JP4624942B2 - Home gateway software permission management system - Google Patents

Description

  The present invention relates to a home gateway management system that simultaneously operates software provided by a service provider on the same home gateway, and centrally controls the execution authority of the software entity that operates by sharing from the center device. Therefore, the system resources allocated to other software entities and the access to other software entities should be blocked and properly separated and operated due to mistakes in implementation of each software entity or malicious implementation. It is related with the home gateway software permission management system which can do.

  An example of a conventional home gateway management system is described in Japanese Patent Laid-Open No. 2003-271480. As shown in FIG. 11, this conventional home gateway management system is provided with a mediation server 102 that mediates the transmission information between a number of home gateways 100 and a gateway management server 101, and a home appliance device 105 on the home network, The gateway management server 101 and the mediation server 102 share the transmission of information necessary for 106.

In the conventional home gateway management system having this configuration, the location of information necessary for home appliances on the home network is transmitted to the home gateway 100, typically in the form of a URL, and the home gateway 100 is designated by the URL. Then, an operation (S1 to 4) of acquiring information necessary for the home appliances 105 and 106 on the home network is performed from the mediation server 102 (see Patent Document 1).
JP 2003-271480 A

  There are various types of “information necessary for home appliances” handled by a conventional home gateway management system in a home gateway that provides a software execution environment. Software entities.

  When this software entity is downloaded, installed, or activated, resources such as a storage area are distributed from the software execution environment on the home gateway, and the home appliance device is controlled using these resources.

  However, in an environment in which software entities created by multiple home appliance vendors share services on the same home gateway and provide services, the resources allocated to each software entity are transferred to other vendors managed by the software. There is information that you do not want to be referenced.

  In addition, if functions provided by software entities of different vendors are used from software entities of other vendors without permission, information that is not desired to be referred to may leak to another vendor.

  In addition, the end user who is the owner of the home gateway may illegally read personal information other than information necessary for receiving the provision of the service into the software entity by executing the service entity. . Especially in the environment where each vendor's service is shared, the personal information that needs to be presented to each vendor in order to receive the vendor's service is different. As a result, the union of all these information is You are exposed to the risk of information leakage.

  Moreover, there is a risk that the software execution environment itself may be damaged by wasting resources without limitation, not just unauthorized information retrieval.

  In an environment where software entities created by multiple home appliance vendors share services on the same home gateway and provide services, the behavior that damages the software execution environment of certain unauthorized software is the behavior of other legitimate software Will be disturbed.

  In the conventional home gateway management system, there is no means for setting “permission information” that imposes restrictions on the execution authority in operation when each software entity operates in the software execution environment of the home gateway by an instruction from the center device. .

  Therefore, in order to avoid the above-mentioned problem, the end user has to manually perform appropriate permissions for the home gateway.

  Also, what kind of permission setting should be made often requires highly specialized information, and many permission setting mistakes have occurred.

  In addition, the operation form in which a specialized worker is dispatched from each vendor and the software permission set by the vendor is set on the home gateway of the end user's home is that the software entity is downloaded via the network in the first place. There is a problem that the meaning is lost and it takes time to visit each user's home.

  In particular, in the form of sharing software from different vendors on the same home gateway, the software permissions are illegally set regardless of the self or others, or management information of other vendors is directly set from the home gateway. This is not desirable because it can be viewed.

  In the form of sharing software of different vendors on the same home gateway, it is desirable that the permission setting is performed by a common operating body that is trusted by each vendor.

  Furthermore, downloading, installation, and activation of software entities executed in the software execution environment on the home gateway are not necessarily performed according to the instructions of the center, but when the end user needs to receive the service. In some cases, the software entity was temporarily obtained, installed, and executed. Alternatively, when the core software becomes necessary, optional software may be temporarily installed and operated.

  In these cases, the conventional system configuration based on the premise that the software entity is downloaded and installed via the mediation server based on the instruction from the center cannot be handled.

  The present invention has been made in view of the above-described problems, and an object of the present invention is to allow a permission to be given to a software entity operating on a home gateway to be remotely set from the center, and to share a plurality of softwares that share the same home gateway This is to prevent the information managed by each entity from being pulled out between the software entities.

The present invention described in 請 Motomeko 1, in home gateway software permission management system for simultaneous operation by sharing a plurality of software entity that provides the service provider to the same home gateway, for identifying the software entity and permission information registration means for registering the permission information to be executed permissions granted to the software entity that runs the software identifier and the previous SL home gateway to correspond to said software entity, the software identifier and the software identifier said software identification and identification information transmitting means for transmitting said permission information to the home gateway corresponding to the software entity is identified, the center device having, from the center apparatus by Identification information obtaining means for obtaining said permission information corresponding to the software entity specified by the child and the software identifier, for setting the execution permission of the software entities only in accordance with the permission information obtained from said center apparatus Packaged software that is inseparably packaged by combining execution authority setting means , the software entity, the software identifier, and permission information permitted by the operating entity of the center apparatus is installed on the home gateway. operations and installation detection means for detecting an identifier acquisition unit for acquiring the software identifier from the installed the packaged software, from the packaging software of the center device that And permission information retrieving means for retrieving the permission information body is allowed, the software permission information confirmation means for the center permission setting by the acquired permission information from the device checks whether there corresponding to the identifier And setting means for setting permission based on the permission information extracted from the packaged software when there is no permission setting based on the permission information acquired from the center apparatus, and the acquired from the center apparatus Until the confirmation of the existence of the permission setting by the permission information or the permission setting by the permission information extracted from the packaged software is completed And a home gateway having start-up suppression means for suppressing the start-up of the packaged software installed in the above .

Further, the present invention according to claim 2, in the home gateway software permission management system for simultaneous operation by sharing a plurality of software entities provided by the service provider to the same home gateway, the the home gateway device Device management software for registering an object together with device category information representing the attribute information of the device object, a driver identifier of a driver software entity conforming to the device object is specified based on the device category information, and the driver identifier is and driver locator software for obtaining the driver software entity in response to driver software request with, but is installed, the driver locator Assigned to the driver software entity that operates on the home gateway, and a software identifier that is a combination of a prefix identifier that is inseparably packaged in software, a combination of the prefix identifier and the driver identifier organized in the driver locator software, and Permission information registration means for registering permission information as an execution authority in association with the driver software entity, the software identifier and the permission information corresponding to the software entity specified by the software identifier in the home and identification information transmitting means for transmitting to the gateway, a center device having, identified by the software identifier and the software identifier from the center apparatus Identification information obtaining means for obtaining said permission information corresponding to the software entity that, execute permissions setting means for setting the execution permission of the software entities only in accordance with the permission information obtained from said center apparatus, wherein the device Device category information acquisition means for acquiring the device category information from the device object registered by management software, and driver identifier response means for giving the device category information to the driver locator software and making the driver identifier respond Driver software entity acquisition means for giving the driver identifier to the driver locator software and acquiring the driver software entity operating in cooperation with the device object; Prefix identifier acquisition means for acquiring the prefix identifier inseparably packaged in the driver locator software from the driver locator software, and software identifier generation means for generating the software identifier from the prefix identifier and the driver identifier And an activation unit that installs and activates the driver software entity as corresponding to the software identifier that generated the driver software entity.

Further, the invention of claim 3, in the home gateway software permission management system for simultaneous operation by sharing a plurality of software entities provided by the service provider to the same home gateway, the the home gateway device Device management software for registering an object together with device category information representing the attribute information of the device object, a driver identifier of a driver software entity conforming to the device object is specified based on the device category information, and the driver identifier is and driver locator software for obtaining the driver software entity in response to driver software request with, but is installed, the driver software The software identifier of the driver software organized so that the software identifier can be uniquely searched using the driver identifier that defines the body as a key, and the driver software entity that operates on the home gateway and is acquired by the driver locator software Permission information registration means for registering permission information as an execution authority in association with the driver software entity, and the permission information corresponding to the software identifier and the software entity specified by the software identifier to the home gateway and identification information transmitting means for transmitting, the center device having a pair to the software entity specified by the software identifier and the software identifier from the center apparatus Registered by the device management software, identification information acquisition means for acquiring the permission information, execution authority setting means for setting the execution authority of the software entity only in accordance with the permission information acquired from the center device Device category information acquisition means for acquiring device category information from a device object, driver identifier acquisition means for giving the device category information to the driver locator software and making the driver identifier respond, and to the driver locator software A driver software entity acquisition means for acquiring a driver software entity that operates in cooperation with the device object by giving a driver identifier; and the center device using the driver identifier as a key. Means for uniquely identifying a software identifier by searching for the software identifier of the permission information acquired from the device; and starting means for installing and starting the driver software entity as corresponding to the software identifier specified by the search; And the home gateway.

According to a fourth aspect of the present invention, in the home gateway software permission management system for simultaneously operating a plurality of software entities provided by a service provider on the same home gateway, the software entities are specified. Software identifier and permission information for representing the execution authority given to the software entity operating on the home gateway, or the software entity by itself to represent the execution authority of the function provided by the software entity. a unique definition permission information for defining, and permission information registration means for registering in association with, and the permission information corresponding to the software entity that is identified by the software identifier and the software identifier Serial and permission information transduction means for transmitting to the own definition permission information the home gateway, the center device having the permission to retrieve the original definition permission information and said software identifier and the permission information from the center apparatus Information acquisition means, execution authority setting means for setting execution authority of the software entity only in accordance with the permission information and the uniquely defined permission information acquired from the center device, and the software entity uses another software entity In this case, the home gateway has permission confirmation response means for responding to a confirmation inquiry as to whether or not the software entity has the uniquely defined permission.

