fig. 3 is the data structure diagram of the connection machine authentication information database of an embodiment of the invention.

Fig. 4 is the user authentication information data of database structure chart of an embodiment of the invention.

Fig. 5 is the data structure diagram of the connection management information database of an embodiment of the invention.

Fig. 6 is the data structure diagram of the home-network linkups machine handing information database of an embodiment of the invention.

Fig. 7 is the flow chart of the device information login process of an embodiment of the invention.

Fig. 8 is the flow chart of the device information login process of an embodiment of the invention.

Fig. 9 is the flow chart that the connection of an embodiment of the invention begins to handle.

Figure 10 is the flow chart of the machine control and treatment of an embodiment of the invention.

Figure 11 is the picture pie graph of the portable phone of an embodiment of the invention.

Figure 12 is the picture pie graph of the portable phone of an embodiment of the invention.

Figure 13 is the flow chart of the connection end process of an embodiment of the invention.

Figure 14 is the corresponding model information data of database structure chart of an embodiment of the invention.

Figure 15 a is the flow chart that the connection of an embodiment of the invention begins to handle.

Figure 15 b is the flow chart that the connection of an embodiment of the invention begins to handle.

Figure 16 is the flow chart of the machine control and treatment of an embodiment of the invention.

Figure 17 is the flow chart of the connection end process of an embodiment of the invention.

Figure 18 is the data structure diagram of the connection machine authentication information database of an embodiment of the invention.

1 ... portable phone, 2 ... portable phone special use (Career) net gateway apparatus, 3 ... the portable phone gateway apparatus, 4 ... the access management server device, 5 ... route device, 6 ... home gateway device, 7 ... indoor set, 8 ... communication media, 9 ... communication media, 10 ... communication media, 11 ... communication control unit, 12 ... browser portion, 31 ... communication control unit, 32 ... Access Management Access portion, 33 ... picture display message generating unit, 34 ... authentification of user portion, 35 ... authentication information database, 41 ... communication control unit, 42 ... connect authentication department, 43 ... connection management portion, 44 ... the device information database, 61 ... communication control unit, 62 ... access control portion, 63 ... picture display message generating unit, 64 ... the machine handing control part, 65 ... authentication information database, 66 ... the device information database, 67 ... corresponding model information database, 71 ... communication control unit, 72 ... control part, 80 ... indoor heating system, 101 ... CPU, 102 ... primary storage portion, 103 ... communication control unit, 104 ... auxiliary storage portion, 105 ... input part, 106 ... efferent, 700 ... picture shows, 701 ... button shows, 702 ... picture shows, 703 ... button shows, 704 ... button shows

Embodiment

Below, with reference to an example of description of drawings embodiments of the present invention.

The formation of the indoor and outdoor communication system of present embodiment at first, is described.As shown in Figure 1, the indoor and outdoor communication system of present embodiment comprises portable phone private network gateway apparatus 2, portable phone gateway apparatus 3, access management server device 4 and the indoor heating system 80 that is connected via communication media 9.Indoor heating system 80 is arranged in each family of only institute's dwelling house of single family and collective residence.In addition in this example, portable phone private network gateway apparatus 2 is a portable phone service company (specialty: the equipment in base station Career).In addition, portable phone gateway apparatus 3 and access management server device 4 are configured in and are positioned at the data center that the outside of dwelling house and machine is built at the family.And in this example, constitute by portable phone gateway apparatus 3 in the data center and a plurality of families of access management server device 4 blanket management and build dwelling house and machine.

Indoor heating system 80 comprises route device 5, home gateway device 6 and the indoor set 7 that is connected with communication media 9.Each installs 5～7 via 8 connections of indoor communications medium.

In addition, in this indoor and outdoor communication system, comprise mancarried telephone device 1, be connected with the indoor and outdoor communication system via portable phone private network 10.Though in this example, as the outdoor location of visit indoor heating system 80, be that example describes with the portable phone, also can use portable phone device in addition.For example, also can use portable information terminal (PDA) or mobile PC (Personal Computer: personal computer), also can use Portable Communications Units such as game machine as outdoor location with communication function.

Each device (mancarried telephone device 1, portable phone private network gateway apparatus 2, portable phone gateway apparatus 3, access management server device 4, route device 5, home gateway device 6, indoor set 7) that is comprised in the indoor and outdoor communication system shown in Figure 1 is all realized by the information processor that the common hardware with software that can operating provisions constitutes.

Specifically, these information processors all are formation shown in Figure 2.That is to say that information processor comprises CPU (arithmetic processing section) 101, primary storage portion 102, communication control unit 103, auxiliary storage portion 104, input part 105 and efferent 106.And each one interconnects via bus 107, constitutes between each one and can transmit required information.

CPU101 carries out specified action by the program that is stored in advance in primary storage portion 102 and the auxiliary storage portion 104.Primary storage portion 102 or play a role, or be used to store the key element of required program as the working region, for example to the former by RAM, the latter is realized by ROM.Communication control unit 103 is via various communication medias, is used for and the key element that is connected the device sent-received message (data) of same communication media, can be waited and be realized by for example modulator-demodulator, network adapter, wireless transmission receiving system.Auxiliary storage portion 104 or preservation are used for the program of the action of control information processing unit, perhaps keep the required information of action of information processor, can be waited and be realized by for example semiconductor disc, hard disk (HDD), CD.Input part 105 is that device user (user) is used for the order of information processor input necessity and the key element of information.Input part 105 can be waited and be realized by employed keyboard, Genius mouse among employed remote controller in the TV receiver for example and the PC.Efferent 106 is the key elements that are used to export the information that shows the operation that responds the user.Efferent 106 can be waited by for example picture tube, CRT, LCD, PDP, projector, loud speaker, headphone and realize.

In addition, it is an example that the hardware of information processor shown in Figure 2 constitutes, and 1～7 the hardware of respectively installing of Fig. 1 constitutes and there is no need that it can't be otherwise.For example, efferent 106 also can be realized by the device different with information processor (television set etc.).In the case, possess TV signal generating apparatus such as D/A converter in addition on information processor, this device is connected by AV cable and coaxial cable etc. with efferent 106.In addition, among each key element of configuration information processing unit, the situation that does not have the key element of direct relation with the input and output of data and program is arranged, also can not comprise this key element.For example, when information processor is carried out, do not need under the situation of data input and output, can in formation, not comprise input part 105 and efferent 106 yet.

In addition, the indoor heating system 80 that is contained in the indoor and outdoor communication system shown in Figure 1 is that set system in the so general home dwelling in a family in dwelling house, the collective residence is built at the family.

In addition, the communication media 9 that is contained in the indoor and outdoor communication system shown in Figure 1 is the wire medium that is made of for example lightguide cable link, CATV, telephone line etc., perhaps the public correspondence network that is made of wireless medium, perhaps dedicated communications network.And according to the rules communication protocol is carried out the exchange of data between the device that is connected in communication media 9.

In addition, communication media 8 is the wire mediums that are made of for example telecommunication cable, power line, inside line circuit etc., perhaps the LAN (local area network (LAN)) in the indoor heating system 80 that is made of wireless medium.And according to the rules communication protocol is carried out the exchange of data between the device that is connected in communication media 8.In addition, by the route device 5 that is connected in communication media 8 and the both sides of communication media 9 is carried out relaying, can carry out the exchange of data at device that is connected in communication media 8 and the communication protocol that is connected between the device of communication media 9 according to the rules.

And, in the such indoor LAN of the such outdoor communication network of communication media 9 and communication media 8, generally as the system difference of the address (IP address) of the information of designated communication device.The former is the addresses distributed (global address) uniquely in the whole world often, and the latter is effective address (specific address) in LAN only.As the trunking scheme (address mapping mode) between the different network of this address system, NAT (Network Address Traslation: be known network address translation).

In addition, communication media 10 is connected in portable phone private network gateway apparatus 2, is to comprise the wire medium that is made of lightguide cable link, telecommunication cable etc.; The wireless medium that mancarried telephone device 1 is connected; The dedicated communications network that connects the base station of above-mentioned wire medium and above-mentioned wireless medium.And according to the rules communication protocol is carried out the exchange of data between the device that is connected in communication media 10.

And the portable phone private network gateway apparatus 2 that is connected in communication media 9 has IP address (global address).

In addition, be under the situation of portable information terminal or mobile PC at outdoor location, each machine is connected in portable phone gateway apparatus 3 via communication media 9.At this moment, portable information terminal or mobile PC have IP address (global address).

Below, respectively installing of being contained in the indoor and outdoor communication system shown in Figure 1 function that 1～7 the operation of passing through software realizes and the formation of database are described.

Mancarried telephone device 1 is connected in the home gateway device 6 that is contained in the indoor heating system 80, has the information processor of the function of carrying out the various services of cooperating with indoor set 7.These various services comprise that long-range recording schedule service and the video recording image when for example indoor set 7 is for video tape recorder transmits service; Power connection when indoor set 7 is air conditioner disconnects service and temperature adjustment service; Video camera accumulative image reading service when indoor set 7 is the anti-theft image pick-up machine etc.As shown in Figure 1, mancarried telephone device 1 for example comprises communication control unit 11, browser portion 12 and constitutes.

Communication control unit 11 is for the device (access management server device 4, indoor heating system 80) that is connected in communication media 9 with browser portion 12 communicates, have and portable phone private network gateway apparatus 2 between according to the rules communication protocol generate, explain, send the function of reception.

Browser portion 12 has picture display message that obtains portable phone gateway apparatus 3 and home gateway device 6 generations and the function that is presented at the efferent 106 of mancarried telephone device 1.And then browser portion 12 has the function that the information that will import from the input part 105 of mancarried telephone device 1 sends to portable phone gateway apparatus 3 and home gateway device 6.And, for the situation of portable information terminal or mobile PC, be same also with mancarried telephone device 1.

Here so-called picture display message is a descriptive language such as indicating language such as XML, HTML, small-sized (Compact) HTML, XHTML, SGML and metalanguage or by the information that language constituted of their definition etc. for example.For example, comprise Web image information etc.

Portable phone private network gateway apparatus 2 is the information processors with function of each communication protocol of stipulating in mutual conversion communication media 10 and the communication media 9.Wherein, portable phone private network gateway apparatus 2 provides the gateway apparatus of common carrier of the communication service of this outdoor location when outdoor location is not portable phone.

