JP5120431B2 - Communication system, communication method, address distribution system, address distribution method, communication terminal - Google Patents

Communication system, communication method, address distribution system, address distribution method, communication terminal Download PDF

Info

Publication number
JP5120431B2
JP5120431B2 JP2010206231A JP2010206231A JP5120431B2 JP 5120431 B2 JP5120431 B2 JP 5120431B2 JP 2010206231 A JP2010206231 A JP 2010206231A JP 2010206231 A JP2010206231 A JP 2010206231A JP 5120431 B2 JP5120431 B2 JP 5120431B2
Authority
JP
Japan
Prior art keywords
address
terminal
communication
time
system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2010206231A
Other languages
Japanese (ja)
Other versions
JP2011030252A (en
Inventor
晶広 高瀬
美里 高橋
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to JP2010206231A priority Critical patent/JP5120431B2/en
Publication of JP2011030252A publication Critical patent/JP2011030252A/en
Application granted granted Critical
Publication of JP5120431B2 publication Critical patent/JP5120431B2/en
Application status is Expired - Fee Related legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

The present invention relates to an Internet communication method in a network based on an Internet protocol (hereinafter abbreviated as IP), an address distribution system, an address distribution method, and a communication terminal capable of improving security during Internet communication.

There is a method called a global address as an IP address assignment method (address distribution method) in an IP network. According to this method, a terminal can be identified in a globally unique address space.

A terminal having such a global address can be reached from any terminal connected to the IP network, and can communicate peer-to-peer. However, depending on the application, when a user who uses the device communicates with an unspecified terminal or a terminal with insufficient security measures, the IP address is known to an unauthorized third party, so that the terminal can be used illegally on the Internet. There is a risk of being attacked or misused for unauthorized use.

In order to solve such a problem, the conventional IP network uses a one-time address to communicate with an unspecified communication partner while minimizing the disclosure of a fixed global address. However, there is a mechanism that enables end-to-end communication using global addresses. In addition, by deleting a global address that has been used from the terminal, it is possible to make direct communication with the terminal impossible when the global address is illegally obtained. The mechanism for this is the Dynamic Host Configuration Protocol (Dynamic Host Configuration Pro).
tocol: DHCP) and temporary address (RFC30) using IPv6 address
41).

IETF RFC2131 “Dynamic Host Configuration Protocol” IETF RFC3041 “Privacy Extensions for Stateless Address Autoconfiguration in IPv6“

The former DHCP is a mechanism for distributing an IP address when a terminal is connected to an IP network. However, DHCP distributes an IP address at a timing when the terminal is connected to the network, and the IP address cannot be properly used depending on the application. Further, when the terminal terminates the network connection, the address distributed explicitly is not collected, and the terminal is not requested to delete the address.

Further, the latter temporary address method assumes only that the terminal is a caller and does not have a function of accepting an incoming call to the terminal itself.

A conventional IP address is an identifier for uniquely identifying a terminal fixedly connected to an IP network.

However, recently, since the mobility of a terminal has increased, an IP address is becoming an identifier for identifying an endpoint of an IP network to which the terminal is connected rather than specifying the terminal itself. In particular, when an IP address is automatically generated at the timing when it is connected to the network as in an IPv6 network, the tendency becomes strong. Further, in IPv6 networking, the number of IP addresses that can be handled in a subnetwork is so large that it is considered to be almost unlimited as compared with IPv6 networks, so it is practically possible for one terminal to use a plurality of IP addresses. .

The present invention has been made in view of the above problems. As one aspect, the IP address (IP address (corresponding to the communication partner, application used, communication session, etc.)
An IP address distribution system is provided that assigns (global address) to a terminal (address distribution) and deletes, discards, or manages an IP address from which the assigned IP address (distributed address) is deleted.

That is, according to the present invention, secure communication can be realized by using the temporary IP address corresponding to the communication partner or application by utilizing the above-described feature of the IP address. Specifically, a mechanism for distributing temporary IP addresses (hereinafter referred to as one-time addresses) to terminals, that is, providing a one-time address distribution system in a network, so that one-time address distribution requests from terminals or other The one-time address is distributed to the terminal according to the address notification request to the terminal from the system, and a communication session between the terminals is started based on the distributed one-time address. The one-time address distributed to the terminal is deleted, discarded or managed on the terminal side after the communication session ends.

