JP2009100062A - Communication method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a new communication technology using a user terminal, a router, and a server. <P>SOLUTION: The router connected to a user terminal by radio includes an electronic certificate as setting information necessary for VPN connection establishment and server connection information necessary for authenticating the user terminal to be connected by way of the VPN in advance. Then, by dispensing an IP address of the user terminal from the router to the user terminal after the authentication and notifying the server of the fact, server connection via the VPN is achieved, the user terminal being predetermined. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to a new communication technology using a user terminal, a router, and a server.

Conventionally, since there is no way of knowing who has accessed the Internet in an open environment other than acquiring and setting a fixed IP address, user authentication has only been performed by inputting a personal identification number (password).
However, this method cannot prevent so-called “spoofing”, and there is a problem that the communication contents between the terminal and the server are eavesdropped. For this reason, some of the “spoofing prevention methods” that use client electronic certificates in combination with encryption using methods such as SSL (Secure Sockets Layer) are used in PCs, but still in mobile communication terminals with limited resources Not common. In addition to the SSL connection, there is a VPN (Virtual Private Network) connection method. For example, in order to establish an IPsec connection, a dedicated router or software is required, or both ends need to be restricted with fixed IP addresses. It was not easy to use, such as being unable to establish a reliable connection depending on the connection destination environment.

  Regarding such a security technique, there is Patent Document 1 as a prior art for performing VPN connection using a mobile phone. Patent Document 2 discloses a prior art that performs wireless communication with a wireless terminal safely and reliably with a simple procedure and without impairing security performance.

  Conventionally, in connection with a WLAN (wireless LAN), it is necessary to individually set connection information between the router side and a connected device. When connecting a device without information setting to a WLAN router that has not been set, it is necessary to input a user ID, a password, an authentication symbol, and the like. For this reason, impersonation cannot be prevented and setting work is required.

JP 2006-245830 A JP 2006-332788 A

In order to overcome the following problems (1) to (7), which have been problems in the above-described conventional technology, and to realize terminal authentication, VPN connection, and WLAN device setting, intensive studies and research were conducted. The invention has been completed.
(1) “Possibility of impersonation” in personal / terminal authentication (user ID, password, etc.)
(2) “Necessity of dedicated software, individual environment settings, fixed IP address, etc.” for highly secure VPN connection
(3) NAT traversal In other words, when accessing a service on the Internet from a network using a private IP address, so-called “NAT traversal” communication is often a problem. A workaround such as STUN used in VoIP and UPnP between a router and a terminal needs to be implemented in an application, terminal, or terminal software, and is not currently implemented in all user terminals. In addition, it is not only difficult for the user to understand the settings, but it is also difficult to implement a complicated communication as much as possible because it is difficult to implement due to many restrictions on mobile communication terminals, home appliances, etc. and leads to an increase in cost. Furthermore, unlike PCs, it is difficult to upgrade hardware and software once they are shipped. If they are used as part of a complex system in which devices and devices work together, even if they can be implemented at that time, As the network and service side evolve, it may constrain the future evolution of the entire service and limit the types of terminals that can receive the service.
(4) “Necessity of individual settings for each device” in WLAN connection
(5) Provision of mobile phone-like services In other words, there is a potential need for content providers that it is easy, safe, and billable for content distribution and other services via the Internet in the form of mobile phone services. For example, content has been provided via a broadband ISP. However, in this case, there is a problem that the service can be used only in a fixed environment such as a home connected to the broadband.
(6) WLAN spot (free spot)
That is, in order to use an existing so-called WLAN spot, authentication with an ID / password by a browser is often required. However, if you just want to check emails, you can't start immediately, so it's very inconvenient, the user terminal must be equipped with a browser, and its screen display and input operations However, if you can only check emails, you will have to install unnecessary and rarely used functions, which will increase development and manufacturing costs. Even a user terminal equipped with a browser and capable of input is difficult to use because it is very difficult to input characters with a small device. Instead, a WLAN spot authentication mechanism is required.
(7) Identification of terminal In other words, from the viewpoint of content copyright protection, it is a response to a request to specify and limit terminals that can be browsed for distribution via the Internet. For example, there is a need to restrict browsing to only products purchased in Japan, for example, only browsing on a portable small terminal and not browsing on a PC, for example.

