JP2021082082A - Communication control unit, communication system, and communication control method - Google Patents

Abstract

To provide a communication control unit, a communication system, and a communication control method that can display only an available network resource dynamically on a portal site.SOLUTION: An OpenFlow controller 2 comprises: a storage unit 21 that stores a communication control rule (flow table 21B) in which at least one network resource is registered as an access permission resource; an operation unit 22 that updates the communication control rule in accordance with an increase or a decrease in the network resources related to the access permission resources; and a web application unit 26 that displays only the access permission resources registered in the communication rule updated by the operation unit 22 on a portal site as a list.SELECTED DRAWING: Figure 4

Description

The present invention relates to a communication control device, a communication system, and a communication control method.

In the network environment of facilities such as schools and offices, to provide a portal site of a list of devices and services that can be used on the spot to information terminals connected to the network, and to use each service via the portal site. A technique for guiding to a Web page is known. As a result, the user of the information terminal does not have to enter the URL for accessing the Web page, and the opportunity loss due to not being aware of the existence of the service can be eliminated.

Patent Document 1 discloses a technique of posting a search result list corresponding to a search keyword input by a client on the portal site for the purpose of maintaining the freshness of the content posted on the portal site. In addition, the responsiveness of the Web pages listed in the list is guaranteed by adding only the Web pages that try to access the Web pages in the list at regular intervals and return a response within the fixed time to the list.

However, conventional portal sites such as Patent Document 1 cannot cope with equipment fluctuations such as an increase or decrease in equipment when posting Web contents for using equipment in a facility, for example.

An object of the present invention is to dynamically display only available network resources on a portal site.

In order to solve the above-mentioned problems, the communication control device according to one aspect of the present invention has a storage unit in which a communication control rule in which at least one network resource is registered as an access permission resource is stored, and the access permission resource. A Web that displays only the operation unit that updates the communication control rule according to the increase or decrease of the network resource and the access permission resource registered in the communication control rule updated by the operation unit as a list on the portal site. It has an application section.

Only available network resources can be dynamically displayed on the portal site.

Schematic configuration diagram of the communication system according to the embodiment The figure which shows an example of the hardware configuration of the OpenFlow controller. The figure which shows an example of the hardware composition of the OpenFlow switch. Functional block diagram of OpenFlow controller The figure which shows an example of the setting screen for registering a permission resource Diagram showing an example of the screen configuration of the portal site Diagram showing the update operation of the portal site due to the change of the permission resource The figure explaining the flow of the redirection function in a communication system Smartphone hardware configuration diagram Hardware configuration diagram of electronic blackboard Hardware configuration diagram of video conferencing terminal

Hereinafter, embodiments will be described with reference to the accompanying drawings. In order to facilitate understanding of the description, the same components are designated by the same reference numerals as much as possible in each drawing, and duplicate description is omitted.

<Overall configuration of communication system>
FIG. 1 is a schematic configuration diagram of a communication system 1 according to an embodiment. The communication system 1 of FIG. 1 is a portal site in which a list of devices / services available from the information terminal T is displayed on the information terminal T connected to the network N in a network environment of a facility such as a school or an office. P is provided, and the user is guided to a Web page for using each service via the portal site P. As a result, the user of the information terminal T does not have to enter the URL for accessing the Web page, and the opportunity loss due to not being aware of the existence of the service can be eliminated.

In the present embodiment, the “device / service” is a network resource R that is communicably connected via the network N, and is, for example, a printer or an IWB (Interactive White Board: an electronic blackboard function capable of mutual communication). Includes whiteboards (also called electronic blackboards), the Internet, and in-facility servers. Hereinafter, devices and services may be collectively referred to as "services" and "resources".

As shown in FIG. 1, the communication system 1 controls communication between the network resource group R, which is communicably connected via the network N, and the information terminal T. In particular, data is exchanged between the network resource (access permission resource R1) that is permitted to be accessed from the information terminal T in the resource group R and the information terminal T. As shown in FIG. 1, the communication system 1 includes an OpenFlow controller (communication control device) 2 and an OpenFlow switch 3 (switch).

