JP4167603B2 - Service providing system and gateway device - Google Patents

Description

  The present invention relates to a service providing system in which a server provides a service to a communication terminal via a gateway device.

  Conventionally, as a service providing system for providing service information related to each home appliance installed in a house via a home gateway device, each home appliance connected to a local network and each home appliance connected to the Internet There is known a service provider that provides service information on the Internet and a home gateway device that connects a local network and the Internet.

In the operation of a conventional service providing system, first, a service provider downloads a service program to a home gateway device or home appliance. The downloaded service program collects information on the operating state of the home appliance and the in-home state measured by the home appliance via the local network. The collected information is transmitted to the service provider via the Internet. Based on the transmitted information, the service provider creates service information such as device maintenance and efficient driving advice, and sends this back to the home gateway device via the Internet. The returned service information is provided to each device by the home gateway device via the local network. Therefore, the conventional service providing system can save the trouble of the owner of the home appliance managing and monitoring the home appliance and allow the service provider to outsource the management and monitoring of the home appliance (for example, Patent Document 1). reference).
JP 2002-290474 A (2nd-3rd paragraphs)

  However, in the service providing system described above, since the access authority of the home appliance is given to the service provider, if there is malicious intent, the home appliance can be hijacked, and the data stored in the home appliance may be destroyed or personal information, etc. There was a problem that leakage occurred. In addition, there is a problem in that home appliances other than the predetermined home appliances to be provided for service are also taken over by the service provider.

  The present invention has been made to solve the above-described conventional problems, and its purpose is to increase the safety of the communication terminal to which the service is provided, and the trouble of the communication terminal owner managing and monitoring the communication terminal. And providing a service providing system and a gateway device that allow a service provider to outsource business operations such as management and monitoring of communication terminals.

  The service providing system of the present invention includes a gateway device connected to the first network and the second network, one or more servers communicatively connected to the gateway device via the first network, and the first network And a service providing system in which a server provides a service to the communication terminal via the gateway device, the gateway device including: A session establishing means for establishing a session with the server and retaining identification information of the established session; a first communication means for receiving a packet from the session established with the server; and a first communication Label acquisition means for acquiring a label corresponding to the identification information of the session received by the means, and the session Second communication means for transmitting to the communication terminal corresponding to the label a packet composed of the data obtained from the packet received from the packet and the label acquired by the label acquisition means. The process that is received by the communication terminal and processed by the communication terminal performs access control on the resource of the communication terminal according to the label that constitutes the received packet.

  With this configuration, the process processed by the communication terminal performs access control on the resource of the communication terminal according to the label corresponding to the identification information for identifying the session, so that the server access to the resource of the communication terminal is controlled, It is possible to improve the safety of the communication terminal provided with the service.

  According to the embodiment of the present invention, the process processed by the communication terminal transmits a packet including the label via the second network, and the second communication means includes the packet including the label transmitted from the communication terminal. And the gateway apparatus includes a label determination unit that determines whether the label included in the packet received by the second communication unit corresponds to the identification information, and the label determination unit corresponds to the identification information. When determined, the first communication means transmits data obtained from the received packet to the server via the session corresponding to the identification information.

  With this configuration, when the gateway device determines that the label included in the packet transmitted by the communication terminal corresponds to the identification information, the data transmitted from the communication terminal is transmitted to the server to transmit data obtained from the received packet. Can be prevented from leaking to the network connected to the server, and information related to the communication terminal and information related to the user of the communication terminal can be prevented from leaking.

  According to the embodiment of the present invention, the process processed by the gateway device performs access control on the resources of the gateway device according to the security label corresponding to the session identification information received by the first communication means.

  With this configuration, the process processed by the gateway device performs access control on the resource of the gateway device according to the security label corresponding to the received identification information of the session. Safety can be increased.

  According to the embodiment of the present invention, the process processed by the gateway device performs access control on the resources of the gateway device according to the label included in the packet received by the second communication means.

  With this configuration, the process processed by the gateway device performs access control on the resource of the gateway device in accordance with the label included in the received packet, thereby restricting access to the resource of the gateway device and improving the safety of the gateway device. be able to.

  According to the embodiment of the present invention, the process processed by the server transmits the label packet including the label via the session, and the first communication unit receives the label packet transmitted from the server, and the gateway device The process processed by the control unit performs access control on the resources of the gateway device according to the label included in the label packet received by the first communication unit.

