JP7011271B1 - Information processing methods, information processing systems and computer programs - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information processing method or the like capable of communicating from a device on a global network to a specific device in a private network by an easy method. In an information processing method, a first transfer device acquires a connection establishment request from a second transfer device, and the first transfer device and the second transfer device respond to the acquired connection establishment request. A transfer request for specifying a specific port of the second communication device as a transfer destination is transmitted to the second transfer device by establishing a connection between the two, and using the established connection, in response to the transmitted transfer request. A communication tunnel is formed to transfer communication between the reception port of the first transfer device that receives communication from the first communication device and the specific port of the second communication device, and the first communication tunnel is formed. Transfers communication between the reception port of the transfer device and the specific port of the second communication device. [Selection diagram] FIG. 5

Description

The present technology relates to information processing methods, information processing systems and computer programs.

Normally, a relay device such as a router is installed between a global network such as the Internet and a private network such as an office or a home, and the global IP address used when connecting to the global network by the relay device is on the private network side. Network Address Translation (NAT) is performed to the private IP address used. Therefore, when a device on the global network connects to a device in the private network, it is necessary to perform so-called NAT traversal.

Conventionally, port forwarding by static IP masquerading (see, for example, Patent Document 1) has been used as a technique for traversing NAT. In port forwarding, by using the tunnel function etc., the specific port of the global server on the global network and the specific port of the local server in the private network are mapped. This allows data arriving at the global server port to be forwarded through the tunnel to the local server's mapped port.

Japanese Unexamined Patent Publication No. 2000-341337

However, in port forwarding, it is necessary to set the port mapping on the private network side, and there is a problem that a complicated procedure is required.

An object of the present disclosure is to provide an information processing method or the like capable of communicating from a device on a global network to a specific device in a private network by an easy method.

In the information processing method according to one aspect of the present disclosure, the communication between the first transfer device connected to the global network and transferring the communication received from the first communication device and the second communication device connected to the private network is performed. An information processing method for transferring via a second transfer device connected to the private network, wherein the first transfer device acquires a connection establishment request from the second transfer device and establishes the acquired connection. In response to the request, a transfer request is made by establishing a connection between the first transfer device and the second transfer device and using the established connection to specify a specific port of the second communication device as a transfer destination. Transfers communication between the reception port of the first transfer device and the specific port of the second communication device, which is transmitted to the second transfer device and receives communication from the first communication device in response to the transmitted transfer request. A communication tunnel is formed, and communication between the reception port of the first transfer device and the specific port of the second communication device is transferred through the formed communication tunnel.

According to the present disclosure, a device on the global network can easily communicate with a specific device in the private network.

It is a figure which shows the outline of the information processing system in 1st Embodiment. It is a block diagram which shows the internal structure of each apparatus of the information processing system in 1st Embodiment. It is a conceptual diagram which shows the record layout of the transfer information DB. It is a conceptual diagram which shows the record layout of the identification information DB. It is a sequence diagram which shows an example of the procedure of the operation processing executed in an information processing system. It is a block diagram which shows the internal structure of each apparatus of the information processing system in 2nd Embodiment. It is explanatory drawing which illustrates the record layout of the possibility information DB. It is a sequence diagram which shows an example of the procedure of the operation processing executed in the information processing system in 2nd Embodiment. It is a figure which shows the outline of the information processing system in 3rd Embodiment. It is a sequence diagram which shows an example of the procedure of the operation processing executed in the information processing system in 3rd Embodiment. It is a sequence diagram which shows an example of the procedure of the operation processing executed in the information processing system in 3rd Embodiment. It is a figure which shows the outline of the information processing system in 4th Embodiment. It is a conceptual diagram which shows the record layout of the connection information DB. It is a sequence diagram which shows an example of the procedure of the operation processing executed in the information processing system in 4th Embodiment. It is a sequence diagram which shows an example of the procedure of the operation processing executed in the information processing system in 4th Embodiment. It is a figure which shows the outline of the information processing system in 5th Embodiment. It is a figure which shows the outline of the information processing system in 6th Embodiment. It is a figure which shows the outline of the information processing system in 7th Embodiment.

The present invention will be specifically described with reference to the drawings showing the embodiments thereof.

(First Embodiment)
FIG. 1 is a diagram showing an outline of the information processing system 100 according to the first embodiment. The information processing system 100 includes a transfer server 1 and a transfer client 2. The transfer server 1 is configured to be connected to the global network N1, which is a communication network based on a global IP address. The global network N1 is, for example, the Internet. The transfer server 1 is communicably connected to the client device 3 connected to the global network N1 and can transmit and receive data to and from the client device 3. The transfer client 2 is configured to be connected to a private network N2 such as a LAN (Local Area Network) using a private IP address. The transfer client 2 is communicably connected to the server 4 connected to the private network N2, and can send and receive data to and from the server 4. The transfer client 2 and the server 4 are connected to the global network N1 via the relay device 5.

The transfer server 1 is, for example, a server computer. The transfer server 1 corresponds to a first transfer device that receives communication data transmitted from the client device 3 and transfers the received communication data to the server 4 via the transfer client 2 in the private network N2. The client device 3 is an information processing device such as a server computer or a personal computer. The client device 3 may be a smartphone, a tablet terminal, or the like. The client device 3 corresponds to a first communication device that communicates with the server 4 via the transfer server 1 and the transfer client 2.

The transfer client 2 corresponds to a second transfer device that receives communication data from the transfer server 1 via the relay device 5 and transfers the received communication data to the server 4 via the private network N2. The transfer client 2 is, for example, a server computer. The server 4 receives the communication data transmitted from the client device 3 and outputs a response to the request of the client device 3. The server 4 corresponds to a second communication device that communicates with the client device 3 via the transfer server 1 and the transfer client 2. The server 4 is, for example, a web server, a file server, an API server, a proxy server, or the like, and provides services such as web content provision, file transfer, API provision, and communication relay.

The relay device 5 is a relay device 5 that relays communication between the private network N2 and the global network N1, and is, for example, a router, a gateway, or the like. The relay device 5 has a NAT (Network Address Translation) or NAPT (Network Address Port Translation) function that mutually translates a private IP address that can be used only in the private network N2 and a global IP address that is used in the global network N1. ..

The private network N2 to which the transfer client 2 and the server 4 are connected is not limited to those within the same segment. For example, the private network N2 may be a network of different segments, or may be a private network of another base connected by a VPN (Virtual Private Network).

The outline of the transfer method of the information processing system 100 in the first embodiment will be described. In the information processing system 100, a connection 6 for communication between the transfer client 2 and the transfer server 1 is first established in response to a request from the transfer client 2. The transfer server 1 uses the connection 6 to transmit a transfer request for designating a specific port of the server 4 in the private network N2 as a transfer destination to the transfer client 2. In response to the transfer request, a communication circuit that maps the reception port of the transfer server 1 to the specific port of the designated server 4, that is, a communication tunnel is established. After that, the communication data transmitted from the client device 3 to the reception port of the transfer server 1 is transferred to the specific port of the server 4 in the private network N2 via the transfer client 2 using the communication tunnel. The client device 3 on the global network N1 can access the specific server 4 in the private network N2 at an arbitrary timing.

The configuration and detailed processing contents of the information processing system 100 will be described below.

