KR20100073827A - Method of network interworking between iptv settopbox and healthcare gateway in the dynamic ip environment - Google Patents

Abstract

PURPOSE: A network interworking method is provided to supply a healthcare service through a set top box by performing hash-based mutual authentication. CONSTITUTION: A set top box requests verification based on a set top box ID to a healthcare service server(404). The set top box receives a MAC(Medium Access Control) address of a healthcare gateway(406). The set top box performs a IP scanning to a preset port set on the same class with an allocated IP address(416). The set top box connects to a health care gateway(424). The set top box performs a network interlocking with the health care gateway through the set top box ID and the MAC address.

Description

METHODO OF NETWORK INTERWORKING BETWEEN IPTV SETTOPBOX AND HEALTHCARE GATEWAY IN THE DYNAMIC IP ENVIRONMENT}

The present invention relates to a network interworking method between a set-top box and a healthcare gateway for a dynamic IP environment, and more particularly, a network interworking between a set-top box and a healthcare gateway in a dynamic IP environment, and connected to a device to interwork through IP scanning. And mutually authentication based on hash using its own ID and the ID of the counterpart device, a network interworking method between a set-top box and a healthcare gateway for a dynamic IP environment that can easily provide a healthcare service using a set-top box. It is about.

Recently, broadband networks are widely used, and IPTV (Internet Protocol Television) has been widely used in accordance with the change of media environment. In addition to providing broadcast and video over IP, IPTV also provides network-based two-way services.

In particular, IPTV is more accessible than a computer (PC) and has a user-friendly TV interface. Therefore, much of the existing information services are being implemented not only in PCs but also in IPTV.

On the other hand, U-Health service (U-Health) service using a short-range wireless communication technology, such as Bluetooth (BlueTooth) or ZigBee (BlueTooth) or ZigBee (data) measured by the health care sensor 210, such as blood glucose and blood pressure monitors To 220). It is a general network transmission method that the healthcare gateway 220 transmits the TCP / IP to the remote healthcare service system again.

In addition, the healthcare service server 240 analyzes the transmitted data and provides customized healthcare services and content services. In the conventional U-health service, a medium in which a service is provided is mainly used for a mobile device such as a web of a PC or a mobile phone. In addition, the U-health service provides a service device dedicated to healthcare in addition to devices such as a general-purpose PC or a mobile phone to provide a network gateway function and a service user interface (UI).

For example, the U-health service implements a network function and a healthcare-only service in a small system for which a liquid crystal display (LCD) is requested. Thus, U-health service is a type of service that is placed in an accessible living room. Overseas, manufacturers such as "Viterion" and "Health Hero" provide this service. In addition, in Korea, a similar U-healthcare service using a stationary device is provided. In the case of such a device, there is a problem in that a purchase or rental cost for a separate dedicated device occurs.

In addition, as a core device to be generally provided in the home to provide a healthcare service, a healthcare sensor 210 device for measuring biometric information such as blood sugar and blood pressure monitor is required. The healthcare sensor 210 is linked to the healthcare gateway 220 or a dedicated healthcare dedicated device through wired / wireless communication.

On the other hand, in the home environment for the IPTV service, networking and IPTV applications are run through the set-top box, TV is used as a service user interface (UI). In general, the remote control is used as an input device.

Compared with the prior art, IPTV has a service UI in the form of a TV that is easily accessible. In addition, IPTV is provided with a set-top box that can run network-based application software. When used as an environment for healthcare services, IPTV has the effect of improving accessibility and reducing costs. Overseas, IPTV-based healthcare services are also successful.

However, although the conventional IPTV set-top box 230 has a TCP / IP wired network function in the current technology stage except for some high-end equipment for experiments, it has a short-range wireless communication such as Bluetooth or Zigbee. The function or the serial communication function used by a part of the healthcare sensor 210 is not provided universally.

That is, the IPTV set-top box 230 may be used to utilize a TCP / IP wired network function. However, linking the healthcare sensor 210 using a short range wireless communication function or a wired serial communication is not possible directly. However, the advantages of utilizing the service UI and wired network function of IPTV are very big factors.

Therefore, in view of this, healthcare services using IPTV still have many advantages. Therefore, if the healthcare sensor 210 connection of the IPTV set-top box 230 is not directly possible, the functions of the IPTV set-top box 230 and the conventional healthcare gateway 220 may be changed in software.

If communication is configured to be connected through TCP / IP network based on mutual authentication, it can take advantage of IPTV-based healthcare service. It will be possible to provide U-Health service that takes advantage of IPTV through the conventional hardware that adds software technology.

However, both the IPTV set-top box 230 and the healthcare gateway 220 are assigned a floating IP address. By the general method, the IPTV set-top box 230 and the healthcare gateway 220 may have difficulty in communicating with the healthcare sensor 210 by identifying and attempting networking.

In addition, if the networking with the dynamic IP device is performed without authentication of the device, there is a problem that increases the risk of security by malicious attackers or interferers on the network.

