JP4560018B2 - Connection control system, connection control device, connection control method, and connection control program - Google Patents

Description

  The present invention relates to a connection control system, a connection control device, a connection control method, and a connection control program for establishing a connection between user terminals, and in particular, a connection that can eliminate the need for connection request status management during consent confirmation. The present invention relates to a control system, a connection control device, a connection control method, and a connection control program. Here, “consent confirmation” refers to confirming whether or not the connection is permitted with the destination.

  As one of the measures against spam mails and spam calls, register only the user's communication address that the user (user) allows in advance as a whitelist, and spam mails by preventing unregistered mails and calls from being received. And methods to eliminate unwanted calls. However, this method does not allow incoming mail or phone calls that have a communication address not previously registered in the white list as a sender address, so even if an incoming call is required, it is not registered in the white list. There is a problem that the situation that cannot be received occurs.

  Therefore, as a technique for solving such a problem, in Non-Patent Document 1, if the communication address of the caller user is not registered in the white list corresponding to the callee user, the consent confirmation is made to the callee user. When the consent of the destination user is obtained, a technology is disclosed that enables incoming by adding the communication address of the source user to the white list corresponding to the destination user.

J. Rosenberg, etal., "A Framework for Consent-based Communications in the Session Initiation Protocol (SIP)", Internet-Drafts, June 12, 2006

  However, when consent confirmation is performed with the destination user, the destination user does not always respond immediately, so it is necessary to manage the confirmation pending state ('Pending state') for the email or connection request for which consent is being confirmed. There is a problem.

  The present invention has been made in order to solve the above-described problems caused by the prior art, and can eliminate the need for state management of connection requests during confirmation of consent, a connection control device, a connection control method, and An object is to provide a connection control program.

In order to solve the above-described problems and achieve the object, the invention according to claim 1 is a connection control system for establishing a connection between users' terminals, and information on each source from which the user permits a connection. The permitted transmission source information storage means for storing and managing one or more transmission sources for each user, and the permitted transmission in association with new transmission source information as the permitted transmission source information with the user Consent confirmation transmission destination storage means for storing for each user the destination of the consent confirmation message for confirming the consent to the addition to the original information storage means, and each permitted transmission corresponding to the destination of the received connection request Source information is read from the permitted source information storage unit, compared with the source information of the connection request, and when there is a matching permitted source information, a connection permission unit that permits connection, and the connection permission If the connection is not permitted by the step, the originating the connection request consent confirmation message for it to be added to the authorization originator information storage means in association with the destination of the original information as the permission source information An agreement confirmation transmission means for transmitting to the destination together with the origination information and the destination information, and the origination information and the destination information of the connection request from the destination in response to the consent confirmation message transmitted by the consent confirmation transmission means. A reply receiving means for receiving an additional consent notice returned together with an incoming call corresponding to the destination information received together with the additional consent notice from a sender corresponding to the sender information received together with the additional consent notice The source information received together with the additional consent notice is used to permit the connection to the destination by the connection permission means. As the source information, with that and a permission source information addition means for adding to the authorized originator information storage means in association with the destination corresponding to the destination information received together with the additional consent notification It is characterized by that.

The invention according to claim 2 further corresponds to the source information received together with the additional consent notification from the destination corresponding to the destination information received together with the additional consent notification. The source information received together with the additional consent notification, using the destination information received together with the additional consent notification as the permitted source information so that connection to the transmission source is permitted by the connection permission means. It is added to the permitted sender information storage means in association with the sender corresponding to.

  Further, in the invention according to claim 3, in the above invention, the reply receiving means also receives an additional refusal notice returned from the destination along with the source information and destination information of the connection request, and is received by the user. Rejected sender information storage means for storing and managing rejected sender information for each user for one or more senders, and each rejected sender corresponding to the destination of the connection request Information is read from the rejected sender information storage means, compared with the sender information of the connection request, and when there is matching rejected sender information, a connection rejecting means for rejecting the connection, and the reply receiving means is an additional rejection notice And a rejection originator information adding means for adding the originator information in correspondence with the destination information by the rejection originator information storage means. That.

  According to a fourth aspect of the present invention, in the above invention, the consent confirmation transmission unit transmits an consent confirmation message and prompts the transmission source to disconnect, and the permitted transmission source information adding unit transmits the permission transmission source information. Is further provided with a permission source information addition notification means for notifying the destination of the addition of the call and receiving a callback from the destination to the source.

  According to a fifth aspect of the present invention, in the above invention, the consent confirmation transmission unit transmits an consent confirmation message and prompts the transmission source to disconnect, and the permitted transmission source information adding unit transmits the permission transmission source information. Is further provided with a permission source information addition notifying unit for notifying the source of the addition of a message and accepting a reconnection request from the source to the destination.

  Further, in the invention according to claim 6, in the above invention, the consent confirmation transmitting means acquires attribute information corresponding to a source of the connection request and includes the attribute information in the consent confirmation message and transmits it to the destination. It is characterized by.

  The invention according to claim 7 further includes an agreement condition storage unit that stores, for each user, an agreement condition that specifies a condition for transmitting an agreement confirmation message in the above invention, wherein the agreement confirmation transmission unit includes: The agreement condition corresponding to the destination of the connection request is read from the agreement condition storage means, and an agreement confirmation message is transmitted when the agreement condition is satisfied.

  According to an eighth aspect of the present invention, in the above invention, a communication history management means for managing a final message communication time point with each communication partner for each user, and a final message communication time point managed by the communication history management means. And a permission source information automatic deletion unit that automatically deletes the permitted source information corresponding to the user and the communication partner when the difference is larger than a predetermined value by comparing with the current time , Further provided.

  The invention according to claim 9 is characterized in that, in the above invention, the consent confirmation transmitting means transmits the consent confirmation message by adding a signature specifying a transmission source of the consent confirmation message.

The invention according to claim 10 is a connection control apparatus for establishing a connection between users' terminals, and the connection received from the permitted source information that is information about each source that the user permits to connect. Each permitted source information corresponding to the destination of the request is compared with the source information of the connection request, and when there is a matching permitted source information, connection permission means for permitting connection, and connection is established by the connection permission means. If the permission is not permitted, an agreement confirmation message for confirming the consent to add the sender information as the permitted sender information in association with the receiver is sent to the connection request source information and destination information. A consent confirmation transmission means for transmitting to the destination together with the destination information and the destination of the connection request from the destination in response to the consent confirmation message transmitted by the consent confirmation transmission means. A reply receiving means for receiving the additional consent notification sent back together with distribution, from a source corresponding to the source information received together with the additional consent notification, corresponding to the destination information received together with the additional consent notification The source information received together with the additional consent notification is used as the permitted source information to the destination information received together with the additional consent notification so that connection to the destination is permitted by the connection permission means. And a permitted sender information adding means for adding in correspondence with the corresponding destination .

The invention according to claim 11 is a connection control method by a connection control device for establishing a connection between user terminals, wherein the connection control device is information on each transmission source that the user permits connection. Connection permission that permits connection when there is matching permitted source information by comparing each permitted source information corresponding to the destination of the received connection request among certain permitted source information. And confirmation that the connection control device agrees to add the source information as the permitted source information in association with the destination when the connection is not permitted in the connection permission step . and agreement confirmation transmission step of transmitting to the destination of the agreement confirmation message with the sender information and destination information of the connection request, the connection control device, feeding in the agreement confirmation transmission step A reply receiving step of receiving the connection source information and destination information added consent notification sent back together with the request to the destination in response to agreement confirmation message, the connection control device, received with the additional consent notification Together with the additional consent notification so that connection to the destination corresponding to the destination information received together with the additional consent notification is permitted in the connection permission step from the source corresponding to the transmitted source information. A permitted sender information adding step of adding the received sender information as the permitted sender information in association with the destination corresponding to the destination information received together with the additional consent notification . It is characterized by.

