WO2006016553A1 - Connection control system using terminal device, and connection control method - Google Patents

Connection control system using terminal device, and connection control method Download PDF

Info

Publication number
WO2006016553A1
WO2006016553A1 PCT/JP2005/014514 JP2005014514W WO2006016553A1 WO 2006016553 A1 WO2006016553 A1 WO 2006016553A1 JP 2005014514 W JP2005014514 W JP 2005014514W WO 2006016553 A1 WO2006016553 A1 WO 2006016553A1
Authority
WO
WIPO (PCT)
Prior art keywords
connection
information
connection control
setting information
specific
Prior art date
Application number
PCT/JP2005/014514
Other languages
French (fr)
Japanese (ja)
Inventor
Naoshi Higuchi
Original Assignee
Nec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nec Corporation filed Critical Nec Corporation
Priority to JP2006531622A priority Critical patent/JP4872128B2/en
Publication of WO2006016553A1 publication Critical patent/WO2006016553A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/12Setup of transport tunnels

Definitions

  • the present invention relates to a connection control system and a connection control method using a terminal device, and more particularly to control when a terminal device is connected to a connection destination.
  • Authentication method power for connecting to a network is disclosed in Japanese Patent Application Laid-Open No. 2004-21666.
  • setting items related to the connection to the network are acquired, and whether or not the connection is permitted is determined. This confirms the right to connect.
  • the server to be connected is already connected to the network, and the above system will not function if it is not connected to the network.
  • the terminal device holds network interface setting information necessary for connection to the network, and the terminal device has a right to connect to the network. Therefore, it is not possible to flexibly change the policy that permits or prohibits connection of the terminal device to the network.
  • RFC 2869 (RADIUS Extensions) and IEE E Std 802. IX—2001 Annex D (the combination of these two documents, the 802. IX—RADIUS linkage system).
  • RADIUS a system that specializes only in authentication
  • the right confirmation process does not depend on the technical standard.
  • all networks to be managed must be connected to the RADIUS server. Therefore, event When a network that is temporarily installed and is not connected to other networks, such as a network using a wireless LAN installed at a venue or construction site, is managed, the RADIU S server can be installed separately. Must be connected to another network where a RADIUS server is installed.
  • a closed area connection method is disclosed in Japanese Patent Laid-Open No. Sho 62-147837.
  • a connection partner is identified using a media access control (MAC) level station address, and whether or not connection is possible is determined.
  • MAC media access control
  • a network management apparatus is disclosed in Japanese Patent Laid-Open No. 8-23344.
  • the network management device has a function to collect and hold information related to the connected network, and to reference local network information connected via the network and authenticate a setting request. Yes.
  • the network management device notifies the permitting station of the fact when a request for referencing / setting network information is issued by the other stations than the permitting station.
  • a multi-mode dedicated radio communication system is disclosed in JP-T-9-509544.
  • the transceiver can operate according to two control protocols. When the handset is in the range of the local station, it communicates with the low-power rupico station according to one of the control protocols, and when it moves beyond the range of the local station, it automatically communicates with the ground station according to another control protocol Can be switched to.
  • an Internet time-based charging system is disclosed in Japanese Patent Laid-Open No. 10-27036.
  • the terminal server provides an Internet connection service to the client.
  • the authentication server confirms whether or not it can be connected to the Internet based on the individual information from the client according to the instruction from the terminal server.
  • the charging server is linked to the extended authentication database, calculates connection charges according to the connection usage time of each client, and updates the connection frequency sequentially. Internet connection services are provided until the number of client connections managed by the extended authentication database is less than zero.
  • connection information storage unit stores in advance connection information for connection to a communication network using a communication line, and the communication network connection unit connects to the communication network based on the connection information.
  • a network connection system is disclosed in Japanese Patent Laid-Open No. 11-259420.
  • a user is authenticated based on the user identification information and password of a single account transmitted from the user terminal, and a flag for specifying the connection environment designated by the authenticated user is set.
  • the connection environment corresponding to the flag is selected by referring to the table in which the flag and the connection environment are registered, the access source information of the authenticated user is determined, and the access source information and the connection environment are registered.
  • the connection environment corresponding to the access source information is selected by referring to the table, and the user terminal is connected to the network using the connection environment.
  • a wireless communication system is disclosed in Japanese Patent Laid-Open No. 2000-188644.
  • network area information is notified as necessary after an authentication check process performed when a wireless line is connected between a network and a wireless terminal device.
  • the network area information (communication network identification number information, country code information, etc.) of this network is made known to the user of the wireless terminal device newly subordinated to this wireless network due to roaming or the like.
  • the relay switching network information used for setting the communication line on the terminal side is required at the time of outgoing / incoming call, the network side force V is used for the route of the communication line setting this time.
  • Network information is received as a relay network information request response message.
  • a computer system is disclosed in Japanese Patent Laid-Open No. 2001-43165.
  • the server stores communication restriction information for each communication application on the client side, and the client establishes a communication session for one or more communication applications and is stored in the server. Controls communication sessions based on communication restriction information.
  • a network system is disclosed in Japanese Patent Laid-Open No. 2001-203690.
  • each of a plurality of network segments holds and manages network information including network segment and computer identification information and access control information for controlling access between computers when the network is connected 1
  • the first computer When a first computer belonging to a network segment is connected to a second computer belonging to another network segment, the first computer also obtains network information from the first segment master of the network segment to which it belongs.
  • Network information related to the second computer is extracted, connection authentication information related to the first segment master and the second computer is acquired based on the extracted network information, and is transmitted to the second computer.
  • the second computer passes the connection authentication information to the second segment master of the network segment to which it belongs and asks for authentication, and the second segment master obtains authentication, the second computer validates the network connection with the first computer. To do.
  • DHCP Dynamic Hossion Control Protocol
  • the client terminal is authenticated for each user by the authentication information database
  • the packet sent and received by the client terminal is filtered by the cooperation of the server and the router.
  • a LAN that allows access to an authentication-denied terminal under specific conditions is disclosed in Japanese Patent Laid-Open No. 2002-118562.
  • the base station communicates with the terminal station, extracts the authentication request information and the received packet, and based on the authentication request information! Set in the sorting table. Referring to the registered contents of the packet distribution table, if it is permitted, a packet with the power of the terminal station is delivered to the LAN, and if it is rejected, it is sent to a specific server or network connection device.
  • a communication system is disclosed in Japanese Patent Application Laid-Open No. 2002-236631.
  • the service provider capabilities also limit the Internet sites or pages that can be accessed by the user based on the connection ID assigned to each user.
  • a method for distributing computer software is disclosed in Japanese Patent Laid-Open No. 2002-314529.
  • a software product is encoded with an encrypted data string for playback on a client console having a storage medium removably incorporated therein, and the user ID and user ID data are encoded using the client console. Is received.
  • the first encryption key is transmitted to the user
  • the ID for the software product is encoded with the first encryption key
  • the user power is also received the software product purchase information
  • the user purchase information and the first encryption key are received.
  • the key key and the data indicating the second encryption key are encoded, and the first encryption key and the second encryption key are transmitted to the user. In this way, the user can Decrypt software products.
  • a communication device is disclosed in Japanese Patent Laid-Open No. 2002-366512.
  • the network is provided with a connection point that is connected when the communication apparatus performs initial setting and establishes a communication path with the service provider side. After the telephone number for connecting to the connection point is stored in advance, the communication device is delivered to the user. When connected to the connection point, connection setting information is transmitted from the service provider side to the communication device.
  • a host computer is disclosed in the re-published patent WO 02Z001376.
  • request information for information related to authentication is transmitted to the mobile communication device.
  • the authentication information received from the mobile communication device and the stored information are collated, and authentication information for authenticating the principal is transmitted to the service device.
  • a network management system is disclosed in Japanese Patent Laid-Open No. 2003-152778.
  • a policy setting request packet including at least a packet source address, a destination address, and packet priority is also received via the access line, and the user terminal address is received from the policy setting request packet.
  • the source address included in the policy setting request is the same as the extracted user terminal address, the contents of the policy table are changed based on the contents of the policy setting request.
