TW201620269A - Communication apparatus, method for controlling communication between different types of devices, and method for eliminating specificity of operational management - Google Patents

Abstract

The objective of the invention is to achieve the maintenance, operation and monitoring of a network environment by: eliminating the specificity and complexity of operational management accompanying the connection of different networks; eliminating on-site installation/adjustment operations; and improving the security. It can be ensured that: addresses for use only within a system are used to perform communications without using any addresses for use in the Internet or the like; any person can easily configure a network space on a group-by-group basis, e.g., a company-by-company basis, a department-by-department basis and a project-by-project basis; path information or the like is registered with a center that manages a network; any connection between different types of devices can be implemented; relay apparatuses acquire path information and perform mutual verifications; and all pieces of information flowing through the paths are encrypted.

Description

Communication device and heterogeneous communication control method and application management special elimination method

The present invention relates to a communication device and a heterogeneous type of communication control method and a specialized method for eliminating the use of management.

Until the mid-1980s, the computer was composed of a combination of a universal machine and an input terminal. All the processing was performed by a central universal machine, which was called the use in a closed space.

However, after importing the internal network environment of the company connected by LAN or WAN, the use of the Internet to connect the internal and external network environment of the company around 1995 has changed the computer system. Recently, the so-called cloud service has started. This form has become more and more advanced, and the connection with resources outside the company, and even the network of business globalization beyond national borders, has become a common connection. It is now important to transmit information using a secure network that transcends national borders.

Although the cloud service utilizes the Internet and pairing, the Internet must be constructed with a secure network when it is considered to be quite dangerous from the perspective of security. However, in terms of secure network connection, there is a problem of responding to complex and multiple connection forms. In order to solve this problem, so-called expensive machines, difficult network designs, and difficult networks have emerged. Road specialists ensure the new topic, and there is so-called address management, location constraints Question.

Although there is a prior art as shown in Patent Document 1, in this technique, the agent can change the address size specified by the Internet, LAN, WAN, etc. to a unique size address, but In the present invention, the address size is not changed, but the address of the size specified on the network can be directly used, and the setting of the agent or the like is not required, so that the operation is very simplified, even due to the merger between enterprises, etc. Various problems can also be solved when a problem of so-called address repetition occurs by a combination of different LANs, WANs, and the like.

Prior technical literature

Patent literature

Patent Document 1 Japanese Patent No. 4802295

In order to improve the efficiency of application management, it is necessary to form a self-supporting and decentralized system, so that the traffic is dispersed to reduce the load of the repeater, and the maintenance management function is automated according to the self-learning function. In other words, it is necessary to be able to independently structure the technology of the encryption network on the Internet.

The integration of different networks, such as address conflicts, must be addressed. Moreover, in the current technology, secure network design is not easy, to achieve as fast and unobtrusive as expected. ‧ In the operation of the network, the network design method itself must be spent, in the so-called In the network design of redistributing addresses for each application, the network is no longer simple, and there is a problem that a great investment must be made due to changes in the settings of the network device.

The present invention provides a centralized management address, which can automatically provide an address for each terminal, or can be provided by the expertise of a user who can automate the operation and maintenance management function even if the self-learning machine using the repeater can be automated. The ability to freely and securely secure the network allows anyone to simply architect and secure the network as the most important feature of the technology.

The network environment maintenance system of the present invention has the advantage of not requiring the user's expertise to simply construct a free and secure network.

100‧‧‧Network System

101‧‧‧Operation Center

102‧‧‧Certification Bureau

103‧‧‧Main console

104‧‧‧Management Network

105‧‧‧ Actual network

106‧‧‧Internet

107‧‧‧ device

108‧‧‧ Terminal software

109‧‧‧PC

111‧‧‧LAN

112‧‧‧Server

1 is an overall configuration diagram showing an example of the present invention; FIG. 2 is a diagram showing an initialization method of the apparatus; FIG. 3 is a diagram showing a method for confirming the life and death of the apparatus; FIG. 4 is a diagram of a method for updating management information of the apparatus; FIG. 6 is a device connection authentication method diagram; FIG. 7 is a terminal software login method diagram; FIG. 8 is a terminal software connection method diagram; FIG. 9 is a terminal software body cutting method diagram 1; 2; FIG. 11 is a terminal software cutting method FIG. 3; FIG. 12 is a bit address conversion method diagram; FIG. 13 is a bit address conversion example transmission diagram; FIG. 14 is a bit address conversion example return diagram.

