JP2006211406A - Communication system using network, communication apparatus and program used for the communication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To accomplish a technology for performing efficient call control, VPN communication and the like in a wide area mesh network. <P>SOLUTION: A user terminal 16 is registered in a desired communication group in advance. The user terminal 16 first takes part in a communication group and then establishes a connection call to a destination user terminal connected to a network system 10 or a connection call to a prescribed server or the like. The destination user terminal 16 similarly takes part in the communication group. After a communication originating side and an opposite party side "take part" in the communication group together, communication is started between the both. The user terminal 16 of the opposite party takes part in the communication group, so that the network system 10 determines an arbitrary data route and determines a VPN data communication route on a data link layer (MAC layer). <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a communication device using a network, and further relates to a program for realizing the communication device. In other words, the present invention relates to a call control device characterized by a call control method using a network and a program therefor.

  In recent years, the use of a wide area mesh network has been widely studied. Various sightseeing spot service systems and local government networks using this wide-area mesh network have been studied.

  In this patent, it is called a wide area mesh network, but it may be simply called a wide area mesh network (net) or simply a wide area mesh network. Further, the wide area mesh network may be referred to as a mesh type wide area network.

Examples of Invention Related to Network Communication Patent Document 1 below discloses a broadband communication technique using a multi-hop mesh network. Patent Document 2 below discloses a configuration in which device groups using non-hierarchical networks monitor each other. Further, Patent Document 3 below discloses a technique related to allocation of wireless communication line traffic in a mobile wireless communication network. In particular, Patent Document 3 below describes a technique for creating a map representing assignment.

JP-T 2002-512050 JP-T-2002-517921 JP 2004-215265 A

  Now, the wide area mesh network is literally a mesh network and its use is being studied. The most noticeable use of this wide-area mesh network is to build a private network on this network. Thereby, for example, a VPN (Virtual Private Network) can be realized.

  However, a method for performing efficient call control in a wide area mesh network is not yet known. There is also no established VPN communication method.

  The present invention has been made in view of such circumstances, and an object thereof is to realize a technique for performing efficient call control and VPN communication in a wide area mesh network.

  The present invention employs the following means in order to solve the above problems.

A. Invention related to communication system First, the invention related to the entire communication system is as follows.

  (1) In order to solve the above problems, the present invention connects a plurality of communication lines, a plurality of communication lines, a plurality of base stations constituting a network, and any one of the base stations, A terminal accommodating station that communicates with a user terminal, and a management server that is connected to any one of the base stations, and manages a communication group that represents a group of user terminals that can communicate with each other. In a communication system comprising a network system and the user terminal that communicates using the network system, the management server manages and distributes information on the user terminal registered in a communication group And storing at least the identifier of the communication group, the ID of the user terminal and the authentication code. Distribution means, and database means for managing and storing the communication status of each communication group for each communication group, at least the IDs of user terminals currently participating in the communication group and assigned to the user terminals The database means for storing the address and the user terminal that intends to participate in the predetermined communication group using the authentication code in the distribution means, and if the result of the authentication permits the participation, An authentication registration management means for assigning a predetermined address to a user terminal and storing the ID of the user terminal and the assigned address in the database means.

  With such a configuration, it is possible to logically communicate for each communication group.

  (2) Further, according to the present invention, in the communication system of (1), the database unit further stores an authentication code of a user terminal currently participating in a communication group, and the authentication registration management unit includes: In the communication system, when the participation of a user terminal who intends to participate in a predetermined communication group is permitted, the authentication code of the user terminal is stored in the database means.

  With such a configuration, user terminals can be managed smoothly.

  (3) Further, according to the present invention, in the communication system of (1), the user terminal executes communication in the first communication group and communication in the second communication group. Storage means for storing the second address for the first communication means for performing communication in the first communication group using the first address, and using the second address, And a second communication means for executing communication in the second communication group, wherein the communication using the first communication means and the communication using the second communication means can be executed simultaneously. System.

  With such a configuration, two types of communication can be performed simultaneously. The two communication means may be services of the same quality or different services. Further, the case where there are three or more types of communication means is naturally included in the technical scope of the present invention.

  (4) Further, the present invention includes a location server connected to any of the base stations and managing the position of the user terminal in the communication system of (1), wherein the location server includes the user terminal Storage means for storing the ID and the authentication code, the ID of the currently operating user terminal, the authentication code of the operating user terminal, and the address of the terminal accommodating station that accommodates the operating user terminal And a database authentication means for storing the registration authentication means, and the registration authentication means uses the initial authentication code when receiving the ID of the user terminal and the initial authentication code from the user terminal. Authentication is performed, if authentication is possible, a terminal authentication code unique to the user terminal is generated, and the terminal authentication code is transmitted to the user terminal. It is a communication system characterized by storing end authentication code in the database.

  With such a configuration, the position (location) of the user terminal can be grasped.

  (5) In the communication system according to (4), the location server includes a distribution unit that distributes a control address to each terminal accommodating station, and the terminal accommodating station Storage means for storing the distributed control address, storing a table of the distributed control address and the ID of the user terminal that is the distribution destination, and a request from the user terminal located in the jurisdiction user cell And distributing means for distributing one of the distributed control addresses, and storing the ID of the user terminal of the distribution destination in the table, the user terminal comprising: A communication system is characterized in that communication for control is executed using the provided control address.

  With this configuration, the user terminal can perform call control and the like using a control address. In the embodiment described later, an example of an IP address is shown as a control address, but it goes without saying that another address may be used.

  (6) Further, according to the present invention, in the communication system of (5), the terminal accommodation station includes a terminal Alive confirmation unit, and the terminal Alive confirmation unit is located in a user cell of the terminal accommodation station. Storage means for storing a terminal list which is a list of user terminals, wherein the terminal Alive confirmation means stores information on the user terminals when the registration and authentication requests are transmitted from the user terminals. And the registration and authentication request is transferred to the location server, the user terminal specific authentication code transmitted from the location server is transferred to the user terminal, and the user terminal A communication system characterized in that predetermined communication is performed using a unique authentication code.

  With such a configuration, it is possible to confirm the presence of the user terminal with a request for registration / authentication from the user terminal.

  (7) Further, in the communication system according to (6), the terminal Alive confirmation unit is configured so that the user terminal does not receive a control address request from the user terminal for a predetermined period or longer. Is determined not to be located in the user cell of jurisdiction, deletes the information on the user terminal from the terminal list, and notifies the location server that the user terminal is not located in the user cell. It is a communication system.

  With such a configuration, it is possible to smoothly grasp that the user terminal has moved out of the user cell.

  (8) Further, the present invention is the communication system according to (7), wherein the user terminal includes address request means for requesting a control address from the terminal accommodating station at a predetermined cycle. It is a communication system.

  According to such a configuration, the presence of the user terminal can be periodically confirmed. The predetermined period is not necessarily strictly a fixed period. It is also a preferable aspect that only the maximum cycle is determined and the request is generated in a cycle shorter than that cycle.

B. Invention on Communication Device (9) Next, the present invention relates to a plurality of communication lines, a plurality of base stations that connect the plurality of communication lines, constitute a network, and connect to any one of the base stations. A network including: a terminal accommodating station that communicates with a terminal; and a management server that is connected to any one of the base stations and that manages a communication group representing a group of user terminals that can communicate with each other Distribution means for managing and distributing information of the user terminal registered in a communication group in the management server used in a communication system comprising a system and the user terminal that performs communication using the network system And at least the identifier of the communication group, the ID of the user terminal and the authentication code A database means for managing and storing the communication status in the communication group for each communication group, and at least the IDs of user terminals currently participating in the communication group; A database means for storing the address assigned to the user terminal; and a user terminal to join a predetermined communication group is authenticated using an authentication code in the delivery means. A management server comprising: an authentication registration managing means for assigning a predetermined address to the user terminal when permitting, and storing the ID of the user terminal and the assigned address in the database means.

  With such a configuration, communication for each communication group can be smoothly performed on one network. In the embodiment described later, the VPN management server is shown as a preferred example of the management server, but the communication group may be defined by other methods.

  (10) In the management server according to (9), the database unit further stores an authentication code of a user terminal currently participating in a communication group, and the authentication registration management unit includes: The management server stores the authentication code of the user terminal in the database means when permitting the participation of the user terminal intending to participate in a predetermined communication group.

  With such a configuration, user terminals can be managed smoothly.

  (11) Further, the present invention connects a plurality of communication lines, the plurality of communication lines, a plurality of base stations constituting a network, and connects to any one of the base stations to communicate with a user terminal. A network system comprising: a terminal accommodating station to perform; a management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other; and the network A first address for executing communication in a first communication group and communication in a second communication group in the user terminal used in a communication system comprising the user terminal that performs communication using a system Storage means for storing the second address for executing the first address, and the first address Using first communication means for executing communication in the first communication group, and second communication means for executing communication in the second communication group using the second address, A user terminal capable of simultaneously executing communication using a first communication unit and communication using the second communication unit.

  With such a configuration, two types of communication can be performed simultaneously. The two communication means may be services of the same quality or different services. Further, the case where there are three or more types of communication means is naturally included in the technical scope of the present invention.

  The “user terminal” includes various mobile communication devices in addition to mobile phones and PDAs. For example, a notebook personal computer may be combined with communication means.

  (12) Furthermore, the present invention connects a plurality of communication lines, the plurality of communication lines, a plurality of base stations constituting a network, and connects to any one of the base stations to communicate with a user terminal. A management server connected to any one of the base stations, a management server for managing a communication group representing a user terminal group capable of communicating with each other, and connected to any of the base stations In the location server used in a communication system comprising: a network system that includes a location server that manages a position of the user terminal; and the user terminal that performs communication using the network system. Storage means for storing the ID and authentication code of the terminal, the ID of the currently operating user terminal, and the operating A database means for storing an authentication code of the user terminal and an address of a terminal accommodating station that accommodates the user terminal in operation, and a registration authentication means. When the user terminal ID and the initial authentication code are received, authentication using the initial authentication code is performed. If authentication is possible, a terminal authentication code unique to the user terminal is generated, and the terminal authentication code is generated. Is sent to the user terminal, and the terminal authentication code is stored in the database.

  With such a configuration, the position (location) of the user terminal can be grasped.

  (13) Further, the present invention is the location server according to (12), including distribution means for distributing a control address to each terminal accommodating station.

  With this configuration, the location server can centrally manage control addresses.

  (14) Further, according to the present invention, in the terminal accommodating station used in the communication system having the location server of (13), the distributed control address is stored, and the distributed control address and distribution are further stored. A storage means for storing a table of IDs of user terminals, which are the destinations, and any one of the distributed control addresses distributed in response to a request from a user terminal located in the user cell having jurisdiction And a distribution means for storing the ID of the user terminal as a distribution destination in the table, and causing the user terminal to execute communication for control using the provided control address. A terminal accommodating station characterized by that.

  With such a configuration, it is possible to cause the user terminal to perform call control using a control address. In the embodiment described later, an example of an IP address is shown as a control address, but it goes without saying that another address may be used.

  (15) Further, according to the present invention, in the terminal accommodation station according to (14), the terminal accommodation station includes a terminal Alive confirmation unit, and the terminal Alive confirmation unit is located in a user cell of the terminal accommodation station. Storage means for storing a terminal list which is a list of the user terminals, and the terminal Alive confirmation means, when a request for registration and authentication is transmitted from the user terminal, information on the user terminal And the registration and authentication request is forwarded to the location server, the authentication code unique to the user terminal transmitted from the location server is forwarded to the user terminal, and the user terminal A terminal accommodating station that performs predetermined communication using a terminal-specific authentication code.

  With such a configuration, it is possible to confirm the presence of the user terminal with a request for registration / authentication from the user terminal.

  (16) Further, the present invention provides the terminal accommodating station according to (15), wherein the terminal Alive confirming unit is configured so that the user terminal does not transmit a control address request for a predetermined period or longer. The terminal is determined not to be located in the user cell having jurisdiction, the information on the user terminal is deleted from the terminal list, and the location server is notified that the user terminal is not located in the user cell. The terminal accommodating station.

  With such a configuration, it is possible to smoothly grasp that the user terminal has moved out of the user cell.

  (17) Further, the present invention provides an address request means for requesting a control address from the terminal accommodating station at a predetermined cycle in a user terminal that performs communication using the terminal accommodating station described in (16) above, It is a user terminal characterized by including.

  According to such a configuration, the presence of the user terminal can be periodically confirmed. The predetermined period is not necessarily strictly a fixed period. It is also a preferable aspect that only the maximum cycle is determined and the request is generated in a cycle shorter than that cycle.

C. Invention relating to program The invention relating to a program for operating a computer as each communication device in B will be described below. The operation of these inventions is basically the same as the various communication devices described in B above.

