JP2016048890A - Communication control device, communication control system, communication control method, and communication control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a communication control device, communication control system, communication control method, and communication control program that restrain the work load of setting work to control communication of communication data, and can enhance the security of a communication apparatus.SOLUTION: A communication control device 10A comprises a communication determination unit 33 for determining whether the communication of communication data is permitted or not based on a security level of a transmission source included in communication data destined to a communication terminal T1 or communication terminal T2. This can suppress the work load of setting work (registration work) to permit the communication of the communication data in comparison with until now, and can enhance the security of the destination (transmission destination) communication terminal T1 and communication terminal T2.SELECTED DRAWING: Figure 2

Description

  Some embodiments according to the present invention relate to, for example, a communication control device, a communication control system, a communication control method, and a communication control program that control communication of communication data.

  Conventionally, when a connection request including an IP address is received from a telephone terminal in order to exert a security function for a connection point to the packet network for each user of the telephone terminal, this is applicable to the requesting telephone terminal. A network telephone system that performs connection authentication in accordance with a security level connection authentication method is known (see, for example, Patent Document 1).

JP-A-2005-191973

  By the way, in a communication system in which communication data is communicated between a plurality of communication devices, that is, transmitted and received (hereinafter also referred to as “transmission / reception” as appropriate), communication data communication is permitted to ensure the security of each communication device. Or restricting communication control is required.

  For this reason, for example, a firewall system (hereinafter simply referred to as “firewall”) may be constructed between the server device and the network to increase the security of the server device.

  However, in the case of a client terminal or the like, for example, a firewall may not be provided between the client terminal and the security may be low. On the other hand, even if a firewall is provided, the firewall refers to the address of the communication data source and the address of the destination (destination) and controls the communication of the communication data. For each combination of a transmission source communication device and a destination (transmission destination), it is necessary to set (register) a determination condition as to whether or not to permit communication. Therefore, with the addition of communication devices and the addition of firewalls, the workload of the communication system administrator has increased.

  Some aspects of the present invention have been made in view of the above-described problems, and communication control that can increase the security of a communication device while suppressing the amount of setting work for controlling communication of communication data. An object is to provide an apparatus, a communication control system, a communication control method, and a communication control program.

  A communication control apparatus according to an aspect of the present invention includes a communication determination unit that determines whether to permit communication of communication data based on a security level of a transmission source included in communication data destined for the communication device. .

  The communication control apparatus further includes a storage unit that stores a security level of the communication device, and the communication determination unit is configured to determine the communication data based on the security level of the communication device and the security level of the transmission source included in the communication data. It may be determined whether to permit communication.

  The communication control apparatus further includes a storage unit that stores an address of the communication device, and the communication determination unit performs communication of the communication data based on the address of the communication device and the security level of the transmission source included in the communication data. It may be determined whether or not to permit.

  The communication control apparatus may further include a security level assigning unit that assigns a security level of the transmission source to communication data having the communication device as the transmission source.

  In the communication control apparatus, the communication data may include at least one security level of the transmission source.

  In the communication control device, the data format of the communication data may be an IP packet.

  In the communication control apparatus, the data format of the communication data may be an Ethernet (registered trademark) frame.

  In the communication control apparatus, the security level of the transmission source may be stored in a service type field of an IP header of communication data.

  In the communication control apparatus, the security level of the transmission source may be stored in the lifetime field of the IP header of the communication data.

  A communication control system according to an aspect of the present invention includes at least one communication control device.

  A communication control method according to an aspect of the present invention is a communication control method of a communication control device, wherein the communication control device is configured to transmit the communication data based on a security level of a transmission source included in communication data destined for a communication device. Determining whether to permit the communication.

  The communication control program according to one aspect of the present invention is a communication control program of a communication control device, and the communication control device is configured to transmit the communication data based on a security level of a transmission source included in communication data destined for a communication device. Determining whether to permit the communication.

  According to the communication control device, the communication control system, the communication control method, and the communication control program in one aspect of the present invention, based on the security level of the transmission source included in the communication data destined for the communication device, the communication data It is determined whether communication is permitted. Here, if a security level is set for each communication device, it becomes possible to classify each communication device into a security level hierarchy (rank, class) smaller than the number of communication devices. The security level is not information unique to each communication device, such as an IP address, but information shared by some communication devices. Therefore, based on the security level of the transmission source, it is possible to determine not only the communication device of the transmission source, but all communication data having the communication device with the security level set as the transmission source. The conventional work of setting or registering the judgment condition for each communication device as the transmission source becomes unnecessary. Further, by determining whether to permit communication of communication data based on the security level of the transmission source, when the security level of the transmission source satisfies a predetermined condition, for example, the destination of the communication data (transmission destination) If the security level of the communication data matches the security level of the communication data, the communication data communication is permitted. Become. Therefore, as compared with the conventional case, it is possible to reduce the amount of setting work (registration work) for permitting communication of communication data, and it is possible to increase the security of the destination (transmission destination) communication device.