  • a network system is disclosed in Japanese Patent Laid-Open No. 2003-249947.
  • the in-network information management device when a connection request is received from the communication terminal, is applied to the authentication information notified from the communication terminal and the communication terminal power stored in the access authentication information management database. Compare the authentication information and confirm that the communication terminal is an authorized user. When it is confirmed that the communication terminal is a legitimate user, a free VID is selected based on the network identifier management database, and the selected VID and user ID are registered in the network identifier management database.
  • Registration requirement for registering VID in wireless access point or edge switch Issued to wireless access point or edge switch. The wireless access point or edge switch registers the VID in the data frame from the communication terminal in response to the registration request.
  • a network connection management system is disclosed in Japanese Patent Application Laid-Open No. 2004-32336.
  • connection permission information is transmitted to the mobile terminal, and the information processing apparatus is thereby connected to the network. Connected to.
  • a secure communication system is disclosed in Japanese Patent Application Laid-Open No. 2004-48458.
  • a device that performs secure communication accesses the policy server at any time or periodically to obtain the security policies of a plurality of communication partners, and performs secure communication based on this.
  • An object of the present invention is to provide a connection control system and a connection control method using a terminal device when it is determined whether or not connection is possible in the terminal device before connection to a connection destination.
  • Another object of the present invention is to provide a connection control system and a connection control method using a terminal device that can flexibly change the number and configuration of connection destinations (such as a network) to which the terminal device can be connected.
  • Still another object of the present invention is to provide a connection control system and a connection control method using a terminal device that can control connection uniformly to connection destinations having different technical standards.
  • the terminal device controls a connection based on the first storage unit that stores a plurality of connection setting information for setting connections with a plurality of connection destinations, and the plurality of connection setting information.
  • a second storage unit that stores a plurality of connection control information, a plurality of connection setting information and a plurality of connection control information, a set of specific connection setting information corresponding to a specific connection destination, and at least one specific connection control information
  • a connection agent for connecting to a specific connection destination based on specific connection control information and specific connection setting information.
  • the connection agent when the specific connection control information indicates that the connection with the specific connection destination is valid, the connection agent connects the terminal device to the connection destination based on the specific connection setting information. Further, the specific connection control information may be plural with respect to the specific connection setting information. Multiple special When the constant connection control information is ordered and indicates that a connection with a specific connection destination is valid in a different range, the connection agent sequentially determines a terminal based on the specific connection setting information based on a plurality of specific connection control information. Executes connection to the connection destination of the device.
  • connection agent determines one of the plurality of connection setting information as the specific connection setting information based on the specific connection destination, and at least one of the plurality of connection control information based on the specific connection control information. Are determined as specific connection control information.
  • Each of the plurality of connection setting information preferably includes first determination information
  • each of the plurality of connection control information preferably includes second determination information and a condition.
  • the connection agent performs processing to determine whether or not the first determination information of the specific connection setting information and the second determination information of each of the plurality of connection control information satisfy the condition! Determined as specific connection control information.
  • the specific connection destination may be a network, and the specific connection destination may be a server connected to the network to which the terminal device is connected.
  • the connection control system includes a connection setting information distribution device that stores a plurality of distribution connection setting information for setting a connection with a plurality of connection destinations, and a plurality of distribution connection setting information.
  • a connection control information distributing device for storing a plurality of distributed connection control information for controlling connection based on the terminal, and a terminal device.
  • the terminal device acquires at least a part of the plurality of distribution connection setting information as the first storage unit, the second storage unit, and the connection setting information distribution device as a plurality of connection setting information, and stores them in the first storage unit.
  • Connection setting information distribution device power A communication unit that acquires at least a part of a plurality of distribution connection control information as a plurality of connection control information and stores them in the second storage unit, a plurality of connection setting information and a plurality of connection control information When there is a pair of specific connection setting information and at least one specific connection control information corresponding to the specific connection destination, the terminal device is connected to the specific connection destination based on the specific connection control information and the specific connection setting information. And a connection agent for connecting.
  • the distribution connection setting information corresponding to the new connection destination is added to the connection setting information distribution apparatus.
  • Each of the plurality of distribution connection control information indicates the validity of the specific connection setting information to be paired out of the plurality of distribution connection setting information. Information.
  • the specific connection destination may be a network, and the specific connection destination may be a server connected to the network to which the terminal device is connected.
  • the connection control method includes a specific connection corresponding to a specific connection destination from a plurality of connection setting information stored in the first storage unit when the terminal device is to be connected to the specific connection destination. Extracting the setting information, extracting at least one specific connection control information to be paired with the specific connection setting information from the plurality of connection control information stored in the second storage unit, and the specific connection control information This is achieved by connecting the terminal device to the specific connection destination based on the specific connection setting information.
  • a plurality of connection setting information may be provided for setting a connection with a plurality of connection destinations.
  • Each of the plurality of connection control information is information indicating the validity of the specific connection setting information to be paired among the plurality of connection setting information.
  • the step of connecting may be achieved by connecting the terminal device to the connection destination based on the specific connection setting information when the specific connection control information indicates that the specific connection setting information is valid.
  • connection control information There may be a plurality of specific connection control information with respect to the specific connection setting information, and the plurality of specific connection control information may be ordered to show the validity in different ranges.
  • the connecting step may be achieved by sequentially connecting the terminal device to the connection destination based on the validity of each of the plurality of specific connection control information.
  • the step of extracting the specific connection setting information may be achieved by determining one of a plurality of connection setting information as the specific connection setting information based on the connection destination when the connection destination is detected. Good.
  • Each of the plurality of connection setting information may include first determination information, and each of the plurality of connection control information may include second determination information and a condition.
  • the step of extracting the specific connection control information includes performing a process of determining whether or not the first determination information of the specific connection setting information and the second determination information of each of the plurality of connection control information satisfy a condition, This may be achieved by determining connection control information satisfying the condition as specific connection control information.
  • the specific connection destination may be a network, and the specific connection destination may be a server connected to the network to which the terminal device is connected.
  • FIG. 1 is a configuration diagram of a connection control system according to a first embodiment of the present invention.
  • FIG. 2 is a diagram showing a specific example of the connection control system according to the first embodiment of the present invention.
  • FIG. 3 is a block diagram of a terminal device used in the connection control system according to the first embodiment of the present invention.
  • FIG. 4 is a diagram showing an example of connection control information and connection setting information according to the present invention.
  • FIG. 5A is a diagram showing an example of a network ID pattern in the first embodiment of the present invention.
  • FIG. 5B is a diagram showing another example of the network ID pattern in the first embodiment of the present invention.
  • FIG. 5C is a diagram showing another example of the network ID pattern in the first embodiment of the present invention.
  • FIG. 5D is a diagram showing another example of the network ID pattern in the first embodiment of the present invention.
  • FIG. 6A is a diagram showing an example of a network ID in the first embodiment of the present invention.
  • FIG. 6B is a diagram showing another example of the network ID in the first embodiment of the present invention.
  • FIG. 6C is a diagram showing another example of the network ID in the first embodiment of the present invention.
  • FIG. 7 is a flowchart showing the operation of the connection control system according to the first example of the present invention.
  • FIG. 8 is a flowchart showing an operation for determining whether or not connection between the connection setting information and the connection control information is possible in the first embodiment of the present invention.
  • FIG. 9 is a diagram showing a network ID pattern and a network ID in the connection control system according to the second embodiment of the present invention.
  • FIG. 10 is a flowchart showing an operation for determining whether or not connection between connection setting information and connection control information is possible in the second embodiment of the present invention.
  • FIG. 11 is a configuration diagram of a service utilization system according to a third embodiment of the present invention.
  • connection control system can be applied to the management of connection to a network that is used only by a specific user such as a corporate network. It can also be applied to applications that manage connections and charge for networks such as wireless LAN hotspots that are used by an unspecified number of users.
  • FIG. 1 is a block diagram showing the configuration of the network system according to the first embodiment of the present invention.
  • FIG. 2 shows the network system more specifically.
