PARK JEE-HYE (KR)
LEE YUN-KYUNG (KR)
JU HONG-IL (KR)
KIM DO-WOO (KR)
NAM TAEK-YONG (KR)
JANG JONG-SOO (KR)
SOHN SUNG-WON (KR)
HAN JONG-WOOK (KR)
PARK JEE-HYE (KR)
LEE YUN-KYUNG (KR)
JU HONG-IL (KR)
KIM DO-WOO (KR)
NAM TAEK-YONG (KR)
JANG JONG-SOO (KR)
SOHN SUNG-WON (KR)
| US6275941B1 | 2001-08-14 | |||
| US6510212B2 | 2003-01-21 | |||
| US6658394B1 | 2003-12-02 |
| 1. | An authentication method for authenticating a home client user by an outside the home network provider server when the home client user desires to use an outside the home network service through the home network provider server and a home server storing a plurality of user authentication information items in advance, the method comprising: after receiving an authentication packet including user authentication information from the home client, the home server authenticating the home client with the user authentication information; if the authentication is successful, the home server mapping the user au¬ thentication information included in the authentication packet into user au¬ thentication information set by the home network provider server; the home server transmitting an authentication packet including the mapped user authentication information to the home network provider server; and the home network provider server authenticating the home client user by comparing the mapped user authentication information included in the received authentication packet with corresponding information among authentication in¬ formation items stored in advance. |
| 2. | The method of claim 1, wherein the authenticating of the home client with the user authentication information comprises: establishing a security tunnel between the home client and the home server; the home client transmitting an authentication packet including user au¬ thentication information through the security tunnel; and the home server authenticating the home client user by comparing the user au¬ thentication information included in received the authentication packet with cor¬ responding authentication information among user authentication information items stored in advance in the home server. |
| 3. | The method of claim 1, wherein in the mapping of the user authentication in¬ formation included in the authentication packet into the user authentication in¬ formation set by the home network provider server, the home server provides a function for mapping the user authentication information included in the au¬ thentication packet into the user authentication information set by the home network provider server so that the home client user is authenticated by the home network provider server with any authentication tool. |
| 4. | The method of claim 1, wherein the plurality of user authentication information items stored in advance in the home server includes at least one of identification (ID) and/or password authentication information, certificate authentication in formation, radio frequency ID (RFID) authentication information and biometric information authentication information, and the plurality of user authentication information items stored in advance in the home network provider server includes at least one of ID and/or password authentication information, certificate authentication information, and RFID authentication information. |
| 5. | The method of claim 4, wherein when the user authentication information set by the home network provider server is the ID and/or the password authentication information, the user authentication information is obtained by mapping the user authentication information included in the authentication packet received from the home client into the ID and/or password authentication information. |
| 6. | The method of claim 4, wherein when the user authentication information set by the home network provider server is certificate information, the user au¬ thentication information is obtained by mapping the user authentication in¬ formation included in the authentication packet received from the home client into the certificate information. |
| 7. | The method of claim 4, wherein when the user authentication information set by the home network provider server is RFID information, the user authentication information is obtained by mapping the user authentication information included in the authentication packet received from the home client into the RFID in¬ formation. |
| 8. | The method of claim 1, wherein in the transmitting of the authentication packet to the home network provider server, the home server transmits the au¬ thentication packet including the mapped user authentication information to the home network provider server through a security tunnel established when device authentication with the home network provider server is performed. |
| 9. | The method of claim 1, wherein the authentication packet comprises: a header unit including a user authentication means; and a data unit including the user authentication information. |
| 10. | The method of claim 9, wherein the data unit includes at least one of user au¬ thentication information items. |
| 11. | An authentication method for authenticating an outside the home client user by using biometric information by a home network provider server when the outside the home client user desires to use an indoor home network service through the home network provider server and a home server storing a plurality of user au¬ thentication information items in advance, the method comprising: after receiving an authentication packet including user authentication information formed with the biometric information from the outside the home client, the home network provider server transmitting the authentication packet received from the outside the home client to the home server; the home server authenticating the outside the home client by comparing the user authentication information included in the received authentication packet with user authentication information stored in advance,; and if the authentication of the outside the home client is successful, the home server transmitting the authentication result of the outside the home client to the home network provider server. |
