JP3000051B2 - Integrated information and communication system - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] The present invention relates to a personal computer, a LAN, and the like.
(Local Area Network), telephone (including mobile phone and PHS), FAX (Facsimile), CATV (Cable Televisio)
n), inter - the information communication apparatus or information communication system such as the Internet not only a dedicated line, ISDN (In t egrated Se
rvices D i gital Network), FR (Frame Relay), AT
M (Asynchronous Transfer Mode), IPX (Integrated
The present invention relates to an integrated information communication system integratedly connected via Packet Exchange, satellite, wireless, and public lines. Here, the information communication device communicates with an address (for information communication) for identifying it from the others. The invention is particularly applicable to connectionless networks (eg, RFC791, RFC1883).
Of IP to integrate data transfer services based on (Internet Protocol) technology), increasing the information of the entire communication economics the adoption of centralized address system, between the connected terminals or cis Te arm to secure The present invention relates to an integrated information communication system that enables mutual communication.

[0002]

2. Description of the Related Art With the development of computers and information communication technologies, computer communication networks have recently become widespread within universities, research institutes, government agencies, or within or between companies. The LAN is used as a computer communication network in a company, and has a configuration as shown in FIG. 56 when the area is spread nationwide. Figure 56
In this example, the local LANs use a common protocol,
Each is connected by a dedicated line. Here, for example, company X is LAN-X1, LAN-X2, LAN
-X3, the company Y uses LAN-Y1 as the LAN,
Using LAN-Y2 and LAN-Y3, companies X and Y perform computer communication using communication address systems ADX and ADY, respectively. In such a LAN network, it is necessary to lay an individual dedicated line for each company, so that the system construction is expensive and the LANs of other companies are expensive.
When connecting to a network, it is necessary to match interfaces such as a communication address system, and there is a problem that the interconnection is very difficult and a large cost is required.

On the other hand, in recent years, the Internet has become widespread as a computer communication network on a worldwide scale. In the Internet, TCP / IP (Transmission Co.) is used by connecting networks using a router of a provider.
ntrol Protocol / Internet Protocol), a dedicated line or FR network is used to connect to remote locations, and a 10 Mbps Ethernet LAN or a 100 Mbps LAN FDDI (F
iber Distributed Date Interface) is used as a communication path. FIG. 57 shows an example of a connection form of the Internet. In the Internet, routers in a provider maintain connection between each other while exchanging routing table connection information. Although each router is connected to a plurality of networks, the router determines which of the routers connected to which provider's network should send the received data based on the routing table. Thus, on the Internet, the destination IP address attached to each IP frame (IP datagram) is looked at, and the next router to be sent is determined and sent to that router. This operation is performed by all routers, so that IP frames are successively delivered and delivered to a target computer.

FIG. 58 shows an example of the IP used for the Internet.
It shows the information content of the RFC 791 of the frame, which is divided into a control section and a data section. Figure 59 shows a similar RFC
1883 indicates the information content, which is divided into a control unit and a data unit, and () indicates the number of bits.

[0005]

However, since the Internet does not have a system for comprehensively managing the communication route, it is not possible to confirm whether the communication partner is the intended legitimate person, and the communication information cannot be transmitted. There is a problem in security such as a high risk of eavesdropping, and in reality, the IP addresses in many LANs are uniquely determined by users of the LANs, and the LANs are connected to the Internet. At this time, it is necessary to replace the IP address of the user of the LAN with the IP address for the Internet.
In addition, the communication quality such as communication speed and communication error rate varies among the trunk lines constituting the Internet communication line for each LAN line, and is hardly unified. For example, a TV signal of 10 Mbps is used for communication of a TV conference. However, there is a problem that the communication speed is not achieved even if an attempt is made to send the data. Furthermore, there is no manager in charge of maintenance and management such as network failure countermeasures, and the entire network such as future planning of the network. However, there is a problem that the Internet cannot be used with security. In the LAN network and the Internet, the terminal is a personal computer (computer), and it has been difficult to integrate and use a telephone, a facsimile, a CATV, and the like.

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and an object of the present invention is to improve the economics of information communication system construction without using a dedicated line or the Internet, and to improve the communication speed, communication quality, and communication speed. A plurality of VAs that perform data / information transfer using IP frames that secure security and reliability in communication by integrally assuring measures against failures
An object of the present invention is to provide an integrated information communication system capable of accommodating N. In addition, a single information transfer independent of the type of service such as voice, image (moving image, still image), text, etc., enables comprehensive communication services, analog and digital telephone line services, Internet provider services, fax services, and computer data exchange. An object of the present invention is to provide an integrated information communication system in which services that have been individually serviced, such as services and CATV services, are interconnected. In addition, an integrated system capable of performing inter-company communication without changing the address system for computer communication, which is conventionally used by individual companies (including universities, research institutes, government agencies, and the like) in each company separately. It is also an object to provide an information communication system. I
The P terminal refers to a terminal or a computer having a function of transmitting and receiving an IP frame.

[0007]

SUMMARY OF THE INVENTION The present invention relates to an integrated information communication system, and an object of the present invention is to provide an access control device for individually connecting a plurality of external computer communication networks or information communication devices, and the access control device. And a relay device for networking, and having a function of transferring and routing information in a unified address system, so that the plurality of computer communication networks or information communication devices can communicate with each other. Achieved by 56 corresponds to a computer communication network based on IP in which the range of a dedicated line used in communication between companies and between companies shown in FIG. 56 shown as a conventional example is replaced by a common communication network shown by a broken line.

An object of the present invention is to provide an ICS user frame having a unique ICS user address system ADX by using an address system A based on the management of a conversion table in an access control device.
DS is converted to an ICS network frame having DS, and at least one or more built-in VANs are transmitted in accordance with the rules of the address system ADS, and when the data reaches another target access control device, the conversion table is managed. In a system adapted to convert to the ICS user address system ADX and reach another external information communication device, the conversion table identifies or distinguishes a closed network from the conversion table .
A network identifier for registering the network is registered, and closed / intra-company communication, closed / inter-company communication, closed / virtual leased line communication, and open / inter-company communication are performed using the network identifier .
And introduce an authentication server to distinguish IP terminals.
Is achieved by

[0009]

DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 shows an information communication system based on the present invention.
The principle of the signal system is shown schematically, integrated information communication system (Integrated Information / Communication Sys
tem: hereinafter, referred to as “ICS” 1 has an address assignment rule uniquely defined as computer information / communication address. That is, it has a unique address system ADS, and has a plurality of external computer communication networks and information communication devices, for example, a large number of LANs (in this example, LAN-X of company X).
1, LAN-X2, LAN-X3 and LAN of company Y-
Y1, LAN-Y2, and LAN-Y3).
To 7). And LAN-X1 of company X,
LAN-X2 and LAN-X3 have the same address system A
DX, and LAN-Y1, LAN-Y2, and LAN-Y3 of the company Y have the same address system ADY. The access control devices 2, 3 and 4 have an address system A
The access control devices 5, 6, and 7 have a conversion table for managing the mutual conversion between the address system ADS and the address system ADY, and the like. The computer communication data (ICS frame) in the ICS1 performs communication by IP used in the Internet or the like using an address according to the address system ADS of the ICS1.

Here, a communication operation in the case of the same company will be described. The computer communication data (ICS frame) 80 transmitted from the LAN-X1 of the company X is given an address according to the address system ADX.
Under the management of the conversion table of the access control device 2 in the above, the address is converted into an address according to the address system ADS to become the ICS frame 81. Then, the data is transmitted in the ICS 1 according to the rules of the address system ADS, and when it reaches the target access control device 4, it is restored to the computer communication data 80 of the address system ADX under the management of the conversion table, and the same company X Sent to LAN-X3. Here, the ICS frame transmitted and received inside the ICS1 is referred to as “I
An ICS frame transmitted and received outside the ICS1 is called an “ICS user frame”.
That. The format of the ICS user frame basically targets the format specified in RFC791 used in the Internet or the like and RFC1883.

The ICS network frame 81 includes a network control unit 81-1 and a network data unit 81.
The address (address system ADS) of each ICS logic terminal inside the access control devices 2 and 4 is stored in the network control unit 81-1.
ICS user frame 80 thereof and the network data portion 81-2 remains data values, or it shall be the network data unit 81-2 converts the data format by the rules stipulated in the internal ICS1. In access control device 2,
The ICS user frame 80 is an ICS network frame 81-2, and the network control unit 81-1 is an ICS network frame 81-2.
The operation to be added to the network frame 81-2 is called "IC
The operation of the access control apparatus 4 for removing the network control unit 81-1 from the ICS network frame 81 is referred to as "ICS decapsulation".

[0012] Similarly, the case of inter-company communication will be described.
The computer communication data (ICS user frame) 82 transmitted from the LAN-Y2 of the company Y has an address system A
Although an address according to DY is given, the address is converted into an address according to the address system ADS under the management of the conversion table of the access control device 6 in the ICS 1 to form an ICS frame 83. Then, the data is transmitted in the ICS 1 according to the rules of the address system ADS, and when it reaches the target access control device 3, it is converted into the computer communication data 82 of the address system ADX under the management of the conversion table.
It is transmitted to LAN-X2 of company X. Although the present invention uses 32 bits and 128 bits as the address length, it is not restricted to these lengths. Even if the address length is changed to other than 32 bits or 128 bits, the essence of the address conversion, which is the basic concept of the present invention, does not change.

As described above, in the premise of the present invention, computer communication within a company and between companies is enabled by the unified address management of the ICS 1. A user terminal for computer communication, which is generally used, is accommodated in a LAN of a user's premises and is connected to a VAN (Value Added N) via an access line.
etwork), and a user frame having a different data format and address system for each service type is transferred. For example, in Internet service, IP
Address is used and the telephone service uses the telephone number / IS
The DN number (E.164 address) is used. X.25 packet service X.25 121 addresses are used. On the other hand, in the ICS 1 of the present invention, address conversion (referred to as ICS address conversion) is performed on the conversion table of the access control device based on the input ICS user frame, and data of various structures is unified into a single unified data. The information is transferred by converting the data into a frame of a data format and an address system, that is, an ICS frame.

FIG. 2 schematically shows an example in which the ICS 1 is composed of a plurality of VANs (VAN-1, VAN-2, VAN-13) on the premise of the present invention, and each VAN is a VAN operator (communication). Company) , and the user of ICS1 is V
Apply for a user communication line to the AN operator, and
The operator determines the user's ICS user address, ICS network address, and the like, and registers these information along with the line type and the like in the conversion table 12 in the access control device 10 as shown in FIG. Here, each communication company operates
Responsible for communication failures in the managing VAN. ICS1 is
As an access point of an external connection element with LANs (or terminals thereof) of companies X and Y, the access control device 10-
1, 10-2, 10-3, 10-4, 10-5,
Further, the relay devices 20-1, 20-2, 20-3, 20-4
And the ICS network servers 40-1, 40-2, 40-3, 4
0-4, 40-5 and the ICS address management server 50-
1 and 50-2. A relay device 20 as shown in FIG.
An inter-VAN gateway 30 as shown in FIG. 5 is provided as a connection element between N-2 and VAN-3. The LAN 1-1, 1-2, 1-3, and 1-4 shown in FIG. 2 are access control devices 10-1, 10-5, 10-4, and 1 respectively.
The user communication lines 36-1, 36-2, 36- are assigned to 0-2.
3, 36-4.

The access control device 10 (10-1, 10-
2, 10-3, 10-4, 10-5) are devices for accommodating a user communication line from a user (company X, Y) to the ICS 1, and as shown in FIG. A conversion table 12 as a database for performing address conversion and the like, a line unit 13 of the input / output interface,
And a temporary conversion table 14. Also, the relay device 20
Has a transfer function of the ICS network frame and a routing function of specifying a route, has a processing unit 21 including a CPU and the like and a relay table 22 as shown in FIG.
Reference numeral 2 is used to determine a communication destination when the ICS network frame transmits inside the ICS 1. As shown in FIG. 5, the inter-VAN gateway 30 has a processing device 31 such as a CPU and a relay table 32 for determining the destination of the ICS network frame between the VANs.

The ICS network server 40 comprises a processing unit 41 and an ICS network database 42 as shown in FIG. 6, and the use of the ICS network database 42 is not limited.
For example, user-specific data (user name and address, etc.) corresponding to the ICS user address, data not corresponding to the ICS user address, for example, data representing a communication failure situation inside the VAN, or data not directly related to the VAN, for example, An electronic library that holds and publishes digital documents, a public key of a public encryption system using encryption technology used to authenticate the validity of a sender and a recipient, public certification data and its related data, or a secret key of a secret key system. It is used for holding data such as related data. The processing device 41 refers to the ICS network database 42, acquires corresponding data, and transmits the data to the access control device 10. It should be noted that the ICS network database 42 operates independently and can communicate with other ICS network servers by transmitting and receiving ICS network frames based on IP communication technology, and acquire data from other ICS network servers. I
The CS network server is assigned a unique ICS network address within the ICS.

In the present invention, an address for identifying a computer or terminal used in an ICS network frame is called an “ICS network address”, and an address for identifying a computer or terminal used in an ICS user frame is referred to as an “ICS user”. Address. " ICS
The network address is used only inside the ICS and 3
Either one or both of a two-bit length and a 128-bit length are used. Similarly, the ICS user address uses one or both of the 32-bit length and the 128-bit length. The ICS logical terminal, the relay device 20, the gateway between VANs 30 and the ICS network server inside the access control device 10 are each uniquely assigned an ICS network address to uniquely identify them. Also, IC
The S user address is composed of a VAN upper code and a VAN internal code. When the length of the VAN upper code is represented by C1 bits and the length of the VAN internal code is represented by C2 bits, C1 + C2 represents either 32 bits or 128 bits. Used.

In the premise of the present invention , the specific method of determining the VAN upper code and the VAN internal code is not specified. (4 bits) ‖VAN code (8 bits) VAN internal code = VAN area code (4 bits) ‖V
AN access point code (8 bits) ‖user logical code (4 bits). FIG. 7 illustrates an example of the ICS user address. Here, the symbol "a @ b" represents the concatenation of data a and b, that is, data obtained by arranging data a and b in this order. ICS network address
As in the case of the user network address, it can be given including the regionality. For example, ICS network address = region management code / country code / VAN code / VAN region code / user logical communication line code. By doing so, the transmission destination is determined in consideration of the area, so that the relay device can efficiently find the transmission destination. The same applies to the case of C1 + C2 = 128 bits. Note that, under the premise of the present invention, C1 + C2 = regardless of the method of partitioning the internal fields of the VAN upper code and the VAN internal code and the length of each partition field.
As long as 32 bits or C1 + C2 = 128 bits are maintained, an ICS frame can be constructed. Further, when determining the VAN upper-level code and the VAN internal code, some of these codes may be determined unique to the user. That is, the user can have a user-specific addressing scheme. The address value of the 32-bit expression is from address 0 to address (2 ³² -1). Among these addresses, for example, address 10 × 224 to address (10 × 2 ²⁴ +2 ²⁴ −1), that is, (172 × 1) From 2 ²⁴ + 16 × 2 ¹⁶ ) address (1
72 × 2 ²⁴ + 32 × 2 ¹⁶ -1) or (19
From address 2 × 2 ²⁴ + 168 × 2 ¹⁶ ) to (192 × 2 ²⁴ +1)
In the section up to the address of 69 × 2 ¹⁶ -1), the present invention is implemented by assigning an address determined uniquely to the user.

