JP2016167875A - Communication system, management server, gateway, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technique that is able to appropriately establish tunnel communication between a gateway and a cloud server even from a state in which the gateway is in a power saving mode, and to further reduce the power consumption of the gateway.SOLUTION: When a communication session is not established between a management server 50 and a gateway 30b (corresponding to a device 10b) when the management server accepts an access request intended for the device 10b from a cloud server 70, the management server transmits a tunnel connection request to a proxy gateway 30a via a communication session with the proxy gateway 30a (step S34). The proxy gateway 30a transfers the tunnel connection request to the gateway 30b and causes the gateway 30b to return from a power saving mode (S39). Then, the gateway 30b establishes tunnel communication between the gateway 30b and the cloud server 70 on the basis of the tunnel connection request (S56).SELECTED DRAWING: Figure 10

Description

  The present invention relates to a communication system that performs communication between a cloud server outside a LAN and a device inside the LAN, and a technology related thereto.

  There is a technology for coordinating a server (cloud server) on a cloud and a device (image forming apparatus or the like) in a LAN.

  For example, there is a technique for printing out an electronic document stored in a server on the cloud (cloud server) using an image forming apparatus on the local side (inside the LAN) (see Patent Document 1).

  Patent Document 1 discloses a document output system (communication system) including an image forming apparatus (device), a gateway, and a cloud server. In this system, an electronic document stored in a cloud server is transmitted to an image forming apparatus via a gateway or the like, and the electronic document is printed out by the image forming apparatus 10. The gateway and the image forming apparatus (device) are provided inside the LAN, and the cloud server is provided outside the LAN.

JP 2013-73578 A

  By the way, in the system as described above, a firewall is usually provided between an image forming apparatus (device) inside the LAN and a cloud server outside the LAN.

  Access from the image forming apparatus inside the LAN to the cloud server outside the LAN passes through the firewall, and the access is permitted.

  However, reverse access, that is, direct access from a cloud server outside the LAN to the image forming apparatus inside the LAN is blocked by the firewall. That is, the image forming apparatus cannot be directly accessed from the cloud server.

  On the other hand, a message session (communication session) is established between the management server outside the LAN and the gateway inside the LAN (as an exception to the firewall), and from the cloud server outside the LAN, the management server and the A technique for accessing an image forming apparatus in the LAN via a gateway is conceivable.

  FIG. 30 is a diagram showing such a technique. Each gateway 30 (30a, 30b) establishes a message session (511, 521) with the management server 50 designated in advance when the gateway 30 (30a, 30b) is activated (see the bold line in FIG. 30). Thereafter, when an access request from the cloud server 70 to the specific device 10 occurs, the gateway 30b from the management server 50 uses the message session between the management server 50 and a gateway 30 (for example, 30b). A tunnel connection request is sent to. The gateway 30b establishes tunnel communication with the cloud server 70 based on the tunnel connection request. Then, the device (image forming apparatus) 10 is accessed from the cloud server 70 (via the gateway 30) using the tunnel communication. Such a technique will be described in detail later.

  However, in such a technique, in order for the gateway 30 to accept a tunnel connection request from the management server 50 at any time, it is necessary to maintain a message session between the management server 50 and the gateway 30. For example, in order to maintain a message session using “XMPP: eXtensible Messaging and Presence Protocol”), it is necessary to continue transmitting “KeepAlive” packets. Therefore, the power supply to the processing unit that transmits the “KeepAlive” packet cannot be interrupted, and the operation mode of the gateway 30 is set to a specific power saving mode (deep sleep that stops the power supply to the processing unit for transmitting the “KeepAlive” packet. Mode). In particular, even when there are a plurality of gateways 30, it is difficult for any gateway to transition to the specific power saving mode.

  As described above, in order for each of the plurality of gateways 30 to normally receive the tunnel connection request from the cloud server 70 via the individual message session with the management server 50, each of the plurality of gateways 30 must save power. There is a problem that the mode cannot be changed and reduction of power consumption of the gateway 30 is impeded.

  Therefore, the present invention can appropriately establish tunnel communication between the gateway and the cloud server even when the gateway in the communication system has the power saving mode, and the power consumption of the gateway. It is an object of the present invention to provide a technique capable of further reducing the above.

  In order to solve the above problem, the invention of claim 1 is a communication system, comprising a plurality of devices provided in a predetermined LAN, and provided in the predetermined LAN, wherein the plurality of devices and the predetermined LAN are provided. A plurality of gateways that relay communication with a cloud server provided outside the LAN, and an access request for a specific device of the plurality of devices that is provided outside the predetermined LAN is received from the cloud server. A management server, wherein the plurality of gateways are capable of transitioning to a power saving mode in a state in which no communication session is established with the management server, and the specific device is under control of the specific device A tunnel connection request indicating that a tunnel connection should be established between the gateway and the cloud server. A proxy gateway that receives on behalf of the specific gateway via a communication session established between the management server and the management server when the access request is received from the cloud server. When a communication session is not established between the gateway and the management server, the tunnel connection request is transmitted to the proxy gateway via the communication session between the proxy gateway and the management server. When the proxy gateway receives the tunnel connection request from the management server, the proxy gateway transfers the tunnel connection request to the specific gateway and returns the specific gateway from the power saving mode, and the specific gateway Before returning from power saving mode Wherein said specific gateway based on the tunnel connection request received from the proxy gateway establishes a tunnel communication with the cloud server, characterized in that relays communication between the cloud server and the specific device.

  According to a second aspect of the present invention, in the communication system according to the first aspect of the invention, the specific gateway receives the tunnel connection request on behalf of the specific gateway and forwards the tunnel connection request to the specific gateway. After the proxy advance request to the effect is transmitted to the proxy gateway, the proxy gateway transits to the power saving mode, and the proxy gateway transfers proxy information based on the proxy prior request to the management server. .

  According to a third aspect of the present invention, in the communication system according to the second aspect of the present invention, when the proxy gateway receives the proxy pre-request from the specific gateway, it separates from an existing communication session with the management server. A new communication session is generated with the management server, and the tunnel connection request for the specific gateway is waited for.

  According to a fourth aspect of the present invention, in the communication system according to the first aspect of the invention, the specific gateway collects information on devices existing under the specific gateway after returning from the power saving mode. A new communication session between the specific gateway and the management server on the condition that the specific device is determined to be operating normally based on the information collected by the collection means and the information collection means And a new tunnel connection request is received from the management server via the new communication session, and the tunnel communication is established with the cloud server in response to the new tunnel connection request. Communication control means for relaying communication between the server and the specific device.

  According to a fifth aspect of the present invention, in the communication system according to the first aspect, the specific gateway establishes the tunnel communication in response to the tunnel connection request transferred from the proxy gateway, and the cloud communication Communication control means for relaying communication between the server and the specific device is provided.

  According to a sixth aspect of the present invention, in the communication system according to the first aspect of the present invention, the specific gateway is between an information collection unit that collects information on devices existing under the specific gateway and the cloud server. Communication control means for establishing a tunnel communication in the network and relaying communication between the cloud server and the specific device, the communication control means based on the information collected by the information collecting means A new communication session is established between the specific gateway and the management server on the condition that the device is determined to be operating normally, and a new communication session is established from the management server via the new communication session. Receiving the tunnel connection request, establishing the tunnel communication in response to the new tunnel connection request, and The normal connection mode for relaying communication with the specific device, and the tunnel communication is established in response to the tunnel connection request transferred from the proxy gateway, and the communication between the cloud server and the specific device And the simple connection mode for relaying the connection as a connection mode, and the communication control means is configured to connect the tunnel according to a mode set by a user out of both the regular connection mode and the simple connection mode. It is characterized by performing an operation for a request.

  According to a seventh aspect of the present invention, in the communication system according to the first aspect of the present invention, the specific device exists under both the specific gateway and the proxy gateway, and the proxy gateway requests the tunnel connection request. Is received from the management server, and the current tunnel connection number provided between the cloud server and the proxy gateway has already reached a predetermined upper limit value, the tunnel connection request is sent to the specific connection request. The gateway is transferred to the gateway to establish the tunnel communication between the specific gateway and the cloud server. When the current number of tunnel connections has not yet reached the predetermined upper limit, the proxy gateway and the cloud A tunnel communication with the server to establish the cloud server and the specific device. Characterized in that relays communication between.

  According to an eighth aspect of the present invention, in the communication system according to the first aspect of the invention, the specific device exists under both of the specific gateway and the proxy gateway, and the proxy gateway requests the tunnel connection request. And when the security level of the proxy gateway is lower than the security level of the specific gateway, the tunnel connection request is transferred to the specific gateway and the specific gateway, the cloud server, And when the security level of the proxy gateway is higher than the security level of the specific gateway, the tunnel communication is established between the proxy gateway and the cloud server, and the cloud server and the cloud server Characterized in that relays communication between the constant of the device.

  According to a ninth aspect of the present invention, in the communication system according to the first aspect of the present invention, the proxy gateway communicates with another gateway in the predetermined LAN, whereby a proxy related to a proxy relationship between the plurality of gateways is provided. Information collecting means for acquiring management information including information, and communication means for transmitting the management information to the management server, wherein the management server accepts the access request for the specific device from the cloud server. In the case where a communication session between the management server and the specific gateway is not established, it is determined that the specific gateway has the power saving mode, and the specific gateway corresponds to the specific gateway. A proxy gateway is determined based on the management information, and the specific gateway is determined. The tunnel connection request with a transfer request to and transmits to the proxy gateway.

  A tenth aspect of the present invention is the communication system according to the ninth aspect of the present invention, wherein the proxy gateway does not generate a new communication session between the proxy gateway and the management server, and the proxy gateway and the management An existing communication session with a server is used to wait for the tunnel connection request for the specific gateway.

  According to an eleventh aspect of the present invention, in the communication system according to the ninth aspect of the invention, the specific gateway is connected to the specific gateway on the condition that the specific device is determined to be operating normally. A new communication session is established with the server, a new tunnel connection request is received from the management server via the new communication session, and the tunnel communication is established in response to the new tunnel connection request. The normal connection mode for relaying communication between the cloud server and the specific device, the tunnel communication is established in response to the reception of the tunnel connection request, and the communication between the cloud server and the specific device is relayed Both the simple connection mode and the simple connection mode are provided as the connection mode, and the management server provides the user with the connection mode. The tunnel connection request is transmitted to the proxy gateway by giving information indicating that the operation for the tunnel connection request should be executed by the specific gateway according to a predetermined mode set in advance. .

  According to a twelfth aspect of the present invention, in the communication system according to the ninth aspect of the invention, the specific device exists under both the specific gateway and the proxy gateway, and the management server includes the specific gateway. Is determined based on the management information, the current number of tunnel connections provided between the cloud server and the proxy gateway is received from the proxy gateway, and the current number of tunnel connections is predetermined. The tunnel connection request is transmitted to the surrogate gateway with the fact that the tunnel connection request should be transferred to the specific gateway, and the specific gateway and The tunnel communication is established with the cloud server, and the current tunnel connection is established. If the number has not yet reached the predetermined upper limit, the tunnel connection request is transmitted to the proxy gateway to establish tunnel communication between the proxy gateway and the cloud server, and the cloud The communication between the server and the specific device is relayed to the proxy gateway.

  According to a thirteenth aspect of the present invention, in the communication system according to the ninth aspect of the invention, the specific device exists under both the specific gateway and the proxy gateway, and the management server includes the specific gateway. The proxy gateway corresponding to the proxy gateway is determined based on the management information, the security level of the proxy gateway and the security level of the specific gateway are acquired, and the security level of the proxy gateway is higher than the security level of the specific gateway If low, send the tunnel connection request to the surrogate gateway with the fact that the tunnel connection request should be forwarded to the specific gateway, and between the specific gateway and the cloud server, Establish tunnel communication and before If the security level of the proxy gateway is higher than the security level of the specific gateway, the tunnel connection request is transmitted to the proxy gateway to establish tunnel communication between the proxy gateway and the cloud server, The communication between the cloud server and the specific device is relayed to the proxy gateway.

  According to a fourteenth aspect of the present invention, in the communication system according to any one of the first to thirteenth aspects, the specific gateway is constructed in an image forming apparatus.

  According to the fifteenth aspect of the present invention, communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is performed by a plurality of communication units provided inside the predetermined LAN. A management server that manages communication between the cloud server and the specific device in a communication system that is executed via any one of the gateways, and receives an access request for the specific device from the cloud server And a communication control means for transmitting a tunnel connection request indicating that tunnel communication should be established between the cloud server and the cloud server in response to the access request, wherein the communication control means accepts the access request. A communication session between the management server and a specific gateway corresponding to the specific device. Is not established, the tunnel connection request is transmitted to the proxy gateway via a communication session between a proxy gateway that is a gateway different from the specific gateway and the management server, and A tunnel connection request is forwarded to the specific gateway.