According to a fifth aspect of the present invention, in the fourth aspect , the uniquely defined permission information and correspondence information of a permission setting software identifier for specifying the software entity that permits setting control of the uniquely defined permission information, A center device having correspondence information registering means for registering both the self-defined permission information and the correspondence information to the home gateway, and the correspondence information from the center apparatus. Corresponding information acquisition means for acquiring, a software identifier for identifying the software entity for which permission is set as a request to perform granting and confiscation setting of the uniquely defined permission to other software entities, and a unique definition Custom definition with permission information A setting request receiving means for receiving a mission setting request from the software entity, the software identifier of the software entity that has requested the setting of the uniquely defined permission, and the permission indicated by the setting request of the uniquely defined permission Correspondence determining means for determining whether or not there is information corresponding to the uniquely defined permission information acquired from the center device and the permission setting software identifier for a set of information; The unique definition permission requested to be set for the software entity specified by the software identifier as a setting target in the unique definition permission setting request only when the correspondence determining means determines that there is a corresponding one. Comprising a grant confiscated means for setting the grant or forfeiture of a said home gateway having a.

  According to the present invention, it is possible to remotely set a permission to be given to a software entity operating on a home gateway from the center, and information managed by each of a plurality of software entities that share the same home gateway is extracted from each other. Can be prevented.

<First Embodiment>
FIG. 1 is a configuration diagram illustrating the first embodiment.

  In the home gateway software permission management system according to the first embodiment, a software identifier (not shown) for specifying the software entities 6 and 6 ′ is set, and when operating on the home gateway 1, the software entities 6 and 6 ′. Permission information registration means for associating and registering permission information representing the execution authority to be assigned to the software, a center device 2 having means for transmitting the software identifier and the corresponding permission information to the home gateway 1, a software identifier, Identification information acquisition means for acquiring permission information from the center apparatus 2, and execution authority setting means for setting the execution authority of the software entities 6, 6 'only in accordance with the permission information acquired from the center apparatus 2. Home game Provided with the gateways 1.

  First, a set of permissions to be given when a software identifier and a software entity 6, 6 ′ corresponding to the software identifier operate on the home gateway 1 are associated with each other in an ACL (access control in the center apparatus 2. List 4).

  The registered software identifier and permission information are transmitted from the center apparatus 2 to the home gateway 1.

  When the home gateway 1 acquires the software identifier and permission information, the ACL 3 is set so that when the software entity 6 or 6 'for the software identifier operates, the software entity 6 or 6' operates with the permission authority. I do. Under the environment of OSGi (Open Service Gateway Initiative), permission information can be given to a specified URL, and software entities 6 and 6 'downloaded from the URL will subsequently operate with the set permission. Can be made.

  Therefore, if the use of OSGi is assumed, the first embodiment can be implemented by sending permission information from the center apparatus 2 and utilizing the permission setting function provided by OSGi. In FIG. 1, authority setting managements 5 and 9 are shown for explanation as authority setting management means conforming to OSGi.

  Here, at the time of setting the permission information sent from the center device 2, the software entities 6 and 6 ′ corresponding to the software identifier may not be installed on the home gateway 1 yet.

  After setting permission information in association with a certain software identifier, when the software entity 6, 6 ′ corresponding to the software identifier is downloaded, installed, and activated, the software entity 6 is set according to the preset permission setting. , 6 'are executed.

  The operations of the software entities 6 and 6 ′ are performed in the execution environment 10 in the home gateway 1, and resources 7 and 7 ′ are secured here, respectively. Controlled by executing the software entity 6, 6 ′ is a home appliance device 8, 8 ′ connected to the home gateway 1.

  Further, when there is a problem in the operation of the software entities 6 and 6 ′ later and it is necessary to change the permission to be granted, the center device 2 immediately sends the software identifier and new permission to the home gateway 1. When a new permission is written in the access control list on the home gateway 1 side, the software entities 6 and 6 ′ can be operated according to the new permission setting thereafter.

  In this configuration, the permission information is managed in association with the software identifier, and the permission setting of the software entities 6 and 6 ′ on the home gateway 1 can be changed at any time by designating the software identifier from the center device 2 side. This is an effect caused by this.

  Since the permission can be changed at any time by the control of the center apparatus 2 due to the change of the situation later, for example, the resource 7 on the home gateway 1 is detected against the software entity in which a security defect is discovered. By depriving the authority to access 7 ', the risk of information leakage can be minimized. New permission settings include revoking and erasing previously granted permission settings.

  The permission information associated with the software identifier and registered in the center apparatus 2 is the software information for the software entities 6 and 6 'that are installed, are scheduled to be installed, or are likely to be installed. By examining the operation contents of the entities 6 and 6 ′, it is determined what authority is required for the software entities 6 and 6 ′ to provide service functions on the home gateway 1, and the necessary minimum It is assumed that the permission setting contents are determined by a user of the home gateway software permission management system and registered in the center apparatus 2.

  The “means for transmitting from the center device 2 to the home gateway 1” needs to be considered so as not to be tampered with in the middle of communication and to be impersonated as being transmitted from the center device 2.

  If tampering or impersonation is performed, the execution authority of the software entities 6 and 6 ′ may be set on the home gateway 1 side based on the permission information, which is different from the permission setting instructed by the real center device 2. In an environment where such an injustice may occur, it is necessary to be careful because “means for setting the execution authority of the software entities 6 and 6 ′ according to only the permission information acquired from the center device 2” cannot be implemented. is there. In communication between the center device 2 and the home gateway 1, falsification and prevention of impersonation can be realized by using a wide general method such as encryption communication.

  As a software identifier for specifying the software entity 6 or 6 ′, for example, in OSGi, the URL URL for obtaining the software entity 6 or 6 ′ is used.

  For software entities 6 and 6 ′ having the same contents, it is appropriate that the same software identifier is given even if the acquisition destination is different, but it is appropriate for the role of “identifier”, but it is not necessary to be bound by this restriction. Even if the software entities 6 and 6 'have exactly the same contents, when the acquisition destination URLs are different, the respective acquisition destination URLs may be assigned as different software identifiers.

  When the URL is used as the software identifier, the software identifier is immediately determined when the storage location of the software entity 6, 6 ′ is determined, and the management of the correspondence between the software entity 6, 6 ′ and the software identifier is simplified. There is also an advantage that can be.

  The means for transmitting the permission information from the center apparatus 2 to the home gateway 1 is typically a push form in which the permission information is transmitted by accessing the home gateway 1 from the center apparatus 2 side, but it is not limited to this.

  For example, the home gateway 1 may periodically access the center device 2 periodically to check for the presence of updated permission information, and to obtain permission information if updated. Regardless of the push type or the pull type, it is sufficient that the center device 2 has a means for transmitting permission information to the gateway.

<Second Embodiment>
FIG. 2 is a configuration diagram illustrating the second embodiment.

  This FIG. 2 includes a software identifier for specifying a software entity, a home gateway identifier for specifying a home gateway, and an execution authority given to a software entity operating on the home gateway corresponding to the home gateway identifier. Permission information registration means for registering the corresponding permission information in association with the software entity, identification information transmitting means for transmitting the software identifier and the corresponding permission information to the home gateway corresponding to the home gateway identifier, The center device having the identification information acquisition means for acquiring the software identifier and the corresponding permission information from the center device, and the software only in accordance with the permission information acquired from the center device. A home gateway having an execution permission setting means for setting an execution authority A entity is the shown.

  The center device 2 having such a configuration collectively manages a plurality of home gateways (1) 1, home gateways (2) 1 ′, and home gateways (3) 1 ″. (3) The set of software entities 13 to 15 installed on 1, 1 ′, 1 ″ is different for each home gateway (1)-(3) 1, 1 ′, 1 ″, and thus each home gateway The contents of the software identifier and permission information sent to (1) to (3) 1, 1 ′, 1 ″ are different for each home gateway (1)-(3) 1, 1 ′, 1 ″.

  In addition to the first embodiment, the center device 2 of the second embodiment includes home gateways (1) to (1) to (3) 1, 1 ′, and 1 ″ corresponding to the home gateways (1) to (1) to (3) Register the software identifier and permission information to be set for each of the home gateways (1) to (3) 1, 1 ′, 1 ″ in association with the 1, 1 ′, 1 ″ identifier. The home gateways (1) to (3) 1, 1 ′, and 1 ″ are registered in association with the home gateways (1) to (3) 1, 1 ′, and 1 ″ identifiers. Communicates software identifiers and permission information.

  The permission information registered in association with each home gateway (1) to (3) 1, 1 ′, 1 ″ identifier and software identifier is the home gateway (1) to (3) 1, 1 ′, 1 '', The minimum required permissions for the software entities 13 to 15 that are installed, will be installed, or may be installed are the users of the home gateway software permission management system. It is assumed that the content is determined by and registered in the center apparatus 2. A set of permissions to be given when the software identifier and the software entities 13 to 15 corresponding to the software identifier operate on the home gateways (1) to (3) 1, 1 ′, and 1 ″ are: Correspondingly, ACLs 11 to 11 ″ for the home gateways (1) to (3) in the ACL (access control list) 4 in the center apparatus 2 are registered.

