WO2004081801A1 - 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム - Google Patents
情報処理装置、および情報処理方法、並びにコンピュータ・プログラム Download PDFInfo
- Publication number
- WO2004081801A1 WO2004081801A1 PCT/JP2004/002903 JP2004002903W WO2004081801A1 WO 2004081801 A1 WO2004081801 A1 WO 2004081801A1 JP 2004002903 W JP2004002903 W JP 2004002903W WO 2004081801 A1 WO2004081801 A1 WO 2004081801A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- client
- information
- processing
- information processing
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
- H04L12/2807—Exchanging configuration information on appliance services in a home automation network
- H04L12/2809—Exchanging configuration information on appliance services in a home automation network indicating that an appliance service is present in a home automation network
Definitions
- the present invention relates to an information processing device, an information processing method, and a computer program. Furthermore, in detail, the acquisition of information on information processing devices such as servers connected to an internal network such as a home network is performed by a client connected to an external network via a gateway.
- the present invention relates to an information processing apparatus, an information processing method, and a computer program that enable the processing.
- ft Keigeki With the spread of data communication networks in recent years, the so-called home network, which allows home appliances, computers, and other peripheral devices to be connected to each other within the network and enables communication between devices, is becoming more prevalent. is there.
- a home network provides convenience and comfort to users, such as sharing data processing functions of each device by communicating between network-connected devices and transmitting and receiving content between devices.
- Universal Plug and Play is known as a protocol suitable for such a home network configuration.
- Universal Plug and Play (UP n P) enables a network to be easily constructed without complicated operations. The service provided can be received.
- UP n P also has the advantage that devices can be easily added without depending on the OS (operating system) on the device. Have.
- UPnP exchanges definition files conforming to XML (extensible Markup Language) between kneading machines and performs mutual recognition between the machines.
- XML extensible Markup Language
- the outline of the UPnP processing is as follows.
- a device validation process that searches for devices on the network, receives responses from each device, and obtains information such as device types and functions contained in the responses.
- content can be acquired by a device that has performed the UPnP connection that is the simple device connection configuration described above. If the content is movie data or music data, it is possible to watch movies and listen to music by connecting a TV or player as a network connection device. Access from a connected device to a user who has the right to use content may be allowed, but in the above-described network configuration, a user who does not have the right to use content or the like can easily enter the network. For example, in the case of a network configured by wireless LAN, there is a situation in which a server in a house is illegally entered into the network using communication equipment from the outdoors or from a neighbor, and exploits contents. Can occur.
- a server may hold a list of clients that are allowed to access, and when a client requests access to the server, the server executes the process of collating with the list to perform unauthorized access.
- a configuration that eliminates access has been proposed. For example, MAC address filtering that sets a MAC (Media Access Control 1) address, which is a physical address unique to a network connection device, as an access-permitted device list is known.
- MAC address filtering is a method of registering a MAC address that permits access in advance on a router or gateway that separates an internal network (subnet) such as a home network from an external network, and receives the received packet. It checks the MAC address of the registered MAC address against the registered MAC address, and rejects access from devices with unregistered MAC addresses.
- This type of technology is disclosed, for example, in Patent Document 1 (Japanese Patent Application Laid-Open No. 10-271154).
- Patent Document 1 Japanese Patent Application Laid-Open No. 10-271154
- Such a process can be performed under a predetermined administrator when it is required to construct a secure environment, for example, for a specific company or organization.
- a home network environment it is not practical to require general users to generate and store MAC lists.
- the process of adding a new device frequently occurs.In such a process of adding a device, the user sequentially checks the MAC address of the device and performs registration processing. Doing so would hinder the ease of network construction.
- each server Even if the access authority is correctly determined, in order to obtain information on each server on the internal network connected to the client home network connected to the external network, for example, each server must be accessed individually and sequentially. It is necessary to obtain information.
- the client If the client is connected to the internal network, it performs search processing according to the UPnP described above, that is, multicasts a search request according to UDP (User Datagram Protocol) (HTTPMU: HTTP Multicast). This makes it possible to collectively obtain information from multiple servers, and to easily obtain server information.
- UDP User Datagram Protocol
- HTTPMU HTTP Multicast
- the present invention has been made in view of the above-described problems, and allows a client connected to an external network to easily obtain information of a device such as a server connected to an internal network such as a home network. It is an object of the present invention to provide an information processing device, an information processing method, and a computer program that can be executed securely. According to a first aspect of the present invention,
- An information processing device that executes processing in accordance with a data processing request from an external network connection client at the boundary between an external network and an internal network.
- a data transmitting / receiving unit for transmitting / receiving data via the external network and the internal network
- An information processing apparatus comprising: a server discovery process execution unit that executes a device list generation process to transmit to the client via an external network based on the acquired server information. Further, in one embodiment of the information processing apparatus of the present invention, the server discovery processing execution unit performs a server information acquisition processing on a connection server via an internal network by applying SSDP (Simple Service Discovery Protocol).
- SSDP Simple Service Discovery Protocol
- the server discovery processing execution unit executes the server information acquisition processing of the connection server via the internal network by multicast transmission of the search request via the internal network. Executing the device list based on information received from a server connected to the internal network. Further, in one embodiment of the information processing apparatus of the present invention, the server discovery processing execution unit connects to an external network based on UDP (User Datagram Protocol) packet storage information received from each server connected to the internal network. And a device list to be transmitted to the selected client.
- UDP User Datagram Protocol
- the server discovery processing execution unit encrypts a device list transmitted to a client connected to an external network with a key shared with the client. And transmits the device list to the client as encrypted data.
- the key applied to the encryption of the device list is a cryptographic key acquired by an SSL (Secure Socket Layer) handshake process executed between the client and the information processing apparatus. It is a processing key.
- the information processing apparatus executes server information acquisition processing of a connection server via the internal network according to a UDP (User Datagram Protocol), and executes the external network.
- UDP User Datagram Protocol
- the server discovery processing execution unit includes, in the device list generation processing, access information for each server based on information received from a server connected to an internal network; And a process for generating a device list containing service information that can be provided by each server.
- the information processing apparatus further includes a device authentication processing unit that determines whether or not a client has an access right, and the server discovery processing execution unit includes the device authentication processing unit. It is characterized in that it is configured to execute server discovery processing on condition that the client's access authority is granted in the processing unit.
- the information processing apparatus has a client session ID table in which a client identifier is associated with a session ID as connection identification information with a client, and Characterized in that client identification processing is executed by searching the client session ID table based on the session ID received from the client.
- the information processing apparatus has a function as an application gateway located at a boundary between an external network and an internal network.
- the information processing apparatus has a function as a reverse proxy server located at a boundary between an external network and an internal network.
- a second aspect of the present invention is:
- An information processing method in which an information processing device connected to a boundary between an external network and an internal network executes a process in accordance with a data processing request from a client connected to an external network.
- the server information acquisition processing step includes performing server information acquisition processing on a connection server via an internal network by applying SSDP (Simple Service Discovery Protocol). It is characterized by executing. Further, in one embodiment of the information processing method according to the present invention, the server information acquisition processing step includes the step of acquiring the server information of a connection server via an internal network to the multicast transmission of a search request via the internal network. It is characterized by performing more.