  (18) Next, the present invention connects a plurality of communication lines and the plurality of communication lines to form a network, and connects to any one of the base stations to communicate with a user terminal. A network system comprising: a terminal accommodating station that performs a management server that performs management of a communication group that represents a user terminal group that can communicate with each other, and a management server connected to any of the base stations; Information about the user terminal registered in the computer in a communication group in a program for operating a computer as the management server used in a communication system including the user terminal that performs communication using a network system Distribution procedure for managing and distributing at least a communication group And at least the communication group in the database means for managing and storing the communication status in each communication group, the distribution procedure for storing the identifier of the user terminal, the ID and authentication code of the user terminal in a predetermined storage means A database storage procedure for storing an ID of a user terminal currently participating in the user terminal, an address assigned to the user terminal, and a user terminal that intends to participate in a predetermined communication group in the predetermined storage means. Authentication registration is performed by using the authentication code and assigning a predetermined address to the user terminal and storing the ID of the user terminal and the assigned address in the database means when the participation is permitted as a result of the authentication. Management procedures, and It is a program to collect.

  (19) Further, in the program according to (18), in the database storing procedure, the present invention further includes an authentication code of a user terminal currently participating in a communication group in the database means in the computer. In the authentication registration management procedure, when allowing the user terminal to participate in a predetermined communication group to be allowed to participate in the computer, the authentication code of the user terminal is A program characterized by causing a process to be stored in a database means to be executed.

  (20) In the present invention, a plurality of communication lines, a plurality of communication lines connected to each other, a plurality of base stations constituting a network, and any one of the base stations connected to communicate with a user terminal. A network system comprising: a terminal accommodating station to perform; a management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other; and the network In the program for operating a computer as the user terminal used in a communication system including the user terminal that performs communication using a system, the computer stores the communication in the first communication group in the computer. In the first address and the second communication group A second address for performing communication; a first communication procedure for performing communication in the first communication group using the first address; and a second address for performing communication. A second communication procedure for executing communication in the second communication group, and the communication using the first communication means and the communication using the second communication means can be executed simultaneously. It is a program to do.

  (21) Further, the present invention connects a plurality of communication lines, the plurality of communication lines, a plurality of base stations constituting a network, and connects to any one of the base stations to communicate with a user terminal. A management server connected to any one of the base stations, a management server for managing a communication group representing a user terminal group capable of communicating with each other, and connected to any of the base stations A computer serving as the location server used in a communication system comprising: a network system including a location server that manages a position of the user terminal; and the user terminal that performs communication using the network system. In the program to be operated, the ID of the user terminal and the authentication code are given to the computer A database that stores the storage procedure to be stored in the storage means, the ID of the currently operating user terminal, the authentication code of the operating user terminal, and the address of the terminal accommodating station that accommodates the operating user terminal When the computer stores the database procedure stored in the means and the registration authentication procedure, and the computer receives the ID of the user terminal and the initial authentication code from the user terminal in the registration authentication procedure. And authenticating using the initial authentication code, and if authentication is possible, generating a terminal authentication code specific to the user terminal, transmitting the terminal authentication code to the user terminal, and the terminal authentication code Is stored in the database.

  (22) Further, the present invention is the program according to (21), wherein the computer causes the terminal accommodating station to execute a distribution procedure for distributing a control address.

  (23) Further, according to the present invention, in a program for causing a computer to operate as a terminal accommodating station used in a communication system including the location server according to (13), a predetermined control address is assigned to the computer. A storage procedure for storing the table of the control address and the ID of the user terminal that is the distribution destination stored in the storage means, and a request from the user terminal located in the user cell having jurisdiction In response, distributing any one of the distributed control addresses to the user terminal, and further executing a distribution procedure for storing the ID of the user terminal of the distribution destination in the table. Is a program characterized by

  (24) Further, in the program according to (23), the present invention causes the computer to execute a terminal Alive confirmation procedure, and the terminal Alive confirmation procedure is performed in the user terminal located in a user cell of the terminal accommodating station. A procedure for storing a terminal list, which is a list of the above, in a predetermined storage means, and when a request for registration and authentication is transmitted from the user terminal, information on the user terminal is stored in the terminal list, and further, registration is performed. And a procedure for transferring an authentication request to the location server and transferring an authentication code unique to the user terminal transmitted from the location server to the user terminal.

  (25) Further, in the program according to (24), the terminal alive confirmation procedure may further include the user A when a control address request is not transmitted from the user terminal for a predetermined period or longer. Determining that the terminal is not located in the user cell of jurisdiction, deleting the information of the user terminal from the terminal list, and notifying the location server that the user terminal is not located in the user cell. It is a program characterized by this.

  (26) Further, according to the present invention, in a program for operating a computer as a user terminal that performs communication using the terminal accommodating station of (16), the computer controls the terminal accommodating station at a predetermined cycle. An address request procedure for requesting an address for use is executed.

  As described above, according to the present invention, communication on a network can be performed smoothly.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described with reference to the drawings. In the following, Chapter 1 describes the basic configuration and operating principle, and Chapter 2 describes the configuration of each device. Chapter 3 describes a specific example of operation.

Chapter 1 Basic Configuration and Principle of Operation In this embodiment, a mesh-type wide area network (hereinafter simply referred to as network system 10) as shown in FIG. Operations and the like will be described in order.

1-1 Overall Configuration As shown in FIG. 1, the network system 10 includes base stations 12a to 12g. Each base station 12 (ag) has a corresponding user cell 14 (ag). In short, the user cell 14 is a communication area where each base station 12 can provide a service. Each base station 12 can provide a communication service to the user terminal 16 when the user terminal 16 is located in the user cell 14. This state is described as “each base station 12 accommodates the user terminal 16 in the user cell 14”.

* Regarding the term “network system” , in the present embodiment, the network system 10 refers to the entire equipment excluding the user terminal 16. That is, the system includes a base station 12, a communication line 30, a terminal accommodating station 22, a VPN management server 20, and a location server 18, which will be described later. The gateway 24 is also a component of the network system 10 when connecting to the outside. Each component will be sequentially described below. The network system 10 plus the user terminal 16 is called a “communication system”.

  Each base station 12 relays communication between the user terminals 16. The base stations 12 are connected to each other by a communication line 30 in a mesh connection form, and the base stations 12 communicate with each other using the mesh connection communication line 30.

  Therefore, user terminals 16 existing in (different) user cells 14 (communication areas) managed by different base stations 12 can communicate with each other.

  A characteristic feature of the present embodiment is that the network system 10 provides a mesh-type communication connection as a “physical connection”. This connection may be by any means. For example, an optical fiber or wireless communication may be used. Further, although it is appropriate to use a general PtoP (Point to Point) protocol, various conventionally known protocols can also be used.

  Also, “communication group connection” at the data link layer (MAC layer) level is provided as “logical connection”. This is realized by performing group management using labels at the MAC layer level.

  This communication group is communication within a certain group. First, a user (user terminal 16) selects and registers a communication group that he / she wants to participate in, thereby enabling communication within the group. In order to perform communication in the network system 10 in the present embodiment, it is necessary to register in at least one communication group. The specific operation of registration will be described in detail later.

  The user terminal 16 can participate in a plurality of communication groups at the same time, and can communicate as long as the user terminal 16 moves between the user cells 14 in the communication area 40 covered by the participating communication group. Is possible.

  The communication area 40 covered by each communication group means a geographical range, and FIG. 2 shows a diagram showing the communication areas 40 of the three communication groups.

  FIG. 1 shows communication areas 40 of three communication groups, that is, a communication area 40a, a communication area 40b, and a communication area 40c. The communication area 40a is a range covered by the communication group A, the communication area 40b is a range covered by the communication group B, and the communication area 40c is a range covered by the communication group C.

  The communication area 40 of such a communication group is set by registering the communication group with the base station 12 that supports the communication of the group. For example, the communication group A in the communication area 40a in FIG. 1 is registered in the base stations 12a, 12b, 12c, 12d, 12e, 12f, and 12g. As a result, the communication group A has the communication area 40a. The user terminal 16 located in the communication area 40a, that is, in the user cells 14a to 14g of the base stations 12a to 12g, performs communication (communication) within the communication group A if registered in the communication group A. Can do. That is, it is possible to perform communication with other user terminals 16 located in the communication area 40a and registered with the communication group A.

  If the user terminal 16 is not registered in the communication group A and wants to perform communication using the communication group A, the user terminal 16 may register immediately in the communication group A and immediately communicate. It is possible to start. Detailed operations will be described later.

  In general, it is considered that a single base station 12 often supports a plurality of communication groups. Accordingly, the user terminal 16 can perform communication by selecting a desired communication group from the communication groups set in the base station 12 that controls the user cell 14 in which the user terminal 16 is located. . The selected communication group needs to be registered in advance by the user terminal 16. If not registered, the user terminal 16 can immediately perform a registration operation on the spot. Details of the registration operation will be described later.

  As described above, the communication group that can be used (participated) by the user terminal 16 is a communication group registered by the user terminal 16 and a base that has jurisdiction over the user cell 14 in which the user terminal 16 is located. This is a communication group set in the station 12.

* Regarding the terms “participation”, “registration”, and “withdrawal” In this embodiment, “participation” means starting to use the communication system. In this embodiment, in order to perform communication, it is necessary to “register” in any communication group in advance, and in order to start communication based on this registration, logically “participate” in a predetermined communication group. Need to be. If “participating”, it is possible to communicate with other user terminals 16 participating in the communication group. As will be described later, the user terminal to which the VPN management server 20 participates is grasped.

  On the other hand, suspending communication and ending “participation” in the communication group may be referred to as “leave”.

  When the user terminal 16 is registered in a plurality of communication groups, the user terminal 16 can participate in the plurality of communication groups “simultaneously”. That is, two types of services can be used simultaneously.

  For example, when participating in a TV broadcast group and listening to commentary on baseball, it is possible to use the camera at the same time, such as joining a live video group of cameras provided at a baseball stadium and viewing the live video.

  A communication group is assigned a network ID indicating the group. For example, the ID of the communication group A is easy to understand if it is determined as “A”, but of course any ID may be used. For example, it is also preferable to use an L2 layer label as described later. The ID and the identifier are properly used depending on the place of use, but the meaning is almost the same.

  This ID is treated as an identifier for providing a VPN function when performing intra-group communication. Communication groups include security-aware communication groups such as intra-company intranets, provider-based service groups such as telephone / broadcast / video distribution, community groups in local communities, groups owned by municipalities such as municipalities, etc. Applicable to various groups. That is, in the present embodiment, a plurality of completely different groups can be logically multiplexed on the network system 10. This is one of the characteristic points in the present embodiment.

  The size of a typical user cell 14 in FIGS. 1 and 2 is about 100 m to 1 km in diameter, but it may be larger and it is preferable to use a smaller user cell. The entire network system 10 in FIGS. 1 and 2 is typically about several kilometers to several tens of kilometers. However, of course, it may be much larger than this, and it is preferable to realize it on a much smaller scale.

1-2 Features of Communication Operation The details of the communication operation in this embodiment will be described in Chapter 3. The main features will be described as follows.

  (1) First, register with the communication group to which the user terminal 16 itself belongs. And when you want to communicate, join the communication group.

  (2) Next, the calling user terminal 16 is connected to the user terminal 16 as a destination (communication partner) that can be connected to the mesh network (that is, the network system 10), or a predetermined server, etc. Establish a connection call to

  (3) After this establishment, the destination (destination) user terminal 16 participates in the same communication group in which the caller has joined. This participation can also be forced. Note that the VPN management server 20 (details will be described later) for managing the communication group always participates in the group.

  After both the communication originator and the other party “join” the communication group, communication between them is started.

  (4) When the (terminal) user terminal 16 joins the communication group, an arbitrary data path is determined on the network side (network system 10 side), and a VPN on the data link layer (MAC layer) is established. Determine the data communication path. Here, the determination on the network side means that each base station 12 in the network system 10 determines and determines the data path. Note that various algorithms are conventionally known for determining the data path in the mesh type network, and therefore an appropriate method may be adopted as appropriate.

  As described above, it is possible to establish a VPN for each communication group on the mesh network.

  A particularly useful point in the present embodiment is that the user terminal 16 can simultaneously participate in a VPN group (that is, a communication group) in a plurality of mesh-type network networks (that is, the network system 10). An explanatory view showing this state is shown in FIG.

  By having such characteristics, a plurality of logical VPN groups can exist on a single physical network. Therefore, the network system 10 in the present embodiment can be developed as a next generation communication platform such as a fusion of a next generation broadcasting network and a communication network, or a service sharing of a plurality of ISP / ASP / CSP.

  The connection call is established by connecting the user terminal 16 and the server via the IP routing of the base station 12 and calling the user terminal 16 that is the partner terminal by the user terminal 16 that is the calling terminal. The

  Here, the server is a VPN management server 20 in which the user terminal 16 as a transmission terminal participates and manages a communication group used for communication. The VPN management server 20 may be located anywhere, but it is generally preferable to arrange it near one of the base stations 12. The VPN management server 20 is shown in FIG.

  Thus, after the user terminals 16 are connected to each other by call control, the terminal accommodating station on the network side (that is, the network system 10) is independent of the IP routing path of the base station 12 that accommodates each user terminal 16. A mechanism for establishing a VPN data communication path between 22 (two terminal accommodating stations on the transmission side and the destination side) is adopted. In order for the user terminal 16 to communicate with the base station 12, a terminal accommodating station 22 is connected to the base station 12. The range covered by the terminal accommodating station 22 is the user cell 14.

