JP2010193101A - Device, method and program for processing communication - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent generation of an extra cost burden on a user when a CUG (Closed User Group) is built, and to prevent occurrence of securement of a wasteful resource on a center side. <P>SOLUTION: When arrival to a reservation time at which use of a CUG is planned is confirmed, a center server refers to a CUG member list corresponding to the reservation time to which arrival is confirmed, identifies user terminating devices A-C constituting the CUG, and establishes communication paths to the respective user terminating devices A-C at the same time. The center server consolidates the respective established communication paths to the respective user terminating devices to build a closed virtual network (CUG). <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a communication processing device, a communication processing method, and a communication processing program.

  2. Description of the Related Art Conventionally, a technology for connecting bases scattered in a plurality of locations using an access network such as a public telephone network or the Internet has been proposed. And by connecting between multiple bases using this technology, voice (telephone) conferences, video conferences, WEB conferences, etc. that enable simultaneous exchange of voice and images between specific users scattered at each base Services are also provided.

  In recent years, a service for constructing a closed network (for example, a VPN (Virtual Private Network)) between a plurality of bases has been provided for the purpose of performing data communication safely between a plurality of bases possessed by a company or the like. . A closed network constructed by this service, that is, a closed network that enables data communication by a specific user or data communication between specific users is also called a CUG (Closed User Group).

  When constructing a CUG between a plurality of users, user-side operations are required as described below. For example, the user makes a contract with the user in advance to construct the CUG, and each user individually accesses the center server and requests the construction of the CUG. When the center server accepts the request, it allocates the CUG to the network connected with each user, thereby constructing a CUG that enables data communication between specific users.

  In the service for constructing the CUG, a so-called pay-per-use system is generally adopted in which charging is performed only while a user is connected to an access network such as a public telephone network or the Internet.

JP 2002-232575 A JP 2003-125370 A

  However, for example, when a WEB conference is held between users who have applied for the construction of the CUG, the following problems may occur.

  In other words, since a user who has signed up for the construction of a CUG has individual access to the center server, the connection to the access network until the WAITING of the WEB conference is completed is charged, and the extra cost A user is forced to bear a burden.

  Further, the resources secured for CUG construction on the center server side become useless resources as the delay in waiting for a WEB conference is delayed because each user individually accesses the center server.

  The present invention has been made in view of the above, and prevents an unnecessary cost burden on the user when constructing a CUG, and prevents an unnecessary resource from being secured on the center side. An object of the present invention is to provide a communication processing device, a communication processing method, and a communication processing program that can be used.

  In order to solve the above-described problems and achieve the object, the present invention provides a communication processing device for constructing a virtual closed network to be used by a plurality of terminal devices, which communicates with each of the plurality of terminal devices. The communication path establishment means for establishing the paths all at once and the virtual closed network construction means for constructing the virtual closed network by aggregating the communication paths established by the communication path establishment means.

  The present invention can prevent an unnecessary cost burden on the user when constructing a CUG, and can prevent an unnecessary resource from being secured on the center side.

FIG. 1 is a diagram for explaining the outline and features of the center server according to the first embodiment. FIG. 2 is a diagram illustrating a system configuration according to the first embodiment. FIG. 3 is a diagram illustrating the configuration of the center server according to the first embodiment. FIG. 4 is a diagram illustrating a configuration example of the CUG-DB according to the first embodiment. FIG. 5 is a diagram illustrating a configuration example of the user DB according to the first embodiment. FIG. 6 is a diagram illustrating a configuration example of the status DB according to the first embodiment. FIG. 7 is a diagram illustrating a flow of CUG information registration processing according to the first embodiment. FIG. 8 is a diagram illustrating the flow of the CUG construction process according to the first embodiment. FIG. 9 is a diagram illustrating a flow of a communication path establishment phase according to the first embodiment. FIG. 10 is a diagram illustrating a process flow at the end of use of the CUG according to the first embodiment. FIG. 11 is a diagram illustrating a flow of a communication path disconnection phase according to the first embodiment. FIG. 12 is a diagram illustrating a computer that executes a communication processing program.