In order to achieve the above object, a first invention is a communication method using a user terminal, a router, and a server, wherein a router connected wirelessly to the user terminal has setting information necessary for establishing a VPN connection. And server connection information necessary for authenticating the user terminal to be connected via the VPN in advance, the IP address of the user terminal is issued from the router to the user terminal after the authentication, and the server is also notified. The server connection through the VPN and the identification of the user terminal are made possible.
Here, the “user terminal” includes all terminals capable of communication such as “mobile phone”, “information communication terminal”, and “home appliance”.
“Router” includes “connector with router function”.
Examples of “setting information necessary for establishing a VPN connection” include “electronic certificate”.
A second invention is a communication method using a user terminal, a router, and a server, which distributes setting information of the connected device from the server to the router through the wireless communication network and writes the setting information to the router. In addition, by distributing and setting the setting information, it is possible to secure connection without requiring individual setting of the connected device.
Here, specific examples of the “wireless communication network” include “mobile phone network or PHS network”, “WiMAX network”, and the like.
Specific examples of the “connected device” include “home appliance, TV, mobile communication terminal, media terminal” and the like.
A third invention is a combination of the first communication method and the second communication method, and more specifically, a communication method using a user terminal, a router, and a server, wherein the user terminal is wirelessly connected. The router to be connected is provided with setting information necessary for establishing a VPN connection and server connection information necessary for authenticating the user terminal to be connected via the VPN in advance, and the IP address of the user terminal is provided after the authentication. By letting out the router to the user terminal and notifying the server, it is possible to connect the server via VPN and specify the user terminal, and then, from the server to the router via the user terminal communication network Distributes the setting information and writes the setting information to the router, and also distributes the setting information from the router to the connected device. By performing, it is characterized in that to allow secure connection of the individual setting of the connected equipment as required.

The above-described invention of the present application has the following effects.
(1) Special VPN software and authentication are provided on the user terminal side by providing the router with setting information necessary for establishing a VPN connection and server connection information necessary for authenticating the user terminal to be connected via the VPN. A VPN connection can be established simply by making a normal WLAN connection to the router without setting. In addition, after authentication, the IP address of the user terminal is issued from the router to the user terminal and notified to the server, so that the server can identify the IP address of the connected user terminal, and as a result, a user ID, password, etc. are required. Since it does not, “spoofing” can be prevented.
(2) Ordinarily, in order to reach directly to terminals and networks under NAT (Network Address Translator: technology that mutually converts private IP addresses that can only be used within a LAN and global IP addresses on the Internet in a one-to-one relationship). Requires a technology called “NAT traversal”, but server connection without using NAT via VPN is possible, and “NAT traversal” can be avoided.
(3) Distribute the setting information of the connected device from the server to the router through the communication network of the user terminal, write the setting information to the router, and also distribute and set the setting information from the router to the connected device. All the device settings can be automatically performed by operating the server (service provider side) without setting.
(4) Furthermore, by combining the invention of the present application, for example, setting information is distributed via a mobile communication network, each device setting is performed, and a service (individual authentication, billing, etc.) is provided for each connected device. ) Can be performed.
(5) Since content providers and service users can be directly and securely connected via the Internet, and network services can be constructed that take into account content distribution and billing from the beginning, content distribution via the Internet, etc. The service can meet the potential needs of content providers who want to make billing simple, secure and charged like a mobile phone service. In addition, as a network service provider function, the function of providing its own communication line network and the function of providing a network for content distribution and an environment such as authentication / billing are separated from each other. This enables the creation of a business model that goes beyond the framework of content distribution functions, enabling flexible service provision to both content providers and users.
(6) A WLAN spot that does not require authentication with an ID / password by a browser can be constructed. As a result, when it is only necessary to check the mail, it can be started immediately. Since the user terminal does not necessarily have a browser and a screen display / input operation function is not required, the mobile terminal can be used even at an inexpensive portable communication terminal with reduced development cost and manufacturing cost.

Embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a conceptual diagram showing a first embodiment of the present invention.
The first embodiment is a communication method using a user terminal, a router, and a server. A router connected wirelessly to a user terminal is preliminarily equipped with an electronic certificate as setting information necessary for establishing a VPN connection and server connection information necessary for authenticating the user terminal to be connected via the VPN. Then, after authenticating the IP address of the user terminal from the router to the user terminal and notifying the server, it is possible to connect the server via VPN and specify the user terminal. As a result, since the IP address of the user terminal can be specified, for example, it is possible to distribute paid video only to subscribers by TCP / IP level control. That is, an authentication system using an ID or password is not necessary. Also, for the distribution of large-capacity data such as paid movies, the wireless connection (WLAN connection) from the user terminal to the router may be a protocol that can be used by the user terminal, and CPU and memory resources are not used for VPN connection. As a result, it becomes possible to perform paid video playback via VPN even on a weak user terminal (for example, a mobile phone or PHS). The router and the server can be connected directly to the Internet or can be connected to an existing intranet.

FIG. 2 is an explanatory diagram illustrating an example of use of the first embodiment.
The first embodiment is a communication method using a user terminal, a router, and a server as shown in FIG. 1, but if this communication method is used, individual / automatic authentication such as a mobile phone via broadband is possible. Service becomes possible. That is, the user terminal receiving the service does not need to input an ID or password each time. The user terminal side is a terminal device used by the user, such as a mobile phone, a personal computer, and a television, and is not particularly limited. And the service provider on the server side knows the terminal ID, user ID, service usage status (subscription service, usage time, etc.), payment information, etc., while content, information, security, payment, email, etc. via broadband Service can be provided to users.

FIG. 3 is a conceptual diagram showing a second embodiment of the present invention.
The second embodiment is a communication method using a user terminal, a router, and a server as in the first embodiment. A service provider on the server side receives a setting request and a setting completion notification from a customer router through a wireless communication network (such as a mobile phone network, a PHS network, and a WiMAX network). On the other hand, the service provider can send setting information and various commands to the customer's router via the wireless communication network. On the terminal side, if the setting information is received by the wireless communication network and the authentication information matches, the network configuration information and the electronic certificate can be stored in the device, and an instruction to restart or the like can be given. Note that PPPoE settings, DNS settings, and Firewall settings for Internet connection to the router can also be configured remotely.

FIG. 4 is an explanatory diagram for explaining a usage example (1) of the second embodiment.
In the usage example (part 1), a TV purchased by a user is used as a home gateway. First, it is assumed that this TV can be connected to the Internet, but has not been set for distribution with a service provider, and has not been set for connection with various terminals as a home gateway.
The following services are provided.
(1) The process proceeds to the next (2) automatically at the moment the TV is turned on or by the user's button operation.
(2) The service provider (provider) side distributes setting information from the server (setting information transmission server) via the mobile phone network, the PHS network, etc., and the user side performs the device setting without any action by the user himself / herself. As a result, the service provider's service can be used on the TV.
(3) In addition, various services (personal computers, portable communication terminals) are provided by a service provider from a service provider via a TV or the like (for example, WiMAX, Bluetooth, PLC, LAN, CATV, etc .: various wireless and wired communication networks). Etc.).
(4) If the TV is cable-connected to the Internet, it is possible to receive services via broadband by combining with the technology of the first embodiment.

FIG. 5 is an explanatory diagram for explaining a usage example (No. 2) of the second embodiment.
In the usage example (part 2), a refrigerator purchased by a user is used as a terminal.
The following services are provided.
(1) The process proceeds to the next (2) automatically at the moment when the refrigerator is turned on or by the user's button operation.
(2) The service provider (provider) side distributes setting information from the server (setting information transmission server) via the mobile phone network, the PHS network, etc., and the user side performs the device setting without any action by the user himself / herself. As a result, the service provider's service can be used in the refrigerator. Here, examples of services for the refrigerator as a terminal include the following.
・ Recipe distribution ・ Shopping information distribution, automatic purchase → delivery (when it is expected to be lost)
-Exchange of inventory information in refrigerators in combination with IC tags, automatic purchases / voice calls, emails, online orders via refrigerators, distribution of other information-Refrigerator manufacturers sell packages as service providers. Can be performed with a small display of a refrigerator or a small device / TV automatically connected to the refrigerator.