The invention according to claim 12 is a connection control program for establishing a connection between users' terminals, and the connection received from the permitted sender information, which is information about each sender that the user permits to connect. Each permitted transmission source information corresponding to the destination of the request is compared with the transmission source information of the connection request, and when there is a matching permitted transmission source information, a connection permission procedure for permitting connection, and connection is established by the connection permission procedure. If the permission is not permitted, an agreement confirmation message for confirming the consent to add the sender information as the permitted sender information in association with the receiver is sent to the connection request source information and destination information. A consent confirmation transmission procedure to be transmitted to the destination, and the source information of the connection request from the destination in response to the consent confirmation message transmitted by the consent confirmation transmission procedure, and A reply receiving step of receiving the additional consent notification sent back with Shinsaki information, from a source corresponding to the source information received together with the additional consent notification, the destination information received together with the additional consent notification The destination received with the additional consent notification as the permitted source information, using the source information received with the additional consent notification so that connection to the corresponding destination is permitted by the connection permission procedure. It is characterized in that the computer is caused to execute a permitted sender information addition procedure to be added in association with the destination corresponding to the information .

  According to the first, tenth, eleventh, or twelfth aspect of the present invention, each permitted source information corresponding to the destination of the received connection request among the permitted source information is compared with the source information of the connection request, and the matching permission The connection request is permitted when the source information is present, and when the connection is not permitted, the consent confirmation message confirming the consent for adding the source information as the permitted source information is sent from the source of the connection request. Information and destination information are sent to the destination, and in response to the sent consent confirmation message, the destination receives an additional consent notification sent back together with the connection request source information and destination information, and is received along with the additional consent notification. Since the sender information is added as permitted sender information in correspondence with the receiver information, it is possible to eliminate the need to manage the status of the connection request during confirmation of consent. Therefore, an area for storing the status of the connection request during confirmation of consent is unnecessary, and the required capacity of the storage device can be reduced.

  In addition, according to the invention of claim 2, since the destination information is further added in correspondence with the source information, the destination can be connected to the source, and connection from only one direction is possible. Can be prevented from occurring.

  According to the third aspect of the present invention, an additional refusal notice returned from the destination is received together with the source information and destination information of the connection request, and the refusal is information on each source that the user refuses to receive. Stores and manages sender information for each user for one or more senders, reads each rejected sender information corresponding to the destination of the connection request, compares it with the sender information of the connection request, and matches the rejected sender When connection is rejected when there is information, and when additional rejection notification is received, the sender information is added corresponding to the destination information, so the connection source is repeatedly sent from the same sender This eliminates the need to repeat consent confirmation.

  According to the invention of claim 4, the consent confirmation message is transmitted and the caller is prompted to disconnect, the callee is notified that the permitted caller information has been added, and the callee is sent from the callee to the caller. Since it is configured to accept a callback, it is possible to easily call back from the destination.

  According to the invention of claim 5, the consent confirmation message is transmitted and the sender is prompted to be disconnected, the sender is notified that the permitted sender information has been added, and the sender to the destination Since it is configured to accept the reconnection request, it is possible to easily reconnect from the transmission source.

  Further, according to the invention of claim 6, since the attribute information corresponding to the connection request source is acquired and included in the consent confirmation message and transmitted to the destination, the destination refers to the attribute information. Consent confirmation can be performed accurately.

  According to the invention of claim 7, when the consent condition for specifying the condition for transmitting the consent confirmation message is stored for each user, the consent condition corresponding to the destination of the connection request is read, and the consent condition is satisfied. Since the consent confirmation message is configured to be transmitted, the user can flexibly specify an object whose connection is confirmed by consent confirmation.

  According to the eighth aspect of the present invention, the last message communication time point with each communication partner is managed for each user, and the difference between the last message communication time point managed and the current time point is larger than a predetermined value. In addition, since the permitted sender information corresponding to the user and the communication partner is automatically deleted, an increase in the number of permitted sender information registered can be suppressed.

  According to the ninth aspect of the present invention, since the consent confirmation message is transmitted by adding a signature for specifying the transmission source of the consent confirmation message, it is possible to prevent the spoofing of the consent confirmation message.

  Exemplary embodiments of a connection control system, a connection control device, a connection control method, and a connection control program according to the present invention will be explained below in detail with reference to the accompanying drawings. In the embodiment, a case where the present invention is applied to SIP agreement-based communication will be mainly described. In the first embodiment, the basic configuration of the connection control system according to the present invention will be described. In the second embodiment, various extended configurations will be described.

  First, the configuration of the connection control system according to the first embodiment will be described. FIG. 1 is an explanatory diagram for explaining a configuration of a connection control system according to the first embodiment, in which 1 represents a user terminal, and the user terminal 1 is a mobile phone terminal 1-1 such as a mobile phone or a PHS. , Personal digital assistance (PDA) 1-2, personal computer 1-3, and the like.

  2 is a connection control server that controls connection based on a connection request from a user, 3 is a mobile communication network, and 4 is the Internet. In FIG. 1, the user's mobile phone terminal 1-1 is connected to the mobile communication network 3. In addition, the user's personal digital assistance 1-2 and personal computer 1-3 may be connected to the mobile communication network 3 by mounting a mobile card capable of data communication, or may be directly connected to the Internet 4. Sometimes it is.

  The user is a user such as a SIP-based communication service, instant messenger or chat. Therefore, the user's IP network is not necessarily a wired Internet service provider's IP network, but may be a mobile phone operator's message exchange IP network. The user terminal 1 is a terminal having a communication function for exchanging messages.

  Further, the user terminal 1 includes two communication functions: communication that applies incoming permission (main communication) and consent confirmation communication for determining whether to accept the incoming permission. Specifically, a combination of communication means such as telephone and mail, mail and chat, telephone and instant messenger can be considered.

  The connection control server 2 is a server device that controls connection by referring to a white list in response to a connection request in main communication. Specifically, the connection control server 2 includes a white list in which the communication address (source communication address) of the connection request source (source) corresponds to the communication address (destination communication address) of the connection request destination (destination). If it is registered, the connection is permitted, and if it is not registered in the white list, it confirms with the destination whether or not it agrees to register the source communication address in the white list.

  Here, the connection control server 2 uses storage-type consent confirmation communication when confirming with the incoming call destination whether or not registration to the white list is possible. Therefore, the consent confirmation message can be stored even when the main communication is non-storage type communication such as a telephone.

  Further, when the connection control server 2 confirms the consent, the connection control server 2 adds the information of the source communication address and the destination communication address of the connection request and transmits the consent confirmation message to the destination, and returns a reply to the consent confirmation message. When receiving the information, the information of the transmission source communication address and the destination communication address is received together with the consent confirmation result.

  When this connection control server 2 confirms the consent, it adds the information of the transmission source communication address and the destination communication address and transmits the consent confirmation message to the destination, and also when receiving a reply to the consent confirmation message. By receiving the information of the sender communication address and the destination communication address together with the consent confirmation result, it is possible to eliminate the management of the status of the connection request during the consent confirmation. The details of addition of information on the source communication address and the destination communication address when confirming consent will be described later. The connection control server 2 can be realized by installing a program corresponding to these functional units in a commercially available PC or workstation (WS).

  Next, functional configurations of the user terminal 1 and the connection control server 2 will be described. FIG. 2 is a diagram showing a functional configuration of the user terminal 1 and the connection control server 2. As illustrated in FIG. 1, the user terminal 1 includes a connection request unit 100, an agreement confirmation reception unit 110, and an agreement transmission unit 120.

  The connection request unit 100 is a processing unit that issues a connection request to another user terminal 1. The consent confirmation receiving unit 110 receives an agreement confirmation message for addition to the white list from the connection control server 2 when the communication address of the other user terminal 1 that has made the connection request addressed to the own terminal is not registered in the white list. Is a processing unit.

