Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2001-02-28
2004-11-02
Jung, David (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S150000, C713S151000, C713S153000, C713S154000
Reexamination Certificate
active
06813715
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a method for accessing a home-network using a home-gateway and a home-portal server, and more particularly, to a method for accessing a home-network, in which a home network system linked to a home-gateway is accessed in relation to a home-portal service, and an apparatus thereof. The present application is based on Korean Patent Application No. 2000-72126, which is incorporated herein by reference.
2. Description of the Related Art
Generally, a home-network is established in an environment such as a house or small-sized office, and linked to the Internet. An external user controls various apparatuses linked to the home-network through the Internet.
Referring to
FIG. 1
, home-network apparatuses
140
and
150
linked to a home-network
130
are linked to the Internet
100
through a home-gateway
120
. The home-gateway
120
has limited open Internet Protocol (IP) addresses and mediates the home-network apparatuses
140
and
150
having private IP addresses in order to access sites linked to the Internet
100
. At this time, only one open IP address is assigned to the home-gateway
120
, and private IP addresses which cannot be externally recognized are assigned to the home-network apparatuses
140
and
150
linked to the home-network
130
. Therefore, when the home-network apparatuses
140
and
150
linked to the home-network
130
want to receive information from the outside, the home-gateway
120
should convert the private IP addresses of the home-network apparatuses
140
and
150
into its open IP addresses using a network address translation (NAT). The Internet Service Provider (ISP)
110
provides Internet access services to the home-gateway
120
.
Referring to
FIG. 2
, the home-gateway
120
includes an external network interface
212
for forming a communication channel to link the external Internet, a home-network interface
214
for forming a communication channel to link a home-network
130
, an open IP layer
211
corresponding to the external network interface and a private IP layer
213
corresponding to the home-network interface
214
. The open IP layer
211
uses a dynamic open IP address, while the private IP layer
213
uses a private IP address. An IP address converting unit
210
relays a packet transmission, by converting an open IP address input from the open IP layer
211
to a private IP address or converting a private IP address input from the private IP layer
213
to an open IP address.
Referring to
FIG. 3
, an ordinary enterprise network uses a virtual private network (VPN) technology with which a computer
310
linked to the Internet
100
accesses to an in-office server
311
linked to an in-office network
300
which is protected from the Internet
100
by a firewall system
312
.
The external computer
310
accesses the firewall system
312
through communication channels
301
and
303
linked to the Internet
100
, and if an authentication is successfully carried out, a virtual communication channel
304
to the in-office network
300
is formed. This virtual channel is implemented actually using various communication channels
303
,
100
,
301
, and
302
, but, by additionally using a software tunneling technology, the virtual channel operates as if it is directly connected to the in-office network
300
.
Referring to
FIG. 4
, the external computer
310
forms a virtual channel by generating a virtual interface
411
to be linked to a virtual network interface
412
inside the firewall system
312
through physical communication channels
303
,
100
, and
301
.
The firewall system
312
has a routing unit
413
which connects a network channel
302
for linking the virtual network interface
412
to the in-office network
300
, and forms an internal communication channel
401
through the routing unit
413
. A virtual channel, which makes the external computer
310
look directly connected to the in-office network
300
, is formed by adding this internal communication channel
401
and the virtual channel
400
.
However, in the NAT, which is a conventional Internet sharing technology, the home-network apparatuses
140
and
150
can operate normally, only when an access request from an external apparatus exists. Also, when a user accesses from outside to home-network apparatuses
140
and
150
linked to home-network
130
, the following problems exist.
First, the open IP address of the home-gateway
120
does not have a permanently fixed value due to an economical reason. That is, since the area of open IP addresses is limited and the number of user systems to be supported are great, most ISPs
110
manage predetermined IP addresses in the form of a pool and dynamically assign the addresses only when a user system requires an IP address. Therefore, the existing open IP address assigning method has no problem in simply realizing an Internet sharing function in a home-network, but, if a user wants to control the home-network apparatuses
140
and
150
linked to the home-network
130
from the outside, it causes a problem in which the user cannot easily find an open IP address of the home-network to be controlled.
Meanwhile, even when the address of the home-gateway
120
that is an entrance to the home-network
130
is determined, there are many limitations in accessing the home-network apparatuses
140
and
150
inside the home-network
130
. That is, since the internal home-network apparatuses
140
and
150
use private IP addresses, when an external network apparatus such as the computer
310
transmits data using the private IP address, a routing in the Internet cannot be made normally. Also, since only the header part of a packet is modified when the NAT technology is used, the application programs, which describe the IP addresses of a source and a destination in the payload part of a packet, do not operate normally. Therefore, a separate program corresponding to each application program should be used in the gateway to process input data. Also, though the VPN technology is to allow access to an internal network with little expense and guaranteed security, the VPN technology is designed to operate only when a client knows in advance the IP address of a VPN server to be accessed in order to keep a high level security, and so far has never been applied to the home-network field.
SUMMARY OF THE INVENTION
To solve the above problems, it is an object of the present invention to provide a method for accessing a home-network in which a user accesses a home-portal server from an arbitrary external system, and then accesses to the home-network, using the collected open IP address of the home-gateway, in order to remotely control various systems linked to the home-network.
It is another object to provide a home-network access system to which the home-network access method is applied.
To accomplish the above object of the present invention, there is provided a method for accessing a home-network, in a network access method of a network system in which an open Internet Protocol (IP) address is used for an external network and a private IP address is provided for an internal network resource, the method for accessing the home-network having the steps of (a) collecting user information and an open IP address from the network system; (b) authenticating an authorized user, who wants to access an internal network resource, based on the user information and open IP address collected in the step (a); and (c) providing the open IP address to the user authenticated in the step (b) so that a virtual network between the authenticated user and the internal network resource that the user wants to use is established.
To accomplish another object of the present invention, there is also provided an apparatus for accessing a home-network in a network system having a gateway, which has user information and an open IP address, for mediating internal network resources having private IP addresses and access to the Internet, and a home-portal server for communicating au
Jung David
Samsung Electronics Co,. Ltd.
Sughrue & Mion, PLLC
LandOfFree
Method for accessing home-network using home-gateway and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for accessing home-network using home-gateway and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for accessing home-network using home-gateway and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3361400