FIG. 2 is a block diagram showing an internal configuration of each device of the information processing system 100 according to the first embodiment. The transfer server 1 includes a control unit 10, a storage unit 11, and a communication unit 12. The transfer server 1 may be a multi-computer composed of a plurality of computers, or may be a virtual machine virtually constructed by software.

The control unit 10 is a processor using one or a plurality of CPUs (Central Processing Units) or GPUs (Graphics Processing Units), and uses a built-in memory such as a ROM (Read Only Memory) and a RAM (Random Access Memory). Control each component to execute processing. The storage unit 11 includes a storage device such as a hard disk and an SSD (Solid State Drive). The storage unit 11 stores programs and data referred to by the control unit 10 including the program 1P. The control unit 10 executes a process related to the transfer of communication data, which will be described later, based on the program 1P. The communication unit 12 is a communication device that realizes communication via the global network N1.

The program 1P stored in the storage unit 11 may be provided by a non-temporary recording medium 1A in which the program 1P is readablely recorded. The recording medium 1A is, for example, a portable memory such as a CD-ROM, a USB (Universal Serial Bus) memory, an SD (Secure Digital) card, a micro SD card, and a compact flash (registered trademark). In this case, the control unit 10 reads the program 1P from the recording medium 1A using a reading device (not shown), and stores the read program 1P in the storage unit 11. Further, the program 1P stored in the storage unit 11 may be provided by communication via the communication unit 12. In this case, the control unit 10 acquires the program 1P through the communication unit 12, and stores the acquired program 1P in the storage unit 11. The storage unit 11 may be composed of a plurality of storage devices, or may be an external storage device connected to the transfer server 1.

Further, the transfer information DB (Data Base: database) 111 is stored in the storage unit 11. FIG. 3 is a conceptual diagram showing the record layout of the transfer information DB 111. The transfer information DB 111 is a database that stores information for executing and managing the transfer of communication data. The transfer information DB 111 may be configured by, for example, a data storage system such as RDBMS (Relational DataBase Management System) or NoSQL (Not only SQL). The transfer information DB 111 may be stored in the cache memory, the file storage, and the in-process memory area of the program 1P.

For example, the transfer information DB 111 stores information such as an ID for identifying transfer information, a global IP address of the transfer client 2, identification information, transfer destination information, and a reception port number in association with each other. The global IP address of the forwarding client 2 is an address used for communication via the global network N1 of the forwarding client 2. The global IP address of the transfer client 2 is converted from the private IP address of the transfer client 2 to the global IP address held by the relay device 5 by the relay device 5.

The identification information is information for identifying (identifying) the service of the server 4 as the transfer destination, and includes, for example, an identification key. The identification key is unique data issued for each service of the server 4 that is the transfer destination, and is data that identifies the transfer destination. The identification information may include a user account that identifies a user who accesses the service of the server 4. The user account includes, for example, a user ID and a password. The user account may include the device ID of the server 4.

The transfer destination information is information that specifies the server 4 that is the transfer destination of the communication data and the service provided by the server 4. The transfer destination information includes, for example, the private IP address and port number (specific port) of the server 4. The private IP address is an address used for communication in the private network N2 of the server 4, and is a fixed IP address that identifies the server 4 in the private network N2. The port number (specific port) is a number for specifying the program of the communication destination when the computer communicates. The forwarding information is not limited to the private IP address and the port number. The transfer destination information may include a host name for designating the transfer destination server 4, a NetBIOS name, a protocol name for designating the service of the server 4, and the like. The transfer destination information may be stored using the transfer destination ID associated with the above-mentioned IP address, port number, and the like.

The reception port number is a port number used by the transfer server 1 when receiving communication data for transfer from the client device 3. When a communication tunnel is established between the specific port of the forwarding destination and the port (accepting port) of the forwarding server 1, the port number assigned to use the communication tunnel is stored in the receiving port number string.

The transfer client 2 includes a control unit 20, a storage unit 21, and a communication unit 22. The control unit 20 is a processor using one or a plurality of CPUs or GPUs, and uses a built-in memory such as a ROM and a RAM to control each component unit and execute processing. The storage unit 21 includes a storage device such as a hard disk and an SSD. The storage unit 21 stores programs and data referred to by the control unit 20 including the program 2P. The control unit 20 executes a process related to the transfer of communication data, which will be described later, based on the program 2P. The communication unit 12 is a communication device that realizes communication via the private network N2.

Further, the identification information DB 211 is stored in the storage unit 21. FIG. 4 is a conceptual diagram showing the record layout of the identification information DB 211. The identification information DB 211 is a database that stores identification information for identifying (identifying) the service of the server 4 that is the transfer destination. For example, the identification information DB 211 stores information such as an identification key, a user ID, and a password in association with each other. The identification information may include the device ID of the server 4. The details of the identification information stored in the identification information DB 211 are the same as the identification information of the transfer information DB 111. That is, the identification information is shared between the transfer server 1 and the transfer client 2.

The client device 3 includes a control unit 30, a storage unit 31, and a communication unit 32. The control unit 30 is a processor using one or a plurality of CPUs or GPUs, and uses a built-in memory such as a ROM and a RAM to control each component and execute processing. The storage unit 31 includes a storage device such as a hard disk and an SSD. The storage unit 31 stores programs and data referred to by the control unit 30. The communication unit 32 is a communication device that realizes communication via the global network N1.

The server 4 includes a control unit 40, a storage unit 41, and a communication unit 42. The control unit 40 is a processor using one or a plurality of CPUs or GPUs, and uses a built-in memory such as a ROM and a RAM to control each component unit and execute processing. The storage unit 41 includes a storage device such as a hard disk and an SSD. The storage unit 41 stores programs and data referred to by the control unit 40. The communication unit 42 is a communication device that realizes communication via the private network N2.

The above devices are not limited to those individually configured. For example, it may be configured as one device including a transfer client 2 and a server 4. Each of the above devices may be realized by software.

FIG. 5 is a sequence diagram showing an example of a procedure of operation processing executed in the information processing system 100. Hereinafter, the step is abbreviated as S.

The control unit 10 of the transfer server 1 acquires transfer information including identification information, transfer destination information, and the like and stores it in the transfer information DB 111 (S101). Further, the control unit 20 of the transfer client 2 acquires the identification information and stores it in the identification information DB 211 (S201). The method of acquiring the forwarding destination information and the identification information is not limited, but the following procedure is executed as an example.

The control unit 20 of the transfer client 2 stores in advance the private IP address and port number of the server 4 for accessing the service of the server 4 via the private network N2. The control unit 20 transmits a communication request to the transfer server 1. The control unit 10 of the transfer server 1 receives a communication request from the transfer client 2 and transmits an identification key for identifying the service (transfer destination) of the server 4 to the transfer client 2. The identification key is a unique key issued for each service of the server 4.

The control unit 20 of the transfer client 2 receives the identification key from the transfer server 1 and stores it in the identification information DB 211. In this case, the control unit 20 may generate a user account such as a user ID and a password for identifying the user corresponding to the identification key, and register the generated user account in association with the identification key. The control unit 20 associates the user account, the private IP address of the server 4, and the port number with the identification key, and transmits the identification key to the transfer server 1 via the relay device 5. The control unit 10 of the transfer server 1 receives the global IP address, identification key, user account, private IP address and port number of the server 4 of the transfer client 2 via the relay device 5, and stores them in the transfer information DB 111. By the above procedure, the transfer destination information and the identification information are stored respectively.