  Hereinafter, Example 1 will be described in detail as an embodiment of a communication processing device, a communication processing method, and a communication processing program according to the present invention with reference to the drawings. The present invention is not limited to the first embodiment.

  In the following first embodiment, a center server is taken as an example of the communication processing apparatus according to the present invention, and the outline and features of the center server according to the first embodiment, the configuration of the center server, and the processing in the first embodiment will be described in order. Finally, the effect of the first embodiment will be described.

  The center server according to the first embodiment outlines the construction of a closed virtual network that is used by a plurality of user termination devices. The center server according to the first embodiment is characterized in that a communication path is established simultaneously with each of the user termination devices, and the established communication paths are aggregated to construct a closed virtual network. There is.

  FIG. 1 is a diagram for explaining the outline and features of the center server according to the first embodiment. In a first embodiment described below, a case will be described in which the center server shown in the figure constructs a CUG that is a closed virtual network that can be used by the user terminal devices A to C shown in the figure.

  As illustrated in FIG. 1, the center server according to the first embodiment is connected to a user terminal device A to C through an access network (public telephone network, IP network, SIP network, or the like). . In addition, the center server according to the first embodiment is a CUG member that is a list of user termination devices that constitute a CUG, a reservation time (and usage time) at which the CUG is scheduled to be used, a group ID that is uniquely assigned to the CUG, and a CUG. A DB that stores CUG information configured in association with a list or the like can be accessed.

  Then, the center server according to the first embodiment reads the CUG information from the DB, and monitors arrival of the reservation time in the read CUG information. When the arrival at the reservation time is confirmed (see (1) in FIG. 1), the CUG member list corresponding to the reservation time at which the arrival is confirmed is referred to, and the user terminal devices A to C constituting the CUG are referred to. And a communication path is established simultaneously with each of the user terminal devices A to C (see (2) in FIG. 1).

  After establishing each communication path, the center server according to the first embodiment aggregates the communication paths established with each of the user termination devices A to C, and assigns group IDs corresponding to the aggregated communication paths. A CUG is constructed (see (3) in FIG. 1).

  As described above, the center server according to the first embodiment simultaneously establishes communication paths with each of the user termination devices, and aggregates the established communication paths to create a closed virtual network CUG. To construct. For this reason, it is possible to prevent the user from being burdened with extra costs when constructing the CUG, and to prevent the center from securing unnecessary resources.

[Configuration of Center Server (Example 1)]
FIG. 2 is a diagram illustrating a system configuration according to the first embodiment. FIG. 3 is a diagram illustrating the configuration of the center server according to the first embodiment.

  As shown in FIG. 2, the center server 200 according to the first embodiment is connected to the user terminal devices A to C through the access network 1 (public telephone network, IP network, SIP network, etc.). ing. The center server 200 can access the CUG-DB 400, the user DB 500, and the status DB 600. Further, the center server 200 establishes a communication path by exchanging signals with the user terminal devices A to C via the SIP server 300 in the access network 1.

  The CUG-DB 400 accepts registration from the center server 200 and stores in advance CUG information for constructing the CUG. For example, as shown in FIG. 4, the reservation time (for example, 02/09/12: 00) scheduled to use the CUG, the usage time (for example, 2 hours), and the group ID for uniquely assigning to the CUG ( For example, CUG1 or CUG2), user (device) list (CUG member list, for example, A, B, C) constituting the CUG, and connection bandwidth (for example, 2 Mbps, 3 Mbps) are associated and stored as CUG information. . FIG. 4 is a diagram illustrating a configuration example of the CUG-DB according to the first embodiment.

  The user DB 500 receives registration from the center server 200 and stores in advance user information about users who access the center server 200. For example, as shown in FIG. 5, a user (device) ID (for example, A, B, C), a telephone number, an access type, authentication information, and communication path setting information (setting information for using an access type (used) Encryption method or the like) is associated and stored as user information. FIG. 5 is a diagram illustrating a configuration example of the user DB according to the first embodiment.