A physical communication line can be logically divided into a plurality of communication lines for use.
For example, it is realized by a multiplex communication system of a frame relay (FR). In the present invention, a user's communication line is divided into a user physical communication line and one or more user logical communication lines. FIG. 8 shows this state, and is 100 Mbps.
In this example, the user physical communication line 60 having a communication speed of s is divided into two user logical communication lines 61-1 and 61-2 having a communication speed of 50 Mbps. Also, separate computer communication devices 62-1, 62-2, 62-3, 62
-4 are connected to respective user logical communication lines, and IC
S user address “4123, 0025, 0026, 4
124 "is each of the computer communication devices 62-1 to 62-4
The example given to is shown. The user physical communication line 60 is connected to the access control device 63, and the connection point between them is "I
CS logic terminal ”. The ICS logic terminal includes IC
A unique ICS network address is assigned inside S. In the example shown in FIG. 8, the user logical communication lines 61-1 and 61-2 are connected to the access control device 63, and the connection point I
ICS is applied to each of CS logic terminals 64-1 and 64-2.
Network addresses “8710” and “8711” are assigned.

As described above, since the ICS network server 40 is also given a unique ICS network address,
The ICS network address is the ICS logic terminal or I
The CS network server can be specified as the only one in the ICS. The ICS network server can exchange information with another ICS network server by transmitting and receiving, using the IP communication technology, an ICS network frame to which each ICS network address is assigned. This communication function is called “communication function of ICS network server”. The access control device also has a unique ICS network address inside the ICS, and can exchange information with the ICS network server using the communication function of another ICS network server as the access control device server. The ICS network server communication function is realized using, for example, conventional TCP and UDP (User Datagram Protocol).

[0021] The ICS frame used as the front bank according to the present invention includes:
As described above, there is an ICS network frame transmitted / received inside the ICS, and an ICS user frame transmitted / received outside the ICS. Each frame includes a control unit and a data unit. It is designed to be used in ICS encapsulation or ICS decapsulation as a unit, a user control unit, a network data unit, and a user data unit. That is, when the ICS user frame enters the ICS from the access control device, I
The CS user frame becomes a data portion of the ICS network frame, and a control unit (network control unit) of the ICS network frame is added (ICS encapsulation). The inside of the network control unit is divided into a basic unit and an extension unit. The basic part is, for example, RFC791 or RFC
It is used for the header specified in 1833, and the extension part is used for encryption and the like. If encryption or the like is not required at all, the extension unit is not used and need not be present.

In the network control section of the ICS frame, an area for storing a source address and a destination address is provided. The format of the ICS frame has an address length of 32.
When the address length is 32 bits, for example, when the address length is 32 bits, for example, RFC7 shown in FIG.
The frame format according to the provisions of I.91 is adopted. If the ICS network address is 32 bits short, for example, 6
When using 4 bits, follow the rules of RFC791,
Insufficient 32 bits (64 bits-32 bits) are written in the option section of the ICS network frame control section, and the length of the network address is used as 64 bits. Here, the above-mentioned address specific to the user is supplemented. Many users, for example, (10 × 2 ²⁴ )
In the section from the address to the address (10 × 2 ²⁴ +2 ²⁴ −1), the private address (1 of the ICS user address)
), The ICS network address is assigned in correspondence with the ICS user address.
If the length of the ICS user address is 32 bits, the IC
The length of the S network address is insufficient for 32 bits, and requires, for example, 64 bits. In this case, as described above, the insufficient 32 bits are written in the option section of the ICS network frame control section, and the length of the network address is set to 64 bits and used. It will be described in the first embodiment that communication between the same users (intra-company communication) is possible using the private address. When the address length is 128 bits, the present invention is implemented by adopting, for example, a frame format defined in RFC1883 shown in FIG. The addresses stored in the source address area and the destination address area in the network control unit are ICS network addresses, which are the originating ICS network address and the destination ICS network address, respectively. Further, the source address area in the user control unit and the address stored in the destination address area are I
A CS user address, a sender ICS user address and a receiver ICS user address, respectively.

In practicing the present invention, the format of the ICS frame does not necessarily have to comply with the rules of RFC791 and RFC1883.
Any frame format using any of the 28 bits can be used. In general, ICS receives an ICS user frame defined by RFC791 or RFC1883 of a communication protocol from a user. Other frame formats are converted into an ICS user frame format by a conversion unit (converter), and the ICS user frame is converted to an ICS user frame format. It can be handled in the network.

Example of Information Communication System- 1 ( Combination of intra- company communication and inter-company communication )
Combined ): First information assumed by the present invention with reference to FIGS.
An example of a communication system based on the management of a conversion table
A basic information communication system for determining a transfer destination in an ICS from a user address will be described. In the figure, 170-1, 170-2, 170-3, and 170-4 are L, respectively.
AN100-1,100-2,100-3,100-4
The ICS frame can pass through these gateways 170-1 to 170-4.

First, an address system A is connected to the LAN 100-1 of the company X having a unique address system ADX.
A terminal having an address according to DX and an LA of the same company X
Communication with a terminal connected to N100-2 and having an address according to the address system ADX will be described. That is, the ICS user address “00” on the LAN 100-1
12 "and a terminal having an ICS user address" 0034 "on the LAN 100-2. This communication is based on an address system unique to the same company (ADX in this example). The terminal to which the address is set is a typical communication mutually performed via the ICS 100. This is called an intra-company communication service (or an intra-company communication). A terminal having an address according to the address system ADX and a company Y
Communication with a terminal that is connected to the LAN 100-3 and has an address according to the address system ADY will be described. That is, the terminal having the ICS user address “0012” on the LAN 100-1 and the I
This is communication with a terminal having a CS user address “1156”. This communication is a typical terminal intercommunication performed by terminals having different address systems between different companies using an ICS address system that can be used in common with each other. Call.

<< Common Preparation >> In describing this example,
The address format and the like are determined as follows, but the specific numerical values and formats shown here are merely examples, and the present invention is not limited thereto. The ICS network address is represented by a four-digit number, and both the sender ICS user address and the receiver ICS user address are represented by a four-digit number. Then, of the sender ICS user address and the receiver ICS user address, an address whose upper two digits are not “00” is defined as an inter-company communication address.
It is the only value inside CS100. Top 2 of sender ICS user address and receiver ICS user address
The address having the digit “00” is used as the intra-company communication address. However, the intra-company communication address may overlap with the intra-company communication address of another company within the ICS 100. Further, the conversion table 113 provided in the access control device 110-1.
-1 is the source ICS network address, the destination ICS
Network address, sender ICS user address,
It contains the recipient ICS user address, request identification, speed category, etc. The request identification registered in the conversion table 113-1 is
For example, the intra-company communication service is represented by “1”, the inter-company communication service is represented by “2”, and the virtual leased line connection described in other embodiments is represented by “3”. The speed category is a line speed required for communication from the ICS network address,
It includes the throughput (for example, the number of ICS frames transferred within a certain time).

<< Preparation for Intra-Company Communication >> LAN 100
-1 and the user of the LAN 100-2 designate a terminal to a VAN operator so that intra-company communication between terminals connected to each LAN can be performed via VAN-1 and VAN-3. Make an application. Then, in response to the application, the VAN operator accesses the access control devices 110-1 and 110-1 connected to the LANs 100-1 and 100-2.
In the conversion table of -5, the above-mentioned ICS network address,
Set ICS user address, request identification, etc.
It is also written and stored in the ICS address management server 150-1.

The setting items for VAN-1 are as follows. The ICS network address is determined from the ICS logical terminal of the access control device 110-1 to which the LAN 100-1 is connected.
The S network address is “7711”. The intra-company communication address of one terminal connected to the LAN 100-1 to which the application was made is "0012"
S user address. The inter-company communication address used by the terminal having this address is "2212", and this is the sender ICS user address. Then, the access control device 1 connected to the LAN 100-2 to which the application was made
The ICS network address is determined from the ICS logical terminal 10-5. Here, the ICS network address is set to “9922” and this is set as the incoming ICS network address. Further, the ICS user address of one terminal connected to the LAN 100-2 is set to “0034”, which is set as the receiver ICS user address. The value “1” indicating the company communication service for which the application has been made is set as the request identification, and the above is registered in the conversion table 113-1.

The setting items for VAN-3 are as follows. The value required for the reverse communication (communication from the LAN 100-2 to the LAN 100-1) is set in the conversion table of the access control device 110-5 that connects the LAN 100-2 to which the application has been made. In other words, the reverse data is set for the originating ICS network address and the destination ICS network address, and at the same time, the reverse data is set for the sender ICS user address and the receiver ICS user address. It is assumed that the ICS network address of the LAN 100-2 is “9922” and is the originating ICS network address. In-house ICS of terminal connected to LAN 100-2
The user address “0034” is set as the sender ICS user address, and the ICS user address “0012” of the communication destination terminal is set as the receiver ICS user address. Further, the ICS network address “7711” of the LAN 100-1 is set as the incoming ICS network address, the value of the request identification indicating the intra-enterprise communication service is set to “1”, and this is the request identification. Access control device 1
Write and register in the conversion table of 10-5.

<< Intra-Company Communication Operation >> The terminal having the ICS user address “0012” receives the ICS user frame P1.
Is sent. The sender ICS user address “0012” is set in the ICS user frame P1, and the receiver I
“0034” is set in the CS user address.

Next, a description will be given with reference to the flowchart of FIG. The ICS user frame P1 is transmitted to the access control device 110-1 via the user logical communication line 180-1.
Is forwarded to The access control device 110-1 is a LAN
100-1 originating ICS network address “771
1 "(steps S100, S101) and the received IC
S user frame recipient ICS user address “00”
34, the conversion table 113-1 is referred to, and from the request identification value "1", it is known that this communication is an intra-company communication (step S102), which corresponds to the receiver ICS user address "0034". An incoming ICS network address “9922” is obtained (step S103), and then I
CS encapsulation is performed (step S106). The above procedure is shown in the flowchart of FIG. 12, and the intra-company communication is the flow (1) therein. In addition, sender I
The CS user address may be used, for example, to identify the source of the ICS frame.

The access control device 110-1 forms an ICS network frame P2 by ICS encapsulation and transmits it to the relay device 120-1. Since the uniqueness of the ICS network address of the network control unit is guaranteed inside the ICS, it does not collide with other ICS frames. The ICS network frame P2 passes through the relay devices 120-1 and 120-2 based on the destination ICS network address, and reaches the access control device 110-5 of the VAN-3. Access control device 110-
5 removes the network control unit from the ICS network frame P4 to decapsulate the ICS, reproduces the same ICS user frame P5 as the ICS user frame P1 from the network data unit of the ICS frame, and executes
Transfer to 100-2. ICS user frame is LAN
100-2 is routed and transferred to the terminal having the ICS user address “0034”.

<< Preparation for Inter-company Communication >> As an example of the inter-company communication service, the LAN 1 conforming to the address system ADX is used.
ICS user address “001” connected to 00-1
2 "terminal and LAN1 according to address system ADY
ICS user address “115” connected to 00-3
Communication with a terminal having 6 "will be described.
-1 and the user of the LAN 100-3 designate a terminal to each connected VAN so that communication can be performed via the VAN-1 and VAN-2, and apply to the VAN operator. The VAN operator requests the LAN 10
The necessary items are set in the conversion table of the access control device connected to the access control device 0-1 and the LAN 100-3.

The setting items relating to VAN-1 are as follows. The ICS network address of the LAN 100-1 is set to “7711”, and the LAN 1
The intra-company communication address of one terminal connected to 00-1 is “0012”, which is the sender ICS user address. The inter-company communication address assigned to the terminal having this ICS user address is “2212”, and this is the sender ICS user address (between companies). The ICS of the access control device 110-4 connected to the ICS network address of the LAN 100-3 to which the application was made
The ICS network address is determined from the logical terminal. Here, “8822” is used as the incoming ICS network address. The ICS user address of one terminal connected to the LAN 100-3 is set to "1156".
And this is set as the recipient ICS user address. Further, the value “2” indicating the applied inter-enterprise communication service is set as the request identification, and the above is registered in the conversion table 113-1.

The setting items relating to VAN-2 are as follows. As a conversion table of the access control device 110-4 to which the LAN 100-3 is connected, a temporary conversion table 114- which holds data in the opposite direction for a certain period, for example, 24 hours.
Set 2. That is, regarding the ICS network address “8822” to which the LAN 100-3 using the communication service between companies is connected, the originating ICS network address, the sender ICS user address, the recipient ICS user address, the terminating ICS network address, the request identification, etc. Is provided in the access control device 110-4. However, the temporary conversion table 114
The timing of setting -2 will be described later. In the above other embodiment, the temporary conversion table 114-2 is not set.

<< Operation of Intercompany Communication >> An ICS user frame having an ICS user address “0012” set to “0012” for the sender ICS user address and “1156” for the receiver ICS user address Send F1. The ICS user frame F1 is transferred to the access control device 110-1 via the user logical communication line 180-1.

The access control device 110-1 is connected to the LAN1
The outgoing ICS network address of “00-1” “771”
1 "(steps S100, S101) and the recipient ICS
Using the user address "1156" and the conversion table 113-
1 to determine that the request identification is "2", that is, the inter-company communication service (step S102). Next, the incoming call I corresponding to the receiver ICS user address "1156"
It knows that the CS network address is "8822" (step S104) and replaces the sender ICS user address "0012" with the inter-company communication address "221".
(Step S105) The access control device 110-1 transmits the originating ICS network address "7".
711 ”, the sender ICS user address“ 2212 ”,
Recipient ICS user address "1156", incoming ICS
A network control unit is added as a network address “8822” to perform ICS encapsulation, and the ICS is transmitted to the relay device 120-1 as an ICS network frame F2 (step S106). The above procedure corresponds to the flow (2) in the flowchart of FIG.