Therefore, the prior art as described above may be difficult to set-top box and the healthcare gateway 220 to communicate with the health care sensor 210 by attempting to identify and networking, there is a risk of security by malicious attackers or interferers There is a problem that increases, and to solve this problem is a problem of the present invention.

Therefore, in the present invention, the network between the set-top box and the healthcare gateway in a dynamic IP environment, but connected to the device to be interlocked through IP scanning and mutually authenticated on the basis of the hash using their ID and the ID of the counterpart device, the set-top box The purpose of the present invention is to provide a network interworking method between a set-top box and a healthcare gateway for a dynamic IP environment, which can easily provide a healthcare service.

The objects of the present invention are not limited to the above-mentioned objects, and other objects and advantages of the present invention which are not mentioned can be understood by the following description, and will be more clearly understood by the embodiments of the present invention. Also, it will be readily appreciated that the objects and advantages of the present invention may be realized by the means and combinations thereof indicated in the claims.

In order to solve the problem, the present invention provides a network interworking between a set-top box and a healthcare gateway in a dynamic IP environment, and accesses to a device to be interlocked through IP scanning, and uses a user ID and a partner device ID to interconnect each other based on a hash. It is characterized by the authentication.

More specifically, the method of the present invention, in the network interworking method between the healthcare gateway for the dynamic IP environment in the set-top box, the IP address is assigned to the healthcare service server to request authentication based on their set-top box ID health An address receiving step of receiving a MAC address of the care gateway; A gateway access step of accessing the healthcare gateway by IP scanning to a preset port in a class such as the allocated IP address; And a mutual authentication step of performing network interworking by mutually authenticating with the connected healthcare gateway using the set-top box ID and the received MAC address.

The method may further include a string authentication step of performing mutual authentication with the healthcare gateway based on a pre-selected string when the gateway is connected to the healthcare gateway in the gateway access step.

On the other hand, another method of the present invention, in the network interworking method between the set-top box for the floating IP environment in the healthcare gateway, the IP address is assigned to the healthcare service server based on its MAC address authentication request to the set-top box An address receiving step of receiving an ID; A set-top box access step of accessing the set-top box by IP scanning to a preset port in the same class as the assigned IP address; And a mutual authentication step of performing network interworking by mutually authenticating with the connected set-top box using the received MAC address and the set-top box ID.

The method may further include a string authentication step of performing mutual authentication with the set-top box based on a predetermined string when the set-top box is connected with the set-top box.

In the present invention as described above, the network interworking between the set-top box and the healthcare gateway in a dynamic IP environment, by accessing to the device to be interlocked through IP scanning and by mutual authentication based on a hash using their ID and the ID of the counterpart device, There is an effect that can easily provide a health care service using a set-top box.

The present invention can obtain the effect that can provide a health care service using IPTV, in particular, IPTV that does not have a direct communication function with a healthcare sensor consisting of WPAN communication, such as Bluetooth or Zigbee, wired serial, USB communication The set-top box can identify and authenticate a healthcare gateway assigned a floating IP address at the level of the TCP / IP communication application, and communicate with the healthcare sensor.

In addition, the present invention, as well as a simple communication function, active U-health service can be implemented through IPTV through active communication interworking, such as displaying the measurement data of the healthcare sensor on the TV UI, or control the healthcare sensor It works. Therefore, the present invention has the effect of providing a healthcare service in a high access IPTV application environment of the user.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, It can be easily carried out. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of a bidirectional network of a general IPTV to which the present invention is applied.

The present invention is applied to a U-health service provided in the form of an interactive service of IPTV. In other words, it takes the form of a typical two-way IPTV service. U-health related applications are installed in the set-top box to provide services. Thus, as shown in Figure 1, the service is provided in the form of a network configuration that is a general system of IPTV.

2 is a configuration diagram of an embodiment of a healthcare service system using an IPTV to which the present invention is applied.

As shown in FIG. 2, the healthcare service system using IPTV includes a healthcare sensor 210, a gateway 220, and an IPTV set-top box 230 / TV 230 on a user side, and a health on a server side. The care service server 240, the healthcare content server 250, the healthcare monitoring server 260, and the cooperative hospital server 270 are included.

The user is provided with the user terminal 201 a service such as blood glucose measurement chart or health content view through the IPTV set-top box 230 in which the U-health application distributed in the IPTV service server 240 is driven.

According to the method of providing the service, the user inputs a questionnaire about the state of health of the individual to the remote controller 202. Subsequently, the IPTV set-top box 230 transmits the input questionnaire information to the healthcare service server 240. In addition, the health care service server 240 analyzes this and provides interactive services such as providing customized contents to the IPTV set-top box 230.

Here, in the environment consisting of the health care service server 240, IPTV set-top box 230, the health care gateway 220, the health care sensor 210, in the present invention, the sensing data of the health care sensor 210 is healthcare The gateway 220 communicates with the healthcare service server 240 via the IPTV set-top box 230.

In addition, the healthcare application of the IPTV set-top box 230 in this process receives the contents of the communication, such as the measurement value of the healthcare sensor 210 and provides a service to enable the application service, such as displaying them to the user through the TV to provide. In this process, a network connection session should be established.