According to the present invention, even when the IP address of the terminal remains in the communication partner terminal, it is possible to avoid unnecessary communication using the IP address again after the communication is completed. Thereby, unauthorized communication access by a third party can be prevented.

1 is an overall configuration diagram of a system according to an embodiment of the present invention. It is a block diagram of a one-time address distribution system. It is a figure which shows an example of the user registration table which the one-time address distribution system hold | maintains. It is a figure which shows an example of the address delivery policy table of the user A which a one-time address delivery system hold | maintains. It is a figure which shows an example of a fixed address table. It is a figure which shows the structure of a terminal. It is a figure which shows an example of the address holding table which a terminal hold | maintains. It is a figure which shows an example of the source address correspondence table which a terminal hold | maintains. It is a figure which shows an example of the source address provision table which a terminal hold | maintains. It is a sequence diagram for demonstrating distribution and deletion of the one-time address in a 1st Example. It is a user registration sequence. It is an address distribution policy registration sequence. It is a one-time address generation sequence diagram. It is a sequence diagram for demonstrating distribution and deletion of the one-time address in a 2nd Example. It is a sequence diagram for demonstrating the distribution and deletion of the one-time address in a 3rd Example. FIG. 14 is a sequence diagram of a communication session start request and filtering in FIG. 13.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

<System configuration>
FIG. 1 is a configuration diagram showing the concept of a network system to which the present invention is applied.

As shown in FIG. 1, this system includes a one-time address distribution system 1, an address search system 2, a plurality of terminals (terminals 3a and 3b), a plurality of routers (4a and 4b), and a network 5.
A network 5 connects a one-time address distribution system 1, an address search system 2, and routers 4a and 4b.

The terminals 3a and 3b are connected to the network 5 via routers 4a and 4b, respectively.
Examples of the network 5 include a LAN based on the IPv6 protocol, an IP network based on a dedicated line,
The Internet (public IP network), a mobile IP network, a network in which these networks are interconnected, and the like can be considered.

As an example of the address search system 2, a session initiation protocol (Se
ssion Initiation Protocol (SIP) or DNS (
A name resolution system based on the Domain Name System (DNS) protocol is conceivable. Since these are well known, a detailed description thereof will be omitted.
<Configuration of one-time address distribution system 1>
FIG. 2 is a functional block diagram showing the configuration of the one-time address distribution system 1. FIG.
4 and 5 are functional blocks 102, 104, 1 of the one-time address distribution system 1, respectively.
The table stored in 072 is shown.

The one-time address distribution system 1 includes a user information management unit 101 and a user information storage unit (
A memory) 102, an address distribution policy management unit 103, an address distribution policy storage unit (memory) 104, an address generation unit 105, an address generation history information storage unit (memory) 106, an address search unit 107, and a communication control unit 108. The one-time address distribution system includes a signaling processing unit 109. This signaling processing unit 109 is not necessarily required and may be omitted depending on circumstances.

The user information storage unit 102 stores a user information table 1021 shown in FIG.
In the table, a user name, a user ID, a fixed IP address, a Prefix, and the like are entered. The address policy information storage unit 104 includes an address distribution policy shown in FIG.
1041 is stored. In the table, a user ID, a transmission source address, an address distribution policy, and the like are entered. The address search unit 107 includes an address correspondence information storage unit 1071 and an address correspondence information management unit 1072. The address correspondence information storage unit 1071 stores a fixed address search table 10711 shown in FIG. In the table, a user ID, a fixed IP address, a user URI, and the like are entered. Further, the address correspondence information management unit 1072 of the address search unit 107 includes the domain aaa. aaa. It manages JP.
<Configuration of terminal 3>
FIG. 6 shows the configuration of the terminal 3a. The terminal 3a includes a network interface (NIF) 31, an OS 32, and a plurality of applications 35a and 35b. The OS 32 includes a communication control unit 33.

