WO2004051937A1 - ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム - Google Patents
ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム Download PDFInfo
- Publication number
- WO2004051937A1 WO2004051937A1 PCT/JP2003/015475 JP0315475W WO2004051937A1 WO 2004051937 A1 WO2004051937 A1 WO 2004051937A1 JP 0315475 W JP0315475 W JP 0315475W WO 2004051937 A1 WO2004051937 A1 WO 2004051937A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- user
- information
- communication
- communication information
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2571—NAT traversal for identification, e.g. for authentication or billing
Definitions
- the present invention relates to a user identification system, a user identification device, a user identification method, an address conversion device, and a program.
- the present invention relates to a user identification system, a user identification device, a user identification method, an address translation device, and a program for identifying a user of a user terminal that has communicated via two networks having different address systems.
- This application is related to the following Japanese patent application. For those designated countries that are permitted to be incorporated by reference to the literature, the contents described in the following application are incorporated into this application by reference and are incorporated as part of the description of this application.
- the provider will provide information provided by the person who allegedly infringed his rights, for example, It is desirable to be able to identify the sender based on the IP address of the caller.
- an object of the present invention is to provide a user identification system, a user identification device, a user identification method, an address conversion device, and a program that can solve the above-mentioned problems.
- This object is achieved by a combination of features described in the independent claims.
- the dependent claims define further advantageous embodiments of the present invention. Disclosure of the invention
- a user who is arranged in a first network of a first address system and has performed communication on a second network of a second address system
- a user identification system for identifying a user of a terminal, the relay system being located in a first network and communicating with a plurality of user terminals in the first network, and a communication by a user terminal via the relay device.
- a user authentication device that stores user authentication information assigned to each user as information for performing authentication for permission in association with terminal identification information of a user terminal that has been authenticated by the user authentication information; and a user terminal.
- a first storage device that stores the terminal identification information of the terminal and the first address of the first address system assigned to the terminal identification information in association with each other;
- a second storage device that stores one address in association with a second address of the second address system assigned to the first address, a user authentication device, a first storage device, and a second storage device
- a user identification device that identifies a user of a user terminal that has performed communication on the second network based on information stored in the device.
- the user identification device uses the user authentication information and terminal identification information stored in the user authentication device.
- the first communication information acquisition unit acquires the first communication information associated with the terminal information, and acquires the second communication information associated with the terminal identification information stored in the first storage device and the first address.
- a second communication information acquiring unit for acquiring the third communication information in which the first address stored in the second storage device and the second address are associated with each other; and a designated second address. The first address associated with the first address is detected based on the third communication information, the terminal identification information associated with the first address is detected based on the second communication information, and the first address is associated with the terminal identification information.
- a user terminal detecting unit for detecting the user authentication information based on the first communication information.
- the relay device When receiving a communication request from the user terminal, acquires the user authentication information and the terminal identification information from the user terminal and transmits the information to the user authentication device, and the user authentication device receives the user authentication information received from the wireless communication device. Authenticates the information, and if authentication using the user authentication information is successful, sets the relay device to allow the user terminal to communicate via the relay device, and transmits the first communication information to the user identification device. May be.
- the first storage device is a DHCP server that assigns a private IP address that is the first address to the MA C address that is the terminal identification information, and assigns a private IP address to the MA C address.
- the second communication information may be transmitted to the user identification device.
- the first storage device has an ARP table that stores the MAC address that is the terminal identification information and the private IP address that is the first address assigned to the MAC address in association with each other. It is an ARP server that can send the second communication information to the user identification device when it receives an ARP request from a user terminal.
- the second storage device connects the first network to the second network, and includes an address conversion device that allocates a global IP address as a second address to a private IP address as a first address.
- an address conversion device that allocates a global IP address as a second address to a private IP address as a first address.
- the third communication information may be transmitted.
- a user that is located in the first network of the first address system and specifies the user of the user terminal that has performed communication in the second network of the second address system
- a specific system which is located on the first network and communicates with a plurality of user terminals in the first network, and authentication for permitting communication of the user terminal via the relay device with the first relay device
- a user authentication device that associates and stores user authentication information assigned to each user as information for performing authentication and terminal identification information of a user terminal that has been authenticated by the user authentication information; and a terminal of the user terminal.
- a first communication information storage unit that stores the identification information and the first address of the first address system assigned to the terminal identification information in association with each other;
- a second communication information storage unit that stores the second address of the second address system assigned to the first address in association with each other, and terminal identification information and the first address that are stored in the first communication information storage unit. Terminal identification information and the second address based on the first communication information associated with the first communication information and the second communication information associated with the first address and the second address stored in the second communication information storage unit.
- a second relay device having a user identification information generation unit that generates user identification information associated with the user interface, the communication information stored in the user authentication device, and the user identification information generated by the second relay device.
- a user specifying device for specifying the user of the user terminal that has performed communication on the second network.
- the user identification device includes a first communication information acquisition unit for acquiring first communication information in which the user authentication information stored in the user authentication device and the terminal identification information are associated with each other, and a terminal identification information stored in the second relay device.
- a fourth communication information acquisition unit for acquiring user identification information in which the information is associated with the second address, and detecting terminal identification information associated with the designated second address based on the user identification information;
- a user terminal detection unit that detects user authentication information associated with the terminal identification information based on the first communication information.
- the first network of the first address system is provided.
- Relay device that communicates with a plurality of user terminals in the first network, and user authentication information assigned to each user as information that authenticates the user terminal to allow communication via the relay device
- a user authentication device that stores the terminal identification information of the user terminal that has been authenticated by the user authentication information in association with the terminal identification information of the user terminal and the terminal identification information assigned to the terminal identification information of the user terminal.
- a first storage device that stores the first address of the 1-address system in association with the first address, and stores the first address in association with the second address of the second address system assigned to the first address.
- the second address of the user identification system having the second storage device based on the communication information stored in the user authentication device, the first storage device, and the second storage device.
- a user identification device that identifies a user of a user terminal that has communicated in a second network of the system, and obtains first communication information in which user authentication information stored in the user authentication device is associated with terminal identification information.