Portable phone gateway apparatus 3 is the information processors with function of authentication user of mancarried telephone device 1 and mancarried telephone device 1.Portable phone gateway apparatus 3 also has the link information that obtains according to from home gateway device 6 in addition, carrying out mancarried telephone device 1 does not communicate with access management server device 4 via portable phone gateway apparatus 3 with home gateway device 6, perhaps, mancarried telephone device 1 and home gateway device 6 communicate the communication supervisory function of usefulness via portable phone gateway apparatus 3.And, when portable phone gateway apparatus 3 is not portable phone at outdoor location, be the authentication of carrying out outdoor location, communication supervisory exterior gateway device.

Here in the present embodiment, so-called " authentication " be meant whether the information that authentication information contained that judgement remains among the storage part etc. consistent with the information of intrinsic information, identifying information, model information, password etc.So-called authentication success is meant and confirms as with above-mentioned consistent.When authentication information was saved as database, according to setting up the information that incidence relation is preserved with consistent authentication information, the appointment of outdoor locations such as portable phone etc. became possibility.More than Shuo Ming what is called " unanimity " and not only index also comprise the specific meaning of setting up incidence relation according in full accord.

As shown in Figure 1, portable phone gateway apparatus 3 for example comprises communication control unit 31, Access Management Access portion 32, picture display message generating unit 33 and authentification of user portion 34 and constitutes.

Communication control unit 31 has the function that communication protocol according to the rules generates, explains, communicates by letter message for the device (access management server device 4, indoor heating system 80) that is connected in communication media 9 with picture display message generating unit 33 communicates.And then portable phone gateway apparatus 3 remains on authentication information database 35 in the auxiliary storage portion 104.

Access Management Access portion 32 has via access management server device 4 and sends connection indication information to home gateway device 6, obtains the function that mancarried telephone device 1 and home gateway device 6 carry out the required link information of data communication from home gateway device 6.And then, has the corresponding model information that is contained according in the above-mentioned link information, carry out mancarried telephone device 1 and be connected with home gateway device 6 via portable phone gateway apparatus 3, still direct (not via portable phone gateway apparatus 3) is connected in the function of the judgement of home gateway device 6.Be directly connected under the situation of home gateway device 6 being judged to be mancarried telephone device 1, mancarried telephone device 1 is connected in home gateway device 6 according to above-mentioned link information.

Picture display message generating unit 33 has the function that generation should be presented at the picture display message in the browser portion 12 of mancarried telephone device 1; The function of the information that processing sends from browser portion 12, and will send to the function of browser portion 12 from the above-mentioned link information that home gateway device 6 sends.The browser portion 12 of mancarried telephone device 1 is different with function because of the resolution that the type of mancarried telephone device 1 can show on a picture.Picture display message generating unit 33 generates suitable picture display message respectively at above-mentioned type.

Here, the suitable picture display message of so-called generation is meant at type and rewrites the descriptive language information that constitutes the picture display message, can show production language in each type no problemly.In this case, in order to adapt to different types, rewrite data content in same descriptive language not only, but also comprise the change of the kind that is described language.

Particularly, mainly be that picture display message generating unit 33 also is called descriptive language information generating unit under the situation of generation of content of descriptive language in the generation of picture display message.

Authentification of user portion 34 have user password (by user's input) that judgement sends from browser portion 12 with as mancarried telephone device 1 respectively the portable phone information of the information of intrinsic (unique) (for example manufacturing numbering of portable phone or model information or above-mentioned manufacturing numbering and above-mentioned model information two sides' information) whether with the consistent function of information that is stored in advance the authentication information database 35.

In addition, under the situation of portable information terminal or mobile PC, above-mentioned portable phone information can not be above-mentioned model information also, but intrinsic information in the browser portion 12.

As shown in Figure 4, authentication information database 35 comprises user password 301, portable phone information 302 and is connected destination information 303.In projects, in advance by setting each user's information someway.In user password 301, has only the information of oneself knowing by user oneself decision.In portable phone information 302, set portable phone information as the information of mancarried telephone device difference intrinsic (unique).But under the situation that above-mentioned model information is set, this model information is intrinsic at each type of mancarried telephone device 1.In addition, under the situation of portable information terminal or mobile PC, above-mentioned portable phone information also can be information intrinsic in the browser portion 12.In this case, above-mentioned portable phone information pointer is intrinsic to kind, the version of each browser portion 12.Log-on message 304 is that the intrinsic information of portable phone remains on the example in the portable phone information 302, and log-on message 305 is that intrinsic information of portable phone and model information remain on the example in the portable phone information 302.In connecting destination information 303, the connection destination information of the home gateway device 6 that the user of setting user password 301 will connect.

By the information and the information that remains in the portable phone information 302, certain mancarried telephone device that just can specify certain user that remain in the user password 301 singlely.Above-mentioned authentification of user portion 34 uses the content of authentication information database 35, specifies (authentication) user and mancarried telephone device.

Access management server device 4 is to have to receive the connection indication information to home gateway device 6 (comprising the information in the connection destination information 303 that is set in Fig. 4) that portable phone gateway apparatus 3 sends, and retrieves home gateway device 6 that meets and the information processor that this home gateway device 6 is sent the relay function of above-mentioned connection indication information.

As shown in Figure 1, access management server device 4 for example comprises communication control unit 41, connection authentication department 42 and connection management portion 43 and constitutes.

Communication control unit 41 has the function that communication protocol according to the rules generates, explains, communicates by letter message in order to communicate with the device that is connected in communication media 9 (portable phone gateway apparatus 3, indoor heating system 80).And then access management server device 4 remains on device information database 44 in the auxiliary storage portion 104.

Connect authentication department 42 and have the authorized function that authenticates the jockey (portable phone gateway apparatus 3, home gateway device 6) that is connected with access management server device 4.As authentication method, can use and use PKI (Public Key Infrastructure: the testimonial authentication method PKIX).

Connection management portion 43 is key elements of the information of the above-mentioned jockey of management in device information database 44.And connection management portion 43 has the function of above-mentioned connection indication information being notified this home gateway device 6 according to retrieving the home gateway device 6 that meets from the connection indication information of portable phone gateway apparatus 3.And then connection management portion 43 also has the function that the return information from this home gateway device 6 is sent to above-mentioned portable phone gateway apparatus 3.

As shown in Figure 5, device information database 44 comprises device identifying information 401, IP address 402 and port numbering 403.In device identifying information 401, set the information of specifying above-mentioned jockey singlely.

In IP address 402, set IP address (global address) by the specified jockey of device identifying information 401.Wherein, distribute in the specific address under the situation of this jockey, this jockey connects via communication media 8, and setting is connected in the IP address of the device (route device 5 among Fig. 1) of communication media 9.

In port numbering 403, set the port numbering that uses when above-mentioned connection indication information and above-mentioned return information sent to access management server device 4 by the specified jockey of device identifying information 401.Port numbering is IP (Internet Protocol: Internet Protocol) employed port numbering in the network.

Every destination data of device information database 44 is set from the log-on message of above-mentioned jockey by receiving.Wherein, as above-mentioned connection indication information and above-mentioned return information, the communication protocol of above-mentioned log-on message, for example used SIP (SessionInitiation Protocol: be known conversation initialized protocol), in access management server device 4, also can use it in the IP phone service.In addition, in above-mentioned communication protocol, under the situation of utilization SIP, in connecting destination information 303 and device identifying information 401, set SIP-URI (UniformResource Identifiers: universal resource identifier).

Route device 5 is the information processors that connect communication media 9 and communication media 8.And route device 5 has the portable phone gateway apparatus 3 that relaying or refusal picture are connected in communication media 9, and is such with the home gateway device 6 that is connected in communication media 8, is connected in the function of the communication between the device of different communication medias.

Route device 5 can use the broadband route device of general circulation.Route device 5 comprises following key element.That is to say, carry out the PERCOM peripheral communication control part that data transmit with the outdoor location that is connected in communication media 9 (portable phone gateway apparatus 3) communication protocol according to the rules; To carry out the port transformation component of relaying (perhaps carrying out its opposite processing) from the communication information of the outdoor location that is connected in communication media 9 to the indoor set that is connected in communication media 8 (home gateway device 6); According to the port conversion control part of setting by the port conversion of port transformation component reference from the request control of the indoor set that is connected in communication media 8; Carry out the intercommunication control part that data transmit with the indoor set that is connected in communication media 8 communication protocol according to the rules then.

Wherein, can use above-mentioned NAT as the trunking scheme in the port transformation component.In addition, set control mode as the port conversion in the port conversion control part, (UniversalPlug and Play Internet Gateway Device: the control method of defined is known the UPnP the Internet gateway device), also can apply to route device 5 by UPnP IGD.

Home gateway device 6 is the information processors with following function.That is to say, the connection indication information that is sent from portable phone gateway apparatus 3 via access management server device 4 is returned the function of the link information that is used to visit this home gateway device 6; The portable phone information that keeps the mancarried telephone device 1 that contained in the above-mentioned connection indication information, and then, according to above-mentioned link information to connectivity request message from mancarried telephone device 1, by the portable phone information of the mancarried telephone device 1 that contained in the more above-mentioned connectivity request message and the portable phone information of above-mentioned maintenance, the function of carrying out the authentication of above-mentioned mancarried telephone device 1; Above-mentioned mancarried telephone device 1 is generated and sent the function of the picture that is used to control indoor set 7; Portable phone gateway apparatus 3 is sent the information of indoor sets 7 and is used to control the function of the information of indoor set 7; In addition, according to the function of controlling indoor set 7 from the request of mancarried telephone device 1 and portable phone gateway apparatus 3.

As shown in Figure 1, home gateway device 6 comprises communication control unit 61, access control portion 62, picture display message generating unit and machine handing control part.And then home gateway device 6 remains on authentication information database 65, device information database 66, corresponding model information database 67 in primary storage portion 102 or the auxiliary storage portion 104.

Communication control unit 61 is for access control portion 62, picture display message generating unit 63 and machine handing control part 64, communicate with the device (mancarried telephone device 1, access management server device 4) that is connected in communication media 9 via device that is connected in communication media 8 (route device 5, indoor set 7) and route device 5, have the function that communication protocol according to the rules generates, explains, communicates by letter message.

