JP4750808B2 - Connection control system, connection control method, and connection control program - Google Patents

Description

  The present invention relates to a connection control system, a connection control method, and a connection control program.

  Conventionally, a VPN (Virtual Private Network) communication is applied to a communication between a plurality of gateway devices connected to the network, so that a plurality of LANs (Local Area Networks) are connected to each other through a dedicated line. A technology to connect to the network has been proposed.

  For example, Non-Patent Document 1 discloses a method of VPN connection between two home LANs connected to the SIP network, starting from a connection request from a terminal connected to a SIP (Session Initiation Protocol) network. Yes. Further, for example, in Non-Patent Document 2, a mobile phone connected to a mobile phone network connects to a gateway device at home connected to the SIP network to make a connection request, and the connection request is the starting point. A technique is disclosed in which a home LAN at home and another person's LAN are connected by VPN so that content existing on the home LAN at home can be viewed by another person.

"VPN connection method to realize broadband and secure home LAN connection", BS-5-6, IEICE Society Conference 2007 “Proposal of Wide Area DLNA Communication System for Information Appliances”, IEICE, IEICE Technical Report NS2007-13 (2007-4) pp71-76

  By the way, the above-described conventional technique has a problem that a VPN cannot be generated from a connection request from a terminal connected to an external network other than the network to which the gateway device is connected.

  In other words, as described above, the technique disclosed in Non-Patent Document 1 only generates a VPN from a connection request from a terminal connected to the same SIP network as the network to which the gateway device is connected. . Further, the technique disclosed in Non-Patent Document 2 is based on a connection request from a mobile phone connected to a mobile phone network different from the network to which the gateway device is connected. Must be able to connect to a gateway device connected to the SIP network. If this is the case, when the network to which the gateway device is connected is a network in which connection from an external network is restricted, this method cannot generate a VPN.

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and generates a VPN starting from a connection request from a terminal connected to an external network other than the network to which the gateway device is connected. It is an object of the present invention to provide a connection control system, a connection control method, and a connection control program that can be used.

In order to solve the above-described problems and achieve the object, the present invention provides a connection between a plurality of communication devices when communication using a virtual communication path is applied to communication between a plurality of communication devices connected to a network. A first identifier for uniquely identifying the communication device connected to the first network on the first network, and the connection control system for controlling the first network without being connected to the first network. Identifier storage means for storing a correspondence with a second identifier used by a user who uses a terminal connected to a second network different from the first network to uniquely identify the communication device; A virtual communication path generation request for generating the virtual communication path between a plurality of communication devices connected to one network is sent from a terminal connected to the second network. When a virtual communication path generation request is received by the virtual communication path generation request receiving means that receives the second identifier that identifies each of the plurality of communication devices via the second network, and the virtual communication path generation request reception means. First identifier acquisition that searches the identifier storage means using each second identifier included in the virtual channel generation request as a search key, and acquires each first identifier stored in association with each second identifier And a virtual communication path generating means for generating the virtual communication path in the first network between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquisition means. It is characterized by that.

Further, the present invention is the above invention, wherein the virtual communication path generation unit uses a third party call control unit in which a call of the communication device is controlled by a third party device different from the plurality of communication devices. Then, the virtual communication path is generated.

Further, in the present invention , in the above invention, a virtual communication path disconnection request for disconnecting communication through the virtual communication path generated by the virtual communication path generation unit is connected to the second network. From the terminal, a virtual communication path disconnection request accepting unit that accepts the second identifier for identifying each of the plurality of communication devices through the second network together with the second identifier, and a virtual communication path disconnection request accepting unit receives a virtual communication path disconnection request accepting unit. When accepted, the search for the identifier storage unit is performed using each of the second identifiers included in the virtual channel disconnection request as a search key, and the first identifier stored in association with each of the second identifiers is acquired. Between the first identifier obtaining unit and each communication device identified from each first identifier obtained by the first identifier obtaining unit at the time of disconnection A virtual communication channel cutting means for cutting the virtual communication path is produced, and further comprising a.

In the present invention , when the virtual communication path is generated by the virtual communication path generation unit, a completion notification for notifying that the generation of the virtual communication path is completed is sent to the virtual communication path. Along with cancellation information that can be instructed to cancel generation, a completion notification transmission unit that transmits the virtual channel generation request to the terminal that has transmitted the request, and when an instruction by the cancellation information is received, specified by the instruction by the cancellation information The cancel virtual communication path cutting means for cutting the virtual communication path is further provided.

The present invention also provides a connection control method for controlling connection between a plurality of communication devices when communication using a virtual communication path is applied to communication between the plurality of communication devices connected to the network. A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication devices that are connected to one network and are uniquely identified by a first identifier on the first network. A second identifier used by a user who uses the terminal to uniquely identify the communication device from a terminal connected to a second network different from the first network without being connected to the first network. A virtual communication path generation request reception step for receiving the second identifier for identifying each of the plurality of communication devices through the second network together with each of the second identifiers; When a virtual channel generation request is received by the receiving step, an identifier storage unit that stores the correspondence between the first identifier and the second identifier using each second identifier included in the virtual channel generation request as a search key And a first identifier acquisition step of acquiring each first identifier stored in association with each of the second identifiers, and a communication identified from each of the first identifiers acquired by the first identifier acquisition step A virtual communication path generation step of generating the virtual communication path in the first network between the devices.

Further, the present invention causes a computer to execute a connection control method for controlling connection between a plurality of communication devices when communication using a virtual communication path is applied to communication between the plurality of communication devices connected to a network. A virtual communication that is a connection control program and requests to generate the virtual communication path between a plurality of communication devices that are connected to a first network and are uniquely identified by a first identifier on the first network. A user using the terminal uniquely identifies the communication device from a terminal connected to a second network different from the first network without being connected to the first network. A virtual identifier received via the second network together with each second identifier for identifying each of the plurality of communication devices. When a virtual communication path generation request is received by the path generation request reception procedure and the virtual communication path generation request reception procedure, each of the first identifier and the second identifier included in the virtual communication path generation request is used as a search key. A first identifier acquisition procedure for searching for an identifier storage unit that stores a correspondence with a second identifier and acquiring each first identifier stored in association with each second identifier, and the first identifier acquisition procedure The computer is caused to execute a virtual communication path generation procedure for generating the virtual communication path in the first network between each of the communication devices identified from the first identifiers acquired by the above.

The present invention is a connection control system for controlling connection between a plurality of communication devices when communication by a virtual communication path is applied to communication between the plurality of communication devices connected to a network, A request reception apparatus connected to a second network different from the first network to which the communication apparatus is connected uniquely identifies the communication apparatus connected to the first network on the first network. Correspondence between the first identifier and a second identifier used by a user who uses a terminal connected to the second network without being connected to the first network to uniquely identify the communication device An identifier storage means for storing the virtual communication path generation request for generating the virtual communication path between a plurality of communication devices connected to the first network, Virtual communication path generation request receiving means for receiving via the second network together with each second identifier for identifying each of the plurality of communication devices from a terminal connected to the second network, and the virtual communication path generation request receiving means When the virtual channel generation request is accepted by the above, the identifier storage means is searched using each of the second identifiers included in the virtual channel generation request as a search key, and stored in association with each of the second identifiers. When the first identifier is acquired by the first identifier acquisition unit that acquires each of the first identifiers and the first identifier acquisition unit, the virtual communication path generation request is sent together with each of the first identifiers to the first identifier A virtual communication path generation request transfer means for transferring to a network and a connection control device connected to each of the second networks, When the virtual communication path generation request is transferred by the virtual communication path generation request transfer means, the connection control device is connected between the communication apparatuses identified from the first identifiers transferred together with the virtual communication path generation request. A virtual communication path generation means for generating the virtual communication path in the first network is provided.

The present invention is a connection control system for controlling connection between a plurality of communication devices when communication by a virtual communication path is applied to communication between the plurality of communication devices connected to a network, A request receiving device connected to a second network different from the first network to which the communication device is connected is connected to the first network and is uniquely identified by the first identifier on the first network. A virtual channel generation request for generating the virtual channel between the plurality of communication devices is sent from a terminal connected to the second network by a user using the terminal to uniquely identify the communication device. A virtual communication path received via the second network together with each second identifier for identifying each of the plurality of communication devices. When the virtual communication path generation request is received by the request reception means and the virtual communication path generation request reception means, the virtual communication path generation request is connected to each of the first network and the second network. Virtual communication path generation request transfer means for transferring to the apparatus, wherein the connection control device stores identifier correspondence means for storing the correspondence between the first identifier and the second identifier, and the virtual communication path generation request transfer means. When the virtual channel generation request is transferred by the above, the identifier storage means is searched using each of the second identifiers included in the virtual channel generation request as a search key, and is stored in association with each of the second identifiers. First identifier acquisition means for acquiring each first identifier, and a communication device identified from each of the first identifiers acquired by the first identifier acquisition means Between people, characterized by comprising a virtual communication path generating means for generating the virtual communication path in the first network.

The present invention also provides a connection control system for controlling connection between a plurality of communication devices when communication using a virtual communication path is applied to communication between the plurality of communication devices connected to the network. A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication devices connected to one network is different from the first network without being connected to the first network. Virtual communication path generation request accepting means for accepting each of the plurality of communication devices from the terminal connected to the second network together with each identifier uniquely identifying the first network via the second network; When the virtual communication path generation request is received by the virtual communication path generation request reception means, it is identified from each identifier included in the virtual communication path generation request. During a communication device each, characterized by comprising a virtual communication path generating means for generating the virtual communication path in the first network.

According to the present invention, when communication using a virtual communication path is applied to communication between a plurality of communication devices connected to a network, the connection control system controls connection between the plurality of communication devices. A first identifier for uniquely identifying a communication device connected to one network on the first network, and a second network that is not connected to the first network and is different from the first network A correspondence with a second identifier used by a user who uses a connected terminal to uniquely identify the communication device is stored in the identifier storage unit, and a plurality of communication devices connected to the first network are stored. A virtual communication path generation request for generating a virtual communication path is sent together with each second identifier for identifying each of the plurality of communication devices from a terminal connected to the second network. When the virtual communication path generation request is received through the second network, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path generation request as a search key and corresponds to each of the second identifiers. In addition, each of the stored first identifiers is acquired, and a virtual communication path in the first network is generated between each of the communication devices identified from the acquired first identifiers. A virtual communication path can be generated starting from a connection request from a terminal connected to an external network other than the existing network.

Further, according to the present invention , a virtual communication path is generated using a third party call control function in which a call of a communication device is controlled by a third party device different from a plurality of communication devices. Generation of a virtual communication path starting from a connection request from a connected terminal can be realized using an existing method.

According to the present invention , the virtual communication path disconnection request for requesting disconnection of the communication through the generated virtual communication path is sent from the terminal connected to the second network to identify each of the plurality of communication apparatuses. When the virtual communication path disconnection request is received together with each of the two identifiers and the virtual communication path disconnection request is received, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path disconnection request as a search key, and the second Since each first identifier stored in association with each identifier is acquired and the virtual communication path generated between the communication devices identified from each acquired first identifier is disconnected, it is connected to an external network. It is possible to disconnect the virtual communication path generated from the connection request from the received terminal as a starting point from the disconnection request from the terminal connected to the external network.