Therefore, since the IPTV set-top box 230 and the healthcare gateway 220 applied to the present invention are assigned a floating IP address, a network session is performed through a procedure such as scanning an IP address or mutual authentication for a network connection between each other. By connecting to form a secure network connection section.

Let's take a closer look at each of the components.

The healthcare sensor 210 is a health measuring device that can be used for home use, such as a blood sugar device or a blood pressure monitor. The healthcare sensor 210 is a device for measuring biometric information of a user. The healthcare sensor 210 used for the U-health service typically has a function of transmitting a measurement result to the healthcare service server 240 via the healthcare gateway 220. It is a basic component in providing customized healthcare services on a network basis.

Typically, measurement results are generated by user's measurement behavior. In general, the healthcare sensor 210 is a subject that the healthcare sensor 210 initiates communication to transmit the healthcare sensor 210.

However, in some cases, the healthcare gateway 220 controls the healthcare sensor 210 to perform communication. The healthcare sensor 210 is mostly a low power short-range wireless communication function such as Bluetooth or Zigbee. The healthcare sensor 210 may communicate with a healthcare gateway 220 having a corresponding wireless communication function. In some cases, there is also a healthcare sensor 210 that transmits data by wire. USB or serial communication is often used. In order for the measurement value of the healthcare sensor 210 to be delivered to the healthcare service server 240 through the communication section to which the session is connected, a process of establishing a communication session in advance is required as follows.

Looking at the process of establishing a communication session in advance, when the IPTV set-top box 230 is driven, the IPTV set-top box 230 is assigned an IP address through the Dynamic Host Configuration Protocol (DHCP). In addition, the healthcare gateway 220 connected to the IPTV set-top box 230 is also assigned an IP address.

However, the IPTV set-top box 230 and the healthcare gateway 220 are assigned an IP address according to independent DHCP. Therefore, the IPTV set-top box 230 and the healthcare gateway 220 do not know each other's network address. In other words, it is a situation where it is impossible to establish a connection by recognizing each other's IP addresses through a general process such as connecting to a server having a fixed IP address or a fixed domain.

However, both the IPTV set-top box 230 and the healthcare gateway 220 are service equipments spread as a set in a home, and a home network exists in the same router. That is, the IP address system is assigned an IP address in 'class C'. In other words, if the IPTV set-top box 230 is assigned an IP address of 'abcd', the healthcare gateway 220 is the same as the network band of 'abc' and only the IP address corresponding to the host ID is different. , IP address between 'abc0' and 'abc255' is assigned.

Accordingly, the healthcare gateway 220 may be found by scanning network equipment within a range of IP addresses, that is, 'a.b.c.0' to 'a.b.c.255' through an appropriate authentication process.

However, it is not possible to verify the mapping between the IPTV set-top box 230 and the healthcare gateway 220 through simple IP scanning. In other words, simply having a response from a specific IP address does not guarantee that the gateway is distributed and authorized for use in a particular user's home.

Therefore, the IPTV set top box 230 identifies the gateway by performing an additional authentication step for identifying the healthcare gateway 220. The healthcare service server 240 provides the mapping information for the authenticated access with the information mapped to the user's unique ID 'SAID' of the IPTV set-top box 230 and the MAC address of the healthcare gateway 220. do. This is to assist mutual authentication in this process.

The IPTV set-top box 230 checks whether the gateway is properly authenticated for identification of the healthcare gateway 220 to be connected. In addition, since the healthcare gateway 220 is owned or rented in a home, it should not be authorized to remotely control or use resources of another home.

Therefore, the IPTV set-top box 230 identifies a healthcare gateway with an IP address that is flexible, and accesses only to a healthcare gateway that is normally distributed for use in the home. Through this, communication is performed through a network connection from the healthcare sensor 210 to the healthcare service server 240 via the healthcare gateway 220.

Meanwhile, the IPTV set top box 230 is identified through a set top box ID (SAID) uniquely assigned to the set top box. In addition, healthcare gateway 220 is uniquely identified via an IP network MAC address. IPTV service and home healthcare service are distributed and managed on a household basis. This distribution management is mapped to the SAID of the IPTV set-top box 230, the MAC address of the healthcare gateway 220 and the user. This information is stored and managed in the healthcare service server 240. However, the healthcare service server 240 provides such information only to the authenticated IPTV set-top box 230 and the healthcare gateway 220.

Meanwhile, the scanning and mutual authentication processes in the IPTV set-top box 230 and the healthcare gateway 220 to which the present invention is applied will be described in detail.

First, the IPTV set-top box 230 searches for IP addresses of 0 to 255 in the 'class C' network band such as its IP address and attempts to connect to a predetermined port. That is, for example, if the IPTV set-top box 230 is assigned an IP address of 'a.b.c.53', 'a.b.d.0', 'a.b.c.1', 'a.b.c.2', 'a.b.c.3'. Scan the IP address and try to connect.