Access control portion 62 has following function.That is to say, to the connection indication information that sends from portable phone gateway apparatus 3 via access management server device 4, generation authentication information (token: function Token); Generate and return the function of link information that is used to visit this home gateway device 6 of the outside port numbering that comprises this token, remain on corresponding model information in the corresponding model information database 67, set in the route device 5; The portable phone information of above-mentioned token and the above-mentioned mancarried telephone device 1 that is connected in the indication information to be contained and said external port numbering are remained on function in the authentication information database 65; According to above-mentioned link information performed to connectivity request message from mancarried telephone device 1, portable phone information and the above-mentioned comparison that remains on the portable phone information in the authentication information database 65 by the mancarried telephone device 1 that contained in the above-mentioned connectivity request message, and token that is contained in the above-mentioned connectivity request message and the above-mentioned comparison that remains on the token in the authentication information database 65, the function of carrying out the authentication of above-mentioned mancarried telephone device 1; Be used to carry out and send to the port conversion control part of route device 5 from the data communication of portable telephone device 1 to the port conversion set information (the IP address of outside port numbering, internal port numbering, home gateway device 6) of home gateway device 6 relayings, set, remove the function of port conversion.

Here the corresponding type of said what is called, be the type that home gateway device 6 in the middle of the type of outdoor location can carry out the communication means different with other types, the home gateway device 6 in the middle of the type of outdoor location be can generate with to the type of the different data of the data of other types etc.The setting of this correspondence type or set when the production of home gateway device 6 perhaps is provided with outside input part and sets and new settings more on home gateway device 6, also can be by carrying out more new settings via network.Below as long as do not specify in addition that set by above-mentioned such establishing method, the type that will remain on about the information of type in the corresponding model information database 67 is expressed as " corresponding type ".

Picture display message generating unit 63 have generation will be in the browser portion 12 of mancarried telephone device 1 the picture displayed display message function and handle the function of the information that sends from browser portion 12.As mentioned above, the browser portion 12 of mancarried telephone device 1 resolution that can show on a picture or function are different because of mancarried telephone device 1 type.Picture display message generating unit 63 generates suitable picture display message respectively at the type that remains in the corresponding model information database 67.

Here, the suitable picture display message of so-called generation for example is to rewrite the descriptive language information that constitutes the picture display message at type, and the content that generates descriptive language information is so that can show in each type no problemly.In this case, for the different type of correspondence, rewrite data content in same descriptive language not only, and comprise the change of the kind that is described language.

Same with above-mentioned picture display message generating unit 33, mainly be that picture display message generating unit 63 is also referred to as descriptive language information generating unit under the situation of generation of content of descriptive language in the generation of picture display message.

Machine handing control part 64 has the more than one indoor set 7 that is connected in communication media 8 by device information database 66 monobasics management, according to the function from the machine control request control indoor set 7 of mancarried telephone device 1 that obtains from the picture display message generating unit 33 of portable phone gateway apparatus 3 or picture display message generating unit 63.

As shown in Figure 3, authentication information database 65 comprises portable phone information 201, token 202, outside port numbering 203 and internal port numbering 204.

In portable phone information 201, set the portable phone information that is contained from the connection indication information of portable phone gateway transmission.The information that sets in the portable phone information 302 among portable phone information and Fig. 4 is of the same race.

In token 202, set the verify data that home gateway device 6 generates.Contain above-mentioned link information in the above-mentioned link information that this home gateway device 6 sends and send to mancarried telephone device 1.

Outside port numbering 203 is set the port numbering of communication media 9 sides that are used for port conversion setting, remove in order to carry out relaying to home gateway device 6 from the data communication of portable telephone device 1 to route device 5.

Internal port numbering 204 is set the port numbering of communication media 8 sides that are used for port conversion setting, remove in order to carry out relaying to home gateway device 6 from the data communication of portable telephone device 1 to route device 5.

The limited time limit 205 is set the limited time limit (date is with constantly) of the verify data that sets in the token 202.

The said external port numbering that mancarried telephone device 1 is visited the IP address of route devices 5 by browser portion 12, portable phone gateway apparatus 3 by picture display message generating unit 33.Route device 5 is sent to the internal port numbering of the IP address of above-mentioned home gateway device 6 by the visit with the said external port numbering, arrive above-mentioned home gateway device 6 from the communication data of mancarried telephone device 1 or portable phone gateway apparatus 3.

As shown in Figure 6, device information database 66 comprises device ID 501, device name 502, place 503, IP address 504 are set and serve URL (Uniform Resource Locator: universal resource address) 505.

In device ID501, set the single identifier that is used to specify indoor set.In device name 502, set the machine name that is used for the User Recognition machine.In place 503 is set, set the information that place (bedroom, entry, child room, kitchen etc.) are set of expression by the specified indoor set of device ID 501.In IP address 504, set IP address by the specified indoor set of device ID 501.Usually, the IP address that is set in each indoor set of IP address 504 is the specific address, and in general route device 5 is distributed to each indoor set with above-mentioned specific address.

In service URL 505, set the connection destination information that is used to control beyond this indoor set by the specified indoor set of device ID501.Wherein, in the connection destination information that is set in service URL 505, set the connection destination information of home gateway device 6 sometimes.At this moment, the picture display message generating unit 33 of the picture display message generating unit 63 of home gateway device 6 or portable phone gateway apparatus 3 generates the picture that is used to control indoor set 7.Machine handing control part 64 is according to the control information of user's control indication generation indoor set 7, and communication protocol according to the rules sends to above-mentioned control information the control part 72 of indoor set 7.Control part 72 is according to above-mentioned control information control indoor set 7 then.

Every destination data of device information database 66 is by user's input or automatically from each indoor set collection setting.

As shown in figure 14, corresponding model information database 67 comprises corresponding model information 601.In corresponding model information 601, the model information of the mancarried telephone device 1 that setting picture display message generating unit 63 can generate.Figure 14 illustrates model information 602 and model information 603 etc.Though these model information are the model information of portable phone in explanation, but according to circumstances, except portable phone, also can keep portable information terminal (PDA) or mobile PC (PersonalComputer: personal computer), the model information of the outdoor location that game machine, Portable Communications Unit with communication function etc. is different.In this case, also can corresponding visit from the outdoor location beyond the portable phone.

To from the visit that is set in the portable phone in the corresponding model information 601, picture display message generating unit 63 is carried out the generation of picture display message, to the visit from the mancarried telephone device of not setting, the picture display message generating unit 33 of portable phone gateway apparatus 3 is carried out the generation of picture display message.

Indoor set 7 is to have by carry out the information processor of the function of various services from the indication of home gateway device 6.For example, be equivalent to illumination, air conditioner, HDD video tape recorder, Web video camera etc.

As shown in Figure 1, indoor set 7 comprises communication control unit 71 and control part 72.For control part 72 is communicated with the device (mancarried telephone device 1) that is connected in communication media 9 via device that is connected in communication media 8 (route device 5, home gateway device 6) and route device 5, communication control unit 71 has the function that communication protocol according to the rules generates, explains, communicates by letter message.

Control part 72 has carries out the function that visit home gateway device 6 or mancarried telephone device 1 remain in the indicated order of the connection destination information of service URL 505.

Here said control, for example, if indoor set 7 is illuminations, then be this illumination power connection (ON), disconnect (OFF) and switch etc.If indoor set 7 is air conditioners, then be that power connection, the disconnection of this air conditioner switched, operation switching, temperature setting etc.If indoor set 7 is HDD video tape recorders, then be program recording reservation indication etc.If indoor set 7 is Web video cameras, then be obtaining of Web camera review etc.

Wherein, in indoor and outdoor communication system shown in Figure 1, indoor set 7 is connected in communication media 8, is the formation that communicates via communication media 8 and home gateway device 6.But indoor set 7 also can be the formation that communicates via other communication media different with communication media 8 and home gateway device 6.In this case, other communication control units different with communication control unit 61 are arranged in the home gateway device 6, and machine handing control part 64 communicates via the control part 71 of this other communication control unit and indoor set 7.At this moment, above-mentioned other communication control unit of home gateway device 6 and indoor set 7 communication control units 71 generate, explain, communicate by letter message according to the communication protocol that is suitable for above-mentioned other communication media.Like this, as above-mentioned other communication media and above-mentioned communication protocol, ECHONET (Energy Conservationand Homecare Network: be known the domestic energy-conserving net), also can use it in these cases.In addition, in the example of above-mentioned indoor set, illumination, air conditioner also can use.

Next, to performed in indoor and outdoor communication system shown in Figure 1, by outdoor location (mancarried telephone device 1) visit of indoor set (indoor set 7), the details of control and treatment are described by accompanying drawing.

In native system, become possibility in order to make access management server 4 carry out portable phone gateway apparatus 3 with the intermediary that communicates by letter of home gateway device 6, on access management server 4, portable phone gateway apparatus 3 and home gateway device 6 are carried out login process.The processor block of this moment is illustrated in Fig. 7 and Fig. 8.

As shown in Figure 7, home gateway device 6 carries out the device request of landing (step S1001) to access management server 4.At this moment, home gateway device 6 also comprises dispensing device identifying information, client's certificate, port numbering with above-mentioned request.If use above-mentioned SIP, then send the communication protocol that said apparatus lands request and be equivalent to REFISTER message.After receiving, 4 pairs of these home gateway devices 6 of access management server carry out device authentication and handle (step S1002).This moment, above-mentioned device authentication was handled the device authentication that can use PKI as mentioned above.That is to say, (Certificate Authority: certification authority) certificate remains in the auxiliary storage portion 104 access management server device 4, and home gateway device 6 remains on above-mentioned client's certificate of above-mentioned CA signature in the auxiliary storage portion 104 in advance with CA in advance.In step S1001, send above-mentioned client's certificate then, the above-mentioned client's certificate of checking in step S1002.

If be judged to be above-mentioned client's certificate through authorizing in step S1002, then access management server device 4 is logined above-mentioned home gateway devices 6 (step S1002).At this moment, as shown in Figure 5, access management server 4 remains on device information database 44 in the auxiliary storage portion 104, appends being judged to be the information of authorized device.That is to say, in the device identifying information 401 of device information database 44, set the said apparatus identifying information, in IP address 402, set the IP address (global address) of route device 5, in port numbering 403, set the port numbering that comprises the said apparatus logging request.Wherein, the IP address packet of route device 5 is contained in the IP bucket header that sends to access management server device 4 from route device 5.For example, in Fig. 5, log-on message 404 is log-on messages of home gateway device 6.

