JP4713420B2 - Communication system and network device sharing method - Google Patents

Description

  The present invention provides a communication system capable of remotely operating a network device such as a network home appliance connected to a private network from a network home appliance connected to another private network via the global network, and sharing of the network device It is about the method.

  In the conventional communication system, in the communication connection of the device between the two bases, it was able to communicate with the device connected under the communication partner side router, etc., what kind of content the device has, There was no need to view what kind of device it was from the base on the external network side. However, with the spread of home appliances with network communication functions (hereinafter also referred to as “network home appliances”), users can watch videos held by network home appliances and personal computers (PCs) at home (home), There is an increasing need to view images held in one place in another place.

  Currently, there is a method of establishing a VPN (Virtual Private Network) between user homes as a method for realizing remote operation for network home appliances. However, when VPN devices are used to connect user premises, there is a possibility that the IP addresses of network devices installed inside the premises overlap.

  For example, FIG. 14 is a diagram illustrating a configuration example of a system for operating a home network home appliance from a remote location. In the system shown in FIG. 14, the VPN apparatus 1 </ b> A is installed in the user (1) house 410, and the VPN apparatus 2 </ b> A is installed in the user (2) house 420. The VPN device 1A and the VPN device 2A have a BBR (BroadBand router) function, and are equipped with a proxy function for communication connection of network home appliances, and are devices for connecting to network home appliances in remote locations. These VPN devices 1A and 2A are connected by a multipoint network (regional network) with an IPv4 address. With such a configuration, the VPN device 1A and the VPN device 2A are interconnected.

  Then, the VPN device 1A allocates a private network address (IPv4 address) to the network TV 411, HDD-Rec (hard disk recorder) 412, network camera 413, and PC (personal computer) 414 in the user (1) home 410, and VPN The device 2A is configured to allocate a private network address (IPv4 address) to the media player 421 in the user (2) home 420 and identify each network home appliance in each private network.

  However, in such a configuration, the VPN device 1A and the VPN device 2A each independently allocate the IPv4 address of the private network, so for example, the HDD-Re 412 in the user (1) 410 home and the user (2) home 420 There is a possibility that the same IPv4 address (192.168.1.30) is duplicated and assigned to the media player 421 in the media player 421 and batting occurs. As described above, when the IPv4 address is allocated to a plurality of network home appliances, it is impossible to access the network home appliances having the duplicate private addresses. For this reason, the problem that it is difficult to specify the control object apparatus which can be operated remotely arises.

  In addition, there exists a network home appliance remote control system of the prior art, its method, and an authentication system (refer patent document 1). This network home appliance remote operation system of the prior art relates to a system for remotely operating home appliances corresponding to a network, and more particularly to a technology for improving safety in authentication processing in a communication system.

However, the prior art disclosed in Patent Document 1 does not attempt to solve the problem resulting from the private network address batting as described above.
JP 2003-179699 A

  As described above, there has been proposed a technique for operating a network device such as a network home appliance connected to a private network in the house from the outside. However, it is the same as the address system of the network device connected to the private network of the communication partner and the network device connected to the private network of the communication source (private network address system represented by the network address and subnet mask). If the private address is included, the network device connected to the other party's network cannot be distinguished from the network device connected to the source network, and the destination network device is identified from the source. The problem was difficult.

  The present invention has been made in order to solve such a problem, and an object of the present invention is to provide a network device connected to a private network of a communication partner and a private network device connected to the private network of the communication source. It is possible to avoid problems caused by including the same private address in the address, and to view what content is held in the network device connected to the private network of the communication partner, It is an object of the present invention to provide a communication system capable of reproducing content held by a network device of a communication partner, and a network device sharing method.

The present invention has been made to solve the above problems, and the communication system according to the present invention includes a device X connected to one private network and a device Y connected to the other private network. Between the communication connection control device X connected to the one private network and the communication connection control device Y connected to the other private network. In the communication system to be connected, the communication connection control device X stores the private network address of the device X and the global network address corresponding to the private network address in association with each other. Network address and device X An address conversion table for storing correspondence between the virtual private network address of the device Y in connection to private networks, holding means for holding the virtual private network address of the device Y as a private network address of the communication connection control unit X In the communication connection from the device X to the device Y, the communication source address of the communication data in the communication connection is converted from the private network address of the device X to the global network address of the device X, and the communication data In the communication connection from the device Y to the device X, the communication destination address is converted from the virtual private network address of the device Y to the global network address of the device Y. A communication source address of communication data is converted from a global network address of the device Y to a virtual private network address of the device Y, and a communication destination address of the communication data is converted from a global network address of the device X to the private network of the device X. The communication connection control device Y stores the private network address of the device Y in association with the global network address corresponding to the private network address, and the device an address conversion table global network address and the device Y of X is stored in association with each virtual private network address of the device X in the connected private network, the In the communication connection from the device X to the device Y , holding means for holding the virtual private network address of the device X as the private network address of the communication connection control device Y, and the communication source address of the communication data in the communication connection From the global network address of the device X to the virtual private network address of the device X, the communication destination address of communication data is converted from the global network address of the device Y to the private network address of the device Y, and from the device Y In the communication connection of the device X, the communication source address of communication data in the communication connection is converted from the private network address of the device Y to the global network address of the device Y, and communication of communication data is performed. Characterized in that it comprises an address conversion means for converting an address from a virtual private network address of the device X to the global network address of the device X, the.
In the communication system having such a configuration, the communication connection control device X that communicates and connects the device X via a private network (for example, an IPv4 network) and the communication connection control device Y that communicates and connects the device Y via a private network are connected to the global network. (For example, an IPv6 network). In the communication connection control device X, the private network address of the device X is associated with the global network address, and the virtual private network address of the device Y is associated with the global network address and stored in the address conversion table. Then, in the communication connection from the device X to the device Y, the communication connection control device X converts the communication source address from the private network address of the device X to the global network address of the device X, and the communication destination address is the virtual address of the device Y. Converts the private network address from the device Y to the global network address of the device Y. In the communication connection from the device Y to the device X, converts the communication source address from the global network address of the device Y to the virtual private network address of the device Y, and performs communication. The destination address is converted from the global network address of the device X to the private network address of the device X. The communication connection control device Y is also provided with a similar address conversion function.
As a result, the same private address is duplicated in the private network address of the device connected to the private network of the communication source and the private network address of the device connected to the private network of the communication partner. Address batting problems that occur when For this reason, it becomes possible to specify a device connected to one private network and remotely control the device connected to the other private network.