  With this configuration, the process processed by the server transfers the label packet through the session, so that the process processed by the gateway device is more fine-tuned with respect to the resources of the gateway device for each process processed by the server. Access control can be performed.

  According to the embodiment of the present invention, the gateway device collects the label in use from each communication terminal, and when the label collected by the label collection unit has already been used, another label is used. Negotiation means for negotiating with the communication terminal for use.

  With this configuration, the gateway device collects labels in use from each communication terminal, and when the collected labels are already used, each communication terminal negotiates with the communication terminal to use another label. Duplication of labels to be used can be avoided, and labels can be distributed and managed in each communication terminal.

  According to the embodiment of the present invention, the gateway device receives the notification information for notifying the label used by the communication terminal from the communication terminal, and the notification received by the label notification information receiving means. Negotiation means for negotiating with the communication terminal to use another label when the label indicated by the information has already been used.

  With this configuration, the gateway device receives notification information for notifying the label used by the communication terminal from the communication terminal, and when the label indicated by the received notification information is already used, the other label is used. In order to negotiate with the communication terminal, it is possible to avoid duplication of labels used by each communication terminal and to centrally manage the labels in the gateway device.

  The present invention provides a service providing system in which a service provider provides a service to a communication terminal such as a home appliance via a gateway device, and improves the safety of the communication terminal to which the service is provided. This eliminates the trouble of performing management and monitoring, and allows the service provider to outsource the management and monitoring of communication terminals.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

[First Embodiment]
FIG. 1 is a block configuration diagram of a service providing system according to a first embodiment of the present invention. As shown in FIG. 1, the service providing system 1 includes a network device 30 and a gateway device 50 connected to the network 40, and one or more servers 20 that are communicably connected to the gateway device 50 via the network 30. One or more communication terminals 10 communicatively connected to the gateway device 50 via the network 40 are provided, and the server 20 provides services to the communication terminal 10 via the gateway device 50.

  The network 30 is the Internet or the like, and the network 40 is a network for home use, a data center, or a company. The communication terminal 10 includes information home appliances. Hereinafter, when each of the illustrated communication terminals 10 is distinguished, the communication terminals 10 are referred to as a communication terminal 10-1, a communication terminal 10-2, and a communication terminal 10-3, respectively. For example, the service providing system 1 has a configuration in which the communication terminal 10-1 is a set-top box, the communication terminal 10-2 is an IP phone, and the communication terminal 10-3 is a web server. Each communication terminal 10 may be a PC (Personal Computer).

  The communication terminal 10 includes a communication unit 11 that communicates with the gateway device 50 via the network 40. In addition, a secure OS such as SE Linux is installed in the communication terminal 10.

  By the way, typical functions of the secure OS include forced access control. The communication terminal 10 that performs access control stores a security policy 14 that describes whether or not the process 12 is allowed to access the resource 13 such as an electronic file. The process 12 generated in the communication terminal 10 in which the secure OS is installed is processed according to the security policy 14.

  More specifically, the secure OS gives a label indicating the attribute of the process 12 to the process 12. The secure OS determines whether or not the given label permits access to the resource 13 and controls access.

  Further, the service provider has a server 20, and the server 20 can perform a service related to introduction or update of a program for each communication terminal 10 or maintenance of the communication terminal 10 via the gateway device 50. It has become. Hereinafter, when distinguishing each of the illustrated servers 20, the servers 20 are referred to as a server 20-1 and a server 20-2, respectively. For example, the service providing system 1 has a configuration in which the server 20-1 is a service provider A company server and the server 20-2 is a service provider B company server.

  Moreover, between the server 20 and the gateway apparatus 50 of embodiment of this invention, the service information regarding the communication service based on IPsec is transmitted / received. The communication path between the server 20 and the gateway device 50 is communication such as LSP (Label Switched Path) of MPLS (Multiprotocol Label Switching), L2TP (Layer 2 Tunneling Protocol), SSL (Secure Sockets Layer), etc. A logical communication path conforming to the protocol may be used. Hereinafter, a logical communication path between devices conforming to the communication protocol is referred to as a session. Service information is transmitted and received through a session between the server 20 and the gateway device 50.

  FIG. 2 is a block configuration diagram of the gateway device 50 according to the first embodiment of the present invention. As shown in FIG. 2, the gateway device 50 is configured to include a label database 51, a session establishment unit 52, a communication unit 53, a label acquisition unit 54, a communication unit 55, and a label determination unit 56.