And, access management server 4 return results (step S1004).At this moment, send this situation when device authentication is failed in step S1002, the situation that the transmission login finishes when success as a result of.Home gateway device 6 receives The above results, transfers to continuous wait state (step S1005), end process.

Wherein, in Fig. 7, step S1001 and step S1005 are the processing that the access control portion 62 of home gateway device 6 carries out.In addition, step 1002 to step 1004 is processing of connection authentication department 42 execution of access management server device 4.

In addition, the login to the access management server device 4 of portable phone gateway apparatus 3 also is same.That is to say that as shown in Figure 8, portable phone gateway apparatus 3 carries out the device logging request (step S2001) to access management server device 4.At this moment, portable phone gateway apparatus 3 also comprises device identifying information, client's certificate, port numbering and sends when sending above-mentioned stating.The 4 pairs of portable phone gateway apparatus of access management server 3 that receive these information carry out device authentication and handle (step S2002).At this moment, above-mentioned device authentication processing is same with the processing of step 1002.If it is authorized being judged to be above-mentioned client's certificate in step S2002, then access management server device 4 is logined above-mentioned portable phone gateway apparatus 3 (step S2002).At this moment, as mentioned above, access management server 4 remains on device information database 44 in the auxiliary storage portion 104, appends being judged to be the information of authorized device.For example, in Fig. 5, log-on message 405 is log-on messages of portable phone gateway apparatus 3.

Then, access management server 4 return results (step S2004).At this moment, send this situation when device authentication is failed in step S2002, when success, will login situation about finishing and as a result of send.Portable phone gateway apparatus 3 receives The above results, transfers to continuous wait state (step S2005), end process.

Wherein, in Fig. 8, step S2001 and step S2005 are the processing that the Access Management Access portion 32 of portable phone gateway apparatus 3 carries out.In addition, step 2002 to step 2004 is processing of connection authentication department 42 execution of access management server device 4.

Next, the details that mancarried telephone device 1 is visited the processing of home gateway device 6 describes.At first need not be illustrated in Fig. 9 about the processor block in first method of the information of the corresponding type of portable phone.

As shown in Figure 9, at first the user operates mancarried telephone device 1, connects portable phone gateway apparatus 3 (step S3001).That is to say, the mancarried telephone device 1 of this moment be treated as transmission to the connectivity request message of home gateway device 6.Portable phone gateway apparatus 3 generates the authentification of user picture data and sends to above-mentioned mancarried telephone device 1 (step S3002).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show above-mentioned picture, urge user password input from the user.Then, send the user password that the user uses input part 105 inputs of mancarried telephone device 1, with as the intrinsic portable phone information (step S3003) of the above-mentioned mancarried telephone device 1 of authentication information, above-mentioned portable phone gateway apparatus 3 uses above-mentioned user password and above-mentioned portable phone authentification of message mancarried telephone devices 1 (step S3004).At this moment, above-mentioned authentication processing uses authentication information database 35 shown in Figure 4, that portable phone gateway apparatus 3 remains in the auxiliary storage portion 104 in advance to carry out.That is to say the relatively content and the above-mentioned portable phone information of the content of user password 301 and above-mentioned user password, portable phone information 302 respectively, authentication success under the situation of unanimities all.For example, in Fig. 4,, be " 1234 " then at above-mentioned user password if log-on message 304 is above-mentioned user's a information, authentication success when above-mentioned portable phone information is " tnk16198 ".

In step S3004, (when at least one side is inconsistent) sends this situation to mancarried telephone device 1 when authentification failure.Above-mentioned then mancarried telephone device 1 shows this situation (authentification failure) (step S3005), end process on output device 105.

In step S3004, when authentication success, the connection indication information that 3 pairs of access management server devices of portable phone gateway apparatus 4 send to home gateway device 6.The above-mentioned portable phone information that in above-mentioned connection indication information, comprises the device identifying information of the home gateway device 6 that connect and in step 3004, obtain.For example in above-mentioned example, in Fig. 4, " user01@hogehoge.jp " as the content of the connection destination information 303 of log-on message 304 is equivalent to the said apparatus identifying information, is equivalent to above-mentioned portable phone information as " tnk16198 " of the content of portable phone information 302.In addition, if use above-mentioned SIP, the communication protocol that then sends above-mentioned connection indication information is equivalent to INVITE.

Then, whether the above-mentioned connection destination information that is contained in the above-mentioned connection indication information of access management server device 4 retrievals logins in device information database 44 (step S3006).In this example, because log-on message 404 is equivalent to the information of the home gateway device 6 logined in Fig. 7, so in the case, constitute the device identifying information (content of the device identifying information 401 of Fig. 5 that comprises above-mentioned portable phone gateway apparatus 3 once more, in this example, the content of the device identifying information 401 of log-on message 405) with above-mentioned portable phone information at the interior indication information that is connected, above-mentioned connection indication information is sent to above-mentioned home gateway device 6 (step S3007).In fact, the determined port numbering in IP address (content of the IP address 402 of Fig. 5) (content of the port numbering 403 of Fig. 5) of 6 pairs of route devices that connected 5 of above-mentioned home gateway device sends above-mentioned connection indication information, and above-mentioned route device 5 (using above-mentioned port conversion control part) is sent to above-mentioned home gateway device 6 with above-mentioned connection indication information.In addition, in step S3006, if above-mentioned connection destination information is not logined in said apparatus information database 44, then the situation with connection failure turns back to above-mentioned portable phone gateway apparatus 3.

Then, home gateway device 6 sends to above-mentioned route device 5 (step S3008) with router outside port open request.Above-mentioned route device 5 carries out open set (the step S3009) of outside port in the above-mentioned port transformation component.Thus, to the visit from outdoor location (mancarried telephone device 1), above-mentioned route device 5 can be relayed to this visit above-mentioned home gateway device 6.Wherein, in the router outside port open request of Shi Yonging, comprise the outside port numbering of route device 5, the internal port numbering that is associated with this outside port and the IP address of home gateway device 6 here.In addition, the outside port numbering is necessary to use and the unduplicated port numbering of having set of port numbering with the internal port numbering.As the method for determining port numbering, for example, can enumerate the method for from the little numbering of effective range, selecting unduplicated numbering, or select the method for the numbering at random in the effective range.In addition, if the restriction of route device 5 and home gateway device 6 does not exist, then preferred outside port numbering is same numbering with the internal port numbering.

Then, in home gateway device 6, for above-mentioned portable phone 1 is directly visited above-mentioned home gateway device 6, access control portion 62 for example generates authentication informations such as token information, generates the visit URL (link information) (step S3010) that comprises above-mentioned token information.Does above-mentioned visit URL for example become https: // 11.22.33.44:10000/index.cgi? token=kz7t5ob8dtghh, such text data.In this case, " 11.22.33.44 " is the IP address of above-mentioned route device 5, and " 10000 " are port numberings, and " index.cgi " is the access page of above-mentioned home gateway device 6, and " kz7t5ob8dtghh " is token information.Above-mentioned token information for example generates when connecting the reception of indication information at random.

And then, in home gateway device 6, access control portion 62 will login in authentication information database shown in Figure 3 65 (step S3011) from the internal port numbering that comprises the said external port numbering of setting in the above-mentioned portable phone information that connects indication information, above-mentioned token information, the above-mentioned route device 5, above-mentioned foundation association of above-mentioned portable phone gateway apparatus 3 and the valid period of above-mentioned token.In this example, log-on message 207 is the information of logining in step S3011.The valid period of above-mentioned token is for example predetermined 5 minutes time on date that adds on the time on date that generates in above-mentioned token.Though increase by shortening (5 minutes in this example) security strength of added time, consider that preferably the delay time of communication media 8, communication media 9, communication media 10 is determined.

Then, generation comprises the return information of the visit URL that contains above-mentioned token and sends to above-mentioned access management server device 4 (step S3012).Above-mentioned access management server device 4 constitutes above-mentioned return information once more and sends to above-mentioned portable phone gateway apparatus 3 (step S3013).

Then, portable phone gateway apparatus 3 is obtained above-mentioned link information (visit URL) from above-mentioned return information, generates to make the possible picture video data of being connected to become of above-mentioned visit URL and send to above-mentioned mancarried telephone device 1 (step S3014).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show picture (step S3015), the user is urged selection to the link information of above-mentioned visit URL based on above-mentioned picture video data.If the user selects above-mentioned link information, then mancarried telephone device 1 sends to above-mentioned home gateway device 6 with connectivity request message.At this moment, mancarried telephone device 1 is included in portable phone information in this connectivity request message and sends.In addition, this connectivity request message carries out above-mentioned visit URL.The IP address of being contained among the above-mentioned visit URL be above-mentioned route device 5 the IP address (in this example, 11.22.33.44), the port numbering that is contained in the above-mentioned IP address is the said external port numbering (in this example, 10000) that is set in step 3009 in the above-mentioned route device 5.Thereby above-mentioned connectivity request message arrives above-mentioned home gateway device 6.In addition, in step S3015, also can be that the user does not carry out above-mentioned link information selection and automatically connectivity request message sent to (the URL transfer: redirection) of above-mentioned home gateway device 6.In any case mancarried telephone device 1 a pair of above-mentioned visit URL response just sends connectivity request message.

Then, home gateway device 6 carries out the authentication (step S3016) of mancarried telephone device 1 according to the information that is contained in the above-mentioned connectivity request message.In above-mentioned connectivity request message, the portable phone information that contains mancarried telephone device 1, (being contained among the above-mentioned visit URL) token information compares these information and the log-on message that keeps respectively, authentication success under all consistent situation in step S3011.For example, the portable phone information that is contained in the above-mentioned connectivity request message is " tnk16198 ", and token information is " kz7t5ob8dtghh ", and if in the limited time limit of above-mentioned token information, then authentication success.

In step S3016, (when at least one side is inconsistent) sends to mancarried telephone device 1 with this situation when authentification failure, and above-mentioned mancarried telephone device 1 shows this situation (authentification failure) (step S3017), end process on output device 105.