  Further, when the connection requesting unit 100 issues a connection request to another user terminal 1, the consent confirmation receiving unit 110 sends the request to the whitelist when the address of the own device is not registered in the destination whitelist. The connection control server 2 receives the notification during additional confirmation confirmation that the connection control server 2 informs the caller that consent confirmation for addition is being performed at the destination.

  The consent transmission unit 120 is a processing unit that responds to consent or rejection of addition to the white list by replying to the consent confirmation message received by the consent confirmation receiving unit 110.

  The connection control server 2 includes an access control unit 200, a white list storage unit 210, an agreement confirmation transmission unit 220, an agreement control information storage unit 230, an agreement reception unit 240, and a relay connection unit 250.

  The access control unit 200 is a processing unit that receives a connection request from the user terminal 1 to another user terminal 1 and determines whether or not to connect by referring to the white list. The white list storage unit 210 stores the white list. It is a management unit to manage. FIG. 3 is a diagram illustrating an example of a white list managed by the white list storage unit 210. In the figure, reference numeral 301 denotes an example in which the user of the destination communication address [0503345002] permits the incoming call to the partner of the transmission source communication address [0503345672 0503245677].

  The access control unit 200 receives a connection request from the transmission source user terminal and acquires a white list from the white list storage unit 210. If the acquired white list includes the source communication address, the access control unit 200 transmits a connection request to the relay connection unit 250 to instruct to connect to the destination.

  On the other hand, when the source communication address does not exist in the acquired white list, the access control unit 200 sends a notification of confirming additional consent to the white list to the source user terminal, and sends the source to the consent confirmation transmission unit 220. Instructs the transmission of the consent confirmation message including the communication address and the destination communication address.

  The consent confirmation transmitting unit 220 is a processing unit that transmits an agreement confirmation message to the destination based on an instruction from the access control unit 200. The consent control information storage unit 230 is a communication address for consent control, that is, an agreement confirmation message. A management unit for storing and managing transmission destination addresses. FIG. 4 shows an example of consent control information managed by the consent control information storage unit 230. In the figure, 401 shows an example in which the user of the destination communication address [0503345002] of the main communication has set the consent control communication address [bbb@nnn.co.jp].

  Upon receiving the consent confirmation message transmission instruction from the access control unit 200, the consent confirmation transmission unit 220 transmits an acquisition request for the consent control communication address corresponding to the destination communication address to the consent control information storage unit 230. The consent confirmation message including the transmission source communication address and the destination communication address is transmitted to the acquired communication address for consent control.

  Specifically, the consent confirmation transmission unit 220 transmits the consent confirmation message including the transmission source communication address and the destination communication address in the consent confirmation message. The consent confirmation transmitting unit 220 transmits an consent confirmation message using a storage-type consent confirmation communication that is different from the main communication, so that even if the main communication is a non-storage type communication such as a telephone, the consent is confirmed. Confirmation messages can be stored.

  The consent receiving unit 240 receives the consent notification as a reply to the consent confirmation message from the destination user terminal of the consent confirmation message, and adds the communication address of the source user terminal that made the connection request to the white list corresponding to the destination communication address The processing unit instructs the whitelist storage unit 210 to do so. The consent receiving unit 240 extracts the source communication address and the destination communication address of the main communication from the consent confirmation message and passes them to the white list storage unit 210.

  Here, the method of including the source communication address and the destination communication address of the main communication in the consent confirmation message when the main communication is SIP communication and the storage-type communication is mail, and the reply is confirmed after receiving the reply to the consent confirmation message A method for extracting the source communication address and the destination communication address of the main communication from the message will be described.

  The consent confirmation transmission unit 220 acquires the destination communication address included in the TO header in the SIP connection request and the source communication address included in the FROM header, and sets the source communication address and destination communication address in the mail text. Encode and include in HTTP URL. When the destination user clicks the HTTP URL of the mail, the destination user is connected to the consent receiving unit 240 of the connection control server 2, and consent transmission to the transmission source communication address can be performed as an HTTP request. Then, the connection control server 2 that has received the consent updates the white list.

  For example, in the following INVITE request described in RFC3261, the INVITE method and TO header of the request include the address of Bob (Bob) of the destination, and the FROM header includes the address of the source Alice (alice). Yes.

Request line
INVITE sip: bob@biloxi.com SIP / 2.0
Header part
Via: SIP / 2.0 / UDP pc33.atlanta.com; branch = z9hG4bKnashds8
To: Bob bob@biloxi.com
From: Alice <alice@atlanta.com>; tag = 1928301774
Call-ID: a84b4c76e66710
CSeq: 314159 INVITE
Max-Forwards: 70
Date: Thu, 21 Feb 2002 13:02:03 GMT
Contact: <sip: alice@pcx33.atlanta.com>
Content-Type: application / sdp
Content-Length: 147

  As described above, the consent confirmation transmitting unit 220 includes the source communication address and the destination communication address of the main communication in the consent confirmation message, and the consent receiving unit 240 receives the reply from the consent confirmation message when the reply is received. By extracting the source communication address and the destination communication address, it is possible to eliminate the need for the connection control server 2 to manage the status of the connection request for which consent is being confirmed.

  Here, the case where the sender communication address and the destination communication address are included in the consent confirmation message has been described. However, the source communication address and the destination communication address of the main communication, such as the sender address of the consent confirmation message, are described. It can also be included.

  Returning to FIG. 2, the relay connection unit 250 is a processing unit that connects the user terminal 1 that has made the connection request to the user terminal 1 that is the destination.

  Next, the operation of the connection control server 2 according to the first embodiment will be described. Since the connection control server 2 according to the first embodiment is characterized by an operation when the source communication address does not exist in the white list, here, the connection request is received from the user terminal 1 and the source communication is displayed in the white list. The operation when there is no address will be described.

  FIG. 5 is a sequence diagram illustrating the operation of the connection control server 2 according to the first embodiment. As shown in the figure, when the source user terminal transmits a connection request addressed to the communication address of the destination user (step S101), the access control unit 200 of the connection control server 2 receives the connection request and stores the white list. A request for obtaining the white list of the called user is transmitted to unit 210 (step S102). In the figure, “originating ID” indicates “source communication address”, and “destination ID” indicates “destination communication address”.

  Then, the access control unit 200 determines whether or not the source communication address is included in the acquired white list (steps S103 to S104). The message is transmitted to the caller user terminal (step S105), and the caller is prompted to disconnect. Further, the access control unit 200 transmits a consent confirmation message transmission request to the consent confirmation transmission unit 220 together with the destination communication address and the transmission source communication address (step S106).

  Then, the consent confirmation transmission unit 220 acquires the storage control communication address corresponding to the destination communication address from the consent control information storage unit 230 (steps S107 to S108), and sends it to the consent control communication address. Then, an agreement confirmation message including the destination communication address and the transmission source communication address is transmitted (step S109).

  When the recipient agrees to add to the white list for the source communication address included in the consent confirmation message, the destination user terminal sends an agreement notice to the consent receiver 240 and receives the destination communication address and source communication. A reply is made together with the address (step S110). Then, the consent receiving unit 240 transmits a whitelist update request to the whitelist storage unit 210 (step S111), and the whitelist storage unit 210 adds the source communication address to the whitelist, and notifies the whitelist update. Is transmitted to the destination user terminal (step S112).

  As described above, according to the first embodiment, when the source communication address is not registered in the white list, the access control unit 200 confirms whether or not to agree to the registration of the source communication address in the white list. Requesting the consent confirmation transmission unit 220 to transmit the consent confirmation message to the destination user, and the consent confirmation transmission unit 220 transmits the consent confirmation message using a storage type communication for consent confirmation different from the main communication. Therefore, the consent confirmation message can be stored even when the main communication is a non-storage type such as an IP phone.