If the connection to the healthcare gateway 220 fails, the IPTV set-top box 230 repeats the process of attempting to connect to the next IP address.

On the other hand, if the connection to the predefined network port is successful, the IPTV set-top box 230 confirms whether or not the network device responded by the U-health care gateway 220 of the present invention through the authentication process. . In addition, in the process of mutual authentication, in order to prevent a network device having a malicious intention to participate in U-health communication and services to pose a threat to security, a process of mutual authentication is performed.

Prior to the process of mutual authentication using its own set-top box ID (SAID), the IPTV set-top box 230 receives and stores the MAC address of the corresponding healthcare gateway 220 from the healthcare service server 240. In addition, based on authentication using its MAC address, the healthcare gateway 220 receives and stores a set top box ID (SAID) of the corresponding IPTV set top box 230 from the healthcare service server 240.

Looking at the mutual authentication process, IPTV set-top box 230 transmits a hash value of the value (SAID + MAC address), the MAC address is added to the set-top box ID (SAID) to the healthcare gateway 220.

The healthcare gateway 220 then verifies and authenticates the received hash value (SAID + MAC address).

Thereafter, the healthcare gateway 220 transmits the hash value of the value (MAC address + SAID) to which the set-top box ID (SAID) is added to the MAC address to the IPTV set-top box 230.

Subsequently, the IPTV set-top box 230 verifies and authenticates the received hash value (MAC address + SAID).

A communication session is connected between the IPTV set-top box 230 and the healthcare gateway 220 that have completed mutual authentication, and thus, the healthcare sensor 210, the healthcare gateway 220, the IPTV set-top box 230, and the healthcare service server ( A communication section between 240 is formed.

Access to the healthcare service server 240 is made through the U-health application of the IPTV set top box 230. In the TCP / IP network, the data communication may be easily performed by accessing the healthcare service server 240 having the fixed IP address or domain. In addition, communication between the healthcare sensor 210 and the healthcare gateway 220 in which data connection is made through wireless communication such as Bluetooth or Zigbee or wired communication such as USB or serial may be easily performed. Therefore, communication linkage from the healthcare sensor 210 to the healthcare service server 240 becomes possible.

Meanwhile, the healthcare service may be a content service provided by the healthcare content server 250. In addition, the health care service may be provided in the form of a health care monitoring service of the health care monitoring server 260 associated with a cooperative hospital server 270 which is a medical institution. Here, the monitoring service performs a function of a health care center such as managing a transition of a health condition for diseases such as blood pressure and blood sugar, and when the disease worsens, it grabs attention to the user or links to hospital care.

Looking at the process of measuring and transmitting the health status of the individual for this health care service is as follows.

Measurement data of the healthcare sensor 210 measured by the individual should be transmitted to the healthcare service server 240 through the network. Here, the measurement data of the healthcare sensor 210 is input to the IPTV set-top box 230 and transmitted to the healthcare service server 240 through the network function of the set-top box.

As the healthcare sensing data transmission method, a method of manually inputting a measurement value using a remote controller 202 is a simple method, and no additional device is required. However, it is inconvenient for the user to manually input through the remote control 202.

In another sensing data transmission method, the measurement value of the healthcare sensor 210 is transmitted to the application of the IPTV set-top box 230 via the healthcare gateway 220, and again by the IPTV set-top box 230, the healthcare service. The process is delivered to the server 240. This process is a method that can process the measurement data of the automated healthcare sensor 210 by additional equipment and software technology without modifying the hardware of the conventional IPTV set-top box 230.

3 is a flowchart illustrating an embodiment of an IPTV set-top box-based healthcare service process to which the present invention is applied.

A communication flow when the healthcare sensor 210, which is a U-healthcare glucose meter equipped with a Bluetooth function, is applied to a healthcare service based on an IPTV set-top box 230 is shown in FIG. That is, a process of transmitting the measurement data of the healthcare sensor 210 to the healthcare service server 240 after reaching the IPTV set-top box 230 via the healthcare gateway 220 is illustrated in FIG. 3.

The healthcare service server 240 is typically a remote server with a fixed IP address or URL address. The IPTV set-top box 230 and the healthcare gateway 220 are devices that are arranged in a home and are assigned a floating IP address to communicate. In addition, the healthcare sensor 210 and the healthcare gateway 220 is typically connected by short-range wireless communication such as Bluetooth or Zigbee, or wired serial, USB may be connected.

Here, TCP / IP communication is used between the healthcare service server 240 and the IPTV set-top box 230. In particular, the healthcare service server 240 is usually operated with a fixed IP address or domain address in a physical facility in which a stable service can be operated, such as an Internet data center (IDC). In addition, the communication method between the IPTV set-top box 230 and the healthcare gateway 220 is TCP / IP communication. However, both devices are placed in the home and assigned a dynamic IP address using Dynamic Host Configuration Protocol (DHCP). Communication between the healthcare gateway 220 and the healthcare sensor 210 is performed in a Bluetooth Serial Port Profile (SPP) method. In addition, communication may be performed by alternative technologies such as Zigbee, wired serial, and USB.