The control unit 20 of the transfer client 2 transmits a connection 6 establishment request to the transfer server 1 via the global network N1 (S202). The transfer client 2 reads the identification key of the server 4 that transfers the communication data from the identification information DB 211, and transmits the identification key in association with the establishment request. As the communication protocol via the global network N1, for example, TCP (Transmission Control Protocol) / IP (Internet Protocol) and HTTPS are used.

The control unit 10 of the transfer server 1 receives the connection 6 establishment request (S102) and transmits the response to the transfer client 2 (S103).

The control unit 20 of the transfer client 2 receives the response (S203). When the control unit 20 receives the response, the connection 6 is established between the transfer server 1 and the transfer client 2. After that, the transfer server 1 and the transfer client 2 can communicate with the transfer client 2 by continuing the connection 6 by, for example, polling, long polling, or the like. For example, the transfer client 2 periodically or periodically makes an inquiry to the transfer server 1 at predetermined intervals by using polling, and obtains a response to be pushed and transmitted from the transfer server 1 in response to the inquiry.

After establishing the connection 6, the control unit 10 of the transfer server 1 transmits a transfer request including the global IP address of the transfer server 1 to the transfer client 2 (S104). Since the connection 6 is established between the transfer server 1 and the transfer client 2, it is possible to transmit information from the transfer server 1 beyond NAT to the transfer client 2. The forwarding request is associated with forwarding information for designating (identifying) the forwarding destination. The transfer destination information includes a private IP address for designating the server 4 of the transfer destination and a port number for designating a service on the server 4. As the forwarding destination information, a forwarding destination ID or the like associated with the above-mentioned IP address and port number may be used. The transfer destination information may include a host name for identifying the transfer destination server 4, a protocol name for identifying the service of the server 4, and the like. The control unit 10 refers to the transfer information DB 111 based on the identification information related to the connection 6 establishment request, identifies the service of the transfer destination server 4 corresponding to the identification information, and identifies the IP of the specified transfer destination server 4. Acquire forwarding information including address and port number.

Also, the forwarding request is associated with information about the communication tunnel request. The information regarding the communication tunnel request includes the private IP address and port number of the transfer destination server 4, and the global IP address and reception port number of the transfer server 1. As the receiving port number, any port number may be specified, or it may be automatically assigned. The information regarding the communication tunnel request may include a user account, an authentication key, and the like.

The control unit 20 of the transfer client 2 receives a transfer request from the transfer server 1 (S204). The control unit 20 transmits a response to the received transfer request to the transfer server 1 (S205).

The control unit 10 of the transfer server 1 receives the response (S105). When the control unit 10 receives the response, the reception port of the transfer server 1 and the specific port of the server 4 designated as the transfer destination are mapped, and between the reception port of the transfer server 1 and the server 4 designated as the transfer destination. A communication tunnel is formed (established) at. The control unit 10 opens the reception port designated at the time of requesting the communication tunnel (S106), and waits for communication from the client device 3.

The control unit 30 of the client device 3 makes a communication connection to the reception port of the transfer server 1 and transmits a communication request for accessing the specific port of the server 4 (S301). The communication request includes identification information such as a user account. The control unit 10 of the transfer server 1 identifies a specific port of the server 4 to which the communication data from the client device 3 is transferred, based on the user account of the received communication request.

Communication is started, and communication is transferred between the reception port of the transfer server 1 and the specific port of the server 4 through the communication tunnel. As a specific example, the communication data addressed to the server 4 transmitted from the client device 3 to the reception port of the transfer server 1 is transferred to the transfer client 2 via the transfer server 1. The transfer client 2 transfers the communication data received from the reception port of the transfer server 1 to the specific port of the server 4. The communication data includes, for example, the IP address and port number of the transfer destination server 4, the total transmission data size, the total reception data size, and the like. Similarly, the communication data destined for the client device 3 transmitted from the designated port of the server 4 is transferred to the reception port of the transfer server 1 via the transfer client 2. The transfer server 1 transfers the received communication data to the client device 3.

The control unit 10 of the transfer server 1 acquires a termination notification from, for example, the client device 3 and terminates the communication. The control unit 10 disconnects the communication tunnel and ends a series of processes. When the server 4 is running, the connection 6 may be continued even after the communication tunnel is disconnected so that information can be transmitted / received to / from the client device 3 at all times.

In the above process, the control unit 10 may transmit a transfer request based on a request acquired from the outside. For example, the control unit 10 receives a request including identification information such as a user account from the client device 3. The control unit 10 specifies the transfer client 2 for establishing the connection 6 and the transfer destination information based on the identification information, and transmits the transfer request to the specified transfer client 2 using the connection 6.

In the above process, the transfer request is not limited to the one transmitted from the transfer server 1 to the transfer client 2, and may be transmitted from the transfer client 2 to the transfer server 1.

According to the present embodiment, the server 4 is used from the transfer server 1 on the global network N1 side to the transfer client 2 in the private network N2 by using the connection 6 established between the transfer server 1 and the transfer client 2. You can send a forwarding request by specifying a specific port of. Since the communication tunnel is easily established by using the transfer information of the transfer server 1 and the identification information of the transfer client 2, it is possible to reduce the burden of complicated settings for port mapping on the private network side. Since the communication data is transferred at the transport layer by TCP / IP, the security at the time of communication transfer can be improved.

In the above, an example in which the connection 6 is established by polling has been described, but the communication method in the present embodiment is not limited. The connection 6 may be, for example, by Websocket. The transfer client 2 transmits an establishment request to the transfer server 1 by communication using the HTTPS protocol. The establishment request includes information indicating an upgrade of the protocol to Websocket, identification information related to the server 4, and the like. The transfer server 1 transmits a response to the received connection 6 establishment request, and the transfer client 2 receives the response, thereby establishing a connection 6 by the Websocket protocol between the transfer server 1 and the transfer client 2. After that, the communication between the transfer server 1 and the transfer client 2 is performed using the connection 6 and using a telegram conforming to the Websocket protocol. This enables two-way communication, that is, push-type mutual communication.

According to the above-mentioned process, since the connection 6 is established in the application layer by Websocket, it is possible to further improve the security at the time of communication. Further, even if a protocol other than the HTTPS protocol is blocked as an unauthorized access in the access from the device on the global network N1 to the private network N2 due to the security setting condition of the network environment on the user side to receive the service. , The establishment of the connection 6 can be easily realized by using the Web socket protocol defined as an extension standard of the HTTPS protocol.

The connection 6 may be based on the CONNECT method. The CONNECT method is a method used when HTTPS communication is performed through a proxy server. The transfer client 2 transmits an establishment request to the transfer server 1 by communication using the HTTPS protocol. The establishment request contains information indicating a tunnel start request using the CONNECT method. The transfer server 1 transmits a response to the received connection 6 establishment request, and the transfer client 2 receives the response, whereby the connection 6 by the CONNECT method is established between the transfer server 1 and the transfer client 2. After that, the communication between the transfer server 1 and the transfer client 2 can tunnel the TCP connection using the connection 6. This enables two-way communication, that is, push-type mutual communication.