  Further, according to the first embodiment, the consent confirmation transmission unit 220 transmits an consent confirmation message together with the transmission source communication address and the destination communication address, and the consent reception unit 240 transmits the consent notification together with the transmission source communication address and the destination communication address. Since receiving and updating the white list, it is possible to eliminate the need for the connection control server 2 to manage the status of the connection request that is being confirmed.

  By the way, in the first embodiment described above, a basic connection control server that includes a destination communication address and a source communication address in the consent confirmation message and the consent notification and performs consent confirmation using storage type communication different from the main communication will be described. However, the connection control server can provide various additional functions related to the consent confirmation. Therefore, in the second embodiment, a connection control server that provides various additional functions related to consent confirmation will be described.

  First, the functional configuration of the user terminal and the connection control server of the connection control system according to the second embodiment will be described. FIG. 6 is a diagram illustrating a functional configuration of a user terminal and a connection control server of the connection control system according to the second embodiment. Here, for convenience of explanation, functional units that play the same functions as the respective units shown in FIG.

  As shown in FIG. 6, the connection control system includes a user terminal 10 that replaces the user terminal 1 and a connection control server 20 that replaces the connection control server 2. The user terminal 10 includes a connection request unit 100, an agreement confirmation reception unit 111, an agreement transmission unit 121, an attribute information selection unit 130, an agreement condition designation reception unit 140, and a callback / reconnection request unit 150. .

  Similar to the consent confirmation receiving unit 110 shown in FIG. 2, the consent confirmation receiving unit 111 receives the notification during additional consent confirmation and the consent confirmation message, but transmits an agreement confirmation message received by the consent confirmation receiving unit 111 to the consent confirmation message. The attribute information of the original user and the signature of the connection control server 20 are included, and the consent confirmation receiving unit 111 displays the attribute information and confirms the signature. Here, the attribute information is information that is effective in identifying the source user, such as the name of the source user, and the destination user who receives the consent confirmation message transmits the attribute by receiving the attribute information of the source user. It is possible to easily determine whether or not to add the original user's communication address to the white list.

  The consent transmission unit 121 transmits a notification of consent for addition to the white list in the same manner as the consent transmission unit 120 illustrated in FIG. 2, and further transmits a rejection notification when the destination user rejects the addition. To do. Further, the consent transmission unit 121 inserts and transmits a signature when transmitting an agreement notification and a rejection notification to the connection control server 20.

  The attribute information selection unit 130 instructs the source user from the attribute information notified by the connection control server 20 of the attribute information of the source user to be transmitted together with the agreement confirmation message when the connection control server 20 transmits the consent confirmation message. The selected attribute information is transmitted to the connection control server 20.

  The consent condition designation receiving unit 140 is a processing unit that accepts designation of the consent condition from the user and transmits it to the connection control server 20. Details of the consent condition will be described later.

  The callback / reconnection request unit 150 is a processing unit that accepts a callback designation from the destination user who has received the whitelist update notification and requests the connection control server 20 to call back to the caller. When this callback / reconnection request unit 150 requests the connection control server 20 to call back to the caller, the destination user can easily connect to the caller who agrees to connect.

  Further, the callback / reconnection request unit 150 receives a reconnection request from the transmission source that has received the whitelist update notification, and requests the connection control server 20 to reconnect. When the callback / reconnection request unit 150 requests the connection control server 20 to reconnect, the caller can easily connect to the destination user who has agreed to connect.

  The connection control server 20 includes an access control unit 201, an access list storage unit 211, an agreement confirmation transmission unit 221, an agreement control information storage unit 231, an agreement reception unit 241, a relay connection unit 251, and attribute information acquisition. Unit 260, consent confirmation transmission determination unit 270, access list management unit 280, and consent condition storage unit 290.

  Similar to the access control unit 200 shown in FIG. 2, the access control unit 201 receives a connection request from the transmission source, refers to the white list, and controls whether to perform connection. Transmission, determination of connection permission / rejection based on consent conditions, connection control using a black list, processing for callback and reconnection request, addition of signature to consent message, etc. Here, the black list is a list of transmission source communication addresses whose connection is refused.

  The access list storage unit 211 stores and manages the white list in the same manner as the white list storage unit 210 illustrated in FIG. 2, and further stores and manages the consent conditions and the black list. Here, the white list and the black list are collectively referred to as an access list.

  The agreement condition is a condition for confirming consent, and includes an agreement condition (permission) and an agreement condition (rejection). When there is an agreement condition (permission), the consent request is confirmed when the agreement condition is satisfied, and when the agreement condition is not satisfied, the connection request is rejected without confirming the agreement. On the other hand, if there is an agreement condition (rejection), the consent request is confirmed if the agreement condition is not satisfied, and if the agreement condition is satisfied, the connection request is rejected without confirming the agreement. Specific agreement conditions include domain names, mailing lists, Turing tests, attribute information, location information, and the like.

  For example, when the agreement condition (permission) is a domain name, consent confirmation is performed when the domain name of the transmission source matches the domain name specified as the agreement condition. On the other hand, if the consent condition (rejection) is a domain name, the connection request is rejected without confirmation of consent when the sender's domain name matches the domain name specified as the consent condition. The domain name and mailing list of the connection request can be acquired from the FROM header of the request line, for example. If the consent condition (permission) is a Turing test, the Turing test is performed on the sender, and if the test result is OK, the consent is confirmed. When the consent condition is attribute information, the transmission source is requested to transmit the attribute information, and consent confirmation is performed when the requested attribute information is transmitted from the transmission source. If the consent condition is location information, request the location information from the source terminal, and use the location information acquisition function with GPS function to confirm the consent when the requested location information is transmitted from the source. Do.

  FIG. 7 is a diagram illustrating an example of presence / absence of consent conditions stored and managed by the access list storage unit 211. As shown in the figure, the access list storage unit 211 stores and manages the white list and the presence / absence of the agreement condition in association with the destination communication address. For example, 701 indicates that there is an agreement condition (rejection) when consent confirmation is performed for the user at the destination communication address [0503345002] (the value of the agreement condition presence / absence is [01]).

  The consent condition is stored in the consent condition storage unit 290. FIG. 8 is a diagram illustrating an example of the consent condition. As shown in the figure, the agreement condition storage unit 290 stores agreement conditions (permission) and agreement conditions (rejection) in association with the destination communication address. For example, [Turing] indicates that a Turing test is to be performed, [mixxxiiix.jp] indicates a domain name, and [Name (Sueda)] receives a name from the sender as attribute information, and whether or not it is [Sueda] [Area (Kanto region)] indicates that the location information is received from the transmission source and it is determined whether or not the location of the transmission source is in the Kanto region.

  Further, upon receiving a white list or black list acquisition request, the access list storage unit 211 notifies the access list management unit 280 that the white list or black list acquisition request has been received. When the access list storage unit 211 receives the white list or black list acquisition request, the access list management unit 280 notifies the access list management unit 280 so that the last date and time when the white list or black list is acquired is managed. can do.

  The consent confirmation transmission unit 221 transmits an consent confirmation message to the destination user terminal, similar to the consent confirmation transmission unit 220 shown in FIG. 2, but when sending the consent confirmation message, the attribute information of the sender is sent. It can be sent in the consent confirmation message. Further, the consent confirmation transmitting unit 221 can also insert and transmit a signature when transmitting the consent confirmation message.

  Similar to the consent control information storage unit 230 shown in FIG. 2, the consent control information storage unit 231 stores and manages the consent control communication address, but further stores and manages attribute information. FIG. 9 is a diagram illustrating an example of the consent control information storage unit 231. As shown in the figure, the consent control information storage unit 231 stores a destination communication address, a consent control communication address, and a name (attribute information) in association with each user. For example, 901 shows an example in which the consent control information storage unit 231 manages the name “Sueda” as the attribute information of the user of the destination communication address [0503345002]. Here, the consent information storage unit 230 stores and manages the attribute information. However, the attribute information can be acquired by obtaining the sender's approval from an external attribute information management server such as an identity provider, Attribute information can also be acquired from the sender.