On the other hand, in step S3016, when authentication success, home gateway device 6 generates picture and shows that (Top picture) so that can carry out the remote operation or the control of indoor set 7, sends to above-mentioned mancarried telephone device 1 (step S3018).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, for example, show picture 700 (step S3019) shown in Figure 11, end process.In addition, in step S3018, generate the content and the picture video data of device information database 66 shown in Figure 6.In this example, as indoor set 7, for example illumination (log-on message 506), network (Web) video camera (log-on message 507), HDD video tape recorder (log-on message 508) are connected in communication media 8.Thereby on mancarried telephone device 1 output device 105, as control machine guide look, demonstration can be selected to throw light on, the picture of web camera, HDD video tape recorder.

In addition, in Fig. 9, step S3001, step S3003, step S3005, step S3015, step 3017 and step S3019 are the processing that the browser portion 12 of mancarried telephone device 1 carries out.Step S3002, step S3014 are the processing that the picture display message generating unit 33 of portable phone gateway apparatus 3 is carried out.Step S3004 is the processing that the authentification of user portion 34 of portable phone gateway apparatus 3 carries out.Step S3006, step S3007, step S3013 are the processing that the connection management portion 43 of access management server 4 carries out.Step S3008, step S3010 are the processing of access control portion 62 execution of home gateway device 6 to step S3012, step S3016.Step S3018 is the processing that the picture display message generating unit 63 of home gateway device 6 is carried out.And step S3009 is the processing of the port transformation component execution of route device 5.

Next, mancarried telephone device 1 is used above-mentioned link information visit home gateway device 6, the details of the processing of control indoor set 7 describes.The processor block of this moment is illustrated in Figure 10.

As shown in figure 10, at first the user operates the machine that mancarried telephone device 1 is selected the plan Long-distance Control, should selection information send to home gateway device 6 (step S4001).At this moment, on the efferent 106 of mancarried telephone device 1, show picture 700 shown in Figure 11 (control machine guide look), the user from wherein select to plan Long-distance Control machine and select executive button 701 (if select executive button 701, it is selected then to throw light on picture shown in Figure 11 700).

Then, home gateway device 6 generates the picture video data that is used to control above-mentioned selected machine, sends to above-mentioned mancarried telephone device 1 (step S4002).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, for example show picture shown in Figure 12 702.Figure 12 represents the state of above-mentioned illumination, in this example, is that the state of (illumination) is connected in above-mentioned illumination.In above-mentioned picture 702, if select return push-button 704, then above-mentioned picture 700 shows on the efferent 106 of above-mentioned mancarried telephone device 1.

For example, in above-mentioned picture 702,, then should selection information send to above-mentioned home gateway device 6 (step S4003) if the user selects to cut off and selects executive button 703.Then, the control that generates selected machine according to above-mentioned selection information of above-mentioned home gateway device 6 sends to above-mentioned selected machine (indoor set 7) (step S4004) with communication data.At this moment, above-mentioned selected machine is illumination, and this throws light on as mentioned above, if corresponding to the machine of ECHONET, then above-mentioned control generates according to the message format according to the ECHONET standard with communication data, uses same communication protocol according to the ECHONET standard to send to above-mentioned indoor set 7.

Then, indoor set 7 is controlled this machine (in this example, the cut-out of illumination) (step S4005) according to the above-mentioned control that receives with communication data, should control the result and send to above-mentioned home gateway device 6 (step S4006).Then, home gateway device 6 generates this control of expression result's picture video data, sends to above-mentioned mancarried telephone device 1 (step S4007).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show this control of expression result's picture (step S4008), end process.

In addition, in Figure 10, step S4001, step S4003, step S4008 are the processing that mancarried telephone device 1 browser portion 12 carries out.Step S4002, step S4007 are the processing that the picture display message generating unit 63 of home gateway device 6 is carried out.Step S4004 is the processing that the machine handing control part 64 of home gateway device 6 is carried out.And step S4005 is the processing of control part 72 execution of indoor set 7 to step S4006.

Then in step S4001, to describing as the situation of controlling object machine choice web camera (in picture 700, select web camera and select executive button 701) the user.Usually, because web camera possesses web server function, so in step S4004,6 pairs of above-mentioned web cameras of home gateway device (indoor set 7) carry out access to netwoks.In step S4005, above-mentioned web camera generates the camera review in this moment as Still image data, and in step S4006, above-mentioned web camera sends to above-mentioned home gateway device 6 with this Still image data.In step S4007, above-mentioned home gateway device 6 generates and comprises that the picture video data of this Still image data sends to above-mentioned mancarried telephone device 1.As a result, this Still image data is shown (step S4008) on the output device 106 of above-mentioned mancarried telephone device 1.

Then in step 4001, to describing as the situation of controlling object machine choice HDD video tape recorder (in picture 700, select the HDD video tape recorder and select executive button 701) the user.In step S4004, home gateway device 6 is obtained request with image and is sent to above-mentioned HDD video tape recorder (indoor set 7).In step S4005, above-mentioned accumulative image implemented suitable image compression format conversion etc. so as can on above-mentioned mancarried telephone device 1, to reproduce, accumulative image that the above-mentioned HDD video tape recorder of reading is asked.In step S4006, the view data of above-mentioned HDD video tape recorder after with above-mentioned conversion sends to above-mentioned home gateway device 6.In step S4007, above-mentioned home gateway device 6 sends to above-mentioned mancarried telephone device 1 with this view data, remains in the auxiliary storage portion 104 of above-mentioned mancarried telephone device 1.Mancarried telephone device 1 shows the selection picture of accumulative image on output device 106, if the user selects above-mentioned view data, then above-mentioned view data is reproduced.The image that is reproduced is shown (step S4008) on the output device 106 of above-mentioned mancarried telephone device 1 then.

Next, describe from the details of mancarried telephone device 1 finishing to the processing of the visit of home gateway device 6.The processor block of this moment is illustrated in Figure 13.

As shown in figure 13, at first the user operates mancarried telephone device 1, and log-off message is sent to home gateway device 6 (step S5001).At this moment, on the efferent 106 of mancarried telephone device 1, show picture 700 shown in Figure 11 (guide look of control machine), the user selects executive button 701 from wherein selecting to nullify.

Then, home gateway device 6 will be used to finish send to access management server device 4 (step S5002) with the connection ending request that is connected of portable phone gateway apparatus 3.In above-mentioned connection ending request, contain the device identifying information of above-mentioned portable phone gateway apparatus 3.Then, access management server device 4 is according to said apparatus identifying information indexing unit information database 44 (step S5003), if can find the log-on message of said apparatus identifying information, then above-mentioned connection ending request is sent to the portable phone gateway apparatus 3 (step S5004) that the said apparatus identifying information is represented.At this moment, access management server device 4 constitutes above-mentioned connection ending request once more so that contain the device identifying information of home gateway device 6, and above-mentioned connection ending request is sent to above-mentioned portable phone gateway apparatus 3.

Then, the portable phone gateway apparatus 3 of receiving above-mentioned connection ending request carry out with above-mentioned home gateway device 6 be connected end process (deletion of the information of maintenance) (step S5005).Then, generate the return information contain at whether normally finishing the result of end process, this return information is sent in the above-mentioned access management server device 4 (step S5006).The device identifying information that in this return information, contains above-mentioned home gateway device 6.Then, access management server device 4 sends to the home gateway device 6 (step S5007) that the device identifying information that contained in this return information is represented with this return information.

Then, home gateway device 6 retrieve data transmit with port numbering (step S5008), to route device 5, send router outside port locking request (step S5009).At this moment, data transmit the retrieval with port numbering, and authentication information database shown in Figure 3 65 is carried out.That is to say, be in this connection of Fig. 9 explanation begins to handle, and the open outside port numbering of setting in the retrieval route device 5 in the case of this example, becomes the content of the outside port numbering 203 that obtains log-on message 207.Then, just will send to above-mentioned route device 5 to the router outside port locking request of said external port numbering.Then, route device 5 carries out outside port locking setting (step S5010).Thus, in route device 5, can block undelegated visit from outdoor location.

Then, home gateway device 6 carry out with above-mentioned portable phone gateway apparatus 3 be connected end process (step S5011).Specifically, the log-on message that meets from authentication information database shown in Figure 3 65 deletions.In this example, owing to log-on message 207 meets, so deletion log-on message 207.Then, home gateway device 6 generates expression and connects the picture video data that finishes, and sends to above-mentioned mancarried telephone device 1 (step S5012).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show the picture (step S5013) of expression johning knot bundle, end process.

Wherein, in Figure 13, step S5001, step S5013 are the processing that the browser portion 12 of mancarried telephone device 1 carries out.Step S5002, step S5008 are the processing of access control portion 62 execution of home gateway device 6 to step S5009, step S5011.Step S5012 is the processing that the picture display message generating unit 63 of home gateway device 6 is carried out, and step S5003 is the processing of connection management portion 43 execution of access management server device 4 to step S5004, step S5007.Step S5005 is the processing of Access Management Access portion 32 execution of portable phone gateway apparatus 3 to step S5006.And step S5010 is the processing of the port transformation component execution of route device 5.

If use above-mentioned first method, then in the communicating by letter of mancarried telephone device 1 and home gateway device 6, can reduce the load of portable phone gateway apparatus 3 and access management server 4.

Next, the displayable resolution of shown picture based on the picture display message and the type of user's mancarried telephone device 1 and function are corresponding and show second method of ground improvement in the browser portion 12 of following explanation at mancarried telephone device 1.

In general the browser portion 12 of mancarried telephone device 1 resolution that can show on a picture is different because of the type of mancarried telephone device 1 with function.Therefore, the picture display message generating unit 63 of the home gateway device 6 institute's organic type of portable phone that correspondence has the possibility of visit home gateway device 6 of having to.In first method, shown picture display message in the browser portion 12 of mancarried telephone device 1, the picture display message generating unit 63 of home gateway device must generate.But in general, because restrictions such as cost aspects, the capacity that carries the auxiliary storage portion 104 on home gateway device 6 is limited, can't guarantee to carry out the capacity of the degree that the picture display message corresponding to the type of all portable phones generates.Therefore, in home gateway device 6, be difficult to generate the picture display message of the type that corresponds respectively to all portable phones.In addition, in first method, under the situation that the new architecture of portable phone in the auxiliary storage portion 104 of carrying on home gateway device 6 is come on stage, also generation can't generate corresponding to the such problem of the picture display message of new architecture.

Below, the visit of the indoor set (indoor set 7) that the detailed outdoor location (mancarried telephone device 1) of second method that is used to solve above-mentioned problem is carried out with reference to accompanying drawing, the details of control and treatment describe.