  The status DB 600 accepts registration from the center server 200 and stores information on the situation and the like regarding the user who is using the CUG. For example, as shown in FIG. 6, a group ID assigned to the CUG, a communication path ID (for example, VPN1-1) unique to the communication path established with each of the user termination devices, and a user (device) ID (For example, A), a status indicating the usage status of the CUG (for example, being used or not used), the usage start time and the usage end time of the CUG are associated and stored as status information. FIG. 6 is a diagram illustrating a configuration example of the status DB according to the first embodiment.

  As shown in FIG. 3, the center server 200 includes a CUG registration function unit 210, a DB access function unit 220, a VPN control unit 230, and a CUG management unit 240.

  The CUG registration function unit 210 receives a reservation time (and usage time) scheduled to use the CUG, a user list of users using the CUG, and a connection bandwidth when using the CUG from a user who registers information related to the CUG. Accept information. The CUG registration function unit 210 accesses the CUG-DB 400 via the DB access function unit 220, and uniquely assigns the reservation time (and use time), user list, and connection bandwidth when using the CUG to the CUG. Are registered as CUG information in association with each other.

  The DB access function unit 220 enables access to the CUG-DB 400, the user DB 500, and the status DB 600 from the CUG registration function unit 210 and the VPN control unit 230, reads information from each DB, and registers information for each DB (and Update).

  The VPN control unit 230 controls the establishment of a communication path with the user termination device and also controls the construction of the CUG. More specifically, the VPN control unit 230 reads CUG information from the CUG-DB 400 and monitors arrival of the reserved time in the read CUG information.

  When the arrival of the reservation time is confirmed, the VPN control unit 230 refers to the user (termination device) list (CUG member list) corresponding to the reservation time for which the arrival is confirmed, and the users configuring the CUG The terminal devices A to C are specified, and network resources necessary for the construction of CUG (group ID: CUG1) are secured from the number of users and the connection bandwidth. Examples of the network resource include network resources such as a bandwidth and a VLAN, processing capability on the center server side, and the like.

  After securing the network resources, the VPN control unit 230 accesses the user DB 500 via the DB access function unit 220, and acquires the telephone numbers, access types, and authentication information of the user terminal devices A to C. Then, the VPN control unit 230 sends the telephone numbers, access types, and authentication information of the user termination devices A to C to the communication path establishment unit 242 of the CUG management unit 240, and communicates with each of the user termination devices A to C. To establish a communication channel all at once.

  In addition, the VPN control unit 230 constructs a CUG by allocating a communication path established between each of the user terminal devices A to C to the network resource reserved for constructing the CUG (group ID: CUG1). The CUG management unit 240 is instructed to do so.

  When the VPN control unit 230 receives from the CUG management unit 240 a notification of completion of allocation of the aggregated communication paths to the CUG, the VPN control unit 230 accesses the status DB 600 via the DB access function unit 220 and assigns the group ID ( For example, a communication path ID (for example, VPN1-1, VPN1-2, VPN1-3) unique to a communication path established between each of CUG1) and user termination apparatuses A to C, user (termination apparatus) ID (For example, A, B, C), status (for example, in use) and use start time (for example, 12:00) are registered. Thus, the VPN control unit 230 completes the construction of the CUG.

  After the CUG is constructed, the VPN control unit 230 reads the CUG usage time stored in the CUG-DB 400 in association with the group ID (for example, CUG1) assigned to the CUG, and starts using the CUG. Monitor the elapsed time from being used to reach the usage time. The VPN control unit 230 instructs the communication path establishment unit 242 to disconnect the communication path when the elapsed time since the use of the CUG reaches the usage time.

  Thereafter, when the communication path disconnection completion notification is received from the communication path establishment unit 242, the VPN control unit 230 releases the network resources reserved for the construction of the CUG (group ID: CUG1). Then, the VPN control unit 230 accesses the status DB 600 via the DB access function unit 220 and updates the status information stored in the status DB 600. Specifically, the status corresponding to the disconnected communication path is updated from “in use” to “unused”, and the use end time (for example, 15:00) is registered.

  As shown in FIG. 3, the CUG management unit 240 includes a network interface 241, a communication path establishment unit 242, and a bandwidth control unit 243. The network interface 241 controls data communication with a user terminal device (for example, A to C).