1 is a schematic overall view of an exemplary network system according to an embodiment of the present invention.

The present invention manages network information by unifying, and reduces the complexity of network design, composition, and management workloads until now, in order to provide efficiency for the network from being isolated from the Internet by logic. The network threat is protected, and the operation center 101, the certification authority 102, and the main control station 103 constitute a management network 104.

The terminal software 108 is a software of the present invention installed in a terminal of a PC, a portable multi-function information terminal including a tablet computer or a smart phone, and the PC 109 is a PC in which the software of the present invention connected to the network is not installed, and includes a tablet type. Portable multi-function information terminal for computers or smart phones. The device 107 is connected to the device 107 via the terminal software 108 and the PC 109, the LAN 110 or the Internet 106. When the device 107 is connected to the operation center 101 via the management network 104 and authenticated as a regular user by the certification authority 103, the device 107 constructs an actual network. The path 105 uses the meshed actual network 105 to perform encrypted communication with the terminal software 108 or the PC 109 for secure data exchange.

The actual network of the present invention is constructed as follows by the software and device architecture independently named by the inventor and the applicant.

‧Operation Center 101

Management network information, having the actual address management functions necessary to construct a network that is logically isolated from the existing Internet, is only used within the actual network of the present invention, and will be in the network system 100. The events occurring within the log are recorded as log function or certificate authority 102, which has operations for the administrator to perform according to the GUI. The main control station 103.

As described above, the actual address is the management code for re-establishing the present invention, and the identification code of the device, the device, the service, the software, and the like for specifying the transmission destination when the communication device or the like used in the present invention transmits the data.

‧ Certification Bureau 102

When the device 107, the terminal software 108, the PC 109, and the like use the actual network 105, there is a certification authority that manages the public key certificate issuing management function of the certificate that determines whether it is a regular user.

‧Main console 103

It is a GUI client of the operation center 101, and performs information input, update, deletion, reference processing, and utilization of the operation center 101 information of the operation center 101 to create necessary information.

‧Management network 104

In order to operate and manage the actual network of the present invention, the console 103 is connected to the operation center 101, so that the terminal software 108, the PC 109, and the like obtain an encrypted secure communication path for authentication by the authentication center 102 via the operation center 101.

‧ actual network 105

The secure communication path of the present invention for encrypted communication between the device 107 or the terminal software 108, the PC 109, and the like.

‧Internet 106

A computer network that utilizes Internet Protocol.

‧Device 107

It has the function of communicating with the operation center 101, provides the security function, the control function of the actual network 105, and controls the communication from the terminal software 108 and the PC 109.

‧ Terminal 108

A client software of the present invention installed in a PC, a portable multi-function information terminal including a tablet computer or a smart phone.

‧PC109

A universal device such as a PC, a portable multi-function information terminal including a tablet computer or a smart phone.

‧LAN110

General regional network.

Fig. 2 is a view showing the initial setting of the present invention. The purpose of the initial setting is to set the safe owner information of the actual network of the present invention in the operation center 101 when the actual network of the present invention is secure in the new architecture, and constitute a group under the owner configuration. The initial setting of the device 107 provided at each setting destination is to automatically connect the device 107 to the device 107 by connecting the device 107 to the Internet at each setting destination, and to connect the device 107 to the management network. set up.