The communication control unit 33 includes an address management unit 331, a packet processing unit 332, and a session management unit 333. As shown in FIGS. 7 and 8, the address management unit 331 uses the address holding table 3.
311 and a memory for storing the source address correspondence table 3312 are provided. Table 33
11, an IP address, an address type, and the like are entered. In the table 3312, a destination address, a port number, a used address, and the like are entered. The packet processing unit 33
2 includes a memory for storing a source address assignment table 3321 as shown in FIG.
In this table, a destination address, a port number, a source address, and the like are entered. The communication partner terminal 3b is configured similarly.
<Example 1>
FIG. 10 is a sequence diagram in the first embodiment of the present invention. In the first embodiment,
In this example, DNS is used as the address search system 2. Further, the first embodiment is an example in which the terminal 3a accepts an incoming call from the terminal 3b by a dynamically generated one-time address. That is, this is an example in which the terminal 3a is the receiving source (incoming side) and the terminal 3b is the transmitting source (outgoing side).

First, in step S101, the terminal 3a is connected to the network 5 via the router 4a and set to a state where IP communication is possible. That is, registration of a fixed address (X :: 1) to the terminal 3a and setting of a routing table to the router 4a are performed between the terminal 3a and the router 4a. As an address registration mechanism, an IP address is automatically generated with a router, and a stateless address automatic setting in which an IP address is directly set from the router 4a to the terminal 3a (
RFC 2462) method and automatic address distribution by DHCP server (RFC1541)
A method such as a method is conceivable. With either method, the terminal 3a acquires a fixed address from the router 4a, and the router 4a creates a routing table corresponding to the address of the terminal 3a.
Next, in step S102, the terminal 3a transmits a user registration request, user information (see FIG. 3), and address distribution policy information (see FIG. 4) to the one-time address distribution system 1 using the acquired fixed address. To do. The user information includes the user name of the user or terminal (terminal A), user ID (A), fixed IP address (X :: 1), Prefix value (X :: / 64) for creating an address, and address distribution policy. Information (list of IP addresses that may be notified of fixed addresses) is included. The fixed IP address and Prefix value are
It is also possible to substitute the source address information included in the IP packet transmitted by the terminal 3a.

In step S103, when the one-time address distribution system 1 receives the user registration request and user information transmitted from the terminal 3a, it performs user registration.
User registration and address distribution policy registration will be described with reference to FIG. 11a.

First, the user registration request and user information transmitted from the terminal 3a are supplied to the user information management unit 101 via the communication control unit 108 of the one-time address distribution system 1 in step S102, and the user information management unit Received. In step S103, the user information management unit 1011 receives the received user information according to the user registration request (see FIG. 3).
Based on the above, the corresponding entry (user ID, fixed IP address, Prefix value) is added to the user registration table 1021 in the user information storage unit 102. Note that the fixed IP address and Prefix value can also be collected and generated from the source header of the IP packet received from the terminal 3a.

Next, the user information management unit 101 transmits the user ID and fixed IP address of the terminal 3 a to the address correspondence information management unit 1071 in the address search unit 107. The address correspondence information management unit 1071 generates the URI (A@aaa.aaa.jp) of the terminal 3a from the received user identifier (user ID, fixed IP address), and the address correspondence information storage unit 107.
The corresponding entry is added to the address search table 10721 in 2.

Further, the user information management unit 1071 transmits the address distribution policy information (see FIG. 4) of the terminal 3a to the address distribution policy management unit 103. Based on the received address distribution policy information, the address distribution policy management unit 103 creates an address distribution policy table 1041 of the terminal 3a in the address distribution policy storage unit 103 as shown in FIG.

Next, the address correspondence information management unit 1071 transmits the completion of registration of the address correspondence information and the URI (A@aaa.aaa.jp) of the terminal 3a to the user information management unit 101.

Next, when registration completion communication is received from the address correspondence information management unit 1071 in step S104, the user management unit 101 transmits URI information and a user registration completion notification to the terminal 3a.

  Thus, user registration and address distribution policy registration are executed.

Next, in step S105, the terminal 3b of the terminal 3a acquires the URI (A@aaa.aaa.jp) of the terminal 3a in advance with respect to the address search system 2 in step S105. The IP address corresponding to is inquired. The terminal 3b preliminarily stores the URI of the terminal 3a (
A @ aaa. aaa. jp).