  Similar to the consent receiver 240 shown in FIG. 2, the consent receiver 241 receives the consent notification returned from the destination user terminal, but further receives a rejection notification returned from the destination user terminal, that is, the sender The notification of addition of the communication address to the white list is received, and the communication address of the sender is added to the black list.

  In addition, when the consent notification is returned from the destination user terminal, the consent receiver 241 updates the white list corresponding to the destination communication address and updates the white list corresponding to the source communication address. That is, the consent receiving unit 241 adds the source communication address to the white list corresponding to the destination communication address and adds the destination communication address to the white list corresponding to the source communication address. As described above, the consent receiving unit 241 updates the white list corresponding to the destination communication address and updates the white list corresponding to the source communication address, whereby the destination user requests a connection request to the source user. (Callback) is allowed.

  The consent receiving unit 241 confirms the signature inserted in the consent notification and rejection notification transmitted from the destination user terminal, and discards these notifications if the signature is not confirmed.

  Similar to the relay connection unit 250 shown in FIG. 2, the relay connection unit 251 connects the caller and the callee, but transmits the attribute information of the caller to the callee at the time of connection.

  The attribute information acquisition unit 260 is a processing unit that acquires attribute information stored and managed by the consent control information storage unit 231. However, the attribute information acquisition unit 260 designates a source communication address, and the consent control information storage unit 231 indicates attribute information of a user whose designated source communication address matches the destination communication address. Reply to 260. Note that the attribute information acquisition unit 260 can also acquire attribute information by obtaining the approval of the transmission source from an external attribute information management server such as an identity provider, or can acquire attribute information from the transmission source.

  The consent confirmation transmission determination unit 270 determines whether the transmission source communication address is not registered in the white list before the consent confirmation transmission unit 221 transmits the consent confirmation message based on the agreement condition of the destination user. It is a processing unit that acquires determination information and determines whether or not to transmit an agreement confirmation message.

  The access list management unit 280 is a management unit that manages a communication address registered in an access list such as a white list or a black list so as not to increase. Specifically, the access list management unit 280 stores, as communication history information, the last message reception date and time from each transmission source for each user based on the last date and time when the white list or black list was acquired. When the current date and time are periodically compared and the difference between the two is larger than a predetermined value, the communication address corresponding to the source is whitelisted or blacklisted as if the message has not been received for a predetermined period. Delete from. If only the white list is managed, the last message transmission date and time can be used instead of the last message reception date and time. Further, as communication history information, a date can be used instead of the date.

  In addition, the access list management unit 280 sets a maximum number of registrations for each user for the white list and the black list, and when the registration is performed in the white list and the black list, the maximum number of registrations has already been performed. If it is, the communication history information can be referred to, and the communication address registered in the white list and the black list can be deleted with the oldest message reception date and time.

  Next, the operation of the connection control server 20 when transmitting the attribute information of the sender user together with the consent confirmation message will be described. FIG. 10 is a sequence diagram showing the operation of the connection control server 20 when transmitting the attribute information of the sender user together with the consent confirmation message. As shown in the figure, when the source user terminal transmits a connection request to the destination user's communication address (step S201), the access control unit 201 of the connection control server 20 acquires the connection request and the source communication address. Then, a request for acquiring the whitelist of the destination user is transmitted to the access list storage unit 211 (step S202).

  Then, the access control unit 201 determines whether or not the source communication address is included in the acquired white list (step S203 to step S204), and if not included, the attribute information acquisition unit 260 An attribute acquisition request is transmitted (step S205). Then, the attribute information acquisition unit 260 acquires the attribute information from the consent control information storage unit 231 when the attribute information is stored and managed by the connection control server 20 (steps S206 to S207).

  Then, the access control unit 201 acquires attribute information (step S208), transmits a whitelist addition consent confirmation notification to the caller user terminal (step S209), and prompts the caller to be disconnected. In addition, the access control unit 201 transmits a consent confirmation message transmission request including the transmission source communication address, the destination communication address, and the attribute information to the consent confirmation transmission unit 221.

  In addition, although the case where the acquired attribute information is transmitted to the destination user has been described here, the acquired attribute information is transmitted to the source user and the attribute information to be transmitted to the destination user is selected. The selected attribute information can be transmitted to the destination user. That is, the acquired attribute information is displayed on the source user terminal with characters and buttons via the attribute information selection unit 130 of the source user terminal, or notified to the source user terminal by voice instead of being displayed. Then, the attribute information to be included in the consent confirmation message can be selected by the transmission source user.

  When the user selects attribute information, the access control unit 201 acquires the attribute information selected by the user. Here, when selecting the attribute information, the user may press the button or may be selected by voice recognition. Further, the attribute information may be acquired from the external attribute information management server or may be acquired from the user terminal 1.

  The subsequent operation is the same as in FIG. That is, the consent confirmation transmission unit 221 acquires the consent control communication address corresponding to the destination communication address from the consent control information storage unit 231, and the source communication address and the destination communication address with respect to the consent control communication address. A consent confirmation message including attribute information is transmitted using storage type communication. Here, since the destination user can determine whether or not to agree based on the attribute information, the source communication address and the destination communication address may be encrypted by the consent confirmation transmission unit 221.

  Then, when the recipient confirms the sender communication address or attribute information included in the consent confirmation message and agrees to add to the white list, the destination user terminal sends an agreement notice to the connection control server 20 and receives the agreement. The unit 241 receives the consent notification. Then, the consent receiving unit 241 transmits a whitelist update request to the access list storage unit 211. If the access list storage unit 211 is encrypted, it is decrypted and the source communication address is added to the whitelist. .

  As described above, by transmitting the attribute information when transmitting the consent confirmation message, the destination user can accurately determine whether or not to permit registration in the white list.

  Note that when the acquired white list includes a source communication address, the access control unit 201 transmits a connection request including attribute information to the relay connection unit 251 to connect to the destination user.

  Next, the operation of the connection control server 20 when registering consent conditions will be described. FIG. 11 is a sequence diagram showing the operation of the connection control server 20 when registering the consent condition. As shown in the figure, the consent condition designation accepting unit 140 of the sender user terminal accepts consent condition designation such as permission / denial, domain name, attribute, position information, etc. from the user (step S301). Here, depending on permission / denial, the user specifies whether the consent condition to be specified is the consent condition (permission) or the consent condition (rejection).

  Then, the agreement condition designation receiving unit 140 that has received the designation of the domain name, the attribute, etc. transmits the agreement condition designation to the connection control server 20 (step S302), and the consent confirmation transmission determining unit 270 receives the agreement condition designation. Then, the access list storage unit 211 is notified that the consent condition has been designated, and the presence / absence of the consent condition is stored and managed in association with the destination communication address as shown in FIG. 7 (step S303). Also, registration is requested from the consent condition storage unit 290 (steps S304 to S305).

  In this way, the user can perform more flexible connection permission / rejection designation and consent confirmation designation by registering the consent condition.

  Next, the operation of the connection control server 20 that updates the access list (white list) of the caller user based on the consent of the destination user will be described. FIG. 12 is a sequence diagram showing the operation of the connection control server 20 that updates the access list (white list) of the caller user based on the consent of the callee user.

  As shown in the figure, when the consent receiving unit 241 receives an agreement notification from the destination user terminal (step S401), in the whitelist update request, the destination user's communication address is added to the destination user's white list. In addition to the addition, a white list update request is also made to update the communication address of the destination user in the white list of the caller user (step S402).

  Then, after updating the white list, the access list storage unit 211 transmits a white list update notification to the destination user terminal and the transmission source user terminal (steps S403 to S404).