It is a block diagram explaining an example of schematic structure of the communication control system in this embodiment. It is a block diagram explaining an example of a structure of the communication control apparatus shown in FIG. It is a figure for demonstrating the data structure of an IP packet. It is a flowchart explaining an example of operation | movement of the communication control apparatus shown in FIG. It is a figure which shows an example of the security level file which the communication control apparatus shown in FIG. 1 memorize | stores. It is a figure which shows an example of the determination condition file which the communication control apparatus shown in FIG. 1 memorize | stores. It is a figure which shows the other example of the security level file which the communication control apparatus shown in FIG. 1 memorize | stores. It is a figure which shows the other example of the determination condition file which the communication control apparatus shown in FIG. 1 memorize | stores. 6 is a flowchart for explaining another example of the operation of the communication control apparatus shown in FIG. 1. It is a figure which shows the further another example of the security level file which the communication control apparatus shown in FIG. 1 memorize | stores. It is a figure which shows an example of the relationship between the priority in the priority control of an IP packet, and a security level. It is a figure for demonstrating the data structure of an Ethernet frame. It is a figure for demonstrating the data structure of an Ethernet header.

  Embodiments of the present invention will be described below. In the following description of the drawings, the same or similar parts are denoted by the same or similar reference numerals. However, the drawings are schematic. Therefore, specific dimensions and the like should be determined in light of the following description. Moreover, it is a matter of course that portions having different dimensional relationships and ratios are included between the drawings. Furthermore, the technical scope of the present invention should not be understood as being limited to the embodiment. In the following description, the upper side of the drawing is referred to as “upper”, the lower side as “lower”, the left side as “left”, and the right side as “right”.

  1 to 13 illustrate an embodiment of a communication control device, a communication control system, a communication control method, and a communication control program according to the present invention. FIG. 1 is a configuration diagram illustrating an example of a schematic configuration of a communication control system 100 according to the present embodiment. As shown in FIG. 1, the communication control system 100 includes a communication control device 10A and a communication control device 10B.

  A communication terminal T1 and a communication terminal T2 are communicably connected to the communication control apparatus 10A. Each of the communication terminal T1 and the communication terminal T2 can be configured to include, for example, a computer having a communication function. Each of the communication terminal T1 and the communication terminal T2 is configured to transmit and receive predetermined communication data. Each of the communication terminal T1 and the communication terminal T2 corresponds to an example of “communication device” in the present invention.

  A plurality of servers SV1 to SV5 are communicably connected to the communication control device 10B. Each of the servers SV1 to SV5 has a communication function, and includes a computer that executes server software (server program) that provides various services (functions) such as a web server, an application server, and a file server. Is possible. Each of the servers SV1 to SV5 is configured to transmit and receive predetermined communication data. Each of the servers SV1 to SV5 corresponds to another example of the “communication device” in the present invention. Further, a firewall or the like (not shown) may be provided between each of the servers SV1 to SV5 and the communication control device 10B.

  Communication control device 10A and communication control device 10B are communicably connected via communication network NW1. The communication network NW1 is a network managed and operated by a telecommunications carrier, and is a closed network such as an IP-VPN (IP-Virtual Private Network) or a wide area Ethernet, for example.

  Although FIG. 1 shows an example in which the communication control system 100 includes two communication control devices 10A and 10B, the present invention is not limited to this. The communication control system 100 may include one communication control device or may include three or more communication control devices.

  A unique (unique) IP address (Internet Protocol address) is assigned to each of the communication terminal T1 and the communication terminal T2 and the servers SV1 to SV5 by the communication carrier. When communicating with other communication devices in the communication system 100, each of the communication terminal T1, the communication terminal T2, and the servers S1 to S5 uses the IP address assigned to its own communication device as the transmission source address and the destination (transmission). The IP address assigned to the destination communication device is designated as the destination address, and the communication data is transmitted.

  For example, an IP packet is used as a data format of communication data transmitted or received by each communication device of the communication terminal T1, the communication terminal T2, and the servers SV1 to SV5. Although there are some specifications for IP packets, the following description will be made using IP packets compliant with RFC791 established by IETF (Internet Engineering Task Force).

  FIG. 2 is a block diagram illustrating an example of the configuration of the communication control apparatus 10A illustrated in FIG. The configuration of the communication control device 10B is the same as the configuration of the communication control device 10A unless otherwise specified. Therefore, hereinafter, the configuration of the communication control apparatus 10A will be described, and the description of the configuration of the communication control apparatus 10B will be omitted as appropriate. The communication control device 10A can be configured to include a network device such as a router, for example. As illustrated in FIG. 2, the communication control device 10A includes a communication unit 11, a storage unit 20, and a control unit 30.

  The communication unit 11 is connected to each of the communication terminal T1 and the communication terminal T2 illustrated in FIG. 1 via a communication cable. The communication unit 11 is connected to the communication network NW1 shown in FIG. 1 via a communication cable. The communication unit 11 is configured to receive an IP packet input from the outside of the communication control apparatus 10A and transmit the IP packet to the outside. The communication unit 11 can be configured to include, for example, a buffer memory that temporarily stores an IP packet and a communication interface including a connection terminal for connecting to an external communication device.

  The storage unit 20 stores programs and data necessary for the operation of the communication control apparatus 10A. The storage unit 20 stores, for example, a security level file 21A and a determination condition file 22A. On the other hand, the storage unit 20 of the communication control apparatus 10B stores a security level file 21B and a determination condition file 22B.

  Each of the security level file 21A and the security level file 21B includes, for example, a record having an IP address and a security level corresponding to the IP address. For example, the record is created for each IP address assigned to the communication device to be managed, connected to the communication control device so as to be communicable. Each of the security level file 21A and the security level file 21B is a file in which at least one record is collected.

  The security level is information indicating, for example, a security hierarchy (rank or class) classified into a plurality from the viewpoint of communication security. For example, the telecommunications carrier has a plurality of layers (ranks or classes) as security levels for the communication terminals T1 and T2 and the communication devices of the servers SV1 to SV5 connected to the communication control system 100. Set at least one of That is, the security level to be set may be one or may be two or more. The security level is represented by, for example, a numerical value (value) associated (linked) with each hierarchy (rank or class).