  In response to an instruction from the VPN control unit 230, the communication path establishment unit 242 establishes a communication path with each of the user termination devices (for example, A to C) all at once.

  The communication path establishment unit 242 uses, for example, SSL (Secure Socket Layer) or IPsec (Security Architecture for Internet Protocol), and an Internet VPN (such as SSL-VPN or IPsec-VPN) between the user terminal devices A to C. Virtual Private Network) may be established all at once. Alternatively, an IP-VPN such as MPLS-VPN may be established all at once using a label switching router that supports MPLS (Multi-Protocol Label Switching).

  The bandwidth control unit 243 controls the bandwidth of the CUG within the network resource secured by the VPN control unit 230 in response to an instruction from the communication path establishment unit 242.

[Communication channel establishment phase]
Below, the communication path establishment unit 242 establishes an Internet VPN with the user terminal devices A to C at once using a function for establishing a session by SIP (Session Initiation Protocol) (also referred to as a SIP dial-up function). The case (communication channel establishment phase) will be specifically described.

  The communication path establishment unit 242 activates the SIP dial-up function using the telephone numbers of the user terminal devices A to C received from the VPN control unit 230 as input parameters. Then, “SIP INVITE (connection request signal)” is set, in which the telephone numbers of the user terminal devices A to C are called line numbers (To: ˜) and the telephone number of the center server 200 is a calling line number (From: ˜). Send all at once.

  The communication path establishment unit 242 receives “200 OK (response signal to SIP INVITE)” transmitted from the user terminal devices A to C when the connection is permitted in the user terminal devices A to C, and receives “ACK ( Response signal for 200 OK) "is returned to the user terminal devices A to C, respectively. Then, the communication path establishment unit 242 uses the information described in SDP (Session Description Protocol) (connection destination port number, IP address, etc.) in the SIP dialup with the user termination devices A to C, Initiate a VPN connection between

  The communication path establishment unit 242 transmits an IKEv2 (Internet Key Exchange version 2) request to the user terminal devices A to C. When receiving the IKEv2 response to the IKEv2 request from the user terminal devices A to C, the communication path establishment unit 242 performs certificate-based authentication using the line number as an ID, using the authentication information received from the VPN control unit 230. Authentication is not limited to certificate-based authentication, and shared secret key or password-based authentication may be performed.

  If the authentication is successful, the communication path establishment unit 242 performs NAT (Network Address Translation) settings and the like, and establishes a connection between the LAN (Local Area Network) on the center server 200 side and each LAN on the user terminal devices A to C side. Establishment of the communication channel (Internet VPN) is completed. Then, the communication path establishment unit 242 instructs the bandwidth control unit 243 to control the CUG bandwidth within the network resource secured by the VPN control unit 230.

[Assignment phase of aggregated communication channels to CUG]
Next, allocation to CUG in CUG management unit 240 will be specifically described. In response to an instruction from the VPN control unit 230, the CUG management unit 240 sets the user termination devices A to C on the network resources secured by the VPN control unit 230 in order to construct the CUG (group ID: CUG1). A CUG is constructed by allocating a communication path established between them. Then, the CUG management unit 240 notifies the VPN control unit 230 of the completion of assignment to the CUG.

[Communication path disconnection phase]
Subsequently, a specific case where the communication path establishment unit 242 uses the SIP (Session Initiation Protocol) dial-up function to simultaneously disconnect the VPNs established with the user terminal devices A to C (communication path disconnection phase). Explained.

  When the communication path establishment unit 242 receives a communication path disconnection instruction from the VPN control unit 230, the communication path establishment unit 242 starts a VPN disconnection operation and transmits an IKEv2 request INFORMATION (Delete) to the user terminal devices A to C. When the IKEv2 response INFORMATIONAL (Delete) is received from the user terminal devices A to C, the communication path establishment unit 242 deletes the SA (encryption setting). Then, the communication path establishment unit 242 activates the SIP dial-up function and transmits “SIP BYE (connection disconnection request signal)” to the user terminal devices A to C, respectively. When receiving “SIP 200 OK” from the user terminal devices A to C, the communication path establishment unit 242 notifies the VPN control unit 230 of the completion of disconnection of the communication path.