In the case of the present embodiment, since DNS is adopted as the address search system (address disclosure system) 2, the address search unit 107 in the one-time address distribution system 1 operates as a DNS server to which the terminal 3a belongs. The terminal 3b finally sends the URI (A@aaa.aa) of the terminal 3a to the one-time address distribution system 1 in step S106 based on the domain inquiry and reply with the single or plural DNS servers in the address disclosure system 2.
a. inquires about the IP address corresponding to jp).
Hereinafter, the inquiry about the IP address of the terminal 3a from the terminal 3b will be described with reference to FIG.

The address information management unit 1071 that has received the address inquiry from the terminal 3 b transmits the user ID (A) of the terminal 3 a and the IP address (Z :: 1) of the terminal 3 b to the address distribution policy management unit 103. In step S107, the address distribution policy management unit 103
A policy entry corresponding to the terminal 3b is searched from the address distribution policy table 1041 (see FIG. 4) of the terminal 3a stored in the address distribution policy storage unit 104.
In the case of this embodiment, the IP address for the terminal 3b relating to the user ID (A) is a one-time address (X :: 1234: 1234: 1234: 1234 in FIG. 9). The address distribution policy management unit 103 transmits a policy search result to the address correspondence information management unit 1071. Upon receiving the policy search result, the address correspondence information management unit 1071 sends a one-time address generation request to the address generation unit 105 and the user ID (A
).

Address generation unit 105 that has received the one-time address generation request and the user ID of terminal 3a.
In Step 108, a one-time address is generated, and a one-time address registration request is transmitted to the terminal 3a.

  One-time address generation will be described with reference to FIG. 11c.

Upon receiving the one-time address generation request and the user ID (A) of the terminal 3a, the address generation unit 105 sends the Prefix value inquiry request of the terminal 3a and the user ID (A) of the terminal 3a to the user information management unit 101. Send. The user information management unit 101 that has received the inquiry request from the address generation unit 105 receives the user registration table 102 in the user information storage unit 102.
1 is searched for a Prefix value corresponding to the user ID (A), and this Prefix value (X:
: / 64) is transmitted to the address generator 105. Upon receiving the Prefix value, the address generation unit 105 determines the lower 64 bits of the IP address generated using a random number and the Prefix value.
By combining the values, a one-time address used by the terminal 3a is generated. Address generator 10
5 confirms that there is no one-time address generated in the entry of the address generation history table (not shown) stored in the address generation history information storage unit 106 in step S108, and generates the one-time address. An entry corresponding to is added to the address generation history table. At this time, if the generated address is currently used or has already been used, the one-time address may be regenerated.

Next, the address generation unit 105 generates a one-time address and then performs step S109.
, The one-time address registration request and the generated one-time address information are transmitted to the terminal 3a.

Upon receiving the one-time address registration request and the generated one-time address information in step S110, the address management unit 331 of the terminal 3a adds a new entry to the IP address holding table 3311 stored in the address management unit 331. .

Next, in step S111, when the registration of the one-time address is completed, the address management unit 331 transmits a one-time address registration completion notification to the one-time address distribution system 1.

In addition, when the one-time address registration completion notification is received from the terminal 3a, the address generation unit 105 notifies the address information management unit 1071 that the one-time address generation and registration has been completed.

Thereafter, in step S112, the address information management unit 1071 returns the generated one-time address to the terminal 3b as an address corresponding to the URI (A@aaa.aaa.jp) of the terminal 3a.

The one-touch address generation, one-touch address registration to the terminal 3a, and address notification to the terminal 3b are thus completed.

After acquiring the one-time address of the terminal 3a, the terminal 3b establishes a communication session with the terminal 3a using the acquired one-time address in steps S113 to S115. That is, the terminal 3b makes a communication session request SYN with a one-touch address with the terminal 3a in step S113, and in step 114, the terminal 3a
In response to the communication session response SYNACK from, a communication session ACK is started in step 115.

When the communication is completed, the terminal 3b and the terminal 3a perform session termination processing in steps S116 to S119. That is, when the session management unit 333 message FIN, ACK of the terminal 3a is received, that is, when the session end is identified, the one-time address information used in the ended session is transmitted to the address management unit 331.
In step S120, the address management unit 331 that has received the one-time address information deletes, discards, or manages the corresponding entry from the IP address holding table 3311 (see FIG. 7) of the management unit.