| 12. | The method of claim 11, wherein the transmitting of the authentication packet by the home network provider server comprises: establishing a security tunnel between the outside the home client and the home network provider server; the outside the home client transmitting the authentication packet including user authentication information formed with the biometric information through the security tunnel; and after receiving the authentication packet, the home network provider transmitting the received authentication packet to the home server. |
| 13. | The method of claim 11, wherein the plurality of user authentication information items stored in advance in the home server includes at least one of ID and/or password authentication information, certificate authentication information, RFID authentication information and biometric information authentication in¬ formation, and the plurality of user authentication information items stored in advance in the home network provider server includes at least one of ID and/or password authentication information, certificate authentication information, and RFID authentication information. |
| 14. | The method of claim 11, wherein in the transmitting of the authentication result of the outside the home client to the home network provider server, the home server transmits the authentication result of the outside the home client to the home network provider server through a security tunnel established between the home network provider server and the home server. |
| 15. | The method of claim 11, wherein the authentication packet comprises: a header unit including a user authentication means; and a data unit including the user authentication information. |
| 16. | The method of claim 15, wherein the data unit includes at least one of user au¬ thentication information items. |
| 17. | An authentication method authenticating a home client user by a home server storing user authentication information in advance, the method comprising: the home client transmitting an authentication packet including user au¬ thentication information; and the home server authenticating the home client user by comparing the user au¬ thentication information included in the received authentication packet with user authentication information stored in advance. |
| 18. | The method of claim 17, further comprising before the transmitting of the au¬ thentication packet: establishing a security tunnel between the home client and the home server, wherein in the transmitting of the authentication packet, the home server transmits the authentication packet including user authentication information through the security tunnel. |
| 19. | The method of claim 17, wherein the user authentication information includes at least one of ID and/or password authentication information, certificate au¬ thentication information, biometric information authentication information and RFID authentication information. |
| 20. | The method of claim 17, further comprising: in the authenticating of the home client by the home server, if the home client user authentication is successful, the home server notifying the authentication success to the home client. |
| 21. | The method of claim 17, further comprising: in the authenticating of the home client by the home server, if the home client user authentication is successful, the home server performing control of the home client requested by the home client. |
| 22. | The method of claim 17, wherein the authentication packet comprises: a header unit including a user authentication means; and a data unit including the user authentication information. |
| 23. | The method of claim 22, wherein the data unit includes at least one of user au¬ thentication information items. |
| 24. | A user authentication system in a home network system comprising: a unit by which when a home device is desired to be controlled from a home client, the user of the home client is authenticated through user authentication in¬ formation by a home server placed indoors; a unit by which when a service provided by a home network provider server is desired to be used in the home client, the user of the home client is authenticated through user authentication information by the home server, and is authenticated by the home network provider server through user authentication information mapped by the home server; and a unit by which when a home device is desired to be controlled in an outside the home client, the user of the outside the home client is authenticated through user authentication information by the home server, and is authenticated by the home network provider server through the result of the authentication by the home server. |
| 25. | The system of claim 24, wherein the user authentication information includes at least one of ID and/or password authentication information, certificate au¬ thentication information, RFID authentication information, and biometric in¬ formation authentication information. |
| 26. | The system of claim 24, wherein the user authentication information mapped in the home server performing the authentication does not include biometric in¬ formation authentication information. |
| 27. | A computer readable recording medium having embodied thereon a computer program for executing the method of claim 1. |
| 28. | A computer readable recording medium having embodied thereon a computer program for executing the method of claim 11. |
| 29. | A computer readable recording medium having embodied thereon a computer program for executing the method of claim 17. |
Method and system for user authentication in home network system
Technical Field
[1] The present invention relates to a method and system for user authentication in a home network system, and more particularly, to a method and system for user au¬ thentication in a home network system by which only those users registered in a home server can use the home network system and a variety of authentication means are provided for user convenience.