[Processing in Example 1 (Example 1)]
Hereinafter, the flow of processing in the first embodiment will be described with reference to FIGS.

[CUG information registration process]
FIG. 7 is a diagram illustrating a flow of CUG information registration processing according to the first embodiment. As shown in the figure, a user (use computer) who registers CUG information has a reservation time (and use time) scheduled to use the CUG, a user list of users who use the CUG, and connections when using the CUG. The bandwidth information is transmitted as CUG information to the center server 200 (step S1).

  The CUG registration function unit 210 of the center server 200 registers, as CUG information, reservation time (and usage time) scheduled to use the CUG, a user list of users who use the CUG, and connection bandwidth information when using the CUG. Received from the user, the CUG-DB 400 is accessed via the DB access function unit 220, and the group ID for uniquely assigning the CUG to the reservation time (and usage time), the user list, and the connection bandwidth when using the CUG is received. Correspondingly, it registers as CUG information (step S2). Then, the center server 200 responds to the registrant with the completion of registration of the CUG information (step S3).

[CUG construction processing]
FIG. 8 is a diagram illustrating the flow of the CUG construction process according to the first embodiment. As shown in the figure, the VPN control unit 230 reads CUG information from the CUG-DB 400 (step S1), and monitors the arrival of the reserved time in the read CUG information. When the arrival of the reservation time is confirmed, the VPN control unit 230 refers to the user (termination device) list (CUG member list) corresponding to the reservation time for which the arrival is confirmed, and the users configuring the CUG Terminating devices A to C are identified, and network resources necessary for the construction of CUG (group ID: CUG1) are secured from the number of users and the connection bandwidth (step S2).

  After securing the network resources, the VPN control unit 230 accesses the user DB 500 via the DB access function unit 220, and acquires the telephone numbers, access types, and authentication information of the user terminal devices A to C. Then, the VPN control unit 230 sends the telephone numbers, access types, and authentication information of the user termination devices A to C to the communication path establishment unit 242 of the CUG management unit 240, and communicates with each of the user termination devices A to C. To establish a communication channel all at once. In addition, the VPN control unit 230 constructs a CUG by allocating a communication path established between each of the user terminal devices A to C to the network resource reserved for constructing the CUG (group ID: CUG1). The CUG management unit 240 is instructed to do so.

  In response to an instruction from the VPN control unit 230, the communication path establishment unit 242 starts a communication path establishment phase (see FIG. 9) with the user termination device (for example, A to C) all at once, and the user termination device A communication path is established simultaneously with each of (for example, A to C) (step S3).

  In response to an instruction from the VPN control unit 230, the CUG management unit 240 sets the user termination devices A to C on the network resources secured by the VPN control unit 230 in order to construct the CUG (group ID: CUG1). A communication path established between each is allocated (step S4), and a CUG is constructed. Then, the CUG management unit 240 notifies the VPN control unit 230 of the completion of assignment to the CUG.

  When the VPN control unit 230 receives a notification of completion of assignment of the aggregated communication paths to the CUG from the CUG management unit 240, the VPN control unit 230 accesses the status DB 600 via the DB access function unit 220, and assigns a group ID (for example, CUG1), a communication path ID (for example, VPN1-1, VPN1-2, VPN1-3) unique to a communication path established between each of the user termination apparatuses A to C, and a user (termination apparatus) ID (for example, , A, B, C), status (for example, in use) and use start time (for example, 12:00) are registered (step S5). Thus, the VPN control unit 230 completes the construction of the CUG (Step S6).

(Communication channel establishment phase)
FIG. 9 is a diagram illustrating a flow of a communication path establishment phase (a process using a function for establishing a session by SIP) according to the first embodiment. As shown in the figure, the communication path establishment unit 242 activates the SIP dial-up function using the telephone numbers of the user terminal devices A to C received from the VPN control unit 230 as input parameters (step S1). Then, “SIP INVITE (connection request signal)” having the telephone numbers of the user terminal devices A to C as the called line number (To :) and the telephone number of the center server 200 as the calling line number (From :) all at once. Make a call (step S2).

