1. Field of the Invention
The present invention relates to a home gateway for executing a function of a security protocol and a method thereof, and more particularly, to a home gateway for executing a function of a security protocol and a method for home devices that lack the ability to execute such a security protocol. The present application is based on Korean Patent application Ser. No. 2002-514 filed on Jan. 4, 2002, which is incorporated herein by reference.
2. Description of the Related Art
Generally, a gateway system means a system that is located in between communication networks using different data communication protocols, and has a function of converting the data transmitted between the communication networks using different data communication protocols, into data suitable for each communication network. In particular, a home gateway is located in between the internet or a cable service network, i.e. an external network, and a home network and converts the data being transmitted between each different network into data suitable for each communication network. Therefore, the home gateway should allow each communication network to function independently of the other, so that the external network and the home network can adapt to each other smoothly.
A home gateway comprises an access gateway module (AGM) performing as a terminal of an external network, a premise network module (PNM) performing as a terminal of a home network, an internet digital interface (IDI) interfacing between a PNM or other internal device and an AGM, an operating system for operating an overall system, and a service module (SM) providing other services.
FIG. 1 shows a brief block diagram of a general network. Referring to FIG. 1, the local devices 10 are interconnected with each other via a home network 20. The home network 20 is connected to the internet 40 through the home gateway 30. In addition, a remote client 50 is connected to the home gateway 30 via the internet 40. The local device 10 is an information device, which is a common name for an information terminal such as a digital television, a facsimile, or a computer connected to the home network 20 and the remote client 50 can be a remote terminal such as a computer connected to the internet 40 or a mobile phone. By this structure, the remote client 50 becomes able to transceive data to/from a local device 10 connected to the home network 20 and data even to/from a remote place.
Generally, there are two ways a local device 10 connected to a home network 20 sets up a secure channel with a remote client 50 of an external network 40. The first method is to set up a secure tunnel 55 between the remote client 50 and the home gateway 30, as it is shown in FIG. 2.
Referring to FIG. 2, a dummy device 11 is connected to the home network 20 and the home network 20 is connected to the internet via the home gateway 30. Additionally, an internet service provider (ISP) 43 supplying a global internet protocol address on the internet 40 is connected to the internet 40. Also, the home gateway 30 and the remote client 50 are interconnected through the secure tunnel 55. The dummy device 11 is a device without a security protocol among devices connected to the home network 20.
The home gateway 30 is provided with a global IP address from an ISP 43 and the remote client 50 locates the home gateway 30 by a public IP address provided to the home gateway 30 from the ISP 43. The home gateway 30 and the remote client 50 communicate with each other through the secure tunnel 55 set up between the home gateway 30 and the remote client 50. In addition, the home gateway 30 provides the dummy device 11 connected to the home network 20 with a private IP, identifies each dummy device 11 by the private IP address provided, and transceives data therebetween.
The remote client 50 identifies the home gateway 30 and communicates data by a global IP address and the home gateway 30 identifies the dummy device 11 connected to the home network 20 by the private IP address, and transmits data.
However, in the above method, security between the home gateway 30 and the remote client 50 is assured by the secure tunnel 55 set up between the home gateway 30 and the remote client 50, but the security between the home gateway 30 and the dummy device 11 is not assured.
A second method for setting up a secure channel 55 between a local device 10 connected to a home network 20 and a remote client 50 of an external network, involves the local device 10 having a one to one security association with the remote client 50, as it is shown in FIG. 3.
Referring to FIG. 3, each device 13 connected to the home network 20 is provided with a global IP address from an ISP 43 connected to the internet 40. The device 13 in this method can be an information device provided with a global IP address.
The remote client 50 is connected to the home gateway 30 through the internet and each device 13 is connected to the internet 40 through the home gateway 30. The remote client 50 identifies the device 13 connected to the home network 20 by the global IP address given to each device 13, and transceives data thereto/therefrom.
However, according to the second method, although security is assured between the home network 20 and the remote client 50, and also inside the home network 20, there is a disadvantage that set up costs are too much, as each device 13 connected to the home network 20 needs to have a security protocol.