In the above inter-enterprise communication, when the sender ICS user address in the ICS user frame F1 is set to the inter-enterprise communication address “2212”, the sender and the receiver communicate with each other using the inter-company communication address. Is performed (steps S102 and S104). In this case, the access control device 110-1 transmits the sender ICS user address “22”.
12 "is not executed because the process of converting" 12 "into the inter-company communication address" 2212 "becomes unnecessary.
(3) in the flowchart of FIG. The sender IC
The S user address may be used, for example, to specify the source of the ICS frame.

The relay device 120-1 converts the ICS network frame based on the incoming ICS network address into the relay device 120-2 in the VAN-1, the gateway 130 between VANs, and the relay device 120-3 in the VAN-2.
, And is transferred to the access control device 110-4 in the VAN-2. Next, a description will be given with reference to the flowchart of FIG. The access control device 110-4 receives the ICS network frame (step S110), creates an ICS user frame F5 from the network data part (step S111: ICS decapsulation),
The ICS logical terminal to be transmitted is determined from the S network address ((1) in step S112).
-3 (step S113). Calling IC at the same time
S network address “8822” and sender ICS
The relationship between the user address “1156”, the receiver ICS user address “2212”, and the terminating ICS network address “7711” is determined by the access control device 110-4.
If they are not registered in the conversion table inside the
The kind address is set to "2" of the request identification, that is, the designation of the inter-company communication in the temporary conversion table 114-2 (step S).
112 (2)). The setting content of the temporary conversion table 114-2 is updated by performing processing such as deleting it when there is no usage for 24 hours, for example. ICS user frame is LAN1
The packet is routed through 00-3 and transferred to the terminal having the ICS user address "1156". Conversion table 114-
2 is a conversion table 113.
In the case of being divided into "intra-company" and "between companies" as in -1, for example, the sender ICS user address (intra-company)
Is "0023" and the value of the sender ICS user address (between companies) is "1159", the destination address of the user control unit of the ICS user frame immediately after the ICS decapsulation is performed. Of the ICS user frame whose address value is “1159” written in the column of “1159”, the process of rewriting the destination address value of the user control unit of this ICS user frame to “0023” is performed in the above-described step S112 (1). ). To summarize the effects of the above processing, inside the LAN, the ICS user address “0023” for intra-company communication is used.
However, for other companies outside the LAN, it can be claimed that the ICS user address for inter-company communication is "1159". In the other embodiment described above, the temporary table 11
Do not set to 4-2. In still another embodiment, the conversion table 113-1 stores the sender ICS user address (in a company).
And does not include the sender ICS user address (between companies)
Further, the flowchart (2) of FIG.
105 is not included. In step S104, the sender ICS user address is not referred. An advantage of this embodiment is that when there are many sender ICS user addresses for one receiver ICS user address, the number of registrations in the conversion table can be reduced to only one receiver ICS user address.

The information communication system Example 2 (virtual private): Referring to Figure 14, the information communication system to which the present invention is premised
The operation of the virtual private line connection by the system will be described. Here, the virtual leased line connection is a communication for fixedly transferring the ICS user frame to the incoming ICS network address registered in the conversion table, regardless of the ICS user address in the user control unit of the ICS user frame. It takes the form of one-to-one or one-to-N. Incidentally, the components of FIG. 14 is an information communication
It is almost the same as FIGS. 10 and 11 of the system example-1,
The difference is the registered contents of the conversion table. In the conversion table of the access control device, the incoming ICS network address is fixedly determined from the outgoing ICS network address, so the sender ICS user address (within a company), the sender ICS user address (between companies), and the recipient ICS user The address is not registered or is ignored even if it is registered.

The company X uses the virtual leased line connection to connect to the access control apparatus 210-1.
A case will be described in which communication is performed between the LAN 200-2 of the company X connected to the access control device 210-5.

<< Preparation >> The user applies for a virtual private line connection to the VAN operator. The VAN operator uses the L of company X
Access control device 210-1 for connecting AN 200-1
An ICS network address "7711" of an ICS logical terminal at a connection point between the user logical communication line 240-1 and the access control device 210-5 for connecting the LAN 200-2 of the company X, and the user logical communication line 240 ICS network address “9922” of the ICS logic terminal at the connection point with the 2-2. Next, the VAN operator stores the outgoing ICS network address “7711” and the incoming ICS in the conversion table 213-1 of the access control device 210-1.
The network address “9922” and the request type are set. FIG. 14 shows an example in which the request type “3” is a virtual private line connection. Similarly, the access control device 21
In the conversion table of 0-5, the source ICS network address “9922” and the destination ICS network address “77”
11 "and the information of the request type are set.

<< Procedure >> This will be described with reference to the flowchart of FIG. Company X LAN 200-1 is ICS200
To the ICS through the user logical communication line 240-1
The user frame F10 is transmitted. Access control device 2
10-1 is the ICS network address “7711”
ICS user frame F10 is received from the ICS logic terminal (steps S200 and S201), and the conversion table 213 is input.
Reference is made to the request identification value “3” of the outgoing ICS network address “7711” of “−1” to recognize that it is a virtual leased line connection (step S202), and the incoming ICS network address “9922” is read (step S20).
3). Next, the access control device 210-1 adds a network control unit in which the incoming ICS network address is set to "9922" and the outgoing ICS network address is set to "7711" to the ICS user frame F10 to create the ICS network frame F11. (Step S204: ICS encapsulation), and the relay device 2
The data is transmitted to 20-1 (step S205). IC
The relay device 22 that has received the S network frame F11
0-1 is the incoming I of the ICS network frame F11
The destination is determined based on the CS network address, and the ICS network frame F is sent to the relay device 220-2.
12 is sent out. ICS network frame F12
Is transferred to the access control device 210-5 via the relay device 220-4 in the VAN-3.

The access control device 210-5 removes the network control unit from the ICS network frame F13 (ICS decapsulation) and stores the ICS user frame F14 in the ICS network address “992”.
2 "ICS logic terminal to user logic communication line 240-
Send to 2. The LAN 200-2 of the company X is I
The CS user frame F14 is received. In the same manner as described above, data can be transmitted from the LAN 200-2 to the LAN 200-1, so that mutual communication is possible. In the above description, it is clear that the sender and the receiver need not be the same company X. Therefore, in a similar manner, the LAN 200-1 of the company X and the LAN 200-
For example, the ICS user frame can be forwarded to the third frame.

In the above description, one-to-one communication has been described as an example, but one-to-N communication is also possible. For example, FIG.
The conversion table 213-1 of the access control device 210-1 of
As indicated by “7712” of the originating ICS network address, a plurality of destination ICS network addresses may be set. In this example, two ICS network addresses “6611” and “8822” are set. Upon receiving the ICS user frame from the ICS logical terminal with the ICS network address of “7712”, the access control device 210-1 adds the first ICS network frame to which the network control unit in which the incoming ICS network address is set to “6611” is added. Then, a second ICS network frame to which a network control unit in which the incoming ICS network address is set to "8822" is added, and these are sent to the relay device 220-1. As a result, one-to-two communication can be performed. Further, by transferring individual ICS network frames in the same manner as described above, one-body N communication is possible.

[0046] Information (Operation of Integrated Information Communication System) communication system Example -3: with reference to FIGS. 16 and 17, a third of the present invention is premised
An example of the information communication system will be described. ICS19000-
1 is VAN19010-1, VAN19020-1,
Access control devices 19300-1, 19310-1, 1
9320-1, 19330-1, relay device 19400-
1,19410-1,1942-1,19430-
1. Inter-VAN gateway 19490-1. Server device 19500-1,19510-1,19520-1,1
9530-1, 19540-1. Each server device is assigned an ICS network address, and includes a plurality of ICS network servers inside each server device. These multiple ICS network servers are distinguished by port numbers used in the TCP communication protocol and the UDP communication protocol.
Access control devices 19300-1, 19310-1, 1
9320-1 and 19330-1 are conversion tables 19, respectively.
301-1, 19311-1, 19321-1, 193
31-1, each including a conversion table server 19731-
1,19732-1,19733-1,19734-1
And the respective domain name servers 19741-
1,1974-2, 19743-1, 19744-1
, Respectively, and the resource management server 19751-1,
1972-1, 1973-1, 1974-1, and the relay device 19400-1 is a route information server 1976.
1-1, a resource management server 19975-1 is included, and the relay device 19410-1 is a routing information server 19762-1.
And the relay device 19420-1 is connected to the route information server 19
763-1, the relay device 19430-1 includes the path information server 19764-1, and the server device 19500-
1 includes a user service server 19711-1 and an ICS authority server 19721-1,
-1 includes a general resource management server 19750-1 and a general route information server 19760-1;
20-1 is a user service server 19712-1, IC
The server device 195 including the S authority server 19722-1
Reference numeral 30-1 denotes an ICS network server 19980 having an ICS user address “1200” and performing an electronic library service.
ICS network server 19981- which provides a travel guidance service with -1 and ICS user address "1300"
And the server device 19540-1 includes the general ICS authority server 19720-1 and the general domain name server 197.
40-1, an overall conversion table server 19730-1, and an overall user service server 19710-1.

The access control device, the relay device,
The server device and the gateway between VANs are ICS network communication lines 19040-1, 19041-1, 19042-1,
19043-1 and the like, and can exchange information with each other using the ICS network communication function. The server device is made, for example, by giving a computer an ICS network communication function,
A program for executing a server function runs therein. Reference numeral 19110-1 denotes an FR network, and a conversion unit 19111
-1 and 19112-1 are communication lines of the FR exchange network and I
The interface conversion with the ICS network communication line for transferring the CS network frame is performed, which is the same as that described in the other embodiments. Also, 1
Reference numeral 9900-1 denotes an ATM network, and a conversion unit 19901-1
And 19902-1 describe communication lines and ICs of ATM switching networks.
It performs interface conversion with the ICS network communication line for transferring the S network frame. ICS190
LAN 19600-1, 19601 outside 00-1
-1, 19602-1, 19603-1, 19604
1, 1965-1, and IP terminals 19606-1, 196 having a function of transmitting and receiving an ICS network frame.
07-1 is an embodiment connected.

<< Hierarchical Structure of ICS Network Server >> A description will be given with reference to FIGS. 18 to 23. The general user service server 19710-1 is a user service server 19711-
1, 19712-1 has a higher control right in the sense that an instruction is given or individual information is reported, and the higher control right is shown in a tree structure in FIG. 19811-
Reference numeral 1 denotes a communication path for exchanging information between the general user service server 19710-1 and the user service server 19711-1, and is composed of an ICS network communication line, a relay device, and the like. General ICS authority server 19720-1, general conversion table server 19730-1, general domain name server 1974
0-1, the general resource management server 19750-1, and the general route information server 19760-1 are the same, and are shown in FIGS. 19 to 23, respectively. In this embodiment, the server has two tree structures, but the number of access control devices, relay devices, and server devices installed in the ICS may be increased to three or more. The routing information server has a routing table used by the relay device and the access control device with a function of transmitting and receiving inside the ICS. The resource management server is provided with management functions such as grasping the installation state of the relay device, the access control device, and the server device and the failure information.

<< ICS19000- by ICS operator
Operation 1 >> ICS Operator 19960-1 and 19961-
1 gives an instruction such as operation start to the general user service server 19710-1, the general conversion table server 19730-1, the general resource management server 1950-1, and the general path information server 19760-1, or reports individual information. Thus, the operation of the ICS19000-1 can be easily performed.

<< ICS19000- by ICS officials
Management of 1 >> ICS official 19950-1 is the supervising ICS authority server 19720-1, supervising domain name server 197
It is possible to easily manage the address and the like used in the ICS19000-1 by giving an instruction such as the start of operation to the 40-1 or by reporting individual information.

<< Socket Number and Server >> The ICS network server has an ICS user address and an ICS network address, respectively. Each of the servers has a port defined by TCP or UDP communication protocol in addition to the ICS network address. Having a number is an addition to other embodiments. That is, each of the servers is 32
It is identified by a total of 48 bits of a ICS network address of 16 bits and a port number of 16 bits (this is called a socket number). Each server has an ICS 190
00-1 includes programs each having a unique function, and some servers have an "operation interface" as described later. Here, the “operation interface” is a function of transmitting and receiving instructions such as information exchange with an operator via a keyboard or the like, operation of each server function, start of operation, and the like. Each server assigns an ICS network address to, for example, an access control device or a relay device, assigns different port numbers to a plurality of programs (servers) inside these devices, and distinguishes them by socket numbers. Each server has an ICS network communication function as described in the other embodiments, and can exchange information with each other using the ICS network address and the port number.

<< Registration of User to ICS-1: Inter-Company Communication and ICS Network Server >> A description will be given with reference to FIGS. 16, 17, and 24. Applicant 192 for ICS19000-1
00-1 applies to the ICS receiver 19940-1 for ICS participation (procedure P100). "Application acceptance data" is IC
S user address ICS network address and IC
The ICS usage items excluding the S name are, for example, request identification (intra-company communication, inter-company communication, virtual private line connection, IC
Communication network conditions such as S network server classification), speed class, priority, etc., charging conditions, open connection conditions, fee payment method, user name and address (identification data), signature conditions, encryption conditions, etc. The meaning of the items has been described in other embodiments. ICS receptionist 19940-1 said
"Application reception data" is stored in the user service server 19711.
-1 via the "operation interface", and stores the "application reception data" in the user database 19611-1 (procedure P110). Next, the user service server 19711-1 requests the ICS authority server 19721-11 for its ICS user address, ICS network address and ICS name using the ICS network communication function (procedure P120). ICS Authority Server 19721-
Reference numeral 1 denotes an ICS network address assignment record table 19622-1 which holds the requested ICS address and ICS name in the database 19621-1.
(FIG. 25), ICS user address assignment record table 19623
-1 (FIG. 26), assigning (procedure P130), recording the assignment result in the assignment table, and returning the assigned result to the user service server 19711-1 (procedure P1).
40). The user service server 19711-11 has I
The assignment result obtained from the CS authority server 19721-1 is stored in the user database 19611-1 (procedure P1
50). FIG. 25 shows an example of the ICS network address assignment record table 19622-1. In the first row of the table, the ICS network address “7700” is stored in the ICS logical terminal identification code LT- of the node identification code ACU-1. 0
01 and the assignment destination identification symbol is user-1
The assignment date is an example of April 1, 1998, and it is predetermined that the node identification code ACU-1 indicates the access control device 19300-1. In the third row of the table, the ICS network address “9630” is assigned to the port number “620” of the node identification code SVU-1, the allocation destination identification code is Sv-001, and the allocation date is 98 Is the example of February 1, 2002, and the node identification symbol SVU-1
Refers to the server device 19530-1 in advance.