  The label database 51 includes storage means such as a hard disk. The communication unit 53 and the communication unit 55 are configured to include a network connection device for connecting to the networks 30 and 40. The session establishment unit 52, the communication unit 53, the label acquisition unit 54, the communication unit 55, and the label determination unit 56 are configured to include a program module processed by a control unit such as a CPU.

  The label database 51 stores label correspondence information that associates identification information for identifying a session with a label. An example of label correspondence information is shown in Table 1. In this example, the identification information is a key obtained from SA (Security Association) defined by IPsec. Keys and labels can be expressed numerically.

  Here, the identification information is a key obtained from the SA (security association), but any identification information can be used as long as the session between the server 20 and the gateway device 50 can be identified. In the label correspondence information, the key x corresponds to the label a, the key y corresponds to the label b, and the key z corresponds to the label c.

  An example of other label correspondence information stored in the label database 51 is shown in Table 2. In the present embodiment, label a corresponds to a service for maintaining communication terminal 10-1, label b corresponds to a service for monitoring communication terminal 10-1, and label c is a communication terminal. It corresponds to the service for maintaining 10-2.

  The session establishment unit 52 establishes a session with the server 20. For example, the session establishing unit 52 receives request information representing a request for providing a service from the communication terminal 10, authenticates the server 20 in accordance with IP sec, and exchanges the mutual key with the server 20. To establish a secure session. Note that label correspondence information may be stored in the label database 51 in advance, and the session establishing unit 52 may exchange the key of the label correspondence information shown in Table 1 with the server 20.

  If the request information includes a label used by the communication terminal 10, the session establishment unit 52 establishes a session, and identifies information for identifying the established session, a label used by the communication terminal 10, May be stored in the label database 51 in association with each other.

  The communication unit 53 is configured to receive a packet including service information from a session established with the server 20 by the session establishing unit 52. For example, after a session conforming to IP sec is established, the server 20 transmits an IP packet conforming to IP sec to the gateway device 50, and the communication unit 53 receives the IP packet transmitted from the server 20. It has become.

  The label acquisition unit 54 acquires a label corresponding to the session identification information received by the communication unit 53. For example, when the key obtained from the IP sec SA (security association) is the key x, the label acquisition unit 54 corresponds to the key x from the label database 51 in which the label correspondence information shown in Table 1 is stored. To get the label a.

  The communication unit 55 is configured to transmit a packet composed of data obtained from a packet including identification information and a label acquired by the label acquisition unit 54 to the communication terminal 10 corresponding to the label.

  For example, the communication unit 55 generates a packet including the data obtained by decrypting the encrypted payload portion of the IP packet and the label acquired by the label acquisition unit 54, and displays the generated packet as a table. Based on the label correspondence information shown in FIG. 2, the information is transmitted to the communication terminal 10 corresponding to the label.

  The communication terminal 10 receives the packet transmitted by the gateway device 50, and the process 12 processed by the communication terminal 10 performs access control on the resource 13 of the communication terminal 10 according to the label constituting the received packet. It has become.

  For example, when the label constituting the packet is label a, the process 12 for processing the service for maintaining the communication terminal 10-1 performs the process for the resource 13 (maintenance resource) of the communication terminal 10 according to the label a. Access control is performed. In other words, the process 12 cannot access the resource 13 of the communication terminal 10 that is not related to the label a.

  Further, the communication terminal 10 transmits a packet including a label to the gateway device 50 via the network 40, and the communication unit 55 receives a packet including the label transmitted from the communication terminal 10. It has become.

  The label determination unit 56 determines whether or not the label included in the packet received by the communication unit 55 corresponds to the identification information. For example, the label determination unit 56 determines whether or not there is identification information corresponding to the label based on the label correspondence information shown in Table 1.

  When the communication unit 53 determines that the label and the identification information correspond to each other, the communication unit 53 transmits data obtained from the packet received through the session corresponding to the identification information to the server 20.

  Next, the operation of the service providing system 1 according to the first embodiment of the present invention will be described with reference to FIG. FIG. 3 is a flowchart showing a flow of session establishment operation in the first exemplary embodiment of the present invention.

  First, in accordance with request information from the communication terminal 10, a secure session is established between the server 20 and the gateway device 50 in accordance with IPsec or the like (step 101, step 102). When the session is established, label correspondence information in which labels and identification information are associated is stored in the label database 51 (step 103). If the label correspondence information is stored in the label database 51 in advance, step 103 is omitted.