The communication system of the present invention includes an authentication server, and the authentication server specifies a private network to which the communication source device X is connected and a private network to which the communication destination device Y is connected. Communication target network designation accepting means for accepting communication, authentication request means for making an authentication request to the management terminal of the private network to which the communication destination device Y is connected, and communication permission as a response to the authentication request from the management terminal An authentication result judging means for judging whether or not information has been received, and the communication connection of the private network to which the communication source device X is connected when information indicating communication permission is received as a response to the authentication request For the control device X, the global network address of the communication connection control device Y as the communication connection partner. Connection partner notifying means for notifying the communication connection control device Y of the global network address of the communication connection control device X as a communication connection partner, the communication connection control device X, And each of the communication connection control devices Y includes first address conversion means for converting a private network address of a device connected to the own device into a global network address based on a predetermined conversion method; Address notification means for transmitting a global network address after conversion of a device connected to the subordinate to a global network address of a communication connection partner notified from the authentication server, and a global network received from the communication connection partner Set the address of the device connected to the local device. A Lee Bate network address and the address of the system, characterized in that it comprises a second address converting means for converting to any of the virtual private network address that is not being utilized.
In the communication system having such a configuration, the authentication server accepts the designation of the private network to which the communication source device X is connected and the designation of the private network to which the communication destination device Y is connected. Then, an authentication request is made to a management terminal (such as a mobile phone) of a private network to which the communication destination device Y is connected, and when communication permission information is received, communication connection to the communication connection control device X is established. The global network address of the control device Y is notified, and the global network address of the communication connection control device X is notified to the communication connection control device Y. Further, each of the communication connection control device X and the communication connection control device Y converts the private network address of the subordinate device into a global network address, and the communication network partner of the communication connection partner that has received the notification from the authentication server. Send to the global network address. In addition, the global network address received from the communication partner is converted into a virtual private network address having the same system as the private network address of the device connected under the communication.
As a result, the communication connection control devices that can communicate and communicate with each other by the authentication of the authentication server notify each other of the information on the devices under their control, and the devices under the communication connection control device of the other party are communicated to their own communication connection control devices. It can be converted to a virtual address with the same address system as the devices under the control of.

Further, in the communication system of the present invention, the communication source device X includes content list inquiry means for transmitting inquiry information on whether or not the content list is held to the communication destination device Y, and the communication destination device Y is Based on the reception of the inquiry information about whether or not the content list is held, the content list has a content list that stores at least the private network address of the device Y and the content identification information as the location of each content. The communication connection control device X relays the content list returned from the device Y to the device X to the device X. When transferring, the device Y listed in the content list The Lee Bate network address, characterized in that it comprises an address rewriting means for rewriting the virtual private network address of the device Y.
With such a configuration, the communication source device X transmits inquiry information about whether or not the content list is held to the communication destination device Y, and the communication destination device Y is based on reception of the inquiry information about whether or not the content list is held. Then, a content list including the private network address of the device Y and the content identification information is returned. When the communication connection control device X relays and forwards the content list returned from the device Y to the device X to the device X, the communication connection control device X uses the private network address of the device Y described in the content list as a virtual of the device Y. Rewrite the private network address.
As a result, it is possible to view what content is held in the network device connected to the private network of the communication partner, and to reproduce the content held by the network device of the communication partner. It becomes like this.

Also, the network device sharing method of the present invention provides two communication connection controls in which a device X connected to one private network and a device Y connected to the other private network are connected via a global network. Network device sharing method in a communication system that is connected by relay between a communication connection control device X connected to the one private network and a communication connection control device Y connected to the other private network The controller in the communication connection control device X stores the private network address of the device X in association with the global network address corresponding to the private network address, and also stores the global network of the device Y. Address And the device X and procedures that holds the address conversion table is stored in association with the virtual private network address of the device Y in the connected private network, the device Y said communication connection controller a virtual private network address of X In the communication connection from the device X to the device Y, the communication source address of the communication data in the communication connection is changed from the private network address of the device X to the global network address of the device X. The communication destination address of the communication data is converted from the virtual private network address of the device Y to the global network address of the device Y, and the communication connection from the device Y to the device X is performed. The communication source address of communication data in the communication connection is converted from the global network address of the device Y to the virtual private network address of the device Y, and the communication destination address of the communication data is converted to the global network address of the device X. Is converted to a private network address of the device X, and a control unit in the communication connection control device Y performs a private network address of the device Y and a global network address corresponding to the private network address. And the global network address of the device X and the virtual private network address of the device X in the private network to which the device Y is connected. A procedure for holding an address conversion table to be stored, a procedure for holding the virtual private network address of the device X as a private network address of the communication connection control device Y, and a communication connection from the device X to the device Y Converts the communication source address of communication data in the communication connection from the global network address of the device X to the virtual private network address of the device X, and converts the communication destination address of communication data from the global network address of the device Y to the device In the communication connection from the device Y to the device X, the communication source address of the communication data in the communication connection is changed from the private network address of the device Y to the global address of the device Y. Converted into Bal network address, the address conversion procedure for converting the destination address of the communication data from the virtual private network address of the device X to the global network address of the device X, it is characterized in that is carried out.
By such a procedure, the communication connection control device X that communicates and connects the device X with a private network (for example, IPv4 network) and the communication connection control device Y that communicates and connects the device Y with a private network are connected to the global network (for example, IPv6). Network). In the communication connection control device X, the private network address of the device X is associated with the global network address, and the virtual private network address of the device Y is associated with the global network address and stored in the address conversion table. Then, in the communication connection from the device X to the device Y, the communication connection control device X converts the communication source address from the private network address of the device X to the global network address of the device X, and the communication destination address is the virtual address of the device Y. Converts the private network address from the device Y to the global network address of the device Y. In the communication connection from the device Y to the device X, converts the communication source address from the global network address of the device Y to the virtual private network address of the device Y, and performs communication. The destination address is converted from the global network address of the device X to the private network address of the device X. The communication connection control device Y is also provided with a similar address conversion function.
As a result, the same private address is duplicated in the private network address of the device connected to the private network of the communication source and the private network address of the device connected to the private network of the communication partner. Address batting problems that occur when For this reason, it becomes possible to specify a device connected to one private network and remotely control the device connected to the other private network.

Further, the network device sharing method of the present invention includes an authentication server, and the control unit in the authentication server specifies the private network to which the device X as the communication source is connected and the device Y as the communication destination. A communication target network designation receiving procedure for accepting designation of a connected private network, an authentication request procedure for making an authentication request to a management terminal of a private network to which the communication destination device Y is connected, and the authentication request from the management terminal Authentication result determination procedure for determining whether or not information indicating communication permission is received as a response to the request, and information indicating communication permission is received as a response to the authentication request, the communication source device X is connected. For the communication connection control device X in the private network, the communication connection control device Y as a communication connection partner A connection partner notification procedure for notifying a global network address and notifying the communication connection control device Y of a global network address of the communication connection control device X as a communication connection partner, and performing the communication connection First address conversion for converting the private network address of the device connected under its own device into a global network address based on a predetermined conversion method by the respective control units of the control device X and the communication connection control device Y An address notification procedure for transmitting a global network address after conversion of a device connected to the own device to the global network address of a communication connection partner notified from the authentication server; and the communication connection Global network address received from the other party A second address conversion procedure for converting an address to an arbitrary virtual private network address that is not used and has the same system as the private network address of a device connected to the device itself It is characterized by.
By such a procedure, the authentication server accepts the designation of the private network to which the communication source device X is connected and the designation of the private network to which the communication destination device Y is connected. Then, an authentication request is made to a management terminal (such as a mobile phone) of a private network to which the communication destination device Y is connected, and when communication permission information is received, communication connection to the communication connection control device X is established. The global network address of the control device Y is notified, and the global network address of the communication connection control device X is notified to the communication connection control device Y. Further, each of the communication connection control device X and the communication connection control device Y converts the private network address of the subordinate device into a global network address, and the communication network partner of the communication connection partner that has received the notification from the authentication server. Send to the global network address. In addition, the global network address received from the communication partner is converted into a virtual private network address having the same system as the private network address of the device connected under the communication.
As a result, the communication connection control devices that can communicate and communicate with each other by the authentication of the authentication server notify each other of the information on the devices under their control, and the devices under the communication connection control device of the other party are communicated to their own communication connection control devices. It can be converted to a virtual address with the same address system as the devices under the control of.