The owner information input 201 of FIG. 2 is input operator, department name, mail address, FAX number, TEL number, general place and other information as the owner information of the operation center 101, and receives the input owner information. The owner information login 202 is to use the hash function to convert the general address to the only actual address used in the actual network of the present invention, and automatically generate the actual network information such as the actual network name and the actual network information used in the actual network. The information and the actual network information are registered in the management information of the operation center 101. The device information input 203 is device information of the input device, the serial number, the connection condition to the general network, and the like, and the device information registration 204 that has received the input device information is connected to the operation center 101 as the device 107. Information, agreement, gate The track or the like is registered as the connection information in the database of the operation center 101, and the automatically generated temporary ID, password, certificate information, and the like are registered as the authentication information in the encrypted database of the certification authority 102. The connection information encryption 206 encrypts the connection information when the device 107 is connected to the operation center 101 by using the common key encryption method, and writes the encrypted information to the medium. As a result, if the installation location of the main control station 103 is performed, the connection information creation operation when the device 107 is connected to the operation center 101 can be performed anywhere, so that the work efficiency can be optimized. Furthermore, in the present invention, since the connection information is used as an initialization key when the device 107 is connected to the operation center 101, the encrypted connection information may be referred to as an initialization key. The mail transfer initialization key 207 is a manager who transfers an initialization key to a device setting destination by mail or the like. The encryption keys used to encrypt the connection information using the encrypted connection information 206 are generated and shared using an independent algorithm. The mailing 208 is a setting place manager who mails the device 107 to the device 107 written to the management information of the operation center 101 by mail. The information acquisition 210 is to write the device 107 sent to the installation location of the device 107 to the external memory medium with an initialization key received by mail or the like, and the external memory medium is connected to the device 107 by the decryption 211 of the initialization key. Enter the memory in the external memory media initialization key and common encryption key. The decryption 211 of the initialization key is a common encryption key using an external memory medium, decrypts the encrypted initialization key of the external memory medium, and extracts information for connecting the device 107 to the operation center 101. The connection operation center 212 connects the device 107 and the operation center 101 by encrypted communication using the decrypted initialization key. The authentication 213 is a temporary ID, a password, and a certificate confirmation device 107 transmitted from the device 107. When it is not possible to authenticate as a regular, error handling 214 is performed and the error content is output to the log. Be able to authenticate In the case of the actual network transmission 215, the actual network information of the present invention is transmitted to the device 107 for the device 107 to create an existing address, the actual address of the present invention, and the like. The device 107 receives the actual network information using the actual network receiving process 216, and the device configuration process 217 enables the device itself to be initially connected to the actual network.

Fig. 3 is a view showing the life and death monitoring of the apparatus of the present invention.

The operation center 101 and other devices 107 recognize the life and death of the device 107. When the operation center 101 and other devices 107 determine that it is not suitable as a member of the actual network, the target device 107 is deleted from the actual network, and the remaining devices are utilized. 107 re-architects the actual network of the present invention, and records the execution status in the log to achieve the purpose of notifying the administrator of the status.

The situation detection 301 of FIG. 3 is that the device 107 periodically performs self-detection of the device 107 itself, and confirms the status of the device 107 itself, and encodes the operation state determined in advance by the operation center 101. The status notification 305 is to periodically transmit the encoded operational status to the operation center 101. The notification detection 306 waits for the operation status notification from the device 107 within a predetermined period of time, and does not receive the operation status notification from the device 107 for a certain period of time. Even if the operation status notification request is made to the device 107, the operation is not performed from the device. In the case of the status notification, the information of the specific device 107, which is the installation location of the device 107 or the actual address of the device 107 determined by the present invention, is output as the no-operation status notification information to the error log. When there is an operation status notification from the device 107 but the operation status notification content is an error, the information that can specify the device 107 is output as an error message to the error log. In from When the operation status notification information of the device 107 is a fatal error, it is recorded as a fatal error of the device in the management information, and the device 107 other than the device 107 having such notification is not available because the device 107 thus notified is not available. , used as information used to exclude from the actual network. In the notification detection 306, the operation center 101 receives the operation status notification and the operation status notification has no error within a certain period of time, and in the case where the setting content of the device 107 has changed, the operation center 101 saves it with itself. The information of the device 107 is compared, the changed information is used as the new device 107 information, and the information change processing 314 is used to update the management information of the operation center 101.

FIG. 4 shows the case where the management information of the operation center 101 is updated, and the device 107 of the same group acquires management information from the operation center 101, and constructs a new actual network.

The management information judgment 401 determines whether the management information is updated. When it is determined that the management information is updated, the management information conversion 402 makes the management information into the transmission data. The management information transfer request 403 of the slave device 107 requests the operation center 101 to transfer the management information, and the operation center 101 that receives the request transmits the management information to the device 107 by using the management information transfer 404. The device 107 that receives the management information executes the confirmation command of the communication status of the OS of the device 107, obtains the latest information on how the communication status of the device 107 itself is constructed, and compares the received management information with the communication status of the device 107 itself. When the other device 107 is added or removed from the management information, the device 107 is not able to perform all communication with the target device 107, and the exclusion process end report 410 is used to notify the operation center 101 of the target device exclusion report. .

At this time, in the case where there is an added device, the device addition processing is performed (see See Figure 6).

When the forced removal processing of the device 107 is performed by the forcible disconnection 412 from the master station, the other device 107 of the group to which the forced exclusion device 107 belongs is simultaneously notified to the forced exclusion device 107. The main control station 107 that has received the notification immediately processes the communication with the device 107 that has been forcibly excluded, and uses the exclusion processing end report 410 to notify the operation center 101 of the target device exclusion report.