A specific application example of this embodiment will be described. The server 4 is a web server. The client device 3 includes a browser that accesses the web server, and executes operation processing of the browser. The client device 3 provides a cloud-type service that automatically executes a browser operation process for the server 4 in response to an execution instruction from the user. The client device 3 includes a procedure DB. The procedure DB stores procedure data. The procedure data includes a plurality of operation processing procedures in the browser of the client device 3. The procedure includes, for example, a data input operation on the browser screen, an element selection operation, a browser resizing operation, a browser scrolling operation, a tab switching operation, and the like. The procedure data is generated in advance by a user's external device that instructs the client device 3 to automatically execute the operation process, and the generated procedure data is stored in the procedure DB of the client device 3. The client device 3 reads the procedure data from the procedure DB and executes the operation process of the browser according to the read procedure data.

The client device 3 executes a browser operation process for inputting data to, for example, a sales management system, a sales management system, or the like of a user company. The control unit 30 of the client device 3 reads the procedure data from the procedure DB in response to the execution instruction acquired from the user, and starts the browser. The control unit 30 accesses the reception port of the transfer server 1 and transmits an HTTPS request for automatically executing the operation processing of the browser to the server 4. The HTTPS request is forwarded to the server 4 through the communication tunnel. The client device 3 acquires the HTTPS response transmitted from the server 4 through the communication tunnel. The client device 3 automatically executes a series of operation processes based on the procedure data, and transmits the execution result data received from the server 4 to the user's external device. In this way, the automatic execution service of the browser operation processing by the client device 3 is performed.

(Second Embodiment)
In the second embodiment, a configuration for determining whether or not to transfer to a transfer destination will be described based on the availability information. Hereinafter, the second embodiment will be described as different from the first embodiment. Since the other configurations except the configurations described later are the same as those of the information processing system 100 of the first embodiment, the common configurations are designated by the same reference numerals and detailed description thereof will be omitted.

FIG. 6 is a block diagram showing an internal configuration of each device of the information processing system 200 according to the second embodiment. The storage unit 21 of the transfer client 2 of the second embodiment further stores the availability information DB 212. The availability information DB 212 is a database that records the availability information. The possibility information is information for determining whether or not transfer to a specific port of the server 4 designated as a transfer destination is possible, and specifically includes data that identifies a transfer destination server or service that allows transfer. Will be posted.

FIG. 7 is an explanatory diagram illustrating the record layout of the availability information DB 212. For example, the pass / fail information DB 212 includes an identification ID for identifying pass / fail information, a private IP address of the server 4 for identifying the server that allows forwarding, a port number for identifying the service of the server 4 that allows forwarding, and the like. Information is associated and stored. The IP address or port number is not limited to a single piece of data, and may be data indicating a range band that allows forwarding, such as an IP address band or port number band that allows forwarding. The host name, domain name, protocol name, and the like may be stored in the availability information. The availability information may be managed by a forwarding ID associated with an IP address, a port number, and the like.

The transfer client 2 determines whether or not to allow transfer to the server 4 designated as the transfer destination based on the availability information. Alternatively, the transfer client 2 determines whether or not to allow transfer to the service of the server 4 designated as the transfer destination based on the availability information. The transfer client 2 permits the transfer request only within the range of the service of the server 4 recorded in the availability information DB 212. Note that the pass / fail information is not limited to recording the range of the server 4 that allows the transfer, and may record the range of the server 4 that does not allow the transfer, that is, rejects the transfer. In this case, the transfer client 2 determines whether or not to reject the transfer to the service of the server 4 designated as the transfer destination based on the availability information. Identification information such as a user account may be further associated with the availability information. That is, a range in which forwarding is permitted or disallowed may be set for each user account.

FIG. 8 is a sequence diagram showing an example of a procedure of operation processing executed in the information processing system 200 according to the second embodiment. The same number is assigned to the processes common to FIG. 5 of the first embodiment, and detailed description thereof will be omitted.

The control unit 10 of the transfer server 1 acquires the transfer information and stores it in the transfer information DB 111 (S101). The control unit 20 of the transfer client 2 acquires the identification information and stores it in the identification information DB 211 (S201). The control unit 20 also acquires availability information including the IP address and port number of the server 4 that permits forwarding, and stores the acquired availability information in the availability information DB 212 (S211). The method of acquiring the availability information is not limited, but it may be acquired by communicating with an external management server, for example.

The control unit 20 of the transfer client 2 transmits a request for establishing a connection 6 to the transfer server 1 (S202). The transfer client 2 reads the identification information of the server 4 from the identification information DB 211 and transmits it in association with the establishment request. The control unit 10 of the transfer server 1 receives the connection 6 establishment request (S102) and transmits the response to the transfer client 2 (S103). The control unit 20 of the transfer client 2 receives the response (S203). When the control unit 20 receives the response, the connection 6 is established between the transfer server 1 and the transfer client 2.

After establishing the connection 6, the control unit 10 of the transfer server 1 transmits a transfer request for forming a communication tunnel to the transfer client 2 (S104). The forwarding request is associated with forwarding information including the IP address and port number of the server 4 for designating the forwarding destination, and information about the communication tunnel request. The transfer request may be associated with identification information such as a user account.

The control unit 20 of the transfer client 2 receives the transfer request (S204). The control unit 20 permits transfer to the transfer destination related to the transfer request by comparing the destination IP address and port number of the transfer destination information associated with the received transfer request with the IP address and port number of the pass / fail information. It is determined whether or not to do so (S212). The control unit 20 may determine whether or not the transfer destination is permitted for the user account based on the user account acquired at the time of the transfer request.

When it is determined that the forwarding is not permitted because the destination IP address and the port number of the forwarding destination information are not included in the pass / fail information (S212: NO), the control unit 20 sends a response indicating that the forwarding is not allowed to the forwarding server 1. Send and finish the process. The control unit 20 may return the process to S204 and maintain the established state of the connection 6.

When it is determined that the transfer is permitted because the destination IP address and the port number of the transfer destination information are included in the permission information (S212: YES), the control unit 20 transmits a response indicating the transfer permission to the transfer server 1 (S). S213).

The control unit 10 of the transfer server 1 receives a response indicating transfer permission (S111). When the control unit 10 receives the response indicating the transfer permission, a communication tunnel is formed between the reception port of the transfer server 1 and the specific port of the server 4 connected to the transfer client 2. The control unit 10 opens the reception port (S106). The control unit 30 of the client device 3 transmits a communication request to the specific port destination of the server 4 to the reception port of the transfer server 1 (S301). Communication is started, and communication data is transferred between the reception port of the transfer server 1 and the specific port of the server 4 through the communication tunnel.

According to the present embodiment, it is determined whether or not the transfer is possible based on the information on whether or not the range of the destinations that allow or disallow the transfer is set. Since the transfer to the server 4 or the port of the server 4 exceeding the preset range is rejected, it is possible to prevent unauthorized access to the server 4 in the private network N2 and improve the security of the communication. can.

In the above, an example in which the transfer client 2 holds the transfer possibility information and determines the transfer possibility is described, but the present embodiment is not limited, and the transfer server 1 may be configured to determine the transfer possibility. In this case, the transfer server 1 receives a transfer request including the IP address and port number of the transfer destination server 4 from an external device such as the client device 3. The forwarding server 1 determines whether or not to permit forwarding of the received forwarding request to the IP address and port number based on the storage availability information. Only when it is determined that the transfer is permitted, the transmission process of the transfer request of S104 is executed. The transfer server 1 may receive identification information such as a user account and a transfer destination, and may determine whether or not the transfer destination is permitted for the received user account. That is, the transfer server 1 functions as a transfer permission server that determines whether or not to permit the acquired transfer request.