  Here, if a security level is set for each communication device, it becomes possible to classify each communication device into a security level hierarchy (rank, class) smaller than the number of communication devices. The security level is not information unique to each communication device, such as an IP address, but information shared by some communication devices. Therefore, based on the security level of the transmission source, it is possible to determine not only the communication device of the transmission source, but all communication data having the communication device with the security level set as the transmission source. The conventional work of setting or registering the judgment condition for each communication device as the transmission source becomes unnecessary.

  Each of the determination condition file 22A and the determination condition file 21B includes, for example, a record having a security level and an IP address corresponding to the security level. For example, the record is created for each IP address assigned to the communication device to be managed, connected to the communication control device so as to be communicable. Each of the security level file 21A and the security level file 21B is a file in which at least one record is collected, and the determination conditions for communication data are collected.

  The control unit 30 is configured to control the operation of each unit of the communication control device 10 </ b> A, such as the communication unit 11 and the storage unit 12. Further, the control unit 30 is configured to use the communication control method according to the present embodiment and to execute the communication control program according to the present embodiment. The control part 30 is provided with the communication control part 31, the security level provision part 32, and the communication determination part 33 as the function structure, for example.

  The communication control unit 31 is configured to control the communication unit 11. Specifically, the communication control unit 31 receives or transmits an IP packet input to the communication unit 11 via the communication unit 11. Or discard.

  The security level assigning unit 32 is configured to assign the source security level to the IP packet received by the communication unit 11. The security level provided by the security level assigning unit 32 may be one or may be two or more.

  The communication determination unit 33 determines whether to permit communication of the IP packet based on the security level of the transmission source included in the IP packet received by the communication unit 11. Thereby, when the security level of the transmission source satisfies a predetermined condition, for example, when it matches the security level of the destination (transmission destination) of the IP packet, communication of communication data is permitted, and when it does not satisfy, for example, If it does not match the security level of the destination (transmission destination) of the IP packet, it becomes possible not to allow communication of communication data.

  The control unit 30 can be configured to include, for example, a processor such as a CPU (Central Processing Unit) and a memory such as a ROM, a RAM, and a buffer. On the other hand, each function of the control unit 30 can be realized by a program executed by a microcomputer (microprocessor). Therefore, each function provided in the control unit 30 can be realized by hardware, software, or a combination of hardware and software, and is not limited to any case.

  Further, when each function of the control unit 30 is realized by software or a combination of hardware and software, the processing can be executed by multitasking, multithreading, or both multitasking and multithreading. , But not limited to either case.

  2 shows an example in which the control unit 30 includes the communication control unit 31, the security level provision unit 32, and the communication determination unit 33 as functional configurations. However, the functions provided in the control unit 30 are limited to these functions only. However, other functions may be further provided.

  FIG. 3 is a diagram for explaining the data structure of an IP packet. As shown in FIG. 3, the IP packet has 32 bits, that is, 4 bytes as a unit. The IP packet is roughly divided into an IP header from the first “version” to “extension information”, and this IP header. It is divided into “data” IP data that follows. In the IP header, the first “version” to “destination address” are fixed-length portions included in all IP packets, and the length is 20 bytes. This fixed length portion includes a “source address” field and a “destination address” field, and the “source address” field is assigned to the communication device that is the source of the IP packet. The IP address is stored, and the IP address assigned to the destination (transmission destination) communication device of the IP packet is stored in the “destination address” field. Further, the “extension information” field of the IP header is a variable length portion that is arbitrarily added, and its minimum length is 0 bytes. On the other hand, the “data” field of the IP data also has a variable length.

  The security level described above is preferably stored in any field of the IP header which is a fixed length portion. The security level is stored, for example, in the “service type” (or service type) field of the IP header. The “service type” (or service type) field is 8 bits wide. For example, when the security level is represented by a numerical value (value) of “0” to “7” that can be displayed in 3 bits, the security level is stored in units of 3 bits from the top of the “service type” (or service type). In this example, the “service type” (or service type) field can store up to two security levels.

  Alternatively, the security level is stored, for example, in a field of “life time” (or TTL (Time To Live)) of the IP header. The “time to live” (or TTL) field is also 8 bits wide. Here, each time an IP packet is relayed (via) a network device such as a router, the value of the “live time” (or TTL) of the IP header is reduced by, for example, “1” and changed. For this reason, when the “lifetime” (or TTL) field of the IP header is used as the security level, the numerical value (value) and the communication determination unit 33 determine when the security level is changed. Set judgment conditions.

  Next, a communication control method and a communication control program according to the present embodiment will be described.

  FIG. 4 is a flowchart for explaining an example of the operation of the communication control apparatus 10A shown in FIG. Note that the operation of the communication control device 10B is the same as the operation of the communication control device 10A unless otherwise specified. Therefore, the operation of the communication control apparatus 10A will be described below, and the description of the operation of the communication control apparatus 10B will be omitted as appropriate. For example, when the communication control apparatus 10 </ b> A is turned on and started, the control unit 30 executes a communication control process S <b> 100 illustrated in FIG. 4.

  First, the communication control unit 31 determines whether an IP packet has been received based on an input from the communication unit 11 (S101). The communication data control unit 31 repeats step S101 until an IP packet is received.

  When the IP packet is received as a result of the determination in S101, the security level assigning unit 32 refers to a predetermined field in which the security level is stored in the received IP packet, and the IP packet includes the security level of the transmission source. Is determined (S102).