  According to a sixteenth aspect of the present invention, in the management server according to the fifteenth aspect of the present invention, management information including proxy information related to a proxy relationship among the plurality of gateways by communicating with other gateways in the predetermined LAN. Storage means for storing, the communication control means, when the access request for the specific device is received from the cloud server, a communication session between the management server and the specific gateway When not established, it is determined that the specific gateway has the power saving mode, the proxy gateway corresponding to the specific gateway is determined based on the management information, and a transfer request to the specific gateway is determined. The tunnel connection request with And transmitting Te.

  According to a seventeenth aspect of the present invention, in the management server according to the fifteenth aspect of the present invention, the specific gateway is connected to the specific gateway on the condition that the specific device is determined to be operating normally. A new communication session is established with the server, a new tunnel connection request is received from the management server via the new communication session, and the tunnel communication is established in response to the new tunnel connection request. The normal connection mode for relaying communication between the cloud server and the specific device, the tunnel communication is established in response to the reception of the tunnel connection request, and the communication between the cloud server and the specific device is relayed The simple connection mode has both modes as connection modes, and the communication control means The tunnel connection request is transmitted to the proxy gateway, together with the fact that the operation for the tunnel connection request should be executed in accordance with a predetermined mode set in advance and that the operation should be transferred to the specific gateway. And

  According to an eighteenth aspect of the present invention, in the management server according to the fifteenth aspect of the present invention, the specific device exists under both the specific gateway and the proxy gateway, and the communication control means The proxy gateway corresponding to the gateway is determined based on the management information, and the current number of tunnel connections provided between the cloud server and the proxy gateway is received from the proxy gateway, and the current number of tunnel connections is If the predetermined upper limit value has already been reached, the tunnel connection request is transmitted to the proxy gateway with the fact that the tunnel connection request should be transferred to the specific gateway, and the specific gateway is transmitted. And the cloud server to establish the tunnel communication, the current tunnel If the number of connections has not yet reached the predetermined upper limit, the tunnel connection request is transmitted to the proxy gateway to establish tunnel communication between the proxy gateway and the cloud server, and Communication between the cloud server and the specific device is relayed to the proxy gateway.

  According to a nineteenth aspect of the present invention, in the management server according to the fifteenth aspect of the invention, the specific device exists under both the specific gateway and the proxy gateway, and the communication control means The proxy gateway corresponding to the gateway is determined based on the management information, the security level of the proxy gateway and the security level of the specific gateway are acquired, and the security level of the proxy gateway is the security level of the specific gateway If lower, send the tunnel connection request to the surrogate gateway with the fact that the tunnel connection request should be forwarded to the specific gateway, and between the specific gateway and the cloud server Establishing the tunnel communication, If the security level of the proxy gateway is higher than the security level of the specific gateway, the tunnel connection request is transmitted to the proxy gateway to establish tunnel communication between the proxy gateway and the cloud server. The communication between the cloud server and the specific device is relayed to the proxy gateway.

  According to a twentieth aspect of the present invention, communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is performed by a plurality of communication units provided inside the predetermined LAN. In a communication system executed through any one of the gateways, a computer incorporated in a management server that manages communication between the cloud server and the specific device, a) from the cloud server to the specific device And b) a step of transmitting a tunnel connection request indicating that tunnel communication should be established with the cloud server in response to the access request. In the step b), when the access request is accepted, the specific gateway and the management server When a communication session is not established between the proxy gateway and the management server, the tunnel connection request is transmitted to the proxy gateway via a communication session between the proxy gateway that is different from the specific gateway and the management server. And forwarding the tunnel connection request to the specific gateway.

  The invention according to claim 21 is the management provided outside the predetermined LAN for communication between a cloud server provided outside the predetermined LAN and a specific device provided inside the predetermined LAN. A gateway that performs a partial operation of the specific gateway in a communication system that executes using a server and a specific gateway provided in the predetermined LAN, wherein the specific gateway is in the power saving mode. Receiving means for receiving a tunnel connection request for the specific gateway, which is transmitted from the management server in response to an access request for the specific device from the cloud server, and the gateway and the The tunnel connection request is transmitted from the management server via a communication session with the management server. Then, the tunnel connection request is transferred to the specific gateway, the specific gateway is returned from the power saving mode, and tunnel communication is established between the specific gateway and the cloud server. Communication control means for relaying communication between the cloud server and the specific device to the gateway.

  According to a twenty-second aspect of the present invention, in the gateway according to the twenty-first aspect, the communication control means receives the tunnel connection request on behalf of the specific gateway and forwards the tunnel connection request to the specific gateway. When a proxy advance request to the effect is received from the specific gateway, proxy information based on the previous proxy advance request is transferred to the management server.

  According to a twenty-third aspect of the present invention, in the gateway according to the twenty-first aspect, the specific device exists under both the specific gateway and the gateway, and the gateway includes the cloud server, the gateway, and the gateway. When the current number of tunnel connections provided between the two has already reached a predetermined upper limit value, the tunnel connection request is transferred to the specific gateway and the specific gateway is connected to the cloud server. And establishes the tunnel communication between the gateway and the cloud server when the current number of tunnel connections has not yet reached the predetermined upper limit value. The communication with the specific device is relayed.

  According to a twenty-fourth aspect of the present invention, in the gateway according to the twenty-first aspect of the present invention, the specific device exists under both the specific gateway and the proxy gateway, and the proxy gateway is a security of the proxy gateway. If the level is lower than the security level of the specific gateway, the tunnel connection request is transferred to the specific gateway to establish the tunnel communication between the specific gateway and the cloud server, and the proxy gateway is established. If the security level is higher than the security level of the specific gateway, tunnel communication is established between the proxy gateway and the cloud server to relay communication between the cloud server and the specific device. Features.

  The invention of claim 25 is a management provided outside the predetermined LAN for communication between a cloud server provided outside the predetermined LAN and a specific device provided inside the predetermined LAN. A program for causing a computer built in a gateway acting on behalf of a part of the specific gateway in a communication system executed using a server and a specific gateway provided in the predetermined LAN. A) receiving a tunnel connection request for the specific device transmitted from the management server that has received the access request for the specific device from the cloud server; and b) if the specific gateway is In the state having the power saving mode, a job request for the specific device is sent by the management server. When the tunnel connection request for the specific gateway is transmitted from the management server in response to the reception of the specific gateway, the tunnel connection request is transmitted to the specific gateway, and the specific gateway is deleted. Resuming from the power mode, establishing tunnel communication between the specific gateway and the cloud server, and causing the specific gateway to relay communication between the cloud server and the specific device. Features.

  In the invention of claim 26, management between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is managed outside the predetermined LAN. A gateway in a communication system that executes using a server and a gateway provided in the predetermined LAN, including a normal mode and a power saving mode that consumes less power than the normal mode. An operation control means for controlling an operation mode, and receiving a tunnel connection request for establishing a tunnel connection between the cloud server on behalf of the gateway and transferring the tunnel connection request to the gateway The power saving prior request is made to the proxy gateway which is a gateway different from the gateway. Characterized in that it comprises a communication control means for transmitting prior to transition to the over-de, a.

  The invention of claim 27 is a management provided outside the predetermined LAN for communication between a cloud server provided outside the predetermined LAN and a specific device provided inside the predetermined LAN. A program for causing a computer built in a gateway in a communication system to be executed using a server and a gateway provided in the predetermined LAN, comprising: a) a tunnel connection between the cloud server and A tunnel connection request to be established is received on behalf of the gateway, and a proxy advance request to transfer the tunnel connection request to the gateway is transmitted to a proxy gateway that is a gateway different from the gateway B) after the step a), the operation mode of the gateway is Is cost power to the step of transitioning to a low power saving mode than in the normal mode, comprising: a city.

  According to the invention described in claims 1 to 25, when a specific gateway is in the power saving mode and a communication session is not established between the specific gateway and the management server, the proxy gateway and the management Establishing tunnel communication between a specific gateway and a cloud server, because a tunnel connection request is sent to the proxy gateway and forwarded to a specific gateway via a communication session with the server Is possible. Therefore, it is possible to change the specific gateway to the power saving mode to reduce the power consumption, and even when the specific gateway has the power saving mode, it is possible to switch between the specific gateway and the cloud server. It is possible to establish tunnel communication appropriately.

  According to the invention of claim 26 and claim 27, since the gateway transitions to the power saving mode after the proxy advance request is transmitted from the gateway to the proxy gateway, it is possible to reduce power consumption, Even when the gateway has the power saving mode, tunnel communication between the gateway and the cloud server can be appropriately established.

It is a figure which shows schematic structure of the communication system which concerns on embodiment of this invention. 1 is a schematic diagram illustrating a configuration of an MFP. It is a figure which shows schematic structures, such as a gateway and a management server. It is a figure which shows the state in which the some gateway has each established the message session between management servers. It is a timing chart which shows operation | movement of the communication system when a gateway changes to deep sleep mode. It is a conceptual diagram which shows the operation | movement of FIG. It is a conceptual diagram which shows a mode that the new message session was established. It is a timing chart which shows operation of a communications system when a gateway returns to deep sleep mode. It is a flowchart which shows a part of operation | movement of FIG. It is a conceptual diagram which shows the operation | movement of FIG. It is a figure which shows the management table which concerns on 1st Embodiment. It is a timing chart which shows operation in a communications system concerning a 2nd embodiment. It is a flowchart which shows a part of operation | movement of FIG. It is a conceptual diagram which shows the operation | movement of FIG. It is a flowchart which shows a part of operation | movement which concerns on 3rd Embodiment. It is a timing chart which shows the example of operation concerning a 3rd embodiment. It is a conceptual diagram which shows the operation | movement of a communication system in case the number of gateway tunnel connections has already reached the predetermined upper limit (maximum value). It is a conceptual diagram which shows operation | movement of a communication system in case the number of gateway tunnel connections has not yet reached the predetermined | prescribed upper limit (maximum value). It is a flowchart which shows a part of operation | movement which concerns on 4th Embodiment. It is a timing chart which shows operation of a communications system in case a gateway changes in deep sleep mode in a 5th embodiment. It is a flowchart which shows a part of operation | movement of FIG. It is a conceptual diagram which shows the operation | movement which concerns on 5th Embodiment. It is a figure which shows the management table which concerns on 5th Embodiment. It is a timing chart which shows operation of a communications system at the time of a gateway returning to deep sleep mode in a 5th embodiment. It is a flowchart which shows a part of operation | movement (operation | movement of a management server) of the operation | movement of FIG. 25 is a flowchart showing a part of the operation of FIG. 24 (gateway operation). It is a flowchart which shows operation | movement of the management server which concerns on 6th Embodiment. It is a flowchart which shows operation | movement of the management server which concerns on 7th Embodiment. It is a flowchart which shows operation | movement of the management server which concerns on 8th Embodiment. It is a figure which shows the technique which concerns on a comparative example.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

<1. First Embodiment>
<1-1. System configuration overview>
FIG. 1 is a diagram showing a schematic configuration of a communication system 1 according to an embodiment of the present invention. As shown in FIG. 1, the communication system 1 includes a plurality of devices 10 (10a, 10b, 10c) and a plurality of gateways 30 (30a, 30b). The communication system 1 includes a management server computer (hereinafter also simply referred to as a management server) 50, a cloud server computer (hereinafter also simply referred to as a cloud server) 70, and a client computer (hereinafter also simply referred to as a client) 90. Further prepare.

  The elements 10, 30, 50, 70, and 90 are connected to each other via the network 108, and can perform network communication. The network 108 includes a LAN (local area network), a WAN (wide area network), the Internet, and the like. Further, the connection form to the network 108 may be wired connection or wireless connection.

  The plurality of devices 10 and the plurality of gateways 30 are provided inside a certain LAN 107 constructed in a company or the like. On the other hand, the management server 50, the cloud server 70, and the client 90 are provided outside the LAN 107. The client 90 may be provided inside the LAN 107.

  Here, as the device 10, a multi-function peripheral (also abbreviated as MFP) is illustrated. The MFP is also referred to as an image forming apparatus or a communication apparatus.

  In addition, the gateway 30 is constructed in an MFP different from the MFP as the device 10 here. Specifically, the gateway 30 is realized by executing software (program) incorporated in the MFP as hardware.

  On the other hand, the management server 50, the cloud server 70, and the client 90 are constructed using a so-called personal computer or the like.

  In this communication system 1, for example, a print command sent from the client 90 to the cloud server 70 is sent to the device 10 via the management server 50 and the gateway 30, and print output is performed at the device (MFP) 10. Done.

  The plurality of gateways 30 have a function of relaying communication between the plurality of devices 10 and the cloud server 70.

  The management server 50 is a device that manages communication between the cloud server 70 and the plurality of gateways 30. The management server 50 receives an access request for a specific device among the plurality of devices 10 from the cloud server 70, and requests a tunnel connection with the cloud server 70 to any of the plurality of gateways 30 in response to the access request. Send.

<1-2. Overview of MFP configuration>
FIG. 2 is a schematic diagram showing the configuration of each MFP. The MFP is a device (also referred to as a multi-function device) having a scanner function, a printer function, a copy function, a data communication function, and the like.

  As shown in FIG. 2, the MFP includes an image reading unit 2, a print output unit 3, a communication unit 4, a storage unit 5, an input / output unit 6, a controller 9, and the like. Various functions are realized.