  • the network system of the first embodiment includes a connection control information distribution device 10 managed by a network administrator B, a connection setting information distribution device 20, a terminal device 30 used by user A, and a network to which the terminal device 30 is connected. With 40.
  • the network system according to the present invention will be described using an example in which the terminal device 30 of the terminal user A is connected to the connection destination.
  • the connection destination is a network 40 using a wireless LAN that is used in the enterprise and managed by the network administrator B.
  • the network 40 (40—1 to 40—n) managed by the network administrator B includes a wireless LAN access point 401 (401-1 to 401—n), a DNS server 402 (402—1 to 402—). n), a Web Sano 403 (403-l to 403-n), and a gateway device 404 (404-l to 404-n).
  • Network 40 is connected to Internet 50.
  • the wireless LAN access point 401 periodically transmits an ESS-ID to notify the terminal device 30 within the radio wave coverage area of the existence of the access point.
  • the Web Sano 403 provides a Web page (portal page) related to the network 40.
  • the gateway device 404 is connected to the network
  • the terminal device 30 is connected to the Internet 50 via the network 50. Further, when using the Internet 50, the terminal device 30 can receive a domain name service by the DNS sano 402.
  • the connection control information distribution device 10 is a computer device such as a server, and holds connection control information RI input from an input unit such as a keyboard by the network administrator B.
  • the connection control information RI is used to determine whether or not the connection between the terminal device 30 and the network 40 is permitted in combination with the connection setting information SI.
  • the connection control information RI is changed when the acceptance criteria are changed.
  • connection setting information Si is newly added, connection control information RI is also added.
  • a network ID pattern 501 and an expiration date 502 are included as data indicating the validity of the connection.
  • the expiration date 502 indicates a time limit for permitting connection with the network 40.
  • FIGS. 5A to 5D show four examples of network ID patterns 501 (501-1 to 501-4) included in the connection control information RI.
  • the network ID pattern 501 in this embodiment is described in the form of an XML document.
  • the top layer tag nwid-pattern> indicates that this XML document describes information about the network ID pattern 501.
  • Processing is started from the tag immediately below.
  • the next level tag indicates the comparison condition when comparing the network ID 602 included in the connection setting information SI and the text described in the next level tag. It is determined that the network ID 601 that satisfies the above conditions can be combined.
  • the next level tags are location> and espon>. Each of these describes the location of the network where connection is permitted by the connection control information RI and information about the management organization.
  • the connection control information distribution device 10 includes a communication device such as an infrared device 110.
  • the terminal device 30 also includes an infrared communication device
  • the connection control information distribution device 10 provides the connection control information RI to the terminal device 30 via an infrared line.
  • connection setting information distribution device 20 is a computer device such as a server, and is a device that records connection setting information SI input from an input unit such as a keyboard by the network administrator B.
  • Connection setting information SI is a network interface corresponding to network 40. Setting information of face 307.
  • the connection setting information SI is added to the connection setting information distributing device 20 when the network 40 is newly installed. When the existing network 40 standard is changed, the connection setting information SI is also changed.
  • the connection setting information SI includes an ESS ID 601 that is a network identifier in a wireless LAN, and a network ID 602 that is an identifier set by the network administrator B to manage the network.
  • the connection control information RI does not include information depending on the technical standards, and only the connection setting information SI has such information. As a result, even for mixed network configurations, network connection permission / rejection can be set uniformly.
  • FIGS. 6A to 6C show examples of the network ID 601 (601-1 force 601-3) included in the connection setting information SI.
  • the network ID 601 in this embodiment is described as an XML document.
  • the highest level tag nwid> indicates that this XML document describes information about the network ID 601.
  • the tags directly below are location> and espon>. Each of these describes information about the location of the network where the connection can be set and the management organization by the connection setting information SI.
  • the connection setting information distribution device 20 includes a communication device such as the infrared device 210.
  • the connection setting information distribution device 20 provides the connection setting information SI to the terminal device 30 via an infrared line.
  • the terminal device 30 is a portable information processing / communication device used by the terminal user A.
  • FIG. 3 is a block diagram showing the configuration of the terminal device 30.
  • terminal device 30 includes a connection control information storage unit 301, a connection setting information storage unit 302, a network connection agent 303, a network interface 307, a display screen 309, and an infrared communication device 310.
  • the information storage unit 301 and the connection setting information storage unit 302 may be a storage device fixedly installed in the terminal device 30 such as a ROM, or a portable recording device such as a memory card or an IC chip.
  • the infrared communication device 310 establishes an infrared line with each of the infrared communication devices of the connection control information distribution device 10 and the connection setting information distribution device 20, and is connected from the connection control information distribution device 10 to the connection setting information distribution device 20.
  • Control information RI and connection setting information SI are received respectively.
  • the connection control information RI received by the terminal device 30 is stored in the connection control information storage unit 301. In this example, connection control information RI-1, connection control information RI-2, and connection control information RI-3 are stored. Further, the connection setting information SI received by the terminal device 30 is stored in the connection setting information storage unit 302. In this example, connection setting information SI-1, connection setting information SI-2, and connection setting information SI-3 are stored.
  • the network connection agent 303 is realized as software for connecting the terminal device 30 and the network 40.
  • a wireless LAN access point detection unit 304 By being executed by the CPU 311, a wireless LAN access point detection unit 304, a connection control information confirmation unit 305, an interface setting unit 306, and a portal page display unit 308 are realized.
  • the wireless LAN access point detection unit 304 detects the wireless LAN access point 401 and acquires the ESS ID.
  • the connection control information confirmation unit 305 includes a network ID included in the connection setting information SI extracted from the connection setting information storage unit 302 by the network connection agent 303, and a network included in the connection control information RI in the connection control information storage unit 301. Compare with the ID pattern to determine whether a combination is possible.
  • the network connection agent 303 refers to the expiration date included in the connection control information RI extracted from the connection control information storage unit 303, and confirms whether the expiration date has not passed. If the expiration date included in the connection control information RI has not elapsed, the interface setting unit 306 sets the interface 307 using the extracted connection control information RI. After the terminal device 30 is connected to the network 40, the portal page display unit 308 acquires portal page information from the Web sano 03 and displays it on the display screen 309.
  • the CPU 311 controls the entire terminal device 30, and the network connection agent 303 The execution process is performed.
  • the memory 312 temporarily records data and signals when the CPU 311 performs various processes.
  • FIG. 7 shows an operation flow of the connection control system according to the present invention.
  • Network administrator B has connection control information related to network 40 that he / she manages.
  • the RI is registered in the connection control information distribution device 10 (step Sl).
  • the connection setting information SI related to the network 40 is registered in the connection setting information distributing apparatus 20 (step S3).
  • the connection control information distributing device 10 selects, for example, the connection control information RI-1 to the connection control information RI registered through the infrared communication line.
  • RI-3 is provided to the terminal device 30 (step S2). Also, upon receiving a request from the terminal device 30, the connection setting information distribution device 20 sends the connection setting information SI-1 to SI-3 from the held connection setting information SI via the infrared line to the terminal. Provide to device 30 (step S4)
  • the connection setting information SI-1 to SI-3 are setting information of the interface 307 corresponding to the networks 40-1 to 40-3, respectively.
  • the terminal device 30 stores the acquired connection control information RI-1 to RI-3 in the connection control information storage unit 301, and stores the connection setting information SI-1 to SI3 in the connection setting information storage unit 302 ( Step S6).
  • connection control information RI and the connection setting information SI stored in the terminal device 30 can be acquired whenever necessary, the number of connectable networks 40 can be increased, and the network Even if technical standards are changed, it is possible to respond flexibly.
  • connection control information RI and connection setting information SI and storage in terminal device 30 are performed using DRM (Digital Right Management) technology, security is improved.
  • DRM Digital Right Management
  • the terminal user B can be prohibited from rewriting the expiration date 502 in the network connection control information RI.
  • the wireless LAN access of the network connection agent 303 is performed.
  • the point detection unit 304 detects the wireless LAN access point 401-1, and uses the ESS-ID transmitted from the wireless LAN access point 401-1. Obtain (step S8).