FIG. 5 is for the purpose of reporting an urgency error to the manager when the emergency log is confirmed from the latest log of the operation center 101.

In the log processing of the operation center 101, the confirmation of the log secured by the database of the operation center 101 is periodically performed. When the log is newly added after the last confirmation, when the new log is read and the urgency determination processing 503 determines that the log content is urgency, the emergency content is edited by the notification content editing processing 504, and the notification destination is secured. The process 505 ensures that the destination is notified, and the manager is notified by mail or the like.

FIG. 6 shows that when the new device 107 is added to the same group, it is confirmed that the device 107 is physically connected to the other device 107 and becomes a constituent member of the new actual network.

When the new device 107 is added by the process such as the death and death check, the firewall setting 601 and the firewall setting 603 are used to change the setting of the firewall so that the communication with the counterpart device 107 can be performed. The connection request 602 is a communication connection request to the counterpart device 107. Although the communication connection requirements are mutually performed, the receiving communication connection request side immediately switches to the connection response 604. The connection response 604 is to notify the counterpart device 107 of the completion of the connection preparation. The device 107 that has received the connection preparation completion transmits the ID, the password, the certificate, and the like to the counterpart device 107 from the change management information received by the operation center 101 by the password authentication 605. The device 107 that has received the ID, the password, the certificate, and the like uses the authentication OK 606 to compare the ID, the password, and the certificate from the change management information received by the operation center 101. When the comparison cannot be confirmed, the FW communication is not allowed to be used 607. The firewall setting is changed to forcibly cut off communication with the counterpart device 107. When the comparison can be confirmed, the communication permission 608 is used to give the communication permission to the counterpart device 107, the encrypted connection is established by the encrypted connection 609 and the encrypted connection 610 is established, and the device 107 uses the encrypted connection to complete the report 611 and the encrypted connection completion report 612. The encrypted communication B report operation center 101 is established, the operation center 101 receives the report by the reception encrypted connection completion report 613, and the device addition processing end record 614 is used to add the device to the management information recorded in the operation center 101.

The purpose of FIG. 7 is to cause the operation center 101 to issue a certificate for the terminal software 108 by instructing the operation center 101 from the main control station 103 when the terminal software 108 is newly installed, and to encrypt the issued certificate. The encrypted certificate and the connection information are transmitted as new terminal software 108 to the administrator of the PC or the like to be added.

The customer certificate issuance instruction 701 and the customer certificate issuance instruction 702 are from the main control station 103 to the operation center 101 when the new terminal software is installed on a PC, a portable multi-function information terminal including a tablet computer or a smart phone. The certification authority 102 activates the client certificate issuance process 702, and creates a version of the certificate, a serial number uniquely assigned by the certification authority 102, a signature method of the public key certificate, and the like as a certificate for the terminal software 108. The setting information connection 703 links the foregoing processing and is issued by the customer certificate issuing 702. The certificate of the line and the operation center information, the extension setting information, as the terminal software connection information, the terminal software connection information is encrypted by the encryption 704, and the terminal software connection information 705 is transmitted to the administrator of the terminal software 103 by using the terminal software to connect the information mail or the like. 705 sends the terminal software connection information and other communication means, or writes the encrypted terminal software connection information to the external memory medium by mail or the like, and the administrator of the terminal software 103 receives the information mail or the like by using the terminal software to receive 706. Receive by means of mail or other means of communication or by mail. The administrator of the terminal software 103 performs the processing of the terminal software installation 707, and installs the terminal software in a PC, a portable multi-function information terminal including a tablet computer or a smart phone. Next, the administrator of the terminal software 103 decrypts the encrypted terminal software connection information by using the connection information decryption 708 to the PC, the portable multi-function information terminal including the tablet computer or the smart phone, and decrypts the terminal software 103. The ID is used to create a unique ID such as a PC set by the terminal software, a portable multi-function information terminal including a tablet computer or a smart phone, and the like. By using the terminal software connection information, the terminal software control center authentication 711 is connected to the operation center 101, and the authentication request is made, and the authentication OK 712 is used for the authentication confirmation. When the authentication is identifiable, the terminal software registration 713 is used as the login information. The PC that has completed the terminal software setting, the individual information such as the portable multi-function information terminal including the tablet computer or the smart phone, and the like are registered in the database of the operation center 101, and the terminal software 108 notifies the completion of the registration. When the authentication OK712 cannot be used for authentication, it will not be able to verify that the B event is output to the error log, and the communication with the matching terminal software is cut off.