When the biometric information is measured by the healthcare sensor 210, the healthcare sensor 210 transmits sensing data to the healthcare gateway 220 (302). Subsequently, the healthcare gateway 220 transmits the sensing data to the IPTV set-top box 230 (304).

The IPTV set-top box 230 performs a process of displaying the transmitted sensing data on a TV screen and providing the same to the user. The IPTV set-top box 230 transmits the sensing data to the healthcare service server 240.

Thereafter, the healthcare service server 240 provides a healthcare service such as storing and managing the transmitted sensing data and generating a chart statistically.

The healthcare service server 240 transmits the cumulative total data request message to the healthcare sensor 210 via the IPTV set-top box 230 and the healthcare gateway 220 in response to the sensing data transmission (310, 312). , 314).

That is, the health care sensor 210 has a function of accumulating and storing the measurement data in the measurement device when the measurement data cannot be transmitted immediately and transmitting the data when the communication function is restored in the future. This is to compensate for the measurement when the communication equipment is turned off or when the measurement is taken outside the home. The healthcare service server 240 transmits a total NO request message of the cumulative data of the healthcare sensor 210. This is to check whether or not measurement data that has not been transmitted is stored.

Then, in response to the healthcare sensor 210 transmits a total number of response (Total NO Response) message to the healthcare service server 240 in response (316, 318, 320).

In addition, the health care service server 240 may compare and determine the number of data stored and managed, etc. (322), and request additional data transmission to the health care sensor 210.

Otherwise, when the transmission is completed, the healthcare service server 240 may issue a power off request to cut off the power of the healthcare sensor 210 in order to save power (324, 326, and 328).

The content of this specific communication depends on the definition and implementation of the response protocol. However, through such an embodiment, such a communication flow is possible in a state where a communication session is made between the healthcare sensor 210, the healthcare gateway 220, the IPTV set-top box 230, and the healthcare service server 240. This is to show that communication for the healthcare service is made in such an environment.

On the other hand, look at the process of the communication in more detail as follows.

In general, a technology for transmitting data to a healthcare service server 240 having a fixed IP address or domain as a Bluetooth communication function and general TCP / IP communication between the healthcare sensor 210 and the healthcare gateway 220 is used. have.

In contrast, the present invention relates to a case in which two network equipments receiving a dynamic IP address by Dynamic Host Configuration Protocol (DHCP) recognize each other and attempt to communicate with each other in consideration of security. In particular, the present invention relates to a method for implementing a U-health service using the IPTV set-top box 230 through the identification and network between such dynamic IP equipment.

Hereinafter, the present invention will be described based on the identification and communication between the IPTV set-top box 230 and the healthcare gateway 220 assigned a floating IP address.

In order to provide an IPTV-based healthcare service, basically, the IPTV set-top box 230 and the healthcare gateway 220 are driven by power and undergo a basic system boot and initialization process.

At this time, the IPTV set-top box 230 and the healthcare gateway 220 are separately assigned a floating IP address through DHCP. Because IP address assignments are made separately on each device, they do not easily identify each other.

However, since a network device in a home has a characteristic of being arranged in the same router, the IP device is assigned an IP address within the same 'class C' of the IP address, that is, the IPTV set-top box 230 is an IP of 'abcxxx'. If the address is assigned, the healthcare gateway 220 is assigned an IP address of 'abcyyy'.

Therefore, when the IPTV set-top box 230 scans up to 256 IP addresses from 'abc0' to 'abc255', one of the devices connected to the network is provided with a healthcare gateway (located in a home where a service is provided) 220).

But simply answering a network connection from a particular IP address is not necessarily a healthcare gateway. This may be answered by a device using a computer or other IP network other than the healthcare gateway 220 in the network, or by the healthcare gateway 220 in a network of another neighboring home.

Therefore, it should be able to identify that the response of the healthcare gateway 220, not simply by identifying the network response. In addition, mutual authentication between systems provided for use in the same home is required to prevent networking with the healthcare gateway 220 in another adjacent home.

The mutual authentication function is also necessary in order to prevent malicious attacks in which a malicious user intervenes in a network and disrupts a service. In other words, authentication is required in addition to the network scanning function. After recognizing and authenticating the mutual network IP address, the communication section of the healthcare sensor 210, the healthcare gateway 220, the IPTV set-top box 230, and the healthcare service server 240 is formed to U-health Communication for the service can be made. In order to perform the above process in detail, a healthcare service server 240 that manages registration information of devices and performs a role of an authentication server is required.

4 is a flowchart illustrating a network interworking method between a set-top box and a healthcare gateway in a floating IP environment according to the present invention.

The healthcare service server 240 has a user ID and a set-top box ID (SAID), which is a unique identifier of the IPTV set-top box 230, and a MAC address of the gateway. That is, the healthcare service server 240 manages identification information of the set-top box and the gateway used by a user. When the set-top box or gateway authenticates and accesses with its own set-top box ID (SAID) or MAC address for mutual authentication, the healthcare service server 240 provides mapping information corresponding to its own device. That is, the healthcare service server 240 blocks other network accesses so that the mapping information is not used in addition to the purpose required for authentication. The healthcare service server 240 may be easily identified by a fixed IP address or domain and easily accessible from the IPTV set-top box 230 or the healthcare gateway 220.