  • the network connection agent 303 searches the connection setting information storage unit 302 for connection setting information SI having the ESS-ID that matches the acquired ESS-ID as a key value.
  • connection setting information SI-1 is extracted (step S10).
  • the ESS-IDs of the networks 40-1 to 40-3 correspond to the ESS-IDs of the connection setting information SI-1 to SI-3, respectively.
  • the network connection agent 303 sequentially reads the network connection control information RI in the connection control information storage unit 301, and checks whether the connection control information confirmation unit 305 can combine it with the connection setting information SI-1 (Step S12).
  • the connection control information confirmation unit 305 controls the connection setting information SI and the connection control depending on whether or not the network ID pattern 501 in the connection control information RI matches the network ID 602 in the extracted connection setting information SI. Determine possible combinations with information RI.
  • FIG. 8 shows the operation when determining the combination of the connection setting information SI and the connection control information RI in step S12.
  • the network connection agent 303 reads the connection control information RI-1.
  • the connection control information confirmation unit 305 refers to the tag that is the comparison condition in the network ID pattern 501-1 (step SB1). If the referenced comparison condition tag is a ⁇ not> tag (step SB2), the tag immediately under the not> tag is recursively processed and the logical inversion of the processing result is returned (step SB3). If the referenced comparison condition tag is “>” and “>” (step SB4), the tags immediately below “>” and “>” are recursively processed in order, and the logical product of all processing results is returned (step SB5). If the referenced comparison condition tag is an ⁇ or> tag (step SB6), the tags immediately under the ⁇ or> tag are recursively processed in order, and the logical sum of all the processing results is returned (step SB7).
  • connection control information confirmation unit 305 uses the network ID pattern 501—the text immediately below the tag, for example, the information on the network laying location immediately below the location> tag and the information on the network management organization immediately below the ⁇ organization> tag. 1 and network ID602—1 (Step SB8, Step SB9).
  • the extracted texts are compared (step SB10), and if they match! /, A true value is returned (step SB11), and if they do not match, a false value is returned (step SB12). All processing results directly under the comparison condition tag are logically calculated under the conditions described in the tag. If it is a true value, it is determined as connection control information RI that can be combined with the connection setting information SI, and if it is a false value, it is determined as connection control information RI that cannot be combined.
  • the tag is ⁇ and> (step SB4), so the conditions of the tags immediately under ⁇ and> are compared in order, and the AND of the comparison results of all the conditions in the ⁇ and> tag. Is returned (step SB5).
  • the connection control information confirmation unit 305 takes out the information of the network ID pattern 501-1 ⁇ location> tag and the information of the location> tag in the network ID 602-1 (step SB8, step SB9) and compares them (step SB8). SB10). Both are com. X X X. Jp. JigyoshoA. Fab6, and the network laying location information matches, so a true value is returned (step SB11).
  • the information of the organization> tag in the network ID pattern 501-1 is extracted from the information of the organization> tag in the network ID 602-1 (step SB8, step SB9) and compared (step SB10). Since both are com. XXX. Jp. Cl. Drl and the network management organization information matches, the true value is returned (step SB 11) o Since all conditions in the ⁇ and> tag are satisfied (all (True value), the logical product of all the processing results is a true value, and it is determined that the connection control information RI-1 can be combined with the connection setting information SI-1.
  • connection control information confirmation unit 305 receives ⁇ and> as an input (step SB4), and sequentially compares the conditions of and and> directly under the tag, and>and> ANDs the comparison results of all the conditions in the tag. Return (step SB5).
  • the connection control information confirmation unit 305 extracts the location> tag information in the network ID pattern 501-2 and the location> tag information in the network ID 602-1 (step SB8, step SB9) and compares them (step SB8). Step SB10). Since they are different, a false value is returned for the network location information (step SB11).
  • ku or> tag is received as an input (step SB6), ku or> conditions of the tag immediately below are compared in order, and logical sum of the comparison results of all conditions in ku or> tag is returned (step SB7).
  • the network ID pattern 501—2 organization> tag information and the network ID 602—1 organization> tag information are retrieved (step SB8, step SB9) and compared (step SB10). Since the two network management organization information described in network ID pattern 501-2 are inconsistent, both are false. Returns the value (step SB11). After that, when processing is completed for the condition directly under the tag or> tag, the logical sum of the processing results is calculated. In this case, since both are false values, a false value is returned. (Step SB7). All conditions in the ⁇ and> tag are not satisfied, and the logical product of all the processing results is a false value, and it is determined that the connection control information RI-2 cannot be combined with the connection setting information SI-1.
  • connection control information RI-3 the condition of network ID pattern 501-3 is ⁇ and> and the information of ⁇ organization> does not match, so the result is a false value, and connection control information RI — 3 is determined not to be combined with connection setting information SI-1.
  • the network connection agent 303 extracts the connection control information RI-1 that is determined by the connection control information confirmation unit 305 to be combined with the connection setting information SI-1 (step S13).
  • the connection control information confirmation unit 305 confirms the expiration date 502 included in the extracted connection control information RI-1 (step S14). If the expiration date has passed, the network connection agent 303 terminates the connection process and does not connect to the network 40-1 (step S15). 0 Also, the connection control information storage unit 301 is combined with the connection setting information SI-1. If the possible connection control information RI is not held, the connection process is terminated and the connection to the network 40-1 is not made (step S15).
  • the network interface setting unit 306 includes the IP address 604 included in the connection setting information SI-1 and the default gateway IP address. Configure network interface 307 using 605, DNS server IP address 606, and Web server IP address 607, and connect network 40-1 and terminal device 30 via wireless LAN access point 401-1. (Step S16).
  • the network connection agent 303 acquires the portal page information through the Web server 403-1 and the network 40-1, processes it by the portal page display unit 308, displays it on the display screen 309, and displays it to the terminal user A. Present (step S20).
  • the wireless LAN access point detection unit 304 detects the wireless LAN access point 401-2 and detects the wireless LAN access point 401-2.
  • ESS—ID sent from 2 is acquired (step S8).
  • the network connection agent 303 searches the connection setting information storage unit 302 for the connection setting information SI having the ESS ID that matches the acquired ESS ID as a key value, and the connection setting information that matches the key value. SI-2 is extracted (step S10).
  • the network connection agent 303 reads the connection control information RI-1 and determines the possibility of combination.
  • the connection control information confirmation unit 305 refers to the comparison condition tag in the network ID pattern 501-1 (step SB1). Since this tag is “and” and “>” (step S B4), the conditions directly under “and” and “>” are compared in order, and the logical product of all the processing results in the “and” tag is returned (step SB5).
  • the connection control information confirmation unit 305 extracts the ⁇ location> tag information of the network ID pattern 501-1 and the ⁇ location> tag information of the network ID 602-2 (step SB8, step SB9) and compares them (step SB10). . Since the information of both is different, a false value is returned for the network location information (step SB11).
  • step SB 8 the information of the organization> tag in the network ID pattern 501—1 and the information of the organization> tag in the network ID 602—2 are extracted (step SB 8, step SB9) and compared (step SB10). Both do not match, and a false value is returned for the network management organization information (step SB11). All conditions in the ⁇ and> tag are not satisfied, and the logical product of all the processing results is a false value, and it is determined that the connection control information RI-1 cannot be combined with the connection setting information SI-2 .
  • the connection control information confirmation unit 305 refers to the comparison condition tag in the network ID pattern 501-2 (step SB1). Since this tag is “and” and “>” (step SB4), the tags immediately after “and” and “>” are compared in order, and the logical product of all the processing results in the “and” tag is returned (step SB5).
  • the connection control information confirmation unit 305 extracts the location> tag information in the network ID pattern 501-2 and the location> tag information in the network ID 602-2 (steps SB8 and SB9) and compares them (step SB10). ).
  • step SB11 the network laying location information Returns a true value (step SB11).
  • step S Bl the network laying location information
  • step S B7 the network laying location information
  • step S B7 the logical sum of the processing results immediately below ku or> tag is returned.