  The image reading unit 2 is a processing unit that optically reads a document placed at a predetermined position of the MFP and generates image data (also referred to as a document image) of the document.

  The print output unit 3 is an output unit that prints an image on various media such as paper based on image data related to the target image.

  The communication unit 4 is a processing unit capable of performing facsimile communication via a public line or the like. Further, the communication unit 4 can perform network communication via the network 108. In this network communication, various protocols such as TCP / IP (Transmission Control Protocol / Internet Protocol) and FTP (File Transfer Protocol) are used. By using the network communication, the MFP can receive a desired destination (gateway). 30, the management server 50, the cloud server 70, and the like).

  Specifically, the communication unit 4 of the gateway (MFP) 30 communicates with the management server 50 using a message session (described later) established between the gateway 30 and the management server 50 (particularly, the management server 50). Data can be received). The communication unit 4 of the device (MFP) 10 communicates with the cloud server 70 via the gateway 30 using a tunnel connection (described later) established between the gateway 30 and the cloud server 70. (Especially receiving data from the cloud server 70). The communication unit 4 includes a transmission unit that transmits data and the like to other devices, and a reception unit that receives data and the like from other devices.

  The storage unit 5 includes a storage device such as a hard disk drive (HDD) and a nonvolatile memory.

  The input / output unit 6 includes an operation input unit 6a that receives input to the MFP and a display unit 6b that displays and outputs various types of information. The input / output unit 6 is also referred to as an operation unit.

  The controller 9 is a control unit that comprehensively controls the MFP, and includes a CPU and various semiconductor memories (such as a RAM and a ROM).

  The controller 9 implements various processing units by executing a predetermined software program (also simply referred to as a program) stored in a ROM (for example, an EEPROM) in the CPU. For example, the controller 9 of the MFP that operates as the gateway 30 implements various processing units including a communication control unit 41, an information collection unit 45, an operation control unit 47 (see FIG. 3 (described later)), and the like. The MFP controller 9 that operates only as the device 10 may have a similar processing unit, but may not have a processing unit for functioning as the gateway 30. The program may be recorded, for example, on various portable recording media (such as a USB memory) and installed in the MFP via the recording medium. Alternatively, the program may be downloaded via the network 108 or the like and installed in the MFP. Further, a part of the communication control unit 41 (particularly a processing unit related to returning from the sleep state) is realized by using the sub-controller 8 (see FIG. 2).

  This gateway (MFP) 30 has a total of three operation modes, specifically a normal mode and a two-stage sleep mode (a first-stage sleep mode (also referred to as a simple sleep mode)) and a second-stage sleep mode. (Also referred to as a deep sleep mode)).

  Of these three modes, the power consumption in the normal mode is the largest and the power consumption in the deep sleep mode is the smallest. For example, in the simple sleep mode, power supply to the print output unit 3 and the image reading unit 2 is stopped, whereas in the deep sleep mode, power supply to the controller (main controller) 9 and the like is also stopped. . In the deep sleep mode, power is supplied to a part of the communication unit 4 and the sub-controller 8 having a return control unit (including the return communication control unit) that controls the return operation from sleep. The power supply to the processing unit is stopped. In the deep sleep mode, a communication operation using a message session and a communication operation using a tunnel connection cannot be performed.

<1-3. Outline of each element configuration>
FIG. 3 is a diagram showing a schematic configuration of each element 30, 50, 70 and the like. Each of these elements will be described with reference to FIG.

<Cloud server 70>
The cloud server 70 includes a communication control unit 81. The communication control unit 81 performs communication with the management server 50. In addition, the communication control unit 81 performs communication with each gateway 30 using tunnel communication (described later).

<Management server 50>
The management server 50 includes various processing units such as a communication control unit 61, a device information management unit 65, and an analysis unit 67.

  These various processing units are realized by executing predetermined software programs (also simply referred to as programs) stored in a storage unit (HDD or the like) in the CPU of the management server 50. Note that the program may be recorded on various portable recording media (DVD-ROM or the like), for example, and installed in the management server 50 via the recording medium. Alternatively, the program may be downloaded via the network 108 or the like and installed in the management server 50.

  The communication control unit 61 controls various communication operations in cooperation with the communication unit 54 (communication hardware). For example, the communication control unit 61 performs communication with the cloud server 70 and receives an access request from the cloud server 70. Moreover, the communication control part 61 performs communication with each gateway 30 using a message session (described later). Note that the communication unit 54 includes a transmission unit that transmits data and the like to other devices, and a reception unit that receives data and the like from other devices.

  The device information management unit 65 is a processing unit that manages device information (and a management table 69 including the device information) received from the gateway 30. In the management table 69, the relationship between each gateway 30 and the devices under the gateway 30 is stored. The management table 69 is stored in a storage unit (HDD (hard disk drive) or the like) of the management server 50.

  The analysis unit 67 is a processing unit that analyzes the content of the access request received from the cloud server 70.

<Gateway 30>
Each gateway 30 includes various processing units such as a communication control unit 41, an information collection unit 45, and an operation control unit 47, respectively. These various processing units are realized by executing predetermined programs in the controller 9 and the sub-controller 8 of the gateway 30 (MFP).

  The communication control unit 41 is a processing unit that controls communication with other devices. The communication control unit 41 includes a message session communication control unit 42 and a tunnel communication control unit 43.

  The message session communication control unit 42 is a processing unit that executes communication with the management server 50 using a message session (described later). The message session communication control unit 42 establishes a message session (described later) with the management server 50 and executes communication with the management server 50. The message session communication control unit 42 is also referred to as a management server communication unit (or management server communication unit).

  The tunnel communication control unit 43 is a processing unit that executes communication with the cloud server 70 using tunnel communication (described later). The tunnel communication control unit 43 establishes tunnel communication with the cloud server 70 and relays communication between the cloud server 70 and the specific device 10. The tunnel communication control unit 43 is also referred to as a cloud server communication unit (or cloud server communication unit).

  As will be described later, by using a message session, data can be transmitted from a device outside the LAN 107 (management server 50) to a device inside the LAN 107 (gateway 30). Further, by using the tunnel connection, data can be transmitted from a device outside the LAN 107 (cloud server 70) to devices inside the LAN 107 (gateway 30 and device 10).

  The information collection unit 45 is a processing unit that collects information on the devices 10 existing under the gateway 30.

  The operation control unit 47 is a processing unit that controls the operation mode of the own device (gateway 30). Specifically, the operation control unit 47 controls the above-described operation modes (normal mode, simple sleep mode, and deep sleep mode) of the MFP configuring the gateway 30.

<1-4. Outline of operation>
Also in this embodiment, as described above (see FIG. 30), a message session (as an exception to the firewall) is established between the management server 50 outside the LAN and the gateway 30 inside the LAN. The image forming apparatus in the LAN can be accessed from the cloud server 70 via the management server 50 and the gateway 30. Hereinafter, such an operation (basic operation) will be described first.

  As described above (see FIG. 30), the gateway 30 establishes a communication session (specifically, a message session) (511, 512) with the management server 50 designated in advance at the time of activation or the like. Thereafter, when an access request from the cloud server 70 to the specific device 10 occurs, the message session (521) between the management server 50 and the gateway 30 (30b) is used, so that the gateway 30b from the management server 50 is used. A tunnel connection request is sent to. The gateway 30b establishes tunnel communication with the cloud server 70 based on the tunnel connection request. Then, the cloud server 70 accesses the device (image forming apparatus) 10 (via the gateway 30) using the tunnel communication. This tunnel communication is also expressed as communication by VPN (Virtual Private Network).

  More specifically, first, each gateway 30 transmits a message session connection request (establishment request) to the management server 50 designated in advance at the time of activation or the like. In response to this, the management server 50 approves the establishment request, whereby a message session (511, 521) is established between each gateway 30 and the management server 50. In other words, a message session is established in response to access from the gateway 30 inside the LAN 107 to the management server 50 outside the LAN 107. An example of such a message session (communication session) is one using a protocol such as “XMPP: eXtensible Messaging and Presence Protocol”. In addition, each gateway 30 transmits information (management information) of a device (image forming apparatus) managed by each gateway 30 to the management server 50.

  Then, the cloud server 70 can access the device (image forming apparatus) 10 using the message session between the management server 50 and the gateway 30.

  Specifically, when the cloud server 70 wants to access (communication) the specific device 10b, first, an access request for the specific device 10b is transmitted from the cloud server 70 to the management server 50.

  The management server 50 identifies the gateway 30 (a specific gateway 30b having the specific device 10b under its control) corresponding to the specific device 10 based on the management information. In addition, the management server 50 transmits a tunnel connection request to the identified gateway 30.

  For example, when the access request for the specific device 10b is transmitted from the cloud server 70 to the management server 50, the management server 50 specifies the gateway (30b) corresponding to the specific device 10b based on the management information. When the message session 521 is established between the management server 50 and the specific gateway 30b (corresponding to the specific device 10b), the management server 50 sends a tunnel connection request to the specified gateway 30b. Send via message session 521. The “tunnel connection request” is a connection request (establishment request) for establishing a tunnel connection with the cloud server 70. As described above, when the message session 521 is established between the management server 50 and the specific gateway 30b, the tunnel connection request is transmitted using the message session 521 between the management server 50 and the gateway 30b. Sent.

  In response to the tunnel connection request, the gateway 30 receives a request for establishing an HTTP (Hypertext Transfer Protocol) session (more specifically, an HTTPS (Hypertext Transfer Protocol Secure) session) to the cloud server 70. To send. Then, when the cloud server 70 approves the establishment request, tunnel connection (tunnel communication) by the HTTP session is established between the gateway 30 and the cloud server 70. In other words, tunnel connection (tunnel communication) is established in response to access from the gateway 30 inside the LAN 107 to the cloud server 70 outside the LAN 107. The cloud server 70 can transmit various data to the device 10 via the gateway 30 using the tunnel communication by the HTTP session. Such an HTTP (HTTPS) session establishment request is also referred to as a tunnel connection establishment request. In FIG. 30, “tunnel communication” is schematically shown by an elongated rectangle with sandy hatching.

  By the way, as described above, in the technology that constantly maintains the message session between the management server 50 and each gateway 30 (also referred to as a technology according to the comparative example), the message session (521 or the like) It is necessary to continuously transmit a signal (such as a “KeepAlive” packet) (see FIG. 30). Therefore, the operation mode of all the gateways 30 cannot be changed to a predetermined power saving mode (for example, a deep sleep mode in which power supply to the control processing unit (main controller 9) for transmitting the “KeepAlive” packet is stopped). There is a problem.

  Therefore, in this embodiment, a gateway 30b of the plurality of gateways 30 is shifted to the power saving mode (deep sleep mode) (see FIG. 6), and a tunnel connection request from the management server 50 is sent to the gateway 30b. A technique (see FIG. 10) received by another gateway 30 (for example, 30a) instead of the above will be described.

  Specifically, when the management server 50 receives an access request from the cloud server 70 to the device 10b, a message session is established between the management server 50 and a specific gateway 30b corresponding to the device 10b. When there is not (see FIGS. 6 and 7), the management server 50 considers that the specific gateway 30b has the power saving mode and performs the following processing. That is, as shown in FIG. 10, the management server 50 receives the tunnel connection request instead of the gateway 30b via a message session between the management server 50 and another gateway 30a (also referred to as a proxy gateway). A tunnel connection request is transmitted to the proxy gateway 30a (in place of the gateway 30b).

  When the proxy gateway 30a receives the tunnel connection request from the management server 50, the proxy gateway 30a transfers the tunnel connection request to the specific gateway 30b and returns the specific gateway 30b from the power saving mode.

  After the return from the power saving mode, the specific gateway 30b establishes a tunnel connection between the specific gateway 30b and the cloud server 70 based on the tunnel connection request received from the proxy gateway 30a. Relay communication with the device 10b.

  Hereinafter, such an operation will be described in more detail.

<1-5. Transition to deep sleep mode>
FIG. 4 is a diagram showing a state where a plurality of gateways 30 (30a, 30b) have established message sessions (511, 521) with the management server 50, respectively. At this time, it is assumed that the gateways 30a and 30b are both operating in the normal mode (non-power saving mode).

  Each message session between each gateway 30 and the management server 50 is established when each gateway 30 is started as described above. In addition, when each gateway 30 is activated, information regarding which device 10 exists under the management of each gateway 30 is acquired by each gateway 30 (information collecting unit 45). Then, the information is transmitted from each gateway 30 to the management server 50. Then, the management information 310 including the information is stored in the management table 69 (69a) of the management server 50.

  FIG. 11 is a diagram showing a management table 69 (69a) according to the first embodiment.

  As shown in FIG. 11, in the management information 310, a correspondence relationship (also referred to as a dominant relationship or a master-slave relationship) between the plurality of gateways 30 and the plurality of devices 10 is defined. Specifically, information on the devices 10 existing under the respective gateways 30 is defined. For example, the management information 310 in FIG. 11 stipulates that the device 10a and the device 10c exist under the gateway 30a and the device 10b exists under the gateway 30b.