- SSDP Simple Service Discovery Protocol
- the server information acquisition processing step includes receiving UDP (User Datagram Protocol) packet storage information received from each server connected to an internal network, and The generating step includes generating a device list to be transmitted to a client connected to an external network based on the UDP (User Datagram Protocol) packet storage information.
- the step of transmitting the depth list encrypts a device list transmitted to a client connected to an external network with a key shared with the client. Processing is performed, and the device list is transmitted to the client as encrypted data.
- the key applied to the encryption of the device list is a cryptographic process acquired by an SSL (Secure Socket Layer) handshake process executed between the client and the information processing device. It is characterized by being a key.
- the server information acquisition processing step executes the server information acquisition processing of the connection server via the internal network according to UDP (User Datagram Protocol), and In the transmitting step, the device list is transmitted to the client via the external network in accordance with a TCP (Transmission Control Protocol).
- UDP User Datagram Protocol
- the device list generation processing step includes the steps of: accessing information to each server; and accessing each server based on information received from a server connected to the internal network. Servers that can be provided by the server Executing a process of generating a device list including service information. Further, in one embodiment of the information processing method of the present invention, the information processing method further includes determining whether or not the client has an access right. There is a device authentication processing step of determining, and the server information acquisition processing step is executed on condition that a client access right is granted in the device authentication processing step.
- the information processing method further includes a client session ID table in which a client identifier is associated with a session ID as connection identification information with the client.
- a computer program that executes processing in accordance with a data processing request from an external network connection client in an information processing device connected to the boundary between the external network and the internal network.
- the information processing device as an application gateway connected to the boundary between the external network and the internal network receives a request for acquiring information on server connected to the internal network from the external network connection client.
- a device list is generated based on the obtained server information, and transmitted to the client via the external network. Therefore, it is possible to efficiently obtain information on a server connected to the internal network, such as a home network talk by a client connected to the external network.
- the device list is encrypted using the signal processing key acquired by the SSL (Secure Socket Layer) handshake process executed between the client and the information processing device as the application gateway.
- the server information acquisition processing of the connection server via the internal network is executed according to the UDP (User Datagram Protocol), and the device list transmission to the client via the external network is performed by TCP. (Transmission Control Protocol), so that the super information acquisition process can be executed as a process applying SSDP (Simple Service Discovery Protocol) in accordance with the UPnP regulations.
- SSDP Simple Service Discovery Protocol
- the computer program of the present invention is, for example, a storage medium or a communication medium provided in a computer-readable format to a general-purpose computer system capable of executing various program codes, for example, a storage medium such as a CDFD and an MO. It is a computer program that can be provided by a medium or a communication medium such as a network. By providing such a program in a computer-readable format, processing according to the program is realized on a computer system.
- FIG. 1 is a diagram showing an example of a network configuration to which the present invention can be applied.
- FIG. 2 is a diagram illustrating a configuration example of a network connection device.
- FIG. 3 is a diagram showing a server discovery processing sequence by a client connected to an internal network such as a home network.
- FIG. 4 is a sequence diagram illustrating a device registration processing procedure of a client connectable to an external network.
- FIG. 5 is a sequence diagram illustrating a procedure of authentication and content acquisition processing by a client connected to an external network.
- FIG. 1 is a sequence diagram (No. 1).
- FIG. 7 is a sequence diagram (part 2) for explaining an authentication processing procedure of a client kneaded on an external network.
- FIG. 8 is a diagram showing a configuration example of a client identification table generated by the application 'gateway.
- FIG. 9 is a diagram showing a configuration example of a client session ID table generated by the application gateway.
- FIG. 10 is a diagram showing a processing sequence of a device list acquisition request from a client connected to an external network.
- FIG. 11 is a flowchart illustrating a process executed by the application gateway based on reception of a device list acquisition request from a client connected to an external network.
- FIG. 12 is a block diagram illustrating the functional configuration of the application gateway.
- FIG. 13 is a block diagram illustrating the functional configuration of the client.
- FIG. 1 shows a personal network such as a home network 100 built in a specific user's house or the like, that is, an internal network, and includes a personal computer (PC) 101, 102, Various information processing devices, such as a hard disk recorder 103, a TV 104, and a PDA 105, transmit and receive data via the home network 100.
- PC 101, 102, or hard disk recorder 103 as a content providing server
- TV 104, PDA 105 as a client
- the client obtains the contents stored in the server via the network.
- the content is output using the client's display and speaker.
- the home network 100 is a network such as a wired network or a wireless network, and each connected device transmits and receives communication packets such as Ethernet (registered trademark) frames via the network. That is, the client executes a data processing request to the server by transmitting a frame in which the processing request information is stored in the data portion of the Ethernet frame to the server. The server executes the data processing in response to the reception of the processing request frame, stores the result data as a data processing result in the data part of the communication packet as necessary, and transmits the data to each client.
- the network connection device is configured by, for example, a device that supports Universal Plug and Play (UPnP: Universal Plug and Play). Therefore, it is easy to add and delete connected devices to the network. Devices newly connected to the network
- a device validation process that searches for devices on the network, receives responses from each device, and obtains information such as device types and functions contained in the responses.
- a home network 100 is an external network such as the Internet. Connected to network 120. Various information processing devices such as a PC 122, a mobile phone 122 and a portable playback player 123 are also connected to the external network 120. Information processing device in home network 100 and external network 1
- Gateway 110 is installed.
- the application gateway performs communication packet checking and filtering on the access request from the external network at the application layer.
- the application gateway 110 also has a function as a proxy response server of the information processing device connected to the home network 100. That is, the application gateway 110 has a configuration that also has a reverse proxy server function.
- the application gateway 110 is an application that is located between an internal network in a local area such as a home network and an external network outside the local area. It also has a function as a reverse proxy server.
- Various information processing devices such as a PC 122 connected to the external network 120, a mobile phone 122, a portal playback player 123, etc., are connected to the home network 110 via applications and the gateway 110.
- a PC 122 connected to the external network 120
- a mobile phone 122 a portal playback player 123, etc.
- the gateway 110 such as PC 101, 102, hard disk recorder 103, etc., and obtains the contents stored in these devices, and obtains PC 121, portable terminal 122
- the CPU (Central Processing Unit) 201 executes various processes according to programs stored in ROM (Read Only Memory) 202 or HDD (Hard Disk Drive) 204, etc., and performs data processing. Function as communication control processing means.
- a RAM (Random Access Memory) 203 stores programs and data to be executed by the CPU 201 as appropriate.
- the CPU 201, the ROM 202, the RAM 203, and the HDD 204 are interconnected via a bus 205.
- An input / output interface 206 is connected to the bus 205.
- the input / output interface 206 includes, for example, an input constituted by a keyboard, switch, button, mouse, or the like operated by a user.
- Unit 207 is connected to an output unit 208 composed of LCD, CRT, speed, etc.
- a communication unit 209 functioning as a data transmission / reception means, and a removable recording medium 211 such as a magnetic disk, an optical disk, a magneto-optical disk, or a semiconductor memory can be mounted thereon.
- Drive 210 that executes data read or write processing from the drive is connected.