  For example, if the predetermined field in which the security level is stored is other than “0”, the security level assigning unit 32 determines that the IP packet includes the security level of the transmission source, and the predetermined field in which the security level is stored. Is “0”, it is determined that the IP packet does not include the security level of the transmission source.

  As a result of the determination in S102, when the IP packet does not include the security level of the transmission source, the security level giving unit 32 refers to the “source address” field of the IP header shown in FIG. The source IP address is acquired (S103). As a result, the IP address assigned to the communication device that is the transmission source of the received IP packet is obtained.

  Next, the security level assigning unit 32 reads the security level file 21A stored in the storage unit 30 and searches the security level file 21A for a record corresponding to the IP address of the transmission source acquired in step S103. Based on the search result, it is determined whether or not the security level of the transmission source is stored (S104).

  If the security level of the transmission source is stored as a result of the determination in S104, the security level assigning unit 32 acquires the security level of the transmission source of the received IP address from the security level file 21A (S105). In the packet, the security level is written in a predetermined field, and the source security level is assigned (S106).

  On the other hand, if the security level of the transmission source is not stored as a result of the determination in S104, the communication device that is the transmission source of the received IP packet is managed by its own communication control device and is not a target to which the security level is given. Conceivable. Therefore, the communication control unit 31 discards the received IP packet (S107).

  After step S107, the control unit 30 ends the communication control process S100.

  As a result of the determination in S102, when the IP packet includes the security level of the transmission source, or after the step in S106, the communication determination unit 33 performs a predetermined field in which the security level is stored in the received IP packet and FIG. Referring to the “destination address” field of the IP header shown in FIG. 6A, the source security level and the destination (destination) IP address are acquired (S108). As a result, the security level set in the communication device that is the transmission source of the received IP packet and the IP address assigned to the communication device that is the destination (transmission destination) of the received IP packet are obtained.

  Next, the communication determination unit 33 reads the determination condition file 22A stored in the storage unit 12, and in the determination condition file 22A, the transmission source security level and the destination (transmission destination) IP acquired in step S108. A record corresponding to the address is searched, and it is determined whether to permit communication of the received IP packet based on the search result (S109). Thus, it is determined whether or not to permit IP packet communication based on the IP address assigned to the destination (transmission destination) communication device and the security level set in the transmission source communication device.

  For example, when there is a record corresponding to the security level of the transmission source acquired in step S108 and the IP address of the destination (transmission destination) in the determination condition file 22A, the communication determination unit 33 performs communication of the received IP packet. Determine to allow. On the other hand, if there is no record corresponding to the security level of the transmission source and the IP address of the destination (transmission destination) acquired in step S108 in the determination condition file 22A, the communication determination unit 33 performs communication of the received IP packet. It is determined not to allow.

  As a result of the determination in S109, when the communication of the received IP packet is permitted, the communication control unit 31 transmits the IP packet to the destination (destination) communication device via the communication unit 11 (S110). .

  On the other hand, when the result of the determination in S109 does not permit the communication of the received IP packet, the following two cases can be considered. That is, the case where the communication of the received IP packet is prohibited and the case where the communication device that is the destination (transmission destination) of the received IP packet is managed by its own communication control device and are not the target of communication control. In the latter case, another communication control device determines whether to permit communication of the IP packet. Therefore, the communication control unit 31 transmits the received IP packet to another communication control device via the communication unit 11 (S111).

  In the present embodiment, the communication control device 10A transmits to the communication control device 10B via the communication network NW1, and the communication control device 10B transmits to the communication control device 10A via the communication network NW1.

  After the step of S110 or after the step of S111, the control unit 30 ends the communication control process S100.

  Next, procedures of the communication control method and the communication control program shown in FIG. 4 in the communication control system 100 shown in FIG. 1 will be described using an embodiment.

(Example 1)
In the following example, the “service type” field of the IP header shown in FIG. 3 is used as the predetermined field in which the security level is stored, and the communication terminal T1 or communication terminal T2 shown in FIG. A case will be described in which communication of IP packets destined for any one of the SVs 5 (destination) is controlled.

  FIG. 5 is a diagram showing an example of a security level file stored in the communication control apparatus 10A shown in FIG. As shown in FIG. 5, the security level file 21A stored in the storage unit 20 of the communication control apparatus 10A includes a record 21A1 of the communication terminal T1 and a record 21A2 of the communication terminal T2. Each of the record 21A1 and the record 21A2 has an IP address field and a security level field. In the example of FIG. 5, the security level “2” is set for the communication terminal T1, and the security level “3” is set for the communication terminal T2.

  FIG. 6 is a diagram illustrating an example of a determination condition file stored in the communication control device 10B illustrated in FIG. As illustrated in FIG. 6, the determination condition file 22B stored in the storage unit 20 of the communication control apparatus 10B includes a record 22B1 of the server SV1, a record 22B2 of the server SV2, a record 22B3 of the server SV3, and a record of the server SV4. 22B4 and the record 22B5 of the server SV5. Each of the records 22B1 to 22B5 has a security level field and an IP address field.

  In such an example, for example, when the communication terminal T1 transmits an IP packet to any one of the servers SV1 to SV5, the security level assigning unit 32 of the communication control device 10A performs steps S104 to S106 shown in FIG. In the step, as a result of searching the security level file 21A shown in FIG. 5, the record 21A1 is detected, “2” stored in the security level field of this record 21A1 is acquired, and the “service” of the IP header shown in FIG. “Type” is written and attached to the IP packet. As a result, the security level set in the transmission source communication terminal T1 is given to the IP packet.