Figure 8 is a diagram of the terminal software 108 passing through the device 107 and the actual network. When the operation at the time of disconnection of the road and the additional deletion of the device 107 from the main control unit 103 or the inconvenience of the device 107 are changed, the device 107 that is affected by the change is pushed by the operation center 101. The processing in the case of notifying the new situation or the periodic inquiry by the device 107 to the operation center 101 is performed by the operation center 101.

The authentication request 801 of FIG. 8 is an authentication request for connection from the terminal software 108 to the operation center 101. When the authentication is possible, the operation center 101 checks the presence or absence of the device 107 to which the terminal software 108 is connected by the connection destination device confirmation 803. When there is no connected device 107, the connectionless destination is transmitted to the terminal software 108 to cut off the return line. When there are a plurality of connected devices 107, the optimal device 107 is determined by the optimal device search 804 from the minimum number of connections at the current point, and the global IP address of the terminal software 108 is connected to the device 107 by the connection permission indication 806. The connection information is transmitted to the device 107, and the setting of the firewall is changed by the connection preparation processing 807 so that the communication from the terminal software 108 can be received, and the connection preparation completion report 808 is reported to the operation center 101 and the terminal software 108 at the stage of setting completion. The connection is ready to be completed. The operation center 101 uses the connection destination device notification 809 to connect the terminal software 108 to the general address of the device 107, and the terminal software 108 determines the communication protocol according to the received connection method, and connects the authentication information transmission 810 to the ID, The password, the certificate, and the like are transmitted to the device 107, and the operation center 101 confirms the received ID, password, certificate, etc., and if it is acknowledgable, it can recognize the event B to the terminal software 108. The terminal software 108 performs encrypted communication with the encrypted data communication 813 of the device 107 by the encrypted data communication 812, and the device 107 transmits the received information to the destination.

Figure 9, Figure 10, Figure 11 are based on any indication, or return line The situation is deteriorated and the return line is cut off.

In the case where the return line disconnection instruction 901 of the terminal software 108 has the return line disconnection instruction, the device 107 transmits the return line disconnection message by the return line disconnection message 902, and the device 107 that receives the return line disconnection message uses the return line cutting process 903. The loop is cut off, the connection with the terminal software 108 is blocked, and the disconnection report 904 is used to report to the operation center 101 that the loop with the terminal software 108 has been disconnected.

FIG. 10 shows a phenomenon in which the generation device 107 cannot communicate with the terminal software 108 in the communication between the terminal software 108 and the device 107, and the possibility that the generation device 107 cannot communicate with the terminal software 108 is determined by the non-response 1001. In the next step, the device 107 monitors the life of the client 108 by the device 100. When the communication is not possible for a certain period of time, the device 107 performs the disconnection process by the disconnection 1004, and the disconnection report 1005 transmits the disconnection report to the operation center 101.

11 is an instruction to disconnect the device software 108 connected to the terminal software 108 via the operation center when the main control station 103 performs the disconnection instruction of the terminal software 108 and the device 107 by the disconnection instruction 1101, and the device 107 that receives the instruction uses the terminal software. The cutting 1104 is performed to perform the cutting process, and the cutting center report is transmitted to the operation center 101.

Figure 12 is a solution to the so-called network address repetition that occurs when a plurality of different networks based on different technical ideas are integrated into a single network, and at the same time, by using a single invention. The address addresses the addresses of multiple servers with different addresses, reducing the number of addresses, cutting costs, and simplifying application management.

An explanatory diagram is constructed when the terminal software 108 or the PC 109 transmits data to the server 112 that configures the data on a different network. The data transmitted by the terminal software 108 or the PC 109 is transmitted to the data of the device 107, and the data is analyzed by the data format analysis 1202, and the data is transmitted to the server or the like provided in the present invention, or transmitted to the general external network. road. The judging method compares the transfer destination address of the transfer data with the conversion table held in advance by the device 107, and transfers the present invention when there is a login, and constitutes a general external transfer when not registered. When the data format analysis 1202 is judged to be a general external transmission, general network processing is performed to transfer the data to the outside.

In the case where it is determined that the transmission is performed within the present invention, the communication from the terminal software 108 or the PC 109 to the server is performed at the actual address possessed by the opposite device 107. The actual address is an address that does not exist in the network to which the terminal software 108 or the PC 109 that is the transmission source belongs. By using this method, communication can be performed even if the terminal software 108 or the PC 109 overlaps with the network to which the server belongs and the address is repeated.

