Patent Application
20070106898
The present application claims priority from Japanese Patent Application No. 2005-323941 filed on Nov. 8, 2005, which is herein incorporated by reference.
1. Field of the Invention
The present invention relates to a setting information notifying method with which it becomes possible to safely and easily exchange appliance setting information between appliances constituting a home network, and appliances applied thereto.
2. Description of the Related Art
There is known a so-called home network, where appliances such as a personal computer (hereinafter referred to as PC), a HDD (Hard Drive Disk) recorder, a TV, a printer, and a game machine are communicably connected so as to use their respective services with each other. As a technology to assist in establishing such a home network, for example, there is the UPnP (Universal Plug and Play) protocol to make it possible that, as soon as an appliance is connected to a network (plugged to the cable), information on automatic setting of its address and its device/service characteristics are automatically notified over the communication network. Also, there is a commonly utilized technology, DLNA (Digital Living Network Alliance) which defines the guideline for establishing interoperability throughout a communication network based on UPnP, allowing the appliances to share and view AV (Audio Visual) contents with each other. Due to DLNA, for example, it is made possible to use a PC for viewing contents recorded on a HDD recorder.
Meanwhile, the wireless communication technology (IEEE 802.11b/g/a, etc) is adopted in many home networks for the purpose of simplification of wiring, or for other reasons. In a wireless network, however, it is required to manually set information such as host name, MAC address, and cryptographic key which is to prevent unauthorized accesses such as tapping, to each appliance. Even if using appliances complying with UPnP or DLNA described above, a user has to complete annoyance setting tasks before enjoying the other appliances' resources.
In association with this circumstance, there is raised a need for a system to recognize appliances joining a wireless home network, and safely and easily share appliance setting information including identifier, cryptographic key information, MAC address, and authentication information, among the appliances, in advance of actual communication. Furthermore, for example, a user is out of the house, and views contents recorded on a HDD recorder in the house, or programs recording to the HDD recorder, via the Internet with use of a mobile device such as notebook computer, mobile phone, or in-car terminal. In this case, a mechanism for controlling accesses to the home network appliances should be provided for the purpose of protecting them from possible offences using the Internet. Then, it is urged to realize a mechanism for safely and easily notifying appliance setting information such as authentication information, between the mobile device which is out of the house, and the HDD recorder or another home network appliance which is accessed from the outside.
Conventionally, such notification of appliance setting information is carried out by a user's manually entering this information in each appliance connected in a home network. In order to establish encoded communication between a wireless access point and a PC, a user should first access the wireless access point from the PC through a non-encoded communication, or should connect the PC to the wireless access point with wire. Then the user should set the appliance setting information to the access point. The appliance setting information includes the identifier assigned to the PC, the cryptographic key information such as WEP key, and the MAC address which the user should check up in advance of the setting process. Then again, the user should set to the PC the corresponding identifier and the key information in the same manner. During this setting process, the user has to correctly memorize the appliance setting information and carefully enter those data in the respective components. If there are a number of appliances to be connected to the wireless access point, this task turns out a rather heavy load for the user. In addition, in the case of using a wireless communication as the setting mean, the first contact to a wireless access point to enter the required information is mostly made through a non-encoded communication; thus, a possibility to be tapped arises.
As one of attempts at improving this process, Japanese. Patent Application Laid-open Publication No. 2004-328093 (the corresponding U.S. Patent Published Application: US 20040215815A1) has disclosed a method in which recognition between two appliances and connection thereafter are established by just pushing their corresponding user interfaces simultaneously and adjusting the timing of releasing these push operations. However, such operations should be appended with difficulty in some cases. For example, as is often with the case with home networks, an appliance to be set is a TV placed away from the other one.
Japanese Patent Application Laid-open Publication No. 2004-215232 is taken as another related art. This publication has disclosed a technology in which an access point narrows its coverage of wireless communication in response to manipulation of a registration button, so that a secured communication area is defined, then registering MAC address and key information to add a new terminal to the network can be processed within the secured wireless network. In this technology, however, there is a possibility that an unauthorized terminal could exist in even the above-mentioned secured communication area so that tapping could be committed. On top of that, both of the two publications just refer to the case that only a single service is performed (a wireless communication service, etc.). Therefore, in the case of including a plurality of appliances or services, these technologies do not become a real solution, and there is still a security problem left to be taken care of more thoroughly.