On the other hand, in the communication between the IPTV set-top box 230 and the healthcare gateway 220, the u-health application of the IPTV set-top box 230 is only activated when the corresponding program is run, and access to any communication port is normally performed. Not easy to allow Therefore, the communication function of the u-health application program of the IPTV set-top box 230 proceeds in a direction of attempting a communication connection to the healthcare gateway 220.

Hereinafter, the communication process between the IPTV set-top box 230 and the healthcare gateway 220 will be described.

When the network is driven such that the power is applied and the IP address is allocated to the healthcare gateway 220, the healthcare gateway 220 waits for a network connection by driving a communication daemon (Daemon) for communication with the IPTV set-top box 230. Herein, the communication port uses any port promised in advance, except for well-known ports. For example, any port that is not widely used, such as "9824", is preferred, rather than "80 port http" or "1521 port Oracle SQL * NET".

Meanwhile, the IPTV set-top box 230 requests authentication to the healthcare service server 240 based on a set-top box ID (SAID) that is a unique identifier of the set-top box (404). Subsequently, the healthcare service server 240 performs authentication to determine whether the requested set top box ID (SAID) is a registered SAID for service provision, and blocks unauthorized access.

The healthcare service server 240 transmits the MAC address of the healthcare gateway 220 registered to be distributed and operated in the home such as the IPTV set-top box 230 for the authenticated connection and the request (406). IPTV set-top box 230 stores the transmitted MAC address. This is for use in mutual authentication with the healthcare gateway 220.

The healthcare gateway 220 requests authentication from the healthcare service server 240 based on the MAC address, which is its own unique network identifier, in operation 408. Subsequently, the healthcare service server 240 performs authentication to determine whether the requested MAC address is a registered MAC address for providing a service, and blocks unauthorized access.

Thereafter, the healthcare gateway 220 transmits the SAID of the IPTV set-top box 230 registered to be distributed and operated in the same home as the healthcare gateway 220 with respect to the authenticated connection and request (410). The healthcare gateway 220 stores the transmitted MAC address. This is to use for mutual authentication with the IPTV set-top box 230.

In addition, the u-health application of the IPTV set-top box 230 and a communication module which is a part of the application are driven to perform a process of scanning and authenticating the healthcare gateway 220.

That is, the IPTV set-top box 230 obtains its own IP address (412). Subsequently, the IPTV set-top box 230 attempts a network connection by changing the last IP address from 0 to 255 (414). In this case, the port that attempts to connect is a port that the healthcare gateway 220 responds to in step 402. If no response is made from the port of the IP address that attempted to connect, IPTV set-top box 230 repeats the process of scanning the next IP address to find the responding IP address (416).

Subsequently, when allowing the network access at the predefined port of the IP address attempted to access, the IPTV set-top box 230 performs basic text string-based mutual authentication.

That is, the healthcare gateway 220 responds with easily recognizable text such as "U-Health Gateway Connected" (418). If the string is not transmitted to the network, the IPTV set-top box 230 determines that the normal healthcare gateway 220 is not normal and terminates the connection. IPTV set-top box 230 repeatedly performs a "416" process.

Subsequently, when this string is transmitted, the IPTV set-top box 230 determines that the primary health care gateway 220 is primary and performs security authentication. The reason for attempting text-based simple authentication before security-considered mutual authentication is that if a communication service unrelated to the U-health service proposed by the present invention is running on the same port but is not a malicious attacker, This is because the IPTV set-top box 230 can easily determine whether it is the healthcare gateway 220 by simply authenticating through a text message. The IPTV set-top box 230 performs authentication in the form of sending and receiving such a simple text message for primary filtering before more complicated and heavy security authentication.

After simple text authentication, more aggressive security authentication steps are performed. This is to prevent malicious attackers or disruptors from interfering with the network and disrupting normal service. In addition, in the communication between the IPTV set-top box 230 and the health care gateway 220 distributed on the premise that the home-based service is used in one home, a health care gateway of another home accidentally disposed on the same network ( This is to prevent the connection with 220).

The IPTV set top box 230 transmits a hash value of the set top box ID (SAID) to the healthcare gateway 220. The healthcare gateway 220 compares the hash value of the set-top box ID (SAID) of the mapped IPTV set-top box 230 and the mapped IPTV set-top box 230, which are stored in the process of "410", and matches the IPTV that is connected to it. The set-top box 230 establishes a network session and authenticates whether it is a valid device to provide a service. If authentication fails in this process, the healthcare gateway 220 performs the IP scanning of the "416" process.