  By adopting such a configuration, each home gateway (1) to (3) 1, 1 ', 1' 'can be executed in each of the execution environments 10 to 10 even in an operation mode in which the contents of installed software are different. The effect that individual permission management can be performed at 10 ″ is obtained.

  For example, when an end user who is the owner of each gateway and a service provider have a contract for service provision, the home gateways (1) to (3) 1, 1 ′, 1 ″ have service software. The center apparatus 2 promptly makes a contract with the end user's home gateways (1) to (3) 1, 1 ′, 1 ″ so that the entity can be installed and activated. It is possible to operate by sending permission information and setting permission.

<Third Embodiment>
FIG. 3 is a configuration diagram for explaining the third embodiment.

  In addition to the first embodiment, a software distribution server for storing a software entity and distributing it in response to a request, a software identifier for specifying a software entity stored in the software distribution server, and a home gateway Permission information registration means for registering the permission information, which is the execution authority given to the software entity running on the software, in association with the software entity, and for transmitting the software identifier and the corresponding permission information to the home gateway A center apparatus having identification information transmission means, software information storage means for associating and storing a software entity and a software identifier, and a software entity designated with the software identifier are requested from the home gateway. A software distribution server having a request response means for responding to a request from the home gateway for a software entity designated by the software identifier, and a software identifier from the center device and corresponding to the software identifier. Identification information acquisition means for acquiring permission information, execution authority setting means for setting the execution authority of the software entity according to only the permission information acquired from the center device, and the software entity specified by the software identifier as a software distribution server Software acquisition means for requesting and acquiring, installation means for installing the acquired software entity on the home gateway, and the installed software entity on the home gateway In and a home gateway having a software activation means for activating.

  First, the software entity 21 and the software identifier are stored in advance in the software distribution server.

  Next, a set of permissions to be given when the software identifier and the software entity 21 corresponding to the software identifier operate on the home gateway 1 are registered in the center device 2 in association with each other.

  The registered software identifier and permission information are transmitted from the center apparatus 2 to the home gateway 1. After acquiring the software identifier and permission information, the home gateway 1 sets the ACL 3 so that the software entity 21 operates with the permission authority when the software entity 21 for the software identifier operates. Further, the home gateway 1 requests the software entity 21 from the software distribution server 20 by designating the software identifier for which the permission setting has been completed.

  When the software distribution server accepts the software entity 21 request, the software distribution server responds to the home gateway 1 with the software entity 21 corresponding to the designated software identifier. When the home gateway 1 acquires the software entity 21 from the software distribution server, the home gateway 1 is installed in the execution environment 10 after the software is installed.

  With this configuration, the software entity 21 operates after the software identifier and permission information are sent from the center apparatus 2 and the setting of the permission is surely completed, and the software entity 21 does not perform permission setting. By operating, the software entity 21 that was originally supposed to limit the permissions is operated without being restricted, thereby accessing resources managed by the software entity 21 provided by other vendors. There is no risk of information leaking.

  The main purpose of this configuration is to ensure that the software operates after the setting of the permission is completed, rather than downloading the software based on an instruction from the center device 2.

  It is up to the execution environment 10 of the software entity 21 what default authority the software entity 21 obtains when the software entity 21 is activated without setting any permissions on the software entity 21. In particular, in OSGi, if the software entity 21 (bundle) is activated without setting permission at all, the software entity 21 may operate with all the authorities given. The configuration of the third embodiment is particularly effective.

  Even in the software execution environment 10 that does not have full authority even if the software entity 21 is activated without setting permission settings at all, the occurrence of a situation where the software entity 21 operates with strong authority exceeding the necessary minimum authority. There is an effect that can be avoided.

  Also, contrary to the case where permission should be given to those that should not have been granted permission, when the software entity 21 is operated without being given permission, the software entity 21 should have been granted. The entity 21 cannot normally provide a service function. The third embodiment is configured to ensure that the software entity 21 operates after the setting of the intended permission is completed, and this aspect is also effective.

  In the third embodiment, it is not essential that the center device 2 itself handles the software entity 21 itself. For example, an operation form in which a Web server is installed as a software distribution server, a CD-ROM is directly brought into the software distribution server, and the software entity 21 is registered. In many cases, what kind of permission should be granted when the software entity 21 operates on the home gateway 1 is obtained by grasping the contents of the software entity 21 and managing the center device 2. A typical operation mode is to request the subject to set permission.

  Of course, the center device 2 may handle the software entity 21 and send the software entity 21 to the home gateway 1 using the software distribution server as an intermediary. However, this is not an essential item of the third embodiment.

  When registering the software entity 21 to the software distribution server, a software identifier is assigned, and the software entity 21 and the software identifier are registered in association with each other. However, a Web server is installed as the software distribution server, and the software entity 21 is registered in the Web server. When the URL corresponding to the location storing “” is used as a software identifier, the URL is determined immediately depending on the location where the software entity 21 is stored, so the software identifier is determined immediately. In this case, determining the storage location of the software entity 21 corresponds to determining the software identifier and associating the software entity 21. This form is also an essential item in the third embodiment. It can be considered that this corresponds to “register the software entity 21 and the software identifier in association with each other”.

<Fourth embodiment>
FIG. 4 is a configuration diagram for explaining the fourth embodiment.

  FIG. 4 shows permission information registration means for registering a software identifier for specifying a software entity and permission information serving as an execution authority given to the software entity operating on the home gateway in association with the software entity. And an identification information transmitting means for transmitting the software identifier and corresponding permission information to the home gateway, and an identification information acquiring means for acquiring the software identifier and the corresponding permission information from the center apparatus And a home gateway having an execution authority setting means for setting the execution authority of the software entity according to only the permission information acquired from the center device, and the software entity and the software identifier are not allowed as a set. Corresponding to the software identifier, an installation detecting means for detecting that the packaged software packaged in the package is installed on the home gateway, an identifier acquiring means for acquiring a software identifier from the installed packaged software Permission information confirmation means for confirming whether or not the permission information setting exists, and for suppressing the start of the packaged software installed until the confirmation of the existence of the setting by the permission information confirmation means is completed A home gateway having activation suppression means and software disposal means for depriving or depriving of the execution authority of the packaged software in the absence of permission settings. There.

  The software entity installed on the gateway device having such a configuration is not necessarily registered in the software distribution server. However, the permission information is centrally controlled by the operator of the home gateway software permission management system that grasps the interaction of the software entities supplied from each service provider.

  In the fourth embodiment, it is assumed that software entities and software identifiers are inseparably packaged and distributed. Here, “indivisible” means that only the software identifier in the package is changed or only the software entity is prevented from being changed.

  For example, the software entity and software identifier can be packaged in an indivisible manner by, for example, presenting the digest of the entire data together with the signature data encrypted with the private key of a trusted certificate authority and checking for tampering. A widely known electronic signature that detects falsification based on whether the digest obtained by decrypting the signature data with the public key of the trusted certificate authority matches the digest calculated on the check side again. This method can be used.

  The operation on the center device 2 side and the operation on the home gateway 1 side that receives the software identifier and permission information from the center device 2 and registers them in the access control list 3 are the same as in the first embodiment.

  The configuration of the home gateway 1 according to the fourth embodiment is released after the combination of the software entity and the software identifier is packaged inseparably in addition to the configuration of the home gateway 1 according to the first embodiment. Whether there is a means for detecting that the packaged software 24, 24 'is installed, a means for obtaining a software identifier from the installed packaged software, and whether there is a permission setting corresponding to the software identifier. A means for confirming, a means for suppressing activation of a software entity of the installed package until the existence confirmation of the permission setting is completed, and a means for uninstalling the software or depriving all authorities when the permission setting does not exist.

  When the home gateway 1 detects that the packaged packaged software 24 is installed, the home gateway 1 first acquires the software identifier from the package, and the correspondence information between the software identifier and the permission information is registered in the access control list. Check whether it exists. If the corresponding permission information does not exist, the home gateway 1 steals all permission authority from the packaged software 24 corresponding to the software identifier. Packaged software 24 without any permission authority is typically erased because it only consumes disk space.

  Alternatively, if permission information is subsequently sent from the center apparatus 2 and the permission information is confirmed in the software identifier, the packaged software 24 may be activated by setting the permission, so that it may be kept on the disk. . The home gateway 1 suppresses activation of the corresponding packaged software 24 unless the existence of permission information of the software identifier is confirmed.

  If the permission information corresponding to the software identifier is confirmed, the home gateway 1 does not prevent the packaged software 24 from being activated. It may be activated by an operation of an end user who is the owner of the home gateway 1 or may be activated by an instruction from another packaged software 24 operating on the home gateway 1.

  The main purpose of the fourth embodiment is to make sure that the packaged software 24 corresponding to the software identifier is started after the permission setting of the software identifier is reliably completed. The timing at which the packaged software 24 is activated is free.