The communication system 1 according to the embodiment constructs a network environment in which only limited network resources (access permission resource R1) can be used by access control using OpenFlow technology, and communicates in this environment. Control. In the OpenFlow technology, a communication control rule (transfer rule) is registered in the OpenFlow controller 2, and the OpenFlow controller 2 stores the flow table 21B in which the communication control rule is described in the plurality of OpenFlow switches 3. Each OpenFlow switch 3 determines a processing method (for example, data transfer availability, data conversion, etc.) of a packet received from the information terminal T based on the stored flow table 21B. Here, the "communication control rule" is information in which at least one network resource R is registered as an access permission resource R1, and is information in the flow table 21B in the present embodiment (see FIG. 4 and the like).

The OpenFlow controller 2 has a Web server 4 and displays the portal site P. However, the Web server 4 and the portal site P do not necessarily have to be installed in the OpenFlow controller 2, and may exist separately. Alternatively, the OpenFlow controller 2 and the Web server 4 (portal site P) may be integrated with the OpenFlow switch 3.

The OpenFlow switch 3 is installed on the communication path between the information terminal T and the network resource R, and takes charge of communication control under the control of the OpenFlow controller 2. Here, the OpenFlow controller 2 and the OpenFlow switch 3 have a one-to-many relationship, and a plurality of the OpenFlow switch 3 and the information terminal T in FIG. 1 may exist.

In the example of FIG. 1, the access permission resource R1 includes the printers A and B and the electronic blackboard, and is registered as the access permission target of the OpenFlow controller 2. Resources that are not registered as access permission targets (in-facility server and Internet in FIG. 1) are regarded as access prohibited resource R2.

In the communication system 1, the OpenFlow controller 2 displays only the access permission resource R1 on the portal site P based on the access control setting using the OpenFlow technology. Further, the OpenFlow controller 2 changes the access control setting (communication control rule in the flow table 21B) when the network resource R related to the access permission resource R1 is increased or decreased or the device itself is replaced. By doing so, the resource change can be reflected in the portal site P as well, which is configured to reduce the time and effort for individually modifying the content posted on the portal site P.

<Hardware configuration>
Subsequently, the hardware configuration of each device included in the communication system 1 will be described. FIG. 2 is a diagram showing an example of the hardware configuration of the OpenFlow controller 2. The OpenFlow controller 2 is physically realized in a computer system as shown in FIG. 2, for example.

As shown in FIG. 2, the OpenFlow controller 2 is constructed by a computer, and as shown in FIG. 2, CPU201, ROM202, RAM203, HD204, HDD (Hard Disk Drive) controller 205, and a display. It includes 206, an external device connection I / F (Interface) 208, a network I / F 209, a data bus 210, a controller 211, a pointing device 212, a DVD-RW (Digital Versatile Disk Rewritable) drive 214, and a media I / F 216.

Of these, the CPU 201 controls the operation of the entire OpenFlow controller 2. The ROM 202 stores a program used to drive the CPU 201 such as an IPL. The RAM 203 is used as a work area of the CPU 201. The HD204 stores various data such as programs. The HDD controller 205 controls reading or writing of various data to the HD 204 according to the control of the CPU 201. The display 206 displays various information such as cursors, menus, windows, characters, or images. The external device connection I / F 208 is an interface for connecting various external devices. The external device in this case is, for example, a USB (Universal Serial Bus) memory, a printer, or the like. The network I / F 209 is an interface for performing data communication using a communication network. The bus line 210 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 201 shown in FIG.