FIG. 26 shows an example of the ICS user address assignment record table. The first line of the table contains the ICS user address “4610” and the ICS name (also called ICS domain name) “ddl.ccl.bbl”. .Aal.j
"p" is assigned, the value of the request identification is "2", the assignment destination identification symbol is user-1, and the assignment date is April 1, 1998.
It is an example of the day. Further, in the fourth row of the table, the ICS user address “1200” is added to the ICS name “rrl.
qq. pp. jp ", the value of the request identification is" 4 ", the allocation destination identification symbol is Sv-001, and the allocation date is February 1, 1998. The user service server 19711-1 is Provide information to the conversion table server 19731-1 via the ICS network communication function so that the application content of the use applicant 19200-1 and the acquired ICS network address are written in the conversion table 1931-1 in the access control device 19300-1. (Procedure P160) The contents to be provided are described in other embodiments, such as the originating ICS network address, sender ICS user address, request identification, speed class, priority, signature condition, encryption condition, and open class. The ICS network address and ICS user address described above have a request identification value of “2”. Ri For enterprise communications originating ICS network address and sender ICS
Register as a user address. If the value of the request identification is "4", that is, the ICS network server, it is registered as the destination ICS network address and the recipient ICS user address. The conversion table server 19731-1 adds the above content to the conversion table 1931-1 (procedure P170).
. At this point, the incoming ICS network address and the recipient ICS user address are not registered in the conversion table 1931-1, and the "registering of communication partner" described later in the present embodiment.
In the conversion table 19301-1.

Next, the conversion table server 19731-1 is connected to the IC
It notifies the S domain name server 19641-1 of the ICS network address, ICS user address and ICS name (procedure P180). ICS domain name server 19
741-1 is an internal database 19641-1.
The ICS network address, the ICS user address, and the ICS name received are written and stored (step P190), and the completion of the writing is indicated by the conversion table server 19731.
-1 (procedure P200). Conversion table server 197
31-1 confirms this report (procedure P210), and notifies the user service server 19711- of completion of the series of procedures.
1 (procedure P220), and the user service server 1
9711-1 confirms this report (procedure P230), and notifies the use applicant of the ICS user address and ICS name as the allocation result (procedure P240). Since the ICS network address is used only inside the ICS, the use applicant is not notified. Further, in the case of the ICS network server, that is, when the value of the request identification is “4”, the user service server 19711-1 sends the ICS 1900
It notifies all conversion table servers inside 0-1 and requests registration in the conversion tables of all access control devices.

<< Rewrite management of conversion table by integrated conversion table server >> Procedures P800 to 960 on the lower side of FIG. 24, FIG.
This will be described with reference to FIGS. The general conversion table server 19730-1 instructs the conversion table server 19731-1 to rewrite the contents of the conversion table 1931-1, for example, the speed class priority, the originating ICS network address, and some or all items of the conversion table. (Procedure P
800), the conversion table server 19731-1 changes the contents of the conversion table 1931-1 according to this instruction (procedure P8).
10). Also, the domain name server 19741-1 has an IC
Instruct rewriting of S network address etc. (procedure P
820), the domain name server 19741-1 updates its internal table according to this instruction (procedure P830), and reports the result to the conversion table server 19731-1 (procedure P84).
0), the conversion table server 19731-1 confirms (procedure P8)
50), and report it to the overall conversion table server 19730-1 (procedure P860). Also, the general conversion table server 19730
-1 instructs the user service server 19711-1 to rewrite the contents of the user database 19611-1, for example, the speed class, the ICS network address, and other items (procedure P900). According to this instruction, the contents of the user database 19611-1 are updated (procedure P
910). Also, the ICS authority server 19721-1 returns the unnecessary ICS network address, ICS user address, and ICS name, or transmits a new request (procedure P920), and the ICS authority server 19721-1.
Updates the ICS network address assignment record table 19622-1 and the ICS user address assignment record table 19623-1 in accordance with this instruction (procedure P930), and reports the result to the user service server 19711-1 (in order P940). ), User service server 19711-
1 (procedure P950), and the overall conversion table server 197
30-1 (procedure P960).

In the above description, the overall conversion table server 1
9730-1 is the first user service server 197
It is also possible to execute the procedures P900 to P960 by calling 11-1 and secondly invoke the conversion table server 19731-1 to execute the procedures P800 to P860. Because of this, the ICS operator 199
By instructing the general conversion table server 19730-1 to rewrite the contents of the access control table, the domain name server 60-1 or the ICS 60-1 manages the conversion table inside the access control device and address information associated therewith. By exchanging information with the authority server, it is possible to easily manage the rewriting of the contents of the consistent conversion table, that is, update management of all the conversion tables of the access control device inside the ICS19000-1.

<< User Communication Partner Registration >> This will be described with reference to FIG. Applicant 19200 for ICS19000-1
-1 applies to ICS receiver 19940-1 for communication partner registration with the domain name of the communication partner (procedure P30
0). The ICS receiver 19940-1 receives the domain name of this communication partner (procedure P310), and converts the conversion table server 1973.
1-1 is transmitted (procedure P320). Conversion table server 19
731-1 is a domain name server 19740-1, 197
Information exchange with 42-1 etc. (procedures P330, P331),
ICS corresponding to the domain name of the contacted communication partner
Acquire the network address and the ICS user address, and update the contents of the conversion table 1931-1 (procedure P3
40), and report the result (procedures P350, P360). The updated result is shown in a conversion table 1931-2. The obtained ICS network address is the incoming ICS network address, and the ICS user address is the recipient IC.
Each of the S user addresses is registered in a conversion table as shown in FIG. Note that the columns of the ICS network server, the incoming ICS network address, and the recipient ICS user address are left blank.

<< Registration of User to ICS-2: Intra-Company Communication and Virtual Private Line >> A description will be given with reference to FIG. The difference between the intra-company communication and the above-mentioned inter-company communication is that the ICS user address is submitted and the ICS name cannot be used. Therefore, there is no ICS name assigned, and the ICS name is used. Procedure (P180, P19
0, P200). First, the ICS19000-1 user 19200-1
Apply for ICS subscription to ICS receptionist 19940-1
(Procedure P400). The “application acceptance data” is an ICS usage item excluding the ICS network address and the ICS name, and is, for example, an ICS user address, for example, a request identification (intra-company communication, inter-company communication, virtual leased line connection,
Network server classification), speed class, priority, etc. are the same as in the inter-company communication. As the ICS user address, at least one set of the sender ICS user address and the receiver ICS user address is presented. In the case of a virtual leased line connection, the sender ICS user address and the receiver IC
Not presenting the S user address is different from the case of intra-company communication.

The ICS receiver 19940-1 stores the “application reception data” in the user service server 19711-1.
Is input through the "operation interface", and the "application reception data" is stored in the user database 19611-1 (procedure P410). Next, the user service server 19
The 711-1 requests the ICS authority server 19721-1 for its ICS user address, ICS network address and ICS name using the ICS network communication function.
(Procedure P420). The ICS authority server 19721-1 allocates only the ICS network address in the same manner as the above-mentioned procedure P130 (procedure P430), records the result of the assignment in the above-mentioned assignment table, and returns the result of the assignment to the user service server 19711-1. (Procedure P440). The user service server 19711-1 stores the assignment result obtained from the ICS authority server 19721-1 in the user database 19611-1 (procedure P450). The user service server 19711-1 converts the contents of the application and the acquired ICS network address into the conversion table server 19
7373-1 (procedure P460), the conversion table server 19731-1 registers it in the conversion table 19301 (procedure P460).
370), and report the completion of registration (procedures P480, P49)
5). FIG. 33 shows an example in which intra-company communication and registration of a virtual leased line are performed in the conversion table 19301.

<< Description of Domain Name Server >> Referring to FIG. 34, an example of four layers will be described with reference to FIG. 34 regarding the procedures P330 and P331 relating to the domain name server. The ICS network address of the internal table 19600-1 of the domain name server for the domain name "root" is "9500", and the domain names "al" and
"A2", "a3",... Exist. For example, the ICS network address where the domain name server handling the domain name "a1" is located is "9610", and the port number is "44".
0 ". I in the internal table 19610-1 of the domain name server for the domain name" a1 "
The CS network address is “9610”, and the domain names “bl”, “b2”, “b3”,.
Exists, and the ICS network address where the domain name server handling the domain name “b2” is located is “97”, for example.
20 and the port number is “440.” The ICS network address in the internal table 19620-1 of the domain name server for the domain name “b2” is “9720”, and the domain Name "c
4 "," c5 "," c6 ",.... For example, in the domain name" c5 ", the display of the end point column is" YES ", so that the domain name does not exist below it.
ICS corresponding to CS name "c5.b2.al."
This indicates that the network address is “9720” and the ICS user address is “4510”.
The record of the internal table 19620-1 of the domain name server, that is, the ICS name (ICS domain name) and the IC
S network address and ICS user address “4”
A set of data including the combination with "610" is particularly called a "resource record" of the domain name server.

<< Calling of Domain Name Server >> Referring to FIG. 38, conversion table server 19630-1 changes domain name servers 19640-1, 19650-1, and 19660-1.
Will be described to search for an ICS network address and an ICS user address corresponding to the domain name “c5.b2.al.”. Conversion table server 196
30-1 is a resolver 19635- inside the conversion table.
1. Enter the domain name "c5.b2.al." The resolver 19635-1 uses the ICS network communication function to convert the ICS frame 19641-1 including “al” into the ICS frame 19641-1.
When sent to the domain name server 19640-1, an ICS frame 19642-1 including the ICS network address "9610" of the ICS domain name server for "a1" is returned. Next, the resolver 19635-1 sets “b2”
Is sent to the ICS domain name server 19650-1 and the ICS network address “972” of the ICS domain name server for “b2” is sent.
ICS frame 19652-1 containing "0" is returned. Next, resolver 19635-1 returns an ICS frame containing "c5".
When the CS frame 19661-1 is sent to the ICS domain name server 19660-1, the ICS network address “9820” of “c5” and the ICS user address “45”
An ICS frame 19662-1 containing 20 "is returned. By the above procedure, the conversion table server 19630-1 is returned.
Is the IC corresponding to the domain name "c5.b2.al."
The S network address “9820” and the ICS user address “4520” are acquired.

<< Rewriting Conversion Table from IP Terminal >> FIG.
9 and FIG. 40. Domain name "c5.b2.
ICS user frame including "al" in the IP terminal 196.
08-1 to the conversion table server 19731-1
(Procedure P500). The conversion table server 19731-1 inquires of the domain name server (procedure P510), and the domain name server returns the I corresponding to the domain name "c5.b2.al".
Search and acquire CS network address “9820” and ICS user address “4520” (procedure P52)
0), when replying to the conversion table server 19731-1 (procedure P53O), the conversion table server writes in the conversion table 1931-1 (procedure P540) and reports it to the IP terminal 19608-1 (procedure P550). In this procedure, the ICS network address “9820” is the destination network address, and the ICS user address “4520” is the recipient I address.
Figure 2 shows the rewritten conversion table as the CS user address.
FIG. FIG. 28 omits the description contents of the conversion table corresponding to the request identification included in FIG. Next, IP
From the terminal 19608-1, the ICS user frame including the designation of changing the speed class to "2" is registered in the conversion table 1931-1X.
1 (procedure P600). Conversion table server 1973
1-1 rewrites the registered contents of the conversion table 1931-1X to the speed class “2” according to the designation (procedure P610),
This is reported to the terminal 19608-1 (procedure P620). The conversion table rewritten by this procedure is expressed as 19301-Y
(FIG. 29).

<< Moving Terminal Between Access Control Devices >> IC
As can be seen from the example of the S user address assignment record table 19623-1, the first line of this table indicates that the ICS user address "4610" contains the ICS name (also called the ICS domain name) "dd1.cc1.bb1". .Aa1.j
p ”is assigned, and the ICS user address and ICS
It is characterized by holding a name. For example, IC
Terminal 19608 with S-user address "4610"
-1 (FIG. 16) is moved from the access control device 19300-1 to the access control device 19320-1 (FIG. 17). For example, when a new ICS network address “7821” is assigned to this terminal, the conversion table 19321- 1
Inside the transmission ICS network address "782"
1 and the sender ICS user address "4610" are registered as a pair, in which case the ICS name "dd1. cc1. bb1. aa1. jp "is I
The ICS user address “4610” as specified by the CS user address assignment record table 19623-1
And the ICS name is not changed. ICS name inside the domain name server "dd1.c
c1. bb1. aa1. jp ", the ICS network address" 7700 ", and the ICS user address" 46 ".
The resource record including the combination with the ICS name “dd1. cc1. bb1. aa1. jp ”and IC
It is changed to the S network address “7821” and the ICS user address “4610”. That is, ICS
The network address “7700” is replaced by another address “7
821 ”, but the ICS name“ dd1.
cc1. bb1. aa1. jp ”and the ICS user address“ 4610 ”are not rewritten.
The ICS user address assignment management table of the CS authority server and the resource record of the domain name server hold the ICS user address and the ICS name, but do not change either of them. Thus, when the terminal is moved between the access control devices, the ICS user address and the ICS name of the terminal need not be changed. (Another Embodiment: Determination of ICS User Address by User) In the above embodiment, a modification is made such that the user determines the ICS user address. That is, the user (application applicant 19200-1) is
When subscribing to -1, the ICS user address is added. The ICS receiver 19940-1 newly includes the ICS user address in the application reception data. Also,
The ICS authority server 19711-1 stores the I
CS user address to ICS user address assignment table 19
623-1. By the above method, the user can determine his / her own ICS user address by himself, and the degree of freedom is improved.

[0064] Example - 1 (closed network betrayer signal using network identifier) network (Network) virtual private line services and the enterprise using the identifier communication service, closed in network inter-enterprise communication services <br/> A communication method limited to a part will be described. Where the network identifier is
This is for identifying or distinguishing a closed network, and is assigned to an ICS user address.

<< Configuration >> As shown in FIGS. 41, 42, 43 and 44, the ICS
22000-1 is an access control device 22010-1,
The access control device 22010-1 includes the line units 22020-1, 22030-1, and 1204 0 -1.
11-1, processing device 22012-1, conversion table 22013
-1, the access control device 22020-1 includes the line unit 22021-1, the processing device 22022-1, and the conversion table 2
Access control device 22030-1
Is a line section 22031-1, a processing unit 22032-1,
The access control device 220 includes a conversion table 22033-1.
40-1 is a line unit 22041-1, a processing unit 2204
2-1 including the conversion table 22043-1, and 22060-
1,2062-1, 202062-1, 20633-
Each of the relay devices 120644-1 is an ICS.
They are connected to each other and to one of the access control devices via a network communication line. 22101-1,2210
2-1, 22 1 103-1, 2104-1, 2210
5-1, 22106-1, 22107-1, 22108
-1,22109-1,22110-1,2111-
Reference numerals 1 and 22112-1 denote corporate LANs, which are connected to a line section of any access control device via a gateway and an ICS user logical communication line, respectively. Here, 1 2120-1 is the LAN 22101-1
Of a gateway, 1 2121-1 is ICS user logic communication line, other gateways or ICS user logic communication line is in the same position is shown in FIG. 41 through FIG. 44.