- the configuration shown in FIG. 2 shows the configuration of a general PC as an example of the network connection device shown in FIG. 1.
- the network connection device is not limited to a PC, and as shown in FIG. It can be configured by a portable communication terminal such as a PDA, other various electronic devices, and an information processing device. Therefore, it is possible to have a hardware configuration specific to each device, and execute processing according to the hardware.
- the client executes communication in accordance with the Universal Plug and Play (UPnP) protocol described above, and the client obtains the content from the server.
- UFP Universal Plug and Play
- a client connected to the home network 100 that is, an information processing apparatus that attempts to acquire content from a server, performs a server discovery process as a search for a server on the network, for example, a discovery scan process defined by UPnP.
- service information that can be provided by the server can be obtained from the server.
- FIG 3 shows the server discovery processing sequence by a client connected to the home network 100.
- the client 301 performs server discovery processing via the home network by applying, for example, SSDP (Simple Service Discovery Protocol), which is a network service detection protocol.
- SSDP Simple Service Discovery Protocol
- step S1 the client performs a multicast transmission (HTTPMU: HTTP Multicast) of a search request via the network according to UDP (User Datagram Protocol).
- UDP User Datagram Protocol
- Each of servers 1 and 3 1 1, 2 and 3 1 2, and 3 and 3 13 connected to the home network receives a search request from a client.
- steps S 2, S 3, and S 4 an OK response indicating that the service can be provided is transmitted to the client according to the UDP according to UDP (HTTPU: HTTP Unicast).
- the OK response includes access information for each server, information on services that can be provided, and the like.
- the client Upon receiving the OK response from each server by the above discovery process, the client checks information about the services that can be provided by the server, and then, based on this information, a service request that requests a service from each device. Execute the process. For example, it is possible to execute a content transmission request or the like to the server, acquire the content from the server, and output the content via the display and speaker of the client. '
- An information processing device that attempts to access a server in the home network by kneading with an external network such as the Internet outside the home network.
- (Mopile devices) must perform device registration processing in advance. That is, the mobile device performs device registration processing in accordance with a predetermined sequence with an information processing apparatus including an application gateway in the home network.
- the device registration process requires the user to operate two devices that execute the registration process sequence or to confirm display information such as a password. For example, both devices (a mobile device and an application device) are connected to the home network. —Young gateway. The procedure of device registration processing of a mopile device will be described with reference to FIG. FIG.
- step S11 the user presses a device registration button provided on the client side.
- step S12 the client broadcasts the registration request. This is performed as a multicast transmission according to the UDP (User Datagram Protocol).
- UDP User Datagram Protocol
- the server that has received the registration request transmits a confirmation request to the client in step S13 by multicast.
- Subsequent data transmission / reception processing is executed according to TCP (Transmission Control Protocol).
- TCP Transmission Control Protocol
- the confirmation request response contains the client name.
- the server that has received the confirmation request response displays a message “The one-time password for the client“ ⁇ ”is“ ⁇ ”” to the user in step S15. That is, the one-time password is stored On the display. This password is generated by the server, for example, by random number generation processing.
- the user confirms the one-time password and moves from the server to the client.
- the user who has moved to the client side inputs the one-time password presented to the server side in step S16 from the input means of the client.
- the client sends the input password to the server.
- step S18 the server generates the one-time password presented in step S15 and presented to the user in step S15.
- step S 19 the server notifies the client of the password verification OK / NG. If the password verification is NG, the server cancels the processing. If the password verification is OK, in step S 20, the flow shifts to SSL (Secure Socket Layer) handshake processing for enabling encrypted communication processing.
- SSL Secure Socket Layer
- the server and the client share confidential information that can be used as a key for cryptographic communication, and in subsequent communications, can transmit and receive encrypted data using the shared confidential information.
- the server generates an ID by, for example, random number generation processing.
- the ID preferably has global uniqueness.
- the ID is generated as a bit string of 128 bits or more.
- the ID generated by the server be Server ID: GUID (S).
- GUID means Globally Unique Identifier.
- the server generates the server ID: GUID (S) Is encrypted with the key shared between the server and client by the SSL handshake and sent to the client.
- the client decrypts the received data and obtains a server ID: GU ID (S).
- the client in step S23, the client generates an ID by, for example, random number generation processing.
- the ID preferably has global uniqueness, and is generated, for example, as a bit string of 128 bits or more.
- the ID generated by the client is referred to as client ID: GU ID (C).
- the client encrypts the generated client ID: GUID (C) with a key shared between the server and the client by an SSL handshake, and transmits the encrypted client ID: GUID (C) to the server.
- the server decrypts the received data and obtains the client ID: GU ID (C).
- the client encrypts and stores the server ID: GUID (S) received from the server and the client ID: GU ID (C) generated by the client in the storage device.
- the encryption key for example, identification information unique to the hardware of the own device, that is, a hardware unique ID (Hu id ( ⁇ ) is applied.
- Server ID: GU ID (S) and client ID: GU ID (C ) Is stored in the storage unit as encrypted data.
- the server ID: GU ID (S) and the client ID: GU ID (C) are encrypted by the hardware unique ID (Hu id ( ⁇ )).
- the server stores the client ID received from the client as an encrypted data with increased unauthorized copy and tampering difficulty, that is, as data with tamper resistance.
- the GU ID (C) and the server ID generated by the own device: The GU ID (S) is encrypted and stored in the storage means.
- the identification information unique to the hardware of the own device, that is, the hardware unique ID (H uid (S)) is applied.
- the server ID: GU ID (S) and the client ID: GU 1 D (C) are stored in the storage unit as encrypted data, and the tamper-resistant property that is difficult to copy and falsify is secured.
- the mobile device that can be connected to the external network, the application in the home network, and each server including the gateway have a server ID: GUID (S) and a client ID: GU ID (C ) Will be held as shared secret information (Secret).
- S server ID
- C client ID
- Fig. 5 shows the communication processing sequence between the mobile device connected to the external network and the application's gateway.
- a client is a client connected to an external network
- a server belongs to an internal network such as a home network
- an application gateway exists between the two networks.
- the client connects to the application gateway in step S31.
- the client needs to obtain the IP address and port number of the application gateway to connect to the application gateway.
- the host name set in the application gateway [based on the DNS (Domain Name System) server on the network, or other service servers provided by the ISP (Internet Service Provider)] Obtain the IP address and port number of the application gateway and make the connection.
- DNS Domain Name System
- ISP Internet Service Provider
- the client does not execute the process of explicitly connecting to the application gateway, but uses the host name of the connection server of the internal network, such as the home network to which the application * gateway is connected, to the server. Even when a direct connection is attempted, the client is connected to the application gateway installed between the external network and the internal network based on the gateway setting information set for each server.
- the device authentication sequence described below is executed.
- the connection between the client and the application gateway is a TCP connection with an HTTP keep-alive (HTTPK Aive) that allows transmission and reception of multiple HTTP packets during the connection period.
- HTTPK Aive HTTP keep-alive
- step S32 the client and the application gateway (Secure Socket Layer) nodeshake processing is performed between the routers.
- the client and the application gateway share the secret information (session key) that can be used as a key for cryptographic communication, and share it in subsequent communications. It is possible to send and receive encrypted data using the secret information (session key).