In the first embodiment, the one-time address distribution history system 106 is controlled by the one-time address distribution system 1. For example, simultaneously with the one-time address deletion in the terminal 3a, the terminal 3a notifies the address distribution system 1 of the end of use of the one-time address, and the address generation history information storage unit 106 in the one-time address distribution system 1
The one-time address is moved to the used entry.

As another embodiment, the one-time address distribution system 1 may be configured such that the one-time address distributed after a lapse of a certain time is transferred to a used entry in the address generation history information storage unit 106. In that case, the time (aging time) to be transferred to the used entry may be determined based on designation from the terminal or setting as a system parameter.

As another embodiment, an embodiment in which only the address generation history is managed for the one-time address generated and given by the address generation history information storage unit 106 may be used.

FIG. 12 is a sequence diagram in the second embodiment of the present invention. In the second embodiment,
SIP is used as the address search system 2. Further, similarly to the first embodiment, the terminal 3a is an example in which an incoming call from the terminal 3b is received by a dynamically generated one-time address.

The fixed address registration (S201) in step 201, the user registration request and user information transmission in step S202, the user registration in step S203, and the user registration completion notification in step S204 are performed in steps S101, S102, and S103 of the first embodiment. The same as step S104. Therefore, the description is omitted.

  Hereinafter, session establishment between the terminal 3b and the terminal 3a will be described.

In step S205, the terminal 3b that has acquired the URI (A@aaa.aaa.jp) of the terminal 3a in advance transmits the URI (A@aaa.a) of the terminal 3a to the address search system 2 in step S205.
aa. a session establishment request message INVITE including jp) is transmitted to establish a communication session.

In the case of this embodiment, since SIP is adopted as the address search system (address disclosure system) 2, the signaling processing unit 109 (in the one-time address distribution system 1) (
2) operates as a SIP proxy server to which the terminal 3a belongs. The address search unit 107 operates as a location server for the signaling processing unit 109. In step S206, the communication session establishment request message is finally received by the signaling process 109 in the one-time address distribution system 1 by relay between one or more SIP servers in the address disclosure system 2. . Signaling processor 109
Sends the URI (A@aaa.aaa) of the terminal 3a to the address correspondence information management unit 1071.
. jp) and the IP address of the terminal 3b are transmitted. The address information management unit 1071 that has received the address inquiry from the terminal 3b
The user ID (A) of a and the IP address of the terminal 3b are transmitted to the address distribution policy management unit 103.

Policy search in step S209, one-time address creation in step S210, one-time address registration request in step S211, one-time address registration in step S212, one-time address registration completion notification in step S213, etc. This is the same as Step S107, Step S108, Step S109, Step S110, and Step S111. Therefore, the detailed description is abbreviate | omitted.

Hereinafter, the sequence after the one-time address completion notification in step S213 will be described.

When the address generation unit 105 of the one-time address distribution system 1 receives the one-time address registration completion notification from the terminal 3a in step S213, the generation and registration of the one-time address is completed with respect to the address information management unit 1071. Notify that. The address information management unit 1071 returns the generated one-time address to the signaling processing unit 109 as an address corresponding to the URI (A@aaa.aaa.jp). In step S214, the signaling processing unit 109 transmits a session request message to the terminal 3a using the one-time address.

Next, in step S215, the terminal 3a transmits a session request acceptance message including the one-time address information to the one-time address distribution system 1.

Upon receiving the session request acceptance message, the signaling processing unit 109 performs step S
In 216, a message for accepting the session request of the terminal 3 a is transferred to the address search system 2.

In step S217, the address search system 2 transmits a session request acceptance message to the terminal 3b via a single server or a plurality of servers.

In step S218, the terminal 3b transmits to the address search system 2 a message that it has received a session request acceptance message.

Then, the message that the session request acceptance message has been received is transmitted to the terminal 3a via the address search system 2 and the signaling processing unit 109 in the one-time address distribution system 1 in steps S219 and S220. .

With the above steps, communication session preparation between the terminal 3b and the terminal 3a can be started.

Next, in step S221, by making a call from the terminal 3b to the terminal 3a, a communication session that arrives at the terminal 3a is established, and communication is performed.

In step S222, when the communication session is terminated, for example, in this embodiment, when the session is terminated from the terminal 3a, the terminal 3a sends a session termination request message BYE to the signaling unit 109 of the one-time address distribution system 1. Send.
In step S223, the signaling unit 109 transfers the received session end request message BYE to the address search system 2.