  • Network ID pattern 5 01 The information of the organization> tag in 2 and the information of the organization> tag in the network ID 602—2 are extracted (step SB8, step SB9) and compared (step SB 10).
  • step SB 10 Network ID pattern 501—com.XXX.jp.cl.dr2 is included in the information of the organization> tag in 2. Therefore, true value is returned for network management organization information. Since all conditions in the ⁇ and> tag are satisfied, the logical product of all the processing results is a true value, and it is determined that the connection control information RI-2 can be combined with the connection setting information SI-2.
  • connection control information RI-3 the comparison condition of network ID pattern 501-3 is "and>", and the network installation location information and the network management organization information match, and the result of logical product is true. It is determined that the connection control information RI-3 can be combined with the connection setting information SI-2.
  • the network connection agent 303 extracts the connection control information RI-2 and the connection control information RI-3 (step S13).
  • connection control information confirmation unit 305 confirms the expiration date 502-2 included in the connection control information RI-2, and if the expiration date has passed, the expiration date 502 included in the connection control information RI-3 Check 3. If the expiration date 502-3 has also expired, the network agent 303 terminates the connection process and does not connect to the network 40-1 (step S15).
  • the network interface setting unit 306 When the extracted connection control information RI-2 is within the validity period, the network interface setting unit 306 includes the IP address 604 included in the connection setting information SI-2, and the default gateway IP address. Configure network interface 307 using 605, DNS server IP address 606, and Web server IP address 607, and connect network 40-1 and terminal device 30 via wireless LAN access point 401-1. (Step S16). Thereafter, the operations from step S18 to step S20 are similarly performed. If the connection control information RI-2 is outside the valid period and the connection control information RI-3 is within the valid period, the network interface setting unit 306 similarly uses the connection setting information SI-2 to establish the network interface 307. The network 40-1 and the terminal device 30 are connected. (Step S16). Thereafter, the operations from step S18 to step S20 are similarly performed.
  • the wireless LAN access point detector 304 detects the wireless LAN access point 401-3, and the wireless LAN access point 401-3.
  • ESS—ID sent from 3 is acquired (step S8).
  • the network connection agent 303 searches the connection setting information storage unit 302 for the connection setting information SI having the ESS ID that matches the acquired ESS ID as a key value, and the connection setting information that matches the key value. SI-3 is extracted (step S10).
  • the network connection agent 303 reads the connection control information RI-1 to the connection control information RI-3 from the connection control information storage unit 301, and determines the combination.
  • the location> tag in network ID 602—3 is com. XXX .jp.jigyoshoB.bldglO, and the organization> tag is com. XXX .jp.cl.dr3, and there is no matching network ID pattern. Therefore, the connection control information RI-1 to the connection control information RI-3 cannot be extracted, and the network agent 303 ends the connection process and does not connect to the network 40-1 (step S15).
  • the network installation location information and the management organization information are described in regular expressions.
  • the installation location information is com. X xx.
  • connection setting information SI for connecting to the network 40 and the connection control information RI for executing connection permission / inhibition is not limited to one-to-one, but to one-to-many, or Many-to-many.
  • connection control information RI For example, by including prepaid information that defines the usage fee of the network 40 in the connection control information RI, it is possible to reduce the number of networks 40 to which the terminal device 30 can be connected after reaching a certain charge amount.
  • the first connection control information RI can be used free of charge for the network, but it has an expiration date, and the second connection control information RI includes prepaid information.
  • the network connection agent 303 determines that the network 40 can be used free of charge until the first time based on the first connection control information, but thereafter, the network connection agent 303 is charged based on the second connection control information ( Prepaid) and it is determined that there is a validity period.
  • the second connection control information Prepaid
  • connection control information RI can be configured so that it does not depend on the technical standards, as long as the connection setting information SI is prepared according to each technical standard. Therefore, it is possible to determine whether to permit or reject a connection even for a network with multiple technical standards.
  • connection control system has the same configuration as that of the first embodiment, but connection control information and connection setting information are different.
  • FIG. 9 shows the configuration of the network ID pattern 5001 and the network ID 602 used in the second embodiment of the present invention.
  • Network ID pattern 501 and network ID 602 are described in IP address notation.
  • the network ID pattern 501 includes identification information 501A for identifying the network 40, a mask 501B, and a comparison condition 501C.
  • the comparison condition 501C is a condition for determining whether the connection control information RI and the connection setting information SI can be combined, and is represented by a logical expression.
  • the connection control information confirmation unit 305 calculates the mask 501B and the network ID 602 based on the comparison condition 501C when determining the force that the connection control information RI and the connection setting information SI can be combined.
  • the identification information 501A is described as 10.15.0.0
  • mask501B is described as 255.255.0.0
  • the comparison condition 501C is described as and
  • the network ID6 02 is described as 10. 15. 34.2.
  • the terminal device 30 and the network 40 are connected by the same operation as in the first embodiment shown in FIG.
  • FIG. 10 shows an operation when determining the possibility of the combination of the connection setting information SI and the connection control information RI in step S12 of FIG.
  • the network connection agent 303 reads the connection control information RI and determines the possibility of combination.
  • the connection control information confirmation unit 305 extracts the mask 501B from the network ID pattern 501 (Step SC1). Next, the calculation method of the logical calculation is determined with reference to the comparison condition 501C in the network ID pattern 501 (step SC3). Then, logical calculation of mask 501B and network ID is performed (step SC4).
  • step SC9 the identification information 501A is extracted from the network ID pattern 501 (step SC7), and compared with the calculation result in step SC5, the possibility of combination is determined (step SC9).
  • step SC11 the connection control information RI with this network ID pattern 501 is combined with the connection setting information. It is determined that it is possible (step SC 11). If the identification information 501A and the value of the calculation result in step SC5 do not match, it is determined that the combination is impossible (step SC13).
  • the comparison condition 501C in the above example may be another logical expression such as force or or not, and a combination thereof.
  • the degree of freedom of the information that can be included in the network ID pattern 501 and the network ID 602 is lower than that described in the XML document, but the determination process of the possibility of combination is simple, and high-speed processing is possible. Is possible.
  • connection control system checks whether or not connection is possible in the terminal device 30 and does not require the help of an external server through the network. Therefore, it is possible to determine whether or not connection is possible before connection.
  • FIG. 11 is a block diagram showing the configuration of the connection control system according to the third example of the present invention.
  • rights information and setting information are managed separately for services provided on the network (for example, VoIP service) and used when using the services. Refusal determination and connection setting are executed.
  • the contents of the rights information RI 'for using the VoIP service does not depend on the VoIP technical standard, and the settings information SI' for using the VoIP service is used to use the VoIP service. Contains necessary setting information items.
  • connection control system in the first embodiment is configured as a network service utilization system.
  • Figure 11 shows the configuration of the network service utilization system.
  • the network service utilization system according to the present invention is configured to use the terminal device 30 ′, the network 40 connected to the terminal device 30, and the setting for using the VoIP service provided on the network 40.
  • a service providing server 307 ′ for providing VoIP service on the network 40 is connected to the network 40 ′.
  • the terminal device 30 ′ includes a right information storage unit 301 ′, a setting information storage unit 302 ′, and a service utilization agent 303 ′.
  • the terminal device 30 ′ acquires the rights information RI ′ from the rights information distribution device 10 ′ in advance and holds it in the rights information holding unit 301 ′.
  • the setting information SI ′ is acquired from the setting information distribution device 20 ′ and is held in the setting information holding unit 302 ′.
  • the service utilization agent 303 ′ includes a right information confirmation unit 305 ′ and a setting information transmission unit 306 ′.
  • the service use agent 303 first sets the setting information SI 'used for setting to use the VoIP service on the network 40. To extract. Further, the right information RI ′ corresponding to the setting information SI ′ is retrieved from the right information storage unit 301 ′ and extracted. If the corresponding rights information RI 'is !, the terminal device 30 cannot use the VoIP service of the corresponding network 40'.
  • the right information RI ′ stored in the right information storage unit 301 ′ is the right information RI-1′ ⁇ RI-n ′
  • the setting information SI ′ stored in the setting information storage unit 302 ′ is the setting information SI. — 1 'to SI — n.