Each LAN includes two or three IP terminals having a function of transmitting and receiving IP user frames.
These ICS user addresses are
The inside is “1500” and “1510”, LAN2
2102-1 inside "5200" is "5210" and "5250", LAN221 1 03-1 inside is "1900" and "1910", LAN2210
The inside of 4-1 is “1100” and “1110”,
The inside of the LAN 22105-1 is “4200” and “421”.
0 ”, and the inside of the LAN 22106-1 is“ 1800 ”.
And “1810”, and the inside of the LAN 22107-1 is “1920” and “1930”.
8-1 are “5410” and “5420”, and L
AN21099-1 contains “1430” and “144”.
0 ”, and the inside of the LAN 22110-1 is“ 6500 ”.
And “1960”, and the inside of the LAN 22111-1 is “1820” and “1830”.
The inside of 2-1 is "4410" and "1420". In the above description, the value of the ICS user address is “10
“00” to “1999” represent ICS user addresses for intra-company communication, and the value of the ICS user address is “20”.
“00” to “6999” represent ICS user addresses for inter-enterprise communication, and ICS network address values from “7000” to “9999” represent ICS network addresses. Is the ICS user address range ("1000")
To “1999”), when used for inter-company communication, IC
S user address range (“2000” to “699”
9 "). An ICS user address used for intra-company communication can also be used for inter-company communication.

<< Line of Conversion Table and Network Identifier >> The “line” of the conversion table will be described. For example, conversion table 22013
In the first line, the request identification value is “1”, the originating ICS network address value is “8100”, and the sender ICS user address (in company) is “150” in the first line.
0 ”, the value of the sender ICS user address (between companies) is blank, the value of the receiver ICS user address is“ 1100 ”,
The value of the incoming ICS network address is “7100”,
This is an example of a “line” where the value of the network identifier is “A001” and other items are not described. Here, the blank may be represented by Null. The “row” of the conversion table is also called the “record” of the conversion table. The network identifier is a symbol that is provided to classify a part of the ICS network as a network and define the network as a network, and may be a number or a code. The network identifier is assigned to each row of the conversion table. A network for which a closed network is not designated is represented by a symbol "Open" for each row of the conversion table, for example, as shown in the conversion table 22033-1.

The operation will be described with reference to the flowcharts of FIGS. << Closed Area / Intra-company Communication >> The ICS user frame S01 is transmitted from the IP terminal having the address “1100” inside the LAN 2214-1, and reaches the access control device 22020-1 via the ICS user logical communication line. The access control device 22020-1 includes a line unit 22021-1.
When the ICS user frame S01 is received from the ICS logical terminal of the address “7100”, the originating ICS network address “7100” is obtained, and the sender ICS user address “1100” and the receiver ICS user address are obtained from the ICS user frame S01. “150
0 ”(step SP100) and the conversion table 220
23-1, the outgoing ICS network address "71"
It is checked whether or not "00" is registered as the request identification "3" (step SP110) .In this case, since it is not registered, the source ICS network address "7100" acquired in the above procedure and the sender ICS user Address “1100”, recipient ICS user address “15”
It is checked whether or not a record including all “00” exists in the conversion table 22023-1 (step SP120), and in this case, it is confirmed that the record exists (step SP130).
Next, only the sender ICS user address (within the company) of this record is registered as “1100”, and after confirming that the sender ICS user address (between companies) is blank, the destination ICS network address “810” is obtained from this record.
0 ”is obtained (step SP160).

Next, ICS encapsulation is performed using the originating ICS network address “7100” and the destination ICS network address “8100” obtained in this way (step SP180), and the obtained ICS network frame T01 is converted to the ICS network. The data is transmitted to the communication line (step SP190). ICS network frame T0
1 is a relay device 22062-1, 22061-1, 22
The access control device 22010-1 is reached via 060-1. Access control apparatus 22010-1 receives ICS network frame T01 (step ST
100), the incoming ICS network address “8100” described inside the network control unit (ICS capsule) of the ICS network frame T01 is registered as the outgoing ICS network address “8100” inside the conversion table 22013-1. Is confirmed (step ST110), then ICS decapsulation is performed (step ST120), and the obtained ICS user frame S01 is stored in the address “8”
ICS logical communication line 12121-1 connected to 100 "
(Step ST130). Note that the incoming ICS network address “8100 is” conversion table 22013-
If the ICS network frame T01 has not been registered, the ICS network frame T01 is discarded (step ST115).

<< Closed area / intra-company communication / access to network server >> Address "1100" inside LAN 22104-1
The ICS user frame S02 is transmitted from the IP terminal having. When the access control device 22020-1 receives the ICS user frame S02 from the ICS logical terminal of the address “7100” of the line section 22021-1,
The source ICS network address “7100” is obtained, and the sender ICS user address “1100” and the receiver ICS user address “6100” are obtained from the ICS user frame S02 (step SP100), and are stored in the conversion table 22023-1. Then, it is determined whether or not the ICS network address “7100” is registered as the request identification “3” (step SP110). In this case, since it has not been registered, the calling ICS
A record including all of the network address “7100”, the sender ICS user address “1100”, and the receiver ICS user address “6100” is a conversion table 22023.
-1 is searched for (step SP120),
In this case, it is confirmed that it does not exist (step SP1).
30).

Next, the source ICS network address is "7100" and the sender ICS user address is "1".
In one or more records having a request identification value of "4" (ICS network server designation) having the same network identifier as the network identifier "A001" of the record of the conversion table 22023-1 of "100", ICS user address "610"
0 " (in this case, the conversion table 220
23-1) (the third record from the top), the incoming ICS network address “910” described in this record.
0 ”(step SP170), and then the originating ICS network address“ 710 ”thus obtained.
0 "and incoming ICS network address" 9100 "
To perform ICS encapsulation (step SP18)
0), the obtained ICS network frame T02 is
The packet is sent to the CS network communication line (step SP190). I
The CS network frame T02 includes the relay device 2206
It reaches the ICS network server 22081-1 via 2-1 and the relay device 22061-1. The same applies to the case of the ICS user frame S03 sent from the IP terminal having the address “1110” inside the LAN 22104-1, and the network identifier is “A002” and the ICS is encapsulated into the ICS network frame T03. I via the relay device 22062-1 and the relay device 22061-1
It reaches CS network server 22082-1.

<< Closed Area / Business Communication >> LAN 22105-
1 from the IP terminal having the internal address “4200”
The CS user frame S04 is transmitted. When receiving the ICS user frame S04 from the ICS logical terminal of the address “7200” of the line section 22021-1, the access control device 22020-1 acquires the originating ICS network address “7200” and sends the sender ICS network address “7200” from the ICS user frame S04. The ICS user address “4200” and the receiver ICS user address “5200” are obtained (step SP100), and whether or not the address “7200” is registered as the request identification “3” in the conversion table 22023-1 Is checked (step SP110). In this case, since there is no registration, a record including all of the originating ICS network address “7200”, the sender ICS user address “4200”, and the recipient ICS user address “5200” acquired in the above procedure is stored in the conversion table 22023. -1 (step S)
P120), in this case, it is confirmed that it exists (step SP130), and then the sender ICS user address (within the company) of this record is blank, and only the sender ICS user address (between companies) is "4200". It is confirmed that it has been registered (step SP160).

Next, ICS encapsulation is performed using the originating ICS network address “7200” and the destination ICS network address “8200” obtained in this way (step SP180), and the obtained ICS network frame T04 is converted to the ICS network. The data is transmitted to the communication line (step SP190). ICS network frame T0
4 is a relay device 22062-1, 22061-1, 22
The access control device 22010-1 is reached via 060-1. Upon receiving the ICS network frame T04, the access control device 22010-1 (step ST
100), the incoming ICS network address “8200” described inside the network control unit (ICS capsule) of the ICS network frame T04 is registered as the outgoing ICS network address “8200” inside the conversion table 22013-1. Is confirmed (step ST110), then ICS decapsulation is performed (step ST120), and the obtained ICS user frame S04 is linked to the address
The data is transmitted to the logical communication line (step ST130).

<< Closed Area / Business Communication / Access to Network Server >> The ICS user frame S05 is transmitted from the IP terminal having the address “4200” inside the LAN 22105-1. The access control device 22020-1 is connected to the line unit 22.
When the ICS user frame S05 is received from the ICS logical terminal of the address “7200” of the address 021-1, the transmission I
The CS network address “7200” is acquired, and the sender ICS user address “4200” and the receiver ICS user address “6” are obtained from the ICS user frame S05.
200 "(step SP100), and the conversion table 2
It is checked whether the sender ICS network address “7200” is registered as the request identification “3” in the 2023-1 (step SP110). In this case, since it is not registered, the call I
CS network address "7200", sender ICS
A record including all of the user address “4200” and the recipient ICS user address “6200” is stored in the conversion table 220.
23-1 is searched for (step SP12)
0), and in this case, confirm that it does not exist (step S
P130), then, the originating ICS network address is “7200” and the sender ICS user address is “42”.
In one or more records having a request identification value of "4" (ICS network server designation) having the same network identifier as the network identifier "B001" of the record of the conversion table 22023-1 of "00", the receiver The same record as the ICS user address “6200” is searched (in this case, the conversion table 2202
3-1 seventh record from the top), the incoming ICS network address “9200” described in this record
Is found (step SP170).

Next, ICS encapsulation is performed using the originating ICS network address “7200” and the destination ICS network address “9200” obtained as described above (step SP180), and the obtained ICS network frame T05 is stored in the ICS network. The data is transmitted to the communication line (step SP190). ICS network frame T0
5 is the ICS network server 2 via the relay device 22062-1
2083-1. The same applies to the case of the ICS user frame S06 sent from the IP terminal having the address “4210” inside the LAN 22105-1, and the network identifier is “B002” and the ICS is encapsulated into the ICS network frame T06. ICS network server 22084 via relay device 22062-1
Reach 1

<< Communication from Network Server Inside ICS to Network Server Outside ICS >> IP Terminal 22092-1 Inside LAN 2212-1
Is an “ICS external server” composed of an IP terminal or the like located outside the ICS 22000-1. The ICS external server 22092-1 stores the ICS user address “52
50 "and registered in the conversion table 22013-1 (the ninth record from the top of the conversion table 22013-1), provided that the receiver ICS user address and the incoming ICS network address of the conversion table are stored. Field is blank, Null
It is registered. ICS internal server 22084-1 is I
When the CS network frame T22 is transmitted, the ICS
The network frame T22 is a relay device 22062-
The access control device 22010-1 is reached via the access control devices 12061-1, 22060-1 (step ST10
0), it is confirmed that the originating ICS network address is registered as “8200” in the conversion table 22013-11, and the ICS is decapsulated (step ST).
120) ICS user frame S22, and the transmitted toward the ICS external server 22 092-1 (step S
T130). The communication in the reverse direction is encapsulated in the ICS using the conversion table 22013-1, and the ICS internal server 22
084-1.

<< Closed Area / Virtual Private Line >> The ICS user frame S07 is transmitted from the IP terminal having the address “1800” in the LAN 22106-1. The access control device 22020-1 is connected to the line unit 22.
When the ICS user frame S07 is received from the ICS logical terminal of the address “7300” of the address 021-1, the originating ICS network address “7300” is obtained.
From the CS user frame S07, the sender ICS user address “1800” and the receiver ICS user address “19”
00 ”(step SP100), and the conversion table 22
In the outgoing ICS network address "7"
It is checked whether or not "300" is registered as request identification "3", that is, as a virtual leased line connection (step SP11).
0) is registered in this case. Next, the originating ICS network address “7300” obtained in the above procedure
And whether or not a record including the recipient ICS user address “1900” exists in the conversion table 22023-1 (step SP140).
In the conversion table 22023-1, the destination ICS network address "8300" of the record in which the column of the receiver ICS user address is blank (or "Null") in the source ICS network address "7300" is found (step SP).
145), ICS encapsulation is performed using the originating ICS network address “7300” and the destination ICS network address “8300” obtained in this way (step SP180), and the obtained ICS network frame T07 is converted to an ICS network communication line. Send (Step S
P190). The ICS network frame T07 is composed of the relay devices 22062-1, 22061-1, and 22060-
1 to access control device 22010-1.
Upon receiving the ICS network frame T07, the access control device 22010-1 (step ST10)
0), the incoming ICS network address “8300” described inside the network control unit (ICS capsule) of the ICS network frame T07 is converted into the conversion table 2
It is confirmed that it is registered as the originating ICS network address “8300” inside 2013-1 (step ST110), and then ICS decapsulation is performed (step ST120), and the obtained ICS user frame S07 is addressed. ICS user leading to the "8300"
The data is transmitted to the logical communication line (step ST130).

The same applies to the case of the ICS user frame S09 sent from the IP terminal having the ICS user address “1820” inside the LAN 22111-1. The network identifier is “C002”, and the ICS is
The data is transferred inside the CS22000-1 and is inversely ICS-encapsulated by the access control device 22030-1 so that the ICS
The user frame S09 is reached, and reaches the IP terminal having the ICS user address “1920” inside the LAN 22107-1.

<< Access to Closed Area / Virtual Private Line / Network Server >> The ICS user frame S08 is transmitted from the IP terminal having the address “1810” inside the LAN 22106-1. The access control device 22020-1 is connected to the line unit 22.
When the ICS user frame S08 is received from the ICS logical terminal of the address “7300” of the address 021-1, the transmission IC
When the S network address “7300” is obtained, the sender ICS is sent from the outgoing ICS user frame S08.
The user address “1810” and the recipient ICS user address “6300” are obtained (step SP100),
In the conversion table 22023-1, the originating ICS network address "7300" is the request identification "3" (virtual leased line)
(Step SP1).
10) is registered in this case. Next, the originating ICS network address “730” obtained in the above procedure
A search is performed to determine whether a record including “0” and the receiver ICS user address “6300” exists in the conversion table 22023-1 (step SP140). In this case, the record is present and the incoming ICS network described in this record is present. The address “9300” is found (step SP145), and the originating ICS network address “7” obtained in this way.
300 "and the incoming ICS network address" 930
ICS encapsulation using “0” (step SP1)
80 ) The obtained ICS network frame T08 is sent to the ICS network communication line (step SP190 ) .
The ICS network frame T08 is transmitted to the relay device 220
ICS network server 220 via 62-1 and 2064-1
87-1 is reached. IC sent from IP terminal having address “1830” inside LAN 22111-1
The same applies to the S user frame S10, in which the network identifier is “C002” and the ICS is
The network frame becomes T10 and the relay device 2206
Via 4-1, it reaches the ICS network server 22089-1.