  Upon receiving “SIP INVITE” from the center server 200, the user terminal devices A to C permit connection from the other party in advance or by telephone operation or the like each time the connection is made (step S3). Then, the user terminal devices A to C return “200 OK (response signal to SIP INVITE)” to the center server 200 (step S4).

  When receiving “200 OK (response signal to SIP INVITE)” from the user termination devices A to C, the communication path establishment unit 242 returns “ACK (response signal to 200 OK)” to the user termination devices A to C, respectively. (Step S5). Then, the communication path establishment unit 242 uses the information described in SDP (Session Description Protocol) (connection destination port number, IP address, etc.) in the SIP dialup with the user termination devices A to C, VPN connection is started (step S6).

  Then, when the communication path establishment unit 242 transmits an IKEv2 (Internet Key Exchange version 2) request to the user termination devices A to C and receives an IKEv2 response to the IKEv2 request from the user termination devices A to C, the VPN control unit 230 Using the received authentication information, certificate-based authentication is performed using the line number as an ID (step S7). If the authentication is successful, the communication path establishment unit 242 performs NAT (Network Address Translation) setting and the like (step S8).

  On the other hand, the user terminal devices A to C permit the connection from the partner exchanged by SDP (step S9), and return the IKEv2 response to the IKEv2 request to the center server 200, while using the certificate number with the line number as the ID. Is authenticated (step S10). Authentication is not limited to certificate-based authentication, and shared secret key or password-based authentication may be performed. If the authentication is successful, the user terminal devices A to C perform NAT (Network Address Translation) settings and the like (step S11). In this way, establishment of a communication path (Internet VPN) between the LAN (Local Area Network) on the center server 200 side and each LAN on the user terminal devices A to C side is completed.

[Processing at the end of CUG use (Example 1)]
FIG. 10 is a diagram illustrating a process flow at the end of use of the CUG according to the first embodiment. After the CUG is constructed, the VPN control unit 230 reads the CUG usage time stored in the CUG-DB 400 in association with the group ID (for example, CUG1) assigned to the CUG, and the use of the CUG is started. Monitor the elapsed time since the end of the day.

  Then, when the elapsed time from the start of CUG usage reaches the usage time, the VPN control unit 230 starts a VPN disconnection operation (step S1) and disconnects the communication path as shown in FIG. The communication path establishment unit 242 is instructed as follows.

  When the communication path establishment unit 242 receives a communication path disconnection instruction from the VPN control unit 230, the communication path establishment unit 242 executes a communication path disconnection phase (see FIG. 11) that simultaneously disconnects the VPNs established with the user terminal devices A to C. (Step S1). When the communication path disconnection phase is completed, the communication path establishment unit 242 notifies the VPN control unit 230 of the completion of the communication path disconnection.

  When the VPN control unit 230 receives a communication path disconnection completion notification from the communication path establishment unit 242, the VPN control unit 230 releases the network resources reserved for constructing the CUG (group ID: CUG1) (step S2). Then, the VPN control unit 230 accesses the status DB 600 via the DB access function unit 220 and updates the status information stored in the status DB 600 (step S3). Specifically, the status corresponding to the disconnected communication path is updated from “in use” to “unused”, and the use end time (for example, 15:00) is registered. As described above, the VPN control unit 230 completes the shutdown of the CUG (step S4).

[Communication path disconnection phase]
FIG. 11 is a diagram illustrating a flow of a communication path disconnection phase (a process using a function for establishing a session by SIP) according to the first embodiment. As shown in the figure, when receiving a communication path disconnection instruction from the VPN control unit 230, the communication path establishment unit 242 starts a VPN disconnection operation (step S1).

  Then, when the communication path establishment unit 242 transmits an IKEv2 request INFORMATION (Delete) to the user terminal devices A to C and receives an IKEv2 response INFORMATIONAL (Delete) from the user terminal devices A to C, SA (encryption setting) is set. After deletion (step S2), the SIP dial-up function is activated, and “SIP BYE (connection disconnection request signal)” is transmitted to each of the user terminal devices A to C (step S3).