  Since this IP packet is addressed to any one of the servers SV1 to SV5 (transmission destination), the communication control unit 31 of the communication control apparatus 10A sends the IP packet in step S111 shown in FIG. It transmits toward the communication control apparatus 10B.

  The IP packet transmitted from the communication control device 10A is received by the communication control device 10B via the communication network NW1. The communication determination unit 33 of the communication control apparatus 10B searches the determination condition file 22B illustrated in FIG. 6 in the step of S109 illustrated in FIG. For example, when the destination (transmission destination) of this IP packet is the server SV1, the communication determination unit 33 of the communication control device 10B searches for the determination condition file 22B shown in FIG. Since the security level of the transmitted source is “2” as described above, the record 22B1 is detected. Therefore, the communication determination unit 33 of the communication control device 10B permits communication of the IP packet, and the communication data control unit 31 of the communication control device 10B transmits the IP packet to the server SV1 in step S110.

  For example, when the destination (transmission destination) of the IP packet received by the communication control apparatus 10B is the server SV3, the communication determination unit 33 of the communication control apparatus 10B loads the determination condition file 22B shown in FIG. 6 in step S109. When the search is performed, the destination address of the IP packet matches the IP address of the record 22B3, but the security level of the IP packet is “2” as described above, and does not match the security level “3” of the record 22B3. Therefore, the record 22B3 is not detected. Therefore, the communication determination unit 33 of the communication control apparatus 10B determines that communication of the IP packet is not permitted.

  Furthermore, for example, when the destination (transmission destination) of the IP packet received by the communication control apparatus 10B is the server SV5, the communication determination unit 33 of the communication control apparatus 10B loads the determination condition file 22B shown in FIG. As a result of the search, the destination address of the IP packet matches the IP address of the record 22B5, the security level of the IP packet is “2” as described above, and the security level “2, 3” of the record 22B5 is 1 Record 22B5 is detected. Therefore, the communication determination unit 33 of the communication control device 10B permits communication of the IP packet, and the communication control unit 31 of the communication control device 10B transmits the IP packet to the server SV5 in step S110.

(Example 2)
In the following example, the “lifetime” (or TTL) field of the IP header shown in FIG. 3 is used as the predetermined field in which the security level is stored, and the communication terminal T1 or communication terminal T2 shown in FIG. A case will be described in which communication of IP packets destined for any one of the servers SV1 to SV5 (destination) is controlled.

  FIG. 7 is a diagram showing another example of the security level file stored in the communication control apparatus 10A shown in FIG. As shown in FIG. 7, the security level file 21A stored in the storage unit 20 of the communication control apparatus 10A includes a record 21A1 of the communication terminal T1 and a record 21A2 of the communication terminal T2. Each of the record 21A1 and the record 21A2 has an IP address field and a security level field. In the example of FIG. 7, the security level “20” is set for the communication terminal T1, and the security level “30” is set for the communication terminal T2.

  FIG. 8 is a diagram illustrating another example of the determination condition file stored in the communication control device 10B illustrated in FIG. As shown in FIG. 8, the determination condition file 22B stored in the storage unit 20 of the communication control apparatus 10B includes a record 22B1 of the server SV1, a record 22B2 of the server SV2, a record 22B3 of the server SV3, and a record of the server SV4. 22B4 and the record 22B5 of the server SV5. Each record 22B1 to 22B5 has a security level lower limit field, a security level upper limit field, and an IP address field.

  In such an example, for example, when the communication terminal T1 transmits an IP packet to any one of the servers SV1 to SV5, the security level assigning unit 32 of the communication control device 10A performs steps S104 to S106 shown in FIG. In the step, as a result of searching the security level file 21A shown in FIG. 7, the record 21A1 is detected, “20” stored in the security level field of this record 21A1 is acquired, and “live” of the IP header shown in FIG. Write in the “time” (or TTL) field and attach to the IP packet. As a result, the security level set in the transmission source communication terminal T1 is given to the IP packet.

  Since this IP packet is addressed to any one of the servers SV1 to SV5 (transmission destination), the communication control unit 31 of the communication control apparatus 10A sends the IP packet in step S111 shown in FIG. It transmits toward the communication control apparatus 10B.

  The IP packet transmitted from the communication control device 10A is received by the communication control device 10B via the communication network NW1. The communication determination unit 33 of the communication control apparatus 10B searches the determination condition file 22B shown in FIG. 8 in the step of S109 shown in FIG. For example, when the destination (transmission destination) of the IP packet is the server SV1, the communication determination unit 33 of the communication control apparatus 10B searches for the determination condition file 22B shown in FIG. The security level of the transmitted source is “20” as described above, and when the IP packet relays a predetermined number, for example, one network device, the security level of the transmission source included in the IP packet is “ 19 ”, the predetermined condition between the security level lower limit“ 11 ”and the security level upper limit“ 19 ”of the record 22B1, for example, security level lower limit ≦ source security level ≦ security level upper limit is satisfied. 22B1 is detected. Therefore, the communication determination unit 33 of the communication control device 10B permits communication of the IP packet, and the communication data control unit 31 of the communication control device 10B transmits the IP packet to the server SV1 in step S110.