- step S33 a login process is executed as a device authentication process between the client and the application / gateway. Details of the login (Login) process will be described with reference to FIGS.
- the client having the authorized access right executes the device registration processing described above, and shares the server ID: GU ID (S) and the client ID: GU ID (C) with the application gateway. Retained as confidential information (Secret).
- the server ID: GU ID (S) is a server ID generated by the application gateway in the device registration sequence described with reference to FIG.
- Device authentication is based on the mutual recognition that the client and each of the application gateways share secret information (Secret), that is, the server ID: GU ID (S) and the client ID: GU ID (C). This is executed as confirmation processing.
- the application gateway verifies that the client knows the same values as the server ID: GU ID (S) and client ID: GU ID (C) stored in the storage of the gateway.
- the client confirms that the gateway knows the same values as the server ID: GU ID (S) and the client ID: GU ID (C) stored in the client storage unit. Authenticate the gateway.
- the client generates a random number (N once 1). It should be noted that a function such as MD5 can be applied as the hash function.
- the client sends the generated digest (D digest) and random number (N once 1) to the application gateway. Note that if authentication is performed again while the connection is already established between the client and the application gateway and the session continues, the client has the session ID received from the application gateway. Therefore, the client also sends the session ID to the application gateway. In the case of the initial connection, the client does not hold the session ID and sends only the generated digest (Digest) and random number (N once 1) to the application gateway. Data transmitted and received between the client and the application gateway in the mouth login processing sequence shown in FIGS.
- the application gateway stores a client identifier and a table (client identification table) corresponding to Digest-h (Secret) as shown in FIG. 8 in the storage unit.
- the client identification table stores the secret information (Secret), that is, the server ID: GU ID (S), shared with the client during the device registration process described with reference to FIG.
- Client ID Performs hash value calculation processing based on GU ID (C), generates an entry corresponding to the client identifier, and stores it in the storage unit.
- the application gateway generates a server authentication value (Server Authority) according to the following equation.
- Secret GU ID (C)
- the application gateway generates a random number (N once 2).
- the application gateway generates a session ID as connection identification information if the connection with the client is an initial connection and has not received a session ID from the client in step S52, Save in association with the client identifier.
- the application gateway sets an entry in the client session ID template that associates the client identifier with the session ID as shown in Fig. 9 for the client with a continuous connection, and stores it in the storage section. Store.
- Noneel)] received from the application 'Gateway, and the Server Au th' generated by its own device. h (Secret
- the server authentication value [Server Au th h (Secret
- Noncel)] received from the application gateway and Server Auth ' h (Secret
- Secret GU ID (C)
- the game is a gateway. In this case, the client disconnects from the abbreviated gateway. If it is determined that the application is valid, the process proceeds to the next step, that is, step S57 in FIG. In step S57 of FIG. 7, the client determines the client authentication value (C
- a hash value for combined data of Secret GU ID (C)
- GUID (S) and a random number (N once 2) received from the application's gateway is obtained, and this is used as the client authentication value ( C lient Au th).
- step S60 the application sends an authentication result [OK] or [NG] of the client to the client. If [OK], send the session ID together.
- step S61 if the authentication is successful, the client stores the session ID received from the application gateway in the storage unit, and proceeds to the next process (for example, the device list acquisition process in step S34 in FIG. 5). If authentication is unsuccessful, the connection with the application gateway is disconnected.
- the client connected to the external network and the application connected to the internal network such as the home network.
- the authentication process between the gateway and the gateway is completed. Processing such as information acquisition for servers connected to the internal network, access to servers, and content acquisition from servers becomes possible.
- the client and the application gateway share the shared secret information (Secret), that is, the server ID: GU ID (S) and the client ID: GU ID (C). This is executed as a process for mutually confirming that they are sharing the same. That is, the application gateway stores the server ID: GU ID (S) and the client ID: GU ID (C) stored in the storage of the gateway. Verify that the client knows the same value as, and authenticate the client subject to this confirmation.
- the client confirms that the gateway knows the same values as the server ID: GUID (S) and the client ID: GUID (C) stored in the storage unit of the client. Authenticate the tow. In this manner, mutual authentication processing is performed, and subsequent processing can be performed on condition that mutual reliability is ensured.
- the client can connect to the internal network connected to the application gateway, such as the home network.
- the process proceeds to a process of acquiring server information in the server. If the client is connected to the home network, this device information acquisition process is performed by SSDP (Simple Service Discovery Protocol), which is a network service detection protocol, as described earlier with reference to Fig. 3.
- SSDP Simple Service Discovery Protocol
- UDP User Datagram Protocol
- HTTP Multicast HyperText Transfer Protocol
- the server information could be obtained by receiving the OK response according to the UDP, but the client who was trained on the external network and was communicating with the application gateway was able to perform the same multicasting of UDP packets as described above. Since it is not possible to execute transmission to obtain server information in the home network, the new definition command is sent from the client to the application gateway using a new definition command, and the application. A performs server discovery processing in the home network according to processing applying SSDP (Simple Service Discovery Protocol) based on the received command, and transmits the server information acquired by the application gateway to the client as a result. I do. In step S34 shown in FIG.
- SSDP Simple Service Discovery Protocol
- the client sends a device definition acquisition command (Get Device List) as a newly defined command to the application gateway, and the client sends the device list acquisition command to the application gateway.
- the server executes the server discovery processing in the home network according to the processing to which SSDP (Simple Service Discovery Protocol) is applied, and the server obtains the server information obtained as the SSDP processing result in step S35. That is, the device list is transmitted to the client.
- the device list includes information on access to the server and information on services that can be provided by the server.
- a device list acquisition (Get Device List) processing sequence executed as server information acquisition processing by a client connected to the external network will be described with reference to FIG. In FIG.
- a client is a client connected to an external network
- a server is on an internal network such as a home network, and exists between an application and a gateway mobile network. It is assumed that the mouth login process described above has been executed between the client and the application gateway, and mutual authentication has been established and reliability has been guaranteed.
- the client transmits a new definition command to the application gateway, that is, a device list acquisition [GetDevicelist] request command as server information.
- the application gateway Upon receiving the device list acquisition [GetDeviceList] request command, the application gateway executes a client confirmation process, and then executes a device list acquisition process in step S72.
- step S101 when the application gateway receives a device list acquisition [Get Devicelist] request command from the client, the application gateway first determines whether or not the client is a client that has been authenticated by the login process. Is determined.
- a client registered in the client session ID table that associates a client identifier and a session ID described with reference to FIG. 9 is a client that has been successfully authenticated by mouth login processing, and a client that has not been registered. Since the client has not been authenticated by the login process, the continuation of the process is stopped, an error message is sent to the client in step S106, and the connection with the client is made in step S107. Disconnect the connection and end the process.
- a device list acquisition process is performed.
- the acquisition of the depth list is executed as a process to which UPnP SSDP (Simple Service Discovery Protocol) is applied. That is, the application gateway executes server discovery processing on an internal network such as a home network to which the application gateway is connected, and receives server information from each server. This allows search requests over the network to be sent to the application 'gateway' according to the User Datagram Protocol (UDP).