The address is converted by the address conversion A1205 in accordance with the conversion table held in advance by the device 107, and transmitted to the opposite device 107. An example of the conversion method is shown in FIG. The reason for the conversion is to make the path to the opposite device 107 use a communication route such as a general Internet, so that the general communication device can transmit the data to the opposite device 107. The device 107 that receives the data transmits the data to the server 112 that is the destination by using the address conversion B1206 in accordance with the conversion table conversion address when the destination is in accordance with the address of the previously held conversion table. In the case of the case of the present description, it is necessary to make the destination conform to the conversion table, and the state processing is performed because the data is divided into a plurality of packets for transmission/reception. The server 112 that receives the data processes the received data by using the data receiving 1207, and uses the data backhaul 1208 to make the returned data. The transmission destination address of the returned data is the transmission of the received data. The source, the transmission source is the address of the server itself, and the returned data is transmitted to the device 107. The device 107 that received the return data performs state processing using the address translation C1209, and the conversion address transfers the data to the opposite device 107. An example of the conversion method is shown in FIG. The device 107 that has received the returned data is subjected to address conversion by the address processing using the address conversion D1210, and transmitted to the destination terminal software 108 or the PC 109, and the terminal software 108 or the PC 109 receives the data by using the material reception 1211.

Industrial availability

In the future, it is predicted that the secure confidential communication technology of the cloud service that is becoming more and more prosperous will surpass the so-called space in Japan and abroad, and it is possible to simply set up the application technology that uses the labor that is set up without special knowledge.

100‧‧‧Network System

101‧‧‧Operation Center

102‧‧‧Certification Bureau

103‧‧‧Main console

104‧‧‧Management Network

105‧‧‧ Actual network

106‧‧‧Internet

107‧‧‧ device

108‧‧‧ Terminal software

109‧‧‧PC

111‧‧‧LAN

112‧‧‧Server

Claims (4)

A communication technology that automatically attaches a system that is already a unique address to an existing network that has been set to an address such as a PC or a server, and manages the address that has been set in the PC or the server, and uses the present invention. The two addresses of the address are not modified, and the address that has been set is not modified, and the address is set or the address set by the present invention is used to communicate with the security confidentiality. An address management technology, in the configuration of a device, the address of the network in which the device is installed is set in the device, and the address set in the device is stored in the control center, and the address is set to be based on the address of the device. The actual address is stored in the device and the control center, and the actual address stored in the storage is used as the actual address for the PC, the server, etc. connected to the device, and the PC, the server, etc. are allocated from the originally existing network. The addresses to be addressed are managed together. An automatic address generation technology, which automatically allocates an address and a 埠 number or an identification code in an existing network based on an address assigned to an existing network, and filters out unused addresses and 埠 numbers or identification codes. The address and identification number or identification code becomes the new address. A communication technology that combines multiple different networks based on different technical ideas into a single network, and enables data to have secure confidentiality for communication. The device receives information from a server or PC, terminal software, etc. Transfer request, before The device analyzes the received data, and compares with the conversion table held by the device, and when the transfer destination address is registered, it forms a transfer to the server or PC set in the present invention, and does not log in at the transfer destination address. When it is transmitted to a general external network, when it is transmitted to a general external network, the same operation as that of a general communication device is performed, and the data is transmitted to the general network, for the server set in the present invention or In the case of transmission by a PC or the like, the data on the general network is converted to be stored in the destination address and the transmission source address of the data in order to avoid the address duplication with the general communication device or the general communication device. The foregoing device is unique and enables the general communication device to transmit the address of the data to the target opposite device, transmit the data to the opposite device, receive the data from the opposite device, analyze the transmission destination address of the received data, and use the device The saved table converts the source address address to a address recognizable by the network to which the aforementioned opposite device belongs, The data is transmitted to the target server, PC, etc., and the server or the PC receives the data, and the server or the PC that receives the data uses the same method as the general network communication as the return data, and the data is received at this time. The transmission source is the transmission destination, and the transmission destination is set to the address of the aforementioned server or PC, etc., because the transmission data is transmitted to In the foregoing opposite device, the foregoing opposite device receives state processing of the return data, and the converted address transmits the returned data to the device, and the device that receives the back data is also used for address conversion by using state processing. The data is transmitted to a server, a PC, a terminal software, etc., which is the source of the destination, and the source server, PC, terminal software, etc. receive data.