Background Art
[2] In a conventional home network system, a home server provides information services without requiring user authentication. Also, all user authentication information items registered in a service provided by a home network provider server should be kept by the user. Disclosure of Invention
Technical Problem
[3] Accordingly, there is a problem in that other persons than home members can use the home network system.
[4] Also, this degrades user convenience. That is, since the user registered in the service provided by the home network provider server does not know which in¬ formation the home network requests as user authentication information, only when the user keeps on hand an ID and/or password, and a certificate, can the user use the home network service.
[5] Meanwhile, user authentication using biometric information is convenient for users.
However, when a user's biometric information is registered in a home network provider server and the home network provider server performs user authentication using the biometric information, the biometric information might be leaked, or somebody else might steal the biometric information.
Technical Solution
[6] The present invention provides a user authentication method and system in which the characteristic and convenience of users are considered so that any member of a house can receive a user authentication service by conveniently using a variety of au¬ thentication means. According to the method and system, even when a desired au¬ thentication means of the user is different from that desired by the home network provider serve, user authentication through a user authentication information mapping function can be performed by an authentication means desired by the user.
Advantageous Effects
[7] The present invention relates to a method and system for user authentication in a home network system. The method and system for authenticating a user in a home network system as described above have the following effects.
[8] First, by providing a variety of authentication means, the method and system for au¬ thenticating a user in a home network system according to the present invention allow any member of a house to conveniently use a user authentication service of a home network system.
[9] Secondly, in the method and system for authenticating a user in a home network system according to the present invention, since the user authentication information is stored in a safe home server, even when user authentication means desired by the user and the home network provider server are different, authentication is performed with the user authentication means desired by the user and a function for mapping them into the authentication means desired by the home network provider server is provided.
[10] Thirdly, the method and system for authenticating a user in a home network system according to the present invention can effectively prevent an unauthorized user from using the home network system.
Description of Drawing
[11] FIG. 1 illustrates a home network system and a user authentication method therefor according to an embodiment of the present invention;
[12] FIG. 2 is a conceptual diagram of a process for mapping user authentication in¬ formation in a home server providing a user authentication function by using a variety of user authentication information items according to the present invention;
[13] FIG. 3 is a simplified diagram of the structure of a packet providing a user au¬ thentication function by using a variety of user authentication means according to the present invention;
[14] FIG. 4 is a flowchart of a method of authenticating a home client user when an indoor home network system service is used by a home client in FIG. 1 according to an embodiment of the present invention;
[15] FIG. 5 is a flowchart of a method of authenticating a home client user when an outside the home network system service is used by a home client in FIG. 1 according to an embodiment of the present invention;
[16] FIG. 6 is a flowchart of a method of authenticating an outside the home client user when an indoor home network system service is used by an outside the home client in FIG. 1 according to an embodiment of the present invention; and
[17] FIG. 7 is a flowchart of a method of authenticating an outside the home client user when an indoor home network system service is used by an outside the home client in FIG. 1 according to an embodiment of the present invention.
Best Mode
[18] According to an aspect of the present invention, there is provided an authentication method for authenticating a home client user by an outside the home network provider server when the home client user desires to use an outside the home network service through the home network provider server and a home server storing a plurality of user authentication information items in advance.The method includes: after receiving an authentication packet including user authentication information from the home client, the home server authenticates the home client with the user authentication information; if the authentication is successful, the home server maps the user authentication in¬ formation included in the authentication packet intoa user authentication information set by the home network provider server; the home server transmits an authentication packet including the mapped user authentication information to the home network provider server; and the home network provider server authenticates the home client user by comparing the mapped user authentication information included in the received authentication packet with corresponding information among authentication in¬ formation items stored in advance.
[19] According to another aspect of the present invention, there is provided an au¬ thentication method for authenticating an outside the home client user by using biometric information by a home network provider server when the outside the home client user desires to use an indoor home network service through the home network provider server and a home server storing a plurality of user authentication information items in advance, the method including: after receiving an authentication packet including user authentication information formed with the biometric information from the outside the home client, the home network provider server transmits the au¬ thentication packet received from the outside the home client to the home server; by comparing the user authentication information included in the received authentication packet with user authentication information stored in advance, the home server au¬ thenticates the outside the home client; and if the authentication of the outside the home client is successful, the home server transmits the authentication result of the outside the home client to the home network provider server.