  On the other hand, when receiving the IKEv2 request INFORMATION (Delete) from the center server 200, the user terminal devices A to C delete the SA (encryption setting) (step S4). Then, upon receiving “SIP BYE” from the center server 200, the user termination devices A to C return “SIP 200 OK” to the center server 200 (step S5). When the communication path establishment unit 242 receives “SIP 200 OK” from the user terminal devices A to C, the communication path establishment unit 242 notifies the VPN control unit 230 of completion of disconnection of the communication path.

[Effects of Example 1]
As described above, according to the first embodiment, connection requests are made to a plurality of user terminal devices A to C all at once, and VPNs are established with the user terminal devices A to C, respectively, Aggregate each established VPN to build a closed virtual network (CUG).

  In this way, since the communication path is established from the center side to the user side at the same time without individually accessing the center from the user side, the connection to the access network until the construction of the CUG is completed is charged. Thus, there is no occurrence of a user who is forced to pay an extra cost, and it is possible to prevent the user from being charged with an extra cost when constructing a CUG.

  Furthermore, since the communication path is established from the center side to the user side at the same time, it is possible to prevent unnecessary resources from being secured on the center side.

  Further, according to the first embodiment, VPNs established between the user terminal devices A to C are disconnected at the same time, so that it is possible to avoid extra cost burden on the user side and securing unnecessary resources on the center side as much as possible. .

  In the first embodiment, when the center server 200 establishes a communication path with the user terminal device all at once when the reserved time registered in the CUG-DB 400 in advance as the CUG usage time is reached. Explained. However, the present invention is not limited to this. For example, a CUG is constructed together with information necessary for CUG construction such as information on other users who use the CUG from any of the users who intend to use the CUG. Upon receiving the request, the center server 200 may establish a communication path with the user termination device all at once by using this request as a trigger.

  Hereinafter, Example 2 will be described as another embodiment of the communication processing device, the communication processing method, and the communication processing program according to the present invention.

(1) Device Configuration, etc. Each component of the center server 200 shown in FIG. 3 is functionally conceptual and does not necessarily need to be physically configured as illustrated. That is, the specific form of distribution / integration of the center server 200 is not limited to the illustrated one, and for example, the CUG-DB 400, the user DB 500, and the status DB 600 are integrated into the center server 200. As described above, all or a part of the center server 200 can be configured to be functionally or physically distributed / integrated in arbitrary units according to various loads or usage conditions. Furthermore, each processing function (see FIGS. 7 to 11 and the like) performed by the center server 200 is realized by a CPU and a program that is analyzed and executed by the CPU, or wired. It can be realized as hardware by logic.

(2) Communication processing program Various processes (for example, see FIGS. 7 to 11 and the like) of the center server 200 described in the first embodiment described above are carried out using a computer system such as a personal computer or a workstation. It can be realized by executing with. In the following, an example of a computer that executes a communication processing program having the same function as that of the first embodiment will be described with reference to FIG. FIG. 12 is a diagram illustrating a computer that executes a communication processing program.

  As shown in the figure, a computer 700 as the center server 200 is configured by connecting a communication control unit 710, an HDD 720, a RAM 730, and a CPU 740 with a bus 800.

  Here, the communication control unit 710 controls communication related to the exchange of various types of information. The HDD 720 stores information necessary for the CPU 740 to execute various processes. The RAM 730 temporarily stores various information. The CPU 740 executes various arithmetic processes.

  As shown in FIG. 12, the HDD 720 stores in advance a communication processing program 721 that performs the same function as each processing unit of the center server 200 shown in the first embodiment and communication processing data 722. Has been. Note that the communication processing program 721 can be appropriately distributed and stored in a storage unit of another computer that is communicably connected via a network.

  The CPU 740 reads out the communication processing program 721 from the HDD 720 and develops it in the RAM 730, so that the communication processing program 721 functions as a communication processing process 731 as shown in FIG. Then, the communication processing process 731 reads out the communication processing data 722 and the like from the HDD 720, expands them in the area allocated to itself in the RAM 730, and executes various processes based on the expanded data and the like. The communication processing process 731 corresponds to the processing executed in the VPN control unit 230 of the center server 200 shown in FIG.