The IPTV set-top box 230 connects the MAC address to the set-top box ID (SAID) through a string connection and transmits the hash value of the connected string (SAID + MAC address) to the healthcare gateway 220 (420). Here, it means that the string connection of the set-top box ID (SAID) and MAC address can be transmitted as an authentication request, and the health care gateway to which the right IPTV set-top box 230 is correct (SAID) and the right connection target Proof that the mapping of 220 is known (MAC address). This is authenticated by the healthcare gateway 220. In other words, this authentication means that the other party attempting to connect is authenticated that the IPTV set-top box 230 is properly mapped. In addition, the IPTV set-top box 230 authenticates that it knows the identity of the healthcare gateway 220 that is mapped through legitimate authentication.

Then, as a final process of mutual authentication, the healthcare gateway 220 connects the set-top box ID (SAID) to the MAC address through a string connection, and transmits the hash value of the connected string to the IPTV set-top box 230 for authentication. Request 422. Here, the meaning of the string connection (MAC address + SAID) of the MAC address and the set-top box ID (SAID) means that the right healthcare gateway 220 is correct (MAC address) and the IPTV set-top box that is a legitimate connection target. Proof that the mapping of 230 is known (SAID). This is authenticated in the IPTV set-top box 230.

Unlike the "420" process, the reason why the MAC address and the SAID are reversed and transmitted is that the healthcare gateway 220 participating in the authentication process is not a legitimate participating gateway, that is, a malicious attacker or interferer. This is to prevent authentication by simply repeating the hash values of the SAID and the MAC address received in step 420 ".

After the authentication, the IPTV set-top box 230 and the healthcare gateway 220 complete the mutually trusted session establishment (424).

Through the above process, the mutual authentication process between the security-applied IPTV set-top box 230 and the healthcare gateway 220 is performed. That is, the IPTV set-top box 230 and the healthcare gateway 220 prove their identity as SAID and MAC address, respectively. The IPTV set-top box 230 and the healthcare gateway 220 also use it for authentication of access to the healthcare service server 240 to obtain mapping information of each SAID and MAC address. The IPTV set-top box 230 and the healthcare gateway 220 authenticate the knowledge of the acquired information by exchanging hash values between mutual devices. This is to create an authentication session in which the malicious attacker or the interferer does not participate in U-health communication.

As such, in the authentication session between the IPTV set-top box 230 and the healthcare gateway 220, the communication session between the healthcare sensor 210 and the healthcare gateway 220, and the IPTV set-top box 230 and the healthcare service server. A communication session between 240 is created.

In general, a communication session to the healthcare sensor 210, the healthcare gateway 220, the IPTV set-top box 230, and the healthcare service server 240 is created. Based on the communication session, the measurement data of the healthcare sensor 210 is transferred to the healthcare gateway 220 and the IPTV set-top box 230. If necessary, the IPTV set-top box 230 may provide a user convenience service such as displaying a measured value on the screen of the TV. In addition, the healthcare gateway 220 and the IPTV set-top box 230 has its own data processing function. Thus, in addition to simple user interface display and networking functions, it can also provide context-aware services or emergency services.

Unlike the general network as described above, the more complicated authentication relationship between the IPTV set-top box 230 and the healthcare gateway 220 is because two network devices are located in the same router and can be identified by simple network scanning. However, since it is a dynamic IP device, mutual authentication should be performed without accurately identifying the partner network device. Therefore, the above procedure of mutual authentication is necessary. Otherwise, when networking with simple network scanning, a malicious attacker could disrupt the network and disrupt normal service progress.

In addition, the present invention, the main technical focus on the authentication between the IPTV set-top box 230 or the healthcare gateway 220. In order to provide an overall service, a healthcare service may be provided by applying an authentication method between the IPTV set-top box 230 or the healthcare gateway 220 in the form of an IPTV-based interactive service.

On the other hand, the present invention will be described again, the present invention is to provide a healthcare service in connection with the IPTV set-top box 230. In particular, the present invention does not know the IP address between the IPTV set-top box 230 and the healthcare gateway 220 assigned the floating IP address, and establishes a communication session by identifying and authenticating the IP addresses. This is to provide a healthcare service associated with a healthcare gateway 220 using an IPTV set-top box 230 in which a direct linkage function with the healthcare sensor 210 is not implemented.

In the healthcare system connected to the healthcare sensor 210, the healthcare gateway 220, the IPTV set-top box 230, and the healthcare service server 240, the IPTV set-top box 230 is the healthcare sensor 210. The present invention applies when it is not equipped with a function to communicate directly with). The IPTV set-top box 230 and the healthcare gateway 220 are connected to the TCP / IP network indirectly to make a network connection, so that the data of the healthcare sensor 210 is transferred to the healthcare service server via the IPTV set-top box 230. Is sent to 240.

Meanwhile, the U-health application program of the IPTV set-top box 230 may display the received biometric information on the user interface to facilitate user convenience.

In addition, since the IPTV set-top box 230 receives a floating IP address and performs networking, the IPTV set-top box 230 scans an IP band allocated in the same router in a situation where network identification between each other is not easy. When responding at a predefined port, the IPTV set-top box 230 and the healthcare gateway 220 may establish a mutual network session by authenticating this.