  • Rights information RI' and setting information SI ' are common information such as A, B, C, D, E, F, etc. Information is included.
  • the service use agent 303' receives the setting information SI-3 'from the setting information storage unit 302'.
  • the right information RI ′ having the information C included in the setting information SI—3 ′ is retrieved from the right information storage unit 301 ′, and the right information RI—2 ′ is extracted.
  • the rights information confirmation unit 305 ′ refers to the rights information RI-2 ′ to determine refusal to use the VoIP service.
  • the setting information transmission unit 306 ′ sends the setting information SI-3 ′ to the service providing service via the network 40 ′. Send the message to 307 ', configure the settings to use the VoIP service, and receive the service.
  • the right information for determining only availability without depending on the service technical standard and the setting information used for setting to use the service depending on the service technical standard are separated.
  • the number and types of services for each network that can be used by the terminal device 30 can be flexibly changed.
  • the setting information and rights information can be collectively managed in the terminal device 30 to provide services of multiple technical standards. It is possible to set the availability of services uniformly for the network 40 in which.
  • connection control system and the terminal device of the present invention it is possible to determine whether or not connection is possible within the terminal device before connecting to the network.
  • number and configuration of networks to which terminal devices can be connected can be flexibly changed.

Abstract

In a terminal device, a first storage unit stores a plurality of pieces of connection setting information for setting connections with a plurality of connection targets, and a second storage unit stores a plurality of pieces of connection control information for controlling the connections based on the plural pieces of connection setting information. When specific connection setting information of a set corresponding to a specific connection target and at least one piece of specific connection control information individually reside in the plural pieces of connection setting information and the plural pieces of connection control information, a connection agent makes a connection with a specific connection terminal on the basis of the specific connection control information and the specific connection setting information.

Description

明 細 書  Specification
端末装置を使用する接続制御システム、接続制御方法  Connection control system and connection control method using terminal device
技術分野  Technical field
[0001] 本発明は、端末装置を使用する接続制御システム、接続制御方法に関し、特に端 末装置が接続先に接続される際の制御に関する。  TECHNICAL FIELD [0001] The present invention relates to a connection control system and a connection control method using a terminal device, and more particularly to control when a terminal device is connected to a connection destination.
背景技術  Background art
[0002] 近年、手軽にネットワークを構築できる無線 LANは、低価格化、高速化が進み、一 般のオフィスや工場にも広くに導入されるようになってきている。しかし、無線 LANで は電波さえ通ればオフィスの内外に関係なくアクセスが可能であり、セキュリティ上の 問題も広く指摘されている。そのため、認証によるアクセス制限や、暗号ィ匕によってセ キユリティ対策が施されて 、る。  [0002] In recent years, wireless LANs that can easily construct networks have been introduced at a wide range of offices and factories, as their prices and speeds have increased. However, wireless LAN can be accessed regardless of inside or outside of the office as long as radio waves can pass through, and security problems have been widely pointed out. For this reason, security measures are implemented by restricting access through authentication and encryption.
[0003] ネットワークに接続するための認証方法力 特開 2004— 21666号公報に開示され ている。この従来例によれば、ネットワークに接続されたセンタにおいて、ネットワーク への接続に関連する設定項目が取得され、接続の許否が判定されている。これによ り、接続のための権利の確認が行われている。しかし、この場合、接続されるべきサ ーバが既にネットワークに接続していることを前提としており、ネットワークに未接続の 場合には、上記システムは機能しない。  [0003] Authentication method power for connecting to a network is disclosed in Japanese Patent Application Laid-Open No. 2004-21666. According to this conventional example, in the center connected to the network, setting items related to the connection to the network are acquired, and whether or not the connection is permitted is determined. This confirms the right to connect. However, in this case, it is assumed that the server to be connected is already connected to the network, and the above system will not function if it is not connected to the network.
[0004] 又、従来の端末装置がネットワークに接続されるシステムにおいては、ネットワーク への接続に必要なネットワークインタフェースの設定情報を端末装置が保持し、その 端末装置がネットワークに接続する権利をもっている。そのため、端末装置のネットヮ ークへの接続を許可又は禁止するポリシーの柔軟な変更ができない。  [0004] Also, in a system in which a conventional terminal device is connected to a network, the terminal device holds network interface setting information necessary for connection to the network, and the terminal device has a right to connect to the network. Therefore, it is not possible to flexibly change the policy that permits or prohibits connection of the terminal device to the network.
[0005] 更に、従来のシステムの一例が RFC2869 (RADIUS Extensions)および IEE E Std 802. IX— 2001 Annex D に示されている(これら 2つの文献を組合わ せて、 802. IX— RADIUS連携システムの仕様に成る)。この従来例では、接続処 理のうち、認証部分で RADIUS (認証のみに特ィ匕したシステム)を利用すること〖こより 、権利確認の処理が技術規格に依存しない。しかし、この場合、管理されるべき全て のネットワークが RADIUSサーバにつながつている必要がある。そのため、イベント 会場や工事現場などに敷設される無線 LANを利用したネットワークのように、一時的 に敷設され、他のネットワークと接続されないネットワークが管理される場合、 RADIU Sサーバは個別に設置される力、既に RADIUSサーバが設置されている他のネット ワークと接続されなければならな 、。 [0005] Further, an example of a conventional system is shown in RFC 2869 (RADIUS Extensions) and IEE E Std 802. IX—2001 Annex D (the combination of these two documents, the 802. IX—RADIUS linkage system). Of the specification). In this conventional example, since the authentication process uses RADIUS (a system that specializes only in authentication), the right confirmation process does not depend on the technical standard. In this case, however, all networks to be managed must be connected to the RADIUS server. Therefore, event When a network that is temporarily installed and is not connected to other networks, such as a network using a wireless LAN installed at a venue or construction site, is managed, the RADIU S server can be installed separately. Must be connected to another network where a RADIUS server is installed.
[0006] 上記説明と関連して、閉域接続方式が特開昭 62— 147837号公報に開示されて いる。この従来例では、メディアアクセスコントロール(MAC)レベルのステーションァ ドレスを使用して接続相手が識別され、接続の可否が判断されている。  [0006] In connection with the above description, a closed area connection method is disclosed in Japanese Patent Laid-Open No. Sho 62-147837. In this conventional example, a connection partner is identified using a media access control (MAC) level station address, and whether or not connection is possible is determined.
[0007] ネットワーク管理装置が特開平 8— 23344号公報に開示されている。この従来例で は、ネットワーク管理装置は、接続されているネットワークに関する情報の収集 '保持 を行い、ネットワークを介して接続された局力 のネットワーク情報の参照、設定要求 を認証する機能を有している。許可局以外の局力もネットワーク情報の参照 ·設定の 要求が発効されたとき、ネットワーク管理装置は、その事実を許可局に通知する。  A network management apparatus is disclosed in Japanese Patent Laid-Open No. 8-23344. In this conventional example, the network management device has a function to collect and hold information related to the connected network, and to reference local network information connected via the network and authenticate a setting request. Yes. The network management device notifies the permitting station of the fact when a request for referencing / setting network information is issued by the other stations than the permitting station.
[0008] また、多モード専用無線通信システムが特表平 9— 509544号公報に開示されて いる。この従来例では、トランシーバは 2つの制御プロトコルに従って動作可能である 。ハンドセットがローカル局の範囲にある場合、制御プロトコルの 1つに従ってロー力 ルピコ局と通信し、ローカル局の範囲を越えて移動したとき、別の制御プロトコルに従 つて自動的に地上局との通信に切り替えられる。  [0008] Further, a multi-mode dedicated radio communication system is disclosed in JP-T-9-509544. In this conventional example, the transceiver can operate according to two control protocols. When the handset is in the range of the local station, it communicates with the low-power rupico station according to one of the control protocols, and when it moves beyond the range of the local station, it automatically communicates with the ground station according to another control protocol Can be switched to.