  As described above, in the whitelist update request, the consent receiving unit 241 not only adds the communication address of the caller user to the whitelist of the callee user, but also adds the communication address of the callee user to the caller user whitelist. By making a whitelist update request for updating, it is possible to make a reply from the destination user to the source user.

  Next, the operation of the connection control server 20 in the case where the callback button for the caller communication address is included in the whitelist update notification transmitted to the destination user will be described. FIG. 13 is a sequence diagram showing the operation of the connection control server 20 when the whitelist update notification transmitted to the destination user includes a callback button for the caller communication address.

  As shown in the figure, the consent receiving unit 241 receives an agreement notification from the destination user terminal, transmits a whitelist update request to the access list storage unit 211 (steps S501 to S502), and the access list storage unit 211. After the white list is updated, a white list update notification is transmitted to the destination user terminal and the source user terminal (steps S503 to S504).

  Here, the access list storage unit 211 includes a callback button for the transmission source communication address in the whitelist update notification transmitted to the destination user terminal. Then, when the destination user presses the callback button to the transmission source communication address included in the whitelist update notification, the callback / reconnection request unit 150 transmits a connection request to the access control unit 201 (step S505). -Step S506).

  Upon receiving the connection request, the access control unit 201 determines whether or not the connection is possible based on the white list of the transmission source (steps S507 to S509), transmits the connection request to the relay connection unit 251, and the relay connection unit 251 Connection is performed (step S510 to step S511). Note that, when the destination user makes a connection by callback to the source user, the access control unit 201 determines whether or not the connection is possible based on the white list of the source user. Automatic updating of the user's whitelist is required.

  As described above, when the access control unit 201 receives the connection request from the callback / reconnection request unit 150 and makes a connection request to the relay connection unit 251, the destination user can easily connect to the source user who has permitted the connection. Can be connected to.

  Next, the operation of the connection control server 20 when a connection button for a destination communication address is included in the white list update notification transmitted to the transmission source user will be described. FIG. 14 is a sequence diagram showing the operation of the connection control server 20 when the whitelist update notification transmitted to the caller user includes a connection button for the destination communication address.

  As shown in the figure, the consent receiving unit 241 receives an agreement notification from the destination user terminal, transmits a whitelist update request to the access list storage unit 211 (steps S601 to S602), and the access list storage unit 211. After the white list is updated, a white list update notification is transmitted to the destination user terminal and the source user terminal (steps S603 to S604).

  Here, the access list storage unit 211 includes a connection button in the whitelist update notification transmitted to the caller user terminal. When the transmission source user presses the connection button included in the white list update notification, the access control unit 201 receives the request as a reconnection request (step S605).

  Then, the access control unit 201 that has received the reconnection request determines whether or not connection is possible based on the white list of the transmission source (steps S606 to S608), transmits the connection request to the relay connection unit 251, and performs relay connection. The unit 251 performs connection (steps S609 to S610). Here, the access control unit 201 determines whether or not connection is possible even in the case of reconnection, but the determination of whether or not connection is possible can be omitted in the case of reconnection.

  In this way, when the access control unit 201 receives the reconnection request and makes a connection request to the relay connection unit 251, the source user can easily connect to the user who has previously made the connection request by simply pressing the connection button. Can be connected.

  Next, the operation of the connection control server 20 when determining whether or not to confirm the consent based on the consent conditions will be described. FIG. 15 is a sequence diagram illustrating the operation of the connection control server 20 when determining whether or not to confirm consent based on the consent condition.

  As shown in the figure, when the source user terminal transmits a connection request to the communication address of the destination user (step S701), the access control unit 201 receives the connection request and stores the destination in the access list storage unit 211. A user whitelist acquisition request is transmitted (step S702).

  Then, the access control unit 201 determines whether or not the source communication address is included in the acquired white list (steps S703 to S704). It is determined whether or not it has been done. As a result, when the consent condition is designated, the access control unit 201 transmits a consent confirmation message transmission determination request (step S705), and the consent confirmation transmission determination unit 270 that has received the consent confirmation message transmission determination request The consent condition is acquired from the consent condition storage unit 290 (steps S706 to S707), and based on the designated consent condition, for example, information for determining the sender is requested from the sender (step S708).

  In a specific example, the caller is prompted to perform an operation such as “Please press ***” (the consent condition (permission) is the Turing test). Alternatively, determination based on authority evaluation or attribute information using SAML (Security Assertion Markup Language) may be requested (agreement condition (permission) is attribute information). Alternatively, location information may be requested (agreement condition is location information). When sender information such as “***” or attribute information or location information using SAML is transmitted from the sender user terminal (step S709), the consent confirmation transmission determination unit 270 confirms the sender. Is performed (step S710), and the sender determination result is transmitted to the access control unit 201 (step S711). If the determination result is OK, the access control unit 201 transmits a consent confirmation notification to the caller user terminal, and prompts the caller to be disconnected. On the other hand, if the determination result is NG, a disconnection request is transmitted to the caller user terminal (step S712). If the consent condition is not specified, the access control unit 201 determines that consent confirmation is necessary. If the consent condition is a domain name, the consent confirmation transmission determination unit 270 determines whether or not to confirm the consent based on the source domain name.

In this way, by deciding whether or not to confirm consent based on the consent conditions,
The user can flexibly specify the object of consent confirmation. Further, based on the consent condition, it is possible to confirm whether or not the transmission source is a machine by urging the transmission source user to perform an operation, and it is possible to prevent one-off and SPIT (SPAM over IP Telephony). Moreover, transmission of the consent confirmation message by misrepresentation can be prevented.

  Next, the operation of the connection control server 20 when the destination user refuses to add the source communication address to the white list will be described. FIG. 16 is a sequence diagram showing the operation of the connection control server 20 when the destination user refuses to add the source communication address to the white list.

  As shown in the figure, when a rejection notification is transmitted from the destination user terminal (step S801), the consent receiving unit 241 transmits a request for updating the destination user's black list to the access list storage unit 211 ( Step S802). Then, the access list storage unit 211 adds the communication address to the black list, and transmits a black list update notification to the destination user terminal (step S803).

  After that, when receiving a connection request from the communication address (step S804), the access control unit 201 acquires not only the white list of the destination user but also the black list (steps S805 to S806), and determines whether or not connection is possible. (Step S807). That is, the access control unit 201 permits the connection when the source communication address is registered in the white list, and rejects the connection when the source communication address is registered in the black list. If the communication address is not registered in any of them, the consent confirmation is performed with the destination user.

  As described above, when the destination user refuses to add the source communication address to the white list, the consent receiving unit 241 registers the source communication address in the black list, and the access control unit 201 stores the white list and the black list. By using this to determine whether or not the connection is possible, the destination user does not have to repeatedly reject incoming calls for connection requests from the same source communication address, and can prevent one-off or SPIT from the same source communication address. .

  FIG. 17 is a diagram illustrating an example of a black list. As shown in the figure, in this example, the white list and the black list are managed together in correspondence with the destination communication address.

  Next, an operation in which the connection control server 20 periodically deletes the target communication address so that the number of communication addresses in the white list and black list does not increase will be described. FIG. 18 is a sequence diagram showing an operation in which the connection control server 20 periodically deletes the white list and black list communication addresses.

  As shown in the figure, when the access control unit 201 receives a connection request from the caller user terminal (step S901) and makes a request for obtaining a whitelist or blacklist to the access list storage unit 211 (step S902). Each time the access list storage unit 211 receives an access list acquisition request, the access list storage unit 211 transmits an access list acquisition request acceptance notification to the access list management unit 280 (step S903), and returns an access list (step S904).

  Then, the access list management unit 280 manages the last message reception date and time of the source communication address in the access list based on the access list acquisition request acceptance notification. The access list storage unit 211 transmits an access list update request acceptance notification to the access list management unit 280 each time a white list or black list update request is received (step S905), and the access list management unit 280 Based on the list update request acceptance notification, the date and time of the last message reception of the source communication address in the access list is initialized.