- a third communication information acquiring unit for acquiring third communication information in which the first address and the second address are associated with each other, and converting the first address associated with the specified second address into the third communication information. Detecting the terminal identification information associated with the first address based on the second communication information, and detecting the user authentication information associated with the terminal identification information based on the first communication information. You And a The terminal detection unit.
- the third communication information acquisition unit is configured to store the third address stored in the second storage device in which the first address and the second address are associated with a destination address of a bucket having the second address as a source address.
- the communication information may be acquired, and the user terminal detection unit may detect the first address based on the specified second address and destination address.
- a communication information storage unit that stores the time at which the first communication information, the second communication information, and the third communication information are obtained, in association with the first communication information, the second communication information, and the third communication information;
- the user terminal detection unit is provided when the communication information storage unit stores With reference to the time, the first address associated with the specified second address is detected, the terminal identification information associated with the first address is detected, and the terminal identification information is associated with the first address.
- User authentication information may be detected.
- a relay device arranged on the first network of the first address system and communicating with a plurality of user terminals in the first network, and a relay device by the user terminal Authentication device that stores user authentication information assigned to each user as information for performing authentication for permitting communication via a terminal and terminal identification information of a user terminal that has been authenticated by the user authentication information in association with each other.
- a first storage device for storing the terminal identification information of the user terminal in association with the first address of the first address system assigned to the terminal identification information; and a first address and the first address.
- a user authentication device of a user identification system including a second storage device that stores a second address of a second address system assigned to an address in association with the second address system;
- a relay device arranged on the first network of the first address system and communicating with a plurality of user terminals in the first network, and a relay device by the user terminal Authenticate to allow communication through A user authentication device that stores user authentication information assigned to each user as information in association with terminal identification information of a user terminal that has been authenticated by the user authentication information; and terminal identification information of the user terminal and the terminal.
- a first storage device for storing the first address of the first address system assigned to the identification information in association with the first address, and a second address assigned to the first address and the first address; Based on communication information stored in the user authentication device, the first storage device, and the second storage device of the user identification system including a second storage device that stores the second address of the address system in association with the second storage device.
- a program for a user identification device that identifies a user of a user terminal that has communicated on a second network of a second address system, wherein the user identification device includes a user authentication device.
- a first communication information acquisition unit for acquiring first communication information in which user authentication information stored in the first storage device is associated with terminal identification information, and terminal identification information stored in the first storage device and the first address are associated with each other.
- a user that is located in the first network of the first address system and identifies the user of the user terminal that has performed communication in the second network of the second address system
- a specific system which is located in the first network and performs relaying for communicating with a plurality of user terminals in the first network, and performs authentication for permitting the user terminal to communicate via the relaying device.
- a user authentication device that stores user authentication information assigned to each user as information in association with terminal identification information of a user terminal that has been authenticated by the user authentication information, and a first address of a first address system And the second address of the second address system, and communicate between the first and second networks.
- a user identification device that identifies the user of the user terminal that has communicated on the second network based on the user identification information generated by the address conversion device.
- the address conversion device includes: a first communication information acquisition unit that acquires first communication information in which the user authentication information stored in the user authentication device and the terminal identification information are associated; a terminal identification information of the user terminal; A second communication information storage unit for storing second communication information in which the first address of the first address system assigned to the information is associated with the first address, and a second address for the first address and the first address; A third communication information storage unit for storing third communication information in which the second address of the allocated second address system is associated with the first communication information, the second communication information, and the third communication information; A user identification information generation unit that generates user identification information in which the second address and the user authentication information of the user terminal that has performed communication in the second network using the second address are associated with the second address. You .
- the first address of the first address system and the second address of the second address system are mutually converted, and the first network of the first address system is converted.
- An address conversion device for relaying communication between the terminal and a second network of the second address system wherein the address conversion device is arranged on the first network and communicates with a plurality of user terminals by a user terminal via a relay device.
- User authentication information assigned to each user as information for performing authentication for permitting communication by a user terminal from a user authentication device that performs authentication for permitting communication, and a user terminal that has been authenticated based on the user authentication information.
- a first communication information acquisition unit for acquiring first communication information in which the terminal identification information is associated with the terminal identification information, and a first address assigned to the terminal identification information and the first address.
- a second communication information storage unit that stores the associated second communication information, an address conversion unit that assigns a second address to the first address, and a first address and the first address
- a third communication information storage unit that stores third communication information associated with the assigned second address; and a second communication information storage unit that stores the second communication information based on the first communication information, the second communication information, and the third communication information.
- Address and A user identification information generation unit that generates user identification information associated with user authentication information of a user terminal that has performed communication in the second network using the second address.
- FIG. 1 shows an example of a system configuration of a user identification system 10 according to the first embodiment.
- FIG. 2 shows an example of a block configuration of the user identification device 22 according to the first embodiment.
- FIG. 3 shows an example of the data configuration of the communication information storage unit 108 according to the first embodiment.
- FIG. 4 shows an example of a user identification method of the user identification system 10 according to the first embodiment.
- FIG. 5 shows an example of a hardware configuration of the user identification device 22 according to the first embodiment.
- FIG. 6 shows an example of the configuration of the user identification system 30 according to the second embodiment.
- FIG. 7 illustrates an example of a block configuration of a router 32a according to the second embodiment.
- FIG. 8 shows an example of a block configuration of a user identification device 34 according to the second embodiment.
- FIG. 1 shows an example of a system configuration of a user identification system 10 according to the first embodiment of the present invention.
- the user identification system 10 is located on a LAN (Local Area Network) 12a or 12b, and wirelessly communicates with a plurality of user terminals 14a to 141 on the LAN 12a or 12b.
- Wireless LAN stations 16a to 16d, routers 20a and 20b connecting the LANs 12a and 12b and the Internet 18, and internet 18 Authentication to permit communication between the user identification device 22 for identifying the user of the first terminal and the user terminals 14a to 41 via the wireless LAN stations 16a to 16d or the routers 20a and 20b.
- RAD IUS servers 24a and 24b to be used.