Further, the keyboard 211 is a kind of input means including a plurality of keys for inputting characters, numerical values, various instructions and the like. The pointing device 212 is a kind of input means for selecting and executing various instructions, selecting a processing target, moving a cursor, and the like. The DVD-RW drive 214 controls reading or writing of various data to the DVD-RW 213 as an example of the removable recording medium. In addition, it is not limited to DVD-RW, and may be DVD-R or the like. The media I / F 216 controls reading or writing (storage) of data to a recording medium 215 such as a flash memory.

FIG. 3 is a diagram showing an example of the hardware configuration of the OpenFlow switch 3. As shown in FIG. 3, the OpenFlow switch 3 has, for example, a CPU 301, a memory 302, a storage device 303, a plurality of networks I / F 304, 305, a bus line 306, and the like.

The CPU 301 is an arithmetic unit that realizes each function of the OpenFlow switch 3 by executing a program stored in, for example, a storage device 303 or a memory 302. The memory 302 includes, for example, a RAM which is a volatile memory used as a work area of the CPU 301 and the like, and a ROM which is a non-volatile memory for storing a start-up program and the like. The storage device 303 is, for example, a large-capacity storage device that stores programs such as an OS (Operating System) and applications, and various types of data.

The network I / F 304 is, for example, a communication interface for connecting the OpenFlow switch 3 to the communication network. The network I / F 305 is, for example, a communication interface for connecting the OpenFlow switch 3 to the information terminal T or the like. The bus line 306 includes an address bus, a data bus, various control signals, and the like for electrically connecting each of the above components.

The hardware configuration of each device shown in FIGS. 2 and 3 is an example. For example, the OpenFlow controller 2 may have the same hardware configuration as the OpenFlow switch 3 shown in FIG.

<Portal site creation / update function>
FIG. 4 is a functional block diagram of the OpenFlow controller 2. The OpenFlow controller 2 includes a storage unit 21, an operation unit 22, an application unit 23, an OpenFlow control unit 24, a transmission / reception unit 25, and a Web application unit 26.

The storage unit 21 has a switch management table 21A used for managing the OpenFlow switch 3 to be controlled, and a flow table 21B for storing communication control rules. Here, the "communication control rule" is information on a network resource (access permission resource R1) that is permitted to be accessed from the information terminal T.

The operation unit 22 operates the storage unit 21. More specifically, the switch management table 21A and the flow table 21B stored in the storage unit 21 are created or updated. The function of the operation unit 22 will be described later with reference to FIG.

The application unit 23 provides an application for managing communication control rules. The function of the application unit 23 will be described later with reference to FIG.

The OpenFlow control unit 24 reflects the flow table 21B on the OpenFlow switch 3 group based on the information of the storage unit 21. More specifically, the information of the flow table 21B in the storage unit 21 updated to the latest information by the operation unit 22 is transmitted to the switch 3, and each switch 3 communicates based on the information of the flow table 21B. Let control be performed.

The transmission / reception unit 25 communicates with another device. In the present embodiment, communication is performed with the OpenFlow switch 3 and the access permission resource R1.

The Web application unit 26 has a portal site P. The Web application unit 26 acquires the latest information of the access permission resource R1 by referring to, for example, the flow table 21B of the storage unit 21. The Web application unit 26 creates the portal site P so that only the access permission resource R1 is displayed based on the information in the flow table 21B. Further, when the resources constituting the access permission resource R1 are added, changed, or deleted and updated, the portal site P is updated so that only the latest access permission resource R1 is displayed on the portal site P.

FIG. 5 is a diagram showing an example of a setting screen 27 for registering the access permission resource R1. The setting screen 27 of FIG. 5 is created by the application unit 23 of the OpenFlow controller 2, is displayed on a display device such as a display, and the information of the access permission resource R1 is input by the registration operation by the user of the OpenFlow controller. In the example of FIG. 5, three resources of "printer A", "printer B", and "electronic blackboard" are registered as access permission resources. The content set via the setting screen 27 is reflected in the flow table 21B by the application unit 23.