[20] According to still another aspect of the present invention, there is provided an au¬ thentication method authenticating a home client user by a home server storing user authentication information in advance, the method including: the home client transmitting an authentication packet including user authentication information; and the home server authenticating the home client user by comparing the user au¬ thentication information included in the received authentication packet with user au¬ thentication information stored in advance.
[21] According to yet still another aspect of the present invention, there is provided a
user authentication system in a home network system including: a unit by which when a home device is desired to be controlled from a home client, the user of the home client is authenticated through user authentication information by a home server placed indoors; a unit by which when a service provided by a home network provider server is desired to be used in the home client, the user of the home client is authenticated through user authentication information by the home server, and is authenticated by the home network provider server through user authentication information mapped by the home server; and a unit by which when a home device is desired to be controlled in an outside the home client, the user of the outside the home client is authenticated through user authentication information by the home server, and is authenticated by the home network provider server through the result of the authentication by the home server.
[22] According to a further aspect of the present invention, there is provided a computer readable recording medium having embodied thereon a computer program for executing a method for user authentication in a home network system.
Mode for Invention
[23] The present invention will now be described more fully with reference to the ac¬ companying drawings, in which exemplary embodiments of the invention are shown.
[24] FIG. 1 illustrates a home network system and a user authentication method therefor according to an embodiment of the present invention. Referring to FIG. 1, the home network system includes a home server 100, a home client 110, a home device 120, a home network provider server 130, an outside the home client 140, and user au¬ thentication units 112 and 142. The home server 100 is in charge of device au¬ thentication, user authentication, and home device control and service.
[25] The home client 110 requests control of the home device 120 or an indoor service from inside a house, or uses a service provided by the home network provider server 130. The home network provider server 130 performs authentication of an outside the home device and the home server 100, and user authentication with the home client 110 or the outside the home client 140, and provides a variety of services.
[26] The outside the home client 140 requests control of the home device 120 and an indoor service through the home server 100 or uses services provided by the home network provider server 130.
[27] The user authentication unit 112 is connected to the home client 110 and the user authentication unit 142 is connected to the outside the home client 140. Each of the user authentication units 112 and 142 can be a storage device storing a certificate, or a biometric sensor reading biometric information.
[28] The home devices 120 and the home client 110 are registered in the home server
100. Also, when a user is registered, an authentication means to be used when the user is authenticated should be stored in the home server 100, and authentication in-
formation other than biometric information is transmitted to the home network provider server 130 for interlocking of user authentication information. Home devices 120 are connected to the home server 100 and the home server 100 is connected to the home network provider server 130.
[29] In order to use the home network system, a device authentication process between the home server 100 and the home network provider server 130 should be performed. The device authentication process SlOO is a mutual authentication process performed between the home server 100 and the home network provider server 130 by using a method such as transport layer security (TLS). A secure tunnel established when the authentication is performed should be continuously maintained so that when a user is authenticated, the secure tunnel can be continuously used.
[30] After the device authentication process SlOO between the home server 100 and the home network provider server 130 is successfully finished, a user authentication process is performed. The user authentication process can be broken down into an au¬ thentication process Sl 10 when an indoor user uses an indoor home network system service, an authentication process S 120 when an indoor user uses an outside the home network system service, and an authentication process S 130 when an outside the home user uses an indoor home network system service.
[31] The authentication process SI lO when an indoor user uses an indoor home network system service is a process in which in order to control the home device 120, the home client 110 is authenticated by the home server 100. This will be explained in more detail in a user authentication method of FIG. 4 when an indoor user uses an indoor home network system service. As a user authentication method, a variety of au¬ thentication means desired by the user can be selected and used, such as an ID and/or password, a certificate, and biometric information. A variety of user authentication methods such as an authentication method using an ID and/or password, a certificate, and using biometric information, can be used. However, the present invention is not limited to this.