In the network device sharing method of the present invention, a content list inquiry procedure is performed by the control unit in the communication source device X to transmit inquiry information about whether or not the content list is held to the communication destination device Y. Based on reception of the inquiry information about whether or not the content list is held by the control unit in the communication destination device Y, at least the private network address of the device Y and the content identification information as the location of each content in the content list Is stored, a content list reply procedure for returning the content list to the device X is performed, and the control unit in the communication connection control device X performs the device Y The content list sent back from the device X to the device X is relayed to the device X. When it is characterized in that the private network address of the device Y that is described in the content list, address rewriting procedure rewrites the virtual private network address of the device Y is performed.
By such a procedure, the communication source device X transmits inquiry information about whether or not the content list is held to the communication destination device Y, and the communication destination device Y is based on reception of the inquiry information about whether or not the content list is held. Then, a content list including the private network address of the device Y and the content identification information is returned. When the communication connection control device X relays and forwards the content list returned from the device Y to the device X to the device X, the communication connection control device X uses the private network address of the device Y described in the content list as a virtual of the device Y. Rewrite the private network address.
As a result, it is possible to view what content is held in the network device connected to the private network of the communication partner, and to reproduce the content held by the network device of the communication partner. It becomes like this.

  According to the communication system of the present invention, the private network address of a network device (network home appliance, etc.) connected to the private network of the communication source, and the private network address of the network device connected to the private network of the communication partner Therefore, it is possible to avoid an address batting problem that occurs when the same private address is included in duplicate.

  Further, it is possible to browse what content is held in the network device connected to the private network of the communication partner, and to play back the content held by the network device of the communication partner. become. For this reason, the connected network device is emulated as if it is at home, and can be operated as a home network device.

  Next, the best mode for carrying out the present invention will be described with reference to the drawings.

[Description of configuration example and outline of communication system according to the present invention]
FIG. 1 is a diagram for explaining a configuration example of a communication system according to the present invention and a network communication function of a home appliance router. As shown in FIG. 1, the communication system of the present invention includes a home appliance router (1) 1 which is a communication connection control device for configuring a private network (LAN) and a communication connection for configuring a private network (LAN). A home appliance router (2) 2 which is a control device and an authentication server 3 are connected by a global network (WAN: IPv6 network) 4, and the home appliance router (1) 1 on the IPv6 network is connected to the authentication server 3. The IPv6 address of the home appliance router (2) 2 is held. In the example shown in FIG. 1, only two home appliance routers (1) 1 and (2) 2 are illustrated as home appliance routers. However, in reality, a larger number of home appliance routers are global. Connected to the network 4.
(Hereinafter, the home appliance router (1) 1 is also simply referred to as “home appliance router (1)” and the home appliance router (2) 2 is also referred to as “home appliance router (2)”.)

Further, network appliances (A) 11, network appliances (B) 12, and network appliances (C) 13 are connected to the private network (LAN) 10 side of the appliance router (1) 1, and the appliance router (2). A network home appliance (1) 21, a network home appliance (2) 22, and a network home appliance (3) 23 are connected to the private network (LAN) 20 side. The home appliance router (1) 1 and the home appliance router (2) 2 constitute private networks 10 and 20 by assigning IPv4 addresses to each network device (network home appliance) under the router, and the home appliance router global network (WAN ) Side holds the Ipv6 address generated based on the MAC address of each network home appliance.
(Hereinafter, network home appliance (A) 11 is simply “home appliance (A)”, network home appliance (B) 12 is “home appliance (B)”, and network home appliance (C) 13 is “home appliance (C)”. Network home appliance (1) 21 is also referred to as “home appliance (1)”, network home appliance (2) 22 is also referred to as “home appliance (2)”, and network home appliance (C) 23 is also referred to as “home appliance (3)”.

  For example, in the home appliance router (1), an IPv4 address (192.168.0.10) is allocated as a private network address to the subordinate home appliance (A), and an IPv4 address (192.168.0.20) is assigned to the home appliance (B). And a private network (LAN) is configured by allocating an IPv4 address (192.168.0.30) to the home appliance (C). Similarly, the home appliance router (2) allocates an IPv4 address (192.168.0.40) as a private network address to the subordinate home appliance (1) and an IPv4 address (192.168.8.0.) To the home appliance (2). 50) and an IPv4 address (192.168.0.60) is allocated to the home appliance (3) to form a private network (LAN).

  The home appliance routers (1) and (2) convert the private network address of the network home appliance connected to the own device into a global network address by a predetermined conversion method. In this conversion method, the home appliance routers (1) and (2) store the address system of the global network (WAN side: IPv6 network) in advance, and the information on the host part of the address system of the global network A value converted from the MAC address is used.

  For example, the home appliance router (1) converts a private network address (IPv4 address) into a global network address (IPv6 address) based on the MAC address of each home appliance (A), (B), (C) and holds it. . That is, the IPv4 address (192.168.0.10) of the home appliance (A) is converted into an IPv6 address (2001: 0200 :: 020D: 60ff: fe00: 0010), and the IPv4 address (192.192) of the home appliance (B) is converted. 168.0.20) is converted into an IPv6 address (2001: 0200 :: 020D: 60ff: fe00: 0020), and the IPv4 address (192.168.0.30) of the home appliance (C) is converted into an IPv6 address (2001). : 0200 :: 020D: 60ff: fe00: 0030), and hold the IPv6 address in the home appliance router (1), respectively.

The upper 12 bytes (2001: 0200 :: 020D: 60ff) in this IPv6 address are common address data assigned to identify this global network, and the lower 4 bytes are the MAC address unique to the network home appliance. It becomes the address data of the host generated based on this.
(Because the upper 12 bytes of the IPv6 address are common, the upper 12 bytes of the IPv6 address are omitted in the following description, and only the lower 4 bytes are used (the same applies to the drawings).)

  Similarly, the home appliance router (2) converts the IPv4 address into an IPv6 address based on the MAC addresses of the home appliances (1), (2), and (3) and holds them. That is, the IPv4 address (192.168.0.40) of the home appliance (1) is converted into an IPv6 address (fe00: 0040), and the IPv4 address (192.168.0.50) of the home appliance (2) is converted to IPv6. The address (fe00: 0050) is converted, the IPv4 address (192.168.0.60) of the home appliance (3) is converted to the IPv6 address (fe00: 0060), and the IPv6 address is converted into the home appliance router (2). Hold.

  In the configuration described above, the authentication server 3 can be used to identify the home appliance router (1) of the connection source and the home appliance router (2) of the connection destination (details of this connection designation method will be described later). Then, the IPv6 addresses of the home appliance router (1) and home appliance router (2) designated for connection are notified from the authentication server 3 to both home appliance routers (1) and (2). The home appliance routers (1) and (2) are connected to each other on the basis of the IPv6 address notified from the authentication server 3, obtain the IPv6 address of the network home appliance under the connection from the home appliance router of the connection partner, and obtain this IPv6 address. , It is converted into a pseudo IPv4 address that does not overlap with network home appliances in the private network address of its own router.

  For example, in the home appliance router (1), the pseudo IPv4 address (192.168.0.201) of the home appliance (1) based on the IPv6 address (fe00: 0040) of the home appliance (1) received from the home appliance router (2). Based on the IPv6 address (fe00: 0050) of the home appliance (2), a pseudo IPv4 address (192.168.0.202) of the home appliance (2) is generated, and the IPv6 address (fe00 of the home appliance (3) is generated. : 0060), a pseudo IPv4 address (192.168.0.203) of the home appliance (3) is generated. The correspondence data between the IPv4 address and the IPv6 address generated in this way is held in each home appliance router (1) and home appliance router (2) as an address conversion table.