  Thus, since the user terminal 16 is connected to the base station 12 via the terminal accommodating station 22, the “base station 12 accommodating the user terminal 16” is “connected to the terminal accommodating station 22 accommodating the user terminal 16. It means “the base station 12”. The terminal accommodating station 22 is shown in FIG. 3, and details thereof will be described later.

  A VPN group, that is, a communication group, refers to an individual group that is a result of grouping (sometimes referred to as grouping) by classification such as application attributes, user terminal 16 attributes, or service attributes provided by the communication group. . This grouping is managed by the VPN management server 20.

  As the grouping, grouping based on regional factors is also preferable. For example, it is possible to form a group that performs local citizen communication. Further, grouping by application to be used is also preferable. For example, it is conceivable to form a group that performs a moving image relay application. Of course, it is also preferable to form a group in order to construct an intranet-like network in which communication can be performed only among participants. In other words, it is possible to arbitrarily perform grouping from a business viewpoint.

  By such grouping, each communication group is operated by the VPN management server 20 on the network system 10. The VPN management server 20 may exist anywhere in the network system 10 (see FIG. 3).

1-3 Multiple Communication Groups FIG. 3 shows an explanatory diagram showing how the user terminal 16 belongs to multiple communication groups, that is, VPN groups, and communicates with multiple groups. As shown in this figure, the user terminal 16 that is a transmission terminal performs two types of data processing communication with the terminal accommodating station 22.

  The terminal accommodating station 22 shown in FIG. 3 is a device that manages communication with the user terminal 16. The terminal accommodating station 22 is connected to the base station 12, whereby the terminal accommodating station 22 can use a network extending between the base stations 12.

  In other words, the terminal accommodating station 22 is a device that handles communication on the user terminal 16 side, and the base station 12 is a device that connects a wide area network. That is, the base station 12 is a device on the communication line 30 side. In practice, both are often configured as a single unit, but in the present embodiment, they will be described separately for convenience. The user cell 14 is determined according to the terminal accommodating station 22.

  In the present embodiment, a configuration in which one terminal accommodating station 22 is connected to one base station 12 will be described. Therefore, as shown in FIG. 1, one user cell 14 corresponds to one base station 12. However, a configuration in which a plurality of terminal accommodating stations 22 are connected to one base station 12 may be adopted. In this case, a plurality of user cells 14 are provided for one base station 12, but the essential operation is the same as in the present embodiment except for this point.

  In the example illustrated in FIG. 3, the user terminal 16-1 participates in two communication groups, that is, VPN1 and VPN2. Therefore, the user terminal 16-1 performs not only VPN1 data communication but also VPN2 data communication with the base station 12.

  The user terminal 16-1 on the transmission side (referred to as the transmission terminal 16-1) uses the route of the terminal accommodating station 22-1, the base station 12h, the base station 12k, and the terminal accommodating station 22-2 as a destination terminal. It communicates with 16-2. In the present embodiment, this communication is called a VPN1 data system. In addition, the said path | route is an example and may become another path | route.

  The user terminal 16-1 on the transmission side (transmission terminal 16-1) connects to the external server 52 of the external network 50 using the route of the terminal accommodating station 22-1, the base station 12h, the base station 12j, and the gateway 24. And communicating. In the present embodiment, this communication is called a VPN2 data system. As described above, in this embodiment, it is possible to connect to an external network via the gateway 24. In addition, the said path | route is an example and may become another path | route.

  Furthermore, the user terminal 16-1 (transmission terminal 16-1) performs not only these data communication but also control communication for controlling communication with the base station 12 (terminal accommodating station 22) and the like. Is going between. This control system communication is shown in FIG. As shown in this figure, the communication of the control system is distributed to most devices in the network system 10. When registering / joining a communication group, it is necessary to perform communication between the VPN management server 20 and the control system.

  Further, when the user terminal 16 communicates in the network system 10, it is necessary to register the position of the user terminal 16 in the location server 18 that manages the position of the user terminal 16. It is necessary to perform control system communication with the terminal 16.

  As described above, in the example illustrated in FIGS. 3 and 4, the transmission terminal (user terminal) 16-1 participates in two types of communication groups at the same time and performs two types of data communication at the same time. We are also communicating.

  3 and 4, the base station 12 is represented by a symbol in which a mark “X” is added to “◯”.

1-4 Movement of User Terminal The network system 10 in the present embodiment considers area movement of the user terminal 16. As a process at that time, when the user terminal 16 moves and moves to a user cell 14 of a terminal accommodating station 22 (base station 12) different from the previous one, the user terminal 16 moves to a new terminal accommodating station 22 (base The reconnection process to the station 12) is executed. As a result, re-registration with the location server 18 is performed. The location server 18 may be located anywhere in the network system 10 and manages which user terminal 16 is located in the user cell 14 of each base station 12 (location). 2).

  When the user terminal 16 moves and enters the user cell 14 of the base station 12 (terminal accommodating station 22) different from the conventional one, for data communication, in the terminal accommodating station 22, the user terminal 16 is assigned to which communication group. It is quickly checked whether it belongs. Based on the inspection result, data communication for the communication group (VPN group) can be restored at high speed. Specific operations will be described in detail later (2-5-2 etc.).

Chapter 2 Configuration of Each Device Before describing a specific operation example in the next Chapter 3, each configuration of the terminal accommodating station 22 and the like constituting the network system 10 will be described.

2-1 Configuration of Terminal Accommodation Station FIG. 5 shows a configuration diagram of the terminal accommodation station 22. As described so far, the terminal accommodating station 22 is arranged between the base station 12 and the user terminal 16, and performs call control transfer and switch operation in the MAC layer.

  As shown in FIG. 5, the terminal accommodating station 22 has a first MAC interface 22a for performing an interface with the user terminal 16 at the MAC layer level. Similarly, the second MAC interface 22b is similarly provided for the base station 12.

  The first MAC interface 22a is provided with a first VPN label interface 22c, and the second MAC interface 22b is provided with a second VPN label interface 22d. These various interfaces are conventionally known to be composed of hardware for the interface, a program for controlling the interface, and a processor for executing the program, and can be easily created by those skilled in the art.

  Further, VPN level 2 data communication is performed between the first VPN label interface 22c and the second VPN label interface 22d. In FIG. 5, “L2” means level 2.

  In order to control data communication, various means are provided in the terminal accommodating station as described below. The terminal accommodating station is preferably composed of a computer, and each means described below is mainly composed of a program stored in the storage means and a processor (CPU) that executes the program and executes the operation of each means. The

(1) Proxy server means 22e for call control information
The proxy server means 22e is a proxy server that handles call control information. Specific operations will be described later. As described above, the proxy server unit 22e includes a processor and a program. This program is called a “call control proxy” (see FIG. 5). The proxy server itself is a conventionally well-known server function and can be easily implemented by those skilled in the art.

(2) Control IP address distribution means 22f to the user terminal 16
The control IP address distribution unit 22 f is a unit that distributes the control IP address to the user terminal 16. The IP address distributed here is previously distributed from the location server 18. As described above, the IP address distribution unit 22f includes a processor and a program. This program is stored in a predetermined storage means. This program is called a “terminal-compatible application” as shown in FIG. Furthermore, in this patent, the term “application” means an application program (or may simply be called “application”).

  The control IP address referred to here corresponds to a preferred example of the control address in the claims.

  Further, the IP address distribution unit 22f includes a storage unit for storing the distributed IP address. The storage means is preferably provided with a table or the like for recording the distribution status. It is preferable to store the ID of the user terminal 16 that is the distribution destination and the distributed control IP address in the table. Further, this storage means is preferably shared with the storage means in which the program is stored.

(3) Terminal Alive confirmation means 22g for detecting movement of the user terminal 16
The terminal Alive confirmation unit 22g confirms whether the already registered user terminal 16 exists under the management of the terminal accommodating station 22, in other words, whether it is located in the user cell 14. This information is called a terminal ID list and is stored in a predetermined storage means. In this terminal ID list, the ID of the user terminal 16 whose existence has been confirmed is stored.

  Confirmation of whether or not the user terminal 16 exists is realized by the terminal Alive confirmation means 22g periodically checking the control IP address request packet transmitted by the user terminal 16. If the terminal alive confirmation unit 22g determines that the user terminal 16 no longer exists as a result of the periodic inspection, the terminal Alive confirmation unit 22g deletes the user terminal 16 from the terminal ID list, and The location server 18 is notified that the user terminal 16 is not located in the user cell 14 of the terminal accommodating station. In addition, you may store various information other than ID of the user terminal located in the user cell 14 in a terminal ID list.

  On the other hand, when a user terminal 16 newly entering the user cell 14 is found, the ID of the user terminal 16 is recorded in the terminal ID list, and the fact that the new user terminal 16 has been found, and The location server 18 is notified of the ID of the found user terminal 16. It is assumed that the user terminal 16 is newly found when the control IP address request packet transmitted by the user terminal 16 is received.

  This terminal Alive confirmation means 22g is also composed of a processor and a program executed by this processor as in the above-described means. As shown in FIG. 5, this program is called a “location server compatible application”. This program is stored in a predetermined storage means. The terminal Alive confirmation unit 22g includes a predetermined storage unit for storing the terminal ID list. The storage means is preferably shared with the storage means in which the program is stored, but may be a separate unit.

(4) VPN group distribution means 22h
If there is a VPN group browsing request from the user terminal 16, the VPN group distribution unit 22h distributes the VPN group list received from the VPN management server 20 in advance. The VPN group distribution means 22h is also composed of a processor and a program executed by the processor. As shown in FIG. 5, this program is called a “VPN management server compatible application”. This program is stored in a predetermined storage means.

  Further, the VPN group distribution means 22h includes a predetermined storage means for storing the VPN group list. The storage means is preferably shared with the storage means in which the program is stored, but may be a separate unit.

  The means (1) to (4) are connected to the first and second MAC interfaces 22a and 22b using the TCP / IP protocol 22i.

2-2 Configuration of Location Server FIG. 6 shows a configuration diagram of the location server 18. As described above, the location server 18 is connected to one of the base stations 12 in the network system 10. The location server 18 is a server that manages the position of the user terminal 16.

  As shown in FIG. 6, the location server 18 includes registration authentication means 18 a, and the registration authentication means 18 a controls specific operations of the location server 18. The registration authentication unit 18a is configured by a so-called computer, and includes a processor (also referred to as a CPU), a program executed by the processor, a storage unit storing the program, and the like. The operation of the location server 18 is executed by the processor executing this program.

  The location server 18 has the following functions.

(1) Terminal ID / Authentication Code List Management First, the location server 18 stores a terminal ID / authentication code list 18b. This storage is realized by storing the terminal ID / authentication code list 18b in a predetermined storage means. The registration authentication unit 18a manages the terminal ID / authentication code list 18b, and executes a predetermined operation such as authentication based on the contents of the terminal ID / authentication code list 18b. This operation is executed by the registration authentication means 18a. That is, the management operation is executed by the processor executing the list management program.

(2) Database management for operating terminal ID / authentication code / terminal accommodating station IP address Next, the location server 18 manages the database 18c. This management is also specifically executed by the registration authentication means 18a. The database 18c is storage means in which a table of terminal ID / authentication code / terminal accommodating station IP address is stored. Thus, this table stores the status of the currently operating user terminal 16.

  This management operation is also executed by the registration authentication means 18a. Specifically, the processor executes a predetermined management program, so that the contents of the database 18c are sequentially updated based on information from the outside.

(3) Function for Distributing Control IP Address to Terminal Accommodating Station 22 Next, the location server 18 distributes the control IP address to the terminal accommodating station 22. This distribution is also executed by the registration authentication means 18a. In order to realize this function, the registration authentication unit 18a includes a storage unit that stores a list of control IP addresses. This storage means may be provided separately from the storage means storing the above-described program, but it is generally preferable that the storage means be shared and integrated. Then, the processor distributes the control IP address to the terminal accommodating station 22 by executing the IP address distribution program.

(4) Terminal authentication The location server 18 authenticates the user terminal 16. This authentication is performed based on the terminal ID and the authentication code transmitted from the user terminal 16. Specifically, the registration authentication means 18a compares the transmitted terminal ID and authentication code with the data in the terminal ID / authentication code list 18b. As a result of comparison, if the authentication codes match, the authentication is successful, and if they do not match, the authentication is impossible. Such an operation is also realized by the processor in the registration authentication unit 18a executing a predetermined authentication program. It should be noted that various algorithms and programs that make authentication successful / impossible when the authentication codes match or do not match have been widely known so that it is easy for those skilled in the art to create such a program. It is.

  When executing these functions, the location server 18 needs to send and receive data to and from the outside. For this communication, a TCP / IP protocol 18d and a MAC interface 18e are provided. These are the same configurations as the first and second MAC interfaces 22a and 22b and the TCP / IP 22i shown in FIG. In the present embodiment, the protocol means a communication means based on a predetermined communication procedure, which is realized by the processor executing a predetermined program. Communication means based on the TCP / IP procedure has been widely used so far, and it is easy for those skilled in the art to create the program.