- UDP User Datagram Protocol
- HTT PMU HTT PMU Multicast
- the application gateway determines whether or not acquisition of the device list was successful. If the acquisition process failed, in step S108, an error message for acquiring the device list is displayed. Message to the client. If the acquisition of the device list is successful, the flow advances to step S105 to transmit the acquired device list to the client.
- the application gateway generates a TCP packet that stores the service information that can be provided by the server received from each server using a UDP packet in the home network as a TCP packet payload and sends it to the client. .
- the transmission data of this device list is decrypted by the secret information (encryption key) shared with the client in the above-described SSL handshake processing and transmitted.
- the device list includes access information to the server and service information that can be provided by the server.
- the application gateway receives the OK response indicating that the service received from the server 1, server 2, or server 3 in the home network can be provided, and the server can provide the service. Encrypt a device list containing information about the service and send it to the client.
- the client that has received the OK response from each server via the application gateway receives the secret information (encryption key) shared with the application gateway in the SSL handshake processing described above.
- a service request process for requesting a service from the server is executed based on the information. For example, it becomes possible to execute a content transmission request or the like to the server, acquire the content, and output the content via the display and speaker of the client.
- the application gateway If the application gateway has already obtained the server information before receiving the Get Device List request command from the client, the application gateway obtains the device list from the client. Get Dev evicelist] request After receiving the command, the server information that has been stored may be sent to the client without performing new server discovery processing.
- a client who has a legitimate access right connected to the external network can use the application gateway to transmit exactly the same information as server information based on SSDP (Simple Service Discovery Protocol) applied in UPnP. Therefore, it is possible to execute a service request to the server in the same environment as the client in the home network.
- the client that has acquired the device list issues a content acquisition request to the server in step S36 shown in FIG.
- the content acquisition processing for the server can be executed, for example, as a transmission processing of an HTTP (Hyper Text Transfer Protocol) GET method request specifying the URL of the content included in the acquired server information.
- HTTP Hyper Text Transfer Protocol
- the gateway Upon receiving the packet from the client, the gateway establishes a new connection to the device's I address and port number written in the HOS ⁇ header value of the received packet, and sets a new connection. Relay without changing the contents of the packet.
- communication between a client connected to an external network and a server connected to an internal network and service provision from the server to the client can be performed without changing the protocol used conventionally.
- the server receives the content request, the server obtains the specified content from its storage means and sends it to the client. The content is sent to the client via the application gateway (steps S38, S39). The client can play back the content received from the server via the client's display and speakers.
- the processing executed by the CPU is, for example, in the application gateway, a request from the client is input, input information is analyzed, device registration processing based on the analysis result, device authentication processing (login processing), server discovery processing according to SSDP
- Processing on the client side includes information analysis processing received from the application gateway, generation of buckets for transmission and reception to and from the application gateway, analysis processing, device registration processing, device authentication, authentication processing, message output, and analysis of user input information. Processing, content playback processing, etc.
- FIG. 12 is a block diagram illustrating the main functional configuration of the application gateway
- FIG. 13 is a block diagram illustrating the main functional configuration of the client.
- the data transmission / reception processing unit 501 executes packet transmission / reception processing for the client and the server.
- the data transmission / reception processing unit 501 performs transmission packet generation processing and received packet analysis processing.
- the data input unit 502 inputs input information from input means such as a keyboard and a switch to each processing unit.
- the data output unit 503 executes a process of outputting the output signals of the various processing units in response to the display speed as an external output unit.
- the device registration processing unit 504 executes a series of processing sequences based on a device registration request from a client. In the sequence described with reference to FIG. 4, the processing on the application gateway side is executed in accordance with the device registration processing program 521 stored in the program storage unit 507. It should be noted that the device registration processing section 504 has a password generation determination section 5111 and executes a password generation and collation processing.
- the device authentication processing unit 505 executes a device authentication process when receiving a connection processing request from a client connected to the external network.
- the processing on the gateway is executed in accordance with the device authentication processing program 522 stored in the program storage unit 507.
- SSL Secure Socket Layer
- the server discovery process execution unit 506 executes a process of executing a server discovery process according to SSDP and transmitting a server list acquired to the client, based on a device list request from the client.
- the processing on the application gateway side described with reference to FIGS. 10 and 11 is executed in accordance with the server discovery processing execution program 523 stored in the program storage unit 507.
- the program storage unit 507 stores programs to be executed in the respective processing units, that is, a device registration process program 521, a device authentication process program 522, and a server discovery process execution program 523.
- the client identification table 532 (see Fig. 8) generated during the device registration process with the client, and the mutual authentication with the client is established and the client
- the client session ID table 533 (see Fig. 9) for identifying the session for which a trust relationship has been established for each client is stored.
- the block diagram shown in FIG. 12 is a function block diagram mainly showing a function for executing a process related to the present invention from various processes executed by the application gateway. 'The gateway holds various processing programs in addition to the above, and executes various processing according to each processing program.
- the data transmission / reception processing unit 6001 executes bucket transmission / reception processing for the application gateway and the server.
- the data transmission / reception processing unit 6001 performs transmission bucket generation processing and reception packet V analysis processing. This includes packet address setting, address recognition, data storage in the data section, and data acquisition processing from the data section.
- the data input unit 602 inputs input information from input means such as a keyboard and a switch to each processing unit.
- the data output unit 603 executes a process of outputting the output signals of the various processing units in response to the display speed as an external output unit.
- the device registration processing unit 604 executes a device registration process sequence executed between the application, the gateway, and other devices. During the processing described with reference to FIG. 4, the processing on the client side is executed according to the device registration processing program 621 stored in the program storage unit 607.
- the device authentication processing unit 605 executes device authentication processing when a client connected to the external network connects to the application gateway.
- the client-side processing in the device authentication process (login) described with reference to FIGS. 5 to 7 is executed according to the device authentication processing program 622 stored in the program storage unit 607. It also performs SSL (Secure Socket Layer) handshake processing as encryption key sharing processing.
- SSL Secure Socket Layer
- the device list request processing execution section 606 issues a device list request to the application gateway and executes a device list acquisition process. During the processing described with reference to FIG. 10, the processing on the client side is executed in accordance with the device list request processing execution program 623 stored in the program storage section 607.
- the program storage unit 607 stores programs to be executed in each of the above processing units, that is, a device registration processing program 621, a device authentication processing program 622, and a device list request processing execution program 623. .
- the block diagram shown in FIG. 13 is a function block diagram mainly showing a function for executing a process related to the present invention from various processes executed by the client. Also, various processing programs are held and various processings are executed according to each processing program. The present invention has been described in detail with reference to the specific embodiments.
- the program can be stored on removable storage media such as flexi-puno disk, CD-ROM (Compact Disk Read Only Memory), MO (Magneto optical) disk, DVD (Digital Versatile Disk), magnetic disk, and semiconductor memory. It can be stored (recorded) temporarily or permanently.
- a removable storage medium can be provided as so-called package software.
- the program can be installed on the computer from the removable storage medium as described above, or transmitted wirelessly from a download site card to the computer, or via a network such as a LAN (Local Area Network) or the Internet. Then, the computer can receive the transferred program and install it on a recording medium such as a built-in hard disk.