On the setting screen 27, a "label" and an "IP address" are displayed as items to be set. The "label" is an arbitrary name for identifying a network resource. The "IP address" is information on the IP address of the resource for which access is desired. Note that the "label" is not essential information and may be configured not to be registered on the setting screen. Further, the "IP address" may be other information as long as it is information that can identify the resource. For example, there may be a configuration in which the device is specified by the MAC address.

FIG. 6 is a diagram showing an example of the screen configuration of the portal site P. On the portal site P, the access permission resource R1 registered on the setting screen 27 of FIG. 5 is displayed as a list. The screen of the portal site P is created by, for example, the Web application unit 26 with reference to the flow table 21B updated by the application unit 23 based on the registration information of the setting screen 27.

In addition to the label information 28 of the access permission resource R1, the portal site P may display a link 29 for guiding to a Web page for using the resource. As a result, the user of the information terminal T can easily transition from the portal site P to the Web page of the network resource by clicking the link 29, and the usability is improved.

As the URL information for creating the link 29, it is conceivable that the user can set an arbitrary URL on the setting screen 27 shown in FIG. This makes it possible to flexibly specify the Web page. Further, a device type (for example, "printer", "electronic blackboard", "others", etc.) may be registered, and a URL may be automatically generated based on the device type. For example, a URL such as "https: // IP address / printer" for a printer and "http: // IP address / iwb" for an electronic blackboard is generated, and the link 29 is displayed on the portal site P. If there is no corresponding device type, the link 29 is not displayed. As a result, it is possible to reduce the time and effort required to specify the Web page one by one.

FIG. 7 is a diagram showing an update operation of the portal site P due to a change in the access permission resource R1. The change of the access permission resource R1 includes an increase, a decrease, a replacement, and the like of the access permission resource R1, and FIG. 7 illustrates an increase of the access permission resource R1.

As a precondition for the processing of FIG. 7, the flow table 21B in which the access permission resource R1 is registered is stored in the storage unit 21 of the OpenFlow controller 2 (storage step). In this flow table 21B, at least one network resource R is registered as the access permission resource R1 by the application unit 23 based on the information input by the application unit 23, for example, via the setting screen 27 of the OpenFlow controller 2 illustrated in FIG. ..

In the first stage shown in FIG. 7, a new resource (projector in the example of FIG. 7) is added to the access permission resource R1.

In the second stage, the resource addition information is registered via, for example, the setting screen 27 of the OpenFlow controller 2 illustrated in FIG. 5, and the application unit 23 adds the information of the additional device to the flow table 21B accordingly. The flow table 21B is updated (update step). A registration method other than the setting screen 27 may be used to update the flow table 21B. For example, the range of the IP address of the access permission resource R1 is specified in advance, and when a new device is connected to the network within this range, the application unit 23 detects this and updates the flow table 21B. You can also do it.

In the third stage, the Web application unit 26 refers to the updated flow table 21B, adds an item of an additional device to the portal site P, updates and displays the portal site P (display step).

As described above, in the present embodiment, the content to be posted on the portal site P is determined based on the access control setting of OpenFlow, that is, based on the latest information of the flow table 21B. Therefore, when a change such as an increase / decrease or replacement of a resource included in the access permission resource R1 occurs, the administrator of the communication system 1 updates the access control setting, that is, the flow table 21B of the controller, thereby performing the portal. The change is dynamically reflected on the site P as well. Therefore, it is possible to dynamically display only the available network resources on the portal site P. Further, when the access permission resource R1 is changed, it is possible to reduce the trouble of modifying the content posted on the portal site P.

<Communication system redirection function>
FIG. 8 is a diagram illustrating the flow of the redirection function in the communication system 1. The information terminal T transmits an HTTP (HTTPS) request to an arbitrary network resource R via the OpenFlow switch 3. At this time, if it is an HTTP request to the access permission resource R1, the OpenFlow switch 3 passes the communication packet and the communication reaches the destination resource. The OpenFlow switch 3 receives and holds the information of the flow table 21B from the OpenFlow controller 2 as described above, and can determine whether or not the destination is the accessible resource R1 based on the information of the flow table 21B.