  FIG. 4 is a flowchart showing an operation flow in which a packet is relayed from the server 20 to the communication terminal 10 in the first embodiment of the present invention. First, a packet for providing a service is transmitted from the server 20 to the gateway device 50 by the established session (step 104).

  Next, the packet transmitted from the server 20 is received by the communication unit 53 (step 105), and the label corresponding to the received identification information of the session is acquired by the label acquisition unit 54 (step 106). A packet including the data obtained by extracting the payload portion of the packet including the received identification information and the label acquired by the label acquisition unit 54 is generated (step 107). The generated packet is transmitted to the communication terminal 10 by the communication unit 55 (step 108).

  The packet transmitted from the gateway device 50 is received by the communication terminal 10 (step 109), and the process 12 in the communication terminal 10 performs access control corresponding to the resource 13 in accordance with the label included in the received packet (step 109). Step 110).

  FIG. 5 is a flowchart showing an operation flow in which a packet is relayed from the communication terminal 10 to the server 20 in the first embodiment of the present invention. First, a packet including a label is transmitted to the gateway device 50 by the communication terminal 10 (step 111).

  Next, the packet transmitted from the communication terminal 10 is received by the communication unit 55 (step 112), and the label determination unit 56 determines whether or not the label included in the received packet corresponds to the identification information. (Step 113). When it is determined that the label corresponds to the identification information, the data obtained from the packet is transmitted to the server 20 by the communication unit 53 via the session corresponding to the identification information.

  As described above, in the service providing system 1 according to the first embodiment of the present invention, the process 12 processed by the communication terminal 10 is performed according to the label corresponding to the identification information for identifying the session. Therefore, the access to the resource 13 of the communication terminal 10 is restricted by the server 20, and the safety of the communication terminal 10 to which the service is provided can be improved. In addition, the owner of the communication terminal 10 can save time and labor for managing and monitoring the communication terminal 10, and the service provider can be entrusted with operations such as management and monitoring of the communication terminal 10.

  When the gateway device 50 determines that the label included in the packet transmitted by the communication terminal 10 corresponds to the identification information, the communication terminal 10 transmits the data obtained from the received packet to the server 20. It is possible to restrict the leaked data to the network 30 connected to the server 20 and to prevent leakage of information related to the communication terminal 10 and information related to the user of the communication terminal 10.

[Second Embodiment]
FIG. 6 is a block diagram of a service providing system according to the second embodiment of the present invention. As illustrated in FIG. 6, the service providing system 2 includes a network device 30 and a gateway device 60 connected to the network 40, one or more servers 20 connected to the gateway device 60 via the network 30, and One or more communication terminals 10 that are communicably connected to the gateway device 60 via the network 40 are provided, and the server 20 provides services to the communication terminal 10 via the gateway device 60.

  Of the components constituting the service providing system 2 according to the second embodiment of the present invention, the same components as those constituting the service providing system 1 according to the first embodiment of the present invention are included. The same code | symbol is attached | subjected and each description is abbreviate | omitted.

  FIG. 7 is a block configuration diagram of the gateway device 60 according to the second embodiment of the present invention. As shown in FIG. 7, the gateway device 60 is configured to include a label database 51, a session establishment unit 52, a communication unit 53, a label acquisition unit 54, a communication unit 55, a label determination unit 56, and a secure operation unit 57. ing.

  Of the components constituting the gateway device 60 according to the second embodiment of the present invention, the same components as those constituting the gateway device 50 according to the first embodiment of the present invention are the same. Reference numerals are assigned and explanations thereof are omitted.

  The secure operation unit 57 is configured by a secure OS such as SE Linux. The secure operation unit 57 controls each process 12 processed by the gateway device 60, and each process 12 accesses the resource 13 according to the security label corresponding to the session identification information received by the communication unit 53. Whether or not to allow is judged. Note that the security label and the label described in the first embodiment are equivalent.

  For example, the secure operation unit 57 has security label correspondence information as shown in Table 3 below. The key is an example of identification information, and is obtained from an SA (security association) included in a packet conforming to IP sec received by the communication unit 53. The security label is a label corresponding to a process for processing a packet received via a session with the server 20, for example.

  In the security label correspondence information, the key x corresponds to the security label α, the key y corresponds to the security label β, and the key z corresponds to the security label γ.

  If the payload portion of the received packet is encrypted, the process for decrypting the encrypted payload portion determines whether to allow access to the resource according to the security label corresponding to the key. It is supposed to work while.