[0080] "closed-address between the rewritable-type enterprise communication" between the closed area address rewritable corporate communications, said the closed-
It is almost the same as inter-enterprise communication.
In search of 3 3-1 and 22043-1 of the record,
Sender ICS user address (in company) and sender IC
It is added to check that the S user address (between companies) is registered together, which will be described below. The ICS user frame S13 is transmitted from the IP terminal having the ICS user address “1420” inside the LAN 22112-1. Access control device 22040
-1 is the address “7405” of the line section 22041-1
When the ICS user frame S13 is received from the ICS logic terminal of the ICS, the originating ICS network address “74”
05 ”and the sender ICS user address“ 1420 ”and the receiver ICS from the ICS user frame S13.
Acquire the user address “5420” (step SP1)
00), checks whether the originating ICS network address "7405" is registered as request identification "3" in the conversion table 22043-1 (step SPIlO). In this case, since it has not been registered, all of the outgoing ICS network address “7405”, the sender ICS user address “1420”, and the receiver ICS user address “5420” acquired in the above-described procedure will be described next. record including - de searches whether there during the conversion table 22043-1 (step SP120), it confirms that exists (step SP
130 ) (in this case, 5 from the top of conversion table 22043-1 )
Th record). Next, the sender ICS user address (within the company) “14” in the received ICS user frame
20 is rewritten to the inter-company address "4420" and the incoming ICS network address "8400" registered in this record is obtained (step SP).
160). Next, ICS encapsulation is performed using the outgoing ICS network address “7405” and the incoming ICS network address “8400” thus obtained (step SP180), and the obtained ICS network frame is transmitted to the ICS network communication line. Yes (Step SP
190). The ICS network frame is transmitted to the relay device 2
The access control device 22030-1 is reached via 2064-1 and 2063-11. Access control device 2203
When the ICS network frame is received (step ST100), the incoming IC described in the ICS capsule of the ICS network frame is received.
The S network address “8400” is stored in the conversion table 220
The outgoing ICS network address “8” is stored inside 33-1.
400 "(step ST110), and then performs ICS decapsulation (step ST120) to obtain the obtained ICS user frame S13.
0 is sent to the ICS user logical communication line connected to the address "8400" (step ST130).

The ICS user frame S11 sent from the IP terminal having the ICS user address “4410” inside the LAN 22112-1 is processed by the access control device 22040- in the same procedure as described in the closed / inter-company communication.
ICS encapsulated in ICS22000-1
The data is transferred inside, decapsulated by the ICS in the access control device 22030-1, and delivered to the IP terminal having the ICS user address “5410” inside the LAN 22108-1. As another example, LAN22112-1
IP with internal ICS user address "4410"
The ICS user frame S12 sent from the terminal is ICS-encapsulated in the access control device 22040-1 in the same procedure as described above, transferred inside the ICS22000-1 and delivered to the access control device 22030-1 to perform ICS decapsulation. At the time of the conversion table 220
Referring to the record 33-1 (in this case, the fifth record from the top of the conversion table), the ICS user frame S1
The address “5430” written inside the ICS is
It is found that the address is a user address (between companies), and the address value “5430” is changed to the ICS user address (within a company).
Rewritten to “1430” (step ST120), and I
A CS user frame S120 is generated and the LAN 2210 is generated.
It is delivered to the IP terminal having the ICS user address “1430” inside 9-1. As another example, LAN 221
12-1 Internal ICS User Address “1420” I
The ICS user frame S14 sent from the P terminal is
Sender ICS user address "1420", receiver IC
S user address “5440” but ICS 220
00-1 is transferred to the IC inside LAN 22109-1.
S The IP address of the user "1440"
ICS user frame S1 having CS user address “4420” and recipient ICS user address “1440”
It is converted to 40 and delivered.

<< Closed Area / Address Rewriting Type Intercompany Communication / Network Server Access >> The ICS user frames S15 and S16 transmitted from the inside of the LAN 22112-1 are transmitted to the respective ICS network servers 22085 through the same procedure as described above. Delivered to 1.

<< Communication from Network Server Inside ICS to Network Server Outside ICS >> 22086-1 is ICS22000
2-1 is an ICS network server inside, and 22090-1 and 22091-1 are “ICS external servers” including a database or the like located outside ICS22000-1. ICS external server 22090-1 and 22
091-1 is the ICS user address “650”, respectively.
0 ”and“ 1960 ”, and the conversion table 22033
-1 (in this case, conversion table 22033-1
8th and 9th records from the top). However, the fields of the receiver ICS user address and the destination ICS network address in the conversion table are blank, and are registered as Null. IC
The S external server 22091-1 indicates that the sender ICS user address (within the company) is “1960” and the sender I
“6960” is assigned as the CS user address (between companies). ICS internal server 22086-1
Has an ICS user address “6600” and an ICS network address “9500”.
033-1 (in this case, the conversion table 2203)
3-1-10th record from the top).

The ICS internal server 22086-1 has the ICS
When the network frame T20 is transmitted, the ICS network frame T20 reaches the access control device 22030-1 via the relay device 22063-1, where it is decapsulated using the conversion table 22033-1 to become the ICS user frame S20. , ICS external server 22090-1. The communication in the reverse direction is encapsulated by ICS using the conversion table
It is delivered to the S internal server 22086-1. Next, ICS
The same applies when the internal server 22086-1 sends out the ICS network frame T21. In the access control device 22030-1, the ICS is decapsulated and becomes the ICS user frame S21, which is delivered to the ICS external server 22091-1. To summarize the above, IC
Placing the ICS external network server outside of S22000-1;
Server inside ICS22000-1 and ICS22000
1 can communicate with an external server.

Conversion table 22013 inside access control device
-1 or a plurality of records are appropriately selected and stored in the conversion table recording file 22014-1.
It may be taken out and used when necessary such as performing S encapsulation or ICS inverse encapsulation. The same applies to the conversion table 22023-1 and the like inside the access control device 22020-1. In the access control device, the network identifier is set to "Open
conversion table 2 2 033-1 portions of which are designated as n "is normal is not retained within the access controller from the domain name server 22095-1 instead, the address information to be registered in the conversion table it is an example temporarily use obtained by the conversion table 2203 3 -1. Further, the network server 22081 one 1 for communication closed within enterprise network identifier "A00
It may be used as a dedicated domain name server for a closed / intra-company communication network that can be identified by "1". In this example, the hierarchical structure of the domain name is, for example, a one-level hierarchy designating the domain name "al". However, "bl. al "and" cl. bl.
al "may be a two-layer or three-layer network network.
It may be used as a domain name server dedicated to a closed area / inter-enterprise communication network that can be named by the network identifier “B001”. The network server 22087-1 of the closed / virtual leased line is identified by the network identifier “C0
01 "may be used as a domain name server of a closed / virtual leased line network. In this example, the hierarchical structure of the domain name is, for example, a domain name" al "1
Examples of hierarchies include "bl.al" and "cl.bl.a".
It is also possible to use two or three layers, such as "1".

Embodiment 2 (IP Terminal Connectable to a Plurality of Access Control Devices with Network Identifiers): In this embodiment, an IP terminal having a function of transmitting and receiving an ICS user IP frame is fixed to a specific access control device. Instead, use of a mobile IP terminal that can be used by connecting to another access control device, that is, roaming is realized using a network identifier. Roaming is realized based on the ICS domain name assigned to the IP terminal.

<< Password Transmission Technique by Encryption >> This embodiment includes a procedure of encrypting a secret password PW and transmitting it from the sender (encryption side) to the receiver (decryption side). Next, the encryption function Ei and the decryption function Di will be described. The encryption function Ei is represented by y = Ei (k1, x), and the decryption function Di is represented by x = Di (k2, y). Here, y is ciphertext, x is plaintext, kl, k2
Is an encryption key, and i is an encryption number (i that determines how to use secret key encryption or public key encryption, including the value of the encryption key.
= 1, 2, ...). In the above, the plaintext x ′ is set as x ′ = x‖r (where r is a random number) instead of the plaintext x.
From the plaintext x ′ obtained at the time of decryption and the random number r
May be discarded to obtain a plaintext x. By doing so, it is said that even if the same plaintext is encrypted, a different ciphertext is generated for the random number, and the ciphertext is resistant to breaking.

(Example of Encryption Number i = 1) << Preparation >> The sender m publishes its domain name (represented by DNm) including the receiver. The receiver uses the secret data compression function Hash-1 to obtain Km = Hash-1.
(DNm) is calculated, and only the encryption key Km is handed over to the sender in a secure manner not to be known to a third party. This example is DE
This is an example in which S encryption is adopted, and the sender uses an encryption function Ei
Is stored, and an encryption key Km is stored. The encryption key Km is a secret value shared by the sender and the receiver. The receiver holds the “decoding module DES-d” for realizing the decoding function Di and the data compression function Hash-1. What is used as the data compression function Hash-1 is determined for each value of the encryption number. The data compression function is also called a hash function.

<< Encryption by Sender >> The sender sets the secret password PW as x = PW and sets the encryption module DE.
By using Se and the held encryption key Km, y = DES−
The encrypted text is transmitted as e (Km, x), and the encrypted text y and the domain name DNm are transmitted.

<< Decryption by Recipient >> The recipient is cipher text y
And the domain name DNm, and using the secret data compression function Hash-1 of the recipient, Km = Hash-1 (D
Nm), the secret encryption key Km is calculated, and then the receiver uses the decryption module to obtain x = DES-d (Km,
Obtain plaintext x as y). The plain text x is the password PW, and the recipient can obtain the secret password PW. still,
Since the third party does not know the data contraction function Hash-1, it cannot calculate the encryption key Km and therefore cannot calculate the secret password PW. In the above embodiment, the encryption function and the decryption function are set to
The encryption function and the decryption function other than the S encryption can be changed.

(Example of encryption number i = 2) << Preparation >> This example is an example employing RSA encryption, and the receiver has an encryption function y = x ^e modn and a decryption function y = x ^d
Generate mod n. Here, e ≠ d and the key d are secret values. The receiver can encrypt the publicly available encryption keys e and n, and the encryption module R that realizes the encryption function y = x ^e modn.
SA-e is passed to the sender. The sender holds these encryption keys and the encryption module RSA-e. The sender has no secret encryption module or secret data. On the other hand, the receiver uses n and a secret key d, and a decryption module RSA that realizes a decryption function y = x ^e mod n.
-D is held.

<< Encryption by Sender >> The secret password PW to be transmitted, its own domain name DNm, and the date and time of transmission (year, month, day, hour, minute, second) are x = PW {xl} x2 (where,
xl: as, hour, minute, and second) time domain name DNm, x2 = date, by the encryption module ^{RSA-e, y = x e} mo
Encrypt as dn and transmit the ciphertext y.

<< Decryption by Recipient >> Recipient is ciphertext y
Is received, and the decryption module RSA-
calculating the ^x = y d mod n with d and the decoding key.
Since x = PW‖x1‖x2, data at a predetermined position from the head of x is used as PW. In the above encryption, x1 of the domain name and x2 of the year, month, day, hour, minute, and second are used as random numbers. Since the third party does not know the secret key d, it cannot calculate the secret password PW.
In the above-described embodiment, the values of the encryption keys e, d, and n can be changed as the definition of the encryption number i = 4. Further, the RSA encryption technique can be used as another public key encryption technique as a rule for the encryption number i = 5.

<< Terminal Authentication Technique Using Password and Random Number >> Password PW used in roaming terminal
A terminal authentication technique for checking whether a password matches a password registered in an authentication server will be described. As a prerequisite, the authentication server of the authentication subject and the terminal of the person to be authenticated have an encryption function E (where y = E (k, x), y is an encrypted text, k is an encryption key, and x is a plain text). And a third party owns a secret password PW. A specific procedure of terminal authentication will be described. The terminal to be authenticated determines the random number R by an appropriate means, and sets the password PW and the function y = F (PW, R).
Is used to calculate Y1 = F (PW, R), and random numbers R and Y
1 is transmitted to the authentication subject. The authentication subject is a random number R
And Y1 and the received random number R, the password FW held by itself, and the function F, Y2 = F
(FW, R) is calculated, and it is checked whether or not Y1 = Y2 is satisfied. If they match, the terminal owner as the authenticatee uses the correct password PW, that is, the terminal can be authenticated. In the above technique, the random number R is limited to a time-dependent random number (referred to as a time random number) so that the person to be authenticated cannot freely select it, which makes it more difficult for a third party to calculate the password PW. . Instead of the encryption function used above, a secret data compression function Hj may be used, and Y1, Y2 = Hj (PW, R).

<< Overall Configuration >> FIGS. 47 and 48 show an overall outline of a roaming technique according to the present embodiment.
0-1,21040-1,21050-1,21060
-1, relay apparatuses 21080-1, 21081-1, 21
082-1,1083-1, authentication server 21100-
1,2101-1,121102-1,21103-
1. Domain name servers 21130-1 and 21131
1,1132-1,21133-11, user service server 21250-1, ICS authority server 21260-
Including 1. The access control device 21010-1 converts the conversion table 2
1013-1, a conversion table server 21016-1, a registration server 21017-1, and a connection server 21018-1.
The access control device 21 02 0-1 conversion table 21023-
1, conversion table server 21026-1, registration server 2102
7-1 and the connection server 21028-1. An ICS user address “6300” is assigned to the registration servers 21017-1 and 21027-1. Connection server 210
The ICS user address “6310” is assigned to 18-1 and 21028-1.
From an IP terminal for roaming outside of the above, register an access control device determined according to the necessity to the IP terminal,
Alternatively, it has a function of connecting.

The conversion table server 21016-1 has the conversion table 21
The conversion table server 21026-1 has a function of rewriting the contents of the conversion table 21023-1. LAN 21150-1 is I
P terminal 21151-1, LAN 21160-1 includes IP terminal 21161-1, and 21170-1 includes IP terminal 21161-1.
Terminal. 21200-1 is a mobile roaming terminal, which is identified by the ICS domain name “cl.bl.al.” uniquely assigned as ICS21000-1. For domain names and domain name servers,
For example, it is the same as that described in the third embodiment.