  For example, the home appliance router (1) holds an address conversion table 14. The address conversion table 14 includes an IPv4 address (192.168.0.10) of the home appliance (A) under the home appliance router (1) and an IPv4 address (192.168.0.20) of the home appliance (B). Together with the IPv4 address (192.168.0.30) of the home appliance (C), the pseudo IPv4 address (192, 168.0.201) of the home appliance (1) under the home appliance router (2) of the connection partner, The pseudo IPv4 address (192.168.0.202) of the home appliance (2) and the pseudo IPv4 address (192.168.0.203) of the home appliance (3) are registered. Also, the MAC address and IPv6 address corresponding to each IPv4 address are registered, and if desired, the origin IPv4 of the home appliances (1), (2), (3) under the connection home appliance router (2). An address is also registered.

  In this way, the home appliance router (1) and the home appliance router (2) communicate with the network home appliances in the user's home using the IPv4 address, and the connection destination home appliance router is held on the WAN side of the home appliance router. Communicate with the specified IPv6 address. As a result, the home appliance (A) and the like under the home appliance router (1) can access the home appliance (1) and the like under the home appliance router (2) using the IPv4 address. In addition, the same address as the private network address of the home appliance (A) is duplicated in the private network address of the home appliance (1), (2), (3) connected to the private network of the home appliance router (2). The address batting problem that occurs when it is included can also be avoided.

  In the communication system of the present invention, in order to inquire whether there is a network home appliance having a network communication function under each home appliance router (1) and home appliance router (2), SSDP (Simple Service Discovery Protocol) is used. ) Function, and it is configured so that a network home appliance can be found using a multicast address and a content list held by the network home appliance can be acquired (details of this processing will be described later) ).

  As a result, it is possible to view what content is held in the network home appliance connected to the private network of the communication partner, and to reproduce the content held by the network home appliance of the communication partner. It becomes like this.

Next, a method for setting connection between home appliance routers will be described.
FIG. 2 is a diagram for explaining a method for setting connection to the home appliance router. In FIG. 2, the authentication server 3 holds binding information of IPv6 addresses and user identification numbers (Fdn name, etc.) of the home appliance router (1) and home appliance router (2). In addition, when information on a partner (home appliance router) that the user wants to connect to is input using a mobile phone or the like, the authentication server 3 receives IPv6 of the home appliance router and the counterpart home appliance router. It is configured to notify address information. The procedure will be described below with reference to FIG.

  When connecting from the home appliance router (1) of the connection source to the home appliance router (2) of the connection partner for the first time, the mobile phone 31 logs into the authentication server 3 and registers the connection partner (step S1). Next, the authentication server 3 contacts the management terminal of the connection partner (in this example, the mobile phone 32) by e-mail or telephone, and the connection partner approves (by e-mail, telephone, Web, etc.). Obtain (step S2).

  When the approval is received from the connection partner, information (global network address: IPv6) of the connection partner is set from the authentication server 3 to the home appliance router (1) and the home appliance router (2) (step S3). Further, this connection partner information is held in the authentication server 3 as a connection permission list to be described later.

  When the connection between the home appliance router (1) and the home appliance router (2) is set in this way, the home appliance router (2) is connected to the subordinate home appliance (1), home appliance (2), and home appliance (3) by IPv4. An address (address shown in frame 1) is converted into an IPv6 address (address shown in frame 2), and home appliance (1), home appliance (2), and home appliance (3) subordinate to the connected home appliance router (1) The IPv6 address is notified (step S4).

  The home appliance router (1) automatically converts the IPv6 addresses of the home appliance (1), home appliance (2), and home appliance (3) received from the home appliance router (2) into pseudo IPv4 addresses (addresses shown in the frame 3). Is held in the LAN side port of the home appliance router (1) (step S5).

  FIG. 3 is a diagram illustrating an example of packet address translation in the home appliance router. In the example shown in FIG. 3, in the network configuration shown in FIG. 3D, communication data packets are sent from the home appliance (A) under the home appliance router (1) to the home appliance (1) under the home appliance router (2). An example of transmission is shown.

  First, the packet 41 with the IPv4 address shown in FIG. 3A is transmitted from the home appliance (A) to the home appliance router (1). The source IP of this packet is an IPv4 address (192.168.0.10), and the destination IP is a pseudo IPv4 address (192.168.0.201). Further, this is accompanied by the MAC address (00: 0D: 60: 00: 10) of the home appliance (A) as the transmission source and the MAC address of the home appliance router (1).

  The home appliance router (1) converts the IPv4 address of the packet 41 received from the home appliance (A) into an IPv6 address, and generates a packet 42 on the IPv6 network shown in FIG. The source IP of this packet is “fe00: 0010” and the destination IP is “fe00: 0040”. This is accompanied by the MAC address of the home appliance router (1) and the MAC address of the home appliance router (2).

  The home appliance router (2) converts the IPv6 address of the packet received from the home appliance router (1) into an IPv4 address, and generates a packet 43 on the IPv4 network shown in FIG. The source IP of this packet is the pseudo IPv4 address “192.168.0.201”, and the destination IP is “192.168.0.40”. This is accompanied by the MAC address of the home appliance router (2) and the MAC address of the home appliance (1).

  In this manner, the IPv4 address and the IPv6 address in the packet are automatically converted according to the address conversion table by the address conversion function of the home appliance router (1) and the home appliance router (2), so that address batting in the private network address is performed. The data can be transmitted from the home appliance (A) to the home appliance (1) without causing the above problem.

[Description of Processing Procedure in Communication System of the Present Invention]
Next, the flow of processing in the above-described communication system will be described in detail. As described above, the home appliance router (1) and the home appliance router (2) have a private network address (IPv4 address) of the network home appliance and a global network address (IPv6 address) corresponding to the private network address (IPv4 address). It is assumed that the address conversion table is provided.

(Explanation of authentication procedure)
First, in the communication system of the present invention, an authentication procedure between the home appliance router (1) of the connection source and the home appliance router (2) of the connection partner will be described. FIG. 4 is a diagram showing a procedure of authentication processing in the communication system of the present invention. Hereinafter, the processing procedure will be described with reference to FIG.

  First, a user (1) 's mobile phone logs in by inputting his Fdn number (ID number for identifying the user) and password to the authentication server 3 via Web-IF (step S101). After logging in to the authentication server 3, a new connection button is clicked on the connection partner selection screen on the Web screen provided by the authentication server 3 (step S102). Then, after inputting the Fdn number of the connection partner user (2) on the Web screen, the home appliance disclosure check box is turned on to set an access request (step S103).

  For example, as shown in the example of the user (1) setting item in FIG. 7, after the user (1) inputs his Fdn number “11111” and password “aaa” on the Web screen 51 and logs in to the authentication server 3. After selecting a new connection on the Web screen 52, the user name “User2” and the partner Fdn number (ID) “22222” of the connection partner are input to the pop-up menu screen 53 and the home appliance is disclosed on the pop-up menu screen 53. Select the check box and set an access request. As a result, it becomes possible for any user to connect routers to any base, and only designated users can open home devices in a limited manner.