However, when the information terminal T transmits an HTTP request to the access prohibited resource R2, the OpenFlow switch 3 changes the destination IP address and the destination TCP port of the communication packet and transfers the packet. Specifically, the destination IP address is changed to the IP address of the OpenFlow controller 2, and the destination TCP port is changed to 80 (HTTP). As a result, the HTTP request is transferred to the Web server 4 (portal site P) of the OpenFlow controller 2.

In the example of FIG. 8, communication to other than printer A, printer B, and the electronic blackboard included in the access permission resource R1 is to be transferred. For example, when communication is attempted to the Internet or the facility server included in the access prohibited resource R2. , Redirected to portal site P.

In a configuration using a mechanism such as the conventional Captive Portal, it is common that the HTTP request for authentication is always redirected to the portal site. Therefore, even if the content that can be used from the beginning is accessed, the user is redirected to the portal site, which causes a problem that the number of operation steps of the user increases.

On the other hand, in the present embodiment, as described with reference to FIG. 8, the portal site P is only when an attempt is made to access a resource other than the designated network resource, that is, when an attempt is made to access the access prohibited resource R2. Redirected to. As a result, it is possible to realize guidance that does not increase the time and effort of use without redirecting all access as in Captive Portal.

Further, in the present embodiment, there may be a configuration in which the condition of whether or not to guide to the portal site P can be flexibly set. For example, it is conceivable to guide only at the first request, set a limit on the time and number of times to guide, and determine whether or not to guide according to the access destination.

Each function of the embodiment described above can be realized by one or more processing circuits. Here, the "processing circuit" in the present specification is a processor programmed to execute each function by software such as a processor implemented by an electronic circuit, or a processor designed to execute each function described above. It shall include devices such as ASIC (Application Specific Integrated Circuit), DSP (digital signal processor), FPGA (field programmable gate array) and conventional circuit modules.

The group of devices described in the above embodiments is only one of a plurality of computing environments for implementing the embodiments disclosed herein.

In certain embodiments, the OpenFlow controller 2 includes a plurality of computing devices, such as a server cluster. The plurality of computing devices are configured to communicate with each other via any type of communication link, including networks, shared memory, and the like, and perform the processes disclosed herein. Similarly, the OpenFlow switch 3 can include multiple computing devices configured to communicate with each other.

Similarly, the function of each functional block of the OpenFlow controller 2 shown in FIG. 4 can be executed by the OpenFlow switch 3. Further, each element of the OpenFlow controller 2 and the OpenFlow switch 3 may be integrated into one server device, or may be divided into a plurality of devices.

In the above embodiment, the configuration in which the OpenFlow controller 2 is implemented by a PC is illustrated, but the OpenFlow controller 2 is not limited to a PC as long as it is a device having the above-mentioned portal site creation / update function. The OpenFlow controller 2 includes, for example, a PJ (Projector: projector), an IWB (Interactive White Board: a white board having an electronic whiteboard function capable of intercommunication), an output device such as a digital signage, a HUD (Head Up Display) device, and the like. It may be an industrial machine, an imaging device, a sound collecting device, a medical device, a network home appliance, a car (Connected Car), a mobile phone, a smartphone, a tablet terminal, a game machine, a PDA (Personal Digital Assistant), a digital camera, or the like.

For example, the OpenFlow controller 2 may be any of a smartphone 5, an electronic blackboard 6, or a video conferencing terminal 7 having the hardware configurations shown in FIGS. 9 to 11.

FIG. 9 is a hardware configuration diagram of the smartphone 5. As shown in FIG. 9, the smartphone 5 includes a CPU 401, ROM 402, RAM 403, EEPROM 404, CMOS sensor 405, image sensor I / F 406, acceleration / orientation sensor 407, media I / F 409, and GPS receiver 411. There is.