- the LANs 12a and 12b are examples of the first network of the first address system of the present invention, and the Internet 18 is the second network of the second address system of the present invention.
- the wireless LAN stations 16a to 16d and the routers 20a and 20b are examples of the relay device of the present invention, and the RAD I US servers 24a and 24b are examples of the user authentication device of the present invention. It is.
- the relay device of the present invention is not limited to the wireless LAN stations 16a to 16d, and is a device that performs wired communication such as a switching hub having a function of restricting communication such as a VLAN (Virtual LAN) function. There may be.
- the LANs 12a and 12b are constructed by, for example, public wireless LAN services, and communication between user terminals is performed by the VLAN function of the wireless LAN stations 16a to 16d or the routers 20a and 20b. Limited.
- the private IP address is an example of a first address of the first address system of the present invention
- the global IP address is an example of a second address of the second address system of the present invention.
- the second address of the second address system of the present invention may include a global address IP address and a port number.
- the wireless LAN stations 16a to 16d when receiving a communication request from the user terminals 14a to 141, use the wireless LAN stations by the user terminals 14a to 141.
- the user authentication information assigned to each user as the information for performing authentication for permitting communication via the sections 16a to 16d, and the terminal identification information of the user terminals 14a to l41.
- the MAC address is obtained from the user terminals 14a to 141, and transmitted to the RAD IUS server 24a or 24b.
- the user authentication information is, for example, a user ID, a password, or the like.
- the RAD I US servers 24a and 24b authenticate the user authentication information received from the wireless LAN stations 16a to 16d, and when the authentication based on the user authentication information is established, the user having the user authentication information.
- the wireless LAN stations 16a to 16d are set to allow the terminal to communicate via the wireless LAN stations 16a to 16d, and the user authenticated by the user authentication information and the user authentication information are established. It stores the MAC address of the terminal in association with it, and associates the user authentication information with the MAC address and transmits the first communication information to the user identification device 22.
- the RAD IUS servers 24a and 24b replace the user authentication information.
- the VLAN name and the MAC address may be associated with each other and transmitted to the user identification device 22 as the first communication information.
- the RAD IUS server 24a or 24b may transmit the first communication information using, for example, Sys 1 og Message, or may use SNMP (S impienet et wo rk Ma na g e ment Protocol). The first communication information may be transmitted using Trap.
- the RAD I US servers 24a and 24b may be located in the LAN 12a or 12b as shown in FIG. 1, or may be located on the Internet 18. Les ,.
- the routers 20a and 20b are an example of the first storage device of the present invention, and store the MAC addresses of a plurality of user terminals and the private IP addresses assigned to the MAC addresses. Store them in association.
- Routers 20a and 20b have a DHCP server, which is private to the MAC address of the user terminal. 1 Allocate and release address.
- the norators 20a and 20b associate the MAC address with the private IP address and transmit the second communication information to the user identification device 22.
- the routers 20 a and 20 b transmit the second communication information to the user identification device 22 when, for example, a private IP address is assigned to the MAC address.
- the routers 20a and 20b transmit the second communication information to the user identification device when the private IP address is released, for example.
- the routers 20a and 20b serve as an ARP server including an ARP table for storing the MAC address of the user terminal and the private IP address assigned to the MAC address in association with each other. Having. Then, the routers 20a and 20b associate the MAC address with the private IP address and transmit it to the user identifying device 22 as second communication information.
- the routers 20a and 20b transmit the second communication information to the user identification device 22, for example, when receiving the ARP request from the user terminal. Also, the routers 20a and 20b may transmit the second communication information to the user identification device 22 when, for example, returning an ARP reply to the user terminal. Also, the routers 20a and 20b may transmit the second communication information using, for example, Sys 1 og Message, or may transmit the second communication information using TraP of SNMP. Good.
- the routers 20a and 20b are an example of the second storage device of the present invention, and store the private IP address assigned to the user terminal and the global IP address assigned to the private IP address. Store.
- the routers 20a and 20b each have an address conversion device that assigns a global IP address to a private IP address, and converts the private IP address of the received bucket and the global IP address. It converts each other and relays communication between the LAN 12a or 12b and the Internet 18. Then, the routers 20a and 20b associate the stored private IP address with the global IP address and transmit the third communication information to the user identification device 22.
- Router 2 0a and 20b transmit the third communication information to the user identification device 22, for example, when a global IP address is assigned to a private IP address. Further, the routers 20a and 20b may transmit the third communication information using, for example, Syslog Message, or may transmit the third communication information using an SNMP Trap.
- the routers 20a and 20b may transmit the third communication information to the user identification device 22, for example, when releasing the global IP address. If the routers 20a and 2Ob have the IP masquerade function, the private IP address assigned to the user terminal, the global IP address assigned to the private IP address, Store port number and private
- the routers 20a and 20b further associate the private IP address and the global IP address with the destination address of the packet having the global IP address as the source address, and (3) User identification device as communication information
- the routers 20 a and 20 b may transmit the third communication information to the user identification device 22 when relaying communication between the user terminal and the Internet 18, for example.
- the user identification device 22 determines the Internet 1 based on the first communication information stored in the RAD I US servers 24a and 24b and the second communication information and the third communication information stored in the routers 20a and 20b. Detects the user authentication information of the user terminal that communicated in step 8, and identifies the user of the user terminal based on the user authentication information. Note that the user identification device 22 may be arranged on the Internet 18 as shown in FIG. 1, or may be arranged in the LAN 12a or 12b.
- the routers 20a and 20b send the source IP addresses of the buckets received from the user terminals 14a to l41 to the routers assigned to the user terminals 14a to 141.
- the private IP address is converted to a global IP address assigned to the router 20a or 20b and transmitted to the Internet 18. Therefore, it is not possible to identify the user terminals 14a to 1441 from the source IP address of the bucket transmitted from the router 20a or the router 20b to the Internet 18.
- the user identification system 10 can identify the user of the user terminal that has performed communication on the Internet 18.
- FIG. 2 shows an example of a block configuration of the user identification device 22 according to the first embodiment.
- the user identification device 22 associates the transmission / reception unit 100 that transmits and receives data to and from the Internet 18 with the user authentication information stored in the RADIUS servers 24 a and 24 b and the MAC address.