  In the above description, the storage means for storing the terminal ID / authentication code list 18b, the storage means for storing the program describing the operation of the registration authentication means 18a, the storage means for storing the database 18c, etc. are separately configured. As described above, it is of course preferable to share the same predetermined storage means.

2-3 Configuration of VPN Management Server FIG. 7 shows a configuration diagram of the VPN management server 20. As described so far, the VPN management server 20 is connected to one of the base stations 12 in the network system 10. The VPN management server 20 is a server that operates and manages a VPN group in which the user terminal 16 registers and participates, that is, a communication group.

  As shown in FIG. 7, the VPN management server 20 has authentication registration management means 20 a, and this authentication registration management means 20 a controls specific operations of the VPN management server 20. The authentication registration management unit 20a is configured by a so-called computer, and includes a processor (also referred to as a CPU), a program executed by the processor, a storage unit storing the program, and the like. The operation of the VPN management server 20 is executed by the processor executing this program.

  The VPN management server 20 corresponds to a preferable example of the management server in the claims. The management server only needs to be able to manage communication groups, but it is possible to define communication groups based on various criteria.

  The VPN management server 20 has the following functions.

(1) Distribution of VPN group information First, the VPN management server 20 distributes the information regarding a VPN group according to the request | requirement from the outside. This distribution is executed by the VPN group information distribution means 20b. The VPN group information distribution unit 20b includes a processor and a storage unit that stores a program executed by the processor. Further, the VPN group information distribution unit 20b includes a storage unit for storing VPN group information. This storage means is preferably shared with the storage means in which the program is stored. Furthermore, it is preferable to share these configurations (processors and storage means) with the authentication registration management means 20a.

  The VPN group information can include various information. Preferably, for example, an identifier relating to the VPN group, an ID of the registered user terminal 16 and an authentication code thereof are preferably included. However, it is preferable that secret information such as an authentication code is not included in the “delivery of VPN group information”. This is because the authentication code is used only for authentication work.

(2) Performing database management of DNS information / terminal ID / terminal accommodating station ID / authentication code / data communication IP address for each VPN label, which is an identifier of the VPN group. The VPN management server 20 manages the database 20c. This management is specifically executed by the authentication registration management means 20a. The database 20c is storage means for storing a table of DNS information / terminal ID / terminal accommodating station ID / authentication code / IP address for data communication. This table stores the above data for each VPN group.

  In this embodiment, a VPN label is used as the identifier of the VPN group. It is well known that a VPN in a VPN label (Virtual Private Network label) constitutes a virtual network for each protocol or each user group on a company or campus network.

  In this embodiment, each VPN group is represented by using each group of such VPN labels as an identifier.

  Thus, by storing DNS information and the like in the database 20c for each VPN group, it is possible to grasp the communication status in each VPN group.

  Here, the DNS information is information related to a DNS (Domain Name Server) used by the user terminal 16. The DNS address and the like are stored.

  The terminal ID is the ID of the user terminal 16 currently participating in the VPN group. The terminal accommodation station ID is an ID of the terminal accommodation station 22 belonging to the VPN group. Further, the authentication code is an authentication code of the user terminal 16. The data communication IP address is an IP address assigned to the user terminal 16. The user terminal 16 performs communication using this IP address as its own address.

  Thus, since each entry of the table corresponds to one user terminal 16, as many entries of the table are created as the number of user terminals 16 participating in the VPN group.

  This management operation is also executed by the authentication registration management means 20a. Specifically, the following operation is executed by the processor executing a predetermined management program. If there is a user terminal 16 newly started (participating) in communication of a certain VPN group, the ID of the user terminal 16 and the like are stored in this database 20c. At this time, it is desirable that the IP address assigned to the participating user terminal 16 and the authentication code of the user terminal 16 are also stored in the database 20c.

  Further, when the communication ends and the user terminal 16 ends the communication of the predetermined VPN group, the entry provided for the user terminal 16 is deleted. This deletion is also executed by the authentication registration management means 20a.

(3) Originating terminal authentication from terminal accommodating station in call control The VPN management server 20 authenticates the originating terminal from the terminal accommodating station 22. This authentication is authentication when the user terminal 16 (sending terminal) joins the VPN group to join.

  This authentication is performed based on the terminal ID and the authentication code transmitted from the terminal accommodating station 22. Specifically, the authentication registration management unit 20a compares the transmitted terminal ID and authentication code with the terminal ID and the authentication code held by the VPN group information distribution unit 20b. As a result of comparison, if the authentication codes match, the authentication is successful, and if they do not match, the authentication is impossible. Such an operation is also realized by the processor in the authentication registration management means 20a executing a predetermined authentication program.

  Such an authentication operation using an ID and an authentication code has been widely used so far, and those skilled in the art can easily create such a program.

(4) Call Control Proxy The VPN management server 20 also serves as a call control proxy server.

  When the VPN server 20 receives a connection request (connection request) to the destination terminal, the VPN server 20 executes a call control proxy operation, performs destination resolution, and examines its own database 20c.

  When the destination user terminal 16 is not found by such an operation, the location server 18 is inquired. Based on the result of this inquiry, connection is attempted to the user terminal 16 as the destination terminal.

  On the other hand, as a result of the connection attempt, an absence message indicating that the user terminal 16 as the destination terminal is absent may be returned. In this case, the destination search is performed again with respect to the location server 18, and the re-transfer is executed for the “position” of the obtained destination terminal.

  Whether or not to connect to an external network is determined by looking at the destination URI, and a predetermined Gateway process is executed.

  Such operation as a call control proxy server is executed by the call control proxy means 20f. The function of the call control proxy means 20f is basically the same as that of a conventional proxy server, and it is easy for those skilled in the art to write a program for such operation. That is, the call control proxy means 20f is composed of a program describing such an operation and a processor (computer) that executes this program.

(5) Operation of assigning transmission path to user terminal The VPN management server 20 is also executing an operation of assigning a transmission path using the user terminal 16. This is executed by the transmission path allocation means 20g to the user terminal (FIG. 11).

  The transmission path assignment means 20g to the user terminal assigns a VPN data path in the mesh (network) for each session according to the VPN operation policy.

  The VPN operation policy is a rule for operating a VPN. This can be any rule. In any case, it is necessary to predetermine rules for assignment. The transmission line assignment unit 20g to the user terminal assigns a transmission line based on the rule.

  An L2VPN data path identifier is assigned to the call control information to be relayed, and the originating terminal accommodating station and the terminating terminal accommodating station set the L2VPN data path for the session according to the instruction.

  Further, the transmission path assignment means 20g to the user terminal statistically processes the session information and monitors the number of sessions on the L2VPN data path in real time. When the number of sessions exceeds a predetermined limit value, sessions that occur thereafter are allocated to another L2VPN data path.

  Further, the transmission path assignment means 20g to the user terminal 16 can observe the behavior of the application based on the call control information, and can assign an L2VPN data path for each application. Specific examples of such an assignment operation will be described in detail below with reference to FIGS.

  When executing the functions as described above, the VPN management server 20 needs to send and receive data to and from the outside. For this communication, a TCP / IP protocol 20d and a MAC interface 20e are provided. These are the same configurations as the first and second MAC interfaces 22a and 22b and the TCP / IP 22i shown in FIG.

  In the above description, each means has an individual storage means. However, it is of course preferable to share the same storage means.

* Transmission path assignment
As described above on the simultaneous operation of a plurality of applications , in the present embodiment, it is possible to dynamically allocate transmission lines. A specific example of the transmission path assignment will be described below.

  FIG. 15 shows how transmission paths (also called data paths) are assigned for each application. In this figure, three types of applications are operating between the first user terminal 116a and the second user terminal 116b.

  Specifically, a file exchange application is operating through transmission paths of the base station 112a, the base station 112b, and the base station 112e. In addition, a VOIP (Voice Over IP) application is operating through transmission paths of the base station 112a, the base station 112c, and the base station 112e. In addition, an application for transmitting an image through the transmission path of the base station 112a, the base station 112d, and the base station 112e is operating.

  Thus, the transmission path is determined for each application. What is characteristic in the present embodiment is that each transmission path is allocated in real time. In other words, it means that each transmission path can be changed in real time.

  Therefore, the user terminal 116 and SP (service provider) can be realized without being aware of the network configuration.

  This means that the user terminal 116 can use each application without worrying about which transmission path the application uses. FIG. 15 shows an example of the user terminal 116 for both the data sender and receiver, but the data sender side unilaterally provides a service (relay image) such as a concert broadcast etc. SP (service The same applies to the provider). That is, the SP (service provider) does not need to worry about which transmission path is used by the service that it provides.

  Such transmission line assignment is executed by the VPN management server 20 as described above.

Another example of an SP (Service Provider) When the sender of data is an SP, this SP is often connected to the network 10 via the Edge device 120. An explanatory diagram showing the configuration in such a case is shown in FIG. The service provider (SP) is simply referred to as provider 118.

  In the example shown in this figure, the provider 118 operates as a gate unit with the Internet. A so-called Edge device 120 is connected to the provider 118, and the VPN management server 20 is connected to the Edge device 120. As a result, the VPN management server 20 can control the transmission paths of various communications performed via the edge device 120 via the edge device 120.

  To the edge device 120, a terminal accommodating station 122a and a terminal accommodating station 122b are connected. A user terminal 116a is connected to the terminal accommodating station 122a, and a user terminal 116b is connected to the terminal accommodating station 122b.

  Under such a configuration, a file exchange application and an image relay application are running between the user terminal 116a and the user terminal 116b, and a route is assigned to each application. ing. The VPN group assigned to the image relay is VPN1, and its route is indicated by a solid line (thick line) in FIG. Further, the VPN group assigned to the file exchange is VPN2, and its route is indicated by a one-dot chain line in FIG.

  As shown in FIG. 16, these paths may physically pass through the same device, and are not necessarily limited to passing through another device as shown in FIG. 15. In particular, as the performance of devices increases, there are many cases where a single device can pass a plurality of applications.

Changing the transmission path in real time The transmission path can be changed in real time. This change is also executed by the VPN management server 20 as described above. FIG. 17 shows an explanatory diagram showing the state of the change.

  As shown in this figure, three types of applications are operating between the first user terminal 116a and the second user terminal 116b.

Specifically, a file exchange application is operating through transmission paths of the base station 112a, the base station 112b, and the base station 112e. Also, the base station 112a and the base station 112c
A VOIP (Voice Over IP) application is operating through the transmission path of the base station 112e. In addition, an application for transmitting an image through the transmission path of the base station 112a, the base station 112d, and the base station 112e is operating.

  Further, in FIG. 17, a file exchange application is operating between the third user terminal 116c, the fourth user terminal 116d, the fifth user terminal 116e, and the sixth user terminal 116f.

  Thus, the transmission path is determined for each application. What is characteristic in the present embodiment is that the VPN management server 20 grasps the USER usage rate of the VPN data path (often referred to as a transmission path). Therefore, the VPN management server 20 can avoid the terminal traffic on a different route in real time when the specified number of accommodated users exceeds the predetermined VPN.

  In the example shown in FIG. 17, a file exchange application is operating between the third user terminal 116c, the fourth user terminal 116d, the fifth user terminal 116e, and the sixth user terminal 116f. Here, the operation when the number of allocated users is exceeded in communication on the link between the base station 112a and the base station 112d in the transmission path where the file exchange is performed will be described. In this case, in order to secure the bandwidth for data transfer, the VPN management server 20 is assigned to an application that transmits images operating between the first user terminal 116a and the second user terminal 116b. The road is changed. Specifically, the transmission path of base station 112a-base station 112d-base station 112e is changed to the transmission path of base station 112a-base station 112c-base station 112e.

  As described above, in this embodiment, the assigned transmission path can be dynamically changed, and the bandwidth can be effectively used.

  Such a change of the data path can be executed for the path between the user terminal 16 and the user terminal 16 as well as for the path between the user terminal 16 and the provider.

2-4 Configuration of Gateway FIG. 8 shows a configuration diagram of the gateway 24. As described above, the gateway 24 is connected to any one of the base stations 12 and the external network 50 in the network system 10.

  The gateway 24 has the following functions.

(1) Gateway function of call control communication This function is used for call control communication in the mesh network (ie, network system 10) in this embodiment and call control communication with the external network 50 (see FIG. 3). It is a proxy function. This function is executed by the proxy means 24a.

  As schematically shown in FIG. 8, the proxy unit 24 a serves as a proxy that connects the in-network communication control function and the external network communication control. The proxy unit 24a is configured by a so-called computer, and includes a processor (CPU) and a storage unit that stores a program executed by the processor. The operation of the proxy means 24a is realized by the processor executing this program.

  Since devices such as gateways and proxy servers are well known in the art, it is easy for those skilled in the art to create such a program.

(2) Gateway function for data communication In this embodiment, the gateway 24 is registered in an arbitrary VPN group in the mesh network (ie, the network system 10). As a result, an IP data communication function between the VPN group (communication group) and the external network 50 is provided. This function is also executed by the proxy unit 24a using the IP switch unit 24b. In other words, a gateway function program for IP data communication is stored in the proxy unit 24a, and the gateway operation is executed by the processor executing this program.