Further, according to the present invention , when a virtual communication path is generated, the completion information for notifying that the generation of the virtual communication path has been completed, the cancellation information that can be instructed to cancel the generation of the virtual communication path At the same time, when the virtual communication path generation request is transmitted to the terminal that transmitted the request and the instruction by the cancellation information is accepted, the virtual communication path specified by the instruction by the cancellation information is disconnected, so the connection from the terminal connected to the external network It becomes possible to easily cancel the virtual communication path generated from the request as a starting point.

In addition, according to the present invention, there is provided a connection control system that controls connection between a plurality of communication devices when communication using a virtual communication path is applied to communication between the plurality of communication devices connected to the network. A virtual communication path generation request for generating a virtual communication path between a plurality of communication devices connected to the first network is not connected to the first network, and the first network From a terminal connected to a different second network, each of the plurality of communication devices is received via the second network together with an identifier for uniquely identifying each of the plurality of communication devices on the first network. Since a virtual communication path in the first network is generated between each communication device identified from each included identifier, other than the network to which the communication device is connected It is possible to produce a virtual communication path starting from the connection request from the connected to the external network terminal.

  Exemplary embodiments of a connection control system, a connection control method, and a connection control program according to the present invention will be described below in detail with reference to the accompanying drawings. In the following, first, a technique that is a premise of the present invention will be briefly described.

[Prerequisite technology]
The “VPN (Virtual Private Network)” (corresponding to the “virtual communication path” described in the claims) used in the following embodiments is, for example, an SIP network (the “first private network” described in the claims). A virtual communication path generated in the SIP network for the purpose of connecting two home LANs connected to each other as if they were connected by a dedicated line. . A “gateway device (hereinafter referred to as HGW (Home GateWay))” (corresponding to the “communication device” recited in the claims) installed in a home LAN has a function of generating a VPN and connects two home LANs. “VPN” is generated.

  Specifically, when “HGW” generates “VPN” using a session established by SIP, the IP (Internet Protocol) address and port number of “HGW” as a communication partner are generated. It is necessary to negotiate with “HGW” as a communication partner using the acquired information. For this reason, “HGW” accepts SIP calls in which an IP address and port number are described in a description language called SDP (Session Description Protocol) from “connection control server” or “HGW” as a communication partner. Get information about. Then, “HGW” uses the acquired information to perform mutual authentication by “IKE (Internet Key Exchange)” with “HGW” as a communication partner, and using the encryption key exchanged by mutual authentication. By encrypting data or the like, an IPSec (Security Architecture for Internet Protocol) connection is established with “HGW” as a communication partner. Thus, “VPN” is generated between the two “HGW”. If “VPN” is generated, an IP-based application can be used over two VPNs between two home LANs. For example, content sharing using information home appliances can be realized.

  In mutual authentication by IKE or the like, an IP address can be used to determine whether or not to authorize a communication partner, as described above, but there is a possibility that the authentication strength is inferior depending on the network configuration. Therefore, mutual authentication may be performed by using a telephone number instead of an IP address.

  In the above description, “VPN” is described as connecting “HGW” installed in two home LANs. However, the present invention is not limited to this and installed in a general LAN. Alternatively, the “gateway devices” may be connected to each other.

  Conventionally, "VPN" generation corresponds to a connection request from a terminal connected to the SIP network or a terminal connectable to "HGW" ("virtual communication path generation request" described in claims) It was only a starting point. However, for example, when considering a usage scene in which a user shares content held in a home LAN outside a home with a friend, the generation of “VPN” starts from a terminal connected to the SIP network. It is not sufficient to be performed as an external network other than the SIP network (corresponding to the “second network” recited in the claims), for example, a terminal connected to a mobile phone network or the like. Is also required. The connection control system according to the present invention adopts the configuration proposed below in order to meet such a demand.

  First, in the following, the outline and features of the connection control system according to the first embodiment, the processing procedure by the connection control system according to the first embodiment, the configuration of the connection control system according to the first embodiment, and the effects of the first embodiment will be described in order. To do.

[Outline and Features of Connection Control System According to Embodiment 1]
The outline and features of the connection control system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram for explaining the outline and features of the connection control system according to the first embodiment.

  As described above, the connection control system according to the first embodiment controls connection between a plurality of HGWs when communication by VPN is applied to communication between the plurality of HGWs connected to the SIP network. In summary, the main feature is that a VPN is generated from a terminal connected to an external network other than the SIP network (a mobile phone network in the first embodiment).

  Briefly describing this main feature, the connection control system according to the first embodiment includes a connection control server 100 (corresponding to “connection control device” described in claims) and a reception server 200 (in claims). Corresponding to the “request accepting device” described above. Here, the connection control server 100 is connected to both the SIP network 1 and the cellular phone network 2 as shown in FIG. The reception server 200 is connected to the mobile phone network 2 as shown in FIG. Note that HGW A and HGW B shown in FIG. 1 are each connected to SIP network 1, and mobile A and mobile B shown in FIG. 1 are each connected to mobile phone network 2.

  In the first embodiment, the reception server 200 includes an identifier DB as illustrated in FIG. The identifier DB is an identifier of the HGW that uniquely identifies the HGW connected to the SIP network 1 in the SIP network 1 (hereinafter referred to as “the identifier of the HGW” corresponding to the “first identifier” recited in the claims). ”And an identifier (hereinafter referred to as“ second identifier ”described in the claims) used by a user who uses a mobile phone connected to the mobile phone network 2 to uniquely identify the HGW. , Referred to as “user identifier”). In the first embodiment, since the telephone number is used as the HGW identifier and the mail address is used as the user identifier, as shown in FIG. 1, the identifier DB includes, for example, an identifier “userA of the user (user of the mobile phone A)” @ example.ne.jp ”and the HGW A identifier“ 0422-xx-1111 ”are stored.

  Under such a configuration, in the first embodiment, as shown in FIG. 1, electronic mail is exchanged between the user of the mobile phone A and the user of the mobile phone B, and the reception server 200 is connected to the SIP network. A connection request for generating a VPN between HGW A and HGW B connected to 1 is received via the mobile phone network 2 by an electronic mail transmitted from each of mobile A and mobile B (FIG. 1). (See (1-1) and (1-2)). At this time, the reception server 200 receives the connection request together with the user identifier. For example, the reception server 200 accepts a connection request from the mobile phone A together with the email address “userB@example.ne.jp” of the mobile phone B user, and accepts a connection request from the mobile phone B from the mobile phone A user's email. Accept with address “userA@example.ne.jp”.

  Subsequently, the reception server 200 searches the identifier DB using each of the user identifiers included in the connection request as a search key, and acquires each of the HGW identifiers stored in association with each of the user identifiers (FIG. 1). (See (2)). For example, the reception server 200 searches the identifier DB using the mail address “userB@example.ne.jp” of the user of the mobile phone B as a search key, and acquires the identifier “03-yyyy-1111” of the HGW B. Further, for example, the reception server 200 searches the identifier DB using the mail address “userA@example.ne.jp” of the user of the mobile phone A as a search key, and acquires the identifier “0422-xx-1111” of the HGW A. .

  Then, the reception server 200 transfers the connection request to the connection control server 100 together with each of the acquired HGW identifiers (see (3) in FIG. 1). For example, the reception server 200 transfers the connection request to the connection control server 100 together with the HGW A identifier “0422-xx-1111” and the HGW B identifier “03-yyyy-1111”.

  Then, the connection control server 100 establishes a SIP session for generating a VPN in the SIP network 1 between each HGW identified from each transferred identifier of the HGW ((4-1) in FIG. 1). And (4-2)). For example, the connection control server 100 uses the third party call control function provided by the SIP network 1 from each of the HGW A identifier “0422-xx-1111” and the HGW B identifier “03-yyyy-1111”. A VPN in the SIP network 1 is generated between the HGW A and the HGW B by performing “3rd Party Call Control” (RFC 3725) or “REFER” (RFC 3515) for each of the identified HGW A and HGW B. (Each of the HGW A and the HGW B accepts a SIP call from the connection control server 100 by using a caller ID notification service by the SIP network 1 or the like). And). Thus, VPN communication is applied to communication between HGW A and HGW B (see (5) in FIG. 1).

  Therefore, according to the connection control system according to the first embodiment, the reception server receives a connection request from a terminal connected to a mobile phone network other than the SIP network, and the reception server sends the connection request to the connection control server. Since the VPN is generated based on the connection request transferred, the VPN can be generated from a terminal connected to a mobile phone network other than the SIP network.

[Procedure for Processing by Connection Control System According to Embodiment 1]
Next, a processing procedure by the connection control system according to the first embodiment will be described with reference to FIGS. FIG. 2 is a sequence diagram (3PCC) illustrating a processing procedure by the connection control system according to the first embodiment, FIG. 3 is a diagram for explaining the identifier DB, and FIG. 4 is a flowchart according to the first embodiment. FIG. 5 is a sequence diagram (REFER) showing a procedure of processing by the connection control system, FIG. 5 is a sequence diagram (3PCC) showing a procedure of disconnection processing by the connection control system according to the first embodiment, and FIG. 2 is a sequence diagram (REFER) showing a procedure of disconnection processing by the connection control system according to FIG.

[Connection processing (3PCC)]
First, a processing procedure by the connection control system according to the first embodiment will be described. It is assumed that the third party call control function provided by the SIP network is “3rd Party Call Control”.

  As shown in FIG. 2, it is assumed that an exchange of mail is performed between the mobile phone A and the mobile phone B (step S101).

  Subsequently, each of the user of the mobile phone A and the user of the mobile phone B transmits a connection request e-mail from each of the mobile phone A and the mobile phone B to the reception server 200 via the mobile phone network 2 (steps S102 and S103). ). Here, the connection request is a connection request for requesting to create a VPN between HGW A and HGW B connected to the SIP network 1. In the first embodiment, it is assumed that the user of the mobile phone A is an administrator of the HGW A and the user of the mobile phone B is an administrator of the HGW B. These connection requests are transmitted together with user identifiers for identifying HGW A and HGW B, respectively. That is, the connection request e-mail sent by the mobile phone A user includes the identifier “userB@example.ne.jp” of the user (mobile phone B user), and the connection sent by the mobile phone B user. The requested e-mail includes an identifier “userA@example.ne.jp” of the user (user of mobile phone A).

  On the other hand, when receiving the connection request e-mail from each of the mobile phone A and the mobile phone B, the receiving server 200 searches the identifier DB using each of the user identifiers included in each e-mail of the connection request as a search key. Each identifier of the HGW stored in association with each is acquired (step S104).