  For example, if the received packet is encrypted with the key x, the decryption process can decrypt the payload part of the packet encrypted with the key x according to the security label α and is encrypted with the key y. The payload part of the received packet cannot be decoded.

  The process 12 includes not only a process for decoding but also a process processed in the gateway device 60 such as a process for decoding content such as video and audio, and a process for collecting logs.

  Note that the communication between the gateway device 60 and the communication terminal 10 may conform to a conventional communication method between secure OSs. For example, the secure operation unit 57 includes a label included in a packet received by the communication unit 55. It may be determined whether to allow access to the resource 13 according to the corresponding security label.

  When a secure OS such as SE Linux is installed in the server 20, a process processed by the server 20 transmits a label packet including a label via a session. In this case, the communication unit 53 receives the label packet transmitted from the server 20, and the process 12 processed by the gateway device 60 determines the resource of the gateway device 60 according to the label included in the label packet received by the communication unit 53. You may make it perform access control with respect to.

  As described above, in the service providing system 2 according to the second embodiment of the present invention, the process 12 processed by the gateway device 60 includes the identification information of the received session and the security label corresponding to the label included in the packet. Accordingly, the access control for the resource 13 of the gateway device 60 is performed according to the above.

  In addition, the process processed by the server 20 transfers the label packet through the session, so that the process 12 processed by the gateway device 60 can perform the process for the resource of the gateway device 60 for each process processed by the server 20. Finer access control.

[Third Embodiment]
FIG. 8 is a block diagram of a service providing system according to the third embodiment of the present invention. As illustrated in FIG. 8, the service providing system 3 includes a network device 30 and a gateway device 70 connected to the network 40, and one or more servers 20 connected to the gateway device 70 via the network 30. One or more servers 20 communicably connected to the gateway device 70 via the network 40, and one or more communication terminals 50 communicably connected to the gateway device 70 via the network 40, the server 20 provides services to the communication terminal 50 via the gateway device 70.

  Of the components constituting the service providing system 3 according to the third embodiment of the present invention, the same components as those constituting the service providing system 2 according to the second embodiment of the present invention are included. The same code | symbol is attached | subjected and each description is abbreviate | omitted.

  The communication terminal 50 includes information appliances and the like. Hereinafter, when each illustrated communication terminal 50 is distinguished, the communication terminal 50 is described as a communication terminal 50-1, a communication terminal 50-2, and a communication terminal 50-3, respectively. To do. For example, the service providing system 3 has a configuration in which the communication terminal 50-1 is a set top box, the communication terminal 50-2 is an IP phone, and the communication terminal 50-3 is a web server. Each communication terminal 50 may be a PC (Personal Computer).

  The communication terminal 50 includes a communication unit 11 that communicates with the gateway device 70 via the network 40 and a label information control unit 16 that controls information about labels. In addition, a secure OS such as SE Linux is installed in the communication terminal 50. When providing a service from the server 20, the secure OS generates a service providing process and assigns a label to a packet transmitted and received by the generated process.

  FIG. 9 is a block configuration diagram of the gateway device 70 according to the third embodiment of the present invention. As illustrated in FIG. 9, the gateway device 70 includes a label database 51, a session establishment unit 52, a communication unit 53, a label acquisition unit 54, a communication unit 55, a label determination unit 56, a secure operation unit 57, and a label information control unit 58. It is comprised so that it may contain.

  Of the components constituting the gateway device 70 according to the third embodiment of the present invention, the same components as those constituting the gateway device 60 according to the second embodiment of the present invention are the same. Reference numerals are assigned and explanations thereof are omitted.

  The label information control unit 58 controls information relating to the label, and includes a module of a program processed by a control unit such as a CPU. The label information control unit 58 includes a label collection unit 58a and a negotiation unit 58b.

  The label collection unit 58a collects labels in use from each communication terminal 50. For example, the label collection unit 58a transmits inquiry information for inquiring the communication terminal 50 about the label in use to each communication terminal 50, receives response information for the inquiry information, and includes it in the received response information. Labels to be collected are collected, and information relating to the collected labels is stored in the label database 51.

  The label collection unit 58a may collect labels through a secure session in a state where a secure session such as IP sec or SSL is established with the communication terminal 50.

  When the label collected by the label collection unit 58a has already been used, the negotiation unit 58b negotiates with one of the communication terminals 50 to use another label.

