Following the advent of recent widespread data communication networks, so-called home networks are prevailing which allow communications among network-connected apparatuses including home electric appliances, computers and other peripheral apparatuses. The home network provides users with conveniences and comfortableness through communications among network-connected apparatuses, such as sharing a data processing function of each apparatus and content transmission/reception among apparatuses. It is therefore predicted that home networks spread further in the future.
As the protocol suitable for the configuration of the home network, a Universal Plug and Play (UPnP) is known. The Universal Plug and Play (UPnP) facilitates to configure a network without involving any complicated manipulations, and allows each network-connected apparatus to receive services provided by other connected apparatuses without difficult manipulations and settings. UPnP has the advantage that it does not rely upon an OS (operating system) of a device and addition of devices is easy.
UPnP exchanges an XML (extensible Markup Language) compliant definition file among connected apparatuses to effect mutual recognition among the apparatuses. The following is the summary of UPnP processes.
(1) An addressing process of acquiring own device ID such as an IP address.
(2) A discovery process of searching each device on a network and receiving a response from each device to acquire information such as a device type and a function contained in the response.
(3) A service request process of requesting each device for services in accordance with the information acquired by the discovery process.
With the above-described procedure, service provision and reception become possible by using network-connected apparatuses. An apparatus to be newly connected to a network acquires a device ID by the addressing process, acquires information of another network-connected device by the discovery process, and can request another apparatus for services in accordance with the acquired information.
It is, however, necessary for the network of this type to consider a countermeasure against illegal accesses. An apparatus in the home network, such as a server, often stores contents such as private contents and charged contents whose copyright is required to be managed.
Contents stored in such a server in the home network can be accessed from another network-connected apparatus. For example, an apparatus effected UPnP connection, which is the above-described simple apparatus connection configuration, can acquire the contents. If the contents are movie data or music data, a user of a TV, a player or the like connected to the network can see the movie or listen to the music.
An apparatus connected by a user having a use right of contents is allowed to access. However, a user not having a use right of contents or the like can easily enter the network having the above-described network configuration. For example, in a network configured by wireless LAN, a theft of contents in a server at a home may occur by illegally entering the network by using a communication apparatus in an outdoor area, in a next house or the like. The configuration permitting illegal accesses of this type may result in secret leak and poses an important issue from the management viewpoint of content copyright.
The following configuration which excludes the above-described illegal accesses has been proposed. A list of access-permitted clients is stored, for example, in a server, and when an access request is issued from a client to the server, the server executes a verification process by using the list to exclude an illegal access.
For example, MAC (Media Access Control) address filtering is known which sets an access permission apparatus list of MAC addresses which are physical addresses specific to network-connected apparatuses. In MAC address filtering, access permission MAC addresses are registered beforehand in a router or a gateway isolating an internal network (subnet) such as a home network from an external network, and a MAC address in a received packet is compared with the registered MAC addresses to reject an access from an apparatus having a MAC address not registered. The technology of this type is disclosed, for example, in Patent Document 1 (Japanese Patent Application Publication No. H10-271154).
It is, however, necessary for a registration process for access limitation MAC addresses to check MAC addresses of all apparatuses to be connected to the network, and for an operator to enter the acquired MAC addresses (48 bits) of all apparatuses and form a list. These processes may be performed by a certain manager if a secure environment is required to be configured such as in particular companies, organizations and the like. However, it is not realistic to request a general user to generate and store a MAC list, for example, in a home network environment set at a general home.
An addition process for a new apparatus occurs often in a home network. If a user is required to check and register the MAC address of a new apparatus each time the addition process is executed, feasibility of network configuration is lost.
Configuring a so-called ubiquitous environment is now in general homes. In the ubiquitous environment, a network configuration including not only PCs but also electric home appliances allows an access from any apparatus. With the spread of wireless LANs and the like, a communicable apparatus can easily invade a wireless LAN externally. In these network environments, illegal accesses to network-connected apparatuses are likely to occur, further increasing the possibility of secret information theft, illegal content read and the like through illegal accesses. It is desired under these circumstances that-a proper access control configuration should be realized easily without burdening general users.