  For example, as shown in FIG. 3, it is assumed that the identifier DB stores a correspondence between a mail address as a user identifier and a telephone number as an HGW identifier. The reception server 200 searches the identifier DB by using the identifier “userB@example.ne.jp” of the user (user of the mobile phone B) included in the connection request e-mail transmitted from the mobile phone A as a search key, and HGW B The identifier “03-yyyy-1111” is acquired. Further, the reception server 200 searches the identifier DB using the identifier “userA@example.ne.jp” of the user (user of the mobile phone A) included in the connection request email transmitted from the mobile phone B as a search key, The identifier “0422-xx-1111” of HGW A is acquired.

  Subsequently, the reception server 200 transfers the connection request together with each of the acquired HGW identifiers to the connection control server 100 (step S105). For example, the reception server 200 transfers the connection request to the connection control server 100 together with the HGW A identifier “0422-xx-1111” and the HGW B identifier “03-yyyy-1111”.

  Then, the connection control server 100 establishes a SIP session for generating a VPN in the SIP network 1 by using “3rd Party Call Control” between each HGW identified from each identifier of the HGW. It is assumed that each of HGW A and HGW B accepts a SIP call from connection control server 100.

  For example, first, the connection control server 100 transmits an “INVITE message” of the SIP signal to the identifier “0422-xx-1111” of the HGW A (step S106). At this time, “From:” of the SIP signal includes the number of the connection control server 100 and does not include SDP.

  Then, the HGW A automatically receives the number of the connection control server 100, and therefore transmits a “200 OK message” of the SIP signal to the number of the connection control server 100 (step S107). At this time, the IP address and port number for the VPN of HGW A are described in the SDP of the SIP signal.

  Subsequently, the connection control server 100 transmits the “INVITE message” of the SIP signal to the identifier “03-yyyy-1111” of the HGW B (step S108). At this time, “From:” of the SIP signal includes the number of the connection control server 100, and the IP address and port number for the VPN of the HGW A are described in the SDP of the SIP signal.

  Then, since the HGW B automatically receives the connection control server 100 number, the SIP signal “200 OK message” is transmitted to the connection control server 100 number (step S109). At this time, the IP address and port number for the VPN of HGW B are described in the SDP of the SIP signal.

  Subsequently, the connection control server 100 transmits an “ACK message” of the SIP signal as a response to the “200 OK message” from the HGW A in response to the identifier “0422-xx-1111” of the HGW A (step S110). ). At this time, the IP address and port number for the VPN of HGW B are described in the SDP of the SIP signal.

  Note that the connection control server 100 also transmits an “ACK message” of the SIP signal as a response to the “200 OK message” from the HGW B to the identifier “03-yyyy-1111” of the HGW B (step S111). ).

  In this way, the connection control server 100 sends a connection completion response to the connection request in step S105 to the reception server 200 (step S112), and the reception server 200 sends a connection completion notification notifying that the VPN generation has been completed. Then, it is transmitted by e-mail to the mobile phone B and the mobile phone A (steps S113 and S114). The connection completion notification may include cancellation information that can instruct cancellation of VPN generation. For example, the e-mail address for notification of completion of connection describes the e-mail address for the cancellation request, and when the mobile user clicks this e-mail address, the generated VPN is disconnected (or the VPN has not yet been generated) A mechanism that can be canceled if not completed) may be adopted.

  On the other hand, a VPN is generated between HGW A and HGW B (step S115), and thus communication by VPN is applied to communication between HGW A and HGW B (step S116).

  In the first embodiment, in steps S102 and S103, a method in which the user of the mobile phone A and the user of the mobile phone B transmit connection request e-mails from the mobile phone A and the mobile phone B to the reception server 200 will be described. However, the present invention is not limited to this. For example, the user of the mobile phone A includes the identifier “userB@example.ne.jp” of the user (mobile phone B) from the mobile phone A in “Cc:” and the identifier of the user (user of the mobile phone A). A method of sending an e-mail including “userA@example.ne.jp” in “From:” may be used. Alternatively, a method of transmitting the e-mails including the reception server 200 in “Cc:” to each other may be used. That is, as long as the reception server 200 can acquire both of the user identifiers for the HGW that generates the VPN, any method of transmitting an e-mail may be used.

  In the first embodiment, the reception server 200 authenticates the connection request from the user of the mobile phone A and the connection request from the user of the mobile phone B using the mail address. The present invention is not limited to this. That is, the authentication strength in the reception server 200 may be increased by attaching a signature to the e-mail. Further, the security level may be increased by providing a condition that the reception server 200 must accept e-mails from both the mobile phone A user and the mobile phone B user. In addition, the reception server 200 may use a technique for preventing impersonation by performing domain restriction (for example, receiving only a mail address of a mobile phone).

  Although not explicitly shown in the first embodiment, when the connection control server 100 receives a connection request from the reception server 200, the connection control server 100 authenticates with the reception server 200 so as not to accept an unauthorized request. May be.

[Connection processing (REFER)]
Next, a processing procedure by the connection control system according to the first embodiment will be described. Note that the third-party call control function provided by the SIP network is “REFER”, and only this point is different from the processing procedure illustrated in FIG. 2. I will explain.

  As shown in FIG. 4, the procedure of steps S201 to S205 is the same as the procedure of steps S101 to S105 illustrated in FIG.

  In step S206, the connection control server 100 establishes a SIP session for generating a VPN in the SIP network 1 by using “REFER” between each HGW identified from each identifier of the HGW. For example, first, the connection control server 100 transmits the “REFER message” of the SIP signal to the identifier “0422-xx-1111” of the HGW A (step S206). At this time, “From:” of the SIP signal includes the number of the connection control server 100, and “Refer-to:” includes the identifier “03-yyyy-1111” of the HGW B. .

  Then, the HGW A automatically receives the connection control server 100 number. Then, the HGW A transmits the “INVITE message” of the SIP signal to the identifier “03-yyyy-1111” of the HGW B included in “Refer-to:” (step S207). At this time, “From:” of the SIP signal includes the identifier “0422-xx-1111” of HGW A, and “Referred-by:” includes the number of the connection control server 100. In the SDP of the SIP signal, the VPN IP address and port number of the HGW A are described.

  Subsequently, the HGW B automatically receives the connection control server 100 number. Then, the SIP signal “200 OK message” is transmitted to the identifier “0422-xx-1111” of the HGW A (step S208). At this time, the IP address and port number for the VPN of HGW B are described in the SDP of the SIP signal.

  Then, the HGW A transmits an “ACK message” of the SIP signal as a response to the “200 OK message” from the HGW B in response to the identifier “03-yyyy-1111” of the HGW B (step S209). Further, the HGW A transmits a “NOTIFY message” of the SIP signal as a connection completion notification to the connection control server 100 (step S210). The “NOTIFY message” may be transmitted after the VPN connection is completed. In this case, the connection control server 100 can confirm until the VPN connection is completed.

  In this way, the connection control server 100 sends a connection completion response to the connection request in step S205 to the reception server 200 (step S211), and the reception server 200 sends a connection completion notification notifying that the VPN generation has been completed. Then, it is transmitted by e-mail to the mobile phone B or the mobile phone A (steps S212 and S213).

  On the other hand, a VPN is generated between HGW A and HGW B (step S214), and thus communication by VPN is applied to communication between HGW A and HGW B (step S215).

[3PCC, REFER connection authorization policy]
By the way, as described above, whether the connection process is performed by 3PCC or REFER is almost the same except that the sequence is different. However, since the caller information included in the SIP signal is different, the connection authorization is performed. Policy will be different.

  Specifically, in the case of 3PCC, the SIP signal “INVITE message” is transmitted from the connection control server 100 to the HGW A, and the SIP signal “INVITE message” is transmitted from the connection control server 100 to the HGW B. Therefore, both caller numbers are the connection control server 100. For this reason, both HGW A and HGW B are set to permit connection from the connection control server 100. Note that the connection control server 100 may include the telephone number information of both the HGW A and the HGW B as additional information in the “From:” line in the “INVITE message” transmitted to the HGW A and the HGW B, respectively. Good. In this way, HGW A and HGW B can also use these telephone number information for subsequent mutual authentication.

  On the other hand, in the case of REFER, the “REFER message” is transmitted from the connection control server 100 to one (HGW A in the first embodiment), and HGW A is based on the telephone number of HGW B included in this message. , “INVITE message” to HGW B is transmitted. Then, the caller ID received by HGW B is that of HGW A, and the information of connection control server 100 is included as additional information. For this reason, HGW B performs connection permission based on additional information rather than performing connection permission based on a caller number. In the case of REFER, both the HGW A and the HGW B can know the telephone number of the communication partner, so that these telephone number information can be used for the subsequent mutual authentication.

[Cut processing (3PCC)]
Next, a procedure of disconnection processing by the connection control system according to the first embodiment will be described. It is assumed that the third party call control function provided by the SIP network is “3rd Party Call Control”. Further, the procedure of the disconnection process can be implemented by the same mechanism as the procedure of the connection process illustrated in FIG.

  As shown in FIG. 5, it is assumed that a mail is exchanged between the mobile phone A and the mobile phone B (step S301).

  Subsequently, each of the user of the mobile phone A and the user of the mobile phone B transmits a disconnection request e-mail from each of the mobile phone A and the mobile phone B to the reception server 200 via the mobile phone network 2 (steps S302 and S303). ). Here, the disconnection request is a disconnection request for requesting disconnection of the VPN generated between HGW A and HGW B connected to the SIP network 1. These disconnect requests are transmitted together with user identifiers for identifying HGW A and HGW B, respectively. That is, the disconnection request email sent by the user of the mobile phone A includes the identifier “userB@example.ne.jp” of the user (user of the mobile phone B), and the disconnection sent by the user of the mobile phone B The requested e-mail includes an identifier “userA@example.ne.jp” of the user (user of mobile phone A).

  On the other hand, like the connection process, the accepting server 200 accepts the disconnect request e-mail from each of the mobile phone A and the mobile phone B, and searches the identifier DB using each of the user identifiers included in each of the disconnect request e-mails as a search key. Then, each identifier of the HGW stored in association with each identifier of the user is acquired (step S304).

  For example, the reception server 200 searches the identifier DB using the identifier “userB@example.ne.jp” of the user (user of the mobile phone B) included in the email of the disconnection request transmitted from the mobile phone A as a search key, The identifier “03-yyyy-1111” of HGW B is acquired. Further, the reception server 200 searches the identifier DB using the identifier “userA@example.ne.jp” of the user (user of the mobile phone A) included in the email of the disconnection request transmitted from the mobile phone B as a search key, The identifier “0422-xx-1111” of HGW A is acquired.

  Subsequently, the reception server 200 transfers the disconnection request to the connection control server 100 together with each acquired identifier of the HGW, similarly to the connection process (step S305). For example, the reception server 200 transfers the disconnection request to the connection control server 100 together with the HGW A identifier “0422-xx-1111” and the HGW B identifier “03-yyyy-1111”.

  Then, similarly to the connection process, the connection control server 100 disconnects the VPN in the SIP network 1 by “3rd Party Call Control” between the HGWs identified from the respective HGW identifiers.