Of these, the CPU 401 controls the operation of the entire smartphone 5. The ROM 402 stores a program used to drive the CPU 401 such as the CPU 401 and the IPL. The RAM 403 is used as a work area for the CPU 401. The EEPROM 404 reads or writes various data such as a smartphone program under the control of the CPU 401. The CMOS (Complementary Metal Oxide Semiconductor) sensor 405 is a kind of built-in imaging means for acquiring image data by imaging a subject (mainly a self-portrait) under the control of the CPU 401. Instead of a CMOS sensor, it may be an imaging means such as a CCD (Charge Coupled Device) sensor. The image sensor I / F 406 is a circuit that controls the drive of the CMOS sensor 405. The acceleration / orientation sensor 407 is a variety of sensors such as an electronic magnetic compass, a gyro compass, and an acceleration sensor that detect the geomagnetism. The media I / F 409 controls reading or writing (storage) of data to a recording medium 408 such as a flash memory. The GPS receiving unit 411 receives GPS signals from GPS satellites.

Further, the smartphone 5 includes a long-range communication circuit 412, a CMOS sensor 413, an image sensor I / F 414, a microphone 415, a speaker 416, a sound input / output I / F 417, a display 418, an external device connection I / F 419, and a short-range communication circuit 420. , The antenna 420a of the short-range communication circuit 420, and the touch panel 421 are provided.

Of these, the long-distance communication circuit 412 is a circuit that communicates with other devices via a communication network. The CMOS sensor 413 is a kind of built-in imaging means for capturing an image of a subject and obtaining image data under the control of the CPU 401. The image sensor I / F 414 is a circuit that controls the drive of the CMOS sensor 413. The microphone 415 is a built-in circuit that converts sound into an electric signal. The speaker 416 is a built-in circuit that converts an electric signal into physical vibration to produce sounds such as music and voice. The sound input / output I / F 417 is a circuit that processes sound signal input / output between the microphone 415 and the speaker 416 under the control of the CPU 401. The display 418 is a kind of display means such as a liquid crystal or an organic EL for displaying an image of a subject, various icons, and the like. The external device connection I / F419 is an interface for connecting various external devices. The short-range communication circuit 420 is a communication circuit such as NFC or Bluetooth (registered trademark). The touch panel 421 is a kind of input means for operating the smartphone 5 by the user pressing the display 418.

Further, the smartphone 5 is provided with a bus line 410. The bus line 410 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 401 shown in FIG.

FIG. 10 is a hardware configuration diagram of the electronic blackboard 6. As shown in FIG. 10, the electronic blackboard 6 includes a CPU 601, a ROM 602, a RAM 603, an SSD (Solid State Drive) 604, a network I / F605, and an external device connection I / F606.

Of these, the CPU 601 controls the operation of the entire electronic blackboard 6. The ROM 602 stores a program used to drive the CPU 601 such as the CPU 601 and the IPL (Initial Program Loader). The RAM 603 is used as a work area of the CPU 601. The SSD 604 stores various data such as a program for an electronic blackboard. The network I / F605 controls communication with the communication network. The external device connection I / F606 is an interface for connecting various external devices. The external device in this case is, for example, a USB (Universal Serial Bus) memory 630 and an external device (microphone 640, speaker 650, camera 660).

Further, the electronic blackboard 6 includes a capture device 611, a GPU 612, a display controller 613, a contact sensor 614, a sensor controller 615, an electronic pen controller 616, a short-range communication circuit 619, an antenna 619a of the short-range communication circuit 619, a power switch 622, and the like. It includes selection switches 623.