  For example, when the destination (transmission destination) of the IP packet received by the communication control apparatus 10B is the server SV3, the communication determination unit 33 of the communication control apparatus 10B loads the determination condition file 22B shown in FIG. 6 in step S109. As a result of the search, the destination address of the IP packet matches the IP address of the record 22B3, but the security level of the IP packet is “20” as described above, and the IP packet has a predetermined number, for example, one When relaying a network device, since the security level of the transmission source included in the IP packet is “19”, a predetermined condition between the security level lower limit “21” and the security level upper limit “29” of the record 22B1; For example, security level lower limit ≤ source security level ≤ security Since Interview security level upper limit, not satisfied, it does not detect the record 22B3. Therefore, the communication determination unit 33 of the communication control apparatus 10B determines that communication of the IP packet is not permitted.

  In the flowchart shown in FIG. 4, in step S109, the communication determination unit 33 determines whether to permit IP packet communication based on the security level of the transmission source and the IP address of the destination (transmission destination). An example is shown, but the present invention is not limited to this. For example, the communication determination unit 33 may determine whether to permit IP packet communication based on the security level of the transmission source and the security level of the destination (transmission destination).

  FIG. 9 is a flowchart for explaining another example of the operation of the communication control apparatus 10A shown in FIG. Note that the communication control process S100 shown in FIG. 9 is similar to the communication control process S100 shown in FIG. 4 because the steps from S101 to S107 are the same as those in FIG.

  As a result of the determination in S102, when the IP packet includes the security level of the transmission source, or after the step in S106, the communication determination unit 33 sets the “destination address” of the IP header shown in FIG. 3 in the received IP packet. By referring to the field, the IP address of the destination (transmission destination) is acquired (S115). As a result, the IP address assigned to the destination (transmission destination) communication device of the received IP packet is obtained.

  Next, the communication determination unit 33 reads the security level file 21A stored in the storage unit 30, searches the security level file 21A for a record corresponding to the IP address acquired in step S115, and based on the search result. Then, it is determined whether or not the security level of the destination (transmission destination) is stored (S116).

  If the security level of the destination (transmission destination) is stored as a result of the determination in S116, the communication determination unit 33 acquires the security level of the destination of the received IP packet from the security level file 21A (S117).

  On the other hand, if the result of determination in S116 is that the security level of the destination (transmission destination) is not stored, the communication device of the destination (transmission destination) of the received IP packet is managed by its own communication control device and controls communication. It is thought that it is not a target. Therefore, the communication control unit 31 transmits the received IP packet to another communication control device via the communication unit 11 (S118).

  After step S118, the control unit 30 ends the communication control process S100.

  After the step of S117, the communication determination unit 33 refers to a predetermined field in which the security level is stored in the received IP packet, and acquires the security level of the transmission source (S119).

  Next, the communication determination unit 33 permits communication of the received IP packet based on the security level of the transmission source acquired in step S119 and the security level of the destination (transmission destination) acquired in step S117. It is determined whether or not (S120). Thus, it is determined whether or not to permit IP packet communication based on the security level set for the destination (transmission destination) communication device and the security level set for the transmission source communication device.

  For example, the communication determination unit 33 compares the security level of the transmission source with the security level of the destination (transmission destination). The communication determination unit 33 determines that the communication of the received IP packet is permitted when at least one of the security levels of the transmission source matches at least one of the security levels of the destination (transmission destination). On the other hand, in other cases, the communication determination unit 33 determines that communication of the received IP packet is not permitted.

  As a result of the determination in S120, when communication of the received IP packet is permitted, the communication control unit 31 transmits the IP packet to the destination (destination) communication device via the communication unit 11 (S121). .

  On the other hand, as a result of the determination in S120, if communication of the received IP packet is not permitted, the received IP packet is prohibited from communication because the security level does not match between the transmission source and the destination (transmission destination). I think it should be. Therefore, the communication control unit 31 discards the received IP packet (S122).

  After the step of S121 or after the step of S122, the control unit 30 ends the communication control process S100.

  In the flowchart shown in FIG. 9, the communication control apparatus 10A uses only the security level file 21A and does not use the determination condition file 22A. Therefore, the communication control apparatus 10A does not need to store the determination condition file 22A in the storage unit 20, and the communication control apparatus 10B does not need to store the determination condition file 22B in the storage unit 20.

  Next, the procedure of the communication control method and the communication control program shown in FIG. 9 in the communication control system 100 shown in FIG. 1 will be described using an embodiment.

(Example 3)
In the following example, the “service type” field of the IP header shown in FIG. 3 is used as a predetermined field in which the security level is stored, and one of the communication terminal T1 and the communication terminal T2 shown in FIG. A case will be described in which communication of IP packets destined for the other of the terminal T1 and the communication terminal T2 (transmission destination) is controlled.

  The storage unit 20 of the communication control apparatus 10A stores the security level file 21A shown in FIG. 5 as in the first embodiment.

  In such an example, for example, when the communication terminal T1 transmits an IP packet to the communication terminal T2, the security level assigning unit 32 of the communication control apparatus 10A performs the steps from S104 to S106 shown in FIG. As a result of searching the security level file 21A shown, the record 21A1 is detected, “2” stored in the security level field of this record 21A1 is acquired, and written in the “service type” of the IP header shown in FIG. Append to packet. As a result, the security level set in the transmission source communication terminal T1 is given to the IP packet.