  For example, first, the connection control server 100 transmits the “BYE message” of the SIP signal to the identifier “0422-xx-1111” of the HGW A (step S306). At this time, “From:” of the SIP signal includes the number of the connection control server 100, and information (for example, a VPN is generated) identifying the SIP session that is the target of the disconnection process in the SIP signal. Call-ID, etc.) that identifies the session established to do that.

  Then, since the HGW A automatically receives the number of the connection control server 100, the HGW A transmits a “200 OK message” of the SIP signal to the number of the connection control server 100 (step S307). At this time, in the SDP of the SIP signal, Call-ID is described as information for identifying the SIP session to be disconnected.

  Subsequently, the connection control server 100 transmits the “BYE message” of the SIP signal to the identifier “03-yyyy-1111” of the HGW B (step S308). At this time, “From:” of the SIP signal includes the number of the connection control server 100, and the SIP signal includes Call-ID.

  Then, since the HGW B automatically receives the connection control server 100 number, the SIP signal “200 OK message” is transmitted to the connection control server 100 number (step S309). At this time, in the SDP of the SIP signal, Call-ID is described as information for identifying the SIP session to be disconnected.

  In this way, the connection control server 100 sends a disconnection completion response to the connection request in step S305 to the reception server 200 (step S310), and the reception server 200 sends a disconnection completion notification notifying that the VPN disconnection has been completed. Then, it is transmitted by e-mail to the mobile phone B or the mobile phone A (steps S311 and S312).

  On the other hand, between the HGW A and the HGW B, the VPN is disconnected by disconnecting the SIP session (step S313).

[Disconnect processing (REFER)]
Next, a procedure of disconnection processing by the connection control system according to the first embodiment will be described. It is assumed that the third party call control function provided by the SIP network is “REFER”. Further, the procedure of the disconnection process can be implemented by the same mechanism as the procedure of the connection process illustrated in FIG.

  As shown in FIG. 6, the procedure of steps S401 to S405 is the same as the procedure of steps S301 to S305 illustrated in FIG.

  In step S406, the connection control server 100 disconnects the VPN in the SIP network 1 by “REFER” between each HGW identified from each identifier of the HGW. For example, first, the connection control server 100 transmits the “REFER message” of the SIP signal to the identifier “0422-xx-1111” of the HGW A (step S406). At this time, the “From:” of the SIP signal includes the number of the connection control server 100, and “Refer-to:” includes the identifier “03-yyyy-1111” of the HGW B and the disconnection instruction “ method = BYE ”is included.

  Then, the HGW A automatically receives the connection control server 100 number. Then, the HGW A transmits the “BYE message” of the SIP signal to the identifier “03-yyyy-1111” of the HGW B included in “Refer-to:” (step S407). At this time, “From:” of the SIP signal includes the identifier “0422-xx-1111” of HGW A, and “Referred-by:” includes the number of the connection control server 100. In the SDP of the SIP signal, Call-ID is described as information for identifying the SIP session to be disconnected.

  Subsequently, the HGW B transmits the “200 OK message” of the SIP signal to the identifier “0422-xx-1111” of the HGW A (step S408). At this time, in the SDP of the SIP signal, Call-ID is described as information for identifying the SIP session to be disconnected.

  Then, the HGW A transmits a “NOTIFY message” of the SIP signal as a disconnection completion notification to the connection control server 100 (step S409). The “NOTIFY message” may be transmitted after VPN disconnection is completed. In this case, the connection control server 100 can confirm until the VPN disconnection is completed.

  In this way, the connection control server 100 sends a disconnection completion response to the disconnection request in step S405 to the reception server 200 (step S410), and the reception server 200 sends a disconnection completion notification notifying that the VPN disconnection has been completed. Then, it is transmitted by e-mail to the mobile phone B and the mobile phone A (steps S411 and S412).

  On the other hand, the VPN is disconnected between the HGW A and the HGW B by disconnecting the SIP session (step S413).

[Disconnect processing options]
In the first embodiment, the method in which the connection control server 100 performs VPN disconnection processing when the reception server 200 receives a disconnection request has been described. However, the present invention is not limited to this. For example, the present invention can be similarly applied to a method in which the connection control server 100 automatically performs VPN disconnection processing after a predetermined time has elapsed. For example, the reception server 200 stores a predetermined time and measures the disconnection timing, and even when the reception server 200 itself transmits a disconnection request to the connection control server 100 when the predetermined time is reached. Good. Alternatively, the connection control server 100 may store a predetermined time and measure the timing for disconnection, and the connection control server 100 itself may start the disconnection process when a predetermined time is reached.

[Configuration of Connection Control System According to Embodiment 1]
Next, the configuration of the connection control system according to the first embodiment will be described with reference to FIG. FIG. 7 is a block diagram illustrating configurations of the connection control server and the reception server in the first embodiment.

[Connection control server 100]
As shown in FIG. 7, the connection control server 100 includes a communication unit 110 and a control unit 130 as closely related to the present invention.

  The communication unit 110 includes a general interface and library for SIP communication or HTTP (HyperText Transfer Protocol) communication, and transmits and receives information to and from the reception server 200 and the HGW.

  The control unit 130 includes a SIP processing unit 131 that is closely related to the present invention. When a connection request is transferred from the reception server 200, the SIP processing unit 131 generates a SIP for generating a VPN in the SIP network 1 between each HGW identified from each HGW identifier transferred together with the connection request. Establish a session for.

[Reception server 200]
As shown in FIG. 7, the reception server 200 includes a communication unit 210, a storage unit 220, and a control unit 230, which are closely related to the present invention.

  The communication unit 210 includes a general interface and library for SMTP (Simple Mail Transfer Protocol) communication and HTTP communication, and transmits / receives information to / from the connection control server 100 and the mobile phone.

  The storage unit 220 includes an identifier DB 221 that is closely related to the present invention. The identifier DB 221 stores associations between HGW identifiers and user identifiers. Specifically, the identifier DB 221 is connected to the mobile phone network 2 without being connected to the SIP network 1 and the identifier of the HGW that uniquely identifies the HGW connected to the SIP network 1 on the SIP network 1. The association with the user identifier used for uniquely identifying the HGW by the user who uses the mobile phone is stored. The association stored in the identifier DB 221 is used for processing by a telephone number acquisition unit 232 described later. The identifier DB 221 may store these associations by registering in advance by a portable user, or may store each time a VPN connection service is provided.

  The control unit 230 includes a VPN connection request reception unit 231, a telephone number acquisition unit 232, and a VPN connection request transfer unit 233 as closely related to the present invention.

  The VPN connection request accepting unit 231 accepts a connection request. Specifically, the VPN connection request receiving unit 231 sends a connection request for generating a VPN between a plurality of HGWs connected to the SIP network 1 from the mobile phone connected to the mobile phone network 2. Together with user identifiers for identifying the respective HGWs via the mobile phone network 2. In addition, the VPN connection request receiving unit 231 transmits the received connection request to the telephone number acquisition unit 232.

  The telephone number acquisition unit 232 acquires a telephone number that is an identifier of the HGW. Specifically, when the connection request is transmitted from the VPN connection request receiving unit 231, the telephone number acquisition unit 232 searches the identifier DB 221 using each of the user identifiers included in the connection request as a search key, and Each HGW telephone number is acquired as an HGW identifier stored in association with each identifier. In addition, the telephone number acquisition unit 232 transmits the acquired telephone number to the VPN connection request transfer unit 233.

  The VPN connection request transfer unit 233 transfers the connection request to the connection control server 100. Specifically, when the telephone number is transmitted by the telephone number acquisition unit 232, the VPN connection request transfer unit 233 transfers the connection request together with each of the telephone numbers to the connection control server 100.

[Effect of Example 1]
As described above, according to the first embodiment, the HGW identifier that uniquely identifies the HGW connected to the SIP network on the SIP network is different from the SIP network without being connected to the SIP network. A user who uses a mobile phone connected to a mobile phone network stores a correspondence with a user identifier used to uniquely identify the HGW in the identifier DB, and a VPN between a plurality of HGWs connected to the SIP network. When a connection request is received from the mobile phone connected to the mobile phone network, together with each of the user identifiers that identify each of the plurality of HGWs, and the connection request is received, The identifier DB is searched using each user identifier included in the connection request as a search key, and each HGW identifier stored in association with each user identifier is acquired. Since a VPN in the SIP network is generated between each of the HGWs identified from the acquired identifiers of the HGW, the VPN is set based on a connection request from a terminal connected to an external network other than the network to which the HGW is connected. Can be generated.

  For example, by accepting a connection request to the SIP network from a mobile phone or the like outside the SIP network, it becomes possible to provide a VPN connection service provided by the SIP network and the HGW to users outside the SIP network, For example, when the user is outside the home, it is possible to realize a limited use scene so far, such as having a friend browse the content.

  Further, according to the first embodiment, since a connection request is received by an e-mail transmitted from a mobile phone connected to a mobile phone network, VPN generation from a connection request from a terminal connected to an external network is generated. It can be realized by a simple method.

  Further, according to the first embodiment, a third party call control function (for example, “3rd Party Call Control” or “3rd Party Call Control”) in which a HGW call is controlled by a third party device (connection control server) different from a plurality of HGWs. Since the VPN is generated using “REFER” etc., it becomes possible to generate a virtual communication path starting from a connection request from a terminal connected to an external network using an existing method. .

  Further, according to the first embodiment, a disconnection request for disconnecting communication using the generated VPN is transmitted from the mobile connected to the mobile phone network together with each user identifier for identifying each of the plurality of HGWs. When receiving a disconnection request via the telephone network, the identifier DB is searched using each of the user identifiers included in the disconnection request as a search key, and each identifier of the HGW stored in association with each identifier of the user is stored. Since the VPN generated between each HGW identified from each acquired HGW identifier is disconnected, the VPN generated from the connection request from the terminal connected to the external network is It becomes possible to disconnect from a disconnection request from a terminal connected to the network.

  Further, according to the first embodiment, when a VPN is generated, a completion notification for notifying that the generation of the VPN is completed is sent together with cancellation information that can be used to instruct to cancel the generation of the VPN. When the VPN is transmitted to the terminal that has been transmitted and the instruction by the cancellation information is accepted, the VPN designated by the instruction by the cancellation information is disconnected, so that the VPN generated from the connection request from the terminal connected to the external network is It becomes possible to cancel easily.

  So far, as the first embodiment, a method has been described in which the connection control server accepts a connection request by e-mail, but the present invention is not limited to this. As a method for the connection control server to accept a connection request, for example, a method of accepting by web communication in addition to an electronic mail is conceivable. In the following, as a second embodiment, a method in which the connection control server receives a connection request through Web communication will be described.

  First, in the following, an overview and characteristics of a connection control system according to the second embodiment, a processing procedure by the connection control system according to the second embodiment, and effects of the second embodiment will be described in order.

[Outline and Features of Connection Control System According to Second Embodiment]
The outline and features of the connection control system according to the second embodiment will be described with reference to FIG. FIG. 8 is a diagram for explaining the outline and features of the connection control system according to the second embodiment.