  Based on the management information 310, the management server 50 can determine the gateway 30 corresponding to each device 10 (gateway 30 having each device 10 under its control). For example, the gateway 30a is determined as the gateway corresponding to the device 10a, and the gateway 30b is determined as the gateway corresponding to the device 10b.

  In the state of FIG. 4, there is a message session 511 (message session between the management server 50 and the gateway 30a) with the gateway 30a corresponding to the device 10a. Accordingly, when an access request from the cloud server 70 (access request for the device 10a) is transmitted to the management server 50, the management server 50 transmits a tunnel connection request to the gateway 30a using the message session 511. be able to. In response to the tunnel connection request, the gateway 30a establishes an HTTP session (tunnel communication) with the cloud server 70. Then, using the tunnel communication, communication from the cloud server 70 toward the device 10a managed by the gateway 30a can be executed via the gateway 30a.

  Similarly, in the state of FIG. 4, there is a message session 521 (message session between the management server 50 and the gateway 30b) with the gateway 30b corresponding to the device 10b. Therefore, when an access request from the cloud server 70 (access request for the device 10b) is transmitted to the management server 50, the management server 50 transmits a tunnel connection request to the gateway 30b using the message session 521. be able to. In response to the tunnel connection request, the gateway 30b establishes an HTTP session (tunnel communication) with the cloud server 70. And the communication which goes to the device 10b under the management of the gateway 30b from the cloud server 70 can be performed via the gateway 30b using the said tunnel communication.

  Thereafter, the operation as shown in FIG. 5 is performed, and the gateway 30b shifts to the power saving mode. Hereinafter, the operation of the communication system 1 when the gateway 30b transitions to the operation state in the power saving mode (here, the deep sleep mode) will be described with reference to FIGS. FIG. 5 is a timing chart showing the operation. FIG. 6 is a conceptual diagram illustrating the operation of the communication system 1 when the gateway 30b transitions to the deep sleep mode.

  As shown in FIG. 5, when it is determined that the gateway 30b should transition to the deep sleep mode, the gateway 30b (communication control unit 41) requests the gateway 30a to perform a proxy advance request (also simply referred to as a proxy request). Is transmitted (step S11). This proxy advance request is a command for requesting the gateway 30a to receive (proxy reception) a tunnel connection request addressed to the gateway 30b on behalf of the gateway 30b after the gateway 30b transits to the deep sleep mode. Here, the proxy advance request includes that the tunnel connection request should be transferred to the gateway 30b.

  When the gateway 30b (operation control unit 47) transmits this proxy advance request to the gateway 30a, the gateway 30b changes the operation mode of itself (gateway 30b) to the deep sleep state. Accordingly, the message session 521 between the gateway 30b and the management server 50 is disconnected (see FIG. 6). In this way, the gateway 30b transitions to the power saving mode (deep sleep mode) in a state where there is no message session with the management server 50.

  On the other hand, when the gateway 30a receives the proxy advance request from the gateway 30b, the gateway 30a generates a new message session 513 with the management server 50 in addition to the existing message session 511 with the management server. Specifically, a new message session 513 for substitution is established with the management server 50 using a predetermined protocol (here, “XMPP: eXtensible Messaging and Presence Protocol”) (step S12 in FIG. 5). And FIG. 7). Specifically, the gateway 30a requests the management server 50 to establish a new message session, and the management server 50 approves the request to establish a new message session.

  FIG. 7 is a conceptual diagram showing how the new message session 513 is established. As will be described later, by using the new message session 513, a request signal (substitute connection request and tunnel connection request) for the gateway 30b is transmitted from the management server 50 to the gateway 30a.

  As described above, when the gateway 30a receives the proxy advance request from the gateway 30b, the gateway 30a generates a new message session 513 for the proxy with respect to the gateway 30b with the management server 50, and requests a tunnel connection request (described later) to the gateway 30b. ) Etc.

  Further, the gateway 30a transfers proxy information based on the proxy advance request to the management server 50, and the management server 50 stores the proxy information in the storage unit. This proxy information includes information regarding the proxy relationship between the gateways 30a and 30b, for example, “a tunnel connection request for the gateway 30b is received by the gateway 30a as a proxy”. The proxy information may be stored in the management table 69 (69a).

<1-6. Recovery from deep sleep mode>
Next, the operation of the communication system 1 when the access request to the device 10b is given from the cloud server 70 and the gateway 30b returns from the deep sleep mode (sleep state) to the normal mode (non-sleep state) is shown in FIGS. Will be described with reference to FIG. FIG. 8 is a timing chart showing the operation, and FIG. 9 is a flowchart showing a part of the operation (the operation of the gateway 30a). FIG. 10 is a conceptual diagram showing the operation of the communication system 1 when the gateway 30b returns from the deep sleep mode.

  The user operates the web browser of the client 90 and accesses the cloud application on the cloud server 70. Then, in response to a user operation using the client 90, a cloud print instruction is given to the cloud server 70 using the cloud application (step S31 in FIG. 8). In other words, a cloud print instruction (also referred to as a job instruction) is transmitted from the client 90 to the cloud server 70. The cloud print instruction is, for example, a print instruction indicating that a specific electronic document (print target data) stored on the cloud server 70 should be printed using a specific MFP (here, the device 10b).

  The cloud server 70 (communication control unit 81) transmits an access request based on the cloud print instruction to the management server 50 registered in advance as a server corresponding to the cloud application (step S32). This access request includes information of the access source cloud server 70 (IP address identification information and the like) and information of the access destination device (device 10b in this case) (device ID identification information and the like).

  The management server 50 (analysis unit 67) analyzes the content of the access request received from the cloud server 70, and executes a process based on the analysis result.

  When a message session is established between the gateway 30 (for example, 30a) that should relay tunnel communication based on this access request and the management server 50 (the gateway 30 that should relay tunnel communication based on the access request is operating in the normal mode) In such a case, the same operation as described above is performed. For example, the management server 50 transmits a tunnel connection request to the gateway 30a using the message session 511 with the gateway 30a corresponding to the device 10a. In response to the tunnel connection request, the gateway 30a establishes an HTTP session (tunnel communication) with the cloud server 70. Then, using the tunnel communication, communication from the cloud server 70 toward the device 10 (for example, 10a) managed by the gateway 30a can be executed via the gateway 30a.

  On the other hand, when the message session between the gateway 30 (for example, 30b) that should relay the tunnel communication based on the access request and the management server 50 is not established (the gateway 30 that should relay the tunnel communication based on the access request is in the sleep state) In some cases, the “proxy connection request” is transmitted from the management server 50 to the “proxy gateway” (step S33). The “proxy gateway” is a gateway that performs a part of the operation of a specific gateway. The “proxy gateway” is also expressed as a gateway that receives a tunnel connection request for a specific gateway on behalf of the specific gateway (substitute reception). The management server 50 determines a proxy gateway for the gateway 30b based on the proxy information described above. Here, it is assumed that the gateway 30a is determined as a gateway (substitute gateway) that receives (substitute reception) a tunnel connection request for the gateway 30b instead of the gateway 30b. In this case, in step S33, the “proxy connection request” is transmitted from the management server 50 to the gateway 30a. The “proxy connection request” is a command indicating that a tunnel connection request should be received (proxy reception) in place of the original gateway 30b.

  The management server 50 also transmits a tunnel connection request to the gateway 30a (step S34). The proxy connection request and the tunnel connection request are transmitted from the management server 50 to the gateway 30a using a message session 513 newly established in advance between the management server 50 and the gateway 30a for the gateway 30b. Here, although the proxy connection request and the tunnel connection request are transmitted as separate connection requests, the present invention is not limited to this. For example, both the proxy connection request and the tunnel connection request may be transmitted together as one connection request. Further, the proxy connection request does not necessarily need to be transmitted.

  As shown in FIG. 9, the gateway 30a receives a proxy connection request and a tunnel connection request using a message session 513 (FIG. 7) established in advance with the management server 50 for the gateway 30b (step). S35, S37) and the process proceeds to step S39. In step S39, the gateway 30a transmits a tunnel connection request to the gateway 30b.

  When receiving the tunnel connection request from the gateway 30a, the gateway 30b returns from the deep sleep mode to the normal mode (see FIG. 8). Further, the gateway 30b establishes an HTTP (HTTPS) session (tunnel communication) with the cloud server 70 in response to the tunnel connection request (step S56). Specifically, the gateway 30b requests the cloud server 70 to establish tunnel communication, and when the cloud server 70 approves the request, the tunnel communication is established. In FIG. 10, “tunnel communication” is schematically shown by an elongated rectangle with sandy hatching.

  And the communication which goes to the device 10b under the management of the gateway 30b from the cloud server 70 can be performed via the gateway 30b using the said tunnel communication (step S57). Thereby, the cloud server 70 can transmit a specific electronic document (print target data or the like) to the device 10 via the gateway 30b that has returned from the sleep state.

  After that, when a predetermined no-operation time elapses, the gateway 30b transitions to the deep sleep mode again.

  In the operation as described above, when the management server 50 receives an access request from the cloud server 70 for the device 10b under the management of the gateway 30b in a state where the gateway 30b has the deep sleep mode, the management server 50 replaces the gateway 30b. A tunnel connection request is transmitted to 30a. Then, when the proxy gateway 30a receives the tunnel connection request from the management server 50, the proxy gateway 30a transfers the tunnel connection request to the gateway 30b and returns the gateway 30b from the deep sleep mode. Then, after returning from the deep sleep mode to the normal mode, the gateway 30b establishes tunnel communication between the gateway 30b and the cloud server 70 based on the tunnel connection request received from the proxy gateway 30a. Relay communication with 10b.

  According to this, even when the gateway 30b is changed to the deep sleep mode, the gateway 30b can be returned from the deep sleep mode via the management server 50 and the substitute gateway 30a. Therefore, it is possible to appropriately establish a tunnel connection (tunnel communication) between the gateway 30b and the cloud server 70 even when the gateway 30b has the deep sleep mode.

  Further, since the gateway 30b can request another proxy gateway 30a to perform proxy processing and shift the own device (gateway 30b) to the deep sleep mode, the power consumption of the gateway 30b (and thus the power consumption of the entire system 1) can be reduced. Further reduction is possible.

<2. Second Embodiment>
The second embodiment is a modification of the first embodiment. Below, it demonstrates centering on difference with 1st Embodiment.

  In the first embodiment, when the gateway 30b in deep sleep receives a tunnel connection request from the proxy gateway 30a, in response to the tunnel connection request, the gateway 30b returns from the deep sleep mode and the gateway 30b and the cloud server The tunnel communication with 70 is immediately established. It should be noted that such a connection mode for tunnel communication is also referred to as a “simple connection mode” because it is a simpler connection mode than another connection mode (regular connection mode) described below.

  However, the present invention is not limited to this. For example, the gateway 30b that has received the tunnel connection request from the proxy gateway 30a and has returned from deep sleep may generate the message session 521 again with the management server 50 (see FIG. 14). The gateway 30b may receive a tunnel connection request again from the management server 50 via the message session 521, and establish a tunnel connection (tunnel communication) based on the tunnel connection request. When the message session 521 is regenerated (re-established), the gateway 30b searches for the subordinate device 10, and the latest information including the search result is acquired by the gateway 30b and notified to the management server 50. It is preferable. Such a tunnel communication establishment mode (connection mode) is also referred to as a “regular connection mode”.

  In the second embodiment, the tunnel communication between the cloud server 70 and the gateway 30b that has returned from the deep sleep is designated by the user setting in both the above-mentioned “regular connection mode” and “simple connection mode”. The mode performed by the predetermined mode is illustrated.

  FIG. 12 is a timing chart showing operations in the communication system according to the second embodiment (such as a return operation from the sleep of the gateway 30b). FIG. 13 shows a part of operations in the communication system (the gateway 30b). Is a flowchart showing an operation). FIG. 14 is a conceptual diagram showing an operation according to the second embodiment (more specifically, an operation of the communication system 1 when the gateway 30b returns from the deep sleep mode).

  The operation of the communication system 1 when the gateway 30b returns from the deep sleep mode (sleep state) to the normal mode (non-sleep state) will be described with reference to FIGS.

  In steps S31 to S35, S37, and S39, processing similar to that in the first embodiment is executed (see FIG. 12 and FIG. 14).

  When the gateway 30b receives the tunnel connection request from the gateway 30a, the gateway 30b returns from the deep sleep mode to the normal mode, and executes the operation shown in FIG.

  Specifically, in step S50, as the tunnel communication establishment mode (connection mode), either of the “simple connection mode” and the “regular connection mode” is designated by the user setting (user setting in the gateway 30b). It is determined whether or not it has been performed, and branch processing is performed according to the determination result.

  When “simple connection mode” is designated as the connection mode of the tunnel communication, the process proceeds to step S51a. In step S51a, a connection operation in the simple connection mode is executed. The connection operation in the simple connection mode is the same as that in the first embodiment, and the processes in steps S56 and S57 are performed immediately.

  On the other hand, when “regular connection mode” is designated as the connection mode of the tunnel communication, the process proceeds to step S51b.

  In step S51b, a connection operation in the normal connection mode is executed.