  For example, the label collecting unit 58a collects the labels used by the communication terminal 50-1, stores the collected labels in the label database 51, and then collects the labels used by the communication terminal 50-2. When the label used by the communication terminal 50-2 is the same as the label used by the communication terminal 50-1, the negotiation unit 58b changes the label from the same to another label. By transmitting the change information for making it to the communication terminal 50-2, the communication terminal 50-2 is negotiated. At this time, the negotiation unit 58b may negotiate with the communication terminal 50-1 instead of the communication terminal 50-2 by transmitting the change information to the communication terminal 50-1.

  Moreover, as an example of the information regarding the label stored in the label database 51 by the label collection unit 58a, the information shown in Table 2 is obtained. In the information shown in Table 2, the communication terminal 10 is used, but here, the communication terminal 50 is read.

  The operation of the service providing system 3 according to the third embodiment of the present invention will be described below with reference to FIG. FIG. 10 is a flowchart showing an operation flow of the service providing system 3 according to the third embodiment of the present invention.

  First, the inquiry information is transmitted to the communication terminal 50 by the label collection unit 58a (step 301). Next, the inquiry information transmitted from the gateway device 70 is received by the label information control unit 16 (step 302). The label in use according to the received inquiry information is included in the response information, and this response information is transmitted to the gateway device 70 by the label information control unit 16 (step 303).

  The response information transmitted from the communication terminal 50 is received by the label collection unit 58a, and the label in use included in the response information is stored in the label database 51 (step 304).

  Further, the negotiation unit 58b confirms whether the label in use included in the response information is already used by another communication terminal 50 (step 305). When the label has already been used for another communication terminal 50, the negotiation unit 58b negotiates with the label information control unit 16 of the communication terminal 50 so as to change the label in use to another label (step 306, step 307).

  In addition, the label collection unit 58a periodically collects the labels in use of each communication terminal 50, and the negotiation unit 58b performs negotiation with each communication terminal 50 so that the same label is not used. May be.

  As described above, in the service providing system 3 according to the third embodiment of the present invention, the gateway device 70 collects labels in use from each communication terminal 50, and the collected labels are already used. In order to negotiate with the communication terminals 50 to use other labels, duplication of labels used by the communication terminals 50 can be avoided, and labels can be distributed and managed by the communication terminals 50.

[Fourth Embodiment]
FIG. 11 is a block diagram of a service providing system according to the fourth embodiment of the present invention. As shown in FIG. 11, the service providing system 4 includes a network device 30 and a gateway device 80 connected to the network 40, and one or more servers 20 that are communicably connected to the gateway device 80 via the network 30. One or more communication terminals 60 communicatively connected to the gateway device 80 via the network 40 are provided, and the server 20 provides services to the communication terminal 60 via the gateway device 80.

  Of the components constituting the service providing system 4 according to the fourth embodiment of the present invention, the same components as those constituting the service providing system 2 according to the second embodiment of the present invention are included. The same code | symbol is attached | subjected and each description is abbreviate | omitted.

  The communication terminal 60 includes information appliances and the like. Hereinafter, when each of the illustrated communication terminals 60 is distinguished, the communication terminals 60 are described as a communication terminal 60-1, a communication terminal 60-2, and a communication terminal 60-3, respectively. . For example, the service providing system 4 has a configuration in which the communication terminal 60-1 is a set top box, the communication terminal 60-2 is an IP phone, and the communication terminal 60-3 is a web server. Each communication terminal 50 may be a PC (Personal Computer).

  The communication terminal 60 includes a communication unit 11 that communicates with the gateway device 80 via the network 40 and a label information control unit 17 that controls information related to the label. In addition, a secure OS such as SE Linux is installed in the communication terminal 60. When providing a service from the server 20, the secure OS generates a process for providing the service, and assigns a label to a packet transmitted and received by the generated process. The communication terminal 60 is configured to transmit notification information for notifying the assigned label to the gateway device 80. Note that the communication terminal 60 may transmit notification information to the gateway device 80 via the secure session in a state where a secure session such as IPsec or SSL is established with the gateway device 80.

  FIG. 12 is a block configuration diagram of the gateway device 80 according to the fourth embodiment of the present invention. As shown in FIG. 12, the gateway device 80 includes a label database 51, a session establishment unit 52, a communication unit 53, a label acquisition unit 54, a communication unit 55, a label determination unit 56, a secure operation unit 57, and a label information control unit 59. It is comprised so that it may contain.