  By adopting the configuration of the fourth embodiment for the software identifier and packaged software 24 that are inseparably packaged, the center device 2 focuses only on the software identifier and permission information setting processing. Then, management of installation and activation of the packaged software 24 corresponding to the software identifier is instructed from the outside to the other packaged software 24 on the home gateway 1 and the packaged software 24 via a communication path. Can be entrusted to another operating body such as an end user who is the owner of the home gateway 1 and brings about an effect of reducing the management load on the center device 2 side.

  Particularly in OSGi, when it is detected that a specific device is connected to the home network of the end user's home where the gateway exists, the packaging software 24 (device driver) for handling the device is automatically It has a mechanism to be downloaded, installed and activated. Devices may be purchased separately by end users and installed on the home network, and it is not known when the device driver packaging software 24 will be installed on the home gateway 1.

  The center device 2 side transmits the software identifier of the device driver and permission information to be given to the device driver to the home gateway 1 in advance, and the home gateway 1 preliminarily determines the permission for the software identifier based on the permission information. Although the setting is completed, it is not necessary for the center apparatus 2 side to know when the packaging software 24 is installed and executed. Since the packaged software 24 occupies more memory and disk space than permission information for software identifiers, it is realistic to install and prepare all device drivers that may be required in advance. is not.

  However, as in the configuration of the present embodiment, if only the software identifier and permission information are used, the software corresponding to the packaged software 24 that may be installed later is sent to the home gateway 1 in advance and set. It is realistic enough.

<Fifth embodiment>
FIG. 5 is a configuration diagram for explaining the fifth embodiment.

  The fifth embodiment is based on the premise that a triple of a software entity, a software identifier, and permission information is inseparably packaged and distributed. With respect to the permission, it is assumed that the content that the center device 2 has once recognized as the permission setting of the software entity prior to creation of the package is stored for the software identifier.

  In FIG. 5, the home gateway has installed packaged software that is inseparably packaged by combining a software entity, a software identifier, and permission information permitted by the operating entity of the center apparatus. Installation detection means for detecting the permission information, permission information extraction means for extracting permission information permitted by the operating entity of the center apparatus from the packaged software, and permission setting by permission information acquired from the center apparatus, Setting means for setting based on permission information extracted from the packaging software, confirmation of existence of permission setting based on permission information from the center apparatus, and packaging software A start inhibiting means for inhibiting the activation of the installation package software in until permission settings retrieved from wear is completed, it is the indicated.

  In the fifth embodiment having such a configuration, the operation on the center device 2 side and the operation on the home gateway 1 side for receiving the software identifier and permission information from the ACL 4 of the center device 2 and registering them in the ACL 3 are as follows. This is the same as the fourth embodiment.

  In addition to the configuration of the home gateway 1 of the fourth embodiment, the home gateway 1 of the fifth embodiment includes means for detecting installation of software in which a triple is inseparably packaged, and a software identifier A means for confirming whether or not there is a permission setting based on the permission information acquired from the center apparatus 2 corresponding to the above, a means for extracting not only the software identifier but also the permission information from the triple package, and the center apparatus 2 If there is no permission setting based on the acquired permission information, a means for setting based on the permission information extracted from the packaged software, confirmation of the presence of the permission information acquired from the center apparatus 2, and a package when the presence cannot be confirmed Software Until the setting of permission based on the permission information extracted from the A to complete comprises means for inhibiting activation of installed software entities.

  When the home gateway 1 in the fifth embodiment detects the installation of the packaged software 26 in which a triplet of a software entity, a software identifier, and permission information is inseparably packaged, the packaged software 26 Retrieve the identifier. Then, for the extracted software identifier, it is checked whether or not the permission setting based on the permission information sent from the center device 2 corresponding to the software identifier is already registered in the ACL 3.

  If the permission setting corresponding to the software identifier already exists, it means that the permission setting has already been enabled, so the software entity is activated.

  On the other hand, if there is no permission information acquired from the center apparatus 2 corresponding to the software identifier, permission is set using the permission information extracted from the packaged software 26 '.

  If the permission information has already been sent from the center device 2 and the permission setting for the software identifier has already been completed, or if the permission setting has not been completed, the home gateway is set until the permission setting based on the permission information extracted from the package is completed. 1 suppresses activation of the software entity corresponding to the software identifier.

  In the fourth embodiment, when there is no permission setting based on the permission information sent from the center apparatus 2 and acquired, no permission is given to the software entity and activation is not allowed. In this embodiment, when there is no permission setting based on the permission information sent from the center apparatus 2 and obtained, permission setting is performed based on the permission information in the package.

  With such a configuration, the center device 2 examines the software entity when packaging the triple, and if there is no subsequent change in the permission information recognized as the appropriate permission setting, then, It is no longer necessary to download the packaged software 26 and send permission information to the home gateway 1 to be installed and activated.

  On the other hand, if a security problem is detected later in the contents of the software entity, and the permission to be granted needs to be changed, the center device 2 sends the software identifier and the new permission to the home gateway 1, Based on the changed permission information, the permission can be set, and the software entity corresponding to the software identifier can be operated according to the new permission setting.

  The center device 2 manages only the permission information related to the software entity in which the permission setting contents to be set have been changed, and only sends them to the home gateway 1, which can reduce the management effort.

  Depending on the execution environment 10 of the software entity, it may be necessary to restart the software entity after changing the permission setting contents. In accordance with the environment in which the software entity operates, it is necessary to use necessary measures so that the newly set permission information becomes valid.

  The fifth embodiment may be mixed with the fourth embodiment. In other words, a combination of software entity and software identifier inseparably packaged and a combination of software entity, software identifier and permission information inseparably packaged are distributed together. Also good. When there is no permission setting based on the permission information sent from the center device 2, the former software entity of the dual package is prohibited from starting, and the latter software entity of the triple package is taken out from the package. Once the permission information has been set, subsequent startup is permitted.

<Sixth Embodiment>
FIG. 6 is a configuration diagram for explaining the sixth embodiment.

  In FIG. 6, device management software for registering together with a device object, device category information representing its attribute information, and a driver identifier of a driver software entity that matches the device object are specified based on the device category information. Driver locator software for obtaining a driver software entity in response to a driver software request with a prefix, a prefix identifier inseparably packaged in the driver locator software, a prefix identifier and a driver identifier organized in the driver locator software; A software identifier consisting of a combination of the above, permission information serving as an execution authority given to the driver software entity running on the home gateway, A center device having permission information registering means for registering in association with the driver software entity; software identifier and identification information transmitting means for transmitting corresponding permission information to the home gateway; and software identifier from the center device And identification information acquisition means for acquiring the corresponding permission information, execution authority setting means for setting the execution authority of the software entity according to only the permission information acquired from the center apparatus, and a device registered by the device management software Device category information acquisition means for acquiring device category information from an object, and a driver for giving device category information to the driver locator software and making a driver identifier respond Inseparably packaged from the driver locator software to the driver locator software, the bespoke response means, the driver software entity acquisition means for obtaining the driver software entity that operates in cooperation with the device object by giving the driver identifier to the driver locator software Prefix identifier acquisition means for acquiring a prefix identifier, software identifier generation means for generating a software identifier from the prefix identifier and driver identifier, and activation that installs and activates the software identifier corresponding to the software identifier that generated the driver software entity And a home gateway having means.

  The sixth embodiment having such a configuration is applied to an execution environment 10 of a software entity that performs the following operations.

  The device management software running on the home gateway 1 displays the device object 34 corresponding to the device connected to the home network together with the device category information indicating the attribute information of the device 35, and the execution environment of the software entity of the home gateway 1 When registered in 10, the execution environment 10 of the software entity notifies the driver locator 31 of the device category information of the registered device object 34.

  When the driver locator 31 receives an inquiry with the device category information, the driver locator 31 selects driver software that can operate in cooperation with the device object 34 of the device category, and is managed by a system in the driver locator 31 corresponding to the driver software. Specify the driver identifier.

  When the driver locator 31 receives a driver software request with a driver identifier, the driver locator 31 has a function of acquiring a driver software entity corresponding to the driver identifier and delivering it to the request source. Therefore, the driver locator 31 manages itself. It is assumed that a driver software entity acquisition unit corresponding to the driver software 32 is also provided.

  The installed driver software 32 may not have information on the driver identifier assigned to itself.

  The driver locator 31 side holds the correspondence between the driver software entity and the driver identifier as information.

  A typical OSGi implementation is an example of the execution environment 10 of the software entity.

  When the device management software called “base driver” registers the device object, the “device manager”, which is part of the OSGi implementation, causes the driver locator to indicate the device category and acquire driver software that is a candidate for conformance. Then, the acquired driver software 32 is installed.

  Then, a mechanism called “device access” is provided, in which the driver software 32 that matches the most registered device object 34 among the installed driver software 32 is linked to the device object 34 to perform a cooperative operation.

  In this “device access” function, the driver software 32 is managed by a driver identifier called “driver ID” which is managed by the system in the driver locator software 31. In the OSGi framework, the driver software 32 itself does not need to hold information on what kind of driver ID is assigned to it, and the driver locator 31 has this information.

  In the sixth embodiment, the driver locator software 31 is premised on the fact that different prefix identifiers for each driver locator software 31 are inseparably packaged and distributed.

  As the prefix identifier, the software identifier of the driver locator software 31 itself managed as corresponding to the software entity in the center apparatus 2 may be used, but is not limited thereto.