  As in the first embodiment, the connection control system according to the second embodiment controls connection between the plurality of HGWs when communication by the VPN is applied to communication between the plurality of HGWs connected to the SIP network. However, unlike the first embodiment, the connection control server accepts a connection request through Web communication. However, unlike the first embodiment, the connection control server accepts a connection request through Web communication. .

  That is, the connection control system according to the second embodiment includes the connection control server 100 and the reception server 200 as in the first embodiment. In the second embodiment, the reception server 200 includes an identifier DB as shown in FIG. 8 as in the first embodiment.

  Under such a configuration, in the second embodiment, as in the first embodiment, as shown in FIG. 8, an email is exchanged between the user of the mobile phone A and the user of the mobile phone B. Unlike the first embodiment, first, the user of the mobile phone A transmits to the user of the mobile phone B a connection permission that allows the VPN to be generated between the HGW A and the HGW B by e-mail. (See (1) in FIG. 8). At this time, in the second embodiment, it is assumed that a signature by the user of the mobile phone A is attached to the electronic mail together with the mail address “userA@example.ne.jp” of the mobile phone A user.

  Then, the accepting server 200 accepts a connection request for generating a VPN between the HGW A and the HGW B connected to the SIP network 1 via the mobile phone network 2 by Web communication from the mobile B. (See (2) in FIG. 8). At this time, the reception server 200 receives the connection request together with the user identifier. For example, the reception server 200 receives a connection request from the mobile phone B together with the terminal ID of the mobile phone B, and receives the mail address “userA@example.ne.jp” of the user of the mobile phone A. Further, in the second embodiment, it is assumed that a signature from the user of the mobile phone A and a certificate of the user of the mobile phone B are attached to the Web communication from the mobile phone B.

  Subsequently, as in the first embodiment, the reception server 200 searches the identifier DB using each of the user identifiers included in the connection request as a search key, and stores each of the HGW identifiers stored in association with each of the user identifiers. Obtain (see (3) in FIG. 8).

  And the reception server 200 transfers a connection request | requirement to the connection control server 100 with each acquired identifier of HGW similarly to Example 1 (refer (4) of FIG. 8).

  Then, as in the first embodiment, the connection control server 100 establishes a SIP session for generating a VPN in the SIP network 1 between each HGW identified from each transferred HGW identifier (FIG. 8). (See (5-1) and (5-2)).

  For this reason, according to the connection control system according to the second embodiment, as in the first embodiment, the reception server receives a connection request from a terminal connected to a mobile phone network other than the SIP network, and the reception server connects. Since the request is transferred to the connection control server and the connection control server generates the VPN based on the transferred connection request, it is possible to generate the VPN from the terminal connected to the mobile phone network other than the SIP network. become.

[Procedure for Processing by Connection Control System According to Second Embodiment]
Next, a processing procedure by the connection control system according to the second embodiment will be described with reference to FIGS. 9 and 10. FIG. 9 is a sequence diagram (3PCC, REFER) illustrating a procedure of processing by the connection control system according to the second embodiment. FIG. 10 is a sequence diagram illustrating a procedure of disconnection processing by the connection control system according to the second embodiment. 3PCC, REFER).

[Connection processing (3PCC, REFER)]
First, a processing procedure by the connection control system according to the second embodiment will be described. The third party call control function provided by the SIP network may be either “3rd Party Call Control” or “REFER”. That is, the procedure shown in step S508 of FIG. 9 is a procedure in which the same SIP signal as that of the processing procedure of the first embodiment (FIG. 2 or 4) is transmitted, and either “3rd Party Call Control” or “REFER” This pattern is also applicable.

  As shown in FIG. 9, it is assumed that exchanges by mail are performed between the mobile phone A and the mobile phone B as in the first embodiment (step S501).

  Subsequently, in the second embodiment, the user of the mobile phone A transmits a connection permission e-mail from the mobile phone A to the user of the mobile phone B (step S502). Here, the connection permission is a connection permission that permits generation of a VPN between HGW A and HGW B connected to the SIP network 1. The connection permission is transmitted together with the user identifier for identifying the HGW A. That is, the connection permission e-mail includes the identifier “userA@example.ne.jp” of the user (user of mobile phone A). Further, in the second embodiment, the connection permission e-mail includes the signature of the user of the mobile phone A and the URL (Uniform Resource Locator) of the receiving server 200.

  For example, such as “http://server.com/vpn-to?userA@example.ne.jp”, the one inserted with the user identifier in the link to the reception server 200 is included in the e-mail. (This can be done by using a dedicated mail creation tool). The user of the mobile phone B who has received such an e-mail can click on the link, and the mobile phone B can connect to the reception server 200 through Web communication.

  The signing by the user of the mobile phone A is based on the connection permission of the mobile phone A user (the administrator of the HGW A) for the connection request received from the mobile phone B by the reception server 200 later. It is transmitted to confirm whether or not it is. That is, when the reception server 200 transfers a connection request for generating a VPN between HGW A and HGW B to the connection control server 100, the connection request is surely an administrator of HGW A and an administrator of HGW B. By confirming whether or not it is based on the permission of the security, the strength of security is increased. Therefore, when it is not necessary to be particular about the strength of security depending on the form of operation, the signature of the user of the mobile phone A may be treated as an option. If it is necessary to further improve the strength of security, such as preventing replay (preventing repeated use by the user of mobile phone B), it is effective to use a signature including a random number. Alternatively, for example, a connection confirmation e-mail may be transmitted to the user of the mobile phone A.

  The URL of the reception server 200 assumes that the user of the mobile phone B is unknown about the URL of the reception server 200. Therefore, if the user of the mobile phone B knows the URL of the reception server 200, the URL of the reception server 200 may be treated as an option.

  Next, the user of the mobile phone B that has received the connection permission e-mail from the user of the mobile phone A performs a connection request Web communication from the mobile phone B to the reception server 200 (step S503). This connection request is sent along with each of the user identifiers that identify HGW A and HGW B, respectively. That is, in the connection request transmitted from the mobile phone B, the user (user of the mobile phone A) included in the connection permission email transmitted from the user of the mobile phone A as the user identifier for identifying the HGW A The identifier “userA@example.ne.jp” is included. In the second embodiment, the terminal ID of the mobile phone B, a certificate, and the like are included as user identifiers for identifying the HGW B. Furthermore, a signature by the user of the mobile phone A is included.

  On the other hand, when receiving the connection request Web communication from the mobile phone B, the receiving server 200 first authenticates the user of the mobile phone B that is the transmission source of the connection request (step S504). For example, the reception server 200 checks the connection request based on the terminal ID or certificate of the mobile B included in the connection request by collating with the authentication DB 1 that stores authentication information in advance for the user of the mobile B. It authenticates that the transmission source is indeed the user of the mobile phone B.

  Subsequently, the reception server 200 verifies the signature by the user of the mobile phone A included in the connection request, so that the connection request is surely granted to the connection permission of the user of the mobile phone A (administrator of the HGW A). It is confirmed whether it is based (step S505). For example, the reception server 200 confirms the connection request by the signature by the user of the mobile phone A included in the connection request by collating with the authentication DB 2 in which authentication information is stored in advance for the user of the mobile phone A. Confirm that it is based on the connection permission of the user of the mobile phone A.

  Thus, when the reception server 200 authenticates the user of the mobile phone B that is the transmission source of the connection request and confirms that the connection request is based on the connection permission of the mobile phone A user, Similarly, the identifier DB is searched by using each user identifier included in the connection request as a search key, and each HGW identifier stored in association with each user identifier is acquired (step S506).

  For example, it is assumed that, for the user of the mobile phone A, the identifier DB stores a correspondence between a mail address as a user identifier and a telephone number as an HGW identifier. On the other hand, for the user of the mobile phone B, it is assumed that the correspondence between the terminal ID as the user identifier and the telephone number as the HGW identifier is stored. The reception server 200 searches the identifier DB using the identifier “userA@example.ne.jp” of the user (user of the mobile phone A) as a search key, and acquires the identifier “0422-xx-1111” of the HGW A. In addition, the reception server 200 searches the identifier DB using the terminal ID of the mobile phone B that is the identifier of the user (user of the mobile phone B) as a search key, and acquires the identifier “03-yyyy-1111” of the HGW B.

  The subsequent processing is the same as in the first embodiment, and briefly described. The reception server 200 transfers the connection request together with each of the acquired HGW identifiers to the connection control server 100 (step S507). The SIP signal similar to the “3rd Party Call Control” sequence and “REFER” sequence described as the processing procedure by the connection control system according to the first embodiment is transmitted and received (step S508), and the connection control server 100 receives the reception server. In response to the connection request in step S507 (step S509), the reception server 200 transmits a connection completion notification to the mobile phone B via Web communication (step S510). On the other hand, it transmits by electronic mail (step S511). Note that the connection completion notification for the mobile phone B is sent as a response in Web communication, and thus is considered to be generally transmitted, but the connection completion notification for the mobile phone A may be treated as an option.

  On the other hand, a VPN is generated between HGW A and HGW B as in the first embodiment (step S512), and thus communication by VPN is applied to communication between HGW A and HGW B (step S513). .

  In the second embodiment, authentication that the transmission source of the connection request is the user of the mobile phone B is performed in step S504, and the connection request is based on the connection permission of the user of the mobile phone A in step S505. However, the present invention is not limited to this. That is, when it is not necessary to pay attention to the strength of security depending on the operation form, etc., these authentications and confirmations do not have to be performed.

[Cutting process (3PCC, REFER)]
Next, a processing procedure by the connection control system according to the second embodiment will be described. The third party call control function provided by the SIP network may be either “3rd Party Call Control” or “REFER”. That is, the procedure shown in step S608 of FIG. 10 is to transmit the same SIP signal as the processing procedure of the first embodiment (FIG. 5 or FIG. 6), and either “3rd Party Call Control” or “REFER” This pattern is also applicable.

  As shown in FIG. 10, it is assumed that an exchange of mail is performed between the mobile phone A and the mobile phone B (step S601).

  Subsequently, in the second embodiment, the user of the mobile phone A transmits a disconnection-permitted e-mail from the mobile phone A to the user of the mobile phone B (step S602). Here, the disconnection permission is a disconnection permission that permits the VPN generated between the HGW A and the HGW B connected to the SIP network 1 to be disconnected. Similarly to the connection permission, the disconnection permission is transmitted together with the user identifier for identifying the HGW A. Further, in the second embodiment, similarly to the connection permission, the signature of the mobile phone A user and the URL of the reception server 200 are included. It is.

  Next, the user of the mobile phone B that has received the e-mail for permission of disconnection from the user of the mobile phone A performs web communication for a disconnect request from the mobile phone B to the reception server 200 (step S603). This disconnect request is transmitted together with each of the user identifiers that identify HGW A and HGW B, as in the connection request. In the second embodiment, as with the connection request, the user ID for identifying the HGW B includes the terminal ID of the mobile phone B, a certificate, and the like, and further includes the signature of the user of the mobile phone A. .

  On the other hand, when accepting the web communication for the disconnection request from the mobile phone B, the accepting server 200 first authenticates the user of the mobile phone B that is the transmission source of the disconnection request as in the connection request (step S604).