(3) Calling terminal authentication function to VPN management server When the user terminal 16 in the network (network system 10) makes a call to another user terminal 16 existing in the external network 50, the gateway 24 is a calling terminal. In order to authenticate a certain user terminal 16, the VPN management server 20 is inquired and authenticated.

  This operation is also executed by the proxy means 24a described above. In other words, a program for authentication is stored in the proxy means 24a (the storage means), and the authentication operation is executed by the processor executing this program.

(4) Inquiry Function to Location Server When the gateway 24 receives an inquiry from the external network 50, the gateway 24 makes an inquiry directly to the location server in the network (that is, the network system 10) to resolve the destination terminal information. This operation is also executed by the proxy means 24a described above. In other words, a program for inquiring to the location server is stored in the proxy means 24a (the storage means), and the destination terminal information is resolved by the processor executing this program.

  When executing the functions as described above, the gateway 24 needs to exchange data with the outside. For the communication, the TCP / IP protocol 24c, the first MAC interface 24d, and the second MAC interface 24e are provided. It has been. These are the same configurations as the first and second MAC interfaces 22a and 22b and the TCP / IP 22i shown in FIG.

  Further, the gateway 24 is provided with a VPN label interface 24f. The VPN label interface 24f is the same as the VPN label interface 22c of FIG. The VPN label interface 24f in FIG. 8 is connected to the IP switch means 24b as shown in FIG.

2-5 Configuration of User Terminal FIG. 9 shows a configuration diagram of the user terminal 16. As described so far, the user terminal 16 accesses the terminal accommodating station 22. The user terminal 16 is, for example, a PC (personal computer) or a portable mobile terminal. It is also preferable to adopt a configuration such as a PDA (Personal Digital Assistant) or a mobile phone. It is also preferable to adopt various portable electronic devices such as a portable video game device and a portable GPS device. In any case, the user terminal 16 incorporates a computer (processor) and is equipped with storage means for storing a predetermined program. And various functions are implement | achieved when a computer (processor) runs the said program. In other words, program = user terminal operation. Therefore, in FIG. 9, functions (programs) mounted on the user terminal 16 are mainly described, but these are configurations of the user terminal 16, and each program includes various “means” included in the user terminal 16. Substantially equivalent to

  As shown in FIG. 9, the user terminal 16 includes a MAC interface 16a, and communicates with the terminal accommodating station 16a via the MAC interface 16a. Since the MAC interface has already been described and is a communication means widely known in the world, detailed description thereof will be omitted.

  On the user terminal 16, a call control application 16c is running in addition to the data communication application 16b. The call control application 16c operates in conjunction with the data communication application 16b. The call control application 16c performs an operation of acquiring a control IP address from the terminal accommodating station 22.

  The call control application 16c and the processor that executes the call control application 16c correspond to a preferable example of the address request means in the claims. That is, the call control application 16c requests the terminal accommodating station 22 for a control IP address at a predetermined cycle, and acquires the control IP address. The predetermined cycle is a concept including a case where a maximum cycle is determined and an address request is made in a cycle shorter than the maximum cycle.

  Since the IP address for control is requested to the terminal accommodating station 22 every predetermined period, when the user cell 14 is moved due to movement, it is possible to notify the terminal accommodating station 22 of the movement, and the location server 18. It is also told. Detailed operation will be described later.

  The data communication application 16b is a videophone program, an e-mail program, a program for receiving image distribution, and the like. In general, an application is often prepared for each communication group.

  In FIG. 9, application 1 (simply referred to as application 1) is an application used for communication in the VPN group represented by “L2-VPN label 1”. Application 2 (simply referred to as application 2) is an application used for communication in the VPN group represented by “L2-VPN label 2”. Hereinafter, similarly, application n (simply referred to as application n) is an application used for communication in the VPN group represented by “L2-VPN label n”. Here, n represents a positive integer.

  Thus, what is characteristic in the present embodiment is that a plurality of types of communication are performed by simultaneously participating in a plurality of communication groups by simultaneously operating a plurality of applications 16b.

  Note that any one of a plurality of applications (software) used for communication and a processor that executes the application correspond to a preferable example of the first communication unit in the claims, and execute any other application and the application. The processor which corresponds corresponds to a preferable example of the second communication means in the claims. In short, what is characteristic in the present invention (claims) is that a plurality of communication means are provided in order to perform a plurality of communications simultaneously. The plurality of communication means in the present embodiment is simply a plurality of types of communication applications. As a result, as described above, e-mail communication can be performed while making a videophone call. In addition, since it is widely used as a general technique that a plurality of applications operate on a computer and a processor executes a plurality of applications, it is for those skilled in the art to develop an application having such a configuration. It's easy.

  In the present embodiment, an example in which one data communication application 16b is used for one VPN group (FIG. 9), but a common standard application is common to a plurality of VPN groups. It is also preferable to use it.

  When a user makes a call from the user terminal 16, first, a data communication application 16b (called a network application) is launched. Next, this network application sends a connection request to the subscriber accommodation station in conjunction with the call control application 16c. Here, the subscriber accommodation station is a terminal accommodation station 22 that has jurisdiction over the user cell 14 in which the user terminal 16 of the other party called by transmission is located.

  On the other hand, when called from the originating user terminal 16, that is, when the user terminal 16 becomes the receiving side, the call control application 16c receives the call and requests activation of the necessary network application accordingly. Is output. As a result, the network application starts up in response to the activation request.

  As shown in FIG. 9, the user terminal 16 is provided with a TCP / UDP 16d protocol, and data communication based on TCP / UDP is performed at the application level. The TCP / UDP 16d communication protocol is composed of a program that realizes the communication protocol and a processor (computer) that executes the program. However, the TCP / UDP 16d communication protocol is a widely known technique, and detailed description thereof is omitted.

  The call control application 16c uses a control IP for control. This control IP is shown in FIG. 9 as control IP1,... Control IPn. Each of these control IPs is a control IP used for control in the VPN group represented by the control L2 label 1... Control L2 label n.

  In this patent, the IP address used for control is referred to as “control IP”. Further, as described above, the L2 layer label is used as the identifier for identifying each VPN group. Of course, other identifiers may be used.

  These control IP1,... Control IPn, control L2 label 1... Control L2 label n are stored in the storage means 16e, and the call control application 16c and the application 16b use these information. Communicate. It is preferable to store the call control application 16c and the application 16b, the IP (IP address), the control L2 label 1 and the like in the same storage means. Note that the storage means for storing the VPN IP1... VPN IPn that is the IP address used by the application 16b and the VPN group identifier L2-VPN label 1... L2 -VPN label n are the same. The storage means 16e is preferable.

  Note that VPN IP1... VPN IPn corresponds to a preferred example of the first address and the second address in the user terminal in the claims. As described above, since two types of addresses can be stored in a single user terminal 16, it is possible to participate in two types of VPN groups (communication groups) simultaneously.

2-5-1 Group Configuration As a terminal identifier of the user terminal 16, an ID number is initially set in the user terminal 16 operating in the mesh network (ie, the network system 10) at the time of manufacture.

  In the present embodiment, an L2 layer label (VPN label) is used as a group identifier in the network system 10. The IP address is different for each VPN group. The user terminal 16 performs communication using a different IP address for each participating VPN group.

  It is theoretically possible to configure the user terminal 16 to always use the same IP address. However, since effective use of the IP address becomes difficult, it is limited to the case where there is a margin in the IP address.

  The “VPN group” is an example of a communication group.

  According to the example shown in FIG. 9, the identifier of the VPN group 1 is “L2-VPN label 1”, and the identifier of the VPN group 2 is “L2-VPN label 2”.

  Thus, the user terminal 16 uses a different IP address for each participating VPN group. According to the example shown in FIG. 9, “VPN IP 1” is used when joining the VPN group 1. On the other hand, the identifier used when the user terminal 16 participates in the VPN group 2 is “IP2 for VPN”.

  When the user terminal 16 wants to newly join a predetermined VPN group of the network system 10, it transmits a participation request to the VPN management server 20. At this time, the user terminal 16 sends “terminal information / authentication code” to the VPN management server 20. Here, the terminal information is information including an ID written in the terminal at the time of manufacture. The authentication code is a code necessary for communication in the network system 10 and is written in the user terminal when the terminal is manufactured or registered. It is generally preferred that the authentication code is written in the storage means 16e. In addition, it is generally preferable to write terminal information, particularly ID, in a nonvolatile memory at the time of manufacture.

  Upon receiving the “terminal information / authentication code” sent from the user terminal 16, the VPN management server 20 allocates “DNS information / IP address / VPN label” used by the user terminal 16 accordingly. (Assign). Prior to this assignment, an authentication operation using an authentication code is executed. Detailed operation will be described in Chapter 3.

  By such an operation, the interface of the user terminal 16 is added, and it is possible to use a new VPN group by using the information assigned (assigned).

2-5-2 About terminal authentication and terminal movement
2-5-2-2a When participating in terminal authentication and an authentication code network (that is, the network system 10) and performing communication, the location server 18 needs to be authenticated. The authentication code used for the authentication is initially set in the user terminal 16 as described above. When each user terminal 16 receives a control IP address or a control L2 label from the terminal accommodating station 22, it sends an authentication code and terminal information to the location server 18 via the terminal accommodating station 22. This operation is called an authentication sequence.

  This is shown in FIG. That is, the user terminal 16 sends the initial authentication code to the terminal accommodating station 22-1 by the operation of the initial authentication code sending 60a. The terminal accommodating station 22-1 transfers the initial authentication code to the location server 18 by the operation of the initial authentication code sending (transfer) 62a.

  The initial authentication code is owned by each user terminal 16 and is not common to the network system 10. The location server 18 checks whether the initial authentication code is correct.

If the authentication code is correct as a result of this inspection, the location server 18 combines the “terminal ID / terminal accommodating station ID / issue time / expiration date / location server ID /” of the user terminal 16, and the user terminal 16. A unique authentication code is generated and returned to the user terminal 16 via the terminal accommodating station 22. Thus, the location server 18 authenticates the user terminal 16 and creates a terminal authentication code by combining predetermined data. In practice, it is also preferable to execute the authentication judgment based on the combination of the issue time and the location server ID. Note that other data such as a control IP address may be used to create a unique authentication code.

  This situation is also shown in FIG. That is, the location server 18 authenticates the user terminal 16 and generates an authentication code unique to the user terminal 16. This unique authentication code is called a terminal authentication code. The location server 18 sends the terminal authentication code for the user terminal 16 to the terminal accommodating station 22-1 by the operation of the terminal authentication code sending 64a. Further, the terminal accommodating station 22-1 transfers the terminal authentication code to the user terminal 16 by the operation of the terminal authentication code sending (transfer) 66a.

  The authentication code unique to the user terminal 16 corresponds to a preferable example of the authentication code in the claims.

2-5-2-2 Acquisition of Multiple Authentication Codes Since the user terminal 16 can have a plurality of control IP addresses as described above, the location server 18 uses a plurality of authentications for one user terminal 16. There may be a need to authenticate the code. In this embodiment, the “control IP address / authentication code” used for call control access is selected according to the connection status of the terminal accommodating station 22. A case where a plurality of authentication codes are given to the user terminal 16 is schematically shown in FIG.

  As shown in this figure, when the user terminal 16 that has already acquired one authentication code needs the second authentication code, the initial authentication code is sent by the operation of the initial authentication code sending 60b. Send to. The terminal accommodating station 22-2 transfers the initial authentication code to the location server 18 by the operation of the initial authentication code sending (transfer) 62a.

  The location server 18 authenticates the user terminal 16 and generates a unique authentication code. This generation can be created using various parameters. It is also preferable to use random numbers. The location server 18 sends the terminal authentication code for the user terminal 16 to the terminal accommodating station 22-2 by the operation of the terminal authentication code sending 64b. The terminal accommodating station 22-2 transfers the terminal authentication code to the user terminal 16 by the operation of the terminal authentication code sending (transfer) 66b. In this way, the user terminal 16 acquires the second terminal authentication code. If the same operation is repeated, three or more terminal authentication codes can be acquired.

2-5-2-2-c Use of Authentication Code In addition, the authentication code is used for authentication of the user terminal 16 that is a transmission terminal. When the user terminal 16 becomes a transmitting terminal, the user terminal 16 as the transmitting terminal participates in the VPN service, and the terminal information and the authentication code acquired from the location server 18 are transmitted to the VPN management server 20 via the terminal accommodating station 22. And send.

  The VPN management server 20 refers to the authentication code, determines whether the authentication code is correct, and makes a response. In this case, if possible, VPN service setting information is returned to the user terminal 16.

  The VPN management server 20 determines the authentication code based on whether the location server ID / issue time / expiration date is correct. For this purpose, the location server 18 needs to send a valid self ID to the VPN management server 20 in advance.

  When a user terminal 16 (sending terminal) already participating in the VPN service issues a call control connection request to the user terminal 16 serving as a destination terminal, the authentication code acquired from the location server 18 is incorporated in the request and the destination The data is sent to the user terminal 16 serving as a terminal. At that time, the VPN management server 20 performs source authentication. Detailed operation is mentioned in Chapter 3.