  Of the components constituting the gateway device 80 in the fourth embodiment of the present invention, the same components as those constituting the gateway device 60 in the second embodiment of the present invention are the same. Reference numerals are assigned and description thereof is omitted.

  The label control unit 59 controls information relating to the label, and includes a program module processed by a control unit such as a CPU. The label information control unit 59 includes a label notification information receiving unit 59a and a negotiation unit 59b.

  The label notification information receiving unit 59a is configured to receive notification information for notifying the label used by the communication terminal 60 from the communication terminal 60. For example, when the process 12 of the communication terminal 60 is activated, the label notification information receiving unit 59a receives notification information indicating a label corresponding to the process 12 from the communication terminal 60, and the label indicated by the received notification information is the label database 51. It is supposed to be stored in.

  Moreover, as an example of the information regarding the label stored in the label database 51 by the label notification information receiving unit 59a, the information shown in Table 2 is obtained. In the information shown in Table 2, the communication terminal 10 is used, but here, the communication terminal 60 is read.

  When the label indicated by the notification information received by the label notification information receiving unit 59a has already been used, the negotiation unit 59b negotiates with the communication terminal 60 that has transmitted the notification information so as to use another label. It has become. For example, when the label is the same as the label already stored in the label database 51, the negotiation unit 59b transmits change information for changing the used label to another label to the communication terminal 60. As a result, the communication terminal 60 is negotiated.

  The operation of the service providing system 4 according to the fourth embodiment of the present invention will be described below with reference to FIG. FIG. 13 is a flowchart showing an operation flow of the service providing system 4 according to the fourth embodiment of the present invention.

  First, notification information for notifying the label assigned by the communication terminal 60 is transmitted to the gateway device 70 by the label information control unit 17 (step 401). The notification information transmitted from the communication terminal 60 is received by the label notification information receiving unit 59a and stored in the label database 51 (step 402).

  Further, it is confirmed whether or not the label indicated by the notification information received by the label notification information receiving unit 59a has already been used (step 403). When the label has already been used, the negotiation unit 59b is the same. Negotiations are made with the label information control unit 17 of the communication terminal 60 so that the label is changed to another label (steps 404 and 405).

  As described above, in the service providing system 4 according to the fourth exemplary embodiment of the present invention, the gateway device 80 receives notification information for notifying the label used by the communication terminal 60 from the communication terminal 60, When the label indicated by the received notification information has already been used, the communication terminal 60 negotiates to use another label, so that duplication of the label used by each communication terminal 60 can be avoided. The device 80 can centrally manage the labels.

  In addition to the functions of the gateway device described above being realized by dedicated hardware, a program for realizing the functions is recorded on a computer-readable recording medium and recorded on the recording medium. The program may be read into a computer system and executed. The computer-readable recording medium refers to a recording medium such as a floppy disk, a magneto-optical disk, a CD-ROM, or a storage device such as a hard disk device built in the computer system. Furthermore, a computer-readable recording medium is a server that dynamically holds a program (transmission medium or transmission wave) for a short period of time, as in the case of transmitting a program via the Internet, and a server in that case. Some of them hold programs for a certain period of time, such as volatile memory inside computer systems.

It is a block block diagram of the service provision system by the 1st Embodiment of this invention. It is a block diagram of the gateway apparatus in the 1st Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the session establishment by the 1st Embodiment of this invention. 5 is a flowchart illustrating an operation flow in which a packet is relayed from a server to a communication terminal in the first embodiment of the present invention. 4 is a flowchart showing a flow of an operation in which a packet is relayed from a communication terminal to a server in the first embodiment of the present invention. It is a block block diagram of the service provision system by the 2nd Embodiment of this invention. It is a block diagram of the gateway apparatus in the 2nd Embodiment of this invention. It is a block block diagram of the service provision system by the 3rd Embodiment of this invention. It is a block block diagram of the gateway apparatus in the 3rd Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the service provision system by the 3rd Embodiment of this invention. It is a block block diagram of the service provision system by the 4th Embodiment of this invention. It is a block block diagram of the gateway apparatus in the 4th Embodiment of this invention. It is a flowchart which shows the flow of operation | movement of the service provision system by the 4th Embodiment of this invention.