- the first communication information acquisition unit 102 that acquires the acquired first communication information via the transmission / reception unit 100, and the MAC address and private IP address stored by the routers 20a and 20b.
- a second communication information acquisition unit 104 that acquires the second communication information associated with the communication via the transmission / reception unit 100, and a private IP stored in the routers 20a and 20b.
- a third communication information acquisition unit 106 that acquires third communication information in which the address and the global IP address are associated with each other via the transmission / reception unit 100; a first communication information, a second communication information, And a communication information storage unit 108 for storing the third communication information and a global IP address specified by the administrator. And a user terminal detector 1 1 0 to detect the user authentication information that the user terminal performing the communication in I Internet 1 8 is closed.
- Each of the first communication information acquisition unit 102, the second communication information acquisition unit 104, and the third communication information acquisition unit 106 is a router 20a or a router 20b or a RADIUS server.
- Each of the first communication information, the second communication information, and the third communication information transmitted by 24a or 24b may be passively obtained, or the router may be actively transmitted by transmitting a transmission request packet.
- 20a or 20b or RADIUS server 24a or 24b from the first communication information, the second communication information, and the third communication Each piece of communication information may be obtained.
- the user terminal detection unit 110 refers to the communication information stored in the communication information storage unit 108 and transmits the private IP address associated with the global IP address specified by the administrator in the third communication. Based on the information, the MAC address associated with the private IP address is detected based on the second communication information, and the user authentication information associated with the MAC address based on the first communication information. To detect. Then, the user identification device 22 identifies the user of the user terminal accessing the RAD IUS server 24a or 24b using the user authentication information detected by the user terminal detection unit 110.
- FIG. 3 shows an example of the data configuration of the communication information storage unit 108 according to the first embodiment.
- the communication information storage unit 108 stores the first communication information, the second communication information, and the third communication information in association with the first communication information, the second communication information, and the third communication information. Store the time obtained from a or 24b or router 20a or 20b.
- the first line (L1) is the first communication information obtained by the first communication information obtaining unit 102 from the RAD I US server.
- the communication information storage unit 108 stores the time “2003 Sep 1 23:50:23”, the router global IP address “2 18.47.6.2 2.aaa”, the user ID “AAA”, and the VLAN name.
- the first communication information in which "V200" and the MAC address of the user terminal "00-90-99-48-85-**" are stored.
- the second line (L 2) and the third line (L 3) are the second communication information acquired by the second communication information acquisition unit 104 from the DHCP server of the router.
- the communication information storage unit 108 stores the time “200 3 Sep 1 23:50:34” and the global data IP address “2 18.8.4 7 62. aaa J, the private IP address "19.2.168.1.1.10", and the MAC address "00--90--99-48--85-**"
- the associated number 2 Store communication information.
- the second communication information indicates the time “200 3 Sep 1
- the communication information storage unit 108 stores the Tokii IJ “2003 Sep 1 23:50:38” and the router's global IP address “2 1 8. 47. 6 2. aaa ”and private IP address“ 1 92. 1 6 8.1.1 00 ”and MAC address“ 00 — 90— 99—48—8 5— * * And stores the second communication information associated with.
- the second communication information is a private IP address corresponding to the MAC address “00—90—99—9—48—85 — **” at the time “2003 Sep 1 23:50:34”. Indicates that "1 92. 1 68. 1. 1 00" has been assigned.
- the fourth line (L4) is the second communication information acquired by the second communication information acquisition unit 104 from the ARP table of the router.
- the communication information storage unit 08 stores the time “20
- the second communication information is the time“ 200 ”. 3 Sep 1 2 3: 50:55 ”and the MAC address“ 00—90—9 9—48—8 5 — ** ”and the private IP address“ 192.1 68.1.1.1.00 ” Indicates that the combination has been added to the ARP table.
- the fifth line (L5) is the third communication information acquired by the third communication information acquisition unit 106 from the Firewale 11 server, which is an example of the address conversion device of the router.
- the communication information storage unit 108 stores the time “2003 Sep 1 2 3: 5 1: 1 2”, the router's global IP address “2 18.8.47.62 2.aaa”, and the private information. 1 19 2. 1 68. 1.100: 103 1 j and the global IP address and port number "2 10.1 53.1" which is the bucket destination address bbb: 5 3 ”and the third communication information Is stored.
- the third communication information is the user to whom the private IP address “192.1 68.1.1.00” was assigned at the time “2003 Sep 123: 51: 12”. Indicates that the terminal has transmitted a packet to the communication device with the global IP address "20.10.153. 1.bbb” by UDP.
- the sixth line (L6) to the first line (L11) are the same third communication information as the fifth line (L5).
- the user terminal detection unit 110 Refers to the time stored in the communication information storage unit 108, and refers to the grono address IP address ⁇ 2 18.4.7.6 2.aaa '' and the destination address ⁇ 2 10.1.15 3. 1.
- the private IP address “192.16.8.1.1.00” associated with “bbb” is detected based on the third communication information in the seventh row (L7).
- the user terminal detection unit 110 sets the MAC address “0 0—90—99—48—85— * associated with the private IP address“ 12.12.16.8.1.100 J ”.
- the user terminal detection unit 110 transmits the user ID “AAA” associated with the MAC address “00—90—99—48—85 — **” to the first communication (L 1) in the first row (L 1). Detect based on information.
- the communication information storage unit 108 stores the first communication information, the second communication information, and the third communication information in association with the time, and the user terminal detection unit 110 refers to the time.
- the user authentication information such as a user ID
- the user authentication information can be accurately detected, and the user can be specified accurately.
- FIG. 4 shows an example of a user identification method of the user identification system 10 according to the first embodiment.
- the user terminal 14 d When the user terminal 14 d is powered on and activated, it first transmits a communication request to the wireless LAN station 16 b (S 100).
- the wireless LAN station 16b performs user authentication when there is a communication request from the user terminal 14d.
- the information and the MAC address of the user terminal 14d are obtained from the user terminal 14d and transmitted to the RAD I US server 24a (S101).