The present invention has been contrived in consideration of the above-mentioned circumstance. It is an object of the present invention to provide a setting information notifying method with which it becomes possible to safely and easily exchange appliance setting information between appliances constituting a home network, and appliances applied thereto.
The main part of the present invention to accomplish the above-mentioned object is a setting information notifying method which is used to notify appliance setting information, the information required for use of a service between a first appliance and a second appliance, in an appliance communication system including the first appliance which is used with being connected to a communication network and the second appliance which is used with being connected to the communication network, the setting information notifying method, comprising steps of the first appliance storing a program which is used in notifying the application setting information to the other appliance, a first identifier assigned to the first appliance, and a first cryptographic key of the first appliance, on a portable data media, the second appliance starting the program stored on the data media, to obtain a first network address assigned to the first appliance based on the first identifier, and to establish a cryptographic communication path with the first appliance with use of the first cryptographic key stored on the data media; the first appliance sending the appliance setting information to the second appliance through the cryptographic communication path; and the second appliance sending a second identifier assigned to the second appliance to the first appliance through the cryptographic communication path.
According to the present invention, it is realized to safely and easily exchange appliance setting information in an appliance communication system including a first appliance which is used with being connected to a communication network such as a home network or the Internet, and a second appliance which is used with being connected to the communication network. In the present invention, for example, a program which is used in informing the other appliance of the appliance setting information such as a WEP key on a wireless LAN, an identifier of the first appliance, and a cryptographic key (digital certification) of the first appliance can be transferred, from the first appliance which provides a service to the second appliance which uses the service, with use of a data media such as an USB memory as a carrier. Then, the second appliance can automatically connect to the first appliance, and safely and easily notify the appliance setting information required for the first appliance to offer the service, through a cryptographic communication.
In addition, the other main part of the present invention is the setting information notifying method further comprising steps of the first appliance determining whether or not it stores a third cryptographic key, with regard to a third appliance which is used with being connected to the communication network; and if the first appliance stores the third cryptographic key, then the first appliance sending to the second appliance the third cryptographic key and a third identifier assigned to the third appliance.
In this way, if the first appliance, which has already been notified the appliance setting information, contains the third cryptographic key regarding to the third appliance, the first appliance notify to the second appliance the third cryptographic key and the third identifier. Thus, a user of the second appliance can safely and easily use a service of the third appliance, without the need for him/herself to manually configure the appliance setting information in each of the second and the third appliances.
In sum, the present invention enables easy and safe configuration of appliance setting information.
In the following, one embodiment of the present invention is described in detail with reference to the accompanying drawings.
== System Configuration ==
With regard to the external storage unit 105, the input interface unit 106, the output interface unit 107, and the network interface unit 108A, the appliances 100 are not necessary equipped with all of them. For example, in the case that an appliance 100 is a home router, a file server, or a media server, the appliance might not include the external storage unit 105, the input interface unit 106, and the output interface unit 107. In addition, in the case that an appliance 100 is a hard disk recorder (HDD recorder), the appliance might not include the network interface unit 108A. In the following description, the appliance 100A shown in
The service application 116 contains programs and data necessary to provide a service. In the following description, it is assumed that the appliance 100A has the service application 116 which provides a function as a wireless access point and a mechanism for controlling accesses from outside of the house, while the appliance 100C has the service application 116 which provides a service of contents distribution. The setting file 117 contains information regarding to clients which the appliance 100 serves. The client application 118 contains programs and data necessary to use a service. The setting file 119 contains information regarding to services which the appliance 100 can use.
The automatic information setting application 120 comprises a program to provide a function regarding to setting various information, a program to provide a function regarding to accepting service-use requests, a service-use request send program 600 to provide a function regarding to sending service-use requests, and an appliance information delete program 700 to make an appliance 100 unusable in the home network 50.
In addition to the programs and data described above, the memory 113 or the external storage unit 105 of the appliance 100 stores a temporary digital certification 125, a digital certification 127, a service-to-use table 121, a client-to-serve table 122, a temporary service-to-use table 123, and temporary client-to-serve table 124.
== Functions ==
Next, a detailed description is provided regarding to a process of notifying the appliance setting information, which is executed as a preparation for an appliance 100 to use a service of the other appliance 100.
As shown in
After completing writing the above-mentioned information on the data media 103, the appliance 100A breaks the connection established with the data media 103 (204), so that the data media 103 can be removed from the appliance 100A. Then, the appliance 100A activates a timer which is used in managing the expiry date of the digital certification (hereinafter referred to as authentication timer) (205). When the authentication timer reaches a time-out, the appliance 100A voids the digital certification stored on the data media 103.