  It suffices if different prefix identifiers are assigned to different driver locator software 31, and a prefix identifier of a system that is convenient for management, such as incorporating a vendor name provided by the driver, may be attached.

  Since the plurality of driver locator software 31 manages driver identifiers that are uniquely organized, the same driver identifier may be assigned in different systems, but the prefix identifier assigned to each driver locator is different. This is fine as long as they are different. This is because there is no problem in maintaining the uniqueness of the software identifier assigned to the driver software 32 described below.

  The software identifier assigned to the driver software 32 is given an identifier generated by a combination of the prefix identifier of the driver locator that handles the driver software 32 and the driver identifier of the driver software 32, and is registered and operated on the center device 2 side.

  The same driver software entity may be handled by different driver locators, but in this case, a plurality of different software identifiers are assigned to the same driver software 32. The software identifier is preferably the same value for the same software entity, but is not limited to this.

  It is sufficient that the software entity is uniquely specified for the software identifier, and it is not essential that the software identifier is uniquely determined for the software entity.

  The driver locator has no means for directly handling the software identifier of the driver software 32, and handles only the driver identifier. This is because the software identifier is operated by the management entity of the home gateway software permission management system of the present embodiment, and it is assumed that the management entity is different from the development vendor of the driver locator software 31. It is.

  The driver identifier has a role of uniquely identifying the driver software 32 and has a role overlapping with the software identifier. However, the driver identifier is an identifier organized in the driver locator software. It is.

  It differs from the software identifier organized by the center device 2 in order to manage permissions.

  The sixth embodiment is configured for the purpose of linking a driver identifier managed in a different system to the software identifier system of software incorporated in the permission management framework of the present embodiment.

  The operation on the center device 2 side and the operation on the home gateway 1 side that receives the software identifier and permission information from the center device 2 and registers them in the access control list are the same as in the first embodiment. However, as described above, the software identifier of the driver software 32 is assumed to be operated by assigning the prefix identifier that is assigned to the driver locator and the one generated from the driver identifier. Permission information to be set when the driver software entity is operated on the home gateway 1 is sent to the home gateway 1 in advance, and permission setting is performed on the home gateway 1 side.

  It is assumed that the driver locator software 31 and the device management software are each set with appropriate permissions, the software entity is installed on the home gateway 1, and is already operating.

  In the system of the sixth embodiment, the device management software and the driver locator software 31 are components of the system and are also processing targets of the system. The software entity that is the processing target is Operates in cooperation with the system of the embodiment.

  That is, the device management software can register the device object 34 with the device category information. The driver locator software 31 returns a driver identifier of the driver software 32 capable of cooperating with the device object 34 in response to the inquiry with the device category, and sends a driver software request with the driver identifier. Upon receipt, the driver software entity can be acquired and delivered to the request source.

  On the other hand, the home gateway 1 side, which is a component of the sixth embodiment, obtains device category information from the device object 34, and provides device category information to the device locator software to answer the driver identifier. The driver locator software 31 includes means for assigning a driver identifier to the software and acquiring a driver software entity.

  Further, the home gateway 1 obtains a prefix identifier inseparably packaged in the device locator software from the device locator software, and generates a software identifier of the driver software 32 from the prefix identifier and the driver identifier. A means for installing and starting the acquired driver software 32 is provided for the software identifier.

  When the device management software detects a device connected to the home network on the home gateway 1 side in the home gateway 1 and registers the device object 34 with the device category information in the execution environment 10 of the software entity, the home gateway 1 The device category information is extracted from the registered device object 34, the device locator is inquired with the device category information, and the driver identifier is returned.

  Also, the prefix identifier that is inseparably packaged is extracted from the device locator software.

  Then, a software identifier of the driver software 32 is generated from the set of the driver identifier and the prefix identifier. Typically, using a method of generating a software identifier by concatenating a character string of a prefix identifier and a driver identifier is easy to implement.

  The home gateway 1 makes a driver software request with the driver identifier to the driver locator software 31, causes the driver locator software 31 to acquire a driver software entity, and corresponds to the software identifier generated from the prefix identifier and the driver identifier. Install and launch as a driver software entity.

  The activated driver software entity operates with the authority bound to the permission setting contents associated with the generated software identifier. From the center device 2 side, the software identifier of the driver software 32 is assigned with a prefix identifier and a driver identifier, and permission information corresponding to the software identifier is sent, and the permission is set on the home gateway 1 side. In this configuration, the driver software 32 operates with the authority content of the permission setting intended by the center device 2.

  With such a configuration of the sixth embodiment, a driver identifier organized so as to be used only in the driver locator software 31 is incorporated into a framework of software identifier organized for permission setting, This brings about an effect that the permission of the driver software 32 can be controlled by the center device 2.

  The developer of the driver locator software 31 freely organizes the driver identifiers in the driver locator software 31 within the driver locator software 31 even if the number of target driver software 32 may increase at any time. Can be managed. In other words, the developer of the driver locator software 31 can freely assign a name that is convenient for identifying and managing each driver software 32, which is effective.

  The permission setting of the driver software entity is led by the center apparatus 2, but the installation and activation timing occurs when the device management software detects the device connected to the home gateway 1 and registers the device object 34. This is outside the management category on the center device 2 side.

  The driver software entity is installed and activated in accordance with an instruction from another software entity operating on the home gateway 1 as described in the description of the fourth embodiment of the present embodiment. It is a form.

<Seventh embodiment>
FIG. 7 is a configuration diagram for explaining the seventh embodiment.

  In FIG. 7, the device management software for registering together with the device object, the device category information indicating the attribute information thereof, and the driver identifier of the driver software entity conforming to the device object are specified based on the device category information. Driver locator software for acquiring a driver software entity corresponding to a driver software request with an identifier, and driver software organized so that the software identifier can be uniquely searched using a driver identifier that defines the driver software entity as a key Driver ID information and permission information that is the execution authority given to the driver software entity that is running on the home gateway and acquired by the driver locator software A center device having permission information registering means for registering in association with the software entity, software identifier and identification information transmitting means for transmitting the corresponding permission information to the home gateway, the software identifier from the center device, and Identification information acquisition means for acquiring the corresponding permission information, execution authority setting means for setting the execution authority of the software entity only according to the permission information acquired from the center apparatus, and device object registered by the device management software Device category information obtaining means for obtaining device category information from the driver, and obtaining a driver identifier for giving device category information to the driver locator software and making the driver identifier respond In addition, a driver software entity acquisition means for acquiring a driver software entity that operates in cooperation with a device object by giving a driver identifier to the driver locator software, and searches for the software identifier of permission information acquired from the center device using the driver identifier as a key Thus, a home gateway having means for uniquely specifying a software identifier and activation means for installing and starting a driver software entity corresponding to the software identifier specified by the search is shown.

  In the seventh embodiment having such a configuration, the positioning of the device management software, driver locator software, and driver software is the same as the positioning in the sixth embodiment. Hereinafter, parts different from the sixth embodiment will be described.

  The driver identifier managed by the driver locator software is assigned not only to each driver locator but also to all driver locators including those that are installed and those that are not installed. Assuming that

  For example, a driver ID in OSGi requires that a driver ID assigned to a certain driver software is unique throughout the world according to the OSGi regulations.

  The software identifier assigned to the driver software entity is generated from a set of a character string freely determined on the center device 2 side that can be easily managed on the center device 2 side and a driver identifier determined by the driver locator development side. Things are given and operated.

  At this time, if the software identifier exists in the set of software identifiers, the software identifier is generated so as to be uniquely specified by a search using the driver identifier as a key.

  Typically, a character string freely determined by the center device 2 and a driver identifier are concatenated with a character string sandwiched between delimiters. In this case, as a delimiter, a character string that is freely determined by the center device 2 and a character that does not appear in the driver identifier are used.

  By searching for a software identifier whose character string after the delimiter matches the driver identifier, the software identifier corresponding to the driver software entity of the driver identifier can be found.

  The operation on the center device 2 side and the operation on the home gateway 1 side that receives the software identifier and permission information from the center device 2 and registers them in the access control list are the same as in the first embodiment. However, as described above, the software identifier of the driver software is assumed to be operated with a software identifier organized so as to be searchable from the driver identifier.

  On the other hand, on the home gateway 1 side, as in the sixth embodiment, the device category information is given to the driver locator software to answer the driver identifier, and the driver identifier is given to the driver locator software to cooperate with the device object. Means for acquiring a driver software entity to be acquired, and as a part different from the sixth embodiment, the software identifier is uniquely identified by searching the software identifier of the permission information acquired from the center apparatus 2 using the driver identifier as a key. And means for installing and activating the acquired driver software entity as corresponding to the software identifier specified by the search.

  In the home gateway 1, when the device management software detects a device connected to the home network on the home gateway 1 side and registers the device object with the device category information in the execution environment 10 of the software entity, the home gateway 1 registers. The device category information is taken out from the device object, and the device locator is inquired with the device category information, and the driver identifier is returned.

  Next, using the acquired driver identifier as a key, the home gateway 1 searches for a software identifier corresponding to the driver identifier that should be in the set of software identifiers associated with the permission information sent from the center device 2. Identify the software identifier.