  Then, the access list management unit 280 periodically acquires the access list (steps S906 to S907), confirms the last message reception date and time in the access list (step S908), and a predetermined period has elapsed. A deletion request is transmitted to the access list storage unit 211 for the source communication address (step S909). And the access list memory | storage part 211 transmits a list update notification with respect to the said user while deleting a transmission origin communication address (step S910).

  In this way, the access list management unit 280 records the last message reception date and time for each source communication address in the access list, periodically confirms the last message reception date and time, and the source communication after a predetermined period has elapsed. By transmitting a deletion request for an address to the access list storage unit 211, it is possible to delete a source communication address for which there is no connection request for a predetermined period from the access list, and to suppress an increase in the communication address in the access list.

  FIG. 19 is a diagram illustrating an example of the last message reception date / time in the access list managed by the access list management unit 280. Reference numeral 1901 shows an example in which the access list management unit 280 manages [20060523110033] as the last message reception date and time of the user of the source communication address [0503345677].

  Next, the operation of the connection control server 20 for confirming the transmission source in relation to the consent confirmation message will be described. FIG. 20 is a sequence diagram showing the operation of the connection control server 20 for confirming the transmission source in relation to the consent confirmation message.

  As shown in the figure, the access control unit 201 receives a connection request from the source user terminal, determines whether or not the connection is possible (steps S1001 to 1002), and determines that confirmation is necessary for the destination user. A notification during confirmation is transmitted to the transmission source user terminal (step S1003), and a transmission request for the consent confirmation message is transmitted to the consent confirmation transmitting unit 221 (step S1005). However, the access control unit 201 inserts the signature of the device itself into the consent confirmation message transmission request before transmitting the consent confirmation message transmission request (step S1004).

  Then, the consent confirmation transmitting unit 221 that has received the consent confirmation message transmission request acquires the communication address (steps S1006 to S1007), and whether the signature inserted in the consent confirmation message transmission request is that of the same connection control server. And the signature of the own apparatus is inserted again when the consent confirmation message is transmitted (steps S1008 to S1009).

  Upon receiving the consent confirmation message, the consent confirmation receiving unit 111 of the destination user terminal confirms the signature and, upon receiving an agreement / rejection instruction from the user, inserts the same signature and transmits an agreement / rejection notification. (Step S1010). Then, the consent receiving unit 241 receives the consent / rejection notification including the signature, confirms the signature (step S1011), and transmits an update request to the access list.

  As described above, the consent confirmation transmission unit 221 inserts the signature of its own device and transmits the consent confirmation message, so that the destination user terminal can confirm the transmission source of the consent confirmation message. It can prevent misrepresentation.

  As described above, according to the second embodiment, the consent confirmation transmission unit 221 transmits the consent confirmation message together with the attribute information of the sender user, so that the destination user is based on the attribute information about the sender user. It is possible to appropriately determine whether or not to be registered in the white list.

  In addition, according to the second embodiment, the access control unit 201 determines whether or not to confirm the consent based on the consent conditions such as the domain name and the mailing list. Can be specified.

  Further, according to the second embodiment, when the consent receiving unit 241 receives the consent notification from the destination user terminal, not only the source communication address is registered in the whitelist of the destination user but also the white of the source user. Since the destination communication address is registered in the list, it is possible to prevent a situation in which only one side is permitted to be transmitted.

  Further, according to the second embodiment, when the access list storage unit 211 transmits the white list update notification to the destination user terminal, the callback button is displayed on the destination user terminal. The called user can call back with a simple operation.

  Also, according to the second embodiment, when the access list storage unit 211 transmits a whitelist update notification to the source user terminal, the reconnection button is displayed on the source user terminal. The sender user can reconnect with a simple operation.

  In addition, according to the second embodiment, whether or not the consent confirmation transmission determination unit 270 prompts the transmission source user to perform an operation or transmission of attribute information before confirming the consent and confirms whether or not to confirm the consent according to a response from the transmission source user. Therefore, it is possible to confirm whether or not the transmission source is a machine, and it is possible to prevent one-off and SPIT.

  Further, according to the second embodiment, the access list storage unit 211 stores and manages the black list together with the white list, and the access control unit 201 determines whether or not connection is possible using both the white list and the black list. Therefore, it is possible to eliminate the need for the destination user to repeatedly confirm the consent for the same source communication address.

  Also, according to the second embodiment, the access list management unit 280 manages the last message reception date and time based on the access list acquisition request date and time, periodically checks the access list, and a predetermined period elapses from the last message reception date and time. Since the originating communication address is deleted, an increase in the access list can be suppressed.

  Further, according to the second embodiment, since the consent confirmation transmission unit 221 inserts the signature of the own device when transmitting the consent confirmation message, it is possible to prevent the spoofing of the consent confirmation message.

  In the first and second embodiments, the connection control system has been described in terms of functions. In practice, however, the connection control server can be realized by a commercially available computer. You can install it. This program may be loaded not only from a secondary recording medium such as a hard disk device or ROM to the CPU, but also from a recording medium such as a CD-R or from another computer via a network.

  In the first and second embodiments, the case where the white list, the black list, and the like are stored in the connection control server has been described. However, the present invention is not limited to this. For example, the white list and the black list are managed. The same can be applied to the case where a separate data management server is provided.

  In the first and second embodiments, the case has been described in which the connection control server determines whether or not connection is possible in response to a connection request from the source user. However, the present invention is not limited to this, and the source user is not limited thereto. The same can be applied to the case where the connection control server determines whether or not the communication message transmitted from the server can be relayed.

  In the first and second embodiments, the description is centered on SIP agreement-based communication. However, the present invention is not limited to this, and is similarly applied to other message exchanges such as instant messenger and chat. be able to.

  As described above, the connection control system, the connection control device, the connection control method, and the connection control program according to the present invention are useful for preventing unwanted messages such as SPIT, and particularly suitable for preventing unwanted messages in non-storage type communication. ing.

1 is an explanatory diagram illustrating a configuration of a connection control system according to Embodiment 1. FIG. It is a figure which shows the function structure of a user terminal and a connection control server. It is a figure which shows an example of the white list which a white list memory | storage part manages. It is an example of the information for consent control which the information storage part for consent control manages. FIG. 6 is a sequence diagram illustrating an operation of the connection control server according to the first embodiment. It is a figure which shows the function structure of the user terminal of the connection control system which concerns on Example 2, and a connection control server. It is a figure which shows an example of the presence or absence of consent conditions memorize | stored / managed by an access list memory | storage part. It is a figure which shows the example of consent conditions. It is a figure which shows an example of the information storage part for consent control. It is a sequence diagram which shows operation | movement of the connection control server in the case of transmitting the attribute information of a transmission origin user with an consent confirmation message. It is a sequence diagram which shows operation | movement of the connection control server in the case of registering consent conditions. It is a sequence diagram which shows the operation | movement of the connection control server which also updates the access list of the transmission origin user based on consent of a destination user. It is a sequence diagram which shows operation | movement of a connection control server in case the callback button to a transmission origin communication address is included in the white list update notification transmitted to a callee user. It is a sequence diagram which shows operation | movement of a connection control server in the case of including the connection button to an incoming call destination communication address in the white list update notification transmitted to a transmission origin user. It is a sequence diagram which shows operation | movement of the connection control server in the case of determining whether to perform consent confirmation based on consent conditions. It is a sequence diagram which shows the operation | movement of a connection control server when a destination user refuses addition of the transmission origin communication address to a white list. It is a figure which shows an example of a black list. It is a sequence diagram which shows the operation | movement which a connection control server deletes the communication address of a white list and a black list regularly. It is a figure which shows an example of the transmission origin communication address acquisition request date in an access list which an access list management part manages. It is a sequence diagram which shows operation | movement of the connection control server for confirming a transmission source in connection with an agreement confirmation message.