In step S224, the address search system 2 transfers the received session end request message BYE to the terminal 3b.

In step S225, the terminal 3b transmits a session end request acceptance message OK to the address search system 2. In step S226 and step S227, the session end request acceptance message is sent to address search system 2, signaling unit 10 and the like.
9 to the terminal 3a. Thus, the communication session ends.
The one-time address deletion / discard in step S228 is performed in step S120 of the first embodiment.
It is the same. Therefore, the description is omitted.

In this embodiment, the IP address is changed for each IP address of the session / communication partner at the time of outgoing call.

FIG. 13 is a sequence diagram according to the third embodiment of the present invention, and FIG. 14 is a detailed sequence of the communication session start request and filtering. The third embodiment is an example in which the terminal 3a is a transmission source (originating side) and the communication to the terminal 3b is performed using a one-time address dynamically generated based on an address distribution policy. .

13 and 14, the fixed address registration in step S301, the user registration request and user information transmission in step S302, the user registration in step S303, and step S304.
This is the same as step S101, step S102, step S103, and step S104 of the first embodiment. Therefore, the description is omitted.

In this embodiment, the address distribution policy 1 is a source address assignment policy,
One-time address distribution system 1 for registration in the address management unit 331 in the terminal 3a
There is no need to register a one-time address distribution policy.

Next, in step S306, the terminal 3a transmits to the OS 32 of the terminal 3a. Here, the terminal 3a captures the IP address of the terminal 3b in advance in the application 34a in the terminal 3a (in this embodiment, the HTTP protocol is used).

Thereby, the application 34a transmits the IP address of the terminal 3b, the destination port number (80), and the datagram to the address management unit 331 and the communication control unit 33 of the OS 32 in order to start a communication session with the terminal 3b. .
In step S307, the address management unit 331 in the communication control unit 33 searches the source address correspondence table 3312 (see FIG. 8) for an entry corresponding to the received pair of the IP address and destination port number of the terminal 3b. In the case of the present embodiment, the policy corresponds to “address any, port number 80, one-time address”.

The address management unit 331 uses the one-time address distribution system 1 based on the applicable policy.
A one-time address creation request and a user ID (A) are transmitted.

Next, the user information management unit 101 in the one-time address distribution system 1 retrieves the Prefix value corresponding to the user ID (A) from the user registration table 1021 (see FIG. 3) in the user information storage unit 102, and the address The data is transmitted to the generation unit 105.

In step S309, the address generation unit 105 that has received the Prefix value generates a one-time address used by the terminal 3a by combining the value of the lower 64 bits of the IP address generated using a random number and the Prefix value. The address generation unit 105 confirms that the entry in the address generation history table stored in the address generation history information storage unit 106 is not the same as the generated one-time address, and adds an entry corresponding to the generated one-time address. To do. At this time, if the generated address is currently used or has already been used, the one-time address may be regenerated.

In step S310, the address generation unit 105 transmits a one-time address registration request and the generated one-time address information to the terminal 3a.

Upon receiving the generated one-time address information in step S311, the address management unit 331 of the terminal 3a adds a new entry to the IP address holding table 3311 (see FIG. 7) stored in the address management unit 331, and Packet processing unit 332
And the IP address, port number (80), and one-time address (X :: 12) of the user terminal 3b.
34: 1234: 1234: 1234). The packet processing unit adds an entry to the source address assignment table 3321 (see FIG. 9) based on the received information.

When the one-time address registration is completed in step S312, the address management unit 331 may transmit a one-time address registration completion notification to the one-time address distribution system 1.
The IP packet processing unit 332 when the communication session is performed is the address management unit 331.
The source address assignment table 3321 (see FIG. 9) is searched based on the set of the destination address and the destination port number transmitted from, the source address is selected based on the corresponding entry, and the IP header is generated. The datagram is encapsulated by the generated IP header and transmitted to the network interface 31 1.

Here, establishment of the communication session in steps S313 to S315 and termination of the communication session in steps S316 to S319 are the same as steps S113 to 119 of the first embodiment, respectively. Therefore, the description is omitted.