In the next step, after confirming that the data media 103 can now be removed, the user unplugs the data media 103 from the appliance 100A, and again plugs it into the appliance 100B before the timeout comes. It is beneficial, as far as security concerned, to impose the expiry date on the digital certification in this way. For example, with the expiry date imposed, it can be prevented that appliance setting procedure automatically starts off without a user's intention, that otherwise might be caused with a data media 103 left untouched. The authentication timer, for example, can be set to take a timeout per tens of minutes. On detecting that the data media 103 is plugged (301: Y), the appliance 100B establishes a connection with the data media 103 (302).
Once establishing this connection, the appliance 100B launches the appliance setting application 115 stored on the data media 103 (303). This enables a process that the appliance setting information is automatically exchanged between the appliance 100A and the appliance 100B (hereinafter referred to as setting information automatic notifying process) to start. At this point, the appliance setting application 115 can be loaded into the memory 113 of the appliance 100B to be launched, or stay in the nonvolatile memory 112 of the data media 103 to be launched from there.
The setting information automatic notifying process is executed as follows. In the first step, the appliance 100B sends the “ping” command onto the home network 50, and obtains the IP address corresponding to the host name 126 stored in the data media 103, that is, the IP address of the appliance 100A (304). Then, the appliance B starts a cryptographic communication with the appliance 100A, which is encoded with the cryptographic key stored in the temporary digital certification on the data media 103.
In the second step, the appliance 100B sends a connection request to the appliance 100A (305). On receiving this request, the appliance 100A first determines whether or not the authentication timer has passed the time-out (206). If not (206: Y), the appliance 100A decodes packets sent from the appliance 100B (hereinafter referred to as received packet) with use of the cryptographic key in the temporary digital certification 125, to confirm that the connection request is actually sent from the appliance 100B (207). Then, the appliance 100A turns off the authentication timer (208). After that, the appliance 100B continues the communication encoded with the cryptographic key in the temporary digital certification 125 (hereinafter referred to as temporary cryptographic communication), with the appliance 100A.
If the time-out has expired (206: N), the appliance 100A cannot decode the received packets because the temporary digital certification corresponding to that stored on the data media 103 is already deleted. Therefore, the appliance 100A cannot verify the received connection request (207: N), then goes back to the step 206.
In the third step, the appliance 100A informs the appliance 100B of services available to the appliance 100B, through a temporary cryptographic communication (209), and the appliance 100B receives that information from the appliance 100A (305). Here, it is assumed that the services which appliance 100A presents to the appliance 100B are a service as a wireless access point, and a service for accesses from outside of the house (209).
In the fourth step, the appliance 100A sends to the appliance 100B a setting-for-service-use request which is to request to configure the setting required to start the service use (210). Here, it is assumed that the appliance 100A's request toward the appliance 100B is regarding to the service as a wireless access point. On receiving this request, the appliance 100B creates the application setting information required to use the wireless access point service, with regard to the appliance 100A (here this information is assumed to be a WEP key) (306).
In the fifth step, the appliance 100A sends to the appliance 100B a service-user-registration request which is request to make service user registration (212). On receiving this request, the appliance 100B registers the created appliance setting information with regard to the appliance 100A, as the confirmed appliance setting information (307).
In the sixth step, the appliance 100B sends its own MAC address to the appliance 100A. The appliance 100A stores the identifier of the appliance 100B (a second identifier), the WEP key, and the received MAC address, on the setting file 117 of the service application 116 (213). Meanwhile, the appliance 100B stores the appliance setting information on the setting file 119 of the client application 118 (308). In the case that the appliance 100A provides a plurality of services in the home network 50, the above-mentioned fifth to sixth steps are repeated for each service. For the service that the appliance 100B is already using, the setting procedure to use this service may be omitted.
In the step 210, if the appliance 100B which is out of the house, and a setting-for-service-use request which the appliance 100A sends is regarding to the service for accesses from outside of the house, the appliance 100A, for example, stores the MAC address of the appliance 100B, the digital certification which is used in the service providing, and the cryptographic key corresponding to this digital certification, as the appliance setting information on the setting file 117 of the service application 116. Meanwhile, the appliance 100B stores the digital certification as the appliance setting information on the setting file 119 of the client application 118.