(Third Embodiment)
In the third embodiment, a configuration for establishing a plurality of connections between the transfer server 1 and the transfer client 2 will be described. Hereinafter, the differences between the third embodiment and the first embodiment will be described. Since the other configurations except the configurations described later are the same as those of the information processing system 100 of the first embodiment, the common configurations are designated by the same reference numerals and detailed description thereof will be omitted.

FIG. 9 is a diagram showing an outline of the information processing system 300 according to the third embodiment. In the third embodiment, the first connection 61 related to the communication of the transfer request and the second connection 62 related to the transfer of the communication data are established between the transfer server 1 and the transfer client 2.

10 and 11 are sequence diagrams showing an example of a procedure of operation processing executed in the information processing system 300 according to the third embodiment.

The control unit 10 of the transfer server 1 acquires the transfer information and stores it in the transfer information DB 111 (S121). The control unit 20 of the transfer client 2 acquires the identification information and stores it in the identification information DB 211 (S221). The control unit 20 also acquires the availability information and stores it in the availability information DB 212 (S222).

The control unit 20 of the transfer client 2 transmits a request for establishing the first connection 61 to the transfer server 1 via the global network N1 (S223). The transfer client 2 reads the identification information of the server 4 from the identification information DB 211 and transmits it in association with the establishment request. The control unit 10 of the transfer server 1 receives the request for establishing the first connection 61 (S122) and transmits the response to the transfer client 2 (S123). The control unit 20 of the transfer client 2 receives the response (S224). When the control unit 20 receives the response, the first connection 61 is established between the transfer server 1 and the transfer client 2.

After establishing the first connection 61, the control unit 10 of the transfer server 1 transmits a transfer request to the transfer client 2 (S124). The forwarding request is associated with forwarding information for specifying the forwarding destination. The control unit 20 of the transfer client 2 receives the transfer request (S225).

The control unit 20 determines whether or not to allow the received transfer request (S226). When it is determined that the transfer is not permitted (S226: NO), the control unit 20 ends the process. When it is determined that the transfer is permitted (S226: YES), the control unit 20 transmits a response indicating the transfer permission to the transfer server 1 (S227). The control unit 10 of the transfer server 1 receives a response indicating transfer permission (S125). The determination process related to the transfer permission may be omitted.

The control unit 20 of the transfer client 2 transmits a request for establishing the second connection 62 to the first transfer server 1a via the global network N1 (S228). The transfer client 2 reads the identification information of the server 4 from the identification information DB 211 and transmits it in association with the establishment request. The control unit 10 of the transfer server 1 receives the request for establishing the second connection 62 (S126) and transmits the response to the transfer client 2 (S127). The control unit 20 of the transfer client 2 receives the response (S229). When the control unit 20 receives the response, the second connection 62 is established between the transfer server 1 and the transfer client 2.

After establishing the second connection 62, the control unit 10 of the transfer server 1 transmits a communication tunnel request to the transfer client 2 (S128). The communication tunnel request includes the private IP address and port number of the transfer destination server 4, and the global IP address and reception port number of the transfer server 1. The control unit 20 of the transfer client 2 receives the communication tunnel request (S230). The control unit 20 transmits a response to the received communication tunnel request to the transfer server 1 (S231). The control unit 10 of the transfer server 1 receives the response (S129). When the control unit 10 receives the response, a communication tunnel is formed between the reception port of the transfer server 1 and the specific port of the server 4 designated as the transfer destination. The control unit 10 opens the reception port (S130). The control unit 30 of the client device 3 transmits a communication request addressed to the specific port of the server 4 to the reception port of the transfer server 1 (S321). Communication is started, and communication data is transferred between the reception port of the transfer server 1 and the specific port of the server 4 through the communication tunnel. The second connection 62 and the communication tunnel may be disconnected after the transfer is completed.

According to the present embodiment, by establishing the first connection 61 for the transfer request and the second connection 62 for the transfer of communication data, communication is efficiently performed using each connection.

In the above, an example in which two connections are established between the transfer server 1 and the transfer client 2 has been described, but the present embodiment is not limited. For example, the transfer server 1 includes a first transfer server and a second transfer server, a first connection 61 is established between the first transfer server and the transfer client 2, and a first connection 61 is established between the second transfer server and the transfer client 2. The second connection 62 may be established at. In this case, the first transfer server functions as a transfer permission server for determining whether or not to permit the transfer request, and the second transfer server functions as a communication transfer server for transferring communication data. It is possible to efficiently communicate with a plurality of transfer servers 1 on the global network via one transfer client 2 in the private network, and processing or functions can be distributed among the transfer servers 1.

(Fourth Embodiment)
In the fourth embodiment, a configuration for sharing connection information among a plurality of transfer servers will be described. Hereinafter, the fourth embodiment will be described as different from the first embodiment. Since the other configurations except the configurations described later are the same as those of the information processing system 100 of the first embodiment, the common configurations are designated by the same reference numerals and detailed description thereof will be omitted.

FIG. 12 is a diagram showing an outline of the information processing system 400 according to the fourth embodiment. In FIG. 12, the relay device 5 and the global network N1 are not shown. The transfer server 1 of the fourth embodiment includes a first transfer server 1a and a second transfer server 1b. The transfer server 1 is not limited to the one including two servers, and may include three or more servers. The first transfer server 1a and the second transfer server 1b are communication-connected with a transfer client 2 connected to a different private network N2 via the global network N1 and the relay device 5, respectively.

For example, the private network N2 is a LAN installed in the user's home or office, and the server 4 is a webcam or network attached storage (NAS) used in the home or office. The user of the server 4 can access the server 4 in the home from outside the home via the transfer client 2 by communicating with the transfer server 1 using the client device 3 connected to the external network. The user can access the webcam from outside the home to acquire the image in the home taken by the webcam, or access the NAS from outside the home to acquire the file saved in the NAS in the home. be able to. In the present embodiment, the server 4 may be configured as one device including the function of the transfer client 2.

The first transfer server 1a includes a control unit 10a, a storage unit 11a, and a communication unit 12a. The second transfer server 1b includes a control unit 10b, a storage unit 11b, and a communication unit 12b. Since the hardware configurations of the first transfer server 1a and the second transfer server 1b are the same as those of the transfer server 1 of the first embodiment, illustration and detailed description thereof will be omitted.

The first transfer server 1a and the second transfer server 1b can each read and write information to and from the connection information DB 112. The connection information DB 112 is a database in which connection information is recorded. The connection information is information on the connection (establishment) status of the connection between the first transfer server 1a and the second transfer server 1b and the transfer client 2, and the correspondence between the transfer server and the transfer client 2 that establish each connection. It is information indicating.