- the RAD I US server 24a authenticates the user authentication information received from the wireless LAN station 16b, and if the authentication based on the user authentication information is successful, the user terminal 14d transmits the information via the wireless LAN station 16b.
- the wireless LAN station 16b is set to allow the communication (S102).
- the RAD IUS server 24a generates Sys 1 og Message # 1 including the first communication information in which the user authentication information of the user terminal 14d is associated with the MAC address of the user terminal 14d. It is transmitted to the user identification device 22 (S103). Thereby, the first communication information acquisition unit 102 of the user identification device 22 acquires the first communication information from the wireless LAN station 16b.
- the user terminal 14d transmits DHCP Request to the DHCP server of the router 20a (S104). Then, the DHCP server of the router 20a allocates a private IP address to the MAC address of the user terminal 14d, and transmits a DHCP Ack to the user terminal 14 (S105). ). Then, the norator 20a sends a Syslog Me containing the second communication information in which the MAC address of the user terminal 14d is associated with the private IP address assigned to the MAC address. The ssage # 2 is transmitted to the user identification device 22 (S106). Thereby, the second communication information acquisition unit 104 of the user identification device 22 acquires the second communication information from the router 20a.
- the user terminal 14d transmits an AR PR request to the ARP server of the router 20a (S108).
- the ARP server of the router 20a refers to the ARP table and transmits ARP Rep 1 y to the user terminal 14d (S110).
- the router 20a sends a Sys 1 og Message containing the second communication information in which the MAC address of the user terminal 14d stored in the ARP table and the private IP address are associated.
- # 3 is transmitted to the user identification device 22 (S112).
- the information acquisition unit 104 acquires the second communication information from the router 20a.
- the user terminal 14d communicates on the Internet 18 by TCP / IP communication (S114).
- the firewall 11 server of the router 20 a assigns a global IP address to the private IP address of the user terminal 14 d.
- the router 20a sends the Sys IP including the third communication information in which the private IP address of the user terminal 14d is associated with the global IP address assigned to the private IP address. 1 og Message # 4 is transmitted to the user identification device 22 (S116).
- FIG. 5 shows an example of a hardware configuration of the user identification device 22 according to the first embodiment.
- the user identification device 22 includes a CPU 700, a ROM 702, a RAM 704, a communication interface 706, a hard disk drive 708, a database interface 710, a flexible disk drive 712, and a CD-ROM drive 714.
- the CPU 700 operates based on the programs stored in the ROM 702 and the RAM 704, and controls each unit.
- the communication interface 706 communicates with the Internet 18.
- the database interface 710 writes data to the database and updates the contents of the database.
- the flexible disk drive 712 reads data or a program from the flexible disk 720 and provides it to the CPU 700.
- the CD-ROM drive 714 reads data or a program from the CD-ROM 722 and provides it to the CPU 700.
- Database interface 710 is a database To connect to the device 7 24 to send and receive data.
- the program provided to the user specifying device 22 is stored in a recording medium such as the flexible disk 720 or the CD-ROM 722 and provided by the user.
- the program stored on the recording medium may be compressed or uncompressed.
- the program is read from the recording medium and executed by the CPU 700.
- the program stored and provided on the recording medium, that is, the program installed on the user identification device 22 includes, as functional components, a transmission / reception module, a first communication information acquisition module, a second communication information acquisition module, and a third communication information acquisition module. It has a communication information acquisition module, a communication information storage module, and a user terminal detection module.
- the operation performed by each module to cause the user specifying device 22 to perform is the same as the operation of the corresponding member in the user specifying device 22 described with reference to FIGS.
- a flexible disk 720 or a CD-ROM 722 as an example of a recording medium may store some or all functions of the operation of the user identification device 22 in all the embodiments described in the present application. it can.
- These programs may be read directly from the recording medium to the RAM 704 and executed, or may be once installed on the hard disk and then read and executed by the RAM. Further, the above program may be stored on a single recording medium or on a plurality of recording media. Also, it may be stored in a form encoded by encryption, compression, or the like.
- Recording media include flexible disks, CD-ROMs, optical recording media such as DVDs and PDs, magneto-optical recording media such as MDs, tape media, magnetic recording media, and semiconductor memories such as IC cards and miniature cards. Can be used.
- a storage device such as a hard disk or a RAM provided in a server system connected to a dedicated communication network or the Internet may be used as a recording medium, and the program may be provided to the user identification device 22 via the communication network. Good.
- the router 20a and the wireless LAN station 1 6a and 16b are provided separately, and the router 20b and the wireless LAN stations 16c and 16d are provided separately, but the router 20a and the wireless LAN station 16 are provided.
- a and 16b are integrated, the router 20a has the function of the wireless LAN stations 16a and 16b, and the router 20b and the wireless LAN stations 16c and 16d are connected.
- the router 20b may have the functions of the wireless LAN stations 16c and 16d. That is, the relay device, the first storage device, and the second storage device according to the present invention may be one device provided in the same housing. (Second embodiment)
- FIG. 6 shows an example of the configuration of the user identification system 30 according to the second embodiment of the present invention.
- the second embodiment may be the same as the first embodiment except for the parts described below.
- the user identification system 30 is located in the LAN 12a or 12b, and is a wireless LAN station 16 that performs wireless communication with a plurality of user terminals 14a to l41 on the LAN 12a or 12b.
- the routers 32a and 32b are examples of the address conversion device of the present invention, and convert the private IP address and the global IP address to each other, and connect the LANs 12a and 12b and the Internet 18 to each other.
- the routers 32a and 32b use the global IP address based on the first communication information, the second communication information, and the third communication information, and use the global IP address to connect to the Internet 18. It generates user identification information in which the user authentication information of the user terminal with which the communication has been made is associated with, and supplies it to the user identification device.
- the user identifying device 34 acquires the user identifying information from the router 32a or 32b, and based on the user identifying information, the global IP address designated by the administrator.
- the user authentication information associated with the user terminal is detected, and the user of the user terminal that has communicated on the Internet 18 is identified.
- FIG. 7 shows an example of a block configuration of a router 32a according to the second embodiment.