In order to solve above-mentioned problem, at first, will be in first method processor block figure shown in Figure 9 be altered to handling procedure block diagram shown in Figure 15 and get final product.

In addition, though Figure 15 has described the handling procedure block diagram respectively on Figure 15 a and two accompanying drawings of Figure 15 b, these two flow charts indicate expression by (A) described in the accompanying drawing and couple together.Thus in the following description, these two flow charts are handled as a flow chart, only be expressed as Figure 15.

In Figure 15, the details that mancarried telephone device in second method 1 is visited the processing of home gateway device 6 describes.In addition, when explanation, also use the schematic diagram that uses in the explanation of first method, difference in second method that remarks additionally.

As shown in figure 15, at first the user operates mancarried telephone device 1, is connected in portable phone gateway apparatus 3 (step S6001).That is to say, the mancarried telephone device 1 of this moment be treated as transmission to the connectivity request message of home gateway device 6.Portable phone gateway apparatus 3 generates the authentification of user picture data and sends to above-mentioned mancarried telephone device 1 (step S6002).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show above-mentioned picture, urge user password input from the user.Then, send the user password that the user uses input part 105 inputs of mancarried telephone device 1, with as the intrinsic portable phone information (containing model information) (step S6003) of the above-mentioned mancarried telephone device 1 of authentication information, above-mentioned portable phone gateway apparatus 3 uses above-mentioned user password and above-mentioned portable phone authentification of message mancarried telephone devices 1 (step S6004).At this moment, above-mentioned authentication processing is undertaken by authentication information database 35 shown in Figure 4, that portable phone gateway apparatus 3 remains in the auxiliary storage portion 104 in advance.That is to say, relatively content and the above-mentioned user password of user password 301 respectively, the content of portable phone information 302 and above-mentioned portable phone information are authentication success when unanimities all.For example, in Fig. 4,, be " 4567 " then at above-mentioned user password if log-on message 305 is above-mentioned user's a information, authentication success when above-mentioned portable phone information is " hmn61618aa corporate system bb type ".

In step S6004, (when at least one side is inconsistent) sends to mancarried telephone device 1 with this situation when authentification failure.Above-mentioned then mancarried telephone device 1 shows this situation (authentification failure) (step S6005), end process on output device 105.

In step S6004, when authentication success, the connection indication information that 3 pairs of access management server devices of portable phone gateway apparatus 4 send to home gateway device 6.In above-mentioned connection indication information, the above-mentioned portable phone information that contains the device identifying information of the home gateway device 6 that will connect and in step S6004, obtain.For example in above-mentioned example, in Fig. 4, content " user02@hogehoge.jp " as the connection destination information 303 of log-on message 305 is equivalent to the said apparatus identifying information, is equivalent to above-mentioned portable phone information as " the hmn61618aa corporate system bb type " of the content of portable phone information 302.

Then, whether the above-mentioned connection destination information that is contained in the above-mentioned connection indication information of access management server device 4 retrievals logins in device information database 44 (step S6006).In this example, because log-on message 404 is equivalent to the information of the home gateway device 6 logined in Fig. 7, so in this case, constitute the device identifying information (content of the device identifying information 401 of Fig. 5 that contains above-mentioned portable phone gateway apparatus 3 once more, in this example, the content of the device identifying information 401 of log-on message 405) with above-mentioned portable phone information at the interior indication information that is connected, above-mentioned connection indication information is sent to above-mentioned home gateway device 6 (step S6007).In fact, the determined port numbering in IP address (content of the IP address 402 of Fig. 5) (content of the port numbering 403 of Fig. 5) of the route device 5 that above-mentioned home gateway device 6 is connected sends above-mentioned connection indication information, and above-mentioned route device 5 (using above-mentioned port conversion control part) is sent to above-mentioned home gateway device 6 with above-mentioned connection indication information.In addition, in step S6006, if above-mentioned connection destination information is not logined in said apparatus information database 44, then the situation with connection failure turns back to above-mentioned portable phone gateway apparatus 3.

Then, home gateway device 6 sends to above-mentioned route device 5 (step S6008) with router outside port open request.Above-mentioned route device 5 carries out open set (the step S6009) of outside port in the above-mentioned port transformation component.Thus, to the visit from outdoor location (mancarried telephone device 1), above-mentioned route device 5 can be relayed to this visit home gateway device 6.

Then, in home gateway device 6, access control portion 62 is used for directly visiting the authentication information generation token information of above-mentioned home gateway device 6 as above-mentioned portable phone 1, generation contains the visit URL (link information) of above-mentioned token information, and is used for carrying out between home gateway device 6 and portable phone gateway apparatus 3 key (step S6010) that cryptographic communication is used.

And then, home gateway device 6 will be from the internal port numbering that contains the said external port numbering of setting in the above-mentioned portable phone information that connects indication information, above-mentioned token information, the above-mentioned route device 5, above-mentioned foundation association of above-mentioned portable phone gateway apparatus 3, the valid period and the above-mentioned key of above-mentioned token, and login is in authentication information database shown in Figure 180 65 (step S6011).

Here, authentication information database shown in Figure 180 65 is described.Authentication information database 65 shown in Figure 180 is the clauses and subclauses that add key 206 in authentication information database shown in Figure 3 65.Key 206 is set home gateway device 6 and is used to carry out encrypted message (cryptographic algorithm etc.) and the key that cryptographic communication is used with portable phone gateway apparatus 3.

In this example, log-on message 208 is the information of logining in step S6011.The above-mentioned key that generates remains in key 206.

Get back to Figure 15, generate to contain and above-mentionedly contain visit URL, the above-mentioned key of token information and contain the return information of the corresponding model information (all information of being preserved in the corresponding model information 601) of being preserved in the corresponding model information database 67 shown in Figure 14 and send to above-mentioned access management server device 4 (step S6012).Above-mentioned access management server device 4 constitutes above-mentioned return information once more and sends to above-mentioned portable phone gateway apparatus 3 (S6013).

Then, portable phone gateway apparatus 3 is obtained above-mentioned key and is remained in primary storage portion 102 or the auxiliary storage portion 104 from above-mentioned return information, and from above-mentioned return information, obtain above-mentioned corresponding model information, compare (step S6014) with the content of the portable phone information 302 of being preserved in the authentication information database 35 shown in Figure 4.In this example, the information that remains in the portable phone information 302 in the log-on message 305 is " hmn61618aa corporate system bb type ", owing to contain " aa corporate system bb type " in above-mentioned corresponding model information, does not meet so can be judged to be.That is to say that the picture display message generating unit 63 that can judge into above-mentioned home gateway device 6 can't generate the picture display message that is suitable for above-mentioned mancarried telephone device 1.

Do not meet if in step S6014, be judged to be, then home gateway device 6 is because generate the picture display message that is suitable for mancarried telephone device 1 in portable phone gateway apparatus 3, the information of indoor set obtained request send to above-mentioned home gateway device 3 (step S6015).Home gateway device 6 turns back to portable phone gateway apparatus 3 (step S6017) according to the content retrieval indoor set (step S6016) of device information database 66 with its result (indoor set information).In this example, as indoor set 7, for example illumination (log-on message 506), web camera (log-on message 507), HDD video tape recorder (log-on message 508) are connected in communication media 8.Thereby, in above-mentioned indoor set information, contain the information of illumination, web camera, HDD video tape recorder.

In addition, the portable phone gateway apparatus 3 among step S6015 and the step S6017 uses the key that is generated in step S6010 to carry out cryptographic communication with communicating by letter of home gateway device 6.The key that is generated in step S6010 remains in step S6014 in the portable phone gateway apparatus 3 via step S6012 and step S6013, shared above-mentioned key between portable phone gateway apparatus 3 and home gateway device 6.Thus, can between portable phone gateway apparatus 3 and home gateway device 6, carry out safe communication.

Then, portable phone gateway apparatus 3 generates picture and shows that (Top picture) data so that can carry out the remote operation and the control of indoor set 7, send to above-mentioned mancarried telephone device 1 (step S6018) with above-mentioned indoor set information.As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, for example, show picture (step S6019) shown in Figure 11, end process.In this example, in above-mentioned indoor set information, for example, contain illumination (log-on message 506), web camera (log-on message 507), HDD video tape recorder (log-on message 508).Thereby in this example, on mancarried telephone device 1 output device 105, as control machine guide look, demonstration can be selected to throw light on, the picture of web camera, HDD video tape recorder.

In addition, in step S6014, be judged to be when meeting, just, be judged to be home gateway device 3 can generate the picture display message that is suitable for above-mentioned mancarried telephone device 1 time, carry out with step S3014 shown in Figure 9 to the same processing of the processing of step S3019.

That is to say, portable phone gateway apparatus 3 is obtained above-mentioned link information (visit URL) from the return information of obtaining among step S6013, generate to make to the possible picture video data of being connected to become of above-mentioned visit URL and send to above-mentioned mancarried telephone device 1 (step S6020).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show picture (step S6021), the user is urged the selection of the link information of above-mentioned visit URL based on above-mentioned picture video data.If the user selects above-mentioned link information, then mancarried telephone device 1 sends to above-mentioned home gateway device 6 with connectivity request message.At this moment, mancarried telephone device 1 is included in portable phone information in this connectivity request message and sends.In addition, this connectivity request message carries out above-mentioned visit URL.The IP address of being contained among the above-mentioned visit URL be above-mentioned route device 5 the IP address (in this example, 11.22.33.44), the port numbering that is contained among the above-mentioned visit URL is the said external port numbering (in this example, 10001) that sets in the above-mentioned route device 5 in step 6009.Thereby above-mentioned connectivity request message arrives above-mentioned home gateway device 6.

Then, home gateway device 6 carries out the authentication (step S6022) of mancarried telephone device 1 according to the information that is contained in the above-mentioned connectivity request message.In above-mentioned connectivity request message, portable phone information and (being contained among the above-mentioned visit URL) token information of containing mancarried telephone device 1 compare these information respectively, with the log-on message that in step S6011, keeps, under all consistent situation, be authentication success.For example, if the portable phone information that is contained in the above-mentioned connectivity request message is " hmn61618aa corporate system bb type ", and token information is " D89bae95hze8 ", and is in the limited time limit of above-mentioned token information, then authentication success.