- a system is a logical set configuration of a plurality of devices, and is not limited to a device in which each component is in the same housing.
- INDUSTRIAL APPLICABILITY As described above, according to the present invention, an information processing apparatus as an application 'gateway' connected to a boundary between an external network and an internal network is connected to the internal network. The server information acquisition processing of the connection server via the internal network is executed on condition that the server information acquisition request is received from the external network connection client, and based on the acquired server information.
- the Device list and send it to the client via the external network, so that clients connected to the external network can efficiently obtain information on servers connected to the internal network such as the home network. It becomes. Further, according to the configuration of the present invention, the device list is encrypted using the encryption processing key obtained by the SSL (Secure Socket Layer) handshake process executed between the client and the information processing device as the application gateway. Since it is configured to transmit data to the client, secure data transmission is possible even when data communication is required via a communication path such as the Internet where there is a risk of eavesdropping.
- SSL Secure Socket Layer
- the server information acquisition processing of the connection server via the internal network is executed according to the UDP (User Datagram Protocol), and the device list transmission to the client via the external network is performed by TCP.
- TCP Transmission Control Protocol
- the server information acquisition process can be executed as a process applying SSDP (Simple Service Discovery Protocol) in accordance with the UPnP regulations.
- SSDP Simple Service Discovery Protocol
- the device list acquisition and transmission are performed on condition that the client access right is granted in the device authentication process for determining whether the client has the access right.
- the process of acquiring a device list from an unauthorized client having no access authority is prevented.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2004800038450A CN1748207B (zh) | 2003-03-10 | 2004-03-05 | 信息处理装置、信息处理方法 |
EP04717870A EP1603047A4 (en) | 2003-03-10 | 2004-03-05 | INFORMATION PROCESSING DEVICE AND METHOD, AND COMPUTER PROGRAM |
US10/546,822 US7870261B2 (en) | 2003-03-10 | 2004-03-05 | Information processing device, an information processing method, and a computer program to securely connect clients on an external network to devices within an internal network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-063019 | 2003-03-10 | ||
JP2003063019A JP2004272632A (ja) | 2003-03-10 | 2003-03-10 | 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004081801A1 true WO2004081801A1 (ja) | 2004-09-23 |
Family
ID=32984418
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/002903 WO2004081801A1 (ja) | 2003-03-10 | 2004-03-05 | 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム |
Country Status (6)
Country | Link |
---|---|
US (1) | US7870261B2 (ja) |
EP (1) | EP1603047A4 (ja) |
JP (1) | JP2004272632A (ja) |
KR (1) | KR101038612B1 (ja) |
CN (1) | CN1748207B (ja) |
WO (1) | WO2004081801A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8775791B2 (en) | 2005-04-18 | 2014-07-08 | Blackberry Limited | System and method for secure messaging between wireless device and application gateway |
Families Citing this family (66)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020002039A1 (en) | 1998-06-12 | 2002-01-03 | Safi Qureshey | Network-enabled audio device |
US20050240758A1 (en) * | 2004-03-31 | 2005-10-27 | Lord Christopher J | Controlling devices on an internal network from an external network |
US8028038B2 (en) | 2004-05-05 | 2011-09-27 | Dryden Enterprises, Llc | Obtaining a playlist based on user profile matching |
US9826046B2 (en) * | 2004-05-05 | 2017-11-21 | Black Hills Media, Llc | Device discovery for digital entertainment network |
US8028323B2 (en) * | 2004-05-05 | 2011-09-27 | Dryden Enterprises, Llc | Method and system for employing a first device to direct a networked audio device to obtain a media item |
US7830826B2 (en) * | 2004-07-01 | 2010-11-09 | Nokia Corporation | Multicast relay for mobile devices |
US20060041596A1 (en) * | 2004-08-19 | 2006-02-23 | Vlad Stirbu | Caching directory server data for controlling the disposition of multimedia data on a network |
CN101048766A (zh) * | 2004-10-27 | 2007-10-03 | 诺基亚公司 | 控制存储器设备的操作 |
KR101075676B1 (ko) * | 2004-11-20 | 2011-10-21 | 삼성전자주식회사 | 이동통신 단말기에 소프트웨어를 설치하는 장치 및 방법 |
FR2879385A1 (fr) * | 2004-12-09 | 2006-06-16 | Thomson Licensing Sa | Methode d'agregation de decouverte de service dans un reseau local et appareil implementant la methode |
US20060168126A1 (en) * | 2004-12-21 | 2006-07-27 | Jose Costa-Requena | Aggregated content listing for ad-hoc peer to peer networks |
US7881289B1 (en) * | 2004-12-22 | 2011-02-01 | At&T Intellectual Property Ii, L.P. | Method and apparatus for porting telephone numbers of endpoint devices |
JP2006227843A (ja) | 2005-02-16 | 2006-08-31 | Sony Corp | コンテンツ情報管理システム、コンテンツ情報管理装置及びコンテンツ情報管理方法、並びにコンピュータ・プログラム |
US9438683B2 (en) * | 2005-04-04 | 2016-09-06 | Aol Inc. | Router-host logging |
US8316416B2 (en) | 2005-04-04 | 2012-11-20 | Research In Motion Limited | Securely using a display to exchange information |
US7856504B2 (en) | 2005-05-11 | 2010-12-21 | Sony Corporation | Server device, inter-server device connection method, program, and recording medium |
JP2007060066A (ja) * | 2005-08-23 | 2007-03-08 | Toshiba Corp | コンテンツデータ配信方法、並びにコンテンツデータ配信システム及びこれに用いられる携帯端末。 |
US7698061B2 (en) | 2005-09-23 | 2010-04-13 | Scenera Technologies, Llc | System and method for selecting and presenting a route to a user |
KR100694155B1 (ko) * | 2005-10-12 | 2007-03-12 | 삼성전자주식회사 | 웹서비스를 통해 홈 네트워크 기기의 서비스를 홈 네트워크외부에 제공하는 방법 및 장치 |
EP1955489A2 (en) * | 2005-12-02 | 2008-08-13 | Nokia Corporation | System and method for using web syndication protocols as an out-of-band upnp service discovery system |
