1. Field of the Invention
The present invention relates to mobile terminals, gateways, remote control programs, access control programs, and data transfer systems for managing secure networks. More particularly, the present invention relates to mobile terminals, gateways, remote control programs, access control programs, and data transfer systems that transfer data from a secure network to another network according to commands given from outside of the secure network.
2. Description of the Related Art
Recent years have seen the emergence of mobile communication devices having multiple network interfaces, with the capability of downloading a large amount of data via the Internet or the like. For example, a new type of wireless Internet Protocol (IP) phones have radio interfaces for the Personal Handyphone System (PHS) and wireless local area network (LAN). The users of those devices tend to carry relatively large amounts of data (e.g., multimedia content) with them to enjoy music and video clips anywhere they go.
The memory capacity of existing mobile terminals is, however, not large enough to accommodate all data each user has. For this reason, most users keep their data files in a personal computer serving as a file server in their home or office, while carrying only a part of those data files in their mobile terminals.
When a user is away from home, he/she may feel it necessary to download some data from his/her home file server to the mobile terminal at hand. It would also be better if he/she could fetch the data in a quick and easy way. One proposed technique uses a two-dimensional barcode to enter the necessary information to his/her mobile terminal. See, for example, Japanese Patent Application Publication No. 2005-174317. According to this publication, a remote server produces an access identifier and delivers it to an information device. The information device displays the access identifier on a monitor screen in the form of a two-dimensional barcode. A local device can receive the access identifier by capturing the on-screen image of the barcode. The access identifier permits the local device to connect itself to the remote server and receive specified data from there. With this technique, the user can download desired data from the home file server to his/her local device while on the road.
However, from the viewpoint of network security, it is very risky to leave the home file server open to other anonymous network users. A typical method to control inbound access to a home file server is to place a gateway at the front end of the home network. The presence of such gateways, however, makes it difficult to use the remote access method disclosed in the Japanese Patent Application Publication No. 2005-174317 mentioned earlier, since the gateway is not transparent to the protocols used to transfer data between a remote server and a local device. In the case where the file server is protected by a gateway, some remote control mechanism to negotiate the gateway is required.
Mobile terminals with multiple wireless interfaces could serve as a gateway for small data files. For example, two people can exchange data files by using their mobile terminals as gateways interconnecting their respective file servers. In this case, the security of data transmission is ensured by using virtual private network (VPN) mechanisms to connect a mobile terminal to the user's home or office network. Mobile terminals, however, are limited in terms of processor performance and battery capacity. The use of such mobile terminals as gateways would impose a severe limitation on the service functionality and availability because of their power consumption and communication speeds.
One alternative method is to connect remote servers for data exchange purposes. Home networks and office networks usually have a firewall or a gateway (collectively referred to as “gateways”) to guard their local devices against access from external networks. While port mapping functions of a gateway could solve the accessibility problem, this solution could introduce vulnerability to the system and increase the risk of information leakage and network attacks because the system cannot distinguish the sources of access.