[32] The authentication process S 120 when an indoor user uses an outside the home network system service is a process in which in order to use a service provided by the home network provider server 130 the home client 110 is authenticated by the home network provider server 130 through the home server 100. This will be explained in more detail with reference to FIG. 5. As user authentication, there are a method using an ID and/or password, a method using a certificate, a method using biometric in¬ formation, and so on. A variety of methods can be used for user authentication, and though an embodiment of the present invention shows examples of an authentication method using an ID and/or password, a certificate, and biometric information, the user authentication method is not limited to this.
[33] The authentication process S 130 when an outside the home user uses an indoor home network system service is a process in which in order to control home devices 120 the home client 140 is authenticated by the home network provider server 130, and this will be explained in more detail with reference to FIGS. 6 and 7. As user au¬ thentication methods, there are authentication methodsthat use an ID and/or password, that use a certificate, that use biometric information, and so on. Here, a variety of methods can be used as a user authentication method, and though an embodiment of the present invention shows examples of an authentication method using an ID and/or password, that use a certificate, and that use biometric information.The user au¬ thentication method is not limited to these methods and a variety of methods can be used for user authentication.
[34] FIG. 2 is a conceptual diagram of a process for mapping user authentication in¬ formation mapping in a home server providing a user authentication function by using a variety of user authentication information items according to the present invention. The mapping process is a process for the home server 100 to solve a difference problem in which the user authentication means that is desired to be used by the home client 110 or the outside the home client 140 in order for the client 110 or 120 to be au¬ thenticated, is different from the authentication means required when a user is au¬ thenticated in the home network provider server 130. That is, for user convenience this process allows a user to use a suitable user authentication means.
[35] Before the user authentication process, the user registers a variety of personal user authentication information items in the home server in advance. Here, the user au¬ thentication means can be formed with an ID and/or password, a certificate, and biometric information. Furthermore, any authentication means such as an RFID can be included in the user authentication means.
[36] When the user wants to use a home network service by using the user au¬ thentication means 200 such as an ID and/or password, a certificate, biometric in¬ formation and an RFID, the user is authenticated in the home server 100, and if the au¬ thentication is successful, the home server 100 performs an authentication information mapping process 201 by using the authentication information database of the user. Then, the home server 100 transfers the mapping result as the authentication means required by the home network provider server 130. Meanwhile, if the user au¬ thentication failed in the home server 100, the mapping process 201 is not performed and the user authentication process does not proceed any more.
[37] FIG. 3 is a simplified diagram of the structure of a packet providing a user au¬ thentication function by using a variety of user authentication information items according to the present invention. Referring to FIG. 3, the authentication packet that is transmitted and received so that the home client 110 or the outside the home client 140
can be authenticated by using a variety of authentication means, is formed with a header unit 300 and a data unit 301. The header unit 300 includes type information of the user authentication unit and a variety of information items required for user au¬ thentication. The data unit 301 includes user authentication information. This au¬ thentication packet structure can be employed to a user authentication process using any user authentication means.
[38] FIG. 4 is a flowchart of a method of authenticating a home client user when an indoor home network system service is used by the home client 110 in FIG. 1 according to an embodiment of the present invention. Here, when the home client 110 uses the indoor home network system service, the home client user authentication method should allow the user to use a desired authentication method. For safe user au¬ thentication, a security tunnel is established and a user authentication packet is transmitted and received therethrough via a tunnel authentication protocol. The tunnel authentication protocol is used to establish a security tunnel between the home client 110 and the home server 100 in order to transmit therethrough packets required for user authentication.
[39] Referring to FIG. 4, first, a security tunnel is established between the home client
110 and the home server 100 in operation S401.
[40] Then, the home client 110 transmits user authentication information required for user authentication through the security tunnel established in operation S401, and the home server 100 performs user authentication of the home client 110 with the transmitted user authentication information in operation S402.
[41] Here, the home devices 120 and the home client 110 are registered in the home server 100 in advance. Also, user authentication information to be used when the user is authenticated is stored in the home server 100 in advance. By comparing the user au¬ thentication information stored in advance with user authentication information items transmitted in operation S402, the home server 100 performs home client user au¬ thentication.
[42] If as a result of the determination in operation S402 the home server 100 suc¬ cessfully authenticates the home client user in operation S403, the home server 100 performs control of the home device 120 requested by the home client 110 in operation S404. Then, the home server 100 notifies the successful user authentication to the home client 110 in operation S405.