Of these, the capture device 611 displays video information corresponding to the display content of the display of the external PC (Personal Computer) 670 on the display 680 as a still image or a moving image. The GPU (Graphics Processing Unit) 612 is a semiconductor chip that specializes in graphics. The display controller 613 controls and manages the screen display in order to output the output image from the GPU 612 to the display 680 or the like. The contact sensor 614 detects that the electronic pen 690, the user's hand H, or the like has come into contact with the display 680. The sensor controller 615 controls the processing of the contact sensor 614. The contact sensor 614 inputs and detects the coordinates by the infrared blocking method. In this method of inputting coordinates and detecting coordinates, two light receiving and emitting devices installed at both upper ends of the display 680 radiate a plurality of infrared rays in parallel with the display 680 and are provided around the display 680. This is a method of receiving light that is reflected by a reflecting member and returns on the same optical path as the light path emitted by the light receiving element. The contact sensor 614 outputs an infrared ID emitted by two light emitting / receiving devices blocked by the object to the sensor controller 615, and the sensor controller 615 identifies a coordinate position which is a contact position of the object. The electronic pen controller 616 determines whether or not there is a touch of the pen tip or a touch of the pen tail on the display 680 by communicating with the electronic pen 690. The short-range communication circuit 619 is a communication circuit such as NFC or Bluetooth. The power switch 622 is a switch for switching the power ON / OFF of the electronic blackboard 6. The selection switches 623 are, for example, a group of switches for adjusting the brightness and color tone of the display of the display 680.

Further, the electronic blackboard 6 includes a bus line 610. The bus line 610 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 601 shown in FIG.

The contact sensor 614 is not limited to the infrared blocking method, but is a capacitive touch panel that specifies a contact position by detecting a change in capacitance, and a contact position is specified by a voltage change between two opposing resistance films. Various detection means such as a resistance film type touch panel and an electromagnetic induction type touch panel that detects the electromagnetic induction generated when a contact object comes into contact with the display unit and specifies the contact position may be used. Further, the electronic pen controller 616 may determine whether or not there is a touch not only on the pen tip and pen end of the electronic pen 690 but also on the portion gripped by the user of the electronic pen 690 and other electronic pen portions.

FIG. 11 is a hardware configuration diagram of the video conferencing terminal 7. As shown in FIG. 11, the video conferencing terminal 7 includes a CPU 701, a ROM 702, a RAM 703, a flash memory 704, an SSD 705, a media I / F 707, an operation button 708, a power switch 709, a bus line 710, and a network I / F 711. CMOS sensor 712, image pickup element I / F, microphone 714, speaker 715, sound input / output I / F716, display I / F717, external device connection I / F718, short-range communication circuit 719, antenna 719a of short-range communication circuit 719. I have. Of these, the CPU 701 controls the operation of the entire video conferencing terminal 7. The ROM 702 stores a program used to drive the CPU 701 such as an IPL. The RAM 703 is used as a work area for the CPU 701. The flash memory 704 stores various data such as a communication program, image data, and sound data. The SSD 705 controls reading or writing of various data to the flash memory 704 according to the control of the CPU 701. An HDD may be used instead of the SSD. The media I / F 707 controls reading or writing (storage) of data to a recording medium 706 such as a flash memory. The operation button 708 is a button that is operated when selecting a destination of the video conferencing terminal 7. The power switch 709 is a switch for switching the power ON / OFF of the video conferencing terminal 7.

Further, the network I / F711 is an interface for data communication using a communication network such as the Internet. The CMOS sensor 712 is a kind of built-in imaging means for capturing an image of a subject and obtaining image data under the control of the CPU 701. It should be noted that the imaging means such as a CCD sensor may be used instead of the CMOS sensor. The image sensor I / F 713 is a circuit that controls the drive of the CMOS sensor 712. The microphone 714 is a built-in circuit that converts sound into an electrical signal. The speaker 715 is a built-in circuit that converts an electric signal into physical vibration to produce sounds such as music and voice. The sound input / output I / F 716 is a circuit that processes sound signal input / output between the microphone 714 and the speaker 715 under the control of the CPU 701. The display I / F 717 is a circuit that transmits image data to an external display under the control of the CPU 701. The external device connection I / F718 is an interface for connecting various external devices. The short-range communication circuit 719 is a communication circuit such as NFC or Bluetooth.