Next, when the setting is completed and the transmission button 54 on the Web screen 52 is pressed, the authentication server 3 automatically transmits an approval request mail to the mobile phone 32 of the user (2) (step S104). For example, the contents shown in the e-mail 55 in the user (2) setting item in FIG. 7 are transmitted.
The mobile phone 32 is used as a management terminal for the private network of the user (2) home.

  The user (2) receiving the approval request e-mail from the authentication server 3 logs in to the authentication server 3 by inputting his Fdn number and password via the Web-IF (step S105). Then, the request from the connection partner user (1) is confirmed on the Web screen (step S106). After confirming the contents, the authentication check box is set to ON (step S107). For example, an Fdn number and a password are input and logged in on the Web screen 56 shown in FIG. 7, and approval / denial of the connection partner is set on the Web screen 57.

  After the setting is completed, the authentication approval mail is automatically transmitted to the mobile phone of the user (1) by pressing the transmission button 58 on the Web screen 57. As a result, the authentication server 3 generates a connection permission list (step S108).

  FIG. 8 is a diagram illustrating an example of user authentication information and a connection permission list held in the authentication server. In FIG. 8, user authentication information 61 is a table in which a user name, password, e-mail address, Fdn number, and COP number (membership number) are registered for each user. This user authentication information 61 is used as authentication information when the user logs in to the authentication server 3. Further, the connection permission list 62 holds correspondence information between the IPv6 address of the home appliance router (1) that is permitted to connect and the IPv6 address of the home appliance router (2) that is the connection destination.

(Explanation of communication procedure after authentication is completed)
When the connection permission list is generated in the authentication server 3 by the above-described processing procedure, the home appliance router (1) and the home appliance router (2) can communicate with each other. In each home appliance router, Processing to generate an address conversion table for the network appliance of the connection partner is performed.

  FIG. 5 is a diagram showing an address conversion table generation procedure in the home appliance router. Hereinafter, the processing procedure will be described with reference to FIG.

  When the connection permission list is generated in the authentication server 3, the IPv6 address of the home appliance router registered in the connection permission list is notified to the connection partner (step S201). That is, the home appliance router (2) is notified of the IPv6 address of the home appliance router (1), and the home appliance router (1) is notified of the IPv6 address of the home appliance router (2).

  Thus, the home appliance router (1) recognizes the IPv6 information on the WAN side of the home appliance router (2) (step S202), and the home appliance router (2) recognizes the IPv6 information on the WAN side of the home appliance router (1). (Step S203).

  Then, the home appliance router (1) converts the IPv4 address of the network home appliance under its control into an IPv6 address and holds it (step S204). Then, the home appliance router (1) notifies the home appliance router (2) of IPv6 information of the subordinate network home appliance.

  When the home appliance router (2) receives the IPv6 address of the network home appliance under the home appliance router (1), the home appliance router (2) performs pseudo conversion to an IPv4 address that does not batting with the network home appliance under the home appliance router (2), and the address conversion table Created and held in the LAN side port (step S205).

  Further, the home appliance router (2) converts the IPv4 address of the network home appliance under its control into an IPv6 address and holds it in the address conversion table (step S206). Further, IPv6 information of network home appliances under the home appliance router (2) is notified to the home appliance router (1).

  The home appliance router (1) receives the IPv6 address of the network home appliance under the home appliance router (2), performs pseudo conversion to an IPv4 address that does not batt with the network home appliance under the home appliance router (1), and creates an address conversion table. To the LAN side port (step S207).

  According to the above-described procedure, the home appliance router (1) and the home appliance router (2) generate address conversion tables, respectively, and the user (1) and the user (2) can access the network appliance of the connection partner using the IPv4 address, respectively. It becomes like this.

  FIG. 6 is a diagram showing a content reproduction procedure, and shows an example in which a user (1) home appliance (A) accesses a user (2) home appliance (1).

  First, in order to access the user (2) home appliance (1) from the user (1) home appliance (A) and reproduce the content, the home appliance (A) is networked with the home appliance router (1) and the IPv4 address. Communication is started (step S301). The home appliance router (1) automatically converts the IPv4 address received from the home appliance (A) into the IPv6 address of the connection partner, and starts network communication with the home appliance router (2) using the IPv6 address (step S302).

  Upon receiving the IPv6 address from the home appliance router (1), the home appliance router (2) automatically converts it to an IPv4 address, and starts communication with the home appliance (1) using the IPv4 address (step S303).

  In the home appliance (1), access from the home appliance (A) at the user (1) home is permitted and content reproduction is started, and communication with the home appliance router (2) is started by the IPv4 address (step S304).

  When the home appliance router (2) receives the IPv4 address from the home appliance (1), the home appliance router (2) automatically converts it to an IPv6 address, and starts network communication with the home appliance router (1) using the IPv6 address (step S305).

  The home appliance router (1) automatically converts the IPv6 address received from the home appliance router (2) into the IPv4 address of the connection partner, and starts network communication with the home appliance (A) using this IPv4 address (step S306). Thereby, in the home appliance (A), the content of the home appliance (1) can be reproduced (step S307).

[Explanation of network appliance discovery and content list acquisition]
Next, a procedure for finding network home appliances connected to a private network and acquiring a content list will be described.
FIG. 9 is a diagram for explaining a procedure for finding network home appliances and acquiring a content list. The processing procedure shown in FIG. 9 is roughly divided into two processes. The first processing procedure is a process for inquiring whether there is a network home appliance that can be communicably connected among the home appliances (A) connected to the home appliance router (2), and the second processing procedure is In this process, the home appliance (A) inquires whether the home appliance (1) has a content list and acquires the content list.

Hereinafter, the processing procedure will be described with reference to FIG.
The home appliance (A) is a network TV, and an inquiry about whether there is a network home appliance under the home appliance router (2) is requested from the network TV to the home appliance router (1) (step S401).

  The home appliance router (1) transfers the packet of the multicast address (239.255.255.250:1900) to the connection destination home appliance router (2) (step S402). That is, unicast communication is performed to the home appliance router (2) by enclosing the multicast address.

  When the home appliance router (2) receives the multicast address packet from the home appliance router (1), it inquires whether there is a network home appliance in the home using the multicast address (step S403). Then, the home appliance (1) such as HDD-Rec (hard disk recorder) responds with an IPv4 address (step S404).

  When the home appliance router (2) receives an IPv4 address response from the home appliance (1), the home appliance router (2) automatically converts the IPv4 address into an IPv6 address, and responds to the home appliance router (1) with the IPv6 address (step S405). The home appliance router (1) automatically converts the IPv6 address response from the home appliance router (2) into an IPv4 address and responds to the home appliance (A) with the IPv4 address (step S406). Thereby, household appliance (A) discovers network household appliance (1) (step S407).

Next, in order to inquire whether the home appliance (A) has a content list in the network home appliance (1), network communication with the home appliance router (1) is started with the pseudo IPv4 address (192.168.0.201) (step S408). .
The home appliance router (1) automatically converts the IPv4 address received from the home appliance (A) into an IPv6 address corresponding to the connection partner, and starts communication with the home appliance router (2) using the IPv6 address (step S409).

  The home appliance router (2) automatically converts the IPv6 address received from the home appliance router (1) into an IPv4 address (192.168.0.40), and starts communication with the home appliance (1) using the IPv4 address (step S410). ). The home appliance (1) sends the content list collected in response to the content list inquiry to the home appliance router (2) (step S411). This content list is sent as an XML file, and is, for example, an XML file 71 in FIG. In the content list, information for specifying content (private network address of home appliance (1) + content name) is described.