  Specifically, first, the gateway 30b (information collecting unit 45) searches for the device 10 under its control at the present time, and acquires the latest information (device information) based on the search result (step S52). According to this, for example, the latest information including that the power of the device 10b is turned off during the sleep of the gateway 30b and the device 10b is not operating normally at the present time can be acquired.

  Next, the gateway 30b (message session communication control unit 42) determines that the device 10b is operating normally on the basis of the device information collected by the information collecting unit 45 and the management server 50. A message session 521 (see FIG. 14 and the like) is newly generated (established) with the gateway 30b corresponding to the device 10b (step S53). Then, the gateway 30b notifies the management server 50 of the latest information regarding the subordinate devices of the gateway 30b via the new message session 521 (step S54). Further, the gateway 30b receives a new tunnel connection request (new tunnel connection request) from the management server 50 via the new message session 521 (step S55). In response to the tunnel connection request, the gateway 30b establishes a tunnel connection (tunnel communication) with the cloud server 70 (step S56 (S56b)).

  Then, using the tunnel connection, communication from the cloud server 70 toward the device 10b managed by the gateway 30b is executed via the gateway 30b (step S57). The gateway 30b (tunnel communication control unit 43) relays communication between the cloud server 70 and the device 10b using the tunnel connection. Thereby, the cloud server 70 can transmit a specific electronic document (print target data or the like) to the device 10 via the gateway 30b that has returned from the sleep state.

  In the normal connection mode, when it is determined that the device 10b is not operating normally, error information is transmitted from the management server 50 (or gateway 30b) to the cloud server 70.

  According to the operation as described above, it is possible to obtain the same effect as in the first embodiment.

  In particular, when connecting in the regular connection mode, the device 10b is not operating normally at the present time because the power of the device 10b is turned off during the sleep of the gateway 30b (currently under the gateway 30b). It is possible to perform an appropriate error handling process.

  Further, when connecting in the simple connection mode, the gateway 30b does not perform a subordinate device search process and a message session re-establishment process with the management server 50. Speeding up of the processing).

  Further, since the user can appropriately select which one of the “simple connection mode” and the “regular connection mode” is to be used by a setting operation, it is possible to obtain a high degree of freedom.

  The second embodiment exemplifies a mode in which tunnel communication is re-established in a predetermined mode designated by user setting, out of both connection modes of “regular connection mode” and “simple connection mode”. However, it is not limited to this. For example, tunnel communication may always be re-established in the “regular connection mode”.

<3. Third Embodiment>
The third embodiment is a modification of the first embodiment. Below, it demonstrates centering on difference with 1st Embodiment.

  In the third embodiment, it is assumed that both the gateways 30a and 30b have a common device 10 (here, 10b) (see FIGS. 17 and 18).

  In the third embodiment, when the management server 50 receives an access request from the cloud server 70 to the device 10b, the management server 50 selects the gateway 30 corresponding to the device 10b from the gateways 30a and 30b based on the management information 510. To select. Here, it is assumed that the gateway 30b is selected as the gateway corresponding to the device 10b.

  Then, the management server 50 determines that the message session between the gateway 30b and the management server 50 has not been established, and sends a tunnel connection request for the gateway 30b via the message session 513 between the management server 50 and the proxy gateway 30a. To the proxy gateway 30a. In response to this, the gateway 30a receives a tunnel connection request for the gateway 30b.

  Next, the proxy gateway 30a determines whether or not to forward the tunnel connection request to the gateway 30b depending on whether or not a predetermined condition is satisfied. The proxy gateway 30a knows that the device 10b also exists under its own device (the proxy gateway 30a), and determines whether or not to process the tunnel connection request.

  Here, as the predetermined condition, a determination result regarding whether or not the number of tunnel connections of the gateway 30a has already reached a predetermined upper limit value (for example, “2”) is used.

  Then, a tunnel connection is established between the gateway 30 (30a or 30b) that finally received the tunnel connection request and the cloud server 70, and the print target data or the like is transmitted to the cloud server via the established tunnel connection. 70 to the transmission target device 10b.

  FIG. 15 is a flowchart showing a part of the operation (the operation of the gateway 30a) in the communication system according to the third embodiment. FIG. 16 is a timing chart showing the operation in the communication system according to the third embodiment (operation when the number of tunnel connections of the gateway 30a has not yet reached the predetermined upper limit value (maximum value)). FIGS. 17 and 18 are conceptual diagrams illustrating operations according to the third embodiment (more specifically, operations of the communication system 1 when an access request is given from the cloud server 70 to the device 10b). FIG. 17 shows the operation when the number of tunnel connections of the gateway 30a has already reached the predetermined upper limit value (maximum value). FIG. 18 shows the operation when the number of tunnel connections of the gateway 30a is the predetermined upper limit value (maximum value). The operation when the value has not yet been reached is shown.

  When an access request for the device 10b is given from the cloud server 70, the operations of steps S31, S32, S33, and S34 are executed as in the first embodiment (see FIG. 16). Specifically, when receiving an access request for the device 10b from the cloud server 70, the management server 50 transmits a proxy connection request and a tunnel connection request to the gateway 30a. That is, the management server 50 transmits a tunnel connection request for the gateway 30b to the gateway 30a.

  The gateway 30a executes the operation shown in FIG.

  When the gateway 30a receives the proxy connection request and the tunnel connection request, it proceeds to step S41 through steps S35 and S37.

  In step S41, it is determined whether or not the number of tunnel connections of the gateway 30a has already reached a predetermined upper limit (for example, “2”), and branch processing based on the determination result is executed.

  When the current number of tunnel connections provided between the cloud server 70 and the gateway (proxy gateway) 30a has already reached a predetermined upper limit (for example, “2”), the process proceeds to step S42, Processing similar to that of the first embodiment (see FIG. 8) (or the second embodiment (see FIG. 12)) is performed. Here, for simplification, it is assumed that the same processing as in the first embodiment is performed.

  Specifically, as shown in FIG. 17 (see also FIG. 8, etc.), the gateway 30a transfers the tunnel connection request from the management server 50 to the gateway 30b, and returns the gateway 30b from the deep sleep mode (step S39). ). Then, the gateway 30b establishes tunnel communication with the cloud server 70 in the simple connection mode (step S56), and uses the tunnel communication from the cloud server 70 to the device 10 under management of the gateway 30b ( For example, communication toward 10b) is executed via the gateway 30b (step S57).

  On the other hand, when the current number of tunnel connections provided between the cloud server 70 and the proxy gateway 30a has not yet reached the predetermined upper limit value, the process of step S43 (FIG. 15) is executed. In step S43, the processes of steps S58 and S59 (described below) are executed.

  Specifically, as shown in FIGS. 16 and 18, the proxy gateway 30a establishes a new tunnel connection (tunnel communication) between the proxy gateway 30a and the cloud server 70 (step S58), and the cloud server 70 And relay the communication between the device 10b (step S59). In step S59, using the new tunnel communication, communication from the cloud server 70 toward the device 10 (for example, 10b) managed by the gateway 30a is executed via the gateway 30a.

  As described above, even when the proxy connection request and the tunnel connection request are transmitted from the management server 50 to the gateway 30a, the gateway 30a does not unconditionally transfer the tunnel connection request to the gateway 30b. The gateway 30a changes whether to forward the tunnel connection request to the gateway 30b according to the situation.

  When the gateway 30a has enough resources (when the number of tunnel connections between the gateway 30a and the cloud server 70 is less than the upper limit value), the gateway 30a performs the operation shown in FIG. Specifically, instead of transferring the tunnel connection request from the management server 50 to the gateway 30b, the gateway 30 establishes a tunnel connection with the cloud server 70 based on the tunnel connection request, The gateway 30a itself relays communication between the cloud server 70 and the device 10b. In short, the proxy gateway 30a itself performs communication processing with the cloud server 70 by tunnel connection instead of the gateway 30b.

  According to this, it is possible to effectively utilize the resources of the gateway 30a and maintain the gateway 30b while making the transition to the deep sleep mode as much as possible, thereby suppressing the power consumption associated with the return of the gateway 30b from the deep sleep mode. Is possible.

<4. Fourth Embodiment>
The fourth embodiment is a modification of the third embodiment. Below, it demonstrates centering on difference with 3rd Embodiment.

  Also in the fourth embodiment, it is assumed that both the gateways 30a and 30b have a common device 10 (here, 10b).

  Also in the fourth embodiment, when the management server 50 receives an access request from the cloud server 70 to the device 10b, the management server 50 selects the gateway 30 corresponding to the device 10b based on the management information 510 from the gateways 30a and 30b. To select. Here again, it is assumed that the gateway 30b is selected as the gateway corresponding to the device 10b.

  Then, the management server 50 determines that the message session between the gateway 30b and the management server 50 has not been established, and sends a tunnel connection request for the gateway 30b via the message session 513 between the management server 50 and the proxy gateway 30a. To the proxy gateway 30a. In response to this, the gateway 30a receives a tunnel connection request for the gateway 30b.

  Next, the gateway 30a determines whether or not to forward the tunnel connection request to the gateway 30b depending on whether or not a predetermined condition is satisfied. Then, a tunnel connection is established between the gateway 30 (30a or 30b) that finally received the tunnel connection request and the cloud server 70, and the print target data or the like is transmitted to the cloud server via the established tunnel connection. 70 to the transmission target device 10b.

  However, in the fourth embodiment, as the predetermined condition, a determination result based on the magnitude relationship between the security level of the proxy gateway 30a and the security level of the gateway 30b is used.

  FIG. 19 is a flowchart showing a part of the operation (the operation of the gateway 30a) in the communication system according to the fourth embodiment.

  When an access request to the device 10b is given from the cloud server 70, the operations of steps S31, S32, S33, and S34 are executed as in the third embodiment (and the first embodiment, etc.) (see FIG. 16). . Specifically, when receiving an access request for the device 10b from the cloud server 70, the management server 50 transmits a proxy connection request and a tunnel connection request to the gateway 30a.

  Moreover, the gateway 30a performs the operation | movement shown in FIG.

  When the gateway 30a receives the proxy connection request and the tunnel connection request, the process proceeds to step S45 through steps S35 and S37.

  In step S45, the magnitude relationship between the security level of the proxy gateway 30a and the security level of the gateway 30b is determined, and branch processing based on the determination result is executed.

  Here, the security levels of the gateways 30a and 30b are set as appropriate according to their arrangements and the like. For example, when the gateway 30 is arranged in a department having relatively high secrecy (for example, when the gateway 30 manages information having relatively high secrecy), the gateway 30 has a relatively high security level. Is set. On the contrary, when the gateway 30 is arranged in a department having relatively low secrecy (when the gateway 30 does not handle the secret information almost), a relatively low security level is set for the gateway 30.

  For example, when the security level of the gateway 30b is set to “level 3” and the security level of the proxy gateway 30a is set to “level 5”, the security level of the proxy gateway 30a is higher than the security level of the gateway 30b. Is also determined to be high. Here, it is assumed that the higher the security level, the higher the level of security.

  In step S45, it is preferable to compare the security levels related to the security items related to the tunnel connection route and the like. For example, the “encryption strength” of the tunnel connection path itself and / or the “certificate verification strength” regarding the tunnel connection path are preferably compared. On the other hand, items related to security other than the tunnel connection path (for example, “encrypted PDF setting” related to encryption of PDF file or “HDD encryption” related to encryption of HDD (hard disk drive) of gateway 30) are not considered. Also good.

  Further, it is assumed that the gateway 30a has previously acquired the security level of the gateway 30a and the security level of the gateway 30b prior to the operation of FIG. For example, each security level may be acquired through communication with the gateway 30b.

  If it is determined in step S45 that the security level of the proxy gateway 30a is lower than the security level of the gateway 30b, the process proceeds to step S46, and the first embodiment (see FIG. 8) (or the second embodiment (FIG. 12) is performed. The same processing as in the reference)) is performed. Here, for simplification, it is assumed that the same processing as in the first embodiment is performed.

  Specifically, the operation shown in FIG. 17 (see also FIG. 8 and the like) is performed. Specifically, the gateway 30a transfers the tunnel connection request from the management server 50 to the gateway 30b, and returns the gateway 30b from the deep sleep mode (step S39). Then, the gateway 30b establishes tunnel communication with the cloud server 70 in the simple connection mode (step S56), and uses the tunnel communication from the cloud server 70 to the device 10 under management of the gateway 30b ( For example, communication toward 10b) is executed via the gateway 30b (step S57).

  On the other hand, when the security level of the proxy gateway 30a is equal to or higher than the security level of the gateway 30b, the process of step S47 (FIG. 19) is executed. In step S47, the processes of steps S58 and S59 are executed.

  Specifically, the operations shown in FIGS. 16 and 18 are performed. Specifically, the proxy gateway 30a establishes a new tunnel connection (tunnel communication) between the proxy gateway 30a and the cloud server 70 (step S58), and relays communication between the cloud server 70 and the device 10b (step S58). S59). In step S59, using the new tunnel communication, communication from the cloud server 70 toward the device 10 (for example, 10b) managed by the gateway 30a is executed via the gateway 30a.