In the first step, the appliance 100B determines whether or not the appliance 100B has the service application 116 (312), as well as the appliance 100A determines whether or not the appliance 100A has the client function (213). If the appliance 100B has the service application 116 (312: Y, 313), and the appliance 100A has the client function (213: Y), then the appliance 100A receives a setting-for-service-use request sent from the appliance 100B (314), then the setting required for the service use is started (214 and 315).
In the second step, the appliance 100B sends a service-user-registration request to the appliance 100A to make service user registration (316). In response to this request, the appliance 100A registers the appliance setting information received from the appliance 100B, such as the host name of the appliance 100B (the second identifier) and the cryptographic key information such as the WEP key, on the setting file 119 of the client application 118 (215). Then, the appliance 100A sends its own MAC address to the appliance 100B, and registers the appliance setting information, that is, the host name of the appliance 100B (the second identifier) and the cryptographic key information, as the confirmed information on the setting file 119 of the client application 118 (216). Meanwhile, the appliance 100B stores the appliance setting information regarding to the appliance 100A such as the identifier of the appliance 100A (the first identifier), the WEP key, and the MAC address, on the setting file 117 of the service application 116 (317). In the case that the appliance 100B provides a plurality of services, the above-mentioned second step is repeated for each service. For the service that the appliance 100A is already using, the setting procedure to use this service may be omitted.
In this embodiment described up until now, the appliance 100A or 100B automatically configures the setting for the service being provided by the appliance 100B or 100A. However, with using an appliance 100A or 100B equipped with an output unit such as a display as a user interface, and an input unit such as a keyboard or a remote control, it is possible to show available services of the other appliance 100 on the display so that a user can select whatever service he/she wants to use.
In the first step, the appliance 100A issues for the appliance 100B a digital certification 127 for use in the setting information automatic notifying process. Then, the appliance 100A sends it to the appliance 100B (217).
In the second step, the appliance 100B registers the host name 126 of the appliance 100A, the service name 129, and the digital certification 127 sent from the appliance 100A, on the service-to-use table 121 (318).
In the third step, the appliance 100B issues a digital certification 127 for the appliance 100A, and sends it to the appliance 100A (319).
In the fourth step, the appliance 100A registers the host name 126 of the appliance 100B, the service name 129, and the digital certification 127 sent from the appliance 100B, on the client-to-serve table 122 (218).
In the fifth step, the appliance 100A determines if the appliance 100B provides any service as well as the appliance 100A has a function as a client (219). If both conditions are met (219: Y), the appliance 100A stores the host name 126 of the appliance 100B, the service name 129 to be provided, and the digital certification 127 of the appliance 100B, on the service-to-use table 121 (220). Furthermore, the appliance 100B also determines if the appliance 100B provides any service as well as the appliance 100A has a function as a client (320). If both conditions are met (320: Y), the appliance 100B stores the host name 126 of the appliance 100A, the service name 129 to provide, and the digital certification 127 of the appliance 100A, on the client-to-serve table 122 (321).
In the first step, the appliance 100A determines whether or not its own service-to-use table 121 or client-to-serve table 122 contains information regarding a service of the other appliance 100 than the appliance 100B (221). Here, it is assumed that the appliance 100A's service-to-use table 121 or client-to-serve table 122 contains the information regarding the appliance 100C (221: Y).
In the second step, the appliance 100A sends to the appliance 100B the host name 126 of the appliance 100C and the digital certification 127 (a third cryptographic key) stored on the service-to-use table 121 or the client-to-serve table 122 (222).
On receiving this information from the appliance 100A, the appliance 100B registers it on its own temporary service-to-use table 123 or the temporary client-to-serve table 124 (322).
In the third step, the appliance 100A encodes the host name 126 of the appliance 100B and the digital certification 127 (the second cryptographic key) of the appliance 100B with use of the cryptographic key in the digital certification 127 of the appliance 100C, and send those data to the appliance 100C (223). After the appliance 100C receives this information from the appliance 100A, an information setting application 400 running on the appliance 100C decodes the host name 126 and the digital certification 127 sent from the appliance 100A, with use of the cryptographic key in the digital certification managed by the certification management application 114. Then, the appliance 100C registers the decoded information about the appliance 100B (the host name 126 and the digital certification 127), on its own temporary service-to-use table 123 or the temporary client-to-serve table 124 (401).