  The home appliance router (2) transfers the received content list to the home appliance router (1) as the connection source (step S412). In this case, it automatically converts to the IPv6 address of the home appliance of the connection partner.

  The home appliance router (1) rewrites the XML content address described in the received content list into a pseudo IPv4 address and returns it to the inquiry requesting home appliance (A) (step S413). The rewritten XML file looks like the XML file 72 in the figure. That is, the content list is “virtual private network address of home appliance (1) + content name”.

  In this way, the home appliance (A) succeeds in acquiring the content list held by the home appliance (1) (step S414), and the user (2) can access the home appliance (1) at home to reproduce the content. (Step S415).

FIG. 10 is a diagram illustrating an example of a packet issued for discovery of network home appliances.
First, a packet 81 including a multicast address is transmitted from the home appliance (A) to the home appliance router (1). This packet 81 is an IPv4 address packet, the source IP is the IPv4 address (192.168.0.10) of the home appliance (A), and the destination IP is a multicast address (239.255. 255.250: 1900), accompanied by the MAC address of the transmission source (the MAC of the home appliance (A)) and the destination MAC address.

  The packet 81 is converted into the packet 82 in the home appliance router (1). The packet 82 is an IPv6 address packet, the source IP is the IPv6 address (fe00: 0010) of the home appliance (A), and the destination IP is the address of the port 1900 on the WAN side of the home appliance router (2). This is accompanied by the source MAC address (the MAC address of the home appliance router (1)) and the destination MAC address (the MAC address of the home appliance router (2)).

  The packet 82 is converted into an IPv4 address packet 83 in the home appliance router (2). The packet 83 is an IPv4 address packet, the source IP is a pseudo IPv4 address (192.168.0.201) of the home appliance (A), and the destination IP is a multicast address (239.255. 255.250: 1900), which is accompanied by the MAC address and the destination MAC address of the home appliance router (1) as the transmission source.

  The response packet from the network home appliance (1) is transmitted to the home appliance router (2) as a packet 84 format. The packet 84 is a packet with an IPv4 address, the source IP is the IPv4 address (192.168.0.40) of the home appliance (1), the destination IP is the pseudo IPv4 address (192.168.0.201), This is accompanied by the source MAC address (the MAC address of the home appliance (1)) and the destination MAC address (the MAC address of the home appliance router (2)).

  The home appliance router (2) converts the packet 84 received from the home appliance (1) into a packet 85 having an IPv6 address. The packet 85 is an IPv6 address packet, the source IP is the IPv6 address (fe: 00: 00: 40) of the home appliance (1), and the destination IP is the IPv6 address (fe: 00: 00: home) of the home appliance (A). 10), accompanied by the source MAC address (the MAC address of the home appliance router (2)) and the destination MAC address (the MAC address of the home appliance router (1)).

  In the home appliance router (2), the packet 85 with the IPv6 address is converted into a packet 86 with the IPv4 address. The packet 86 is an IPv4 address packet, the source IP is the pseudo IPv4 address (192.168.0.201) of the home appliance (1), and the destination IP is the IPv4 address (192.168.8.0) of the home appliance (A). 10), accompanied by the MAC address of the home appliance router (2) of the transmission source and the destination MAC address (MAC address of the home appliance (A)).

FIG. 11 is a diagram illustrating an example of a packet issued for acquiring a content list.
First, a packet 91 for acquiring a content list is transmitted from the home appliance (A) to the home appliance router (1). The packet 91 is a packet with an IPv4 address, the source IP is the IPv4 address (192.168.0.10) of the home appliance (A), and the destination IP is the pseudo IPv4 address (192.168.8.0) of the home appliance (1). .201), accompanied by the source MAC address (the MAC address of the home appliance (A)) and the destination MAC address (the MAC address of the home appliance router (1)).

  The packet 91 is converted into the packet 92 in the home appliance router (1). The packet 92 is an IPv6 address packet, the source IP is the IPv6 address (fe00: 0010) of the home appliance (A), and the destination IP is the IPv6 address (fe00: 0040) of the home appliance (1). This is accompanied by the source MAC address (the MAC address of the home appliance router (1)) and the destination MAC address (the MAC address of the home appliance router (2)).

  The packet 92 is converted into an IPv4 address packet 93 in the home appliance router (2). The packet 93 is an IPv4 address packet, the source IP is the pseudo IPv4 address (192.168.0.201) of the home appliance (A), and the destination IP is the IPv4 address (169.168.0) of the home appliance (1). .40), accompanied by the MAC address of the home appliance router (1) as the transmission source and the destination MAC address (the MAC address of the home appliance (1)).

  The response packet from the network home appliance (1) is transmitted as a packet 94 to the home appliance router (2). The packet 94 is a packet with an IPv4 address, the source IP is the IPv4 address (192.168.0.40) of the home appliance (1), and the destination IP is the pseudo IPv4 address (192.168.8.0) of the home appliance (A). .201), accompanied by the source MAC address of the home appliance (1) and the destination MAC address (the MAC address of the home appliance router (2)). The packet 94 includes an XML file 97 as a content list. This XML file 97 includes “http://192.168.0.40/ROOT/HDD/04_PG.MPG” as URL information for reproducing the content.

  The home appliance router (2) converts the packet 94 received from the home appliance (1) into a packet 95 having an IPv6 address. The packet 95 is an IPv6 address packet, the source IP is the IPv6 address (fe: 00: 00: 40) of the home appliance (1), and the destination IP is the IPv6 address (fe: 00: 00: home) of the home appliance (A). 10), accompanied by the source MAC address (the MAC address of the home appliance router (2)) and the destination MAC address (the MAC address of the home appliance router (1)). Also, the XML file is the same as the XML file 97 at this stage, as shown in the XML file 98.

  The home appliance router (1) converts the packet 95 with the IPv6 address into a packet 96 with the IPv4 address. The packet 96 is a packet with an IPv4 address, the source IP is the pseudo IPv4 address (192.168.0.201) of the home appliance (1), and the destination IP is the IPv4 address (192.168.8.0) of the home appliance (A). 10), accompanied by the MAC address of the home appliance router (2) of the transmission source and the destination MAC address (MAC address of the home appliance (A)). In the content list, as shown in the XML file 99, the storage destination address of the content indicated by the URL is converted to a pseudo IPv4 address (192.168.0.201) of the home appliance (1).

  By the packet conversion procedure described above, the home appliance (A) receives the XML file 99 and includes URL information including the pseudo IPv4 address (192.168.0.201) of the home appliance (1) as URL information for reproducing the content. You can get “http://192.168.0.201/ROOT/HDD/04_PG.MPG”. And the household appliance (A) can use this pseudo IPv4 address to access the household appliance (1) and reproduce the content.

[Description of System Configuration Example of Each Unit in Communication System of Present Invention]
Next, system configuration examples of the home appliance router, the authentication server, and the network home appliance described above will be described.
FIG. 12 is a diagram illustrating a system configuration example of the home appliance router and the authentication server. In FIG. 12, only the part directly related to this invention in the household appliance router and an authentication server is shown.

  In the home appliance router (1) 1 shown in FIG. 12, the control unit 101 includes a CPU and is a control unit for performing overall control of each unit in the home appliance router (1). The LAN interface 102 is an interface for communication connection between the home appliance router (1) and the network home appliances (A), (B), and (C) of the subordinate private network through the private network (LAN). The WAN interface 103 is an interface for connecting the home appliance router (1) with the global network (WAN: IPv6 network) 4. The processing program unit 110 is a processing program unit for performing various processes necessary for realizing the function of the home appliance router (1). In this process, the CPU executes a program arranged on the memory. Is realized.