  Subsequently, the reception server 200 verifies the signature by the user of the mobile phone A included in the disconnection request in the same manner as the connection request, so that the disconnection request is surely received by the user of the mobile phone A (the administrator of the HGW A). ) Is confirmed based on the disconnection permission (step S605).

  In this way, when the reception server 200 authenticates the user of the mobile phone B that is the transmission source of the disconnection request and confirms that the disconnection request is based on the disconnection permission of the user of the mobile phone A, it is the same as the connection request. Then, the identifier DB is searched using each user identifier included in the disconnection request as a search key, and each HGW identifier stored in association with each user identifier is acquired (step S606).

  The subsequent processing is the same as that of the first embodiment, and briefly described. The reception server 200 transfers the disconnection request together with each of the acquired identifiers of the HGW to the connection control server 100 (step S607). The SIP signal similar to the “3rd Party Call Control” sequence and “REFER” sequence described as the processing procedure by the connection control system according to the first embodiment is transmitted and received (step S608), and the connection control server 100 receives the reception server. 200 receives a disconnection completion response to the disconnection request in step S607 (step S609), and the reception server 200 transmits a disconnection completion notification to the mobile phone B by Web communication (step S610). On the other hand, it transmits by electronic mail (step S611). Note that the disconnection completion notification for the mobile phone B is sent as a response in Web communication, and thus is considered to be generally transmitted, but the disconnection completion notification for the mobile phone A may be treated as an option.

  On the other hand, between HGW A and HGW B, the VPN is disconnected as in the first embodiment (step S612).

[Effect of Example 2]
As described above, according to the second embodiment, since the connection request is accepted by the Web communication performed from the terminal connected to the mobile phone network, the connection request from the terminal connected to the external network is used as a starting point. VPN generation can be realized by a simple method.

  So far, in the second embodiment, after the accepting server that accepts the connection request from only one mobile phone verifies the signature (signature by the other mobile phone user) included in the connection request, the connection is made. A method for transferring the connection request to the control server has been described. This method can be said that the reception server verifies the signature included in the connection request and regards the connection request as a connection request based on a connection permission by the other mobile user. Therefore, in the third embodiment, after the reception server that accepts the connection request from only one mobile phone confirms the connection to the other mobile user indicated by the connection request, the connection server connects to the connection control server. Describes how to forward requests.

[Procedure for Processing by Connection Control System According to Embodiment 3]
The procedure of the process performed by the connection control system according to the third embodiment will be described with reference to FIG. FIG. 11 is a sequence diagram (3PCC, REFER) illustrating a processing procedure performed by the connection control system according to the third embodiment.

[Connection processing (3PCC, REFER)]
A procedure of processing by the connection control system according to the third embodiment will be described. The third party call control function provided by the SIP network may be either “3rd Party Call Control” or “REFER”. That is, the procedure shown in step S709 in FIG. 11 is the same SIP signal as that in the processing procedure of the first embodiment (FIG. 2 or 4) is transmitted, and either “3rd Party Call Control” or “REFER” This pattern is also applicable.

  As shown in FIG. 11, it is assumed that exchanges by mail are performed between the mobile phone A and the mobile phone B as in the second embodiment (step S701).

  Subsequently, in the third embodiment, the user of the mobile phone A transmits a connection request e-mail from the mobile phone A to the reception server 200 (or by connecting to the reception server 200 via Web communication). (Step S702). This connection request is sent along with each of the user identifiers that identify HGW A and HGW B, respectively. For example, in the connection request transmitted from the mobile phone A, the identifier “userA@example.ne.jp” of the user (user of the mobile phone A) included in the e-mail is used as the user identifier for identifying the HGW A. The identifier “userB@example.ne.jp” of the user (user of the mobile phone B) is included as an identifier of the user that identifies the HGW B.

  Note that the user identifier is not limited to a mail address, and may be a mobile phone number or a terminal ID. However, when the identifier of the user (user of mobile phone B) is a mobile phone number, terminal ID, or the like, as will be described later, when receiving server 200 confirms connection to mobile phone B by e-mail (described later). Since the reception server 200 does not know the mail address of the user of the mobile phone B, the connection confirmation e-mail cannot be transmitted (see step S704). Therefore, in such a case, the reception server 200 needs to search for an email address using an identifier as a search key from an address DB that stores the identifier and the email address in association with each other (for example, described later). It may be performed between step S703 and step S704).

  The reception server 200 that has received the connection request first authenticates the user of the mobile phone A that is the transmission source of the connection request (step S703). For example, the reception server 200 collates with the authentication DB 1 in which authentication information is stored in advance for the user of the mobile phone A, so that the connection request in step S702 is transmitted by Web communication. If so, it authenticates that the source of the connection request is indeed the user of the mobile A (by the terminal ID or certificate of the mobile A included in the connection request).

  Subsequently, the reception server 200 transmits a connection confirmation e-mail to the user of the mobile phone B (step S704). Here, the connection confirmation is a connection confirmation for confirming whether or not the user of the mobile phone B is aware that the VPN is generated between the HGW A and the HGW B connected to the SIP network 1. . The connection confirmation is transmitted together with the user identifier for identifying the HGW A, the URL of the reception server 200, and a request identifier (such as a reception number for identifying the connection request made in step S702 in the reception server 200).

  Then, the user of the mobile phone B that has received the connection confirmation e-mail from the reception server 200 performs Web communication for permitting connection from the mobile phone B to the URL received from the reception server 200 (step S705). For example, in addition to the request identifier received from the reception server 200, the connection permission includes a terminal ID of the mobile phone B, a certificate, and the like as a user identifier for identifying the HGW B. The connection permission may be performed by e-mail.

  Subsequently, the reception server 200 that has received the connection permission authenticates the user of the mobile phone B that is the transmission source of the connection permission (step S706). For example, the reception server 200 collates with the authentication DB 2 in which authentication information is stored in advance for the user of the mobile phone B, so that the connection permission transmission source is determined by the terminal ID or the certificate included in the connection permission. Authenticate that it is a user of mobile phone B.

  Thereafter, the reception server 200 searches the identifier DB using each of the user identifiers included in the connection request in step S702 and the connection permission in step S705 as a search key, and stores the identifier of the HGW stored in association with each user identifier. Each is acquired (step S707), the connection request is transferred to the connection control server 100 together with each acquired identifier of the HGW (step S708), and subsequently described as a processing procedure by the connection control system according to the first embodiment. The same SIP signal as that of the “3rd Party Call Control” sequence or the “REFER” sequence is transmitted / received (step S709), and the connection control server 100 sends a connection completion response to the connection request in step S708 to the reception server 200. (Step S710), the reception server 200 completes the connection. A notification, and sends the Web communication or e-mail to the mobile B (step S711), and transmits the Web communication or e-mail to the mobile A (step S712).

  On the other hand, a VPN is generated between HGW A and HGW B as in the first embodiment (step S713), and thus communication by VPN is applied to communication between HGW A and HGW B (step S714). .

[Cutting process (3PCC, REFER)]
In the third embodiment, only the procedure of the connection process has been described, but the procedure of the disconnection process can also be implemented by the same mechanism as the procedure of the connection process illustrated in FIG.

  So far, as examples 1 to 3, a case where the reception server receives connection requests from two terminals when generating a VPN between two HGWs has been described. However, the present invention is not limited to this. It is not something that can be done. The present invention can be similarly applied to a case where a reception server receives a connection request from one terminal and generates a VPN between two HGWs according to the connection request. For example, a usage scene in which a user generates a VPN between a home LAN and an arbitrary base (for example, an office LAN) outside the home can be considered. In the following, as a fourth embodiment, a case will be described in which the reception server receives a connection request from one terminal and generates a VPN between two HGWs.

[Procedure for Processing by Connection Control System According to Embodiment 4]
In the following, a processing procedure by the connection control system according to the fourth embodiment will be described with reference to FIG. FIG. 12 is a diagram for explaining a processing procedure by the connection control system according to the fourth embodiment.

  The third party call control function provided by the SIP network may be either “3rd Party Call Control” or “REFER”. That is, the procedure shown in step S804 in FIG. 12 is the same SIP signal as that in the processing procedure of the first embodiment (FIG. 2 or FIG. 4), and either “3rd Party Call Control” or “REFER” This pattern is also applicable.

  As shown in FIG. 12, in the fourth embodiment, the user of the mobile phone A transmits a connection request e-mail from the mobile phone A to the reception server 200 (step S801). Here, the connection request is a connection request for requesting to create a VPN between HGW A and HGW B connected to the SIP network 1. In the fourth embodiment, the user of the mobile phone A is the manager of the HGW A and is not the manager of the HGW B. For example, the HGW B is the HGW of the office where the user of the mobile phone A works. Is assumed. These connection requests are transmitted together with user identifiers for identifying HGW A and HGW B, respectively. That is, the connection request e-mail transmitted by the user of the mobile phone A includes the identifier of the user (user of the mobile phone A) and the identifier of the user (office).

  On the other hand, when receiving the connection request e-mail from the mobile phone A, the accepting server 200 searches the identifier DB using each of the user identifiers included in each e-mail of the connection request as a search key, and associates it with each user identifier. Each of the stored HGW identifiers is acquired (step S802).

  The subsequent processing is the same as in the first embodiment, and briefly described. The reception server 200 transfers the connection request together with each acquired identifier of the HGW to the connection control server 100 (step S803). The SIP signal similar to the “3rd Party Call Control” sequence and “REFER” sequence described as the processing procedure by the connection control system according to the first embodiment is transmitted and received (step S804), and the connection control server 100 receives the reception server. A connection completion response to the connection request in step S703 is sent to 200 (step S805), and the reception server 200 transmits a connection completion notification to the mobile phone A by e-mail (step S806).

  On the other hand, a VPN is generated between HGW A and HGW B as in the first embodiment (step S807), and thus communication by VPN is applied to communication between HGW A and HGW B (step S808). .

[Other embodiments]
Although the embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the above-described embodiments.

[network]
Up to now, as examples 1 to 4, the case where the first network is the SIP network and the second network is the mobile phone network has been described, but the present invention is not limited to this. If the network to which the communication device that generates the VPN is connected and the network to which the terminal that transmits the connection request for generating the VPN is connected are different, what is the first network or the second network? It may be a simple network.

[Identifier DB]
So far, the methods of providing the identifier DB in the reception server have been described as Embodiments 1 to 4, but the present invention is not limited to this. For example, the present invention can be similarly applied to a technique in which the connection control server includes the identifier DB. In this case, when the request reception server receives a connection request from a terminal connected to the mobile phone network, the request reception server transfers the connection request to a connection control server connected to each of the SIP network and the mobile phone network. Is transferred, the identifier DB is searched using each of the user identifiers (e-mail address, etc.) included in the connection request as a search key, and the HGW identifier (phone number, etc.) stored in association with each user identifier is stored. ) Each is acquired, and a SIP session for generating a VPN in the SIP network is established between each HGW identified from the acquired HGW identifier.