Explanation of symbols

1,10 User terminal 1-1 Mobile phone terminal 1-2 PDA
1-3 Personal computer 2, 20 Connection control server 3 Mobile communication network 4 Internet 100 Connection request unit 110, 111 Consent confirmation reception unit 120, 121 Consent transmission unit 130 Attribute information selection unit 140 Consent condition designation reception unit 150 Call back / re- Connection request unit 200, 201 Access control unit 210 White list storage unit 211 Access list storage unit 220, 221 Consent confirmation transmission unit 230, 231 Consent control information storage unit 240, 241 Consent reception unit 250, 251 Relay connection unit 260 Attribute information Acquisition unit 270 Consent confirmation transmission determination unit 280 Access list management unit 290 Consent condition storage unit 301 White list example 401 Consent control communication address example 701 Consent condition example 901 Attribute information example 1901 Last message received date and time example

Claims (12)

A connection control system for establishing a connection between user terminals,
Permitted sender information storage means for storing and managing authorized sender information for each user for one or more senders for each user,
Stored for each user the destination of the consent confirmation message for confirming the consent to add the new source information to the permitted source information storage means in association with the user as the permitted source information. Consent confirmation destination storage means;
Each permitted source information corresponding to the destination of the received connection request is read from the permitted source information storage means and compared with the source information of the connection request, and the connection is permitted when there is a matching permitted source information. Connection permission means to
If the connection is not permitted by the connection permission unit, the agreement confirmation message of the sender information for the adding to the authorized originator information storage means in association with the destination as the permission source information Consent confirmation transmission means for transmitting to the destination together with the source information and destination information of the connection request;
A reply receiving means for receiving an additional consent notice returned together with the sender information and the destination information of the connection request from the destination in response to the consent confirmation message transmitted by the consent confirmation sending means;
Connection permission means permits a connection from a source corresponding to the source information received with the additional consent notification to a destination corresponding to the destination information received with the additional consent notification. The permitted sender information storage means stores the sender information received together with the additional consent notice as the permitted sender information in association with the destination corresponding to the destination information received together with the additional consent notice. and allow the sender information additional means to be added,
A connection control system comprising: The permitted sender information adding means further connects from the destination corresponding to the destination information received together with the additional consent notification to the source corresponding to the source information received together with the additional consent notification. The destination information received with the additional consent notification is used as the permitted source information, and the source corresponding to the source information received with the additional consent notification The connection control system according to claim 1, wherein the connection control system is associated and added to the permitted transmission source information storage unit . The reply receiving means also receives an additional refusal notification returned from the destination along with the source information and destination information of the connection request,
Rejected sender information storage means for storing and managing one or more senders for each user with rejected sender information, which is information about each sender that the user refuses to receive,
Each rejection source information corresponding to the destination of the connection request is read from the rejection source information storage means and compared with the source information of the connection request, and if there is a matching rejection source information, the connection is rejected. A connection rejection means;
Rejected sender information adding means for adding the sender information corresponding to the destination information by the rejected sender information storage means when the reply receiving means receives an additional rejection notification;
The connection control system according to claim 1, further comprising: The consent confirmation transmitting means transmits an consent confirmation message and prompts the caller to disconnect,
It further comprises a permitted sender information addition notifying means for notifying the recipient that the permitted sender information has been added by the permitted sender information adding means and receiving a callback from the recipient to the sender. The connection control system according to claim 2. The consent confirmation transmitting means transmits an consent confirmation message and prompts the caller to disconnect,
The system further comprises a permitted sender information addition notifying means for notifying the sender that the permitted sender information has been added by the permitted sender information adding means and receiving a reconnection request from the sender to the destination. The connection control system according to claim 1, 2, or 3.   6. The consent confirmation transmitting unit acquires attribute information corresponding to a source of the connection request, includes the attribute information in the consent confirmation message, and transmits the attribute information to a destination. The connection control system described. It further comprises an agreement condition storage means for memorizing an agreement condition for specifying a condition for sending an agreement confirmation message for each user,
7. The consent confirmation transmitting unit reads an agreement condition corresponding to a destination of the connection request from the agreement condition storage unit, and transmits an agreement confirmation message when the agreement condition is satisfied. The connection control system according to any one of the above. A communication history management means for managing the last message communication point with each communication partner for each user;
If the difference between the last message communication time point managed by the communication history management means and the current time point is larger than a predetermined value, the permitted caller information corresponding to the user and the communication partner is stored in the permitted caller information storage Automatic permission source information deletion means for automatic deletion by means,
The connection control system according to claim 1, further comprising:   The connection control system according to claim 1, wherein the consent confirmation transmission unit transmits the consent confirmation message by adding a signature that identifies a transmission source of the consent confirmation message. A connection control device for establishing a connection between user terminals,
Each permitted source information corresponding to the destination of the received connection request is compared with the source information of the connection request among the permitted source information that is information about each source that the user permits to connect, and the matching permission A connection permission means for permitting connection when there is sender information,
When connection is not permitted by the connection permission means, an agreement confirmation message for confirming consent for adding the sender information in association with the destination as the permitted sender information is added to the connection request. Consent confirmation transmission means for transmitting to the destination together with the sender information and the destination information;
A reply receiving means for receiving an additional consent notice returned together with the sender information and the destination information of the connection request from the destination in response to the consent confirmation message transmitted by the consent confirmation sending means;
Connection permission means permits a connection from a source corresponding to the source information received with the additional consent notification to a destination corresponding to the destination information received with the additional consent notification. The permitted sender information adding means for adding the sender information received together with the additional consent notice as the permitted sender information in association with the destination corresponding to the destination information received together with the additional consent notice. When,
A connection control device comprising: A connection control method by a connection control device for establishing a connection between user terminals,
The connection control device sets each permitted source information corresponding to the destination of the received connection request among the permitted source information that is information about each source that the user permits to connect to the source information of the connection request. A connection permission step of comparing and permitting connection when there is a matching permitted source information; and
If the connection control device does not permit connection in the connection permission step , the consent confirmation confirms the consent to add the source information in association with the destination as the permitted source information. An agreement confirmation sending step for sending a message to the destination along with the source information and destination information of the connection request;
The connection control apparatus, a reply receiving step of receiving the connection source information and destination information added consent notification sent back with a request from a destination in response to the agreement confirmation message sent in the agreement confirmation transmission step ,
The connection permission step is a connection permission step in which the connection control device connects from the source corresponding to the source information received together with the additional consent notification to the destination corresponding to the destination information received together with the additional consent notification. The sender information received together with the additional consent notice is added as the permitted sender information in association with the destination corresponding to the destination information received together with the additional consent notice so as to be permitted in Permission sender information addition process,
The connection control method characterized by including. A connection control program for establishing a connection between user terminals,
Each permitted source information corresponding to the destination of the received connection request is compared with the source information of the connection request among the permitted source information that is information about each source that the user permits to connect, and the matching permission A connection permission procedure for permitting connection when there is sender information,
When connection is not permitted by the connection permission procedure, an agreement confirmation message for confirming consent to add the sender information in association with the destination as the permitted sender information is added to the connection request. Consent confirmation transmission procedure to be sent to the destination along with the sender information and destination information,
A reply receiving procedure for receiving an additional consent notice sent back together with the source information of the connection request and the destination information from the destination in response to the consent confirmation message transmitted by the consent confirmation sending procedure;
The connection permission procedure permits the connection from the source corresponding to the source information received together with the additional consent notification to the destination corresponding to the destination information received together with the additional consent notification. The permitted sender information adding procedure for adding the sender information received together with the additional consent notice as the permitted sender information in association with the destination corresponding to the destination information received together with the additional consent notice. When,
A connection control program for causing a computer to execute.

Images