<< Application for Roaming Terminal Use >> The owner of the roaming terminal 21200-1 is the roaming terminal 21200-1 as the ICS use applicant 21270-1.
ICS authority server 2126 via the user service server 21250-1 specifying the fee payment method of -1
Apply the ICS domain name (same as the ICS name) and the ICS user address to 0-1. The fee payment method is represented by a charging category "MNY". For example, when MNY = 1,
The fee is paid by the home IP terminal (IP terminal fixedly connected to the access control device). When MNY = 2, the fee is specified to be paid according to the record of the authentication server. IC
The S-authority server 21260-1 communicates with the roaming terminal 212
ICS domain name "cl.b" for using 00-1
l. al. "And the ICS user address" 1200. "
P terminal 21200-1 is connected to access control device 21010-
ICS authority server 21260 via the user service server 21250-1 for use by being fixedly connected to
Apply for an ICS network address at -1. When the user service server 21250- 1 acquires the ICS network address, ICS network addresses requests the conversion table server 21016-1 "8115" and IC
The S user address “1200” is converted into the conversion table 21013-1.
Set to.

The ICS receiver 21271-1 stores the ICS in the inside 21201-1 of the roaming terminal 22001-1.
Domain name “cl.bl.al.”, ICS user address “1200”, special ICS user address for roaming terminal (referred to as roaming special number) “100”
0 ”, ICS user address of registration server“ 630 ”
0 ”, ICS user address of connection server“ 6310 ”
Embedded in the roaming terminal 21200-1 and the encryption function Ei and the encryption-related data RP1.
But not the hash function. here,
RP1 = Hj (domain name @ RP0) @ RP0 )
You. However then, is a RP0 = MNY‖i‖j‖NID, the domain name is "c1.b1.al.", MNY the previous billing category, "i" is encrypted number to type the encryption Ei,
“J” is the type of the hash function Hj, and “NID” is the network identifier “B001”. In addition, the network identifier, a closed network of other
It is used to distinguish it from a closed network . The data compression function Hj is a secret dedicated function used only by the authentication server and the user service server. The user uses the data compression function Hj
The retain no, since no further inform the Hj, can not generate cryptographic data RP1.

<< Registration Procedure from Home IP Terminal >> Description will be made with reference to FIG. Roaming terminal users,
The roaming terminal 21200-1 is connected to the home IP terminal 211.
Connect to position 51-1. Next, the roaming terminal user determines a password (PW) and inputs the password (PW) into the input unit 21204-1.
, And generates an ICS user frame PK01 using the encryption function and encryption-related data stored inside the 212020-1, and sends the access control device 21010 via the ICS user logical communication line 21152-1.
-1 (procedure T10). The destination of the ICS user frame PK01 is “ 6 ” indicating a registration server for roaming.
300 "and its own ICS domain name" cl. b
l. al. ", Encryption parameter RP1, ICS user address" 1200 ", expiration date" 98-12-31 ",
Encrypted text “y”, “tg” encrypting password
(However, tg = 1 for displaying the registration procedure), and includes “Yes” or “No” specifying the roaming connection. Here, the ciphertext “y” is generated using the above-described encryption technique. For example, when encryption number = 2, y = x ^e mod
n (where x = PW {c1.bl.al} year / month / day / hour / minute / second), and the ciphertext “y” is generated. The access control device 21010-1 looks at the conversion table 21013-1 and
The S user frame PK01 is transferred to the registration server 21017-1 having the destination "6300" (procedure T15). The registration server 21017-1 registers the domain name “cl.bl.a
1 "is used to call the authentication server 21100-1 (procedure T20). The method by which the registration server 21017-1 calls the authentication server 21100-1 using the domain name is such that the connection server 21028-1 uses the domain name The authentication server 21100-1 examines the contents of PK01 of the received ICS user frame, and uses the above-described technique to cipher the text "y". Decrypts the password P
Calculate W. For example, when the encryption number = 2, x = y ^d m
As odn, the ciphertext “y” is decrypted. Then
x = PW @ cl. bl. The password PW can be obtained because it is al @ year / month / day / minute / second.

Next, the content of the encryption parameter R P1 is RP
1 = Hj (domain name @ RP0) RP0 (however, RP0
= MNY‖i‖j‖NID), the secret hash function Hj held by the authentication server 21100-1 itself and the obtained domain name “cl.bl.al”
And t = Hj (domain name @ RP0) @ RP0)
Is calculated, and it is checked whether or not t = RP1 holds for the received RP1. If it is established, the domain name "cl.b
l. The authentication server 21100-1 determines that the "al", the charging category MNY, the encryption numbers "i" and "j", and the network identifier "NID" have not been tampered with. Check for shortage,
If it is normal, the registration result is registered in the authentication table 21100-2, and if there is not enough, it is not registered. Authentication table 21100-
The state of this registration is shown in the row of management number 1 of No. 2; the domain name is “cl.bl.al.”, the encryption number is “2”, the charging category (MNY) is “1”, and the calculated password PW Value of “224691” and expiration date of “98-12”
−31 ”, the roaming connection is“ Yes ”, that is, the roaming connection is accepted, and the value of the network identifier is“ B00 ”.
1 ". When PK01 is generated in step T10, the value of tg is set to tg = 2, and
The roaming connection may be designated as “No”. By applying the above-mentioned encryption technique, the password is not leaked to a third party. The roaming registration report is sent to the registration server 210
17-1 (procedure T30), and then via the access control device 21010-1 (procedure T35).
This is reported to the terminal (procedure T40). The terminal 21200
-1 through the ICS user logical communication line 21152-1 to complete the ICS user frame for changing the value of the password PW as tg = 3 or changing the value of the expiration date as tg = 4. After you can send. For changing the password, a method of designating the password used before that can be adopted.

<< Transmission / Reception of User IP Frame at Destination >> The roaming terminal 21200-1 is connected to the access control device 21.
020-1 and roaming terminal 21200-1
An example of inter-enterprise communication in which an IP frame is transmitted and received between the domain name “cl.bl.al.” and the domain name “c2.b2.a2.” Of the communication partner will be described. The user sets the communication partner's domain name to “c2.b2.a2.”, And sets “tg” to “tg” to specify transmission / reception of an IP frame.
, The password PW of the user, and “5” days of the designation (expressed by TTL) of the roaming connection period are input to the input unit 212.
04-1. For this, roaming terminal 2
21201-1 and 21202-1 inside 1200-1 are used. In addition, the IP frame unit 210203-1
ICS user Zafu frame PK01, PK02, PK03,
It is used to generate and transmit and receive PK04 and the like. next,
Roaming terminal 21200-1 generates ICS user Zafu frame PK02, ICS user logic communication line 2121
The data is transmitted to the access control device 21020-1 via 0-1 (procedure T50). ICS user Zafu frame PK02
Is the sender domain name “cl.bl. al.” , The receiver domain name “c2.b2.a2.”, The encryption parameter R
P2, including a connection period (represented by TTL). The encryption parameter RP2 is data calculated inside the password PW and 21202-2. That is, the date "yy-m
m-dd-sssss ”to generate a time random number TR (TR = yy-mm-dd-sssss).
-2, using the internal clock and the encryption function Ei, RP2 = E
i (PW, TR) is calculated the ‖TR.

The access control device 21020-1 is an ICS
Receiving a user Zafu frame PK02, is assigned to the ICS logic terminal the ICS network address "7800"
Acquires a request identified "4" by the conversion table 21023-1, sender ICS user address are further written to the ICS user Zafu, single beam PK02 is "1000"
(Roaming special number), the ICS network address “7800” is held, and the ICS user frame PK02 and the receiver ICS user address “6
(Step T60) The ICS network address "7800" held in this procedure is used after a procedure T130 described later.

<< Function of Connection Server >> Next, the connection server 21028-1 has the domain name “cl.
bl. al. ”Is used to call the authentication server 21100-1 and the domain name“ cl. bl. al. And the encryption parameter RP2 to the authentication server (step T70). The authentication server 21100-1 reads the values of the password PW and the encryption number written in the authentication table 21100-2,
The encryption function Ei is selected and the password PW is read. Next, the encryption parameter RP2 is RP2 = Ei (PW, T
R) Since ‖TR, t = Ei (PW, TR) is calculated using the time random number TR in the latter half of RP2. The value of the temporary variable t calculated here is equal to the received RP2
If Ei (PW, T R ) in the first half of
It can be confirmed that the password PW input to 200-1 is correct. Since the time function TR includes the date (TR =
yy-mm-dd-sssss), and when the received date is different from the processing time, an illegality can be found.
Next, the authentication server 21100-1 sets the authentication table 21100
-2, the registered connection, the charging category, the authentication server call information and the network identifier written in the connection server 21028
-1 (procedure T80). In the case of this embodiment, the charging category is MNY = 1, and the authentication server call information is the authentication server 2
ICS network address “798
Connection server 2 is composed of "1", port number "710", management number "1" in the authentication management table, and network identifier "B001".
1028-1 presents the domain name "cl.bl.al." to the domain name server, requests the ICS user address and ICS network address associated with this domain name (procedure T90), and sends the ICS user address "120".
0 and the ICS network address “8115” (procedure T100), and similarly, the domain name “c2. b
2. a2. Is presented to the domain name server, an ICS user address and an ICS network address associated with the domain name are requested (step T110), and an ICS user address "2500" and an ICS network address "8200" are obtained (step T120). ).

Next, the connection server 21028-1 operates as an IC
ICS network address “780 0” of the ICS logic terminal to which the S user frame was input ( held in step T60)
And the ICS user address “1200” and the ICS user address “250” acquired from the domain name server immediately before.
0, the ICS network address "8200", and the roaming registered, charging category, authentication server call information and network identifier transmitted from the authentication server 21100-1 are transmitted to the conversion table server 21026-1 (procedure T13).
0). The conversion table server 21026-1 writes the transmitted four addresses into the conversion table 21023-1. The value of the request identification is “10”, which indicates inter-company communication by roaming. The network identifier (NID) is “B001”.
If the charging category is MNY = 1, the ICS network address “8115” obtained immediately before from the domain name server
And conversion table 210 between ICS user address “1200”
It is transcribed to the accounting notification destination of 23-1. Also, if the charging category is M
If NY = 2, the authentication server call information is converted into a conversion table 2101.
It is transcribed to the charge notification destination of 3-1. Further, the designated “5” days of the roaming connection period included in the ICS user frame PK02 are also written in the conversion table 21013-1. Conversion table server 21026-1 reports the result to connection server 21028-1 when the writing of conversion table 21023-1 ends (step T140). The end report is sent via the access control device 21020-1 (procedure T150), and the ICS user frame PK03 is sent to the roaming terminal 21200-1 (procedure T160).

Here, the ICS user frame PK03
Is the domain name “c” of the roaming terminal 21200-1.
l. bl. al. "And the domain name" c2. b2.
a2. ICS user address "2500" accompanying ""
And The operating company of the access control device uses the connection server 21028-1 described above, that is, a series of procedures from receiving the ICS user frame PK02 to returning the ICS user frame PK03, and specifying the roaming connection period. Roaming terminal 21 2 for 5 "days
It is possible to charge the usage fee of the owner of 00-1. The above embodiment is an example of the network identifier (NID) “B001”, and is provided to the closed network described in the other embodiments. Also,
As another example, a network identifier (NID) "Open"
It is also possible to. In this case, the roaming technique is the same as that of the closed network “B001”.

[0106] "roaming terminal use" Roaming terminal 21200-1 utilizes the conversion table 21023-1 that are created according to the procedure described above, communicates between companies as well Noto described in other embodiments (Steps T170 to T220). The conversion table server 21026-1 also specifies the roaming connection period “5”.
, The roaming connection described in the conversion table 21023-1 can be deleted.

<< Notification of Charging >> The access control device 21020-1 notifies the charging notification destination registered in the conversion table 21023-1 of the communication fee (procedure T300 or T310). << Access Method to Authentication Server >> In the above description, the connection server 21028-1 presents the domain name “cl.bl.al.” to a plurality of authentication servers including the authentication server 21100-1, and the roaming terminal 21200 ICS user frame PK0 generated by -1
2 is correct, that is, the domain name “cl.bl.a” of the roaming terminal 21200-1.
l. 50 will be described in detail. FIG. 50 is a diagram showing an example of a domain name tree having four levels, in which the root domain name “root” is assigned to level 1 of the tree. Domain names “al”, “a2”, “a3”.
Exists, and then, for example, domain names “bl”, “b2”, and “b3” of level 3 exist below the domain name “al”, and then, for example, level 4 exists below the domain name “bl”.
Indicate that the domain names “cl”, “c2”, “c3”,.

FIG. 51 shows an internal table 211102-2 of the authentication server 211102-1 handling the domain name "root". For example, a domain server 21101 handling the domain name "al" under the domain name "root". -1
Indicates that the ICS network address is “7971” and the port number is “710”. FIG.
2 is an authentication server 21101 that handles the domain name “al”
For example, below the domain name “al”, the ICS network address of the domain server 21100-1 handling the domain name “b1” is “7981” and the port number is “710” below the internal name “210” of the domain name “al”. Is shown. FIG. 53 shows an internal table 21100-2 of the authentication server 21100-1 handling the domain name "bl".
Since the display of the column of the end point of 0-2 is “YES”, there is no lower domain name. In this example, the domain name “cl.bl.al.” is registered in the authentication server, and the password is registered. PW is recorded as "224691", and expiration date is recorded as "98-12-31".

<< Calling of Authentication Server >> Referring to FIG. 54, connection server 21028-1 uses authentication server 211 by using domain name “cl.bl.al.”.
00-1 and calls the domain name "cl.b1.a
l. Here, a method of checking whether or not ".." has been registered in the authentication server will be described. Here, the connection server 21028-1 stores the ICS network address of the authentication server that handles the level 1 domain "root" shown in FIG. Similarly, in the case where communication is frequently performed with authentication servers that handle levels 2 and 3 domains, the ICS network addresses of these authentication servers are also stored. Internal resolver 21
Domain name to 029-1 "cl.bl.al.", encryption parameters - to enter the data RP 2 and the network identifier "B001".
The resolver 21029-1 uses the ICS network communication function to transmit the domain name “a” under the domain name “root”.
ICS frame 21 including l ″ and encryption parameter RP2
When sending 335-1 to the authentication server 211102-1, the IC of the authentication server 210101-1 handling the domain name "al"
An ICS frame 21336-1 including the S network address "7971" is returned. Next, the resolver 210
29-1 sends the ICS frame 21345-1 including the domain name "bl" to the authentication server 210101-1.
ICS frame 213 including the ICS network address “7981” of the authentication server handling the domain name “bl”
46-1 is returned. Next, the resolver 21029-1
Is an ICS frame 2135 containing the domain name “cl”
When 5-1 is sent to the authentication server 21100-1, it can be determined that the authentication information has been registered because the domain name "cl", in this case, the end point column of 21100-2 is "Yes". As described above, “root”, “a1.”,
Since the processing is performed in the order of “bl.”, It can be seen that the authentication information for the domain name “cl.bl.al.”, which is the reverse of these, is registered in the internal table 21100-2.