US7783771B2 (en) * | 2005-12-20 | 2010-08-24 | Sony Ericsson Mobile Communications Ab | Network communication device for universal plug and play and internet multimedia subsystems networks |
KR100739781B1 (ko) | 2005-12-27 | 2007-07-13 | 삼성전자주식회사 | 무선 디바이스 그룹 별로 메시지를 전송하는 방법 및 장치 |
US7330882B2 (en) * | 2005-12-28 | 2008-02-12 | Matsushita Electric Works, Ltd. | Systems and methods for discovering and interacting with services |
US20070254634A1 (en) * | 2006-04-27 | 2007-11-01 | Jose Costa-Requena | Configuring a local network device using a wireless provider network |
US8670566B2 (en) * | 2006-05-12 | 2014-03-11 | Blackberry Limited | System and method for exchanging encryption keys between a mobile device and a peripheral output device |
US8005223B2 (en) | 2006-05-12 | 2011-08-23 | Research In Motion Limited | System and method for exchanging encryption keys between a mobile device and a peripheral device |
US20090129301A1 (en) * | 2007-11-15 | 2009-05-21 | Nokia Corporation And Recordation | Configuring a user device to remotely access a private network |
US8270937B2 (en) * | 2007-12-17 | 2012-09-18 | Kota Enterprises, Llc | Low-threat response service for mobile device users |
US8024431B2 (en) | 2007-12-21 | 2011-09-20 | Domingo Enterprises, Llc | System and method for identifying transient friends |
US8010601B2 (en) | 2007-12-21 | 2011-08-30 | Waldeck Technology, Llc | Contiguous location-based user networks |
US8725740B2 (en) | 2008-03-24 | 2014-05-13 | Napo Enterprises, Llc | Active playlist having dynamic media item groups |
KR101013104B1 (ko) * | 2008-06-18 | 2011-02-14 | 은재형 | 애플리케이션의 수정 및 변경 없는 오픈망 및 폐쇄망용 스토리지 기반 실시간 중계 인터페이스 시스템 |
US8977710B2 (en) * | 2008-06-18 | 2015-03-10 | Qualcomm, Incorporated | Remote selection and authorization of collected media transmission |
US7948887B2 (en) | 2008-06-24 | 2011-05-24 | Microsoft Corporation | Network bandwidth measurement |
US8307093B2 (en) * | 2008-06-25 | 2012-11-06 | Microsoft Corporation | Remote access between UPnP devices |
US20100017261A1 (en) * | 2008-07-17 | 2010-01-21 | Kota Enterprises, Llc | Expert system and service for location-based content influence for narrowcast |
US8504073B2 (en) | 2008-08-12 | 2013-08-06 | Teaneck Enterprises, Llc | Customized content delivery through the use of arbitrary geographic shapes |
US7996496B2 (en) * | 2008-08-29 | 2011-08-09 | Sony Ericsson Mobile Communications Ab | Remote user interface in multiphone environment |
CN101729496B (zh) * | 2008-10-10 | 2012-10-24 | 纬创资通股份有限公司 | 通用即插即用控制系统及其应用 |
US7921223B2 (en) | 2008-12-08 | 2011-04-05 | Lemi Technology, Llc | Protected distribution and location based aggregation service |
US20120047087A1 (en) | 2009-03-25 | 2012-02-23 | Waldeck Technology Llc | Smart encounters |
US9203831B2 (en) * | 2009-11-25 | 2015-12-01 | Red Hat, Inc. | SSL client authentication |
JP5528124B2 (ja) * | 2010-01-06 | 2014-06-25 | キヤノン株式会社 | デバイス検索装置、デバイス検索方法並びにプログラム |
US8925042B2 (en) | 2010-04-30 | 2014-12-30 | T-Mobile Usa, Inc. | Connecting devices to an existing secure wireless network |
US8340637B2 (en) * | 2010-04-30 | 2012-12-25 | T-Mobile Usa, Inc. | Securely establishing presence on telecommunication devices |
US8527417B2 (en) * | 2010-07-12 | 2013-09-03 | Mastercard International Incorporated | Methods and systems for authenticating an identity of a payer in a financial transaction |
CN101923616A (zh) * | 2010-08-03 | 2010-12-22 | 鸿富锦精密工业(深圳)有限公司 | 版权保护中的服务提供装置、用户终端及版权保护方法 |
CN102724050A (zh) * | 2011-03-30 | 2012-10-10 | 华为终端有限公司 | 设备管理系统中对网关进行初始化的方法及装置 |
CN103051593B (zh) * | 2011-10-12 | 2016-09-14 | 国民技术股份有限公司 | 一种数据安全摆渡的方法及系统 |
US9838157B2 (en) * | 2012-11-28 | 2017-12-05 | Sony Corporation | Receiver for receiving data in a broadcast system using redundancy data |
US9692630B2 (en) * | 2012-11-28 | 2017-06-27 | Sony Corporation | Receiver for receiving data in a broadcast system |
US9755781B2 (en) | 2012-11-28 | 2017-09-05 | Sony Corporation | Broadcast system and method for error correction using redundant data |
KR101906449B1 (ko) * | 2012-12-10 | 2018-10-10 | 삼성전자주식회사 | 홈 네트워크 시스템에서 홈 디바이스 및 외부 서버간의 접속 제어 방법 및 장치 |
US9729514B2 (en) * | 2013-03-22 | 2017-08-08 | Robert K Lemaster | Method and system of a secure access gateway |
NL2010823C2 (en) * | 2013-05-17 | 2014-11-24 | Insite Innovations And Properties B V | System and method for processing web-browsing information. |
US20150281376A1 (en) * | 2014-04-01 | 2015-10-01 | Palo Alto Research Center Incorporated | System and method for device registration and discovery in content-centric networks |
US9628850B2 (en) * | 2014-05-30 | 2017-04-18 | Lg Electronics Inc. | Server, home device access server, terminal, and home device remote control system including the same |
US10069814B2 (en) * | 2014-10-28 | 2018-09-04 | Ca, Inc. | Single sign on across multiple devices using a unique machine identification |
JP6223380B2 (ja) * | 2015-04-03 | 2017-11-01 | 三菱電機ビルテクノサービス株式会社 | 中継装置及びプログラム |
JP6249995B2 (ja) * | 2015-06-30 | 2017-12-20 | キヤノン株式会社 | 情報処理装置、情報処理システム、情報処理装置の制御方法、及び、プログラム |
KR102442428B1 (ko) | 2015-09-24 | 2022-09-14 | 삼성전자주식회사 | 다바이스의 액세스 토큰 발급 방법 및 이를 지원하는 장치 |
US10523635B2 (en) * | 2016-06-17 | 2019-12-31 | Assured Information Security, Inc. | Filtering outbound network traffic |
JP6813773B2 (ja) * | 2016-10-17 | 2021-01-13 | 富士通株式会社 | データ収集プログラム、データ収集システム及びデータ収集方法 |
US11012528B2 (en) * | 2018-06-29 | 2021-05-18 | Sling Media Pvt Ltd | Locating network servers using media access control (MAC) addresses |
US11863673B1 (en) * | 2019-12-17 | 2024-01-02 | APPDIRECT, Inc. | White-labeled data connections for multi-tenant cloud platforms |
US11671419B2 (en) | 2020-09-30 | 2023-06-06 | APPDIRECT, Inc. | Multi-cloud data connections for white-labeled platforms |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002149516A (ja) * | 2000-11-10 | 2002-05-24 | Sharp Corp | 情報処理システムおよび方法、サービス情報収集機器ならびに情報処理方法のプログラムを記録したコンピュータ読取可能な記録媒体 |
JP2002229878A (ja) * | 2001-01-31 | 2002-08-16 | Canon Inc | リモートコピーシステム及びマルチファンクションシステム |
JP2002247668A (ja) * | 2001-02-16 | 2002-08-30 | Tomoo Sumi | 制御装置および制御プログラム受信方法 |