When the session management unit 333 of the terminal 3a receives the communication session end message FIN in step S318, the address management unit 331 and the IP packet processing unit 33
2 transmits the one-time address information used in the ended session. Upon receiving the one-time address information, the address management unit 331 receives the IP address holding table 33.
11 to delete the corresponding entry. In addition, the IP packet processing unit 332 performs step S
In 320, the corresponding entry is deleted from the source address assignment table 3321.
In the above three embodiments, the case where a one-time address is used has been described. However, by registering a communication partner with a fixed address in the address distribution policy, communication using a fixed address is possible. It is also possible to simultaneously perform communication using a one-time address and communication using a fixed address.

The embodiment of the present invention has been described only when the one-time address is distributed to one terminal involved in the communication session. However, the method of the present invention can also be applied to the use of a one-time address for both terminals involved in a communication session, and can also be applied to n (plural) to m communication and one to m (multiple) communication other than one-to-one communication. Obviously it is possible.
In some embodiments, the method of the present invention is applied only in communication with a specific terminal. In this case, it is possible to set up a database for identifying terminals and use one-time addresses for address search requests or address notification requests from specific terminals. This embodiment has an effect that a communication session using a one-time address is possible only for a specific terminal.

Further, as another embodiment of the present invention, when a specific communication application is executed in the originating terminal, there is a configuration in which a one-time address is requested and used as an address used for a communication session for executing the application. In this embodiment, there is an effect that it is possible to use one-time addresses properly according to applications.
As described above, when the IP address of the terminal remains in the communication partner's terminal by dynamically generating and using a one-time IP address for a communication session that meets a specific condition However, it is possible to avoid unnecessary communication using the IP address again after the communication is completed. In addition, even if the IP address used after the communication ends is illegally obtained from a communication partner terminal by a third party and the third party uses the IP address to attempt a DOS attack, the terminal is not damaged. It is also possible to prevent the terminal from being used as a platform.

1: One-time distribution system 2: Address search system 3a, 3b: Terminal 4a, 4b: Router 5: Network 101: User information management unit 102: User information storage unit 103: Address distribution policy management unit 104: Address distribution policy storage unit 105: Address generation unit 106: Address generation history information storage unit 107: Address search unit 1071: Address correspondence information management unit 1072: Address correspondence information storage unit 108: Communication control unit 109: Signaling processing unit 1021: User registration table 1041: User A's address distribution policy table 31: NIF
32: OS
33: Communication control unit 331: Address management unit 332: Packet processing unit 333: Session management unit 34a, 34b: Application 3311: Address holding table 3312: Source address correspondence table 3321: Source address assignment table

Claims (6)

  1. A communication system comprising a first terminal and a second terminal connected to a network, an address search system, and an address distribution system,
    The address search system includes:
    A function of receiving a request for a communication session with the second terminal from the first terminal;
    Based on the request for the communication session, the address distribution system has a function of transmitting a query of a first address distributed to the second terminal,
    The address distribution system includes:
    Based on the inquiry of the first address, a function of generating the first address corresponding to at least one of a communication partner, an application used, and a communication session;
    A function of transmitting a registration request for the first address to the second terminal;
    The second terminal is
    A function of establishing a communication session with the first terminal based on the first address;
    A communication system having a function of deleting or abandoning an entry corresponding to the first address based on termination of the communication session.
  2. The address distribution system has history information of the address that sent the registration request,
    The communication system according to claim 1, wherein in generating the first address, an address that has not been transmitted is generated based on the history information.
  3. The second terminal stores a correspondence between an address to which the registration request is transmitted and a port number used by the second terminal,
    The communication system according to claim 1, further comprising a function of communicating using an address associated with the port number when the port number is used.
  4. A communication method in a communication system comprising a first terminal and a second terminal connected to a network, an address search system, and an address distribution system,
    By the address search system,
    Receiving a request for a communication session with the second terminal from the first terminal;
    Sending a query of a first address to be distributed to the second terminal to the address distribution system based on the request for the communication session;
    By the address distribution system,
    Generating the first address corresponding to at least one of a communication partner, an application used, and a communication session based on the inquiry of the first address;
    Sending a registration request for the first address to the second terminal;
    With the second terminal
    Establishing a communication session with the first terminal based on the first address;
    A communication method comprising: deleting or abandoning an entry corresponding to the first address based on the end of the communication session.
  5. The communication method according to claim 4,
    A communication method comprising history information of an address to which a registration request has been transmitted, and in generating the first address, an address that has not been transmitted is distributed based on the history information.
  6. The communication method according to claim 4,
    With the second terminal,
    Storing the correspondence between the address to which the registration request is transmitted and the port number used by the second terminal;
    A communication method comprising a step of communicating using an address associated with the port number when using the port number.
JP2010206231A 2010-09-15 2010-09-15 Communication system, communication method, address distribution system, address distribution method, communication terminal Expired - Fee Related JP5120431B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2010206231A JP5120431B2 (en) 2010-09-15 2010-09-15 Communication system, communication method, address distribution system, address distribution method, communication terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010206231A JP5120431B2 (en) 2010-09-15 2010-09-15 Communication system, communication method, address distribution system, address distribution method, communication terminal