  An address conversion processing unit (address conversion unit) 111 in the processing program unit 110 is a processing unit for performing address conversion between a private network address (IPv4 address) and a global network address (IPv6 address).

  The first address conversion processing unit (first address conversion unit) 112 in the address conversion processing unit 111 is a private network address of the network home appliances (A), (B), (C) connected to its own device. It is a processing unit for converting (IPv4 address) into a global network address (IPv6 address).

  Further, the second address translation processing unit (second address translation means) 113 receives the global network address (IPv6 address) received from the communication partner, the network home appliances (A), (B ) And (C) is a processing unit for converting into an address of the same system as the private network address (IPv4 address) and being converted to an arbitrary virtual private network address (pseudo IPv4 address).

  The address notification processing unit (address notifying unit) 114 has received notification from the authentication server 3 of the converted global network address of the network home appliances (A), (B), and (C) connected to its own device Processing to send to the global network address of the communication partner.

  When the address rewrite processing unit (address rewriting means) 115 relays and forwards the content list returned from the home appliance router of the communication connection partner, the private network address (IPv4 address) of the transmission source described in the content list Is a processing unit for rewriting the virtual private network address (pseudo IPv4 address) of the transmission destination. In addition, the address conversion table 14 and the like are recorded in the storage unit 120.

  In the authentication server 3, the control unit 201 includes a CPU and is a control unit that performs overall control of each unit in the authentication server 3. The WAN interface 202 is an interface for connecting the authentication server 3 to the global network (WAN: IPv6 network) 4. The processing program unit 210 is a processing program unit for performing various processes necessary for realizing the function of the authentication server 3, and the processing here is performed by the CPU executing a program arranged in the memory. It is realized.

  The communication target network designation acceptance processing unit (communication target network designation acceptance unit) 211 in this processing program unit 210 designates the private network to which the communication source network home appliance is connected and the private to which the communication destination network home appliance is connected. Process to accept network designation.

The authentication request processing unit (authentication requesting unit) 212 is a processing unit for making an authentication request to a mobile phone or the like (management terminal) of a private network to which a communication destination network home appliance is connected.
The authentication result determination processing unit (authentication result determination means) 213 performs processing for determining whether or not information indicating communication permission is received as a response to the authentication request from a mobile phone or the like (management terminal).

  When the communication partner notification processing unit (authentication partner notification means) 214 receives information indicating communication permission as a response to the authentication request, the connection partner notification processing unit 214 authenticates the home network router (1) of the private network to which the communication home network home appliance is connected. The process of notifying the global network address of the home appliance router (2) as a communication connection destination and notifying the home appliance router (2) of the global network address of the home appliance router (1) as a communication connection destination Do.

  The database 220 records a user authentication information table 61, a connection permission list 62, and the like.

FIG. 13 is a diagram illustrating a configuration example of a network home appliance. In FIG. 13, only the part directly related to the present invention in the network home appliance (A) is shown.
The control unit 301 in the network home appliance (A) 11 includes a CPU, and is a control unit for overall control of each unit in the network home appliance (A). The LAN interface 302 is an interface for communication connection with the home appliance router (1) through a private network. The processing program unit 310 is a processing program unit for performing various types of processing necessary for realizing the functions of the home appliance (A). In this processing, the CPU executes a program arranged on the memory. Is realized.

  The content list inquiry processing unit 311 in the processing program unit 310 is a processing unit for transmitting inquiry information about whether or not a content list is held to a network home appliance as a communication destination.

  If the content list reply processing unit 312 holds the content list based on the reception of the inquiry information about whether or not the content list is held from the network home appliance of the connection partner, the content list is returned to the network home appliance of the connection partner. A processing unit for replying.

  The storage unit 320 stores its own IPv4 address, MAC address, content list information, and the like.

  Note that the home appliance router (1), the authentication server 3, and the network home appliance (A) 11 shown in FIG. 13 have a computer system inside as described above. A series of processes related to the above-described process is stored in a computer-readable recording medium in the form of a program, and the above-described process is performed by the computer reading and executing this program.

  That is, each processing in the home appliance router (1), the authentication server 3, and the network home appliance (A) is performed by a central processing unit such as a CPU reading the above program into a main storage device such as a ROM or a RAM, This is realized by executing arithmetic processing.

  Here, the computer-readable recording medium means a magnetic disk, a magneto-optical disk, a CD-ROM, a DVD-ROM, a semiconductor memory, or the like. Alternatively, the computer program may be distributed to the computer via a communication line, and the computer that has received the distribution may execute the program.

  As mentioned above, although embodiment of this invention was described, the communication system of this invention is not limited only to the above-mentioned illustration example, A various change can be added in the range which does not deviate from the summary of this invention. Of course.

  In the communication system of the present invention, it is possible to avoid the problem of address batting that occurs when the same private address is duplicated in the private network of the communication source and the private network of the communication partner, and the communication partner Since it is possible to browse and play back what content is held in a network device connected to the private network of the present invention, the present invention provides a communication system for remotely operating network home appliances and a network between a plurality of private networks. This is useful for communication systems that share content held in home appliances.

It is a figure which shows the structural example of the communication system of this invention. It is a figure for demonstrating the method of the connection setting to a household appliance router. It is a figure which shows the example of the address translation of the packet in a household appliance router. It is a figure which shows the procedure of the authentication process in the communication system of this invention. It is a figure which shows the production | generation procedure of the address conversion table in a household appliance router. It is a figure which shows the procedure of content reproduction | regeneration. It is a figure which shows the example of a user setting item screen. It is a figure which shows the example of the user authentication information hold | maintained at an authentication server, and a connection permission list. It is a figure for demonstrating the discovery procedure of a network household appliance, and the acquisition list of a content list. It is a figure which shows the example of the packet issued for the discovery of a network household appliance. It is a figure which shows the example of the packet issued for acquisition of a content list. It is a figure which shows the system configuration example of a household appliance router and an authentication server. It is a figure which shows the system structural example of a network household appliance. It is a figure which shows the structural example of the system which operates the network home appliance in a house from a remote place.

Explanation of symbols

1 Home appliance router (1)
2 Home appliance router (2)
3 Authentication server 4 Global network (WAN)
10, 20 Private network (LAN)
11 Network appliances (A)
12 Network appliances (B)
13 Network home appliances (C)
14 Address conversion table 21 Network home appliances (1)
22 Network appliances (2)
23 Network appliances (3)
31, 32 Mobile phone 41, 42, 43 Packet 51, 52, 53 Web screen 55 E-mail 56, 57 Web screen 61 User authentication information 62 Connection permission list 101 Control unit 102 LAN interface 103 WAN interface 110 Processing program unit 111 Address conversion Processing unit 112 First address conversion processing unit 113 Second address conversion processing unit 114 Address notification processing unit 115 Address rewriting processing unit 120 Storage unit 201 Control unit 202 WAN interface 210 Processing program unit 211 Communication target network designation reception processing unit 212 Authentication request Processing unit 213 Authentication result determination processing unit 214 Connection partner notification processing unit 220 Database 301 Control unit 302 LAN interface 310 Processing program unit 311 Content list Door inquiry processing unit 312 content list reply processing unit 320 storage unit

Claims (6)