[43] Meanwhile, if as the result of the determination in operation S402 the user au¬ thentication by the home server 100 fails, the home server 100 notifies the user au¬ thentication failure to the home client 100 in operation S407. In this case, control of the home device 120 requested by the home client 110 is not provided.
[44] FIG. 5 is a flowchart of a method of authenticating a home client user when an
outside the home network system service is used by a home client in FIG. 1 according to an embodiment of the present invention. Here, the method of authenticating the user of the home client 110 when the outside the home network system service is used by the home client 110 allows the user to select a desired authentication method. Also, for safe user authentication, a tunnel authentication protocol is used between the home client 110 and the home server 100.
[45] The home client 110 between the home server 100 and the home network provider server 130 is authenticated by transmitting and receiving authentication packets required for user authentication through the security tunnel established when device authentication is performed between the home server 100 and the home network provider server 130.
[46] Referring to FIG. 5, first, a security tunnel is established between the home client
110 and the home server 100 in operation S501.
[47] Then, the home client 110 transmits user authentication information required for user authentication through the security tunnel established in operation S501, and the home server 100 performs user authentication of the home client 110 with the transmitted user authentication information in operation S502.
[48] Here, the home client 110 is registered in the home server 100 in advance. Also, when registration is performed, user authentication information to be used when the user is authenticated is stored in the home server 100 in advance. By comparing the user authentication information stored in advance with user authentication information items transmitted in operation S502, the home server 100 performs home client user authentication.
[49] If the user authentication in operation S502 is successful, the home server 100 performs a user authentication information mapping function by using the user au¬ thentication information stored in advance in the home server 100 in operation S503.
[50] After operation S503, the user authentication information is converted into that cor¬ responding to the user authentication means required by the home network provider server 130, and user authentication with the home network provider server 130 is performed in operation S504. At this time, in the user authentication between the home server 100 and the home network provider server 130, authentication packets including user authentication information items described with reference to FIG. 3 are transmitted and received through the security tunnel.
[51] As a result of performing the user authentication in operation S504, if the home network provider server 130 successfully authenticates the home client user in operation S505, the home network provider server 130 notifies the success of the user authentication to the home server 100 in operation S506. Then, the home server 100 notifies the success of the user authentication to the home client 110 in operation S507.
In this case, from here the home client 110 comes to be able to use a service provided by the home network provider server 130.
[52] Meanwhile, as a result of performing the user authentication in operation S504, if the home network provider server 130 fails to authenticate the user of the home client 110 in operation S508, the home network provider server 130 notifies the user au¬ thentication failure to the home serer 100 in operation S509. Then, the home server notifies the user authentication failure to the home client 110 in operation S510. In this case, the home client 110 cannot use the service provided by the home network provider server 130.
[53] Meanwhile, if in operation S502, the user authentication fails in operation S511, the home server 100 notifies the user authentication failure to the home client 110 in operation S512. Here, the home client 110 cannot use the service provided by the home network provider server 130.
[54] FIG. 6 is a flowchart of a method of authenticating an outside the home client user when an indoor home network system service is used by an outside the home client in FIG. 1 according to an embodiment of the present invention. Here, the method of au¬ thenticating the user of the outside the home client 140 when the home device 120 is desired to be controlled by the outside the home client 140 allows the user to select a desired authentication method. For safe outside the home client user authentication, a tunnel authentication protocol is used between the outside the home client 140 and the home network provider server 130. When the outside the home client 140 requests control of the home device 120 user authentication can be performed using biometric information or other authentication items (for example, an ID and/or password, a certificate, etc.).
[55] The two authentication methods are different. The authentication process when the user desires to use authentication items other than biometric information will be explained now, and the authentication process when the user desires to use biometric information will be explained later with reference to FIG. 7.