- the router 32a includes an external transmitting / receiving unit 200 for transmitting / receiving data to / from the Internet 18; an internal transmitting / receiving unit 202 for transmitting / receiving data to / from the LAN 12a; A global IP address is assigned to each IP address, and a private IP address and a global IP address of a received packet are transmitted between the external transmitting / receiving section 200 and the internal transmitting / receiving section 202.
- An address conversion unit 204 that converts the first communication information from the RAD I US server 24a; a second communication information storage unit 208 that stores the second communication information;
- the third communication information storage unit 210 for storing the third communication information is associated with the global IP address and the user authentication information based on the first communication information, the second communication information, and the third communication information.
- User-specific information that generates the specified user-specific information And a report generation unit 212.
- the first communication information acquisition unit 206 acquires the first communication information in which the user authentication information is associated with the MAC address from the RAD I US server 24a via the internal transmission / reception unit 202.
- the second communication information storage unit 208 is, for example, a DHCP server, and allocates and releases a private IP address to a MAC address of a user terminal. Then, the second communication information storage unit 208 stores the MAC address of the user terminal in association with the private IP address assigned to the MAC address.
- the second communication information storage unit 208 includes an ARP table including an ARP table for storing the MAC address of the user terminal and the private IP address assigned to the MAC address in association with each other. It may be a server.
- the third communication information storage unit 210 is an address conversion tape of the address conversion unit 204. It stores the private IP address assigned to the user terminal and the global IP address assigned to the private IP address. Based on the first communication information and the second communication information, the user identification information generation unit 212 generates a global IP address and a MA of the user terminal that has performed communication on the Internet 18 using the global IP address. Generates user identification information associated with the C address. In addition, the user identification information generating unit 212 uses the global IP address based on the first communication information, the second communication information, and the third communication information, and uses the global IP address to access the Internet 18. The user identification information associated with the user authentication information of the user terminal that has performed the communication may be generated.
- FIG. 8 shows an example of a block configuration of the user identification device 34 according to the second embodiment.
- the user identification device 34 transmits / receives data to / from the Internet 18 via the transmission / reception unit 300 and the router 32 a or 32 b via the transmission / reception unit 300.
- the fourth communication information acquisition unit 302 to be acquired, and the third communication information in which the user authentication information stored in the RADIUS server 24a or 24b and the MAC address correspond to each other, the transmission and reception unit 1010 0, a third communication information acquisition unit 3006 for acquiring user identification information and third communication information, and a global IP address designated by an administrator.
- a user terminal detection unit 310 for detecting user identification information of the user terminal that has performed communication on the Internet 18.
- the user terminal detection unit 310 refers to the communication information storage unit 308 and determines the MAC address associated with the global IP address specified by the administrator based on the user identification information. It detects and detects the user authentication information associated with the MAC address based on the third communication information. Further, the user terminal detection unit 310 refers to the communication information storage unit 308 and refers to the global information specified by the administrator. The user authentication information associated with the IP address may be detected based on the user identification information. Then, the user identification device 34 identifies the user based on the user authentication information detected by the user terminal detection unit 110.
- the routers 32a and 32b generate the user identification information from the first communication information, the second communication information, and the third communication information, and 4, the amount of data transmitted from the routers 32a and 32b to the user identification device 34 can be reduced. Further, when the user specifying device 34 manages a large number of LANs, the amount of data to be managed can be reduced, and the recording resources of the user specifying device 34 can be used efficiently.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2003289140A AU2003289140A1 (en) | 2002-12-05 | 2003-12-03 | User identification system, user identification device, user identification method, address conversion device, and program |