[0009] また、インターネットの時限利用課金システムが特開平 10— 27036号公報に開示 されている。この従来例のシステムでは、ターミナルサーバはクライアントにインターネ ットとの接続サービスを提供する。認証サーバは、ターミナルサーバからの指示により クライアントからの個別情報に基づいてインターネットとの接続の可否を確認する。課 金サーバは、拡張認証データベースに連動し、各クライアントの接続利用時間に合 わせて接続料金を計算して接続度数を逐次更新する。拡張認証データベースで管 理されるクライアントの接続度数が 0未満なるまで、インターネットの接続サービスが 提供される。  [0009] In addition, an Internet time-based charging system is disclosed in Japanese Patent Laid-Open No. 10-27036. In this conventional system, the terminal server provides an Internet connection service to the client. The authentication server confirms whether or not it can be connected to the Internet based on the individual information from the client according to the instruction from the terminal server. The charging server is linked to the extended authentication database, calculates connection charges according to the connection usage time of each client, and updates the connection frequency sequentially. Internet connection services are provided until the number of client connections managed by the extended authentication database is less than zero.
[0010] また、情報端末装置が特開平 11— 212885号公報に開示されている。この従来例 では、接続情報記憶部は、通信回線を利用した通信網へ接続するための接続情報 が予め格納し、通信網接続部は、接続情報に基づいて通信網への接続を行う。 [0011] また、ネットワーク接続システムが特開平 11— 259420号公報に開示されている。 この従来例のネットワーク接続システムではでは、ユーザ端末から送信された単一つ のアカウントのユーザ識別情報と暗証番号に基づきユーザが認証され、認証された ユーザにより指定された接続環境を特定するフラグが識別され、フラグと接続環境と が登録されたテーブルを参照してフラグに対応する接続環境が選択され、認証され たユーザのアクセス元情報が判別され、アクセス元情報と接続環境とが登録されたテ 一ブルを参照してアクセス元情報に対応する接続環境が選択され、接続環境を用い てユーザ端末がネットワークに接続される。 An information terminal device is disclosed in Japanese Patent Laid-Open No. 11-212885. In this conventional example, the connection information storage unit stores in advance connection information for connection to a communication network using a communication line, and the communication network connection unit connects to the communication network based on the connection information. A network connection system is disclosed in Japanese Patent Laid-Open No. 11-259420. In this conventional network connection system, a user is authenticated based on the user identification information and password of a single account transmitted from the user terminal, and a flag for specifying the connection environment designated by the authenticated user is set. The connection environment corresponding to the flag is selected by referring to the table in which the flag and the connection environment are registered, the access source information of the authenticated user is determined, and the access source information and the connection environment are registered. The connection environment corresponding to the access source information is selected by referring to the table, and the user terminal is connected to the network using the connection environment.
[0012] また、無線通信システムが特開 2000— 188644号公報に開示されている。この従 来例では、ネットワークと無線端末装置との間の無線回線接続時に行われる認証確 認処理後、必要に応じてネットワークエリア情報が通知される。これにより、ローミング 等で新たにこの無線ネットワークの配下に入った無線端末装置のユーザに対し、この ネットワークのネットワークエリア情報 (通信網識別番号情報や国番号情報など)が知 らされる。また、発着信時、端末側で通信回線の設定のために用いられている中継 交換網情報が必要である場合、ネットワーク側力 今回の通信回線設定の経路に用 V、られて 、る中継交換網情報が中継網情報要求応答メッセージとして受信される。  A wireless communication system is disclosed in Japanese Patent Laid-Open No. 2000-188644. In this conventional example, network area information is notified as necessary after an authentication check process performed when a wireless line is connected between a network and a wireless terminal device. As a result, the network area information (communication network identification number information, country code information, etc.) of this network is made known to the user of the wireless terminal device newly subordinated to this wireless network due to roaming or the like. Also, when the relay switching network information used for setting the communication line on the terminal side is required at the time of outgoing / incoming call, the network side force V is used for the route of the communication line setting this time. Network information is received as a relay network information request response message.
[0013] また、コンピュータシステムが特開 2001— 43165号公報に開示されている。この従 来例のコンピュータシステムでは、サーバは、前記クライアント側の通信アプリケーシ ヨン毎に通信規制情報を記憶し、クライアントは、一つ以上の通信アプリケーションの 通信セッションを確立し、サーバに記憶されている通信規制情報に基づいて、通信 セッションを制御する。  [0013] A computer system is disclosed in Japanese Patent Laid-Open No. 2001-43165. In this conventional computer system, the server stores communication restriction information for each communication application on the client side, and the client establishes a communication session for one or more communication applications and is stored in the server. Controls communication sessions based on communication restriction information.
[0014] また、ネットワークシステムが特開 2001— 203690号公報に開示されている。この 従来例のネットワークシステムでは、複数のネットワークセグメントの各々は、ネットヮ ークセグメント及びコンピュータの識別情報を含むネットワーク情報とネットワークの接 続時にコンピュータ間のアクセス制御を行うアクセス制御情報とを保持.管理する 1台 のセグメントマスタを備えている。ネットワークセグメントに属する第 1コンピュータと他 のネットワークセグメントに属する第 2コンピュータとの接続時に、第 1コンピュータは、 自機の属するネットワークセグメントの第 1セグメントマスタ力もネットワーク情報を取得 し、第 2コンピュータに係るネットワーク情報を抽出し、この抽出されたネットワーク情 報に基づいて第 1セグメントマスタ力 自機及び第 2コンピュータに係る接続認証用 情報を取得して第 2コンピュータに送信する。第 2コンピュータは、接続認証情報を自 機の属するネットワークセグメントの第 2セグメントマスタに渡して認証を求め、第 2セ グメントマスタによる認証を得た場合に、第 1コンピュータとのネットワーク接続を有効 とする。 A network system is disclosed in Japanese Patent Laid-Open No. 2001-203690. In this conventional network system, each of a plurality of network segments holds and manages network information including network segment and computer identification information and access control information for controlling access between computers when the network is connected 1 There are two segment masters. When a first computer belonging to a network segment is connected to a second computer belonging to another network segment, the first computer also obtains network information from the first segment master of the network segment to which it belongs. Network information related to the second computer is extracted, connection authentication information related to the first segment master and the second computer is acquired based on the extracted network information, and is transmitted to the second computer. . When the second computer passes the connection authentication information to the second segment master of the network segment to which it belongs and asks for authentication, and the second segment master obtains authentication, the second computer validates the network connection with the first computer. To do.
[0015] また、アクセス制御方法が特開 2001— 326696号公報に開示されている。この従 来例では、 DHCPを利用し、認証情報データベースによってユーザ単位でのクライ アント端末を認証し、クライアント端末の送受パケットをサーバとルータの連携によつ てフィルタリングする。  An access control method is disclosed in Japanese Patent Laid-Open No. 2001-326696. In this conventional example, DHCP is used, the client terminal is authenticated for each user by the authentication information database, and the packet sent and received by the client terminal is filtered by the cooperation of the server and the router.
[0016] また、認証拒否端末に対し特定条件でアクセスを許容する LANが特開 2002— 11 8562号公報に開示されている。この従来例では、基地局は、端末局と通信を行い、 認証要求情報および受信パケットを抽出し、認証要求情報に基づ!、て LAN内認証 許可または拒否の判断を行い、その結果をパケット振り分けテーブルに設定する。パ ケット振り分けテーブルの登録内容を参照して、許可であれば端末局力ものパケット を LAN内に配送し、拒否であれば特定のサーバまたはネットワーク接続機器に送信 する。  [0016] Further, a LAN that allows access to an authentication-denied terminal under specific conditions is disclosed in Japanese Patent Laid-Open No. 2002-118562. In this conventional example, the base station communicates with the terminal station, extracts the authentication request information and the received packet, and based on the authentication request information! Set in the sorting table. Referring to the registered contents of the packet distribution table, if it is permitted, a packet with the power of the terminal station is delivered to the LAN, and if it is rejected, it is sent to a specific server or network connection device.