  Next, as a result of searching the security level file 21A shown in FIG. 5 in the steps S116 and S117 shown in FIG. 9, the communication determination unit 33 of the communication control apparatus 10A detects the record 21A2, and the security level of this record 21A2 “3” stored in the field is acquired. Then, when the communication determination unit 33 of the communication control apparatus 10A compares the security level of the transmission source and the destination (transmission destination) security level in step S120, the security level of the transmission source of the received IP packet is as described above. Since it is “2” and the security level of the destination (transmission destination) of the received IP packet is “3” as described above, they do not match. Therefore, the communication determination unit 33 of the communication control device 10A does not permit communication of the received IP packet, and the communication control unit 31 of the communication control device 10A discards the IP packet in S122.

Example 4
In the following example, the “service type” field of the IP header shown in FIG. 3 is used as a predetermined field in which the security level is stored, and any one of the servers SV1 to SV5 shown in FIG. A case will be described in which communication of IP packets destined for any one of SV1 to SV5 (destination) is controlled.

  FIG. 10 is a diagram showing still another example of the security level file stored in the communication control apparatus 10B shown in FIG. As shown in FIG. 10, the security level file 21B stored in the storage unit 20 of the communication control apparatus 10B includes a record 21B1 of the server SV1, a record 21B2 of the server SV2, a record 21B3 of the server SV3, and a record of the server SV4. 21B4 and the record 21B5 of the server SV5. Each of the records 21B1 to 21B5 has an IP address field and a security level field.

  In such an example, for example, when the server SV2 transmits an IP packet to the server SV4, the security level assigning unit 32 of the communication control apparatus 10B performs the security shown in FIG. 10 in steps S104 to S106 shown in FIG. As a result of searching the level file 21B, the record 21B2 is detected, “2” stored in the security level field of this record 21B2 is acquired, and written in the “service type” of the IP header shown in FIG. Give. As a result, the security level set in the transmission source server SV2 is added to the IP packet.

  Next, in step S116 and S117 shown in FIG. 9, the communication determination unit 33 of the communication control apparatus 10B detects the record 21B4 as a result of searching the security level file 21B shown in FIG. 10, and the security level of the record 21B4 “2” stored in the field is acquired. Then, in step S120, the communication determination unit 33 of the communication control apparatus 10B compares the security level of the transmission source of the received IP packet with the destination (transmission destination) security level of the received IP packet. To do. Therefore, the communication determination unit 33 of the communication control device 10B permits communication of the received IP packet, and the communication control unit 31 of the communication control device 10A transmits the IP packet to the server SV4 in S121.

  Further, for example, when the server SV5 transmits an IP packet to the server SV3, the security level assigning unit 32 of the communication control apparatus 10B obtains the security level file 21B shown in FIG. 10 in steps S104 to S106 shown in FIG. As a result of the search, the record 21B5 is detected, "2, 3" stored in the security level field of this record 21B2 is acquired, and "3" from the top of the "service type" of the IP header shown in FIG. “2” and “3” are written and attached to the IP packet. As a result, the security level set in the transmission source server SV4 is added to the IP packet.

  Next, as a result of searching the security level file 21B shown in FIG. 10 in the steps of S116 and S117 shown in FIG. 9, the communication determination unit 33 of the communication control apparatus 10B detects the record 21B3, and the security level of this record 21B3 “3” stored in the field is acquired. Then, as a result of comparing the security level of the transmission source and the destination (transmission destination) security level, the communication determination unit 33 of the communication control apparatus 10B determines that the security level of the transmission source of the received IP packet is as described above. "2" and "3", and the security level of the destination (transmission destination) of the received IP packet is "3" as described above. Therefore, one of the security levels of the transmission source and the destination (transmission destination) The security level matches. Therefore, the communication determination unit 33 of the communication control device 10B permits communication of the received IP packet, and the communication control unit 31 of the communication control device 10A transmits the IP packet to the server SV4 in S121.

  In the present embodiment, the case where the “service type” field shown in FIG. 3 is used as the field for assigning the security level in the IP packet has been described. The “service type” (service type) field of the IP header is originally used for QoS (Quality of Service) of communication. Therefore, the communication carrier may use the “service type” (service type) field of the IP header, for example, for specifying the priority in the IP packet priority control in the communication network NW1.

  FIG. 11 is a diagram illustrating an example of a relationship between a priority and a security level in IP packet priority control. As illustrated in FIG. 11, for example, the communication carrier performs priority control of IP packets classified into four priority levels “Premium”, “High”, “Middle”, and “Low”. . For each priority of “Premium”, “High”, “Middle”, and “Low”, bit values of “5”, “4”, “3”, and “0” are defined. These bit values are stored in the first 3 bits of the “service type” (service type) field.

  Therefore, as shown in FIG. 11, for example, security level “3” is assigned to priority “Premium”, security level “2” is assigned to priority “High”, and priority “Middle” is set. The security level “1” is associated with each other and set. Thus, by defining the correspondence between the priority of priority control and the security level, the two functions of priority control and communication control based on the security level can be combined into one “service type” (service type). It can be used together (shared) in the field.

  In the present embodiment, the case where an IP packet is used as the data format of communication data has been described. In this case, if priority control is performed, as described above, the priority of the priority control and the security level need to be associated with each other, and the “service type” (service type) field of the IP header needs to be used (shared). Sometimes.

  Therefore, when priority control is performed, it is preferable to use, for example, an Ethernet frame instead of an IP packet as the data format of communication data. In the following, description will be made using an Ethernet frame compliant with IEEE802.1q formulated by the IEEE802.1 group.

  FIG. 12 is a diagram for explaining the data structure of the Ethernet frame. As shown in FIG. 12, the Ethernet frame is roughly divided into an Ethernet header, data, and FCS (Frame Check Sequence). The data has a variable length of 46 to 1500 bytes and includes the IP header shown in FIG. The FCS has a fixed length of 4 bytes and stores the checksum code of the Ethernet frame.