  As described above, even when the proxy connection request and the tunnel connection request are transmitted from the management server 50 to the gateway 30a, the gateway 30a does not unconditionally transfer the tunnel connection request to the gateway 30b.

  When the security level of the gateway 30a is not inferior to the security level of the gateway 30b (when the security level of the proxy gateway 30a is equal to or higher than the security level of the gateway 30b), the gateway 30a operates as shown in FIG. Run. Specifically, instead of transferring the tunnel connection request from the management server 50 to the gateway 30b, the gateway 30a establishes a tunnel connection with the cloud server 70 based on the tunnel connection request, The gateway 30a itself relays communication between the cloud server 70 and the device 10b. In short, the proxy gateway 30a itself performs communication processing with the cloud server 70 by tunnel connection instead of the gateway 30b.

  According to this, since it is possible to maintain the gateway 30b while transitioning to the deep sleep mode as much as possible while suppressing a decrease in the security level, the power consumption associated with the return of the gateway 30b from the deep sleep mode is suppressed. It is possible.

  In the third embodiment and the fourth embodiment, the gateway 30b is mainly exemplified by the tunnel connection with the cloud server 70 in the simple connection mode, but is not limited thereto. For example, also in the third embodiment and the fourth embodiment, the gateway 30b may be tunnel-connected to the cloud server 70 in the regular connection mode (see FIG. 14). In particular, as in the second embodiment, the gateway 30b and the cloud server 70 may be tunnel-connected by the mode selected by the user from the simple connection mode and the regular connection mode.

<5. Fifth Embodiment>
<5-1. Overview>
The fifth embodiment is a modification of the first embodiment. Below, it demonstrates centering on difference with 1st Embodiment.

  In the said 1st Embodiment, the aspect which the gateway 30b transmits a substitute prior request with respect to the gateway 30a immediately before the gateway 30b changes to deep sleep mode is illustrated (refer FIG. 5 and FIG. 6).

  On the other hand, the fifth embodiment exemplifies a mode in which the gateway 30b does not transmit a proxy advance request to the gateway 30a. In the fifth embodiment, the gateway 30a acquires management information regarding other gateways 30 (30b, etc.) in the LAN 107 at regular intervals, and transfers the management information to the management server 50 as needed to store it in the management server 50. Keep it. Then, the management server 50 determines a proxy gateway of the gateway 30b based on the (latest) management information, and transmits a tunnel connection request to the determined proxy gateway (for example, 30a).

<5-2. Until transition to deep sleep mode>
FIG. 20 is a timing chart showing operations in the communication system according to the fifth embodiment (mainly operations before the gateway 30b transits to the deep sleep mode). FIG. 21 is a flowchart showing a part of the operation (the operation of the gateway 30a) in the communication system according to the fifth embodiment. FIG. 22 is a conceptual diagram showing an operation according to the fifth embodiment (mainly an operation before the gateway 30b transitions to the deep sleep mode). Further, FIG. 23 is a diagram illustrating an example of management information 350 stored in the management server 50.

  In the fifth embodiment, the operation of FIG. 20 is performed instead of the operation of FIG. 5 in the first embodiment. Specifically, before the gateway 30b transitions to the deep sleep mode, the proxy advance request process by the gateway 30b is not performed, but a gateway 30a (also referred to as an overall gateway) that supervises a plurality of gateways 30 (in detail) The information collecting unit 45) acquires management information related to other gateways 30 (including the gateway 30 b), and transmits the management information to the management server 50.

  FIG. 21 is a flowchart showing the operation of the gateway 30a.

  As shown in FIG. 21, when it is determined in step S21 that a fixed time (for example, 1 minute) has elapsed since the previous search time, the process proceeds to step S22.

  In step S22, the gateway 30a (information collecting unit 45) transmits a search command (search packet) for confirming the presence / absence of another gateway 30 (30b or the like) in the LAN 107. In addition, the gateway 30a (information collecting unit 45) returns management information related to each gateway 30 to each other gateway 30 (30b, etc.) that has been confirmed to exist in the LAN 107 in response to the search command. A management information transmission request to the effect is transmitted (step S22) (see also FIG. 22).

  When each gateway 30 receives the search command from the gateway 30a, it returns to the gateway 30a that itself (each gateway 30 itself) exists in the LAN 107. Further, when each gateway 30 receives the management information transmission request from the gateway 30a, the gateway 30 transmits information regarding the devices under the gateway 30 and information regarding the proxy gateway of each gateway 30 to the gateway 30a.

  Here, both the search command and the management information transmission request are transmitted and received separately. However, the present invention is not limited to this, and one command (signal) corresponding to the search command and the management information transmission request is transmitted and received. You may be made to do.

  When the gateway 30a receives the information (response to the management information transmission request) from each gateway 30 (step S23), the gateway 30a transmits (transfers) the information from each gateway 30 to the management server 50 (step S24) (FIG. S24). 22).

  Thereby, the information transmitted from each gateway 30 to the gateway 30a is transferred to the management server 50 by the gateway 30a, added to the management table 69 (69e) (see FIG. 22) in the management server 50, and stored. Is done.

  Thereafter, the gateway 30b transitions to the deep sleep mode at an appropriate timing (see FIG. 20).

  FIG. 23 is a diagram showing a management table 69 (69e) according to the fifth embodiment. Management information 350 is stored in the management table 69e.

  As shown in FIG. 23, in the management information 350, a correspondence relationship (also referred to as a dominant relationship or a master-slave relationship) between the plurality of gateways 30 and the plurality of devices 10 is defined. Specifically, information on the devices 10 existing under each gateway 30 is defined. For example, the management information 350 of FIG. 23 stipulates that the device 10a and the device 10c exist under the gateway 30a and the device 10b exists under the gateway 30b.

  In the management information 350, a proxy relationship between the plurality of gateways 30 (specifically, another gateway capable of substituting each gateway) is also defined. For example, in FIG. 23, it is defined that the gateway 30a can substitute for the gateway 30b.

  Further, the management information 350 also defines information regarding whether or not each gateway 30 currently has a message session with the management server 50. In FIG. 23, it is defined that the gateway 30a has a message session with the management server 50, and the gateway 30b is connected to the management server 50 (due to being in deep sleep). It is defined that there is no message session in between. Information regarding the presence or absence of a message session does not need to be acquired from the gateway 30 and may be acquired by the management server 50 itself and stored in the management table 69.

  As described above, in the fifth embodiment, the gateway 30b does not transmit a proxy advance request to the gateway 30a, and the gateway 30b transits to the deep sleep mode.

  In addition, the gateway 30a does not generate a new message session 513 (see FIG. 7 and the like) for proxy related to the gateway 30b. The gateway 30a waits for both a tunnel connection request for the gateway 30a and a tunnel connection request for the gateway 30b using the existing message session 511.

<5-3. Recovery from deep sleep mode>
Next, the operation of the communication system 1 when the access request to the device 10b is given from the cloud server 70 and the gateway 30b returns from the deep sleep mode (sleep state) to the normal mode (non-sleep state) is shown in FIGS. Will be described with reference to FIG. FIG. 24 is a timing chart showing the operation. FIG. 25 is a flowchart showing a part of the operation (the operation of the management server 50), and FIG. 26 is a flowchart showing a part of the operation (the operation of the gateway 30a).

  As shown in FIG. 24, steps S31 and S32 are performed in the same manner as in the first embodiment. In response to this, the management server 50 executes the operation of the flowchart of FIG.

  First, when the management server 50 receives an access request (access request for the print output destination device 10b) based on the cloud print instruction from the cloud server 70, the management server 50 proceeds from step S71 to step S72.

  In step S72, the management server 50 determines the gateway 30b as a gateway corresponding to the access destination device 10b based on the management information 350 (FIG. 23), and the gateway 30b establishes a message session with the management server 50. It is determined whether or not it has.

  When the gateway 30b has a message session with the management server 50, it is determined that the gateway 30b has a non-deep sleep state (normal state or the like). A tunnel connection request is directly transmitted (step S73). Then, a tunnel connection is established between the gateway 30b and the cloud server 70, and data transmission from the cloud server 70 to the device 10b is performed via the tunnel connection.

  On the other hand, when the gateway 30b does not have a message session with the management server 50, it determines with the gateway 30b being in a deep sleep state, and progresses to step S74.

  In step S74, it is determined whether or not there is a gateway 30 that can be connected to the gateway 30b and has a message session with the management server 50 (in other words, a valid proxy gateway for the gateway 30b). This is determined based on the management information 350. Further, the management server 50 determines an effective proxy gateway (effective proxy gateway 30a corresponding to a specific gateway 30b) of the gateway 30b based on the management information 350.

  When it is determined that there is no valid proxy gateway for the gateway 30b, the management server 50 transmits error information to the cloud server 70 (step S75).

  If it is determined that there is a valid proxy gateway for the gateway 30b, the management server 50 transmits a tunnel connection request for the gateway 30b to the proxy gateway 30 (30a in this case) (step S76). In other words, the management server 50 transmits a tunnel connection request with a transfer request to the gateway 30b to the gateway 30a.

  Upon receiving the message (tunnel connection request) from the management server 50 via the existing message session 511 (FIG. 22) established between the gateway 30a and the management server 50, the gateway 30a starts from step S64. The process proceeds to step S65 (see FIG. 26). Here, it is assumed that a message session 511 that mainly receives a message for the gateway 30a has already been established between the gateway 30a and the management server 50. A tunnel connection request for the gateway 30b is received using the existing message session 511.

  If it is determined that the message is a message for the device itself (specifically, a tunnel connection request for the gateway 30a), the process proceeds from step S65 to step S67. In step S67, a tunnel connection is established between the gateway 30a and the cloud server 70, and data transmission from the cloud server 70 to the device 10a (or 10c or the like) is performed via the tunnel connection.

  Here, it is determined that the message is a tunnel connection request for another gateway 30b, and the process proceeds from step S65 to step S66. In step S66, as in the first embodiment, the tunnel connection request is transferred from the proxy gateway 30a to the gateway 30b (step S39), and the gateway 30b returns from the deep sleep state to the normal state. Then, a tunnel connection is established between the gateway 30b and the cloud server 70 (step S56 (see FIG. 24)), and data transmission from the cloud server 70 to the device 10b is performed via the tunnel connection (step S57). ). After that, when a predetermined no-operation time elapses, the gateway 30b transitions to the deep sleep mode again.

  The operation similar to that of the first embodiment can be obtained by the operation as described above.

  In particular, in the above operation, the proxy relationship between the plurality of gateways 30 (including that the gateway 30a is a proxy gateway for the gateway 30b, etc.) is acquired in advance by the gateway 30a and transferred to the management server 50 for management table. 69. When the management server 50 receives an access request for the device 10b from the cloud server 70, the management server 50 determines a gateway (30b) under which the device 10b is subordinate based on the management information 350 in the management table 69, and the gateway The proxy gateway 30b is determined to be the gateway 30a. Then, a tunnel connection request with a transfer request to the gateway 30b is transmitted from the management server 50 to the proxy gateway 30a. As a result, a tunnel connection request is transmitted from the management server 50 to the gateway 30b via the proxy gateway 30a.

  According to such an operation, the gateway 30b does not need to transmit a proxy advance request to the proxy gateway 30a before transitioning to the deep sleep mode.

  More specifically, the proxy gateway 30a uses the existing message session 511 (message session for the gateway 30a) with the management server 50 without generating a new message session with the management server 50, and the gateway 30a. It waits for a tunnel connection request for 30b and receives the tunnel connection request (see FIG. 22). Therefore, compared with the case where a message session 513 (see FIGS. 7 and 10) for the gateway 30b is newly generated between the management server 50 and the gateway 30a, the communication load is reduced, and the gateway 30a and the management server 50 Resources can be used effectively. More specifically, it is possible to suppress memory usage in the gateway 30a and the management server 50.

<6. Sixth Embodiment>
The sixth embodiment is a modification according to the combination of the fifth embodiment and the second embodiment. Below, it demonstrates centering on difference with 5th Embodiment.

  In the sixth embodiment, the management server 50 executes the operation of the flowchart of FIG. 27 instead of the operation of the flowchart of FIG.

  Steps S71 to S75 are the same as in the fifth embodiment.

  If “YES” is determined in step S74, the process proceeds to step S77 (not step S76).

  In step S77, the management server 50 determines which of the “simple connection mode” and “regular connection mode” is specified by the user setting as the tunnel communication establishment mode (connection mode), and Branch processing according to the determination result is performed. It is assumed that the user setting contents in the gateway 30b are transferred to the management server 50 and stored in advance.

  The management server 50 should transfer the tunnel connection request to the gateway 30b indicating that the operation for the tunnel connection request should be executed according to the mode set by the user among the two modes (“simple connection mode” and “regular connection mode”). A tunnel connection request with the effect is transmitted to the proxy gateway 30a.

  Specifically, if “simple connection mode” is designated as the connection mode of tunnel communication, the process proceeds to step S78. In step S78, a tunnel connection request for the gateway 30b is transmitted from the management server 50 to the proxy gateway 30a with information indicating that the connection operation in the simple connection mode should be executed (with the information added). . Thereafter, the tunnel connection request is transferred from the gateway 30a to the gateway 30b (step S66 (FIG. 26)), and tunnel connection processing in the “simple connection mode” is executed in the gateway 30b (steps S56 and S57) (FIGS. 8 and 10).