JP2004556898A JP4142015B2 (ja) | 2002-12-05 | 2003-12-03 | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2002/012795 WO2004051935A1 (ja) | 2002-12-05 | 2002-12-05 | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム |
JPPCT/JP02/12795 | 2002-12-05 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004051937A1 true WO2004051937A1 (ja) | 2004-06-17 |
Family
ID=30022663
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2002/012795 WO2004051935A1 (ja) | 2002-05-12 | 2002-12-05 | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム |
PCT/JP2003/015474 WO2004051936A1 (ja) | 2002-12-05 | 2003-12-03 | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム |
PCT/JP2003/015475 WO2004051937A1 (ja) | 2002-12-05 | 2003-12-03 | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2002/012795 WO2004051935A1 (ja) | 2002-05-12 | 2002-12-05 | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム |
PCT/JP2003/015474 WO2004051936A1 (ja) | 2002-12-05 | 2003-12-03 | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム |
Country Status (7)
Country | Link |
---|---|
US (1) | US20040003292A1 (ja) |
EP (1) | EP1427171A3 (ja) |
JP (3) | JPWO2004051935A1 (ja) |
CN (1) | CN1505338A (ja) |
AU (3) | AU2002361080A1 (ja) |
TW (1) | TW200410521A (ja) |
WO (3) | WO2004051935A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009100062A (ja) * | 2007-10-13 | 2009-05-07 | A2 Network Kk | 通信方法 |
JP2010283607A (ja) * | 2009-06-04 | 2010-12-16 | Allied Telesis Holdings Kk | ネットワーク管理方法、ネットワーク管理プログラム、ネットワークシステム及び中継機器 |
JP2012165351A (ja) * | 2010-12-30 | 2012-08-30 | Varsavsky Martin | セキュアトンネリングプラットフォームシステム及び方法 |
Families Citing this family (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3969395B2 (ja) * | 2004-01-21 | 2007-09-05 | ソニー株式会社 | ネットワーク・システムおよび端末設定方法 |
JP4208781B2 (ja) * | 2004-07-21 | 2009-01-14 | キヤノン株式会社 | 情報処理装置及びその制御方法 |
US7925729B2 (en) * | 2004-12-07 | 2011-04-12 | Cisco Technology, Inc. | Network management |
US8316438B1 (en) | 2004-08-10 | 2012-11-20 | Pure Networks Llc | Network management providing network health information and lockdown security |
US7904712B2 (en) * | 2004-08-10 | 2011-03-08 | Cisco Technology, Inc. | Service licensing and maintenance for networks |
US8478849B2 (en) * | 2004-12-07 | 2013-07-02 | Pure Networks LLC. | Network administration tool |
US7827252B2 (en) | 2004-12-07 | 2010-11-02 | Cisco Technology, Inc. | Network device management |
US7688792B2 (en) * | 2005-04-21 | 2010-03-30 | Qualcomm Incorporated | Method and apparatus for supporting wireless data services on a TE2 device using an IP-based interface |
JP2006352553A (ja) * | 2005-06-16 | 2006-12-28 | Nissan Motor Co Ltd | 車載通信システム及び車載ゲートウェイ装置 |
JP4792963B2 (ja) * | 2005-12-22 | 2011-10-12 | パナソニック電工株式会社 | 位置情報システム |
US7599397B2 (en) * | 2005-12-27 | 2009-10-06 | International Business Machines Corporation | Obtaining multiple port addresses by a fibre channel switch from a network fabric |
WO2008057019A1 (en) * | 2006-11-09 | 2008-05-15 | Telefonaktiebolaget L M Ericsson (Publ) | Arrangement and method relating to identification of hardware units |
JP4812108B2 (ja) * | 2006-12-18 | 2011-11-09 | キヤノン株式会社 | 通信装置及びその制御方法 |
US9026639B2 (en) * | 2007-07-13 | 2015-05-05 | Pure Networks Llc | Home network optimizing system |
US9491077B2 (en) | 2007-07-13 | 2016-11-08 | Cisco Technology, Inc. | Network metric reporting system |
US7853829B2 (en) * | 2007-07-13 | 2010-12-14 | Cisco Technology, Inc. | Network advisor |
US8700743B2 (en) * | 2007-07-13 | 2014-04-15 | Pure Networks Llc | Network configuration device |
US8014356B2 (en) * | 2007-07-13 | 2011-09-06 | Cisco Technology, Inc. | Optimal-channel selection in a wireless network |
US8310953B2 (en) * | 2007-08-21 | 2012-11-13 | International Business Machines Corporation | Method and apparatus for enabling an adapter in a network device to discover the name of another adapter of another network device in a network system |
US8396009B2 (en) * | 2007-08-21 | 2013-03-12 | International Business Machines Corporation | Method and apparatus for an adapter in a network device to discover its adapter name in a network system |
JP4974848B2 (ja) * | 2007-10-30 | 2012-07-11 | キヤノン株式会社 | ネットワーク管理装置、ネットワーク管理方法、ならびにネットワーク管理方法を実行するプログラム |
US8856387B2 (en) * | 2008-04-24 | 2014-10-07 | Qualcomm Incorporated | Local IP access scheme |
US8307048B2 (en) * | 2008-07-15 | 2012-11-06 | International Business Machines Corporation | Network system with initiator subnetwork communication to target subnetwork communication including fibre channel over ethernet to fibre channel over internet protocol conversion |
JP5544097B2 (ja) | 2009-02-23 | 2014-07-09 | 株式会社日立国際電気 | ネットワーク間接続装置 |
JP5422844B2 (ja) * | 2009-12-17 | 2014-02-19 | 日立金属株式会社 | スイッチングハブ、ラインカード、及びフレーム中継方法 |
US8724515B2 (en) | 2010-03-26 | 2014-05-13 | Cisco Technology, Inc. | Configuring a secure network |
US8649297B2 (en) * | 2010-03-26 | 2014-02-11 | Cisco Technology, Inc. | System and method for simplifying secure network setup |
WO2012074737A1 (en) * | 2010-12-03 | 2012-06-07 | Siemens Enterprise Communications, Inc. | Apparatus and method for subscription to a service and use of the service |
JP5679349B2 (ja) * | 2012-03-27 | 2015-03-04 | 三菱電機株式会社 | パケット交換装置およびネットワークシステム |
CN103179188B (zh) * | 2013-01-17 | 2015-11-25 | 北京亿赞普网络技术有限公司 | 用户识别方法和装置 |
JP5914387B2 (ja) * | 2013-03-04 | 2016-05-11 | 西日本電信電話株式会社 | 端末識別装置 |
US10554760B2 (en) | 2013-09-29 | 2020-02-04 | Xiaomi Inc. | Method and networking equipment for acquiring feature information |
CN103475577B (zh) * | 2013-09-29 | 2017-02-08 | 小米科技有限责任公司 | 一种获得特征信息的方法、装置及网络设备 |
JP5646029B2 (ja) * | 2013-10-07 | 2014-12-24 | 株式会社日立国際電気 | ネットワーク間接続装置及びアドレス管理情報作成方法 |