FIG. 13 is a conceptual diagram showing the record layout of the connection information DB 112. For example, the connection information DB 112 includes an identification ID, a global IP address and port number of the transfer server, a global IP address of the transfer client 2 that establishes the first connection 61 with the transfer server, and a server 4 connected to the transfer client 2. Information such as identification information (PIN code in the example of FIG. 13), transfer destination information including the IP address and port number of the server 4 is stored in association with each other. The first transfer server 1a and the second transfer server 1b record the connection information regarding the first connection 61 in the connection information DB 112 each time the transfer client 2 and the first connection 61 are established. The first transfer server 1a and the second transfer server 1b redirect the communication data received from the client device 3 to another transfer server based on the shared connection information. The connection information DB 112 is stored in the storage unit 11a of the first transfer server 1a and the storage unit 11b of the second transfer server 1b, respectively, and shares the connection information between the first transfer server 1a and the second transfer server 1b. It may be configured.

14 and 15 are sequence diagrams showing an example of a procedure of operation processing executed in the information processing system 400 according to the fourth embodiment.

The control unit 10a of the first transfer server 1a acquires the transfer information and stores it in the transfer information DB 111 (S141). The control unit 20 of the transfer client 2 acquires the identification information and stores it in the identification information DB 211 (S241). In this embodiment, a PIN code unique to each server 4 is used as the identification information. The processing order is not limited, and the control unit 10a of the first transfer server 1a receives the transfer destination information including the IP address and port number of the server 4 from the transfer client 2 in S142 described later, and the transfer information. It may be stored in DB 111.

The control unit 20 of the transfer client 2 transmits a request for establishing the first connection 61 to the first transfer server 1a via the global network N1 (S242). The transfer client 2 reads the identification information (PIN code) of the server 4 from the identification information DB 211, and transmits the identification information (PIN code) in association with the establishment request. The control unit 10a of the first transfer server 1a receives the request for establishing the first connection 61 (S142) and transmits the response to the transfer client 2 (S143). The control unit 20 of the transfer client 2 receives the response (S243). When the control unit 20 receives the response, the first connection 61 is established between the first transfer server 1a and the transfer client 2. That is, a session between the webcam or NAS and the transfer server 1 of the global network is established via the transfer client 2 in the private network. The control unit 20 opens a predetermined port number and listens for communication from the client device 3.

The control unit 10a of the first transfer server 1a stores the connection information regarding the establishment state of the new connection in the connection information DB 112 (S144). The connection information includes, for example, the IP address of the transfer client 2 that establishes a connection with the own device, the identification information associated with the connection establishment request, the corresponding transfer destination information, and the like.

The above processing is also executed between the second transfer server 1b and the second transfer client 2, and the first connection 61 is established between the second transfer server and the second transfer client 2. The established state of the connection between each transfer server and the transfer client 2 is recorded in the connection information DB 112 at any time. As a result, connection information indicating the connection status of the other transfer servers is shared between the transfer servers.

After establishing the first connection 61, the user uses the client device 3 to access the transfer server 1 in order to acquire the image data of the webcam and the NAS file. The control unit 30 of the client device 3 transmits a transfer request to the transfer server 1 (S341). The server to which the client device 3 transmits the transfer request may be any server in the transfer server 1, that is, the transfer request is transmitted to either the first transfer server 1a or the second transfer server 1b. The following processing is, for example, a procedure for processing when the transfer request is transmitted to the second transfer server 1b that is not connected to the transfer destination related to the transfer request of the client device 3.

Information for designating the server 4 of the transfer destination and the service is associated with the transfer request, and for example, identification information, transfer information, and the like are associated with the transfer request. When the client device 3 accesses the second transfer server 1b using a browser, for example, the host name and port number of the second transfer server 1b, the host name and port number of the own device, and the PIN code and protocol name in the path are entered. The transfer request may be made by designating the transfer destination server 4 and the service by the included URL.

The control unit 10b of the second transfer server 1b receives the transfer request (S441). The control unit 10b acquires the connection information with reference to the connection information DB 112 (S442). Based on the acquired connection information, the control unit 10b identifies the transfer destination designated by the client device 3 and the transfer server that establishes the first connection 61 (S443). Specifically, the control unit 10b sets a transfer server (first transfer server 1a) that is establishing a first connection 61 with a transfer client 2 that connects to the server 4 identified by the PIN code based on the PIN code. Identify. The control unit 10b transmits redirect information such as a URL for accessing the specified first transfer server 1a or a global IP address of the first transfer server 1a to the client device 3 (S444). The control unit 10b may specify the transfer server based on the transfer destination information.

The control unit 30 of the client device 3 receives the redirect information (S342). The control unit 30 transmits a transfer request to the first transfer server 1a based on the redirect information (S343). In this way, by sharing the connection information between the first transfer server 1a and the second transfer server 1b, even when the client device 3 connects to the second transfer server 1b for which a connection has not been established, the client The device 3 can be redirected to the first transfer server 1a. The control unit 10b of the second transfer server 1b directly transfers the transfer request received from the client device 3 to the first transfer server 1a by relaying the communication data between the transfer servers without going through the client device 3. You may.

The control unit 10a of the first transfer server 1a receives the transfer request (S145). The control unit 10a identifies a transfer destination including the IP address and port number of the transfer destination based on the PIN code and protocol associated with the transfer request and the information held in the transfer information DB 111, and transfers the specified transfer destination. Get the destination information. In this case, the control unit 10a may specify the service of the server 4 by the listening port of its own device. The control unit 10a transmits a transfer request associated with the acquired transfer destination information to the transfer client 2 (S146).

The control unit 20 of the transfer client 2 receives the transfer request (S244). The control unit 20 transmits a response to the received transfer request to the first transfer server 1a (S245). The control unit 20 of the transfer client 2 may execute a determination process of whether or not to allow the transfer request. The control unit 10a of the first transfer server 1a receives the response (S147).

The control unit 20 of the transfer client 2 transmits a request for establishing the second connection 62 to the first transfer server 1a via the global network N1 in response to the transfer request (S246). The transfer client 2 reads the identification information of the server 4 from the identification information DB 211 and transmits it in association with the establishment request. The control unit 10a of the first transfer server 1a receives the request for establishing the second connection 62 (S148) and transmits the response to the transfer client 2 (S149). The control unit 20 of the transfer client 2 receives the response (S247). When the control unit 20 receives the response, the second connection 62 is established between the first transfer server 1a and the transfer client 2.

After establishing the second connection 62, the control unit 10a of the first transfer server 1a transmits a communication tunnel request to the transfer client 2 (S150). The communication tunnel request includes the IP address and port number of the transfer destination server 4, and the global IP address and reception port number of the first transfer server 1a. The control unit 20 of the transfer client 2 receives the communication tunnel request (S248). The control unit 20 transmits a response to the received communication tunnel request to the first transfer server 1a (S249). The control unit 10a of the first transfer server 1a receives the response (S151). When the control unit 10a receives the response, a communication tunnel is formed between the reception port of the first transfer server 1a and the specific port of the server 4 designated as the transfer destination. The control unit 10a opens the reception port (S152).

The control unit 30 of the client device 3 transmits a communication request addressed to the specific port of the server 4 to the reception port of the first transfer server 1a (S345). Communication is started, and communication data is transferred between the reception port of the first transfer server 1a and the specific port of the server 4 through the communication tunnel. For example, when the server 4 is a webcam, the control unit 30 of the client device 3 receives data from the server 4 by a stream distribution protocol such as RTSP (Real Time Streaming Protocol). When the server 4 is NAS, the control unit 30 of the client device 3 receives data according to a protocol such as HTTPS from the server 4. When the server 4 provides a file service such as file sharing, the SMB protocol may be used as an upper layer protocol of TCP / IP.