  On the other hand, if “regular connection mode” is designated as the connection mode of tunnel communication, the process proceeds to step S79. In step S79, a tunnel connection request for the gateway 30b is transmitted from the management server 50 to the proxy gateway 30a with information indicating that the connection operation in the normal connection mode should be executed (with the information added). . Thereafter, the tunnel connection request is transferred from the gateway 30a to the gateway 30b (step S66 (FIG. 26)), and the tunnel connection processing in the “regular connection mode” is executed in the gateway 30b (steps S53, S54, S55, S56, S57). (See FIGS. 12 and 14).

  According to the operation as described above, it is possible to obtain the same effects as those of the second embodiment and the fifth embodiment.

<7. Seventh Embodiment>
The seventh embodiment is a modification according to the combination of the fifth embodiment and the third embodiment. Below, it demonstrates centering on difference with 5th Embodiment.

  In the seventh embodiment, as in the third embodiment, it is assumed that both the gateways 30a and 30b have a common device 10 (here, 10b) (see FIGS. 17 and 18). ). Note that the message session 513 is not established, and is common to the fifth embodiment (see FIG. 22) and is different from the third embodiment (see FIGS. 17 and 18).

  In the seventh embodiment, when the management server 50 receives an access request for the device 10b from the cloud server 70, the management server 50 selects the gateway 30 corresponding to the device 10b based on the management information 530 from the gateways 30a and 30b. To select. Here, it is assumed that the gateway 30b is selected as the gateway corresponding to the device 10b.

  When the management server 50 determines that a message session between the gateway 30b and the management server 50 has not been established, the management server 50 transmits a tunnel connection request to the proxy gateway 30a. However, the management server 50 determines whether or not to accompany the tunnel connection request that the tunnel connection request should be transferred to the gateway 30b depending on whether or not a predetermined condition is satisfied. The predetermined condition in the seventh embodiment is the same as the predetermined condition in the third embodiment.

  When the current number of tunnel connections of the gateway 30a has already reached the predetermined upper limit value, a tunnel connection request is transmitted to the gateway 30a with a notice that it should be transferred to the gateway 30b. In other words, the management server 50 transmits a tunnel connection request with a transfer request to the gateway 30b to the gateway 30a. In response to this, the gateway 30a transfers the tunnel connection request to the gateway 30b.

  On the other hand, when the current number of tunnel connections of the gateway 30a has not yet reached the predetermined upper limit value, a tunnel connection request is transmitted to the gateway 30a without being transferred to the gateway 30b.

  Then, a tunnel connection is established between the gateway 30 (30a or 30b) that finally received the tunnel connection request and the cloud server 70, and the print target data or the like is transmitted to the cloud server via the established tunnel connection. 70 to the transmission target device 10b.

  In the seventh embodiment, the management server 50 executes the operation of the flowchart of FIG. 28 instead of the operation of the flowchart of FIG.

  Steps S71 to S75 are the same as in the fifth embodiment.

  If "YES" is determined in the step S74, the process proceeds to the step S81 (not the step S76).

  In step S81, the management server 50 transmits a command to the effect that the current number of tunnel connections should be returned to the gateway 30a. In response to the command, the gateway 30a returns the current number of tunnel connections of the gateway 30a to the management server 50. The command and its response are transmitted / received via a message session 511 (see FIG. 22).

  When the current number of tunnel connections in the gateway 30a is transmitted from the gateway 30 to the management server 50, the process proceeds from step S82 to step S83.

  In step S83, it is determined whether or not the number of tunnel connections of the gateway 30a has already reached a predetermined upper limit value (for example, “2”), and branch processing based on the determination result is executed.

  When the current number of tunnel connections provided between the cloud server 70 and the gateway (proxy gateway) 30a has already reached a predetermined upper limit (for example, “2”), the process of step S84 is executed. Is done. In step S84, the management server 50 transmits a tunnel connection request to the proxy gateway 30a with a notice that the tunnel connection request should be transferred to the gateway 30b. That is, a tunnel connection request with a transfer request is transmitted to the gateway 30a.

  Thereafter, the same processing as in the first embodiment (see FIG. 8) (or the second embodiment (see FIG. 12)) is performed. Specifically, as shown in FIG. 17 (see also FIG. 8, etc.), the gateway 30a transfers the tunnel connection request from the management server 50 to the gateway 30b, and returns the gateway 30b from the deep sleep mode (step S39). ). Then, the gateway 30b establishes tunnel communication with the cloud server 70 in the simple connection mode (or regular connection mode) (step S56), and uses the tunnel communication from the cloud server 70 to the gateway 30b. Communication toward the managed device 10 (for example, 10b) is executed via the gateway 30b (step S57).

  On the other hand, when the current number of tunnel connections provided between the cloud server 70 and the proxy gateway 30a has not yet reached the predetermined upper limit value, the process of step S85 (FIG. 28) is executed. In step S85, the management server 50 transmits a tunnel connection request without a transfer request to the gateway 30a. In other words, the management server 50 transmits a tunnel connection request to be executed by the gateway 30a itself to the gateway 30a.

  Thereafter, the processes of steps S58 and S59 are executed. Specifically, as shown in FIGS. 16 and 18, the gateway 30a establishes a new tunnel connection (tunnel communication) between the gateway 30a and the cloud server 70 (step S58), and the cloud server 70 and the device The communication with 10b is relayed (step S59). In step S59, using the new tunnel communication, communication from the cloud server 70 toward the device 10 (for example, 10b) managed by the gateway 30a is executed via the gateway 30a.

  In this way, the management server 50 transmits a tunnel connection request without a transfer request to the gateway 30a to establish tunnel communication between the gateway 30a and the cloud server 70, and the cloud server 70 and the specific device 10b. Can be relayed to the gateway 30a.

  According to the operation as described above, it is possible to obtain the same effects as those of the third embodiment and the fifth embodiment.

<8. Eighth Embodiment>
The eighth embodiment is a modification according to the combination of the fifth embodiment and the fourth embodiment. Below, it demonstrates centering on difference with 5th Embodiment.

  In the eighth embodiment, similarly to the fourth embodiment, it is assumed that both the gateways 30a and 30b have a common device 10 (here, 10b) (see FIGS. 17 and 18). ). The message session 513 is not established, and is common to the fifth embodiment (see FIG. 22) and is different from the fourth embodiment.

  In the eighth embodiment, when the management server 50 receives an access request for the device 10b from the cloud server 70, the management server 50 selects the gateway 30 corresponding to the device 10b based on the management information 530 from the gateways 30a and 30b. To select. Here, it is assumed that the gateway 30b is selected as the gateway corresponding to the device 10b.

  If the management server 50 determines that a message session between the gateway 30b and the management server 50 has not been established, the management server 50 transmits a tunnel connection request to the proxy gateway 30a. However, the management server 50 determines whether or not to accompany the tunnel connection request that the tunnel connection request should be transferred to the gateway 30b depending on whether or not a predetermined condition is satisfied. The predetermined condition in the eighth embodiment is the same as the predetermined condition in the fourth embodiment.

  If it is determined that the security level of the proxy gateway 30a is lower than the security level of the gateway 30b, a tunnel connection request is transmitted to the gateway 30a with a message that it should be transferred to the gateway 30b. In other words, the management server 50 transmits a tunnel connection request with a transfer request to the gateway 30b to the gateway 30a. In response to this, the gateway 30a transfers the tunnel connection request to the gateway 30b.

  On the other hand, when it is determined that the security level of the proxy gateway 30a is equal to or higher than the security level of the gateway 30b, the tunnel connection request is transmitted to the gateway 30a without being transferred to the gateway 30b.

  Then, a tunnel connection is established between the gateway 30 (30a or 30b) that finally received the tunnel connection request and the cloud server 70, and the print target data or the like is transmitted to the cloud server via the established tunnel connection. 70 to the transmission target device 10b.

  In the eighth embodiment, the management server 50 executes the operation of the flowchart of FIG. 29 instead of the operation of the flowchart of FIG.

  Steps S71 to S75 are the same as in the fifth embodiment.

  If “YES” is determined in step S74, the process proceeds to step S91 (not step S76).

  In step S91, the magnitude relationship between the security level of the proxy gateway 30a and the security level of the gateway 30b is determined, and branch processing based on the determination result is executed.

  In addition, the information regarding the security level of each gateway 30 shall be previously transmitted from each gateway 30 to the management server 50 via the gateway 30a in step S23, S24 (refer FIG. 20 and FIG. 21).

  When it is determined that the security level of the proxy gateway 30a is lower than the security level of the gateway 30b, the process of step S92 is executed. In step S92, the management server 50 transmits a tunnel connection request to the proxy gateway 30a with a notice that the tunnel connection request should be transferred to the gateway 30b. That is, a tunnel connection request with a transfer request is transmitted to the gateway 30a.

  Thereafter, the same processing as in the first embodiment (see FIG. 8) (or the second embodiment (see FIG. 12)) is performed. Specifically, as shown in FIG. 17 (see also FIG. 8, etc.), the gateway 30a transfers the tunnel connection request from the management server 50 to the gateway 30b, and returns the gateway 30b from the deep sleep mode (step S39). ). Then, the gateway 30b establishes tunnel communication with the cloud server 70 in the simple connection mode (or regular connection mode) (step S56), and uses the tunnel communication from the cloud server 70 to the gateway 30b. Communication toward the managed device 10 (for example, 10b) is executed via the gateway 30b (step S57).

  On the other hand, when the security level of the proxy gateway 30a is equal to or higher than the security level of the gateway 30b, the process of step S93 (FIG. 29) is executed. In step S93, the management server 50 transmits a tunnel connection request without a transfer request to the gateway 30a. In other words, the management server 50 transmits a tunnel connection request to be executed by the gateway 30a itself to the gateway 30a.

  Thereafter, the processes of steps S58 and S59 are executed. Specifically, as shown in FIGS. 16 and 18, the gateway 30a establishes a new tunnel connection (tunnel communication) between the gateway 30a and the cloud server 70 (step S58), and the cloud server 70 and the device The communication with 10b is relayed (step S59). In step S59, using the new tunnel communication, communication from the cloud server 70 toward the device 10 (for example, 10b) managed by the gateway 30a is executed via the gateway 30a.

  According to the operation as described above, it is possible to obtain the same effect as in the fourth embodiment and the fifth embodiment.

<9. Modified example>
Although the embodiments of the present invention have been described above, the present invention is not limited to the contents described above.

  For example, in each of the above-described embodiments, a mode in which the gateway 30 is constructed using an MFP is illustrated, but the present invention is not limited to this, and the gateway 30 uses another device (single-function printer, personal computer, or the like). May be constructed.

  In each of the above embodiments, an MFP is exemplified as the device 10, but the device 10 is not limited to this, and the device 10 may be another device (such as a single function printer or a personal computer).

1 Communication System 10 Device (MFP)
30a (agent) gateway 30b (specific) gateway 50 management server 70 cloud server 90 client 310, 350 management information

Claims (27)