  Further, the home gateway 1 sends a driver software request to the driver locator with the driver identifier, causes the driver locator to acquire the driver software entity, and installs and activates it as a driver software entity corresponding to the software identifier specified by the search. As in the sixth embodiment, the activated driver software entity operates with the authority bound to the permission setting contents associated with the generated software identifier.

  Since the specified software identifier should be a software identifier in which the permission information sent from the center apparatus 2 exists, the driver software operates with the authority content of the permission setting intended by the center apparatus 2 by this configuration.

  By adopting such a configuration, the center device 2 side can partially give a free character string to the software identifier on the center device 2 side without being bound by the expression content of the driver identifier. .

  For this reason, an effect that simplifies the management is created by attaching a character string that is convenient for management on the center device 2 side.

  Since it is assumed that the driver identifier is managed and operated by a centralized organization where the driver locator development entities meet each other, it is not possible to determine the driver identifier in a system suited to the management convenience of the center device 2 side. However, with the configuration of the seventh embodiment, a system convenient for the center apparatus 2 can be incorporated, and the permission setting of the software entity corresponding to the software identifier can be controlled while operating the software identifier.

<Eighth Embodiment>
FIG. 8 is a configuration diagram for explaining the eighth embodiment.

  FIG. 8 shows a software identifier for specifying a software entity, and macro-expression permission information in which permission is described by expressing the macro as a target for replacing information that is different in each home gateway with a specific value. A center device having identifier registration means for registering in association; software information and permission information transmission means for transmitting permission information including macro expression corresponding to the software identifier to the home gateway; and permission including software identifier and macro expression Macro information containing permission information acquiring means for acquiring information from the center device, permission information storing means for holding and storing the acquired macro expression containing permission information, and a macro that expands macro expressions to specific values Macro information management means for maintaining and managing expression expansion information locally, permission information generating means for generating permission information from permission information including macro expression and macro expression expansion information, permission information including macro expression or macro expression expansion Permission information regeneration means for regenerating permission information when information changes, and execution authority setting means for setting the execution authority of the software entity according to only the permission information generated by the permission information regeneration means. And having a home gateway.

  The environment of the home network where the home gateway 1 having such a configuration is installed generally differs for each home gateway. For example, even if device devices of the same vendor are installed on the home network and a software entity provided by the same vendor is installed on the home gateway 1, the IP address assigned to the device is different on each home network.

  If the permission setting is expressed as a restriction on access to a device having a predetermined IP address, even if the same device is installed and the same software entity is installed, the permission setting to be given to the software entity is different. It will be.

  In the eighth embodiment, a macro expression is incorporated into the content of the permission to be set, and the final permission setting is replaced with the macro expression by using local information managed by each home gateway 1, thereby allowing the center apparatus to The object is to simplify the permission management performed on the center apparatus 2 side by making the permission information for the software identifier of the software entity for controlling the device apparatus sent to each home gateway 1 from 2 the same.

  For this purpose, macro-expression-containing permission information 51 in which permissions are described by macro-representing information that is different in each home gateway 1 as a target to be replaced with a specific value later is managed on the center device 2 side.

  On the home gateway 1 side, the local information and the local information management 53 manage what value the macro expression portion specifically becomes.

  For example, when DHCP issues an IP address to a device apparatus, a specific IP address corresponding to the macro expression representing the “IP address representing the device apparatus” is managed and maintained as macro information expansion information 52.

  In addition, for example, for the same camera device 60 made by the same company A, one is assigned for monitoring the entrance and one for monitoring the pet on the other. In order to allocate a common use for measuring the total power consumption to a certain power sensor device, have the end user explicitly set which IP address corresponds to the device for each use You may make it manage and maintain.

  In the eighth embodiment, the center apparatus 2 side associates and registers a software identifier for identifying a software entity and permission information with macro expression, and permission information with macro expression corresponding to the software identifier. Is provided to the home gateway 1.

  On the other hand, the home gateway 1 side expands the macro expression to a specific value, means for acquiring the software identifier and permission information with macro expression from the center device 2, means for holding and storing the acquired permission information with macro expression, and the macro expression. Means for locally maintaining and managing the macro expression development information 52; means for generating permission information from the macro expression containing permission information 51 acquired and held from the center apparatus 2; and the macro expression development information 52 managed locally; Means for regenerating permission information when the permission information 51 with expression or the macro expression development information 52 changes, and means for setting the execution authority of the software entity according to only the generated permission information.

  First, on the center apparatus 2 side, a set of software identifier and permission information 51 with macro expression is associated and registered in the center apparatus 2.

  The registered software identifier and permission information 51 with macro expression are transmitted from the center apparatus 2 to the home gateway 1.

  When the home gateway 1 obtains the software identifier and permission information 51 with macro expression, it holds and stores permission information with macro expression.

  Further, the home gateway 1 locally maintains and manages correspondence information between macro expressions and specific values as macro expansion information 52.

  When either the macro expression permission information 51 acquired from the center apparatus 2 and stored and stored or the macro expansion information 52 maintained and managed locally is updated, the home gateway 1 promptly updates the macro expression. The portion is expanded using the macro expansion information 52 to generate completed permission information, and the access control is set according to the generated permission information.

  For example, the software identifier 1 corresponding to the monitoring software is expressed as “macro A-use a” as a macro that makes sense to use the camera 60 manufactured by company A for monitoring the entrance, and is also included in the pet management software. The corresponding software identifier 2 is expressed as “macro A-use b” as a macro that makes sense to use the camera 60 manufactured by company A for pet monitoring, and the software identifier 3 corresponding to the output management software includes When the power sensor 61 is sent to the home gateway 1 from the center device 61 as permission information containing macro expression expressed as “macro B” as a macro that makes sense to use for measuring the total electric energy, Each software entity is allowed to be replaced with the device IP address corresponding to the It is permission settings to access only to the device.

  As described above, by adopting the configuration of the eighth embodiment, in each home network in which each home gateway 1 is installed, information that is different in each home gateway 1 while being positioned in the same manner is macro-expanded. The information 52 can be solved on the gateway side, and the center apparatus 2 side only needs to send the permission information 51 including the macro expression in a unified expression without sending different permission information for each of the plurality of home gateways.

  Further, the home gateway 1 does not need to disclose the specific IP address assigned to each device device to the center device 2 side.

  In particular, an address such as an IP phone may be regarded as private information, and permission setting can be performed based on an instruction from the center device 2 without revealing such private information to the center device 2. . Further, the center device 2 does not need to collect and grasp information in the home network where each home gateway 1 is installed.

<Ninth embodiment>
FIG. 9 is a configuration diagram for explaining the ninth embodiment.

  FIG. 9 shows a software identifier for identifying the software entity, permission information for representing an execution authority given to the software entity operating on the home gateway, or an execution authority for the function provided by the software entity. In order to transmit the software identifier, the corresponding permission information and the uniquely defined permission information to the home gateway, the permission information registration means for registering the uniquely defined permission information defined by the software entity in association with the software identifier A permission information acquisition means, a permission information acquisition means for acquiring software identifiers, permission information and uniquely defined permission information from the center apparatus, and a perm acquired from the center apparatus. Execution authority setting means for setting the execution authority of a software entity only in accordance with application information and self-defined permission information, and whether the software entity has a self-defined permission when the software entity uses another software entity A home gateway having permission confirmation response means for responding to the confirmation inquiry is shown.

  A software entity that provides a service having such a configuration may use a uniquely defined permission in order to allow other software entities to use the provided service function. This is due to the following reason.

  The software entity that provides the function obtains permissions necessary for providing the function, for example, permission to access the file system or access outside via the network. Carefully check the contents of the software entity in advance to make sure that the software entity does not use the acquired permissions to access files or network access that are not necessary to provide the function. Thus, an operation is performed in which permission is granted only to a software entity having no problem.

  However, when another software entity uses the function provided by the software entity that provides the function, the using software entity also obtains the same permissions as the function providing side in order to execute the function. If this is the case, the software entity on the user side is also checked with the same degree of care as the software entity that provides the function, whether or not the software entity is misbehaving its permissions. It will be necessary.

  In this case, whether or not the contents of the software entity are appropriate is examined. Whether the software entity that provides the function is directly or indirectly, permission is granted to all the software entities on the user side to be used. You will have to carefully check for abuse.

  This would require a lot of work.

  In order to avoid this, only the software entity that provides the function needs to have permission to execute the function, and the side that provides the function does not require special permission from another software entity that uses the function. It is desirable to implement a software entity. In Java (registered trademark), by using the PrivilegedAction object, the function using side does not need to have permission.

  However, since the provided function is used unconditionally, it is often implemented so that only the software entity having the uniquely defined permission can use the provided function. For example, in Java (registered trademark), by inheriting the Permission class, you can define your own Permission class, and check whether the function-providing software entity has that unique permission on the function providing software entity side. Can do.

  This permission definition is shared between a program entity whose usage is restricted by its permission and another program entity that acquires its own permission authority and uses the functions provided by the program.

  When a certain function providing software entity provides a plurality of functions, it is possible to prepare a uniquely defined permission for each function.

  In addition, even when the permissions given to the software entity that provides the function are diverse and complex, the function using side can use the function only if it obtains only the unique permissions that are summarized and simplified.