Explanation of symbols

1, 2, 3, 4 Service providing system 10, 50, 60 Communication terminal 11 Communication unit 12 Process 13 Resource 14 Security policy 20 Server 30, 40 Network 16, 17 Label information control unit 50, 60, 70, 80 Gateway device 51 Label database 52 Session establishment unit 53, 55 Communication unit 54 Label acquisition unit 56 Label determination unit 57 Secure operation unit 58, 59 Label information control unit 58a Label collection unit 58b, 59b Negotiation unit 59a Label notification information reception unit 101-114, 301 ~ 307, 401 ~ 405 steps

Claims (14)

A gateway device connected to the first network and the second network, one or more servers communicably connected to the gateway device via the first network, and via the second network One or more communication terminals communicably connected to the gateway device, wherein the server provides a service to the communication terminal via the gateway device,
The gateway device is
Session establishment means for establishing a session with the server and holding identification information of the established session;
First communication means for receiving a packet from a session established with the server;
Label obtaining means for obtaining a label corresponding to the identification information of the session received by the first communication means;
Second communication means for transmitting a packet constituted by data obtained from the packet received from the session and a label acquired by the label acquisition means to a communication terminal corresponding to the label;
The communication terminal receives a packet transmitted by the gateway device, and a process processed by the communication terminal performs access control on resources of the communication terminal according to a label constituting the received packet.
Service provision system. A process processed by the communication terminal transmits a packet including a label via the second network;
The second communication means receives a packet including a label transmitted from the communication terminal,
The gateway device is
Label judging means for judging whether or not the label included in the packet received by the second communication means corresponds to the identification information;
When the label determining means determines that it corresponds to the identification information, the first communication means transmits data obtained from the received packet to the server via a session corresponding to the identification information.
The service providing system according to claim 1. The process processed by the gateway device performs access control on the resources of the gateway device according to a label corresponding to the identification information of the session received by the first communication unit.
The service providing system according to claim 1 or 2. The process processed by the gateway device performs access control on the resources of the gateway device according to a label included in the packet received by the second communication unit.
The service providing system according to claim 1 or 2. A process handled by the server sends a label packet containing a label over the session;
The first communication unit receives a label packet transmitted from the server, and a process processed by the gateway device is performed according to a label included in the label packet received by the first communication unit. Control access to other resources,
The service providing system according to claim 1 or 2. The gateway device is
Label collecting means for collecting the label in use from each of the communication terminals;
The negotiation means for negotiating with the communication terminal so as to use another label when the label collected by the label collection means has already been used. The service provision system described. The gateway device is
Label notification information receiving means for receiving notification information for notifying a label used by the communication terminal from the communication terminal;
From the claim 1, comprising: negotiation means for negotiating with the communication terminal to use another label when the label indicated by the notification information received by the label notification information receiving means has already been used. The service providing system according to claim 5. The first server is communicably connected to one or more servers, the second network is communicably connected to one or more communication terminals, and the server provides services to the communication terminals. A gateway device for
Session establishment means for establishing a session with the server and holding identification information of the established session;
First communication means for receiving a packet from a session established with the server;
Label obtaining means for obtaining a label corresponding to the identification information of the session received by the first communication means;
And a second communication unit configured to transmit a packet including data obtained from the packet received from the session and a label acquired by the label acquisition unit to a communication terminal corresponding to the label. The second communication means receives a packet including a label transmitted from the communication terminal,
Label judging means for judging whether or not the label included in the packet received by the second communication means corresponds to the identification information;
When the label determining means determines that it corresponds to the identification information, the first communication means transmits data obtained from the received packet to the server via a session corresponding to the identification information.
The gateway device according to claim 8. The process processed by the gateway device performs access control on the resources of the gateway device according to the label corresponding to the session identification information received by the first communication means.
The gateway device according to claim 8 or 9. The process processed by the gateway device performs access control on the resources of the gateway device according to a label included in the packet received by the second communication unit.
The gateway device according to claim 8 or 9. The first communication means receives a label packet including a label transmitted from the server, and a process processed by the gateway device applies a label included in the label packet received by the first communication means. Therefore, access control to the resources of the gateway device is performed.
The gateway device according to claim 8 or 9. Label collecting means for collecting the label in use from each of the communication terminals;
The negotiation means for negotiating with the communication terminal to use another label when the label collected by the label collection means has already been used, further comprising: The gateway device described in 1. Label notification information receiving means for receiving notification information for notifying a label used by the communication terminal from the communication terminal;
9. A negotiation means for negotiating with the communication terminal to use another label when the label indicated by the notification information received by the label notification information receiving means has already been used. The gateway device according to claim 12.

Images