Here, the following operations and effects are achieved by using a refrigerator, which is a white goods home appliance, as a terminal.
(A) Using a refrigerator like any household, users can browse convenient information automatically set by the refrigerator that they use every day without having any IT technology (PCs and TVs are not always available every day) Not used).
(B) If only simple information such as a recipe is used, the packet charge can be reduced even with only a mobile line, so the service can be used without broadband connection.
(C) The following service business by home appliance manufacturers will be possible.
・ Sold refrigerators with service at a discount price.
・ Services are billed to users by monthly charges and mobile line charges, and home appliance manufacturers use the difference between the service charges and mobile line costs as the source of revenue.

FIG. 6 is an explanatory diagram for explaining a usage example (part 1) in which the first and second embodiments are combined.
By combining the first and second embodiments, the following becomes possible.
(1) Automatic setting of each device positioned as a terminal (connection, authentication, etc.)
(2) Individual authentication, distribution management, and billing for each connected device are performed individually for a mobile phone. (3) The connection path from the router is not limited to wired / PLC, WLAN, mobile (including WiMAX, PHS). Any one or a combination of two or more may be used.
Note that the router may be externally attached as a dedicated router, or may be incorporated in a central device (home appliance, TV, etc.).

FIG. 7 is an explanatory diagram illustrating a usage example (part 2) in which the first and second embodiments are combined.
In the usage example of FIG. 7, the line used for each service is changed by combining the first and second embodiments.
That is, it is assumed that the terminal device purchased by the user is a mobile phone and a multifunction device such as WiMAX, and can be connected to the mobile device, but is not set via broadband such as WLAN. In this case, the service provider (operator) distributes the setting information, and the device setting without user action, specifically, the usage setting in WLAN or the like is made in addition to the mobile line usage setting. As a result, in the service from the service provider side, the following two types of lines can be used.
(1) Via mobile line ・ Merit: Receivable anytime and anywhere ・ Demerit: Slightly expensive ・ Usage example: Small amount of content (3GPP video etc.)
(2) Broadband ・ Merit: Inexpensive, high-speed processing ・ Demerit: Restricted places where it can be connected ・ Examples of use: Large-capacity content, high-definition video Even when providing such a detailed service, the service provider side is mobile Users can be specified with both line and broadband connections. It is also possible to set a use line for each service. Therefore, efficient operation is possible for the service provider side. A specific example of the service shown in FIG. 7 is shown in FIG.

In addition to the services described above, the present invention can also be used for the following services. However, it is not limited to what is listed below.
(1) Business using communication with machines that do not have an input interface (services using communication with industrial machines, automobiles, etc.)
(2) A connection service that ensures a high level of security and improves user convenience through the Internet

The conceptual diagram which shows 1st Embodiment of this invention. Explanatory drawing explaining the usage example of 1st Embodiment. The conceptual diagram which shows 2nd Embodiment of this invention. Explanatory drawing explaining the usage example (the 1) of 2nd Embodiment. Explanatory drawing explaining the usage example (the 2) of 2nd Embodiment. Explanatory drawing explaining the usage example (the 1) which combined 1st and 2nd embodiment. Explanatory drawing explaining the usage example (the 2) which combined 1st and 2nd embodiment. Explanatory text explaining a specific example of the usage example (part 2) shown in FIG.

Claims (3)

A communication method using a user terminal, a router, and a server,
The router connected wirelessly to the user terminal is provided with the setting information necessary for establishing the VPN connection and the server connection information necessary for authenticating the user terminal to be connected via the VPN in advance. A communication method characterized in that, after the authentication, the address is issued from the router to the user terminal and is also notified to the server, thereby enabling the server connection via VPN and the identification of the user terminal. A communication method using a user terminal, a router, and a server,
Distributes the setting information of the connected device from the server to the router through the wireless communication network, writes the setting information to the router, and also distributes and sets the setting information from the router to the connected device, eliminating the need for individual settings of the connected device A communication method characterized in that it can be secured.   A communication method comprising the communication method according to claim 1 combined with the communication method according to claim 2.

Images