  In this way, the uniquely defined permission can also be used in a software entity that handles a hard device and provides a function so that the function using the hard device can be used by another software entity. In other words, the permission corresponding to the special authority necessary to operate the hard device need only be given to the function-providing software entity that operates the hard device, and the hard device is operated only through the provided functions. However, the software entity on the user side only needs to acquire a uniquely defined permission that represents the authority to use the function, and can encapsulate permission management.

  Further, as shown in FIG. 9, resource instance objects 73 and 74 for handling each device are generated in association with different uniquely defined permissions for each of the same type of hard devices. By checking whether the software entity that called the method owns the self-defined permission associated with the self-instance object in the method to be used, the right to use the same type of device is limited to a specific software entity. You can also implement "instance permissions".

  For example, a software entity that handles two monitor cameras of the same model (devices 75 and 76) is normally assumed to be provided by a vendor that sells the monitor camera. A resource instance object corresponding to each monitor camera is generated by a software entity provided from the production vendor, and provides functions for other software entities.

  However, there are cases where it is desirable to have separate software entities that permit the operation function of the monitor camera, depending on the use of the same type of monitor camera.

  For example, a method call of a resource instance object for entrance monitoring may be handled only by a security service software entity, and a pet watching camera may be handled only by a monitoring service software entity. Such an operation can be easily performed by utilizing “instance permission” as a uniquely defined permission.

  Assuming the above usage forms, in the ninth embodiment, the center apparatus 2 has a uniquely defined permission as the execution authority to be given to the software entity in the permission information used in the first embodiment. In addition to information, there is provided means for registering in association with the software identifier.

  In the home gateway 1, means for acquiring permission information including the uniquely defined permission information from the center apparatus 2, means for setting the execution authority of the software entity including the uniquely defined permission information, and the software entity A means for receiving an inquiry as to whether or not the calling software entity owns the self-defined permission from the side and responding whether or not it is owned.

  The operation of the ninth embodiment will be described below assuming an example of the business flow.

  The providing vendor (device vendor) of the software provider on the function providing side assigns unique permission definitions (unique authority (1), unique authority (2)) to use the functions to the two resource instance objects 73 and 74. Each is associated and incorporated in the software entity 72.

  The providers 77 and 78 that provide the software entity service (1) and service (2) on the function use side exchange a usage contract with a device vendor to obtain a license for the creation of the software entity.

  The device vendor informs the operating entity of the home gateway software permission management system that the unique authority (1) may be given to the software identifier of the service (1) and the unique authority (2) may be given to the software identifier of the service (2). Report.

  On the other hand, each provider who provides the service (1) and the service (2) reports that the usage permission for the authority (1) and the authority (2) is received from the device vendor together with the software identifier of each service.

  The operating entity of the home gateway software permission management system gives the original permission of authority (1) to the software entity of the service (1) to the ACL 4 of the center apparatus 2 when reports of the provider side and the user side are completed. Unique permission information is registered in the software entity of the service (2) so as to grant the unique permission of the authority (2).

  Permission information including unique permission information is transmitted to the home gateway 1.

  The home gateway 1 sets the unique permission for the service identifier indicated by the transmitted permission information.

  When the function use side software entities (1) and (2) are operating, the permission setting is already completed.

  When the function providing side software entity 72 receives a function execution request from the function use side software entity 70 or 71, the software entity that intends to use the function possesses the uniquely defined permission associated with the function. The gateway (software entity) is inquired whether or not it exists. In response to the inquiry, the gateway responds whether or not the uniquely defined permission is set for the software identifier corresponding to the function-use software entity.

  If the unique permission is not set, the function providing side software entity refuses to execute the requested function. If the original permission is set, the requested function is executed.

  With the configuration of the ninth embodiment, it is possible to obtain an effect that the unique permission can be managed by the home gateway software permission management system in the same manner as the permission prepared in advance.

  Thereby, in particular, a separation is performed in which a resource instance object generated in association with a plurality of devices of the same type is assigned to a different software entity, and the assigned resource instance object cannot be accessed by the other software entity. Can be realized on an instance basis.

  The device vendor 79 accepts that the provider of the service (1) and the service (2) is permitted to acquire the authority (1) and authority (2) defined by the device vendor 79, and the provider of each service. However, when applying for a service including a unique permission as a permission to be given to the software identifier of each service, the device vendor 79 certainly grants the unique permission to the software identifier of the service for which the service provider is applying. The task of confirming permission can be systematized.

<Tenth Embodiment>
FIG. 10 is a configuration diagram for explaining the tenth embodiment.

  FIG. 10 shows correspondence information registration means for registering both the uniquely defined permission information and the correspondence information of the permission setting software identifier that identifies the software entity that is permitted to control the setting of the uniquely defined permission information. A center device having correspondence information transmission means for transmitting permission information and correspondence information to the home gateway, correspondence information acquisition means for obtaining correspondence information from the center device, and granting of uniquely defined permission and setting of confiscation A request to accept from a software entity a software identifier that identifies the target software entity for which permission is set as a request to perform other software entities, and a self-defined permission setting request that includes information on the self-defined permission Receiving For the set of the collecting means, the software identifier of the software entity that requested the setting of the uniquely defined permission, and the permission information specified in the request for setting the uniquely defined permission, And a permission setting software identifier, a correspondence determination means for determining whether or not there is a corresponding information, and a self-defined permission setting request only when the corresponding determination means determines that there is a corresponding information Shows a home gateway having grant / confiscation means for assigning or confiscating a self-defined permission requested to be set for a software entity designated as a setting target in FIG.

  Compared to the tenth embodiment configured as described above, in the ninth embodiment, permission information including uniquely defined permission information is transmitted to the home gateway 1, and permission setting on the home gateway 1 side is performed. Upon completion, it is determined to which software identifier the unique permission is assigned. As long as new permission information is not sent, the center device 2 does not change the setting contents of the permission.

  However, a device that exists on the home network is temporarily occupied by a certain software entity, but when the use of a function is completed, there is a case where it is desired to release the occupation and make it available to other software entities. is there.

  For example, a TV monitor as a device only needs to be occupied while a software entity that implements a videophone service makes a telephone call, or another TV entity that implements a recorded video playback service. Occupancy only needs to be occupied while watching video.

  In the configuration of the ninth embodiment, if this is attempted, the center apparatus 2 assigns the unique permission to the software identifier of the software entity that occupies and uses the device. You need to resend permission information. If the change of device occupancy is frequent, the permission setting processing load of the center apparatus 2 becomes large.

  Therefore, in the tenth embodiment, the function providing side that defines and sets the unique permission is limited to the unique permission in the act of assigning or stealing the unique permission to other software entities. The purpose is to enable software entities.

  In the tenth embodiment, in addition to the configuration of the ninth embodiment, on the center device 2 side, only the uniquely defined permission and the uniquely defined permission managed and managed by the own software entity are limited. In addition to permission information including self-defined permission information, means for registering the correspondence information with the software identifier of the self-defined permission setting that represents the software identifier of the software entity that is allowed to attach and detach permissions to other software entities In addition, the correspondence information between the uniquely defined permission and the permission setting software identifier is also provided to the home gateway 1, and the home gateway 1 side provides the unique information in addition to the permission information including the uniquely defined permission information from the center device 2. Definition -Identifying the software entity for which permission is to be set as a means to obtain correspondence information between mission and permission setting software identifiers from the center device 2 and as a request to assign a self-defined permission and set confiscation to other software entities A means for receiving a self-defined permission setting request with information on the software identifier and the self-defined permission from the software entity, and the software identifier of the software entity that requested the setting of the self-defined permission and the original request requested by the setting request for the self-defined permission Means for determining whether there is correspondence information between the uniquely defined permission information acquired from the center device 2 and the permission setting software identifier for the set of defined permission information Comprises means for performing specified by the software identifier as the setting target only by its own definition permission setting request where applicable, giving its own definition permissions set request to the software entity, or a set of forfeited.

  The operation in which the center device 2 transmits permission information including the unique permission to the home gateway 1 and sets the permission including the unique permission information on the home gateway 1 is the same as that of the ninth embodiment. In this case, the setting of the unique permission to the specific software identifier is directly performed by an instruction from the center apparatus 2.

  In the tenth embodiment, in addition to this, a setting related to a specific uniquely defined permission is authorized from the center apparatus 2 to the software entity that defines the uniquely defined permission that operates on the home gateway 1. Can be delegated.

  In order for a software entity on a function providing side to perform a setting operation on another software entity on the function using side having a unique permission necessary for using the provided function, first, in the center device 2, the function is provided. The software identifier of the software entity on the providing side is registered as the uniquely defined permission setting software identifier, and the correspondence information between the uniquely defined permission and the uniquely defined permission setting software identifier is registered in the uniquely defined permission management DB 81.

  This correspondence information is information indicating which software entity may perform the setting work related to the uniquely defined permission.

  The correspondence information between the uniquely defined permission and the uniquely defined permission setting software identifier is transmitted from the center device 2 to the home gateway 1, and the home gateway 1 obtains this correspondence information from the center device 2.

  If the software entity on the function providing side determines that it is necessary to grant a unique permission necessary for using the provided function to the other software using software entity, the software entity is notified to the home gateway 1. A request for setting a self-defined permission with a software identifier for specifying the permission information and permission information for setting is issued.