In step S6022, (when a certain at least side is inconsistent) sends to mancarried telephone device 1 with this situation when authentification failure, and above-mentioned mancarried telephone device 1 shows this situation (step S6023), end process on output device 105.

On the other hand, in step S6022, when authentication success, home gateway device 6 generates picture and shows that (Top picture) data so that can carry out the remote operation and the control of indoor set 7, send to above-mentioned mancarried telephone device 1 (step S6024).

As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, for example, show picture 700 (step S6025) shown in Figure 11, end process.In addition, in step S6024,, generate the picture video data according to the content of device information database 66 shown in Figure 6.In this example, as indoor set 7, for example illumination (log-on message 506), web camera (log-on message 507), HDD video tape recorder (log-on message 508) are connected in communication media 8.Thereby on mancarried telephone device 1 output device 105, as control machine guide look, demonstration can be selected to throw light on, the picture of web camera, HDD video tape recorder.

In addition, the picture video data that generate this moment, the portable phone type information that is contained in the portable phone information according to the mancarried telephone device of obtaining in step S6022 1 generates corresponding to the content of the description of indicating language as previously mentioned.That is to say that the portable phone type information that contained in the portable phone information according to the mancarried telephone device of obtaining 1 is specified the type of portable phone, the specification according to the display frame of this type generates the picture video data.Specifically, for example, even Display Characters Per Frame, or the display frame size, show that line number, figure place showing etc. are different because of the portable phone type, in order to prevent that display object such as character or button are presented at the user and use inconvenient position, also can be in indicating language the description of the feature of the display position of change character and display object etc.In addition, for example also can be in indicating language the description of the feature of the size of the demonstration of change character or display object etc. so that the size of character and display object is not used inconvenient size because of the type of portable phone becomes the user.

In addition, in Figure 15, step S6001, step S6003, step S6005, step S6019, step S6021, step S6023 and step S6025 are the processing that the browser portion of mancarried telephone device 1 carries out.Step S6002, step S6018 and step S6020 are the processing that the picture display message generating unit 33 of portable phone gateway apparatus 3 is carried out.Step S6004, step S6014 and step S6015 are the processing that the authentification of user portion 34 of portable phone gateway apparatus 3 carries out.Step S6006, step S6007, step S6013 are the processing that the connection management portion 43 of access management server 4 carries out.Step S6008, step S6010 are the processing of access control portion 62 execution of home gateway device 6 to step S6012, step S6022.Step S6024 is the processing that the picture display message generating unit 63 of home gateway device 6 is carried out.And step S6009 is the processing of the port transformation component execution of route device 5.

Secondly, in second method, in the step S6014 of Figure 15, be judged to be when meeting, the control of indoor set with the same method of explanation of the flow chart of Figure 10, mancarried telephone device 1 and home gateway device 6 are not visited via portable phone gateway apparatus 3 and access management server 4.

In addition, secondly, be judged to be in the step S6014 of Figure 15 when not meeting, mancarried telephone device 1, home gateway device 6, portable phone gateway apparatus 3, access management server 4 are handled as follows.

That is to say, below when the picture display message generating unit 63 of judging into home gateway device 6 can't generate the picture display message that is suitable for above-mentioned mancarried telephone device 1, mancarried telephone device 1 uses above-mentioned link information visit home gateway device 6, and the details of the processing of control indoor set 7 is described.The processor block of this moment is illustrated in Figure 16.

As shown in figure 16, at first the user operates the machine that mancarried telephone device 1 is selected plan remote control control, should selection information send to portable phone gateway apparatus 3 (step S7001).At this moment, on the efferent 106 of mancarried telephone device 1, show picture 700 shown in Figure 11 (control machine guide look), the user from wherein select to plan Long-distance Control machine and select executive button 701 (if the picture shown in Figure 11 700 selector button 701, it is selected then to throw light on).

Then, above-mentioned portable phone gateway apparatus 3 in order to generate the picture video data that the above-mentioned selected machine of control is used, will the request that obtain of the information of selected machine (indoor set) send to home gateway device 6 (step S7002) in step S7001.Then, above-mentioned home gateway device 6 comparable device information databases 66 these indoor sets of visit are obtained current state, and the information that will contain the above-mentioned indoor set of this state sends to above-mentioned portable phone gateway apparatus 3 (step S7003).

Portable phone gateway apparatus 3 generates the picture video data that is used to control this indoor set according to the information of above-mentioned indoor set, sends to above-mentioned mancarried telephone device 1 (step S7004).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show picture 702 for example shown in Figure 12.In Figure 12, show the state of above-mentioned illumination, in this example, above-mentioned illumination is for connecting the state of (illumination).In above-mentioned picture 702, if select return push-button 704, then above-mentioned picture 700 is shown on the efferent 106 of above-mentioned mancarried telephone device 1.

For example in above-mentioned picture 702,, then should selection information (machine control indication) send to above-mentioned portable phone gateway apparatus 3 (step S7005) if the user selects to cut off and selects executive button 703.Then, above-mentioned portable phone gateway apparatus 3 constitutes above-mentioned machine control indicating concurrent once more and delivers to home gateway device 6 (step S7006).

The control that above-mentioned home gateway device 6 generates selected machine according to above-mentioned machine control indication is with communication data and send to above-mentioned selected machine (indoor set 7) (step S7007).At this moment, if above-mentioned selected machine is illumination, this illumination is the machine corresponding to ECHONET as mentioned above, and then above-mentioned control generates with the message format according to the ECHONET standard with communication data, uses same communication protocol according to the ECHONET standard to send to above-mentioned indoor set 7.

Then, indoor set 7 is controlled this machine (in this example, the cut-out of illumination) (step S7008) according to the above-mentioned control that receives with communication data, should control the result and send to above-mentioned home gateway device 6 (step S7009).Then, home gateway device 6 should be controlled the result and send to above-mentioned portable phone gateway apparatus 3 (step S7010), above-mentioned portable phone gateway apparatus 3 generates this control of expression result's picture video data, sends to above-mentioned mancarried telephone device 1 (step S7011).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show this control of expression result's picture (step S7012), end process.

Communicate by letter (step S7002, step S7003, step S7006 and step S7010) between above-mentioned portable phone gateway apparatus 3 and the above-mentioned home gateway device 6 communicated by common secret key encryption in Figure 15.Thus, the safe communication between above-mentioned portable phone gateway apparatus 3 and the above-mentioned home gateway device 6 becomes possibility.

In addition, in Figure 16, step S7001, step S7005 and step S7012 are the processing that the browser portion 12 of mancarried telephone device 1 carries out.Step S7002, step S7004, step S7006 and step S7011 are the processing that the picture display message generating unit 33 of portable phone gateway apparatus 3 is carried out.Step S7003, step S7007 and step S7010 are the processing that the machine handing control part 64 of home gateway device 6 is carried out.And step S7008 is the processing of control part 72 execution of indoor set 7 to step S7009.

Next in step S7001, the user describes as the situation of controlling object machine choice web camera (in picture 700, select web camera and select executive button 701).Usually, because web camera possesses web server function, so in step S7007,6 pairs of above-mentioned web cameras of home gateway device (indoor set 7) carry out access to netwoks.In step S7008, above-mentioned web camera generates the camera review in this moment as Still image data, and in step S7009, above-mentioned web camera sends to above-mentioned home gateway device 6 with this Still image data.In step S7010, above-mentioned home gateway device 6 sends to above-mentioned portable phone gateway apparatus 3 with this Still image data, in step S7011, above-mentioned portable phone gateway apparatus 3 generates and contains the picture video data of above-mentioned Still image data and send to above-mentioned mancarried telephone device 1.As a result, this Still image data is shown (step S7012) on the output device 106 of above-mentioned mancarried telephone device 1.

Next in step S7001, the user describes as the situation of controlling object machine choice HDD video tape recorder (in picture 700, select the HDD video tape recorder and select executive button 701).In step S7007, home gateway device 6 is obtained request with image and is sent to above-mentioned HDD video tape recorder (indoor set 7).In step S7008, above-mentioned HDD video tape recorder reproduces the accumulative image of being asked in above-mentioned mancarried telephone device 1, above-mentioned accumulative image is implemented suitable image compression format conversion etc., so that can read.In step S7009, the view data of above-mentioned HDD video tape recorder after with above-mentioned conversion sends to above-mentioned home gateway device 6.In step S7010, above-mentioned home gateway device 6 sends to above-mentioned portable phone gateway apparatus 3 with this view data, want that above-mentioned portable phone gateway apparatus 3 sends to above-mentioned mancarried telephone device 1 with above-mentioned view data among the step S7011, remain in the auxiliary storage portion 104 of above-mentioned mancarried telephone device 1.Mancarried telephone device 1 shows the selection picture of accumulative image on output device 106, if the user selects above-mentioned view data, then above-mentioned view data is reproduced.The image that is reproduced is shown (step S7012) on the output device 106 of above-mentioned mancarried telephone device 1 then.

Next, in second method, finish to describe from the details of mancarried telephone device 1 via the processing of portable phone gateway apparatus 3 when the visit of home gateway device 6.The processor block of this moment is illustrated in Figure 17.

As shown in figure 17, at first the user operates mancarried telephone device 1, and log-off message is sent to portable phone gateway apparatus 3 (step S8001).At this moment, on the efferent 106 of mancarried telephone device 1, show picture 700 shown in Figure 11 (guide look of control machine), the user selects executive button 701 from wherein selecting to nullify.

Then, above-mentioned portable phone gateway apparatus 3 will be used to finish send to access management server device 4 (step S8002) with the connection ending request that is connected of home gateway device 6.The device identifying information that in above-mentioned connection ending request, contains above-mentioned home gateway device 6.Then, access management server device 4 is according to said apparatus identifying information indexing unit information database 44 (step S8003), if find the log-on message of said apparatus identifying information, then above-mentioned connection ending request is sent to the home gateway device 6 (step S8004) that the said apparatus identifying information is represented.Access management server device 4 constitutes above-mentioned connection ending request once more so that contain the device identifying information of above-mentioned portable phone gateway apparatus 3 at this moment, and above-mentioned connection ending request is sent to above-mentioned home gateway device 6.