The authentication server 21100-1 checks the received encryption parameter RP2, and checks the validity period “98-12-31”.
Check that is not over. Next, the authentication server 211
00-1 reads the password PW and the value of the encryption number written in the authentication table 21100-2, and selects the encryption function Ei. The encryption parameter RP2 is obtained by RR2 = Ei (P
Since (W, TR) ‖TR, t = Ei (PW, TR) is calculated using the time random number TR in the latter half of RP2. If the value of the temporary variable t calculated here matches Ei (PW, TR) in the first half of the received RP2, it is confirmed that the password PW input to the terminal 21200-11 is correct. The above result is reported to the connection server 21028-1. As a result, the connection server 21028-1 transmits the authentication result (pass or fail) of the roaming terminal and the charging category MNY.
I understand.

<< Another Embodiment of Roaming without Home IP Terminal >> In the above embodiment, the ICS receiver 2127
If 1-1 does not set a home IP terminal, the above-mentioned “registration procedure from home IP terminal” is performed via user service server 21250-1. In this case, the billing record “120” inside the authentication table 21100-2 inside the authentication server 21100-1 and the information “7981-71” of the authentication server shown in the billing notification destination inside the conversion table 21023-1.
0-1 "is used.

<< Another Embodiment of Roaming Including Authentication Server in Domain Name Server >> The domain name tree shown in FIG. 55 which is a target of the authentication server 21110-1 is shown in another embodiment and is a target of the domain name server. It has the same structure as the domain name tree. Therefore, each domain server can store the data of the authentication server described in the present embodiment and include the function of the authentication server. That is, another method of performing roaming is to integrate the authentication server described in the present embodiment with the domain name server described in the other embodiment.

<< Access Control Device and IP Terminal Connected to Wireless Receiver >> The wireless transceiver 21620-1 is installed inside the ICS 21001-1, and the wireless transceiver 21620-1 and the wireless transceiver 21640-1 are different from each other. Wireless communication path 21625
-1 can exchange information with each other. Wireless terminal 216
Reference numeral 30-1 includes a wireless transceiver 21640-1, and the IP terminal 21200-2 has a function of inter-enterprise communication using an ICS domain name, like the IP terminal 21200-1 described above. There is an information communication path 21620-1 between the access control device 21020-1 and the wireless transceiver 21620-1. The information communication path 21610-1 is similar to the ICS user logical communication line in that the information communication path 21610-1 has a function of transmitting and receiving ICS user frames.
This is the point inside ICS21000-1 . The wireless transceiver 21620-1 and the wireless transceiver 21640-1 receive the ICS user frame, convert the internal information of the ICS user frame into ICS user frame information in the form of radio waves, and transmit it, and vice versa. It has a function of receiving ICS user frame information in the radio wave format, inverting it to the ICS user frame format, and sending it out. Because of this, the ICS user frame transmitted from the IP terminal 21200-2 is
It is transmitted to the access control device 21020-1 via 640-1, the wireless communication path 21625-1, the wireless transceiver 21620-1, and the information communication path 21610-1. Also, the ICS user frame transmitted from the access control device 21020-1 in the reverse direction is
-1, wireless transceiver 21620-1, wireless communication path 216
25 1, are forwarded to the IP terminal 21200-2 over the radio transceiver 21 640-1.

[0114]

As described above, according to the present invention, a communication failure
Telecommunications company responsible for communication failures when
It is possible to create multiple closed networks inside
It is difficult to create multiple closed networks that are difficult or reliable.
According to the first embodiment without using the difficult Internet
For example, using a network identifier, virtual private line service
Operating multiple closed networks that can limit communications services to a certain area of the network.
To identify the telecommunications company that is responsible for
Integrated information and communication that can be made clear, that is, can be highly reliable
The system can be realized. Here, the network identifier is one closed
A local network is assigned to a closed network to distinguish it from other closed networks.
For virtual leased line service and inter-enterprise communication service
Access only from IP terminals in each closed network
Can be accessed from IP terminals belonging to other closed networks.
No network server can be installed. Also, here, the integrated information
The communication system has a closed network for closed area and inter-enterprise communication.
A domain name server that can be accessed only from IP terminals,
Access only from IP terminals in a closed network for closed area / virtual leased line
You can set up an accessible domain name server. Integrated information
The access control device inside the communication system
Implementation that does not hold the information
Get information from domain name server when information is needed
To the conversion table and use this conversion table.
Therefore, by changing the domain name server,
Change the contents of the conversion table inside the
More easily rewrites the conversion table of the access control device
Can be In addition, the integrated information communication system of the second embodiment
If it contains multiple authentication servers, some
The access control device includes a network identifier and communicates with these authentication servers.
By using the network identifier inside the access control device,
IP terminals are not only specific access control devices, but also other
Can be connected to several access control devices, i.e.
An IP terminal (roaming terminal) capable of roaming can be realized.

[Brief description of the drawings]

FIG. 1 is a block diagram schematically showing a basic principle of an information communication system on which the present invention is based .

FIG. 2 is an ICS of an information communication system on which the present invention is based ;
1 is a block diagram showing an example of a network in which a plurality of VANs are configured.

FIG. 3 is a block diagram illustrating a configuration example of an access control device.

FIG. 4 is a block diagram illustrating a configuration example of a relay device.

FIG. 5 is a block diagram illustrating a configuration example of an inter-VAN gateway.

FIG. 6 is a block diagram illustrating a configuration example of an ICS network server.

FIG. 7 is an array diagram showing an example of an ICS user address used in the information communication system on which the present invention is based .

FIG. 8 is a connection diagram showing a connection relationship between an ICS logic terminal and a user communication line.

FIG. 9 is a diagram showing a relationship between an ICS user frame and an ICS network frame used in the information communication system on which the present invention is based .

FIG. 10 is a first information communication system based on the present invention;
It is a part of block diagram showing an example (intra-company communication, inter-company communication).

FIG. 11 is a first information communication system based on the present invention;
It is a part of block diagram showing an example .

FIG. 12 is a flowchart illustrating an operation example of the access control device.

FIG. 13 is a flowchart illustrating an operation example of an access control device in inter-company communication.

FIG. 14 is a second information communication system based on the present invention.
FIG. 3 is a block diagram illustrating an example (virtual dedicated line).

FIG. 15 is a flowchart illustrating an operation example of an access control device in a virtual leased line connection.

FIG. 16 is a third information communication system based on the present invention;
It is a part of block diagram showing an example (operation of an integrated information communication system).

FIG. 17 is a third information communication system based on the present invention;
It is a part of block diagram showing an example (operation of an integrated information communication system).

FIG. 18 is a third information communication system based on the present invention;
It is a figure for explaining an example .

FIG. 19 is a third information communication system based on the present invention;
It is a figure for explaining an example .

FIG. 20 is a third information communication system based on the present invention;
It is a figure for explaining an example .

FIG. 21 is a third information communication system based on the present invention;
It is a figure for explaining an example .

FIG. 22 is a third information communication system based on the present invention;
It is a figure for explaining an example .

FIG. 23 is a third information communication system based on the present invention;
It is a figure for explaining an example .

FIG. 24 is a third information communication system based on the present invention;
It is a figure for explaining an example .

FIG. 25 is a third information communication system based on the present invention;
Is a diagram illustrating an example of ICS network address assignment record table to be used for example.

FIG. 26 is a third information communication system based on the present invention;
Is a diagram illustrating an example of ICS user address assignment record table to be used for example.

FIG. 27 is a third information communication system based on the present invention;
Is a diagram illustrating an example of a conversion table used in the example.

FIG. 28 is a third information communication system based on the present invention;
Is a diagram illustrating an example of a conversion table used in the example.

FIG. 29 is a third information communication system based on the present invention;
Is a diagram illustrating an example of a conversion table used in the example.

FIG. 30 is a third information communication system based on the present invention;
It is a procedure figure for explaining an example .

FIG. 31 is a third information communication system based on the present invention;
Is a diagram illustrating an example of a conversion table used in the example.

FIG. 32 is a third information communication system based on the present invention;
It is a procedure figure for explaining an example .

FIG. 33 is a third information communication system based on the present invention;
Is a diagram illustrating an example of a conversion table used in the example.

FIG. 34 is a diagram illustrating a domain name server.

FIG. 35 is a diagram illustrating a domain name server.

FIG. 36 is a diagram illustrating a domain name server.

FIG. 37 is a diagram illustrating a domain name server.

FIG. 38 is a diagram for explaining calling of a domain name server.

FIG. 39 is a diagram for describing rewriting of a conversion table from an IP terminal.

FIG. 40 is a diagram for describing rewriting of a conversion table from an IP terminal.

FIG. 41 is a part of a block diagram showing a first embodiment ( intra- network communication using a network identifier) of the present invention;

FIG. 42 is a part of a block diagram showing a first embodiment ( communication in a closed network using a network identifier) of the present invention.

FIG. 43 is a part of a block diagram showing a first embodiment ( intra- network communication using a network identifier) of the present invention;

FIG. 44 is a part of a block diagram showing a first embodiment ( communication in a closed network using a network identifier) of the present invention;

FIG. 45 is a flowchart showing an operation example of the first embodiment.

FIG. 46 is a flowchart illustrating an operation example of the first embodiment.

FIG. 47 is a part of a block diagram showing a second embodiment (an IP terminal capable of connecting to a plurality of access control devices with network identifiers) of the present invention.

FIG. 48 is a part of a block configuration diagram showing a second embodiment (an IP terminal that can be connected to a plurality of access control devices with network identifiers) of the present invention.

FIG. 49 is a signal flow chart for explaining the operation of the second embodiment.

FIG. 50 is a diagram for explaining the second embodiment.

FIG. 51 is a diagram for explaining the second embodiment.

FIG. 52 is a diagram for explaining the second embodiment.

FIG. 53 is a diagram for explaining the second embodiment.

FIG. 54 is a diagram for explaining the second embodiment.

FIG. 55 is a diagram for explaining the second embodiment.

FIG. 56 is a block diagram for explaining a conventional LAN network.

FIG. 57 is a diagram showing an example of the form of the Internet.

FIG. 58 is a diagram showing an IP frame defined by RFC791.

FIG. 59 is a diagram showing an IP frame defined by RFC1883.

[Explanation of symbols]

 1, 100 Integrated information and communication system (ICS) 2, 3, 4, 5, 10 Access control device 20 Relay device 30 Gateway between VAN 40 ICS network server 50 ICS network address management server 60 User physical communication line

Continuation of the front page (56) References JP-A-64-23646 (JP, A) JP-A-9-247210 (JP, A) IEICE Technical Report IN98-12 (1998-04) (58) Survey Field (Int.Cl. ⁷ , DB name) H04L 12/56 H04L 12/28 H04L 12/66 H04L 12/46 G06F 13/00 351

Claims (10)

(57) [Claims] 1. A unique ICS user address system ADX
ICS having an address system ADS based on the management of the conversion table in the access control device
Is converted into a network frame, and the ICS network frame is transmitted according to the rules of the address system ADS through at least one or more VANs inside the information communication system, and is converted when reaching another target access control device. In an information communication system that is converted into the ICS user address system ADX and reaches another external information communication device based on management of a table, the ICS user frame distinguishes a closed network.
The ICS user address body without the network identifier for
The network identifier is registered in the conversion table for each row of the conversion table corresponding to the system ADX, and is registered in the conversion table.
The closed network is distinguished by the network identifier, and the sender ICS
Closed area / business communication with reference to user address (between companies)
Performed, integrated information communication system characterized in that to allow access to the network server at the enterprise communication network. 2. A closed / virtual leased line using the network identifier.
A network of a virtual private line network capable of communicating and distinguishing the closed network
Claim 1 to be able to access the server
Integrated information communication system. 3. A sender ICS user using the network identifier.
The ICS user address (company)
Communication between companies by rewriting to
Claims capable of accessing a network server of the network
2. The integrated information communication system according to 1. 4. A network service inside an ICS of a closed area / inter-enterprise communication network.
2. The integrated information according to claim 1, wherein the server is a domain name server.
Information communication system. 5. A network inside an ICS for a closed area / virtual leased line.
3. The integrated information according to claim 2, wherein the server is a domain name server.
Information communication system. 6. A network service inside an ICS of a closed area / inter-enterprise communication network.
4. The integrated information according to claim 3, wherein the server is a domain name server.
Information communication system. 7. An ICS internal server using the conversion table
The ICS user frame is exchanged with an ICS external server.
2. The integrated information according to claim 1, wherein the integrated information is transmitted and received.
Communications system. 8. A conversion wherein the designation of the network identifier is unspecified.
Table parts are not kept in the access control device,
Instead, the domain name server installed in the information communication system
And obtains the information to be registered in the conversion table from the
Claim 1 which is temporarily stored in a table for use.
3. The integrated information communication system according to 1. 9. A unique ICS user address system ADX
ICS user frame with
ICS with address system ADS based on conversion table management
Is converted to a network frame and the ICS network
Frame is at least one inside the information communication system.
ADS rules via the above VAN
Sent to other access control devices
Upon arrival, the ICS user is managed based on the conversion table.
Is converted to the user address system ADX and other external information
Information communication systems that are intended to reach communication equipment
In which the access control device can be connected to a plurality of
An authentication server for performing authentication of a possible IP terminal;
Authentication table inside the certificate server distinguishes between domain names and closed networks
Encryption, including a network identifier for
Data for the domain name and the network identifier.
Determining that the charging category has not been tampered with
The integrated information communication system characterized by the above-mentioned. 10. A unique ICS user address system AD
ICS user frame with X is in the access control device
With address system ADS based on management of conversion table
Is converted into an S network frame and the ICS network
The work frame has at least one inside the information communication system
Via the above VAN, the address system ADS
Other access control devices sent according to the
Is reached, the ICS is managed based on the conversion table.
Other information converted to user address system ADX and external
Information communication system adapted to reach communication equipment
In which the access control device can be connected to a plurality of access control devices.
An authentication server that performs authentication of a mobile IP terminal,
The conversion table should include a network identifier to distinguish the closed network.
The IP terminal communicates with a wireless transceiver via a wireless communication path.
Integrated information communication characterized by exchanging information with wireless terminals
Shin system.