The terminal marking B4 shown in
As for the setting information automatic notifying process between the appliances 100A and 100B shown in
Back to the case that the appliance 100B uses the service of the appliance 100C, now a description is provided regarding to a process executed after the above-mentioned preparation process. This process enables the appliance 100B to actually receive the service offered by the appliance 100C. In this process, first, the appliance 100B detects a service which the appliance 100C offers in the home network 50. Such detection is realized, for example, with “Simple Service Discovery Protocol” of UPnP (Universal Plug and Play) or other methods.
On detecting the service, the appliance 100B launches the service-use request send program 600.
In the first step, the appliance 100B determines whether or not its own temporary service-to-use table 123 contains the host name 126 of the appliance 100C which offers the detected service (601). In the second step, with determining that the information is contained (601: Y), the appliance 100B sends to the appliance 100C a service-use request encoded with the cryptographic key in the digital certification 127 stored on the temporary service-to-use table 123 (602). On receiving this request, the appliance 100C launches the service-use request accept program 500.
In the third step, the launched service-use request accept program 500 decodes the received service-use request with the cryptographic key in the corresponding digital certification 127 managed by the certification management application 114. Then, the appliance 100C determines whether or not its own temporary client-to-serve table 124 contains the decoded host name 126 of the appliance 100B (501).
In the fourth step, with determining that the information is contained (501: Y), the appliance 100C encodes the appliance setting application 115 with the cryptographic key in the digital certification 127 of the appliance 100B stored on the temporary client-to-serve table 123, and sends it to the appliance 100B (502).
In the fifth step, the appliance 100B decodes the received appliance setting application 115 with the cryptographic key in the digital certification 127 managed by the certification management application 114 (604), and launches the appliance setting application 115 (604).
In the sixth step, the appliances 100B and 100C take the same steps as 305 to 322 and 208 to 223 shown in FIGS. 3 to 6, to be able to use or offer the service. After these steps of configuring the required settings, the appliance 100C deletes the host names 126 of the appliance 100B from the temporary cline-to-serve table 124 (503), and the appliance 100B deletes the host name 126 of the appliance 100C from the temporary service-to-use table 123 (605).
In this way, in the appliance communication system 1 of the present embodiment, it is realized to configure the appliance setting information required for use of a service, just by connecting the data media 103 to the server appliance 100A, and then reconnecting the data media 103 to the client appliance 100B. In addition, it is also realized to automatically configure the appliance setting information required for the client appliance 100B to use a service of the third appliance joining the home network 50, or the appliance 100C. As a result, for example, assuming the appliance 100C provides a service of contents distribution, it becomes possible that the appliance 100B which is out of the house accesses the home network 50 through the Internet 102 and uses the contents distributed by the appliance 100C which is connected to the home network 50, without requiring for a user to manually configure the required appliance setting information.
Meanwhile, in the appliance communication system 1 described up until now, if the appliance 100C is not connected to the home network 50 when the setting information automatic notifying process is executed between the appliances 100A and 100B, it is possible that the appliance 100C does not register the information about the appliance 100B on its temporary client-to-serve table 124, because the appliance 100C does not have a chance to receive the host name 126 of the appliance 100B and the digital certification 127 of the appliance 100B. In this case, however, all it still takes is to carry out the setting information automatic notifying process between the appliances 100B and 100C, by connecting the data media 103 to the appliance When transferring or having lost an appliance 100, a user has to arrange that the appliance 100 can no longer use or offer a service in the home network 50. That is realized, for example, by first connecting the other appliance 100 which has any user interface (hereinafter referred to as appliance 100X) to the home network 50, and then providing the appliance 100X with the host name of the appliance 100 being deleted, and then launching the appliance information delete program 700 of the automatic information setting application 120 on the appliance 100X.
With taking the above-mentioned steps, the deletion of the information regarding to the appliance 100 is completed so that this appliance is no longer allowed to use or provide a service in the home network 50. Therefore, it can be prevented that an unauthorized person or a person with a bad idea accesses the home network 50 to use any function in it with use of the appliance transferred or lost.
Having described the preferred embodiment of the present invention with reference to the accompanying drawings, our aim is to facilitate the understanding of the present invention, and it is to be understood that the invention is not limited to the embodiment and that various changes and modifications could be effected therein by one skilled in the art without departing from the spirit or scope of the invention as defined in the accompanying claims, and that the invention may include equivalents thereof.
| Number | Date | Country | Kind |
|---|---|---|---|
| 2005-323941 | Nov 2005 | JP | national |