  FIG. 13 is a diagram for explaining the data structure of the Ethernet header. As shown in FIG. 13, the Ethernet header further has a fixed length of 18 bytes, a destination MAC address, a source MAC address, a TPID (Tag Protocol IDentifier), a TCI (Tag Control Information), and a length. Divided into types. The TPID and TCI are called VLAN (Virtual LAN) tags. The TCI includes a “PCP” (Priority Code Point) field, a “CFI” (Canonical Format Indicator) field, and a “VLAN-ID” field.

  Here, when priority control is performed in the Ethernet frame, the priority is stored in the “PCP” field in the VLAN tag shown in FIG. On the other hand, the security level is stored in the “service type” (service type) field in the IP head shown in FIG. 3 included in the “data” shown in FIG. 12, as described above. As described above, when an Ethernet frame is used as the data format of communication data, the priority of the priority control and the security level are stored in different fields of the Ethernet frame. Similarly, when the security level is stored in a field other than the “service type” (service type) of the IP head shown in FIG. 3, for example, the “lifetime” (or TTL) field, The security level is stored in different fields of the Ethernet frame. Thereby, even when priority control is performed, the security level can be set independently of the priority (irrelevant).

  In the present embodiment, the communication control apparatus 10A or the communication control apparatus 10B shows an example in which the security level of the transmission source is added to the communication data, but the present invention is not limited to this. For example, when the communication data is transmitted, the transmission source security may be added to the communication data by communication devices such as the communication terminals T1 and T2 and the servers SV1 to SV5. In this case, the control unit 30 of the communication control device 10A and the communication control device 10B does not need to have the function of the security level providing unit 32.

  Thus, according to the communication control device 10A or the communication control device 10B, the communication control system 100, the communication control method, and the communication control program of the present embodiment, the communication terminal T1, the communication terminal T2, and the servers SV1 to SV5. Whether to permit communication of the communication data is determined based on the security level of the transmission source included in the communication data destined for the communication device.

  Here, if a security level is set for each communication device, it becomes possible to classify each communication device into a security level hierarchy (rank, class) smaller than the number of communication devices. The security level is not information unique to each communication device, such as an IP address, but information shared by some communication devices. Therefore, based on the security level of the transmission source, it is possible to determine not only the communication device of the transmission source, but all communication data having the communication device with the security level set as the transmission source. The conventional work of setting or registering the judgment condition for each communication device as the transmission source becomes unnecessary.

  Further, by determining whether to permit communication of communication data based on the security level of the transmission source, when the security level of the transmission source satisfies a predetermined condition, for example, the destination of the communication data (transmission destination) If the security level of the communication data matches the security level of the communication data, the communication data communication is permitted. Become. Therefore, as compared with the conventional case, it is possible to reduce the amount of setting work (registration work) for permitting communication of communication data, and it is possible to increase the security of the destination (transmission destination) communication device.

  Note that the present invention is not limited to the above-described embodiment, and can be applied with various modifications.

  In addition, the examples and application examples described through the embodiments of the present invention can be used in combination as appropriate according to the application, or can be used with modifications or improvements, and the present invention is limited to the description of the above-described embodiments. Is not to be done. It is apparent from the description of the scope of claims that the embodiments added with such combinations or changes or improvements can also be included in the technical scope of the present invention.

DESCRIPTION OF SYMBOLS 10A, 10B ... Communication control apparatus 11 ... Communication part 20 ... Memory | storage part 21A, 21B ... Security level file 22A, 22B ... Judgment condition file 30 ... Control part 31 ... Communication control part 32 ... Security level provision part 33 ... Communication determination part 100 ... Communication system S100 ... Communication control process SV1, SV2, SV3, SV4, SV5 ... Server T1, T2 ... Communication terminal

Claims (12)

A communication determination unit for determining whether to permit communication of the communication data based on a security level of a transmission source included in communication data destined for the communication device;
Communication control device. A storage unit for storing a security level of the communication device;
The communication determination unit determines whether to permit communication of the communication data based on a security level of the communication device and a security level of a transmission source included in the communication data;
The communication control apparatus according to claim 1. A storage unit for storing the address of the communication device;
The communication determination unit determines whether to permit communication of the communication data based on an address of the communication device and a security level of a transmission source included in the communication data;
The communication control apparatus according to claim 1. The communication data having the communication device as a transmission source further includes a security level providing unit for adding a security level of the transmission source,
The communication control apparatus according to any one of claims 1 to 3. The communication data includes at least one security level of a transmission source.
The communication control apparatus according to any one of claims 1 to 4. The data format of the communication data is an IP packet.
The communication control apparatus according to any one of claims 1 to 5. The data format of the communication data is an Ethernet frame.
The communication control apparatus according to any one of claims 1 to 5. The security level of the transmission source is stored in the service type field of the IP header of the communication data.
The communication control apparatus according to claim 6 or 7. The security level of the sender is stored in the lifetime field of the IP header of the communication data.
The communication control apparatus according to claim 6 or 7. Comprising at least one communication control device according to any one of claims 1 to 9,
Communication control system. A communication control method for a communication control device, comprising:
The communication control device comprises determining whether to permit communication of the communication data based on a security level of a transmission source included in communication data destined for a communication device.
Communication control method. A communication control program for a communication control device,
The communication control device includes a step of determining whether to permit communication of the communication data based on a security level of a transmission source included in communication data destined for a communication device.
Communication control program.

Images