  When the home gateway 1 receives this uniquely-defined permission setting request, the home gateway 1 determines whether the software entity that has issued the uniquely-defined permission setting request, that is, the function providing side software entity is a software entity that can issue the uniquely-defined permission setting request. Referring to the correspondence information between the uniquely defined permission and the uniquely defined permission setting software identifier obtained from the center device 2, the information is checked.

  If the correspondence information between the self-defined permission and the self-defined permission setting software identifier does not include the identifier of the function-use software entity and the correspondence information of the self-defined permission requested to be set, the request for setting the self-defined permission is rejected.

  If it exists, the specified self-defined permission is set with respect to the software identifier of the function-use side software entity whose target is the self-defined permission that is transmitted along with the request for setting the self-defined permission. Thereafter, the function-use software entity operates with the authority according to the set self-defined permission.

  With the configuration of the tenth embodiment described above, the function providing side software entity can set the permission dynamically and flexibly at its own discretion with respect to the function using side software entity only for the uniquely defined permission. It can be carried out.

  This also eliminates the need for the center apparatus 2 to perform all setting instructions relating to the unique permissions, thereby reducing the processing load on the center apparatus 2 side.

  The first to tenth embodiments described above impose restrictions on the execution authority when the software entity operates in the software execution environment on the home gateway and the software identifier that identifies the software entity. For this purpose, there is provided means for transmitting “permission information” to be given to the software entity from the center device to the home gateway, and setting the permission on the home gateway side based only on the permission information sent from the center. It is said.

  Further, according to the present embodiment, the permission granted to the software entity operating on the home gateway can be remotely set from the center, and the information managed by each of the plurality of software entities sharing the same home gateway is the software entity. It can be prevented that they are pulled out from each other.

It is explanatory drawing for demonstrating the structure of 1st Embodiment. It is explanatory drawing for demonstrating the structure of 2nd Embodiment. It is explanatory drawing for demonstrating the structure of 3rd Embodiment. It is explanatory drawing for demonstrating the structure of 4th Embodiment. It is explanatory drawing for demonstrating the structure of 5th Embodiment. It is explanatory drawing for demonstrating the structure of 6th Embodiment. It is explanatory drawing for demonstrating the structure of 7th Embodiment. It is explanatory drawing for demonstrating the structure of 8th Embodiment. It is explanatory drawing for demonstrating the structure of 9th Embodiment. It is explanatory drawing for demonstrating the structure of 10th Embodiment. It is explanatory drawing for demonstrating the structure of the conventional system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Home gateway 2 ... Center apparatus 3, 4 ... ACL
10 ... Execution environment 20 ... Software distribution server 34 ... Device object

Claims (5)

In a home gateway software permission management system for operating a plurality of software entities provided by a service provider on the same home gateway at the same time,
And permission information registration means for registering said permission information to be executed permissions granted to the software entities running on the software identifier and the previous SL home gateway for identifying the software entity in association with said software entities ,
Identification information transmission means for transmitting the permission information corresponding to the software identifier and the software entity specified by the software identifier to the home gateway;
A center device having
Identification information acquisition means for acquiring the permission information corresponding to the software identifier specified by the software identifier and the software identifier from the center device;
Execution authority setting means for setting the execution authority of the software entity according to only the permission information acquired from the center device ;
Detecting that packaged software that is inseparably packaged by combining the software entity, the software identifier, and permission information permitted by the operating entity of the center apparatus is installed on the home gateway Installation detection means;
Identifier obtaining means for obtaining the software identifier from the installed packaged software;
Permission information extraction means for extracting the permission information permitted by the operating entity of the center device from the packaged software;
Permission information confirmation means for confirming whether or not there is permission setting by the permission information acquired from the center device corresponding to the software identifier;
Setting means for performing permission setting based on the permission information extracted from the packaged software when there is no permission setting by the permission information acquired from the center device;
Suppressing the activation of the packaged software installed until the permission setting based on the permission information retrieved from the packaged software is completed by confirming the existence of the permission settings based on the permission information acquired from the center device Start-up suppression means for
A home gateway having
A home gateway software permission management system comprising: In a home gateway software permission management system for operating a plurality of software entities provided by a service provider on the same home gateway at the same time,
The home gateway
Device management software for registering a device object together with device category information representing attribute information of the device object ;
A driver locator software for identifying a driver identifier of a driver software entity conforming to the device object based on the device category information, and acquiring the driver software entity in response to a driver software request accompanied by the driver identifier;
Is installed,
A driver identifier that is inseparably packaged in the driver locator software, a software identifier that is a combination of the prefix identifier and a driver identifier organized in the driver locator software, and the driver software entity that runs on the home gateway Permission information registration means for registering permission information to be an execution authority given to the driver software entity in association with the permission information,
Identification information transmission means for transmitting the permission information corresponding to the software identifier and the software entity specified by the software identifier to the home gateway;
A center device having
Identification information obtaining means for obtaining the permission information corresponding to the software identifier specified by the software identifier and the software identifier from the center device;
Execution authority setting means for setting the execution authority of the software entity according to only the permission information acquired from the center device;
Device category information acquisition means for acquiring the device category information from the device object registered by the device management software;
A driver identifier response means for giving the device category information to the driver locator software and causing the driver identifier to respond;
Driver software entity acquisition means for giving the driver identifier to the driver locator software and acquiring the driver software entity operating in cooperation with the device object;
Prefix identifier obtaining means for obtaining the prefix identifier inseparably packaged in the driver locator software from the driver locator software;
Software identifier generation means for generating the software identifier from the prefix identifier and the driver identifier;
Starting means for installing and starting as corresponding to the software identifier that generated the driver software entity;
The home gateway comprising:
A home gateway software permission management system comprising: In a home gateway software permission management system for operating a plurality of software entities provided by a service provider on the same home gateway at the same time,
The home gateway
Device management software for registering a device object together with device category information representing attribute information of the device object ;
A driver locator software for identifying a driver identifier of a driver software entity conforming to the device object based on the device category information, and acquiring the driver software entity in response to a driver software request accompanied by the driver identifier;
Is installed,
The software identifier of the driver software organized so that the software identifier can be uniquely searched using the driver identifier that defines the driver software entity as a key, and the driver software entity that operates on the home gateway and is acquired by the driver locator software Permission information registration means for registering permission information to be given execution authority in association with the driver software entity;
Identification information transmission means for transmitting the permission information corresponding to the software identifier and the software entity specified by the software identifier to the home gateway;
A center device having
Identification information acquisition means for acquiring the permission information corresponding to the software identifier specified by the software identifier and the software identifier from the center device;
Execution authority setting means for setting the execution authority of the software entity according to only the permission information acquired from the center device;
Device category information acquisition means for acquiring device category information from a device object registered by the device management software;
Driver identifier acquisition means for giving the device category information to the driver locator software and causing the driver identifier to respond;
Driver software entity acquisition means for giving the driver identifier to the driver locator software and acquiring the driver software entity operating in cooperation with the device object;
Means for uniquely identifying a software identifier by searching for the software identifier of the permission information acquired from the center device using the driver identifier as a key;
Starting means for installing and starting the driver software entity as corresponding to the software identifier specified by the search;
The home gateway comprising:
A home gateway software permission management system comprising: In a home gateway software permission management system for operating a plurality of software entities provided by a service provider on the same home gateway at the same time,
A software identifier for identifying the software entity, permission information for representing an execution authority given to the software entity operating on the home gateway, or an execution authority of a function provided by the software entity Permission information registration means for registering the software entity with the self-defined permission information defined by itself,
And permission information transduction means for transmitting said own definition permission information and the permission information corresponding to the software entity that is identified by the software identifier and the software identifier to said home gateway,
A center device having
Permission information acquisition means for acquiring the software identifier, the permission information and the uniquely defined permission information from the center device;
Execution authority setting means for setting the execution authority of the software entity only in accordance with the permission information and the uniquely defined permission information acquired from the center device;
When the software entity uses another software entity, permission confirmation response means for responding to a confirmation inquiry as to whether the software entity has the uniquely defined permission;
The home gateway comprising:
A home gateway software permission management system comprising: Corresponding information registration means for registering together the uniquely defined permission information and the corresponding information of the permission setting software identifier that identifies the software entity that permits the setting control of the uniquely defined permission information;
Correspondence information transmission means for transmitting the uniquely defined permission information and the correspondence information to the home gateway;
A center device having
Correspondence information acquisition means for acquiring the correspondence information from the center device;
A request for setting a self-defined permission with information on a software identifier for specifying the software entity for which permission is to be set, and information on the self-defined permission, as a request for setting the confiscated permission and confiscation to another software entity And a setting request receiving means for receiving from the software entity,
The uniquely defined permission information acquired from the center device for a set of the software identifier of the software entity that has requested the uniquely defined permission setting and the permission information specified in the uniquely defined permission setting request. And correspondence determination means for determining whether there is any corresponding information between the permission setting software identifier and the permission setting software identifier,
Only when it is determined that there is a corresponding one in the correspondence determining means, for the software entity specified by the software identifier as a setting target in the uniquely defined permission setting request, Grant and confiscation means for setting grant or confiscation,
The home gateway comprising:
The home gateway software permission management system according to claim 4 , further comprising:

Images