The healthcare service server 240 manages the mapping information of the device separately for mutual security authentication of the IPTV set-top box 230 and the healthcare gateway 220 and provides the mutual mapping information by an authenticated request. Through this, the IPTV set-top box 230 and the healthcare gateway 220 may have mutual authentication information. The IPTV set-top box 230 and the healthcare gateway 220 may authenticate each other by transmitting a combination thereof as a hash value.

On the other hand, the method of the present invention as described above can be written in a computer program. And the code and code segments constituting the program can be easily inferred by a computer programmer in the art. In addition, the written program is stored in a computer-readable recording medium (information storage medium), and read and executed by a computer to implement the method of the present invention. The recording medium may include any type of computer readable recording medium.

The present invention described above is capable of various substitutions, modifications, and changes without departing from the technical spirit of the present invention for those skilled in the art to which the present invention pertains. It is not limited by the drawings.

1 is a configuration diagram of a bidirectional network of a general IPTV to which the present invention is applied;

2 is a configuration diagram of an embodiment of a healthcare service system using an IPTV to which the present invention is applied;

3 is a flowchart illustrating an embodiment of a health care service process based on an IPTV set-top box to which the present invention is applied;

4 is a flowchart illustrating a network interworking method between a set-top box and a healthcare gateway for a dynamic IP environment according to the present invention.

* Explanation of symbols for the main parts of the drawings

210: healthcare sensor 220: healthcare gateway

230: IPTV set-top box 240: healthcare service server

Claims (12)

A network interworking method between healthcare gateways for a dynamic IP environment in a set top box, An address receiving step of receiving an MAC address of the healthcare gateway by receiving an IP address and requesting an authentication based on the set-top box ID of the healthcare service server; A gateway access step of accessing the healthcare gateway by IP scanning to a preset port in a class such as the allocated IP address; And A mutual authentication step of performing network interworking by mutually authenticating with the connected healthcare gateway using the set-top box ID and the received MAC address. Network interworking method between the healthcare gateway for a floating IP environment in a set-top box comprising a. The method of claim 1, The string authentication step of performing mutual authentication with the healthcare gateway based on a predetermined string based on the connection with the healthcare gateway in the gateway access step. Network interworking method between the healthcare gateway for a floating IP environment in a set-top box further comprising. The method of claim 2, The string authentication step, If mutual authentication with the healthcare gateway fails, the IP scanning is continued. Network Interworking Method between Healthcare Gateways for Dynamic IP Environments in Set-Top Boxes. 4. The method according to any one of claims 1 to 3, The mutual authentication step, A hash value transmission step of transmitting a hash value of a string in which the set-top box ID and the received MAC address are connected to the healthcare gateway; And A gateway authentication step of receiving and verifying and authenticating a hash value of a string connected with the received MAC address and the set-top box ID from the healthcare gateway Network interworking method between the healthcare gateway for a floating IP environment in a set-top box comprising a. The method of claim 4, wherein The hash value transmission step, Generating a string by connecting the set-top box ID and the received MAC address in order Network Interworking Method between Healthcare Gateways for Dynamic IP Environments in Set-Top Boxes. The method of claim 5, The gateway connection step, Attempt to connect while changing the last IP address within the predetermined range from the assigned IP address Network Interworking Method between Healthcare Gateways for Dynamic IP Environments in Set-Top Boxes. In the network interworking method between the set-top box for the dynamic IP environment in the healthcare gateway, An address receiving step of receiving a set-top box ID by assigning an IP address and requesting authentication to the healthcare service server based on its MAC address; A set-top box access step of accessing the set-top box by IP scanning to a preset port in the same class as the assigned IP address; And A mutual authentication step of performing network interworking by mutually authenticating with the connected set-top box using the received MAC address and the set-top box ID. Network interworking method between the set-top box for a floating IP environment in the healthcare gateway comprising a. The method of claim 7, wherein String authentication step of performing mutual authentication with the set-top box on the basis of a predetermined string when connected to the set-top box in the set-top box access step Network interworking method between the set-top box for a floating IP environment in the healthcare gateway further comprising. The method of claim 8, The string authentication step, If mutual authentication with the set-top box fails, the IP scanning is continued. Network interworking method between set-top boxes for dynamic IP environment in healthcare gateway. The method according to any one of claims 7 to 9, The mutual authentication step, A hash value transmitting step of transmitting a hash value of a string connected to the MAC address and the received set-top box ID to the set-top box; And A gateway authentication step of receiving and verifying and authenticating a hash value of a string connected with the set-top box ID and the MAC address received from the set-top box. Network interworking method between the set-top box for a floating IP environment in the healthcare gateway comprising a. The method of claim 10, The hash value transmission step, Generating a string by connecting the MAC address and the received set-top box ID in order Network interworking method between set-top boxes for dynamic IP environment in healthcare gateway. The method of claim 11, The set top box connection step, Attempt to connect while changing the last IP address within the predetermined range from the assigned IP address Network interworking method between set-top boxes for dynamic IP environment in healthcare gateway.

Images