2-5-2-d The terminal mobile user terminal 16 periodically performs a control IP address acquisition procedure and terminal authentication with respect to the location server 18 via the terminal accommodating station 22. This is for maintaining the connection state between the user terminal 16 and the terminal accommodating station 22.

  When the user terminal 16 moves and enters a new user cell 14, a new control IP address / control L2 label is acquired in the user cell 14. At this time, the terminal accommodating station 22 having jurisdiction over the user cell 14 registers the newly entered user terminal 16 as a new user terminal 16 in the user cell 14. In this registration operation, the user terminal 16 executes an “authentication sequence”.

  When the user terminal 16 moves and the user terminal 16 fails in the procedure for periodically acquiring the control IP address that has already been set, the user terminal 16 deletes the network interface of the corresponding control IP address. At this point, the user terminal 16 recognizes that it has gone out of the user cell 14 that it has been. That is, when the user cell 14 that has been located so far is removed, the use of the control IP address that has been used up to that point is stopped.

If there is no response from the user terminal 16 for a certain period of time, the terminal end station 22 sends a request to delete the information of the corresponding user terminal 16 to the location server 18. Then, the location server 18 deletes the information of the corresponding user terminal 16 from the database. The control IP address / control L2 label used for call control access is selected according to the connection state (radio wave reception intensity etc.) of the terminal accommodating station 22. When the user terminal 16 acquires a new authentication code, the authentication code is registered in the VPN management server 20.

  As will be described later, each terminal accommodating station 22 receives a list of control IP addresses that can be distributed from the location server 18. Then, the control IP address is appropriately distributed to the user terminal 16 located in the user cell 14 of the terminal accommodating station 22. Therefore, when the user terminal 16 is no longer located in the predetermined user cell 14, the user terminal 16 discards the control IP address used so far.

  And if the user terminal 16 goes out of the user cell 14, the terminal accommodating station 22 naturally cannot receive a response from the user terminal 16. Accordingly, the terminal accommodating station 22 determines that the user terminal 16 has left the user cell 14. This is referred to as “the user terminal 16 has entered a non-response state in which it does not respond”. Then, the process related to the user terminal 16 that has been in a non-response state is referred to as a non-response process.

  There are two types of non-response processing: non-response processing executed by the terminal accommodating station 22 and non-response processing executed by the location server 18.

  The non-response process executed by the terminal accommodating station 22 is to send a request to delete information on the corresponding user terminal 16 to the location server 18.

  The non-response processing executed by the location server 18 is to receive this deletion request and update the database 18c in which the terminal information of the user terminal 16 is stored according to this deletion request.

Chapter 3 Specific Operation Hereinafter, a specific data processing flow of the user terminal 16 and the like in the present embodiment will be described based on a time chart.

3-1 . Procedure for Participation in Network System 10 FIG. 11 is a sequence diagram showing a procedure when the user terminal 16 participates in the network system 10 which is a mesh network. As shown in FIG. 11, the participation procedure includes two procedures: a registration procedure to the location server 18 and a registration procedure to the VPN management server 20.

3-1-a Registration Procedure to Location Server (1) As shown in FIG. 11, the location server 18 provides a list of control IP addresses that can be distributed to the user terminals 16 to each terminal accommodating station 22. Sending. This sending is performed in advance, and the terminal accommodating station 22 stores a list of IP addresses for control. This list is stored in the storage means of the terminal accommodating station 22. In particular, this list is stored in the storage means in the IP address distribution means 22f (see FIG. 5).

  (2) First, the user terminal 16 requests a control IP address from the terminal accommodating station 22. At this time, the terminal accommodating station 22 having jurisdiction over the user cell 14 where the user terminal 16 is located receives this request.

  (3) Upon receiving the request, the terminal accommodating station 22 searches for an unused IP address from the list stored by itself, and makes the IP address in use. This list is stored in storage means existing in the IP address distribution means 22f.

  Then, the terminal accommodating station 22 sends the IP address to the user terminal 16. In the list, for each IP address, a flag indicating whether the IP address is unused or in use is provided. The above-mentioned “to use” means that the flag of the IP address in the list is “unused”. This is done by rewriting from “in use” to “in use”. At this time, it is preferable to send the control L2 label at the same time.

  The above processes (2) and (3) are periodically executed.

  (4) Next, the user terminal 16 that has newly acquired the control IP address / control L2 label sends the information / authentication code of the user terminal 16 to the location server 18 using the control IP address. This is to inform the location server 18 of its own position. The sending is performed via the terminal accommodating station 22 of the user terminal 16.

  (5) The location server 18 that has received the information / authentication code of the user terminal 16 performs registration and authentication based on the information.

  “Registration” refers to recording / managing which terminal accommodating station 22 the user cell 16 is located in the user cell 14. This management is executed by storing a table of user terminals 16 that are communicating under each terminal accommodating station 22. This table is a table in which the ID of the user terminal 16 communicating under each terminal accommodating station 22 is recorded, as already described in 2-2. This table is stored in the database 18c of the location server 18.

  “Authentication” refers to sending permission to the user terminal 16 to use the network system 10 to the user terminal 16. This is called “authentication notification”. At the time of this authentication, an authentication code unique to the user terminal 16 is generated, and the authentication code is sent to the user terminal 16. The user terminal 16 can receive various communication services only after receiving this authentication (authentication code unique to the user terminal 16). This authentication notification is transferred to the user terminal 16 via the terminal accommodating station 22 (see FIG. 11).

(6) The user terminal 16 and the terminal accommodating station 22 execute the processes (4) and (5) when the user terminal 16 newly acquires a control IP address / control L2 label.

The periodic processes (2) and (3) are executed by the terminal Alive confirmation unit 22g on the terminal accommodating station 22 side. The periodic processing cycle can take various values, but it is preferable to define that the maximum cycle may be set to any cycle as long as it is shorter than the maximum cycle.

  Then, if there is no request for a control IP address from a specific user terminal 16 even after the predetermined maximum period has passed, the terminal accommodating station 22 moves from the user cell 14 having jurisdiction to the other. Judge that you are in the area. This determination is also executed by the terminal Alive confirmation unit 22g as described above.

  If there is no request for a control IP address even after a predetermined maximum period has elapsed, the terminal Alive confirmation unit 22g deletes the user terminal 16 from the terminal list in the terminal Alive confirmation unit 22g and informs the user of the location. The server 18 is notified. Upon receiving this notification, the location server 18 deletes the registration of the user terminal 16.

  In general, when the user terminal 16 moves and enters a new user cell 14, the user terminal 16 requests a control IP address in the new user cell 14. As a result, the operation shown in FIG. 11 is executed again, and the new position of the user terminal 16 is registered in the location server 18. In this way, the position of the user cell 14 is always managed by the location server 18.

3-1b Registration Procedure to VPN Management Server As described above, the user terminal 16 needs to register with the VPN management server 20 in order to receive provision of various communication services. . This registration operation is shown at the bottom of the time chart of FIG.

  (1) First, the VPN management server 20 sends a list of available VPN groups (community groups) to each terminal accommodating station 22 in advance. As described with reference to FIG. 2, the VPN groups that can be used by each terminal accommodating station 22 (or base station 12) are different. In FIG. 2, there is a terminal accommodation station 22 (base station 12) that can use three types of VPN groups, and there is a terminal accommodation station 22 (base station 12) that can use only one type of VPN group.

  As shown in FIG. 11, this operation includes two operations: an operation in which the VPN management server 20 notifies the location server 18 of a VPN group, and an operation in which the location server 18 sends a list of VPN groups to the terminal accommodating station 22. It consists of movements.

  (2) Now, the user terminal 16 (the user) tries to register in order to use a certain VPN group. First, the user terminal 16 transmits a request for browsing an available VPN group list to the terminal accommodating station 22.

  (3) This browsing request is received by the terminal accommodating station 22 having jurisdiction over the user cell 14 where the user terminal 16 is located. Then, the terminal accommodation station 22 that has received the browsing request distributes the VPN group list sent from the VPN management server 20 in advance to the user terminal 16.

  (4) The user terminal 16 displays the VPN group list, and the user selects a desired VPN group. Based on this selection, the user terminal 16 transmits a VPN group participation request to the VPN management server 20 via the terminal accommodating station 22. In this participation request, information on the user terminal 16 and an authentication code are sent.

  This participation request is sent to the VPN management server 20 via the terminal accommodating station 22) (see FIG. 11).

  (5) The VPN management server 20 sends local DNS information / IP address / L2 label and the like used in the VPN group in response to the transmitted participation request. As described above, the VPN management server 20 includes a database 20c for managing DNS information and the like for each VPN group. The authentication registration management means 20 a acquires desired DNS information and the like from the database 20 c and transmits it to the user terminal 16 via the terminal accommodating station 22.

  (6) Upon receiving the information, the terminal accommodating station 22 transmits a participation response including the information (DNS information or the like) to the user terminal 16.

  (7) Receiving the participation response, the user terminal 16 stores the received information in a predetermined internal storage means. Thereafter, the user terminal 16 performs communication in the VPN group based on this information.

  As described above, the registration operation to the VPN management server 20 is completed. The automatic registration with respect to the VPN management server 20 is when the terminal accommodating station 22 that accommodates the user terminal 16 is changed. In short, a registration operation is performed every time the user cell 14 is moved.

3-2 Basic Call Control Communication Establishment Procedure and VPN Construction Procedure Between User Terminals Next, a basic call control communication establishment procedure and VPN construction procedure between user terminals 16 will be described with reference to FIG. FIG. 12 shows a time chart of this procedure.

  (1) First, the user terminal 16 that is a transmission terminal transmits a connection request to the destination terminal (the user terminal 16 that becomes the destination terminal) to the terminal accommodating station 22. The connection request includes an authentication ID received by the calling terminal from the location server 18 and is used for authentication of the calling terminal.

  (2) Upon receiving this connection request, the terminal accommodating station 22 transfers this connection request to the VPN management server 20.

  (3) Upon receiving the connection request, the VPN management server 20 first authenticates the caller. If authentication fails, the connection is refused. If the authentication is successful, it is checked whether the destination terminal is participating in the VPN group of the calling terminal. If so, the process proceeds to (4-1) below, and the connection request is transferred. On the other hand, if not participating, the process proceeds to (4-2) below, and a request is issued for the destination terminal to participate in the VPN group of the calling terminal. Hereinafter, description will be made sequentially.

  (4-1) When the destination terminal participates in the VPN group of the calling terminal, the VPN management server 20 transfers the connection request to the terminal accommodating station 22 that manages the user cell 14 where the destination terminal is located.

  At this time, an absence response may be returned from the terminal accommodating station 22. This is a case where the destination terminal has moved to another user cell 14. In this case, the VPN management server 20 requests the location server 18 to search for the address of the destination terminal and the terminal accommodating station 22 that accommodates the destination terminal.

  In response to this request, the location server 18 sends a search result response to the VPN management server 20.

  The VPN management server 20 uses this search result to transfer the connection request again to the terminal accommodating station 22 that accommodates the destination terminal.

  Upon receiving this connection request, the terminal accommodating station transfers the connection request to the destination terminal. In this way, the connection request reaches the destination terminal.

  (4-2) On the other hand, even when the destination terminal does not participate in the VPN group of the calling terminal, the VPN management server 20 transfers the connection request to the terminal accommodating station 22 in which the destination terminal is accommodated. Then, the terminal accommodating station 22 transmits this connection request to the destination terminal.

  When the destination terminal that has received the connection request recognizes that it is not participating in the VPN group of the calling terminal, the destination terminal transmits a request for participation in the VPN group to the terminal accommodating station 22 in order to participate in the VPN group.

  The terminal accommodating station 22 transfers this participation request to the VPN management server 20. In response to this participation request, the VPN management server 20 transmits the IP address and / L2 label used in the VPN group in which the calling terminal participates to the terminal accommodating station 22.

  This operation is also described in (2) in section 2-3, and the authentication registration management means 20a performs the processing. Upon receiving the participation request, the authentication registration management unit 20a stores the ID and the like of the participating user terminal 16 in the database 20c. Thereby, “participation” is completed, and the authentication registration processing management means 20a sends the IP address to be used and the L2 label to the destination terminal via the terminal accommodating station 22. As a result, the destination terminal performs communication in the VPN group (communication group) represented by the L2 label. In this communication, the IP address sent as its own IP address is used.

  The terminal terminal accommodating station 22 that has received the IP address and the / L2 label transmits the information and the participation response to the VPN group to the destination terminal. The participation response is a message indicating that the participation process has been completed.

  Here, the operation of causing the user terminal 16 serving as the destination terminal to participate in the VPN group of the transmission terminal has been described, but the transmission terminal can freely select and instruct the VPN group to participate. For example, when the calling terminal participates in two types of VPNs (VPN1, VPN2), such a selection / instruction is effective when a call is made by VPN1 but a reply is received by VPN2. .

  (5) Next, the destination terminal returns a connection response to the connection request described above via the terminal accommodating station 22.