In the above process, the control unit 30 of the client device 3 may form a communication path for a specific port of the server 4 in advance by transmitting a request associated with only the PIN code to the transfer server 1. The control unit 30 acquires the connection state of the port of the server 4 by receiving, for example, connection information or transfer information from the transfer server 1. The control unit 30 sets the number of ports of its own device corresponding to the port of each server 4 to the standby state according to the connection state of the acquired port of the server 4. After that, the control unit 30 accesses the transfer server 1 using any one of the ports in the standby state, specifies a PIN code and a protocol, and transmits a transfer request. In this case, it is preferable that the control unit 30 executes the process based on the service-dedicated application program rather than the general-purpose application such as a browser.

In the above, the process of redirecting the transfer request from the client device 3 to the second transfer server 1b to the first transfer server 1a has been described, but the present embodiment is not limited. When the second transfer server 1b that has received the transfer request identifies that the local server is a transfer server connected to the transfer destination related to the transfer request, the second transfer server 1b does not perform the above-mentioned redirect process and transfers after S145. May be executed.

According to the present embodiment, connection information is shared even when a plurality of transfer servers including the first transfer server 1a and the second transfer server 1b and a plurality of transfer clients 2 have established different connections. By doing so, communication from the client device 3 to the specific server 4 becomes possible. The transfer server 1 and the transfer client 2 efficiently use a first connection for communication related to a transfer request and a second connection for data communication established in response to a transfer request from the client device 3. Can communicate with.

(Fifth Embodiment)
In the fifth embodiment, a plurality of communication data are transferred using a single connection 6 in response to a request from the plurality of client devices 3. FIG. 16 is a diagram showing an outline of the information processing system 500 according to the fifth embodiment. In FIG. 16, the relay device 5 and the global network N1 are not shown. The transfer server 1 of the fifth embodiment is communicatively connected to each of the first client device 3 and the second client device 3.

The transfer server 1 receives communication to the reception port from each of the first client device 3 and the second client device 3. When the control unit 10 of the transfer server 1 accesses the reception port from the first client device 3, the control unit 10 connects a transfer request to the specific port of the server 4 as the transfer destination in response to the access from the first client device 3. 6 is used to transmit to the transfer client 2. A communication tunnel is formed between the reception port of the transfer server 1 and the specific port of the server 4 in response to the response from the transfer client 2. The control unit 10 transfers communication data from the first client device 3 through a communication tunnel formed by using the connection 6. In this case, the control unit 10 transfers the communication data to the transfer client 2 in association with the information indicating that the communication is from the first client device 3. The transfer client 2 transfers communication data to a specific port of the server 4. The server 4 receives the communication data, associates the information indicating that the communication is with the first client device 3, and transmits the HTTPS response to the transfer server 1 via the transfer client 2. The transfer server 1 transmits the HTTPS response to the first client device 3 based on the information indicating that the communication is to the first client device 3 associated with the HTTPS response.

When the control unit 10 of the transfer server 1 accesses the reception port from the second client device 3, the control unit 10 transfers communication data through the same communication tunnel. In this case, the control unit 10 transfers the communication data in association with the information indicating that the communication is from the second client device 3 as described above. In this way, by tagging the communication data with the information indicating the destination, it is possible to transfer the communication data while identifying the plurality of communication data through one communication tunnel. According to the present embodiment, a plurality of communication data from different sources on the global network side can be efficiently transmitted into the private network by using one connection and a communication tunnel.

(Sixth Embodiment)
In the sixth embodiment, communication data is transferred to a plurality of servers 4 in the private network in response to requests from the plurality of client devices 3. FIG. 17 is a diagram showing an outline of the information processing system 600 according to the sixth embodiment. In FIG. 17, the relay device 5 and the global network N1 are not shown. The transfer server 1 of the sixth embodiment is communicatively connected to each of the first client device 3 and the second client device 3. The transfer client 2 is in communication connection with each of the first server 4 and the second server 4.

The transfer server 1 receives communication data from each of the first client device 3 and the second client device 3 to different reception ports of its own device. The transfer server 1 uses a single connection 6 established with the transfer client 2 to transmit a transfer request corresponding to each communication, thereby causing a plurality of reception ports of its own device and the server 4. Form a communication tunnel with each of a plurality of specific ports. The transfer server 1 transfers communication data from the first client device 3 to the specific port of the first server 4 by using the first communication tunnel. The transfer server 1 transfers communication data from the second client device 3 to the specific port of the second server 4 by using the second communication tunnel.

According to the present embodiment, the transfer server 1 efficiently transfers a plurality of communication data to a plurality of servers 4 connected to the transfer client 2 by using a plurality of communication tunnels formed by using a single connection 6. Can be transferred. In the present embodiment, the server 4 may be connected to the transfer server 1 and the client device 3 may be connected to the transfer client 2. That is, the client and the server may be installed on both the global network side and the private network side, respectively.

(7th Embodiment)
In the seventh embodiment, the server 4 functions as a proxy server. FIG. 18 is a diagram showing an outline of the information processing system 700 according to the seventh embodiment. In FIG. 18, the relay device 5 and the global network N1 are not shown. The server 4 of the seventh embodiment is configured to be communicably connected to a plurality of web servers connected to the private network N2. The server 4 is a proxy server that relays communication to each web server and accesses each web server on behalf of the server 4. The communication data transmitted from the client device 3 is transferred to the specific port of the proxy server 4 via the transfer server 1 and the transfer client 2. The communication data includes the URL of the web server that is the access destination of the client device 3. The proxy server 4 identifies the access destination web server based on the received communication data, and transmits the communication data to the specified web server. The plurality of web servers are not limited to those provided in the private network N2. Each web server may be provided on the global network via the private network N2.

According to the present embodiment, the client device 3 can directly specify and communicate with the URL of the web server in the private network on the browser. The communication data transmitted from the client device 3 is transferred to the proxy server 4 via the communication tunnel. The proxy server 4 accesses each web server specified by the URL based on the communication data. Each web ahead of the proxy server 4 using one communication tunnel formed between the forwarding server 1 and the proxy server 4 without forming a separate communication tunnel for each web server in the private network. Since a plurality of communication data can be transferred to the server 4, efficient communication is possible.

In the examples shown in the first to seventh embodiments, it is possible to realize other embodiments by combining all or a part of the configurations shown in each embodiment. The sequence shown in each embodiment is not limited, and each processing procedure may be executed in a different order, or a plurality of processes may be executed in parallel.

The embodiments disclosed this time are exemplary in all respects and are not restrictive. The scope of the present invention is indicated by the scope of claims and includes all modifications within the meaning and scope equivalent to the scope of claims.