  Further, for example, the present invention can be similarly applied to a technique provided in a server different from the reception server or the connection control server, instead of including the identifier DB in the reception server or the connection control server. That is, a server for managing the identifier DB is separately provided in the connection control system.

  In this case, for example, when receiving a connection request from a terminal connected to the mobile phone network, the request reception server transfers each identifier of the user included in the connection request to the identifier DB management server, and the identifier DB management server The identifier DB is searched using each of the user identifiers as a search key, and each of the acquired HGW identifiers is returned to the request reception server. The request reception server transfers each of the HGW identifiers returned from the identifier DB management server to the connection control server. Further, for example, when receiving a connection request from a terminal connected to the mobile phone network, the request reception server transfers the connection request as it is to the connection control server, and the connection control server identifies the user identifier included in the connection request. Each identifier is transferred to the identifier DB management server, and the identifier DB management server searches the identifier DB using each of the user identifiers as a search key, and responds to each of the acquired HGW identifiers to the connection control server. The connection control server establishes a SIP session for generating a VPN in the SIP network between each HGW identified from each identifier of the HGW responded from the identifier DB management server.

  Further, the identifier of the user stored in the identifier DB is not limited to the mail address or terminal ID as described above. For example, the telephone number of the HGW that is the object of VPN generation, such as the subscriber identifier given by the telecommunications carrier, user information, or identification information held by the terminal itself or in software can be derived from the identifier DB Any information can be used.

  Moreover, although the connection control system which concerns on this invention has demonstrated the method provided with identifier DB as Examples 1-4, this invention is not restricted to this, There may be a case where it is not necessary to provide identifier DB. . That is, if the connection request from the terminal connected to the mobile phone network originally includes the HGW identifier, the connection control system searches for each identifier of the HGW included in the connection request without searching the identifier DB. A SIP session for generating a VPN may be established between the HGWs identified from the above.

  In this case, a connection request for generating a VPN between a plurality of HGWs connected to the SIP network is uniquely identified on the SIP network from each terminal connected to the external network. Since the VPN in the SIP network is generated between each identifier received from the external network together with each identifier and identified from each identifier included in the connection request, the HGW is connected as in the first to fourth embodiments. It is possible to generate a VPN from a connection request from a terminal connected to an external network other than the existing network.

[Authorization at HGW]
Up to now, as Embodiments 1 to 4, on the assumption that the HGW trusts the connection control server 100, the telephone number of the HGW transmitted from the connection control server 100 (the telephone number of the HGW that is the VPN generation partner) ), The processing procedure that unconditionally follows the VPN generation from the connection control server 100 has been described, but the present invention is not limited to this. For example, the connection control server 100 further assigns requester information (for example, a mobile phone number, a mail address, etc.) of a connection request to the SIP signal, and request information (for example, “ Authorization of whether or not to allow VPN generation may be performed based on (e.g., adding the telephone number information of the communication partner to the SIP signal in “3rd Party Call Control” or “REFER”).

[System configuration, etc.]
Up to now, as examples 1 to 4, the case where the connection control server and the reception server are installed one by one as physically different devices has been described, but the present invention is not limited to this. First, the present invention can be similarly applied to a case where the connection control server and the reception server are installed as physically identical devices. Also, it is not a configuration in which one connection control server and one reception server are installed, but a configuration in which a plurality of connection control servers and a plurality of reception servers are installed, or one connection control server and a plurality of reception servers. The present invention can be similarly applied to a configuration in which a reception server is installed. For example, FIG. 12 is a diagram for explaining a configuration in which a plurality of reception servers are installed. As shown in FIG. 12, the reception server is provided for each of a plurality of mobile phone networks (mobile phone networks 1 to 3). (Reception servers 1 to 3) may be installed, and the connection requests received by these reception servers may be transferred to a single connection control server.

  In addition, among the processes described in this embodiment, all or part of the processes described as being performed automatically can be performed manually, or the processes described as being performed manually can be performed. All or a part can be automatically performed by a known method. For example, the present invention can be similarly applied to a technique in which connection request transmission by e-mail is automatically transmitted at a predetermined time. In addition, the processing procedure, control procedure, specific name, and information including various data and parameters shown in the above-described document and drawings can be arbitrarily changed unless otherwise specified. For example, the user identifier (mail address) used as the first identifier and the HGW identifier (telephone number) used as the second identifier can be arbitrarily changed.

  Each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated (for example, FIG. 7 and the like). In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. Further, all or any part of each processing function performed in each device may be realized by a CPU and a program analyzed and executed by the CPU, or may be realized as hardware by wired logic.

  The connection control method described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation. This program can be distributed via a network such as the Internet. The program can also be executed by being recorded on a computer-readable recording medium such as a hard disk, a flexible disk (FD), a CD-ROM, an MO, and a DVD and being read from the recording medium by the computer.

  As described above, the connection control system, the connection control method, and the connection control program according to the present invention provide a plurality of the plurality of communication devices when the communication using the virtual communication path is applied to the communication between the plurality of communication devices connected to the network. This is useful for controlling the connection between communication devices, and is particularly suitable for generating a virtual communication path starting from a connection request from a terminal connected to an external network other than the network to which the communication device is connected. .

  For example, the business form illustrated in FIG. 14 will be explained. In the configuration shown in FIG. 14, it is assumed that the communication control operator operates the connection control server and the Internet service provider (ISP) operates the reception server (FIG. 14). (The double line in FIG. 2 indicates that there is a boundary between the carrier and the ISP between the connection control server and the reception server). In such a case, the user pays a connection service usage fee to the ISP. On the other hand, the ISP obtains a connection service usage fee from the user and pays a network function usage fee to the communication carrier. On the other hand, the telecommunications carrier obtains a network function usage fee from the ISP and a communication fee for communication performed between users from the user.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram for explaining an overview and characteristics of a connection control system according to a first embodiment. It is a sequence diagram (3PCC) which shows the procedure of the process by the connection control system which concerns on Example 1. FIG. It is a figure for demonstrating identifier DB. It is a sequence diagram (REFER) which shows the procedure of the process by the connection control system which concerns on Example 1. FIG. It is a sequence diagram (3PCC) which shows the procedure of the cutting process by the connection control system which concerns on Example 1. FIG. It is a sequence diagram (REFER) which shows the procedure of the cutting process by the connection control system which concerns on Example 1. FIG. It is a block diagram which shows the structure of the connection control server in Example 1, and a reception server. It is a figure for demonstrating the outline | summary and the characteristic of the connection control system which concern on Example 2. FIG. It is a sequence diagram (3PCC, REFER) which shows the procedure of the process by the connection control system which concerns on Example 2. FIG. It is a sequence diagram (3PCC, REFER) which shows the procedure of the cutting process by the connection control system which concerns on Example 2. FIG. FIG. 10 is a sequence diagram (3PCC, REFER) for explaining a processing procedure by the connection control system according to the third embodiment. FIG. 10 is a sequence diagram (3PCC, REFER) for explaining a processing procedure by the connection control system according to the fourth embodiment. It is a figure for demonstrating the structure by which a several reception server is installed. It is a figure for demonstrating the business model of this invention.

Explanation of symbols

1 SIP network 2 Mobile phone network 10 Mobile phone A
20 Mobile phone B
DESCRIPTION OF SYMBOLS 100 Connection control server 110 Communication part 130 Control part 131 SIP processing part 200 Reception server 210 Communication part 220 Storage part 221 Identifier DB
230 Control Unit 231 VPN Connection Request Accepting Unit 232 Telephone Number Acquisition Unit 233 VPN Connection Request Transfer Unit 300 HGW A
400 HGW B

Claims (10)