[56] Referring to FIG. 6, first, when the outside the home client 140 wants to control the home device 120, a security tunnel between the outside the home client 140 and the home network provider server 130 is established in order to perform a tunneled au¬ thentication protocol in operation S601. Next, through the security tunnel established in operation S601, outside the home client user authentication between the outside the home client 140 and the home network provider server 130 is performed in operation S602. Here, the outside the home client 140 is registered in the home network provider server 130 in advance. Also, when registration is performed, user authentication in¬ formation to be used when the user is authenticated is stored in the home network provider server 130 in advance. By comparing the user authentication information
stored in advance with user authentication information items transmitted in operation S602, the home network provider server 130 performs outside the home client user au¬ thentication.
[57] As a result of performing the outside the home client user authentication in operation S602, if the user authentication is successful in operation S602, through the security tunnel established when device authentication between the home network provider server 130 and the home server 100 is verified, the home network provider server 130 transmits authenticated user ID information to the home server 100 in operation S604. In this case, the home server 100 controls the home device 120 requested by the outside the home client 140. Then, the home network provider server 130 notifies the authentication success to the outside the home client 140 in operation S605.
[58] Meanwhile, as a result of performing the outside the home client user au¬ thentication in operation S602, if the user authentication fails in operation S606, the outside the home client user authentication process is finished and the home network provider server 130 notifies the authentication failure to the outside the home client 140 in operation S607. In this case, the outside the home client 140 cannot request control of the home device 120.
[59] FIG. 7 is a flowchart of a method of authenticating an outside the home client user when an indoor home network system service is used by an outside the home client 140 in FIG. 1 according to another embodiment of the present invention. Here, the method of authenticating the user of the outside the home client 140 when the home device 120 is desired to be controlled by the outside the home client 140 also allows the user to select a desired authentication method. For safe user authentication, a tunneled authentication protocol is used between the outside the home client 140 and the home network provider server 130. Here, the method of authenticating the user of the outside the home client 140 when the home device 120 is desired to be controlled by the outside the home client 140 also allows the user to select a desired au¬ thentication method. For safe user authentication, a tunnel authentication protocol for which standardization is underway is used between the outside the home client 140 and the home network provider server 130.
[60] Referring to FIG. 7, first, when the outside the home client 140 requests control of the home device 120 and biometric information is desired to be used for the au¬ thentication, a security tunnel between the outside the home client 140 and the home network provider server 130 is established in order to perform a tunneled au¬ thentication protocol in operation S701.
[61] Next, through the security tunnel established in operation S701, user's biometric in¬ formation of the outside the home client 140 is safely transmitted to the home network
provider server 130 in operation S702. Next, the home network provider server 130 safely transmits the user biometric information received in operation S702 to the home server 100 through the security tunnel established when the device authentication is performed between the home server 100 and the home network provider server 130 in operation S703.
[62] Then, by using the user biometric information received in operation S703, the home server 100 authenticates the outside the home client 140 by proxy and if the au¬ thentication of the outside the home client 140 is successful in operation S704, transmits a user authentication success message to the home network provider server 130 through the security tunnel between the home network provider server 130 and the home server 100 in operation S705. If the user authentication success message is received, the home network provider server 130 transmits the user authentication success message to the outside the home client 140 in operation S706.
[63] Meanwhile, if the authentication of the outside the home client 140 using the user's biometric information received in operation S703 failed in operation S707, the home server 100 notifies the authentication failure to the home network provider server 130 in operation S708. Then, the home network provider server 130 notifies the au¬ thentication failure to the outside the home client 140 in operation S709. In this case, since the outside the home client user authentication process failed, the outside the home client 140 cannot request control of the home device 120.
[64] The present invention can also be embodied as computer readable codes on a computer readable recording medium. The computer readable recording medium is any data storage device that can store data which can be thereafter read by a computer system. Examples of the computer readable recording medium include read-only memory (ROM), random-access memory (RAM), CD-ROMs, magnetic tapes, floppy disks, optical data storage devices, and carrier waves (such as data transmission through the Internet). The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
[65] While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present invention as defined by the following claims. The preferred embodiments should be considered in descriptive sense only and not for purposes of limitation. Therefore, the scope of the invention is defined not by the detailed description of the invention but by the appended claims, and all differences within the scope will be construed as being included in the present invention.
Industrial Applicability
[66] The present invention relates to a method and system for user authentication in a home network system.