US10192236B2 (en) * | 2016-06-23 | 2019-01-29 | Guangzhou Kuaizi Information Technology Co., Ltd. | Methods and systems for automatically generating advertisements |
CN106411743B (zh) * | 2016-11-14 | 2019-08-20 | 锐捷网络股份有限公司 | 一种报文处理的方法和装置 |
JP6955937B2 (ja) * | 2017-09-13 | 2021-10-27 | APRESIA Systems株式会社 | 管理装置およびネットワークシステム |
JP7050205B1 (ja) * | 2021-07-21 | 2022-04-07 | Kddi株式会社 | 情報処理装置、情報処理方法及び情報処理システム |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11146003A (ja) * | 1997-11-10 | 1999-05-28 | Mitsubishi Electric Corp | ネットワーク監視装置及びリピータハブの接続端末認識方法 |
JPH11261583A (ja) * | 1998-03-13 | 1999-09-24 | Hitachi Ltd | Ipアドレス割り当て機能を備えたローカルエリアネットワーク管理方式 |
JP2001127770A (ja) * | 1999-10-27 | 2001-05-11 | Hitachi Ltd | ノードの状態確認方法、システム及び記憶媒体 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2614401A (en) * | 1999-10-22 | 2001-05-14 | Nomadix, Inc. | Location-based identification for use in a communications network |
US7007080B2 (en) * | 1999-12-23 | 2006-02-28 | Solution Inc Limited | System for reconfiguring and registering a new IP address for a computer to access a different network without user intervention |
IT1319279B1 (it) * | 2000-05-31 | 2003-10-10 | Cit Alcatel | Metodo e dispositivo per tradurre indirizzi ip di reti pertelecomunicazioni usando una memoria con oblio controllato. |
US7873985B2 (en) * | 2002-01-08 | 2011-01-18 | Verizon Services Corp. | IP based security applications using location, port and/or device identifier information |
-
2002
- 2002-12-05 JP JP2004525637A patent/JPWO2004051935A1/ja active Pending
- 2002-12-05 WO PCT/JP2002/012795 patent/WO2004051935A1/ja active Application Filing
- 2002-12-05 AU AU2002361080A patent/AU2002361080A1/en not_active Abandoned
-
2003
- 2003-06-17 TW TW092116347A patent/TW200410521A/zh unknown
- 2003-07-01 US US10/609,548 patent/US20040003292A1/en not_active Abandoned
- 2003-07-02 EP EP03015029A patent/EP1427171A3/en not_active Withdrawn
- 2003-09-16 CN CNA031588921A patent/CN1505338A/zh active Pending
- 2003-12-03 JP JP2004556897A patent/JP4142014B2/ja not_active Expired - Fee Related
- 2003-12-03 JP JP2004556898A patent/JP4142015B2/ja not_active Expired - Fee Related
- 2003-12-03 AU AU2003289140A patent/AU2003289140A1/en not_active Abandoned
- 2003-12-03 WO PCT/JP2003/015474 patent/WO2004051936A1/ja active Application Filing
- 2003-12-03 AU AU2003289139A patent/AU2003289139A1/en not_active Abandoned
- 2003-12-03 WO PCT/JP2003/015475 patent/WO2004051937A1/ja active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11146003A (ja) * | 1997-11-10 | 1999-05-28 | Mitsubishi Electric Corp | ネットワーク監視装置及びリピータハブの接続端末認識方法 |
JPH11261583A (ja) * | 1998-03-13 | 1999-09-24 | Hitachi Ltd | Ipアドレス割り当て機能を備えたローカルエリアネットワーク管理方式 |
JP2001127770A (ja) * | 1999-10-27 | 2001-05-11 | Hitachi Ltd | ノードの状態確認方法、システム及び記憶媒体 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009100062A (ja) * | 2007-10-13 | 2009-05-07 | A2 Network Kk | 通信方法 |
JP2010283607A (ja) * | 2009-06-04 | 2010-12-16 | Allied Telesis Holdings Kk | ネットワーク管理方法、ネットワーク管理プログラム、ネットワークシステム及び中継機器 |
JP2012165351A (ja) * | 2010-12-30 | 2012-08-30 | Varsavsky Martin | セキュアトンネリングプラットフォームシステム及び方法 |
Also Published As
Publication number | Publication date |
---|---|
JPWO2004051935A1 (ja) | 2006-04-06 |
WO2004051936A1 (ja) | 2004-06-17 |
WO2004051935A1 (ja) | 2004-06-17 |
US20040003292A1 (en) | 2004-01-01 |
EP1427171A3 (en) | 2004-10-27 |
JPWO2004051937A1 (ja) | 2006-04-06 |
AU2003289139A1 (en) | 2004-06-23 |
JPWO2004051936A1 (ja) | 2006-04-06 |
AU2003289140A1 (en) | 2004-06-23 |
JP4142015B2 (ja) | 2008-08-27 |
CN1505338A (zh) | 2004-06-16 |
JP4142014B2 (ja) | 2008-08-27 |
TW200410521A (en) | 2004-06-16 |
EP1427171A2 (en) | 2004-06-09 |
AU2002361080A1 (en) | 2004-06-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4142015B2 (ja) | ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム | |
EP1878169B1 (en) | Operator shop selection in broadband access related application | |
JP5335886B2 (ja) | ローカル・ネットワーク間でデータ・パケットを通信するための方法および装置 | |
US6742036B1 (en) | Method for supporting mobility on the internet | |
EP1523129B1 (en) | Method and apparatus for access control of a wireless terminal device in a communications network | |
EP1779589B1 (en) | Arrangement for tracking ip address usage based on authenticated link identifier | |
US20040213237A1 (en) | Network authentication apparatus and network authentication system | |
US20050114490A1 (en) | Distributed virtual network access system and method | |
US20070186108A1 (en) | Authenticating mobile network provider equipment | |
US20040224664A1 (en) | Mobile user location privacy solution based on the use of multiple identities | |
WO2011041967A1 (zh) | 匿名通信的方法、注册方法、信息收发方法及系统 | |
WO2011069419A1 (zh) | 一种IPv6报文的处理方法、设备和系统 | |
KR20150079236A (ko) | 가상 사설망 게이트웨이 및 그의 보안 통신 방법 | |
JP3009876B2 (ja) | パケット転送方法および該方法に用いる基地局 | |
WO2011044808A1 (zh) | 一种匿名通信的溯源方法及系统 | |
JP2003318922A (ja) | 無線ネットワーク接続システム、端末装置、無線アクセスポイント、リモートアクセスサーバ及び認証サーバ | |
WO2011044807A1 (zh) | 一种匿名通信的注册、通信方法及数据报文的收发系统 | |
JP4003634B2 (ja) | 情報処理装置 | |
JP4827868B2 (ja) | ネットワーク接続制御システム、ネットワーク接続制御プログラムおよびネットワーク接続制御方法 | |
JP2011109186A (ja) | ネットワーク通信方法及びアクセス管理方法とパケット中継装置 | |
JP2007189752A (ja) | 通信方法 | |
López et al. | Implementing RADIUS and diameter AAA systems in IPv6-based scenarios | |
WO2012089027A1 (zh) | 用户终端在多种接入方式时和外部网络的互通方法和设备 | |
KR100608911B1 (ko) | 네트워크의 라우터 환경 자동 설정 및 변경 방법 | |
Casole et al. | Secure access to corporate resources in a multi-access perspective: needs, problems, and solutions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004556898 Country of ref document: JP |
|
122 | Ep: pct application non-entry in european phase |