Then, receive that home gateway device 6 retrieve data of above-mentioned connection ending request transmit with port numbering (step S8005), route device 5 is sent router outside port locking request (step S8006).At this moment, data transmit the retrieval with port numbering, and authentication information database shown in Figure 180 65 is carried out.That is to say, be in this connection of Fig. 5 explanation begins to handle, and the open outside port numbering of setting in the retrieval route device 5 in the case of this example, obtains the content of the outside port numbering 203 of log-on message 208.Then, become the router outside port locking request to the said external port numbering is sent to above-mentioned route device 5.Then, route device 5 carries out outside port locking setting (step S8007).Thus, can block undelegated visit from outdoor location.

Then, home gateway device 6 carry out with above-mentioned portable phone gateway apparatus 3 be connected end process (step S8008).Specifically, the log-on message that deletion meets from authentication information database shown in Figure 180 65.In this example, owing to log-on message 208 meets, so just delete log-on message 208.Then, whether normally home gateway device 6 generates and contains the result's of end process the return information relevant for, and this return information is sent to access management server device 4 (step S8009).The device identifying information that in this return information, contains above-mentioned portable phone gateway apparatus 3.Then, access management server device 4 sends to the portable phone gateway apparatus 3 (step S8010) that the device identifying information that contained in this return information is represented with this return information.

Then, above-mentioned portable phone gateway apparatus 3 carry out with above-mentioned home gateway device 6 be connected end process (deletion of the information of maintenance), generate expression and connect the picture video data that finishes, above-mentioned picture video data is sent to above-mentioned mancarried telephone device 1 (step S8011).As a result, on the efferent 106 of above-mentioned mancarried telephone device 1, show the picture (step S8012) of expression johning knot bundle, end process.

Communicate by letter (step S8002, step S8004, step S8009 and step S8010) between above-mentioned portable phone gateway apparatus 3 and the above-mentioned home gateway device 6 encrypts with common key shared in Figure 15 and communicates by letter.Thus, but secure communication between above-mentioned portable phone gateway apparatus 3 and the above-mentioned home gateway device 6.

In addition, in Figure 17, step S8001 and step S8012 are the processing that the browser portion of mancarried telephone device 1 carries out.Step S8002 and step S8011 are the processing that the Access Management Access portion 32 of portable phone gateway apparatus 3 carries out.Step S8005 is the processing that the access control portion 62 of home gateway device 6 carries out to step S8006 and step S8008 to step S8009.Step S8003 is the processing of connection management portion 43 execution of access management server device 4 to step S8004, step S8010.And step S8007 is the processing of the port transformation component execution of route device 5.

More than, as explanation,,, can improve fail safe by carry out the connection management with portable phone and home gateway device via portable phone gateway apparatus and access management server device according to present embodiment.From mancarried telephone device control room inner machine the time, make the peer-to-peer communications of portable phone and home gateway device become possibility.And then, can be by home gateway device authentication from the visit of portable phone through authorizing.Therefore, even in network data, rest image, image and so on Large Volume Data communication, also can both guarantee high fail safe, and carry out to reduce the peer-to-peer communications of the load of access management server device.

And then, in the present embodiment, by the authentication information of home gateway device, with relatively carrying out from authentication information that mancarried telephone device sent through authorisation verification by being sent from the portable phone gateway apparatus.Therefore, even the kind of the change of all portable phone of user and outdoor location increases, the authentication information in the home gateway device upgrades and also there is no need.That is to say that as mentioned above, the portable phone gateway apparatus is because have in the data center of server network operator operation, so the Notification of Changes server network operator of mancarried telephone device just can need not be carried out the renewal of authentication information in server network operator side.Thereby, utilize the user of the terminal of home network, there is no need to upgrade the authentication information of for example logining in home gateway device.

And then, by carry out the connection management of indoor machine by home gateway device, when the user uses portable phone visit indoor machine, also can improve ease of use even be connected in the indoor machine increase of home network (indoor heating system).

And then, the situation of picture display message that can't generate corresponding to the type of the outdoor locations such as portable phone of visit at home gateway device also is, become possibility by making to communicate via exterior gateway devices such as portable phone gateway apparatus and home gateway device, the change that adapts to all outdoor locations of user flexibly or the good environment for use of new architecture can be provided from outdoor locations such as portable phones.

Industrial applicibility

The present invention can apply to from outdoor, uses such as outdoor locations such as portable phones control Be connected in the system of household electrical appliance and/or the residential equipment machine of home network. The inventive example as Can be used in the DVD/HDD video recorder in the outdoor control room, in wherein accumulating Hold and be downloaded to outdoor location etc., jumbo data communication services. And the present invention is in order to realize This services etc. prevent undelegated access and improve security, and then more kinds of for adapting to The outdoor location of class is suitable.

Claims (20)

1. one kind via network and outdoor location and the home gateway device that the exterior gateway device is connected, and it is characterized in that having:

Keep relating to the storage part of information of the device of regulation; With

The access control portion of the visit between control and the described outdoor location,

The information of the device that relates to described regulation that described access control portion will obtain from described storage part sends to described exterior gateway device,

Judge that at described exterior gateway device the information conforms that relates to described outdoor location that obtains from described outdoor location relates under the situation of information of device of described regulation, described access control portion does not carry out and described outdoor location control of communication via described exterior gateway device.

2. home gateway device according to claim 1 is characterized in that:

Also have picture display message generating unit,

Described image information generating unit relates in the information conforms that relates to described outdoor location under the situation of information of device of described regulation, the information that relates to described outdoor location that use obtains from described outdoor location generates the picture display message corresponding with described outdoor location.

3. home gateway device according to claim 2 is characterized in that:

Described picture display message generating unit relates in the information conforms that relates to described outdoor location under the situation of information of device of described regulation, the information that relates to described outdoor location that use sends from described outdoor location generates to show the data that corresponding descriptive language is described with the picture of described outdoor location.

4. home gateway device according to claim 3 is characterized in that:

Described descriptive language is an indicating language.

5. home gateway device according to claim 3 is characterized in that:

Described descriptive language is the descriptive language by the metalanguage definition.

6. home gateway device according to claim 2 is characterized in that:

Described picture display message generating unit relates in the information conforms that relates to described outdoor location under the situation of information of device of described regulation, the information that relates to described outdoor location that use obtains from described outdoor location generates the data of the description content of description of change language.

7. home gateway device according to claim 1 is characterized in that:

Described access control portion does not meet in the information that relates to described outdoor location under the situation of information of the device that relates to described regulation, via described exterior gateway device carry out with described outdoor location between communicate by letter.

8. home gateway device according to claim 2 is characterized in that:

The information that relates to the device of described regulation comprises the model information of outdoor location or the information of the browser that outdoor location has.

9. home gateway device according to claim 2 is characterized in that:

Also have the machine handing control part that is used to control via the indoor machine of described home gateway device and home-network linkups,

The described indoor machine of Control on Communication between described machine handing control part basis and the described outdoor location.

10. one kind via network and outdoor location, exterior gateway device and the home gateway device that the connection management device is connected, and it is characterized in that having:

Keep relating to the storage part of information of the device of regulation; With

The access control portion of the visit between control and the described outdoor location,

Described access control portion

In described exterior gateway device,, receive from described exterior gateway device via described connection management device and to connect indication information under the situation from first authentication success of the visit of described outdoor location,

Under the situation that receives described connection indication information, generate first authentication information,

Described first authentication information is sent to described outdoor location,

Relate under the situation of information of device of described regulation carrying out described first when authentication send to described exterior gateway device from described outdoor location the information conforms that relates to described outdoor location, use second authentication information that sends from described outdoor location to carry out second authentication.

11. home gateway device according to claim 10 is characterized in that:

Also have picture display message generating unit,

Described second authentication information sends with the information that relates to described outdoor location,

Described image information generating unit is used the information that relates to described outdoor location under the situation of described second authentication success, generate the picture display message corresponding with described outdoor location,

Described access control portion sends to described outdoor location with described picture display message.

12. home gateway device according to claim 11 is characterized in that:

The information that relates to the device of described regulation comprises the model information of outdoor location or the information of the browser that outdoor location has.

13. home gateway device according to claim 11 is characterized in that:

Also have under the situation of described second authentication success, according to the machine handing control part of the signal controlling that sends from described outdoor location via the indoor machine of described home gateway device and home-network linkups.

14. home gateway device according to claim 11 is characterized in that:

The token that described first authentication information that described access control portion generates generates when comprising the described connection indication information of each reception at random.

15. home gateway device according to claim 11 is characterized in that:

Send to described first authentication information of described outdoor location, the URL information of the described home gateway device that generates with described access control portion is sent to described outdoor location,

Described second authentication information generates under the selecteed situation of the link information of the URL of the described home gateway device of the display frame that is shown in described outdoor location.

16. home gateway device according to claim 11 is characterized in that:

Described outdoor location is a portable phone,

Described second authentication information comprises the identifying information of described portable phone,

Described identifying information relates to the information of the manufacturing numbering of described portable phone.

17. one kind via network and outdoor location and the home gateway device that the exterior gateway device is connected, and it is characterized in that having:

Keep relating to the storage part of information of the device of regulation; With

The access control portion of the visit between control and the described outdoor location,

The information of the device that relates to described regulation that described access control portion will obtain from described storage part sends to described exterior gateway device,

Judge that at described exterior gateway device the information conforms that relates to described outdoor location that obtains from described outdoor location relates under the situation of information of device of described regulation, described access control portion carry out and described outdoor location between the control of peer-to-peer communications.

18. home gateway device according to claim 17 is characterized in that:

Also have descriptive language information generating unit,

Described descriptive language information generating unit relates in the information conforms that relates to described outdoor location under the situation of information of device of described regulation, the information that relates to described outdoor location that use obtains from described outdoor location generates the corresponding descriptive language information of picture demonstration with described outdoor location.

19. home gateway device according to claim 18 is characterized in that:

Described outdoor location is a portable terminal device,

Described descriptive language information generating unit relates in the information conforms that relates to described outdoor location under the situation of information of device of described regulation, according to the information that relates to described outdoor location that obtains from described outdoor location, change also generates the description that relates to the label of CSD in the descriptive language information.

20. home gateway device according to claim 18 is characterized in that:

Described outdoor location is a portable terminal device,

Described descriptive language information generating unit relates in the information conforms that relates to described outdoor location under the situation of information of device of described regulation, according to the information that relates to described outdoor location that obtains from described outdoor location, change also generates the description that relates to the label of the display position of display object in the descriptive language information.

Images