(6) The terminal accommodating station 22 transfers this connection response to the terminal accommodating station 22 that accommodates the transmitting terminal. The terminal accommodating station 22 that has received the transfer transmits the connection response to the user terminal 16 that is the transmitting terminal.

  (7) Thereafter, the target VPN data communication is executed between the user terminal 16 as the transmission terminal and the user terminal 16 as the destination terminal. For this data communication, various applications such as a voice call, a videophone, and live image relay can be used.

  (8) When the desired data communication is completed, a connection disconnection request is transmitted from the transmission terminal to the destination terminal. This transmission is performed via the terminal accommodating station 22. The terminal accommodating station 22 transfers this disconnection request to the terminal accommodating station 22 that accommodates the destination terminal. The terminal accommodating station 22 of the destination terminal transmits the transferred disconnection request to the destination terminal.

  (9) Upon receiving this connection disconnection request, the destination terminal executes processing for leaving the VPN group in order to effectively use the IP address. This process will be described below.

  (10) First, the destination terminal transmits a request to leave the VPN group to the VPN management server 20 via the terminal accommodating station 22. The terminal accommodating station 22 transfers the VPN group withdrawal request to the VPN group management server 20.

  (11) Upon receiving the VPN group leaving request, the VPN group management server 20 performs a process of leaving the destination terminal from the VPN group. Specifically, as already described in Section 2-3 and FIG. 8, the authentication registration management unit 20a executes this process. The destination terminal information is deleted from the database 20c. As described in section 2-3 (2), by deleting the terminal ID and the used IP address from the database 20c, the entry provided for the destination terminal is deleted.

  (12) Thereafter, the VPN management server 20 notifies the destination terminal of leaving from the VPN group (completion of communication using the VPN group). This notification is called a VPN group leave response. The terminal accommodating station 22 on the destination terminal side transfers the VPN group leave response to the destination terminal.

  (13) Upon receiving the VPN group leave response, the destination terminal transmits a connection disconnection response to the originating terminal. The connection disconnection response is transmitted to the user terminal 16 that is a transmission terminal via the terminal accommodation station 22 on the destination terminal side and the terminal accommodation station 22 on the transmission terminal side.

  (14) The calling terminal confirms the connection disconnection response and terminates the communication.

  In the present embodiment, communication is established in this way, a VPN is constructed, and when the data communication ends, the user terminal leaves the VPN group (communication end) and the like are executed. With this operation, according to the present embodiment, VPN can be constructed smoothly.

  Note that the destination terminal that has received the disconnection request performs the process of leaving the VPN group, but is not necessary if the destination terminal has set itself. Here, the self-setting means that it is set so as not to automatically leave the VPN group even if communication is completed.

3-3 Call Control Communication Procedure and VPN Construction Procedure when Accessed from Outside Network (via Gateway) In the above 3-2, the call control communication procedure inside the network system 10 has been described, but the network system of the present embodiment 10 can also communicate with the outside using the gateway 14. The operation at this time will be described based on the time chart of FIG.

  (1) First, a connection request from the outside is received by the gateway 24. This external connection request will be described below on the premise that the connection request is transmitted via the server 52 in FIG.

  (2) The gateway 24 transfers this connection request to the VPN management server 20. In the present embodiment, it is assumed that the gateway 24 is registered in advance in an arbitrary predetermined VPN group (this registration is referred to as initial registration).

  (3) Upon receiving the connection request, the VPN management server 20 first authenticates the caller. If authentication fails, the connection is refused. If the authentication is successful, it is checked whether the destination terminal is participating in the VPN group of the (external) transmitting terminal. If so, the process proceeds to (4-1) below, and the connection request is transferred. On the other hand, if not participating, the process proceeds to (4-2) below, and a request is made for the destination terminal to participate in the VPN group of the (external) transmitting terminal. Hereinafter, description will be made sequentially.

  (4-1) When the destination terminal participates in the VPN group of the calling terminal, the VPN management server 20 transfers the connection request to the terminal accommodating station 22 that manages the user cell 14 where the destination terminal is located.

  At this time, an absence response may be returned from the terminal 14 accommodating station 22. This is a case where the destination terminal has moved to another user cell. In this case, the VPN management server 20 requests the location server 18 to search for the address of the destination terminal and the terminal accommodating station 22 that accommodates the destination terminal. This request operation is called “address resolution request to destination terminal”.

  In response to this request, the location server 18 sends a search result response to the VPN management server 20. This search result is intended to resolve the address to the destination terminal and the address of the terminal accommodating station 22 and is also called a “resolution response”.

  The VPN management server 20 uses this search result to transfer the connection request again to the terminal accommodating station 22 that accommodates the destination terminal.

  Upon receiving this connection request, the terminal accommodating station transfers the connection request to the destination terminal. In this way, the connection request reaches the destination terminal.

(4-2) On the other hand, even when the destination terminal does not participate in the VPN group of the (external) calling terminal, the VPN management server 20 sends a connection request to the terminal accommodating station 22 in which the destination terminal is accommodated. Forward. Then, the terminal accommodating station 22 transmits this connection request to the destination terminal.

  When the destination terminal that has received the connection request recognizes that it is not participating in the VPN group of the calling terminal, the destination terminal transmits a request for participation in the VPN group to the terminal accommodating station 22 in order to participate in the VPN group.

  The terminal accommodating station 22 transfers this participation request to the VPN management server 20. In response to this participation request, the VPN management server 20 transmits the IP address and / L2 label used in the VPN group in which the calling terminal participates to the terminal accommodating station 22.

  This operation is also described in (2) in section 2-3, and the authentication registration management means 20a performs the processing. Upon receiving the participation request, the authentication registration management unit 20a stores the ID and the like of the participating user terminal 16 in the database 20c. Thereby, “participation” is completed, and the authentication registration processing management means 20a sends the IP address to be used and the L2 label to the destination terminal via the terminal accommodating station 22. As a result, the destination terminal performs communication in the VPN group (communication group) represented by the L2 label. In this communication, the IP address sent as its own IP address is used.

  The terminal terminal accommodating station 22 that has received the IP address and the / L2 label transmits the information and the participation response to the VPN group to the destination terminal. The participation response is a message indicating that the participation process has been completed.

(5) Next, the destination terminal returns a connection response to the connection request described above via the terminal accommodating station 22.

  (6) The terminal accommodating station 22 transfers this connection response to the gateway 24. The gateway 24 that has received the transfer transmits the connection response to the external terminal that has issued the connection request.

  (7) Thereafter, target VPN data communication is executed between the external terminal and the user terminal 16 as the destination terminal. This data communication is executed via the gateway 24. For this data communication, various applications such as a voice call, a videophone, and live image relay can be used. The operation of the gateway 24 in the present embodiment is almost the same as that of the conventional gateway, so that those skilled in the art can easily construct the gateway 24.

  (8) When the desired data communication is completed, a connection disconnection request is transmitted from the outside to the destination terminal. This transmission is performed via the gateway 24.

  (9) Upon receiving this connection disconnection request, the destination terminal executes processing for leaving the VPN group in order to effectively use the IP address. This process will be described below.

  (10) First, the destination terminal transmits a request to leave the VPN group to the VPN management server 20 via the terminal accommodating station 22. The terminal accommodating station 22 transfers the VPN group withdrawal request to the VPN group management server 20.

  (11) Upon receiving the VPN group leaving request, the VPN group management server 20 performs a process of leaving the destination terminal from the VPN group. Specifically, as already described in Section 2-3 and FIG. 8, the authentication registration management unit 20a executes this process. The destination terminal information is deleted from the database 20c. As described in section 2-3 (2), by deleting the terminal ID and the used IP address from the database 20c, the entry provided for the destination terminal is deleted.

  (12) Thereafter, the VPN management server 20 notifies the destination terminal of leaving from the VPN group (completion of communication using the VPN group). This notification is called a VPN group leave response. The terminal accommodating station 22 on the destination terminal side transfers the VPN group leave response to the destination terminal.

  (13) Upon receiving the VPN group leaving response, the destination terminal transmits a connection disconnection response to an external transmission terminal. This connection disconnection response is transmitted to the external destination terminal via the terminal accommodating station 22 and the gateway 24 on the destination terminal side.

  (14) The external transmitting terminal confirms the connection disconnection response and terminates the communication.

  Thus, according to the network system 10 of the present embodiment, the user terminal 16 inside the system and the external terminal can communicate smoothly.

  Note that the destination terminal that has received the disconnection request performs the process of leaving the VPN group, but is not necessary if the destination terminal has set itself. Here, the self-setting means that it is set so as not to automatically leave the VPN group even if communication is completed.

3-4 Call Control Communication Procedure and VPN Construction Procedure for Accessing Outside (via Gateway) from User Terminal Next, a basic call control communication establishment procedure and VPN construction from the user terminal 16 to the outside based on FIG. Explain the procedure. FIG. 14 shows a time chart of this procedure.

  (1) First, the user terminal 16 that is a transmission terminal transmits a connection request to the destination terminal to the terminal accommodating station 22. In FIG. 15, the destination terminal exists outside the network system 10 and accesses via the gateway 24.

  (2) The terminal accommodating station 22 transfers this connection request to the VPN management server 20.

  (3) Upon receiving the connection request, the VPN management server 20 first authenticates the caller. If authentication fails, the connection is refused. If the authentication is successful, the connection request is transferred to the gateway 24.

  (4) When the gateway 24 receives the connection request, the gateway 24 transmits the connection request to an external terminal serving as a destination terminal. The gateway 24 receives the connection response from the external terminal.

  (5) The gateway 24 transfers this connection response to the terminal accommodating station 22 that accommodates the transmitting terminal. The terminal accommodating station 22 that has received the transfer transmits the connection response to the user terminal 16 that is the transmitting terminal.

  (6) Thereafter, the target VPN data communication is executed between the user terminal 16 as a transmission terminal and an external terminal as a destination terminal. This data communication can use various applications such as a voice call, a videophone, and a live image relay, and is executed via the gateway 24. Since the operation of the gateway 24 at this time is a generally known gateway operation itself, detailed description thereof is omitted.

  (7) When the desired data communication is completed, a connection disconnection request is transmitted from the transmission terminal to the external destination terminal. This transmission is performed via the terminal accommodating station 22. The terminal accommodating station 22 transfers this connection disconnection request to the gateway 24. The gateway 24 transmits the transferred connection disconnection request to an external destination terminal.

  (8) When the external destination terminal receives the connection disconnection request, the external destination terminal transmits a connection disconnection response to the transmission terminal. This connection disconnection response is transmitted to the user terminal 16 which is a transmission terminal via the gateway 24 and the terminal accommodating station 22 on the transmission terminal side.

  (9) The calling terminal confirms the connection disconnection response and terminates the communication.

  In the present embodiment, communication is established in this way, a VPN is constructed, and when the data communication ends, the user terminal 16 leaves the VPN group (communication end) and the like are executed. With this operation, according to the present embodiment, VPN can be constructed smoothly.

  Note that, unlike a terminal in the network system 10, an external destination terminal that has received a connection disconnection request does not particularly perform processing such as leaving a VPN group.

3-5 Summary As described above, in this embodiment, the network system 10 including the VPN management server 20 and the location server 18 is constructed. According to this configuration, a VPN group that is a communication group can be easily constructed. In addition, each user terminal 16 can easily join a desired VPN group to receive a service, and can easily leave.

It is explanatory drawing of the mesh type wide area network of this Embodiment. It is explanatory drawing of a communication area. It is explanatory drawing in case a user terminal belongs to a some communication group and performs a some group communication. In the example shown in FIG. 3, it is explanatory drawing which shows the example in which a user terminal performs communication of a control system. It is a block diagram of a terminal accommodation station. It is a block diagram of a location server. It is a block diagram of a VPN management server. It is a block diagram of a gateway. It is a block diagram of a user terminal. It is explanatory drawing of the authentication operation | movement of a user terminal. It is a time chart which shows the participation procedure to the mesh network network of a user terminal. It is a time chart which shows the basic call control communication establishment procedure and VPN construction procedure between user terminals. It is a time chart which shows the call control communication procedure at the time of accessing from the outside of a network (via a gateway), and a VPN construction procedure. It is a time chart which shows the call control communication procedure and VPN construction procedure when accessing the network exterior (via a gateway) from a user terminal. It is explanatory drawing which shows a mode that several applications operate | move simultaneously. It is explanatory drawing which shows a mode that the Edge device was used. It is explanatory drawing which shows the example which avoids terminal traffic on another path | route.