1 Transfer server (first transfer device)
10 Control unit 11 Storage unit 12 Communication unit 1P program 111 Transfer information DB
112 Connection information DB
2 Transfer client (second transfer device)
20 Control unit 21 Storage unit 2P program 211 Identification information DB
212 Yes / No Information DB
3 Client device (first communication device)
4 Server (second communication device)
5 Relay device 6 Connection 61 1st connection 62 2nd connection 100,200,300,400,500,600,700 Information processing system

Claims (14)

A second transfer device connected to the private network for communication between the first transfer device connected to the global network and transferring the communication received from the first communication device and the second communication device connected to the private network. It is an information processing method that is transferred via
The first transfer device is
Obtaining a connection establishment request from the second transfer device,
A connection between the first transfer device and the second transfer device is established in response to the acquired connection establishment request.
Using the established connection, transfer destination information for designating a specific port of the second communication device as a transfer destination, a reception port of the first transfer device that receives communication from the first communication device, and the above. A transfer request including a communication tunnel request for forming a communication tunnel for transferring communication between the reception port of the first transfer device and the specific port of the second communication device by mapping with a specific port of the second communication device. Is transmitted to the second transfer device,
By receiving the response transmitted from the second transfer device in response to the transmitted transfer request, the reception port of the first transfer device and the specific port of the second communication device specified by the transfer destination information. Form the communication tunnel that maps to
By transferring the communication between the reception port of the first transfer device and the specific port of the second communication device through the formed communication tunnel, the first communication device can be connected to the second communication device by the communication tunnel. By accessing the reception port of the first transfer device mapped to the specific port, the specific port of the second communication device is accessed via the first transfer device and the second transfer device.
Information processing method. The second transfer device stores identification information for identifying the second communication device.
The first transfer device is a transfer destination for designating the identification information for identifying the second communication device and the specific port of the second communication device including the specific port of the second communication device as a transfer destination. The information is stored in association with the reception port of the first transfer device that is mapped to the specific port of the second communication device by the communication tunnel .
The first transfer device obtains the connection establishment request from the second transfer device in association with the identification information for identifying the second communication device.
Based on the specific port of the second communication device of the transfer destination information associated with the acquired identification information and the reception port of the first transfer device, the specific port of the second communication device including the communication tunnel request is assigned . The transfer request designated as the transfer destination is transmitted to the second transfer device, and the transfer request is transmitted.
When establishing the communication tunnel, the reception port of the first transfer device is opened.
The information processing method according to claim 1. The information processing method according to claim 2 , wherein the identification information includes an identification key different for each service of the second communication device . The transfer destination information includes an IP address or a host name for designating the second communication device, and the transfer destination information.
Includes a port number or protocol for designating a service in the second communication device.
The information processing according to claim 2 or 3 , wherein the transfer request for designating the service in the second communication device and the second communication device of the transfer destination is transmitted to the second transfer device based on the transfer destination information. Method. Stores availability information for determining whether transfer to a specific port in the second communication device or the second communication device designated as the transfer destination.
Based on the judgment result based on the stored possibility information, the permission response to the transfer request is output.
The information processing method according to any one of claims 1 to 4 , wherein the communication tunnel is formed according to the output permission response. The first transfer device is communicably connected to a plurality of the first communication devices.
Accepting communication from a plurality of the first communication devices to the reception port, respectively,
The information processing method according to any one of claims 1 to 5 , wherein the communication received from the plurality of first communication devices is transferred through the single communication tunnel. The first transfer device is communicably connected to a plurality of the first communication devices.
Accepting communication from a plurality of the first communication devices to the reception port, respectively,
In response to each communication from the plurality of received first communication devices to the reception port, the plurality of transfer requests are transmitted to the second transfer device using the single connection.
Any of claims 1 to 6 , respectively, for transferring communication between the reception port of the first transfer device and the specific port of the second communication device through each communication tunnel formed in response to the plurality of transfer requests. The information processing method according to item 1. The connection includes a first connection and a second connection.
The first connection is established between the first transfer device and the second transfer device for transmitting the transfer request.
The second connection is established between the first transfer device and the second transfer device forming the communication tunnel.
The transfer request is transmitted from the first transfer device that transmits the transfer request to the second transfer device using the first connection.
Claims 1 to 7 form the communication tunnel for transferring communication between the reception port of the first transfer device forming the communication tunnel and the specific port of the second communication device using the second connection. The information processing method according to any one of the above. The first transfer device is communicably connected to the first communication device including a browser.
The second communication device is a proxy server that is communicably connected to the web server.
The first transfer device receives the communication of the browser that accesses the web server, and receives the communication.
The information processing method according to any one of claims 1 to 8 , wherein the communication of the browser is transferred to the proxy server through the communication tunnel, and the web server is accessed via the proxy server. The information processing method according to any one of claims 1 to 9 , wherein the connection is based on Websocket. A plurality of the above connections are established between the plurality of the first transfer devices and the plurality of the second transfer devices, respectively.
The connection information stored in association with the first transfer device and the second transfer device for establishing each connection is shared among the plurality of first transfer devices.
The first transfer device of any one of the plurality of first transfer devices is destined for a specific port of the second communication device connected to the second transfer device of any one of the plurality of second transfer devices. The connection request is received from the first communication device.
Based on the received connection request, the other first transfer device that establishes a connection with any one of the second transfer devices connected to the second communication device related to the connection request is specified by referring to the connection information. death,
The information processing method according to any one of claims 1 to 10 , wherein the first communication device is redirected to the specified other first transfer device. The information processing method according to any one of claims 1 to 11 , wherein the second communication device is a network storage or a webcam. It includes a first transfer device connected to the global network and transferring the communication received from the first communication device, and a second transfer device connected to the private network, and is connected to the first transfer device and the private network. An information processing system that transfers communication with a second communication device via the second transfer device.
The first transfer device is
An acquisition unit that acquires a connection establishment request from the second transfer device, and
An establishment unit that establishes a connection between the first transfer device and the second transfer device in response to the connection establishment request acquired by the acquisition unit.
Using the connection established by the establishment unit, transfer destination information for designating a specific port of the second communication device as a transfer destination, and reception of the first transfer device that receives communication from the first communication device. A communication tunnel request for forming a communication tunnel for transferring communication between the reception port of the first transfer device and the specific port of the second communication device by mapping the port and the specific port of the second communication device. A transmission unit that transmits a transfer request including the transfer request to the second transfer device, and a transmission unit.
By receiving the response transmitted from the second transfer device in response to the transfer request transmitted by the transmission unit, the reception port of the first transfer device and the second communication designated by the transfer destination information. A forming unit forming the communication tunnel that maps to a specific port of the device,
The first communication device includes a transfer unit that transfers communication between a reception port of the first transfer device and a specific port of the second communication device through the communication tunnel formed by the formation unit, and the first communication device is the communication tunnel. By accessing the reception port of the first transfer device that is mapped to the specific port of the second communication device, the specific port of the second communication device is reached via the first transfer device and the second transfer device. to access
Information processing system. For computers connected to the global network
Obtain a connection establishment request from a transfer device connected to a private network and
In response to the acquired connection establishment request, a connection between the computer and the transfer device is established, and the connection is established.
Using the established connection, transfer destination information for designating a specific port of the second communication device connected to the private network as a transfer destination, and a reception port of the computer that accepts communication from the first communication device. The transfer request including a communication tunnel request for forming a communication tunnel for transferring communication between the reception port of the computer and the specific port of the second communication device by mapping with the specific port of the second communication device. Send to the transfer device,
By receiving the response transmitted from the transfer device in response to the transmitted transfer request, the reception port of the computer and the specific port of the second communication device specified by the transfer destination information are mapped. Form a communication tunnel,
By transferring the communication between the reception port of the computer and the specific port of the second communication device through the formed communication tunnel, the first communication device becomes the specific port of the second communication device by the communication tunnel. By accessing the reception port of the mapped computer, the specific port of the second communication device is accessed via the computer and the transfer device.
A computer program to execute processing.

Images