A connection control system that controls connection between a plurality of communication devices when communication by a virtual communication path is applied to communication between a plurality of communication devices connected to a network,
A first identifier for uniquely identifying the communication device connected to the first network on the first network, and a second identifier different from the first network without being connected to the first network Identifier storage means for storing a correspondence with a second identifier used by a user using a terminal connected to the network to uniquely identify the communication device;
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication apparatuses connected to the first network is sent from the terminal connected to the second network to the plurality of communication apparatuses. Virtual communication path generation request accepting means for accepting each of the second identifiers for identifying each via the second network;
When a virtual communication path generation request is received by the virtual communication path generation request reception means, the identifier storage means is searched using each of the second identifiers included in the virtual communication path generation request as a search key. First identifier acquisition means for acquiring each first identifier stored in association;
Virtual communication path generation means for generating the virtual communication path in the first network between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquisition means;
Identifying each of the plurality of communication devices from a terminal connected to the second network with a virtual communication path disconnection request for disconnecting communication via the virtual communication path generated by the virtual communication path generation means Virtual communication path disconnection request accepting means for accepting each of the second identifiers to be received via the second network;
When a virtual communication path disconnection request is received by the virtual communication path disconnection request reception means, the identifier storage means is searched using each of the second identifiers included in the virtual communication path disconnection request as a search key. A first identifier acquisition means for disconnection for acquiring each first identifier stored in association;
Virtual communication path disconnecting means for disconnecting the virtual communication path generated between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquiring means at the time of disconnection;
A connection control system comprising: A connection control system that controls connection between a plurality of communication devices when communication by a virtual communication path is applied to communication between a plurality of communication devices connected to a network,
A first identifier for uniquely identifying the communication device connected to the first network on the first network, and a second identifier different from the first network without being connected to the first network Identifier storage means for storing a correspondence with a second identifier used by a user using a terminal connected to the network to uniquely identify the communication device;
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication apparatuses connected to the first network is sent from the terminal connected to the second network to the plurality of communication apparatuses. Virtual communication path generation request accepting means for accepting each of the second identifiers for identifying each via the second network;
When a virtual communication path generation request is received by the virtual communication path generation request reception means, the identifier storage means is searched using each of the second identifiers included in the virtual communication path generation request as a search key. First identifier acquisition means for acquiring each first identifier stored in association;
Virtual communication path generation means for generating the virtual communication path in the first network between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquisition means;
When the virtual communication path is generated by the virtual communication path generation means, a completion notification for notifying that the generation of the virtual communication path is completed, and cancellation information capable of instructing to cancel the generation of the virtual communication path A completion notification transmission means for transmitting to the terminal that transmitted the virtual channel generation request,
When receiving an instruction based on the cancellation information, a cancellation virtual communication path disconnecting unit that disconnects the virtual communication path specified by the instruction based on the cancellation information
A connection control system comprising: The virtual communication path generation means generates the virtual communication path using third party call control means in which a call of the communication apparatus is controlled by a third party apparatus different from the plurality of communication apparatuses. The connection control system according to claim 1 or 2 , wherein When communication by a virtual communication path is applied to communication between a plurality of communication devices connected to a network, a connection control method executed by a connection control system that controls connection between the plurality of communication devices ,
The connection control system includes a first identifier for uniquely identifying the communication device connected to the first network on the first network, and the first network without being connected to the first network. An identifier storage means for storing a correspondence with a second identifier used by a user who uses a terminal connected to a second network different from the second identifier to uniquely identify the communication device;
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication apparatuses connected to the first network is sent from the terminal connected to the second network to the plurality of communication apparatuses. A virtual channel generation request receiving step for receiving each of the second identifiers for identifying each of the second identifiers via the second network;
When a virtual communication path generation request is received by the virtual communication path generation request reception step, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path generation request as a search key. A first identifier acquisition step of acquiring each first identifier stored in association;
A virtual channel generation step for generating the virtual channel in the first network between each of the communication devices identified from the first identifiers acquired by the first identifier acquisition step;
Identifying each of the plurality of communication devices from a terminal connected to the second network with a virtual communication path disconnection request for disconnecting communication via the virtual communication path generated by the virtual communication path generation step A virtual communication path disconnection request receiving step for receiving the second identifier together with each of the second identifiers,
When a virtual communication path disconnection request is received in the virtual communication path disconnection request reception step, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path disconnection request as a search key. A first identifier acquisition step at the time of acquiring each first identifier stored in association;
A virtual communication path cutting step of cutting the virtual communication path generated between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquisition step at the time of disconnection ;
The connection control method characterized by including. A connection control program for causing a computer to execute a connection control method for controlling connection between a plurality of communication devices when communication using a virtual communication path is applied to communication between the plurality of communication devices connected to a network. ,
The computer includes a first identifier for uniquely identifying the communication device connected to the first network on the first network, and the first network without being connected to the first network. An identifier storage means for storing a correspondence with a second identifier used by a user who uses a terminal connected to a different second network to uniquely identify the communication device;
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication apparatuses connected to the first network is sent from the terminal connected to the second network to the plurality of communication apparatuses. A virtual communication path generation request acceptance procedure accepted via the second network together with each second identifier for identifying each;
When a virtual communication path generation request is received by the virtual communication path generation request reception procedure, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path generation request as a search key, and each second identifier is A first identifier acquisition procedure for acquiring each first identifier stored in association;
A virtual communication path generation procedure for generating the virtual communication path in the first network between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquisition procedure;
Identifying each of the plurality of communication devices from a terminal connected to the second network, a virtual communication path disconnection request for disconnecting communication via the virtual communication path generated by the virtual communication path generation procedure A virtual channel disconnection request acceptance procedure that is accepted through the second network together with each of the second identifiers,
When a virtual communication path disconnection request is received by the virtual communication path disconnection request reception procedure, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path disconnection request as a search key. A disconnection first identifier acquisition procedure for acquiring each first identifier stored in association;
A virtual communication path disconnection procedure for disconnecting the virtual communication path generated between each communication device identified from each of the first identifiers acquired by the first identifier acquisition procedure at the time of disconnection;
A connection control program for causing a computer to execute. A connection control system that controls connection between a plurality of communication devices when communication by a virtual communication path is applied to communication between a plurality of communication devices connected to a network,
A request accepting device connected to a second network different from the first network to which the communication device is connected,
A first identifier for uniquely identifying the communication device connected to the first network on the first network, and a terminal connected to the second network without being connected to the first network Identifier storage means for storing a correspondence with a second identifier used by a user who uses the ID to uniquely identify the communication device;
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication apparatuses connected to the first network is sent from the terminal connected to the second network to the plurality of communication apparatuses. Virtual communication path generation request accepting means for accepting each of the second identifiers for identifying each via the second network;
When the virtual communication path generation request is received by the virtual communication path generation request reception means, the identifier storage means is searched using each of the second identifiers included in the virtual communication path generation request as a search key, and each of the second identifiers First identifier acquisition means for acquiring each first identifier stored in association with
When each of the first identifiers is acquired by the first identifier acquisition unit, the virtual communication path generation request is connected to each of the first network and the second network together with each of the first identifiers. A virtual channel generation request transfer means for transferring to the device ;
A virtual communication path disconnection request for disconnecting communication via the virtual communication path generated by the connection control apparatus is transmitted from a terminal connected to the second network to identify each of the plurality of communication apparatuses. Virtual communication path disconnection request accepting means for accepting each of the two identifiers via the second network;
When a virtual communication path disconnection request is received by the virtual communication path disconnection request reception means, the identifier storage means is searched using each of the second identifiers included in the virtual communication path disconnection request as a search key. A first identifier acquisition means for disconnection for acquiring each first identifier stored in association;
When each of the first identifiers is acquired by the first identifier acquisition means at the time of disconnection, virtual communication path disconnection request transfer means for transferring the virtual communication path disconnection request together with each of the first identifiers to the connection control device; Prepared,
The connection control device includes:
When the virtual communication path generation request is transferred by the virtual communication path generation request transfer means, the first communication device is identified between each of the first identifiers transferred together with the virtual communication path generation request. Virtual communication path generation means for generating the virtual communication path in the network ;
When the virtual communication path disconnection request is transferred by the virtual communication path disconnection request transfer unit, the virtual communication path disconnection request is generated between the communication devices identified from the first identifiers transferred together with the virtual communication path disconnection request. Virtual communication path cutting means for cutting the virtual communication path;
A connection control system comprising: A connection control system that controls connection between a plurality of communication devices when communication by a virtual communication path is applied to communication between a plurality of communication devices connected to a network,
A request accepting device connected to a second network different from the first network to which the communication device is connected,
A virtual communication path generation request for requesting generation of the virtual communication path between the plurality of communication devices each connected to the first network and uniquely identified by a first identifier on the first network; A second identifier used by a user who uses the terminal to uniquely identify the communication device from a terminal connected to the second network, together with each second identifier for identifying each of the plurality of communication devices. Virtual communication path generation request reception means for receiving via the second network;
When the virtual communication path generation request is received by the virtual communication path generation request reception means, the virtual communication path generation request is transferred to a connection control device connected to each of the first network and the second network. A communication path generation request transfer means ;
A virtual communication path disconnection request for disconnecting communication via the virtual communication path generated by the connection control apparatus is transmitted from a terminal connected to the second network to identify each of the plurality of communication apparatuses. Virtual communication path disconnection request accepting means for accepting each of the two identifiers via the second network;
When a virtual communication path disconnection request is accepted by the virtual communication path disconnection request acceptance means, the virtual communication path disconnection request transfer means for transferring the virtual communication path disconnection request to the connection control device,
The connection control device includes:
Identifier storage means for storing a correspondence between the first identifier and the second identifier;
When the virtual communication path generation request is transferred by the virtual communication path generation request transfer means, the identifier storage means is searched using each of the second identifiers included in the virtual communication path generation request as a search key, and the second identifier First identifier acquisition means for acquiring each first identifier stored in association with each other;
Virtual communication path generation means for generating the virtual communication path in the first network between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquisition means;
When the virtual communication path disconnection request is transferred by the virtual communication path disconnection request transfer means, the identifier storage means is searched using each of the second identifiers included in the virtual communication path disconnection request as a search key, and the second identifier A first identifier acquisition unit at the time of disconnection that acquires each of the first identifiers stored in association with each other;
Virtual communication path disconnecting means for disconnecting the virtual communication path generated between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquiring means at the time of disconnection;
A connection control system comprising: A connection control system that controls connection between a plurality of communication devices when communication by a virtual communication path is applied to communication between a plurality of communication devices connected to a network,
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication devices connected to the first network is not connected to the first network and is the first network. Virtual communication path generation request accepting means for accepting, via a second network, an identifier for uniquely identifying each of the plurality of communication devices on the first network from a terminal connected to a different second network ,
When the virtual communication path generation request is received by the virtual communication path generation request reception means, the virtual communication in the first network is established between each communication device identified from each identifier included in the virtual communication path generation request. Virtual communication path generation means for generating a path;
A virtual communication path disconnection request for requesting disconnection of communication via the virtual communication path generated by the virtual communication path generation means is sent from the terminal connected to the second network to each of the plurality of communication devices. Virtual communication path disconnection request accepting means for accepting each identifier uniquely identified on the first network via the second network;
When a virtual communication path disconnection request is received by the virtual communication path disconnection request reception unit, the virtual communication path generated between each communication device identified from each identifier included in the virtual communication path disconnection request is disconnected. A virtual communication path disconnecting means,
A connection control system comprising: When communication by a virtual communication path is applied to communication between a plurality of communication devices connected to a network, a connection control method executed by a connection control system that controls connection between the plurality of communication devices,
The connection control system includes a first identifier for uniquely identifying the communication device connected to the first network on the first network, and the first network without being connected to the first network. An identifier storage means for storing a correspondence with a second identifier used by a user who uses a terminal connected to a second network different from the second identifier to uniquely identify the communication device;
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication apparatuses connected to the first network is sent from the terminal connected to the second network to the plurality of communication apparatuses. A virtual channel generation request receiving step for receiving each of the second identifiers for identifying each of the second identifiers via the second network;
When a virtual communication path generation request is received by the virtual communication path generation request reception step, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path generation request as a search key. A first identifier acquisition step of acquiring each first identifier stored in association;
A virtual channel generation step for generating the virtual channel in the first network between each of the communication devices identified from the first identifiers acquired by the first identifier acquisition step;
When the virtual communication path is generated by the virtual communication path generation step, the completion information for notifying that the generation of the virtual communication path is completed, cancel information capable of instructing to cancel the generation of the virtual communication path A completion notification transmission step for transmitting to the terminal that transmitted the virtual channel generation request,
When receiving an instruction based on the cancellation information, a cancellation virtual communication path disconnecting step of disconnecting the virtual communication path specified by the instruction based on the cancellation information;
The connection control method characterized by including. A connection control program for causing a computer to execute a connection control method for controlling connection between a plurality of communication devices when communication using a virtual communication path is applied to communication between the plurality of communication devices connected to a network. ,
The computer includes a first identifier for uniquely identifying the communication device connected to the first network on the first network, and the first network without being connected to the first network. An identifier storage means for storing a correspondence with a second identifier used by a user who uses a terminal connected to a different second network to uniquely identify the communication device;
A virtual communication path generation request for requesting generation of the virtual communication path between a plurality of communication apparatuses connected to the first network is sent from the terminal connected to the second network to the plurality of communication apparatuses. A virtual communication path generation request acceptance procedure accepted via the second network together with each second identifier for identifying each;
When a virtual communication path generation request is received by the virtual communication path generation request reception procedure, the identifier storage unit is searched using each of the second identifiers included in the virtual communication path generation request as a search key, and each second identifier is A first identifier acquisition procedure for acquiring each first identifier stored in association;
A virtual communication path generation procedure for generating the virtual communication path in the first network between each of the communication devices identified from each of the first identifiers acquired by the first identifier acquisition procedure;
When the virtual communication path is generated by the virtual communication path generation procedure, a completion notification for notifying that the generation of the virtual communication path has been completed, and cancellation information capable of instructing to cancel the generation of the virtual communication path A completion notification transmission procedure for transmitting to the terminal that transmitted the virtual channel generation request,
When receiving the instruction by the cancellation information, a cancellation virtual communication path disconnection procedure for disconnecting the virtual communication path designated by the instruction by the cancellation information;
A connection control program for causing a computer to execute.

Images