1. Field of the Invention
The present invention relates to an authentication gateway apparatus for accessing a ubiquitous service and a method thereof. In particular, the present invention relates to an authentication gateway apparatus for accessing a ubiquitous service that uses a portable apparatus as an authentication gateway, which is a representative authentication device, and when a ubiquitous service is provided over the portable apparatus and other ubiquitous apparatuses, such as a computer, a display, and an acoustic apparatus, allows only the authentication gateway to perform authentication while other ubiquitous apparatuses are authenticated through the authentication gateway, thereby eliminating the inconvenience of performing authentication each time and preventing leakage of authentication information, and a method thereof.
This work was supported by the IT R&D program of MIC/IITA [2005-S-090-03, Development of P2P Network Security Technology based on Wired/Wireless IPv6 Network].
2. Description of the Related Art
Ubiquitous computing performs user authentication anytime and anywhere using various devices, such as a mobile communication terminal, a personal digital assistant (PDA), a PMP (Portable Multimedia Player), an HPC (Handheld PC), a portable Internet (WiBro: Wireless Broadband) terminal, and an embedded system, and provides various information services to the user.
In general, for the ubiquitous service, like the Internet environment, authentication, authorization, and accounting are required. That is, for the ubiquitous service, it is necessary to perform user authentication before the service is provided, to determine whether or the user is authorized to use the service, and to check whether or not the user pays a fee according to a predetermined accounting policy.
In the ubiquitous service, the use of available devices near the user can be maximized. For example, it is assumed that the user is authorized through the server with his/her cellular phone, downloads photographs from the server, and shows the photographs to neighboring people. If no other displays exist near the user, the user can only use a display having a 340×240 size, which is attached to his/her cellular phone or PDA. If a network monitor having a large LCD screen is available near the user or other people, the ubiquitous service can provide a service that shows the photographs to the people using the large network monitor.
To construct the ubiquitous environment, functions to transmit/receive data and control signals between the large network monitor and the server need to be provided. However, in view of user authentication, the ubiquitous service has the following problems.
First, even if the user is authorized using his/her cellular phone, to show the photographs using a new device, for example, a large network monitor, he/she must be authorized again. That is, for the ubiquitous service, authentication needs to be performed each time a new device is used.
Second, when the user inputs user authentication information using the large network monitor, which is provided in a public place, and transmits the user authentication information to the server, if the network monitor does not guarantee security, a third person may illegally obtain and misuse the user authentication information.
Third, since the devices for the ubiquitous service have to include an input unit, such as a keyboard or a mouse, to input the user authentication information, costs for installation and management are increased.
Alternatively, the user may directly download the photographs using his/her cellular phone, and may transmit the photographs from the cellular phone to the large LCD screen to display the photographs on the large LCD screen. In view of cost to use a mobile communication network and the transfer rate, however, this method is not economical.
When the user wants to see the photographs with his/her cellular phone, the photographs having a 320×240 size are downloaded. Meanwhile, in the large LCD screen, to output the photographs with high resolution, the photographs having a 1024×768 size or larger need to be downloaded. According to this method, cost to use the mobile communication network is increased, and it takes a lot of time to transfer the photographs.
In the worst case, it may be impossible to provide a general-purpose service. For example, information that is downloaded by one device is permitted to be only used in that device, such that copying of the information to another device is against the digital rights management (DRM). According to the digital rights management (DRM), copying is usually prohibited. Accordingly, there is a need for a simple method that resolves this problem.
In the above-described example, the change of the display from the small LCD of the cellular phone to the large LCD at a public place means that the same service is provided with different qualities. In the ubiquitous environment, service is generally provided with different service qualities according to the locations of the user or usable devices.
Accordingly, the ubiquitous service provides the same photographs with different qualities.
According to the above-described example, it is assumed that the large LCD display has a network function, and thus a large LCD display having a network function may be easily implemented as “device for ubiquitous environment”.
There are known some authentication methods in the related art. According to the known user authentication devices and methods, even if the user uses a computer at a public place, and the user authentication information leaks, a plurality of authentication units are provided so as to prevent an unauthorized person from accessing the user authentication information. However, this user authentication method has a problem in that, when using the computer at a public place, the user needs to be directly authorized with his/her computer.
In the known mobile device authentication methods and devices, to eliminate the inconvenience of performing authentication each time a mobile device communicates with a new device, subsequent authentication depends on initial authentication of a home network, for example, an access point (AP).
Accordingly, in the ubiquitous environment, when various devices, such as a computer, a display, and an acoustic apparatus, uses a service at a public place, there is a need for a new method that can eliminate the inconvenience of performing authentication each time, and can prevent leakage of authentication information.