A device X connected to one private network and a device Y connected to the other private network are two communication connection control devices connected via a global network, and are connected to the one private network. A communication system connected by communication between the communication connection control device X and the communication connection control device Y connected to the other private network,
The communication connection control device X includes:
A private network address of the device X and a global network address corresponding to the private network address are stored in association with each other, and the global network address of the device Y and the device Y in the private network to which the device X is connected are stored. An address conversion table for storing virtual private network addresses in association with each other;
Holding means for holding the virtual private network address of the device Y as a private network address of the communication connection control device X;
In the communication connection from the device X to the device Y, the communication source address of the communication data in the communication connection is converted from the private network address of the device X to the global network address of the device X, and the communication destination of the communication data The address is converted from the virtual private network address of the device Y to the global network address of the device Y, and in the communication connection from the device Y to the device X, the communication source address of the communication data in the communication connection is changed to the device Y From the global network address of the device Y to the virtual private network address of the device Y, and the communication destination address of the communication data is converted from the global network address of the device X to the private network address of the device X. And address translation means,
With
The communication connection control device Y
The private network address of the device Y and the global network address corresponding to the private network address are stored in association with each other, and the global network address of the device X and the device X in the private network to which the device Y is connected are stored. An address conversion table for storing virtual private network addresses in association with each other;
Holding means for holding the virtual private network address of the device X as a private network address of the communication connection control device Y;
In the communication connection from the device X to the device Y, the communication source address of the communication data in the communication connection is converted from the global network address of the device X to the virtual private network address of the device X, and the communication data communication destination The address is converted from the global network address of the device Y to the private network address of the device Y. In the communication connection from the device Y to the device X, the communication source address of the communication data in the communication connection is changed to the private address of the device Y. Address conversion for converting the network address to the global network address of the device Y and converting the communication destination address of communication data from the virtual private network address of the device X to the global network address of the device X And the stage,
A communication system comprising: An authentication server,
The authentication server
Communication target network designation receiving means for accepting designation of a private network to which the device X as a communication source is connected and designation of a private network to which the device Y as a communication destination is connected;
An authentication request means for making an authentication request to a management terminal of a private network to which the communication destination device Y is connected;
Authentication result determination means for determining whether or not information indicating communication permission is received as a response to the authentication request from the management terminal;
When information indicating communication permission is received as a response to the authentication request, the communication connection as a communication connection partner is connected to the communication connection control device X of the private network to which the communication source device X is connected. A connection partner notifying means for notifying the global network address of the control device Y and notifying the communication connection control device Y of the global network address of the communication connection control device X as a communication connection partner;
With
Each of the communication connection control device X and the communication connection control device Y
First address conversion means for converting a private network address of a device connected under its own device into a global network address based on a predetermined conversion method;
Address notification means for transmitting the global network address after conversion of the devices connected under the own device to the global network address of the communication connection partner notified from the authentication server;
First, a global network address received from the communication partner is converted to an arbitrary virtual private network address that is not used and has an address similar to that of a private network address of a device connected to its own device. 2-address conversion means;
The communication system according to claim 1, further comprising: The communication source device X is:
Content list inquiry means for transmitting inquiry information about whether or not the content list is held to the communication destination device Y,
The communication destination device Y stores at least the private network address of the device Y and the content identification information as the location of each content in the content list based on the reception of the inquiry information about whether or not the content list is held. A content list reply means for returning the content list to the device X,
When the communication connection control device X relays and transfers the content list returned from the device Y to the device X to the device X, the private network address of the device Y described in the content list is The communication system according to claim 1, further comprising: an address rewriting unit that rewrites the virtual private network address of the device Y. A device X connected to one private network and a device Y connected to the other private network are two communication connection control devices connected via a global network, and are connected to the one private network. A network device sharing method in a communication system in which communication connection is established by relay between the communication connection control device X and the communication connection control device Y connected to the other private network,
By the control unit in the communication connection control device X,
A private network address of the device X and a global network address corresponding to the private network address are stored in association with each other, and the global network address of the device Y and the device Y in the private network to which the device X is connected are stored. A procedure for storing an address conversion table for storing virtual private network addresses in association with each other;
A procedure for holding the virtual private network address of the device Y as a private network address of the communication connection control device X;
In the communication connection from the device X to the device Y, the communication source address of the communication data in the communication connection is converted from the private network address of the device X to the global network address of the device X, and the communication destination of the communication data The address is converted from the virtual private network address of the device Y to the global network address of the device Y, and in the communication connection from the device Y to the device X, the communication source address of the communication data in the communication connection is changed to the device Y From the global network address of the device Y to the virtual private network address of the device Y, and the communication destination address of the communication data is converted from the global network address of the device X to the private network address of the device X. And dress conversion procedure,
Is done,
By the control unit in the communication connection control device Y,
The private network address of the device Y and the global network address corresponding to the private network address are stored in association with each other, and the global network address of the device X and the device X in the private network to which the device Y is connected are stored. A procedure for storing an address conversion table for storing virtual private network addresses in association with each other;
A procedure for holding the virtual private network address of the device X as a private network address of the communication connection control device Y;
In the communication connection from the device X to the device Y, the communication source address of the communication data in the communication connection is converted from the global network address of the device X to the virtual private network address of the device X, and the communication data communication destination The address is converted from the global network address of the device Y to the private network address of the device Y. In the communication connection from the device Y to the device X, the communication source address of the communication data in the communication connection is changed to the private address of the device Y. Address conversion for converting the network address to the global network address of the device Y and converting the communication destination address of communication data from the virtual private network address of the device X to the global network address of the device X And order,
A network device sharing method, wherein: An authentication server,
By the control unit in the authentication server,
A communication target network designation acceptance procedure for accepting designation of a private network to which the device X as a communication source is connected and designation of a private network to which the device Y as a communication destination is connected;
An authentication request procedure for making an authentication request to a management terminal of a private network to which the communication destination device Y is connected;
An authentication result determination procedure for determining whether or not information indicating communication permission is received as a response to the authentication request from the management terminal;
When information indicating communication permission is received as a response to the authentication request, the communication connection as a communication connection partner is connected to the communication connection control device X of the private network to which the communication source device X is connected. A connection partner notification procedure for notifying the global network address of the control device Y, and notifying the communication connection control device Y of the global network address of the communication connection control device X as a communication connection partner;
Is done,
By the respective control units of the communication connection control device X and the communication connection control device Y,
A first address conversion procedure for converting a private network address of a device connected to the own device into a global network address based on a predetermined conversion method;
An address notification procedure for transmitting a global network address after conversion of a device connected to the device itself to the global network address of a communication connection partner notified from the authentication server;
First, a global network address received from the communication partner is converted to an arbitrary virtual private network address that is not used and has an address similar to that of a private network address of a device connected to its own device. 2-address conversion procedure;
5. The network device sharing method according to claim 4, wherein: By the control unit in the communication source device X,
A content list inquiry procedure for transmitting inquiry information about whether or not the content list is held to the communication destination device Y is performed,
By the control unit in the destination device Y,
Based on reception of the inquiry information on whether or not the content list is held, the content list has a content list that stores at least the private network address of the device Y and the content identification information as the location of each content. In this case, a content list reply procedure for returning the content list to the device X is performed.
By the control unit in the communication connection control device X,
When the content list returned from the device Y to the device X is relay-transferred to the device X, the private network address of the device Y described in the content list is changed to the virtual private network address of the device Y. 6. The method for sharing a network device according to claim 4, wherein an address rewriting procedure for rewriting is performed.

Images