JP2003501765A (ja) * | 1999-06-02 | 2003-01-14 | トムソン ライセンシング ソシエテ アノニム | HAVi部分ネットワークおよびUPnP部分ネットワークを橋渡しする方法および該方法を実行する装置 |
JP2003030072A (ja) * | 2001-07-18 | 2003-01-31 | Matsushita Electric Ind Co Ltd | 遠隔制御代理方法および遠隔制御代理装置 |
JP2003046535A (ja) * | 2001-05-24 | 2003-02-14 | Sony Corp | 情報処理装置および方法、記録媒体、並びにプログラム |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7047408B1 (en) * | 2000-03-17 | 2006-05-16 | Lucent Technologies Inc. | Secure mutual network authentication and key exchange protocol |
US7149803B2 (en) * | 2000-06-08 | 2006-12-12 | At&T Corp. | Method for content distribution in a network supporting a security protocol |
AU2000256423A1 (en) * | 2000-06-28 | 2002-01-08 | Microsoft Corporation | Remoting general purpose operating system services via a peer networking device control protocol |
JP2002044765A (ja) | 2000-07-28 | 2002-02-08 | Matsushita Electric Ind Co Ltd | 遠隔制御システムとゲートウェイ装置 |
US7080147B2 (en) * | 2000-09-04 | 2006-07-18 | International Business Machines Corporation | Computer network system, computer system, method for communication between computer systems, method for measuring computer system performance, and storage medium |
JP2002094531A (ja) | 2000-09-20 | 2002-03-29 | Casio Comput Co Ltd | ネットワーク上のデバイス情報取得方法、ネットワーク上のデバイス情報取得装置及び記録媒体 |
US6924727B2 (en) * | 2000-09-27 | 2005-08-02 | Ntt Docomo, Inc. | Method for remote control of home-located electronic devices and a management facility |
JP2002186069A (ja) | 2000-12-12 | 2002-06-28 | Matsushita Electric Ind Co Ltd | 機器制御システムおよび機器制御契約方法 |
JP2002252882A (ja) * | 2001-02-23 | 2002-09-06 | Sanyo Electric Co Ltd | リモート操作システム |
US7065587B2 (en) | 2001-04-02 | 2006-06-20 | Microsoft Corporation | Peer-to-peer name resolution protocol (PNRP) and multilevel cache for use therewith |
US7350076B1 (en) * | 2001-05-16 | 2008-03-25 | 3Com Corporation | Scheme for device and user authentication with key distribution in a wireless network |
US7516440B2 (en) * | 2001-10-18 | 2009-04-07 | Bea Systems, Inc. | System and method for providing a java interface to an application view component |
US20030093680A1 (en) * | 2001-11-13 | 2003-05-15 | International Business Machines Corporation | Methods, apparatus and computer programs performing a mutual challenge-response authentication protocol using operating system capabilities |
US20030135507A1 (en) * | 2002-01-17 | 2003-07-17 | International Business Machines Corporation | System and method for managing and securing meta data using central repository |
JP4487490B2 (ja) * | 2003-03-10 | 2010-06-23 | ソニー株式会社 | 情報処理装置、およびアクセス制御処理方法、情報処理方法、並びにコンピュータ・プログラム |
-
2003
- 2003-03-10 JP JP2003063019A patent/JP2004272632A/ja active Pending
-
2004
- 2004-03-05 WO PCT/JP2004/002903 patent/WO2004081801A1/ja active Application Filing
- 2004-03-05 EP EP04717870A patent/EP1603047A4/en not_active Withdrawn
- 2004-03-05 KR KR1020057016744A patent/KR101038612B1/ko not_active IP Right Cessation
- 2004-03-05 CN CN2004800038450A patent/CN1748207B/zh not_active Expired - Fee Related
- 2004-03-05 US US10/546,822 patent/US7870261B2/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003501765A (ja) * | 1999-06-02 | 2003-01-14 | トムソン ライセンシング ソシエテ アノニム | HAVi部分ネットワークおよびUPnP部分ネットワークを橋渡しする方法および該方法を実行する装置 |
JP2002149516A (ja) * | 2000-11-10 | 2002-05-24 | Sharp Corp | 情報処理システムおよび方法、サービス情報収集機器ならびに情報処理方法のプログラムを記録したコンピュータ読取可能な記録媒体 |
JP2002229878A (ja) * | 2001-01-31 | 2002-08-16 | Canon Inc | リモートコピーシステム及びマルチファンクションシステム |
JP2002247668A (ja) * | 2001-02-16 | 2002-08-30 | Tomoo Sumi | 制御装置および制御プログラム受信方法 |
JP2003046535A (ja) * | 2001-05-24 | 2003-02-14 | Sony Corp | 情報処理装置および方法、記録媒体、並びにプログラム |
JP2003030072A (ja) * | 2001-07-18 | 2003-01-31 | Matsushita Electric Ind Co Ltd | 遠隔制御代理方法および遠隔制御代理装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP1603047A4 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8775791B2 (en) | 2005-04-18 | 2014-07-08 | Blackberry Limited | System and method for secure messaging between wireless device and application gateway |
Also Published As
Publication number | Publication date |
---|---|
US20060168264A1 (en) | 2006-07-27 |
US7870261B2 (en) | 2011-01-11 |
CN1748207A (zh) | 2006-03-15 |
CN1748207B (zh) | 2010-05-26 |
EP1603047A1 (en) | 2005-12-07 |
EP1603047A4 (en) | 2011-06-15 |
KR20050117543A (ko) | 2005-12-14 |
JP2004272632A (ja) | 2004-09-30 |
KR101038612B1 (ko) | 2011-06-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4487490B2 (ja) | 情報処理装置、およびアクセス制御処理方法、情報処理方法、並びにコンピュータ・プログラム | |
KR101038612B1 (ko) | 정보 처리 장치, 및 정보 처리 방법 | |
CA2774648C (en) | Modular device authentication framework | |
KR101031168B1 (ko) | 정보 처리 장치 및 액세스 제어 처리 방법 | |
KR101019974B1 (ko) | 기기 인증 장치, 기기 인증 방법, 및 정보 처리 장치, 정보 처리 방법, 및 컴퓨터로 읽을 수 있는 매체 | |
US7882356B2 (en) | UPnP authentication and authorization | |
KR100593768B1 (ko) | 콘텐츠 송신 장치, 콘텐츠 수신 장치 및 콘텐츠 전송 방법 | |
US7600113B2 (en) | Secure network channel | |
US20070022195A1 (en) | Information communication system, information communication apparatus and method, and computer program | |
US20070254630A1 (en) | Methods, devices and modules for secure remote access to home networks | |
KR20050083956A (ko) | 정보 처리 장치, 서버 클라이언트 시스템, 및 방법, 및컴퓨터·프로그램 | |
US20180262352A1 (en) | Secure Authentication of Remote Equipment | |
US20150229616A1 (en) | Home network controlling apparatus and method to obtain encrypted control information | |
JP3833652B2 (ja) | ネットワークシステム、サーバ装置、および認証方法 | |
US20050021469A1 (en) | System and method for securing content copyright | |
TW202226785A (zh) | 基於安全導向暨群組分享之物聯網系統 | |
Lucenius et al. | Security technologies in home and wireless networking environments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 20048038450 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2006168264 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10546822 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004717870 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020057016744 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 2004717870 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020057016744 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 10546822 Country of ref document: US |