Related Child Applications (1)

Application Number Title Priority Date Filing Date
JP2004179140 Division 2004-06-17

Publications (2)

Publication Number Publication Date
JP2011030252A JP2011030252A (en) 2011-02-10
JP5120431B2 true JP5120431B2 (en) 2013-01-16

Family

ID=43638351

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2010206231A Expired - Fee Related JP5120431B2 (en) 2010-09-15 2010-09-15 Communication system, communication method, address distribution system, address distribution method, communication terminal

Country Status (1)

Country Link
JP (1) JP5120431B2 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3487813B2 (en) * 2000-06-21 2004-01-19 日本電気通信システム株式会社 Mobile communication system, mobile communication relay device, and computer-readable storage medium
JP3725070B2 (en) * 2001-12-21 2005-12-07 株式会社東芝 Network system, router, host, prefix management method and IP address management method
JP3782788B2 (en) * 2002-04-17 2006-06-07 キヤノン株式会社 Public key certificate providing apparatus, method, and connection apparatus
JP3873891B2 (en) * 2003-01-22 2007-01-31 株式会社日立製作所 Packet communication device

Also Published As

Publication number Publication date
JP2011030252A (en) 2011-02-10

Similar Documents

Publication Publication Date Title
Rosenberg et al. STUN-simple traversal of user datagram protocol (UDP) through network address translators (NATs)
Cheshire et al. Internet mobility 4× 4
EP2253124B1 (en) Method and apparatus for communication of data packets between local networks
US7042879B2 (en) Method and apparatus for transferring a communication session
TWI294732B (en) Tunneling service method and system
EP1579650B1 (en) Data transfer from a host server via a tunnel server to a wireless device, and associating a temporary ipv6 address with a temporary ipv4 address for communicating in an ipv4 wireless network with the device
US7305481B2 (en) Connecting IPv6 devices through IPv4 network and network address translator (NAT) using tunnel setup protocol
Droms et al. Dynamic host configuration protocol for IPv6 (DHCPv6)
EP1547344B1 (en) Server, device, and communication system connected to the internet
Bound et al. Dynamic host configuration protocol for IPv6 (DHCPv6)
US7805605B2 (en) Server, terminal control device and terminal authentication method
US7830886B2 (en) Router and SIP server
JP4727126B2 (en) Providing secure network access for short-range wireless computing devices
JP3972733B2 (en) Address translation device, address translation system, and SIP server
EP1714434B1 (en) Addressing method and apparatus for establishing host identity protocol (hip) connections between legacy and hip nodes
JP4071136B2 (en) Communication system, connection device, and communication method
DE60223264T2 (en) System and method for addressing a mobile device in an ip-based wireless network
JP4028793B2 (en) Mobile terminal apparatus and inter-terminal packet communication method
US8036182B2 (en) Communication system and communication control equipment
DE602005003189T2 (en) Method and system for constructing a bidirectional tunnel
US6687252B1 (en) Dynamic IP address allocation system and method
US7415536B2 (en) Address query response method, program, and apparatus, and address notification method, program, and apparatus
EP1189411A2 (en) Packet transfer scheme using mobile terminal and router for preventing attacks using global address
US20040246991A1 (en) IP address translator and packet transfer apparatus
US20150016422A1 (en) Common mobility management protocol for multimedia applications, systems and services

Legal Events

Date Code Title Description
TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20120925

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20121008

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20151102

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20151102

Year of fee payment: 3

LAPS Cancellation because of no payment of annual fees