A communication system,
A plurality of devices provided in a predetermined LAN;
A plurality of gateways provided inside the predetermined LAN and relaying communication between the plurality of devices and a cloud server provided outside the predetermined LAN;
A management server that is provided outside the predetermined LAN and receives an access request for a specific device among the plurality of devices from the cloud server;
With
The plurality of gateways are:
A specific gateway capable of transitioning to a power saving mode without a communication session with the management server and having the specific device under its control;
A proxy gateway that receives a tunnel connection request for establishing a tunnel connection with the cloud server on behalf of the specific gateway via a communication session established with the management server;
Have
The management server communicates between the proxy gateway and the management server when a communication session is not established between the specific gateway and the management server when the access request is received from the cloud server. Sending the tunnel connection request to the surrogate gateway via a session;
When the proxy gateway receives the tunnel connection request from the management server, the proxy gateway transfers the tunnel connection request to the specific gateway and returns the specific gateway from the power saving mode,
After the return from the power saving mode, the specific gateway establishes tunnel communication between the specific gateway and the cloud server based on the tunnel connection request received from the proxy gateway, and the cloud server A communication system, wherein communication with the specific device is relayed. The communication system according to claim 1,
The specific gateway receives the tunnel connection request on behalf of the specific gateway and transmits a proxy advance request to the tunnel to forward the tunnel connection request to the specific gateway. Transition to power saving mode,
The proxy gateway transfers proxy information based on the proxy advance request to the management server. The communication system according to claim 2,
When the proxy gateway receives the proxy advance request from the specific gateway, the proxy gateway generates a new communication session with the management server separately from the existing communication session with the management server. A communication system characterized by waiting for the tunnel connection request for the gateway. The communication system according to claim 1,
The specific gateway is
After collecting from the power saving mode, information collecting means for collecting information on devices existing under the specific gateway;
Establishing a new communication session between the specific gateway and the management server on the condition that the specific device is determined to be operating normally based on the information collected by the information collecting means; A new tunnel connection request is received from the management server via the new communication session, and the tunnel communication is established with the cloud server in response to the new tunnel connection request to identify the cloud server and the identification Communication control means for relaying communication with other devices;
A communication system comprising: The communication system according to claim 1,
The specific gateway is
Communication control means for establishing the tunnel communication in response to the tunnel connection request transferred from the proxy gateway and relaying communication between the cloud server and the specific device;
A communication system comprising: The communication system according to claim 1,
The specific gateway is
Information collecting means for collecting information on devices existing under the specific gateway;
Communication control means for establishing tunnel communication with the cloud server and relaying communication between the cloud server and the specific device;
With
The communication control means includes
Establishing a new communication session between the specific gateway and the management server on the condition that the specific device is determined to be operating normally based on the information collected by the information collecting means; A new tunnel connection request is received from the management server via the new communication session, the tunnel communication is established in response to the new tunnel connection request, and the communication between the cloud server and the specific device is relayed Regular connection mode to
In response to the tunnel connection request transferred from the proxy gateway, the tunnel communication is established, and a simple connection mode for relaying communication between the cloud server and the specific device;
Both modes as connection modes,
The communication control means, wherein the communication control means executes an operation for the tunnel connection request according to a mode set by a user out of both the normal connection mode and the simple connection mode. The communication system according to claim 1,
The specific device exists under both the specific gateway and the proxy gateway,
When the proxy gateway receives the tunnel connection request from the management server,
When the current number of tunnel connections provided between the cloud server and the proxy gateway has already reached a predetermined upper limit value, the tunnel connection request is transferred to the specific gateway and the specific gateway Establishing the tunnel communication with the cloud server,
When the current number of tunnel connections has not yet reached the predetermined upper limit value, tunnel communication is established between the proxy gateway and the cloud server to relay communication between the cloud server and the specific device. A communication system. The communication system according to claim 1,
The specific device exists under both the specific gateway and the proxy gateway,
When the proxy gateway receives the tunnel connection request from the management server,
When the security level of the proxy gateway is lower than the security level of the specific gateway, the tunnel connection request is transferred to the specific gateway to establish the tunnel communication between the specific gateway and the cloud server,
When the security level of the proxy gateway is higher than the security level of the specific gateway, tunnel communication is established between the proxy gateway and the cloud server to relay communication between the cloud server and the specific device A communication system characterized by the above. The communication system according to claim 1,
The proxy gateway is
Information collecting means for acquiring management information including proxy information related to a proxy relationship between the plurality of gateways by communicating with other gateways in the predetermined LAN;
Communication means for transmitting the management information to the management server;
Have
When the management server receives the access request for the specific device from the cloud server and the communication session between the management server and the specific gateway is not established, the specific gateway It is determined that the power saving mode is provided, the proxy gateway corresponding to the specific gateway is determined based on the management information, and the tunnel connection request with a transfer request to the specific gateway is sent to the proxy gateway The communication system characterized by transmitting. The communication system according to claim 9,
The proxy gateway uses the existing communication session between the proxy gateway and the management server without generating a new communication session between the proxy gateway and the management server. And waiting for the tunnel connection request. The communication system according to claim 9,
The specific gateway is
On the condition that the specific device is determined to be operating normally, a new communication session is established between the specific gateway and the management server, and the management server is passed through the new communication session. A normal connection mode for receiving a new tunnel connection request from the network, establishing the tunnel communication in response to the new tunnel connection request, and relaying communication between the cloud server and the specific device;
Establishing the tunnel communication in response to receiving the tunnel connection request, and a simple connection mode for relaying communication between the cloud server and the specific device;
Both modes as connection modes,
The management server gives information that an operation for the tunnel connection request should be executed by the specific gateway according to a predetermined mode set by the user among the two modes, and A communication system, wherein the tunnel connection request is transmitted. The communication system according to claim 9,
The specific device exists under both the specific gateway and the proxy gateway,
The management server
The proxy gateway corresponding to the specific gateway is determined based on the management information, and the current number of tunnel connections provided between the cloud server and the proxy gateway is received from the proxy gateway,
If the current number of tunnel connections has already reached a predetermined upper limit value, the tunnel connection request is transmitted to the proxy gateway with an indication that the tunnel connection request should be transferred to the specific gateway. And establishing the tunnel communication between the specific gateway and the cloud server,
If the current number of tunnel connections has not yet reached the predetermined upper limit value, the tunnel connection request is transmitted to the proxy gateway to perform tunnel communication between the proxy gateway and the cloud server. A communication system that establishes and relays communication between the cloud server and the specific device to the proxy gateway. The communication system according to claim 9,
The specific device exists under both the specific gateway and the proxy gateway,
The management server
The proxy gateway corresponding to the specific gateway is determined based on the management information, and the security level of the proxy gateway and the security level of the specific gateway are acquired,
When the security level of the proxy gateway is lower than the security level of the specific gateway, the tunnel connection request is transmitted to the proxy gateway with the fact that the tunnel connection request should be transferred to the specific gateway. And establishing the tunnel communication between the specific gateway and the cloud server,
If the security level of the surrogate gateway is higher than the security level of the specific gateway, the tunnel connection request is transmitted to the surrogate gateway to establish tunnel communication between the surrogate gateway and the cloud server. A communication system that relays communication between the cloud server and the specific device to the proxy gateway. The communication system according to any one of claims 1 to 13,
The communication system, wherein the specific gateway is constructed in an image forming apparatus. Communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is made via any one of a plurality of gateways provided inside the predetermined LAN. A management server that manages communication between the cloud server and the specific device in the communication system to be executed,
Receiving means for receiving an access request for the specific device from the cloud server;
Communication control means for transmitting a tunnel connection request to establish tunnel communication with the cloud server in response to the access request;
With
When the access request is accepted, the communication control means separates from the specific gateway when a communication session is not established between the management server and the specific gateway corresponding to the specific device. The tunnel connection request is transmitted to the proxy gateway via a communication session between the proxy gateway that is the gateway of the gateway and the management server, and the tunnel connection request is transferred to the specific gateway. Management server characterized by The management server according to claim 15,
Storage means for storing management information including proxy information relating to proxy relationships among the plurality of gateways by communicating with other gateways in the predetermined LAN;
Further comprising
In the case where the access request for the specific device is received from the cloud server, the communication control means, if a communication session between the management server and the specific gateway is not established, the specific gateway. Determining that it has the power saving mode, determining the proxy gateway corresponding to the specific gateway based on the management information, and determining the tunnel connection request with a transfer request to the specific gateway as the proxy gateway. The management server characterized by transmitting to. The management server according to claim 15,
The specific gateway is
On the condition that the specific device is determined to be operating normally, a new communication session is established between the specific gateway and the management server, and the management server is passed through the new communication session. A normal connection mode for receiving a new tunnel connection request from the network, establishing the tunnel communication in response to the new tunnel connection request, and relaying communication between the cloud server and the specific device;
Establishing the tunnel communication in response to receiving the tunnel connection request, and a simple connection mode for relaying communication between the cloud server and the specific device;
Both modes as connection modes,
The communication control means includes that the operation for the tunnel connection request should be executed according to a predetermined mode set by the user among the two modes, and that the tunnel connection request should be transferred to the specific gateway. Is transmitted to the proxy gateway. The management server according to claim 15,
The specific device exists under both the specific gateway and the proxy gateway,
The communication control means includes
The proxy gateway corresponding to the specific gateway is determined based on the management information, and the current number of tunnel connections provided between the cloud server and the proxy gateway is received from the proxy gateway,
If the current number of tunnel connections has already reached a predetermined upper limit, the tunnel connection request is transmitted to the proxy gateway with the notification that the tunnel connection request should be transferred to the specific gateway. And establishing the tunnel communication between the specific gateway and the cloud server,
If the current number of tunnel connections has not yet reached the predetermined upper limit value, the tunnel connection request is transmitted to the proxy gateway to perform tunnel communication between the proxy gateway and the cloud server. A management server configured to relay the communication between the cloud server and the specific device to the proxy gateway. The management server according to claim 15,
The specific device exists under both the specific gateway and the proxy gateway,
The communication control means includes
The proxy gateway corresponding to the specific gateway is determined based on the management information, and the security level of the proxy gateway and the security level of the specific gateway are acquired,
When the security level of the proxy gateway is lower than the security level of the specific gateway, the tunnel connection request is transmitted to the proxy gateway with the fact that the tunnel connection request should be transferred to the specific gateway. And establishing the tunnel communication between the specific gateway and the cloud server,
If the security level of the surrogate gateway is higher than the security level of the specific gateway, the tunnel connection request is transmitted to the surrogate gateway to establish tunnel communication between the surrogate gateway and the cloud server. A management server that relays communication between the cloud server and the specific device to the proxy gateway. Communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is made via any one of a plurality of gateways provided inside the predetermined LAN. In a communication system to be executed in a computer built in a management server that manages communication between the cloud server and the specific device,
a) receiving an access request for the specific device from the cloud server;
b) transmitting a tunnel connection request indicating that tunnel communication should be established with the cloud server in response to the access request;
A program for executing
Said step b)
When a communication session is not established between the specific gateway and the management server when the access request is accepted, between the proxy gateway that is a gateway different from the specific gateway and the management server Sending the tunnel connection request to the surrogate gateway via a communication session of the network to forward the tunnel connection request to the specific gateway;
The program characterized by having. Communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is performed between a management server provided outside the predetermined LAN and the predetermined LAN. A gateway that performs a partial operation of the specific gateway in a communication system that executes using a specific gateway provided inside,
A tunnel connection request for the specific gateway that is transmitted from the management server in response to an access request for the specific device from the cloud server in a state where the specific gateway has the power saving mode. Receiving means to accept;
When the tunnel connection request is transmitted from the management server via a communication session between the gateway and the management server, the tunnel connection request is transferred to the specific gateway to save the specific gateway. Communication control means for returning from the power mode and establishing tunnel communication between the specific gateway and the cloud server, and relaying communication between the cloud server and the specific device to the specific gateway;
A gateway characterized by comprising. The gateway according to claim 21,
The communication control means receives the tunnel connection request on behalf of the specific gateway and receives a proxy advance request from the specific gateway that the tunnel connection request should be transferred to the specific gateway. A gateway that transfers proxy information based on the proxy prior request to the management server. The gateway according to claim 21,
The specific device exists under both the specific gateway and the gateway,
The gateway is
If the current number of tunnel connections provided between the cloud server and the gateway has already reached a predetermined upper limit value, the tunnel connection request is transferred to the specific gateway to transmit the specific gateway. And establish the tunnel communication between the cloud server and
When the current number of tunnel connections has not yet reached the predetermined upper limit value, tunnel communication is established between the gateway and the cloud server to establish communication between the cloud server and the specific device. A gateway characterized by relaying. The gateway according to claim 21,
The specific device exists under both the specific gateway and the proxy gateway,
The proxy gateway is
When the security level of the proxy gateway is lower than the security level of the specific gateway, the tunnel connection request is transferred to the specific gateway to establish the tunnel communication between the specific gateway and the cloud server. Let
When the security level of the proxy gateway is higher than the security level of the specific gateway, tunnel communication is established between the proxy gateway and the cloud server to relay communication between the cloud server and the specific device A gateway characterized by. Communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is performed between a management server provided outside the predetermined LAN and the predetermined LAN. A program for causing a computer built in a gateway acting on behalf of a part of the operation of the specific gateway in a communication system to be executed using a specific gateway provided therein,
a) receiving a tunnel connection request for the specific device transmitted from the management server that has received the access request for the specific device from the cloud server;
b) The tunnel connection request for the specific gateway from the management server in response to the job request for the specific device being received by the management server in a state where the specific gateway has the power saving mode. Is transmitted, the tunnel connection request is transmitted to the specific gateway to return the specific gateway from the power saving mode and to establish tunnel communication between the specific gateway and the cloud server. Relaying communication between the cloud server and the specific device to the specific gateway;
A program comprising: Communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is performed between a management server provided outside the predetermined LAN and the predetermined LAN. A gateway in a communication system that executes using a gateway provided inside,
Operation control means for controlling the operation mode of the gateway, including a normal mode and a power saving mode that consumes less power than the normal mode;
A proxy advance request for receiving a tunnel connection request to establish a tunnel connection with the cloud server on behalf of the gateway and transferring the tunnel connection request to the gateway is different from the gateway. Communication control means for transmitting to the surrogate gateway which is the gateway of before the transition to the power saving mode;
A gateway characterized by comprising. Communication between a cloud server provided outside a predetermined LAN and a specific device provided inside the predetermined LAN is performed between a management server provided outside the predetermined LAN and the predetermined LAN. A program for causing a computer incorporated in a gateway in a communication system to be executed using a gateway provided therein,
a) Receiving a tunnel connection request to establish a tunnel connection with the cloud server on behalf of the gateway, and sending a proxy advance request to transfer the tunnel connection request to the gateway Sending to another gateway, a surrogate gateway,
b) after the step a), transitioning the operation mode of the gateway to a power saving mode in which the power consumption is lower than the normal mode;
A program comprising:

Images