Further, the bus line 710 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 701 shown in FIG.

The display 720 is a kind of display means composed of a liquid crystal, an organic EL, or the like for displaying an image of a subject, an operation icon, or the like. Further, the display 720 is connected to the display I / F 717 by a cable. This cable may be a cable for analog RGB (VGA) signals, a cable for component video, HDMI (High-Definition Multimedia Interface) (registered trademark), or DVI (Digital Video Interactive). ) It may be a signal cable.

The CMOS sensor 712 is a kind of built-in imaging means for capturing an image of a subject and obtaining image data under the control of the CPU 401. It should be noted that the imaging means such as a CCD sensor may be used instead of the CMOS sensor. External devices such as an external camera, an external microphone, and an external speaker can be connected to the external device connection I / F718 by a USB cable or the like. When an external camera is connected, the external camera is driven in preference to the built-in CMOS sensor 712 according to the control of the CPU 701. Similarly, when an external microphone is connected or an external speaker is connected, the external microphone and the external speaker are given priority over the built-in microphone 714 and the built-in speaker 715 according to the control of the CPU 701. The external speaker is driven.

Further, the recording medium 706 has a structure that can be attached to and detached from the video conferencing terminal 7. Further, as long as it is a non-volatile memory that reads or writes data under the control of the CPU 701, not only the flash memory 704 but also an EEPROM or the like may be used.

The present embodiment has been described above with reference to specific examples. However, the present disclosure is not limited to these specific examples. Those skilled in the art with appropriate design changes to these specific examples are also included in the scope of the present disclosure as long as they have the features of the present disclosure. Each element included in each of the above-mentioned specific examples, its arrangement, conditions, shape, and the like are not limited to those illustrated, and can be changed as appropriate. The combinations of the elements included in each of the above-mentioned specific examples can be appropriately changed as long as there is no technical contradiction.

1 Communication system 2 OpenFlow controller (communication control device)
3 OpenFlow switch (switch)
21 Storage unit 21B Flow table (communication control rule)
22 Operation unit 27 Setting screen 26 Web application unit 29 Web page link P Portal site R Network resource R1 Access permission resource R2 Access prohibited resource

JP-A-2002-351913

Claims (8)

A storage unit that stores communication control rules in which at least one network resource is registered as an access permission resource,
An operation unit that updates the communication control rule according to an increase or decrease in the network resource related to the access permission resource, and an operation unit.
A Web application unit that displays only the access permission resources registered in the communication control rule updated by the operation unit on the portal site as a list, and a Web application unit.
A communication control device comprising. The Web application unit displays a Web page link for using the access permission resource on the portal site.
The communication control device according to claim 1. Any URL can be set for the Web page link by inputting the user's operation.
The communication control device according to claim 2. The URL of the Web page link is automatically generated based on the device type of the access permission resource.
The communication control device according to claim 2 or 3. The communication control device according to any one of claims 1 to 4,
A switch that controls the transfer of data that passes through your machine,
With
The communication control device distributes the communication control rule to the switch.
The switch controls the transfer of the data based on the communication control rule distributed from the communication control device.
Communications system. The switch redirects to the portal site when the content of the data is an HTTP request to a resource other than the access permission resource registered in the communication control rule.
The communication system according to claim 5. The communication control device is an OpenFlow controller.
The switch is an OpenFlow switch.
The communication system according to claim 5 or 6. A storage step for storing a communication control rule in which at least one network resource is registered as an access permission resource in a storage unit, and
An update step of updating the communication control rule stored in the storage unit in the storage step according to an increase or decrease of the network resource related to the access permission resource, and an update step.
A display step of displaying only the access permission resources registered in the communication control rule updated in the update step as a list on the portal site, and a display step.
Communication control method including.

Images