Explanation of symbols

10 Network system (mesh type wide area network)
12 base station 14 user cell 16 user terminal 16a MAC interface 16b application 16c call control application 16d TCP / UDP protocol 16e storage means 18 location server 18a registration authentication means 18b list of terminal ID / authentication code 18c database 18d TCP / IP protocol 18e MAC Interface 20 VPN management server 20a Authentication registration management means 20b VPN group management distribution means 20c Database 20d TCP / IP protocol 20e MAC interface 20f Call control proxy means 20g Transmission path allocation means to user terminal 22 Terminal accommodating station 22a First MAC interface 22b First 2 MAC interface 22c First VPN label interface 22d Second VPN label interface 22e Proxy server means 22f Address distribution means 22g Terminal alive confirmation means 22h VPN group distribution means 24 Gateway 24a Proxy means 24b IP switch means 24c TCP / IP protocol 24d First MAC interface 24e Second MAC interface 24f VPN label Interface 30 Communication line 40 Communication area 50 External network 52 External server 60a, 60b Send initial authentication code 62a, 62b Send initial authentication code (transfer)
64a, 64b Send authentication code for terminal 66a, 66b Send authentication code for terminal (transfer)
112a, 112b, 112c, 112d, 112e Base station 116a First user terminal 116b Second user terminal 118 Provider (SP)
120 Edge device 122a, 122b Terminal accommodating station

Claims (26)

Multiple communication lines,
A plurality of base stations that connect the plurality of communication lines and constitute a network;
A terminal accommodating station that connects to any of the base stations and communicates with a user terminal;
A management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other;
A network system including:
The user terminal that communicates using the network system;
In a communication system comprising:
The management server
Distribution means for managing and distributing information of the user terminal registered in a communication group, at least distribution means storing an identifier of the communication group, an ID of the user terminal, and an authentication code;
A database means for managing and storing a communication status in a communication group for each communication group, and at least an ID of a user terminal currently participating in the communication group and an address assigned to the user terminal, Database means to store;
When a user terminal that intends to participate in a predetermined communication group is authenticated using an authentication code in the distribution means, and as a result of authentication, participation is permitted, a predetermined address is assigned to the user terminal, and the user Authentication registration management means for storing the ID of the terminal and the assigned address in the database means;
A communication system comprising: The communication system according to claim 1, wherein
The database means further stores an authentication code of a user terminal currently participating in the communication group,
The authentication registration management means stores the authentication code of the user terminal in the database means when permitting the participation of the user terminal trying to participate in a predetermined communication group. The communication system according to claim 1, wherein
The user terminal is
Storage means for storing a first address for executing communication in the first communication group and a second address for executing communication in the second communication group;
Including
First communication means for performing communication in the first communication group using the first address;
Second communication means for performing communication in the second communication group using the second address;
And a communication system using the first communication means and a communication using the second communication means. The communication system according to claim 1, wherein
A location server that connects to any of the base stations and manages the position of the user terminal;
The location server includes:
Storage means for storing the ID and authentication code of the user terminal;
Database means for storing an ID of the user terminal currently in operation, an authentication code of the user terminal in operation, and an address of a terminal accommodating station accommodating the user terminal in operation;
Registration authentication means;
The registration authentication means performs authentication using the initial authentication code when receiving the ID of the user terminal and the initial authentication code from the user terminal. If authentication is possible, the registration authentication means is specific to the user terminal. The terminal authentication code is generated, the terminal authentication code is transmitted to the user terminal, and the terminal authentication code is stored in the database. The communication system according to claim 4, wherein
The location server is
Distribution means for distributing a control address to each terminal accommodating station,
With
The terminal accommodating station is
Storage means for storing the distributed control address, and further storing a table of the distributed control address and the ID of the user terminal that is the distribution destination;
In response to a request from a user terminal located in a user cell having jurisdiction, one of the distributed control addresses is distributed, and the ID of the distribution destination user terminal is stored in the table. Distribution means to store,
And the user terminal performs communication for control using the provided control address. The communication system according to claim 5, wherein
The terminal accommodating station includes terminal Alive confirmation means,
This terminal Alive confirmation means
Storing means for storing a terminal list that is a list of the user terminals located in a user cell of the terminal accommodating station,
The terminal Alive confirmation means includes
When a registration and authentication request is transmitted from the user terminal, information on the user terminal is stored in the terminal list, and further, a registration and authentication request is transferred to the location server and transmitted from the location server. Transferring the user terminal-specific authentication code to the user terminal,
The communication system, wherein the user terminal performs predetermined communication using an authentication code unique to the user terminal. The communication system according to claim 6, wherein
The terminal Alive confirmation means includes
When a control address request is not transmitted from the user terminal for a predetermined period or longer, it is determined that the user terminal is not located in the user cell of jurisdiction, and the information on the user terminal is deleted from the terminal list And notifying the location server that the user terminal is not located in the user cell. The communication system according to claim 7,
The user terminal is
Address request means for requesting an address for control from the terminal accommodating station at a predetermined cycle;
A communication system comprising: Multiple communication lines,
A plurality of base stations that connect the plurality of communication lines and constitute a network;
A terminal accommodating station that connects to any of the base stations and communicates with a user terminal;
A management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other;
A network system including:
The user terminal that communicates using the network system;
In the management server used in a communication system comprising:
Distribution means for managing and distributing information of the user terminal registered in a communication group, at least distribution means storing an identifier of the communication group, an ID of the user terminal, and an authentication code;
A database means for managing and storing a communication status in a communication group for each communication group, and at least an ID of a user terminal currently participating in the communication group and an address assigned to the user terminal, Database means to store;
When a user terminal that intends to participate in a predetermined communication group is authenticated using an authentication code in the distribution means, and as a result of authentication, participation is permitted, a predetermined address is assigned to the user terminal, and the user Authentication registration management means for storing the ID of the terminal and the assigned address in the database means;
Management server characterized by including. The management server according to claim 9,
The database means further stores an authentication code of a user terminal currently participating in the communication group,
The authentication registration management means stores the authentication code of the user terminal in the database means when permitting the participation of the user terminal that intends to participate in a predetermined communication group. Multiple communication lines,
A plurality of base stations that connect the plurality of communication lines and constitute a network;
A terminal accommodating station that connects to any of the base stations and communicates with a user terminal;
A management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other;
A network system including:
The user terminal that communicates using the network system;
In the user terminal used in a communication system comprising:
Storage means for storing a first address for executing communication in the first communication group and a second address for executing communication in the second communication group;
Including
First communication means for performing communication in the first communication group using the first address;
Second communication means for performing communication in the second communication group using the second address;
And a user terminal capable of simultaneously executing communication using the first communication means and communication using the second communication means. Multiple communication lines,
A plurality of base stations that connect the plurality of communication lines and constitute a network;
A terminal accommodating station that connects to any of the base stations and communicates with a user terminal;
A management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other;
A location server that connects to any of the base stations and manages the position of the user terminal;
A network system including:
The user terminal that communicates using the network system;
In the location server used in a communication system comprising:
Storage means for storing the ID and authentication code of the user terminal;
Database means for storing an ID of the user terminal currently in operation, an authentication code of the user terminal in operation, and an address of a terminal accommodating station accommodating the user terminal in operation;
Registration authentication means;
The registration authentication means performs authentication using the initial authentication code when receiving the ID of the user terminal and the initial authentication code from the user terminal. If authentication is possible, the registration authentication means is specific to the user terminal. A location server that generates a terminal authentication code, transmits the terminal authentication code to the user terminal, and stores the terminal authentication code in the database. The location server of claim 12,
Distribution means for distributing a control address to each terminal accommodating station,
A location server comprising: In a terminal accommodating station used in a communication system comprising the location server according to claim 13,
Storage means for storing the distributed control address, and further storing a table of the distributed control address and the ID of the user terminal that is the distribution destination;
In response to a request from a user terminal located in a user cell having jurisdiction, one of the distributed control addresses is distributed, and the ID of the distribution destination user terminal is stored in the table. Distribution means to store,
The terminal accommodating station is characterized in that the user terminal executes communication for control using the provided control address. The terminal accommodating station according to claim 14,
The terminal accommodating station includes terminal Alive confirmation means,
This terminal Alive confirmation means
Storing means for storing a terminal list that is a list of the user terminals located in a user cell of the terminal accommodating station,
The terminal Alive confirmation means includes
When a registration and authentication request is transmitted from the user terminal, information on the user terminal is stored in the terminal list, and further, a registration and authentication request is transferred to the location server and transmitted from the location server. Transferring the user terminal-specific authentication code to the user terminal,
The terminal accommodating station, wherein the user terminal performs predetermined communication using an authentication code unique to the user terminal. The terminal accommodating station according to claim 15,
The terminal Alive confirmation means includes
When a control address request is not transmitted from the user terminal for a predetermined period or longer, it is determined that the user terminal is not located in the user cell of jurisdiction, and the information on the user terminal is deleted from the terminal list And the location server notifying the location server that the user terminal is not located in the user cell. In a user terminal that performs communication using the terminal accommodating station according to claim 16,
Address request means for requesting an address for control from the terminal accommodating station at a predetermined cycle;
A user terminal comprising: Multiple communication lines,
A plurality of base stations that connect the plurality of communication lines and constitute a network;
A terminal accommodating station that connects to any of the base stations and communicates with a user terminal;
A management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other;
A network system including:
The user terminal that communicates using the network system;
In the program for operating a computer as the management server used in a communication system comprising:
A distribution procedure for managing and distributing information on the user terminal registered in a communication group, wherein at least a communication group identifier, an ID and an authentication code of the user terminal are stored in a predetermined storage unit Procedure and
The database means for managing and storing the communication status for each communication group stores at least the ID of the user terminal currently participating in the communication group and the address assigned to the user terminal. Database storage procedure;
A user terminal that intends to participate in a predetermined communication group is authenticated by using an authentication code in the predetermined storage means, and as a result of authentication, if participation is permitted, a predetermined address is assigned to the user terminal, An authentication registration management procedure for storing the ID of the user terminal and the assigned address in the database means;
A program characterized by having executed. The program according to claim 18, wherein
In the database storage procedure, the computer further causes the database means to execute a process of storing an authentication code of a user terminal currently participating in a communication group,
The authentication registration management procedure further includes a process of storing the authentication code of the user terminal in the database means when allowing the user terminal to participate in a predetermined communication group to the computer. A program characterized by being executed. Multiple communication lines,
A plurality of base stations that connect the plurality of communication lines and constitute a network;
A terminal accommodating station that connects to any of the base stations and communicates with a user terminal;
A management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other;
A network system including:
The user terminal that communicates using the network system;
In the program for operating a computer as the user terminal used in a communication system comprising:
A procedure for storing, in a predetermined storage means, a first address for executing communication in the first communication group and a second address for executing communication in the second communication group;
A first communication procedure for performing communication in the first communication group using the first address;
A second communication procedure for executing communication in the second communication group using the second address;
And executing the communication using the first communication means and the communication using the second communication means simultaneously. Multiple communication lines,
A plurality of base stations that connect the plurality of communication lines and constitute a network;
A terminal accommodating station that connects to any of the base stations and communicates with a user terminal;
A management server connected to any one of the base stations, and a management server for managing a communication group representing a user terminal group capable of communicating with each other;
A location server that connects to any of the base stations and manages the position of the user terminal;
A network system including:
The user terminal that communicates using the network system;
In the program for operating a computer as the location server used in a communication system comprising:
A storage procedure for storing the ID and authentication code of the user terminal in a predetermined storage means;
A database procedure for storing, in a database means, an ID of the user terminal currently in operation, an authentication code of the user terminal in operation, and an address of a terminal accommodating station accommodating the user terminal in operation;
Registration authentication procedure;
To the computer,
In the registration authentication procedure, when the ID of the user terminal and the initial authentication code are received from the user terminal to the computer, authentication is performed using the initial authentication code. A program for generating a terminal authentication code unique to a terminal, transmitting the terminal authentication code to the user terminal, and executing a process of storing the terminal authentication code in the database. The program according to claim 21, wherein the computer includes:
A delivery procedure for delivering a control address to each terminal accommodating station;
A program characterized by having executed. A program for operating a computer as a terminal accommodating station used in a communication system including the location server according to claim 13,
A storage procedure for storing the distributed control address in a predetermined storage unit, and further storing a table of the distributed control address and a distribution destination user terminal ID in the storage unit;
In response to a request from a user terminal located in a user cell having jurisdiction, any one of the distributed control addresses is distributed to the user terminal, and the ID of the user terminal that is the distribution destination is further distributed. A distribution procedure stored in the table;
A program characterized by having executed. 24. The program according to claim 23, wherein the computer includes:
Run the device Alive confirmation procedure,
This terminal Alive confirmation procedure is
A procedure for storing a terminal list, which is a list of the user terminals located in a user cell of the terminal accommodating station, in a predetermined storage unit;
When a registration and authentication request is transmitted from the user terminal, information on the user terminal is stored in the terminal list, and further, a registration and authentication request is transferred to the location server and transmitted from the location server. A procedure for transferring an authentication code unique to the user terminal to the user terminal;
The program characterized by including. The program according to claim 24,
The terminal Alive confirmation procedure further includes:
When a control address request is not transmitted from the user terminal for a predetermined period or longer, it is determined that the user terminal is not located in the user cell of jurisdiction, and the information on the user terminal is deleted from the terminal list And notifying the location server that the user terminal is not located in the user cell,
The program characterized by including. A program for operating a computer as a user terminal that performs communication using the terminal accommodating station according to claim 16,
An address request procedure for requesting an address for control from the terminal accommodating station at a predetermined cycle;
A program characterized by having executed.

Images