  Note that the above-described communication processing program 721 does not necessarily need to be stored in the HDD 720 from the beginning. For example, a flexible disk (FD), a CD-ROM, a DVD disk, a magneto-optical disk, an IC inserted into the computer 700 can be used. Each program is stored in a “portable physical medium” such as a card, or “another computer (or server)” connected to the computer 700 via a public line, the Internet, a LAN, a WAN, or the like. The computer 700 may read and execute each program from these.

(3) Communication Processing Method The following communication processing method is realized by the center server 200 described in the first embodiment.

  That is, a communication path establishment step that establishes a communication path with each of a plurality of terminal devices all at once (see, for example, step S3 in FIG. 8 and FIG. 9), and each communication path established by the communication path establishment step And a virtual closed network construction step for constructing a virtual closed network (see, for example, steps S4 and S5 in FIG. 8).

  As described above, the communication processing device, the communication processing method, and the communication processing program according to the present invention are useful when constructing a closed virtual network to be used by a plurality of user termination devices, and are particularly unnecessary for the user. It is suitable for preventing occurrence of cost burden and preventing occurrence of useless resources.

DESCRIPTION OF SYMBOLS 1 Access network 200 Center server 210 CUG registration function part 220 DB access function part 230 VPN control part 240 CUG management part 300 SIP server 400 CUG-DB
500 user DB
600 Status DB
700 Computer 710 Communication Control Unit 720 HDD (Hard Disk Drive)
721 Communication processing program 722 Communication processing data 730 RAM (Random Access Memory)
731 Communication Processing Process 740 CPU (Central Processing Unit)
800 bus

Claims (9)

A communication processing device for constructing a virtual closed network to be used by a plurality of terminal devices,
A communication path establishment means for establishing a communication path with each of the plurality of terminal devices simultaneously;
A virtual closed network construction unit that constructs the virtual closed network by aggregating the communication paths established by the communication path establishment unit.   The communication path establishment means establishes a communication path with each of the plurality of terminal devices all at once, on condition that a preset reservation time is reached with the use of the virtual closed network as a start time. The communication processing device according to claim 1.   2. The communication according to claim 1, wherein the communication path establishing means establishes a communication path with each of the plurality of terminal devices all on the condition that a request for using a virtual closed network is received. Processing equipment. Associating a group identifier for uniquely assigning each of the groups composed of a plurality of terminal devices using the virtual closed network with a reservation time set in advance as a time to start using the virtual closed network A storage means for storing;
When the communication path establishment means reads the reservation time stored in the storage means and determines that the read reservation time has been reached, the communication path establishment means stores the reservation time in association with the reservation time. 2. The communication path is simultaneously established with each of a plurality of terminal devices constituting a group to which the read group identifier is assigned. Communication processing device. The storage means further stores a use time of the virtual closed network in association with the group identifier and the reservation time,
After the virtual closed network is constructed by the virtual closed network construction means, the elapsed time from the start of use of the constructed virtual closed network is monitored, and assigned to the constructed virtual closed network When the usage time stored in the storage means is read in association with the group identifier and the elapsed time reaches the read usage time, the communication path established by the communication path establishment means is The communication processing apparatus according to claim 4, further comprising a communication path cutting unit for cutting.   The communication processing apparatus according to claim 1, wherein the communication path establishment unit establishes a communication path with each of the plurality of termination apparatuses using SIP. .   The communication processing apparatus according to claim 5, wherein the communication path disconnecting unit simultaneously disconnects the communication paths established by the communication path establishing unit using SIP. A communication processing method for constructing a virtual closed network to be used by a plurality of terminal devices,
A communication path establishing step for establishing a communication path with each of the plurality of terminal devices simultaneously;
A virtual closed network construction step of constructing the virtual closed network by aggregating the communication paths established in the communication path establishment step. A communication processing program for causing a computer to execute processing for constructing a virtual closed network to be used by a plurality of terminal devices,
A communication path establishment procedure for establishing a communication path at once with each of the plurality of termination devices;
A communication processing program for causing a computer to execute a virtual closed network construction procedure for constructing the virtual closed network by aggregating communication paths established by the communication path establishment procedure.

Images