[0017] また、通信システムが特開 2002— 236631号公報に開示されている。この従来例 では、サービスプロバイダ力もユーザごとに割り当てられた接続用 IDによって、ユー ザがアクセス可能なインターネットサイトもしくはページを制限する。  [0017] A communication system is disclosed in Japanese Patent Application Laid-Open No. 2002-236631. In this conventional example, the service provider capabilities also limit the Internet sites or pages that can be accessed by the user based on the connection ID assigned to each user.
[0018] また、コンピュータソフトウェアを配布する方法が特開 2002— 314529号公報に開 示されている。この従来例では、その中に取り外し可能に組み込まれた記憶媒体をも つクライアントコンソール上で再生するための暗号化データストリングでソフトウェア製 品が符号化され、クライアントコンソールを用いてユーザ力もユーザ IDデータが受信 される。第 1暗号ィ匕キーがユーザに送信され、第 1暗号ィ匕キーでソフトウェア製品のた めの IDが符号化され、ユーザ力もソフトウェア製品購入情報が受信され、ユーザ購 入情報及び第 1暗号ィ匕キー並びに第 2暗号ィ匕キーを示すデータが符号化され、第 1 暗号ィ匕キー及び第 2暗号ィ匕キーがユーザに送信される。こうして、ユーザは暗号化ソ フトウエア製品を解読する。 [0018] A method for distributing computer software is disclosed in Japanese Patent Laid-Open No. 2002-314529. In this conventional example, a software product is encoded with an encrypted data string for playback on a client console having a storage medium removably incorporated therein, and the user ID and user ID data are encoded using the client console. Is received. The first encryption key is transmitted to the user, the ID for the software product is encoded with the first encryption key, the user power is also received the software product purchase information, and the user purchase information and the first encryption key are received. The key key and the data indicating the second encryption key are encoded, and the first encryption key and the second encryption key are transmitted to the user. In this way, the user can Decrypt software products.
[0019] また、通信装置が特開 2002— 366512号公報に開示されている。この従来例では 、通信装置が初期設定を行うときに接続されサービス提供者側との間の通信路を確 立する接続点がネットワークに設けられる。接続点に接続させるための電話番号が予 め記憶された後、通信装置がユーザに渡される。接続点に接続されたとき、サービス 提供者側から通信装置に接続設定情報が送信される。  A communication device is disclosed in Japanese Patent Laid-Open No. 2002-366512. In this conventional example, the network is provided with a connection point that is connected when the communication apparatus performs initial setting and establishes a communication path with the service provider side. After the telephone number for connecting to the connection point is stored in advance, the communication device is delivered to the user. When connected to the connection point, connection setting information is transmitted from the service provider side to the communication device.
[0020] また、ホストコンピュータが再公表特許 WO 02Z001376に開示されている。この 従来例では、サービス装置力も認証を求める照会情報が受信されたとき、認証に関 する情報を求める要求情報が移動体通信装置に送信される。移動体通信装置から 受信される認証に関する情報と格納されて 、る情報とが照合され、本人を認証する 認証情報がサービス装置に送信される。  [0020] A host computer is disclosed in the re-published patent WO 02Z001376. In this conventional example, when the inquiry information that requests authentication for the service device is received, request information for information related to authentication is transmitted to the mobile communication device. The authentication information received from the mobile communication device and the stored information are collated, and authentication information for authenticating the principal is transmitted to the service device.
[0021] また、ネットワーク管理システムが特開 2003— 152778号公報に開示されている。  A network management system is disclosed in Japanese Patent Laid-Open No. 2003-152778.
この従来例では、少なくともパケットの送信元アドレスと、送信先アドレス、パケット優 先度を含むポリシー設定要求のパケットがアクセス線路を介してユーザ端末力も受信 され、ポリシー設定要求のパケットからユーザ端末のアドレスが抽出され、ポリシー設 定要求に含まれる送信元アドレスと抽出されたユーザ端末のアドレスが同一であると きに、ポリシーテーブルの内容がポリシー設定要求の内容に基づいて変更される。  In this conventional example, a policy setting request packet including at least a packet source address, a destination address, and packet priority is also received via the access line, and the user terminal address is received from the policy setting request packet. When the source address included in the policy setting request is the same as the extracted user terminal address, the contents of the policy table are changed based on the contents of the policy setting request.
[0022] また、ネットワークシステムが特開 2003— 249947号公報に開示されている。この 従来例では、網内情報管理装置は、通信端末からの接続要求時に、通信端末から 通知された認証情報と、アクセス認証情報管理データベースに格納されて ヽる通信 端末力 通知されたユーザ IDに対する認証情報とを比較し、通信端末が正規ユー ザであることを確認する。通信端末が正規ユーザであることが確認された場合に、網 内識別子管理データベースに基づき、空いている VIDを選択し、選択された VIDと ユーザ IDとは網内識別子管理データベースに登録される。無線アクセスポイント、あ るいはエッジスィッチに VIDを登録するための登録要求力 無線アクセスポイント、あ るいはエッジスィッチに対して発行される。無線アクセスポイント、あるいはエッジスィ ツチは、登録要求に応答して通信端末からのデータフレームに VIDを登録する。無 線アクセスポイント、あるいは、エッジスィッチからの解放通知に基づいて、網内識別 子管理データベースに登録されて!、る VIDとユーザ IDとの対応付けを解除し、通信 端末の接続解除時に、 VIDの設定が削除され、網内情報管理装置に対して VIDの 解放通知を行う。 A network system is disclosed in Japanese Patent Laid-Open No. 2003-249947. In this conventional example, the in-network information management device, when a connection request is received from the communication terminal, is applied to the authentication information notified from the communication terminal and the communication terminal power stored in the access authentication information management database. Compare the authentication information and confirm that the communication terminal is an authorized user. When it is confirmed that the communication terminal is a legitimate user, a free VID is selected based on the network identifier management database, and the selected VID and user ID are registered in the network identifier management database. Registration requirement for registering VID in wireless access point or edge switch Issued to wireless access point or edge switch. The wireless access point or edge switch registers the VID in the data frame from the communication terminal in response to the registration request. In-network identification based on release notification from wireless access point or edge switch Registered in the child management database! The association between the VID and user ID is canceled, and when the communication terminal is disconnected, the VID setting is deleted and the VID release notification is sent to the in-network information management device .
[0023] また、ネットワーク接続管理システムが特開 2004— 32336号公報に開示されてい る。この従来例では、携帯端末力もの、 情報と位置情報を含む通信網接続要求に 基づいてネットワークへの接続が認められたとき、接続許可情報が携帯端末に送信 され、これにより情報処理装置がネットワークに接続される。  [0023] A network connection management system is disclosed in Japanese Patent Application Laid-Open No. 2004-32336. In this conventional example, when connection to the network is permitted based on a communication network connection request including information and position information, connection permission information is transmitted to the mobile terminal, and the information processing apparatus is thereby connected to the network. Connected to.
[0024] また、セキュア通信システムが特開 2004— 48458号公報に開示されている。この 従来例では、セキュア通信を行う機器は、随時あるいは定期的にポリシーサーバにァ クセスして複数の通信相手のセキュリティポリシーを取得し、これに基づ 、てセキュア 通ウィンを行う。  A secure communication system is disclosed in Japanese Patent Application Laid-Open No. 2004-48458. In this conventional example, a device that performs secure communication accesses the policy server at any time or periodically to obtain the security policies of a plurality of communication partners, and performs secure communication based on this.
発明の開示  Disclosure of the invention
[0025] 本発明の目的は、接続先への接続の前に端末装置内で接続の可否が判定される 、端末装置を用いる接続制御システムと接続制御方法を提供することにある。  [0025] An object of the present invention is to provide a connection control system and a connection control method using a terminal device when it is determined whether or not connection is possible in the terminal device before connection to a connection destination.
本発明の他の目的は、端末装置が接続可能な接続先 (ネットワークなど)の数や構 成を柔軟に変更できる、端末装置を用いる接続制御システムと接続制御方法を提供 することにある。  Another object of the present invention is to provide a connection control system and a connection control method using a terminal device that can flexibly change the number and configuration of connection destinations (such as a network) to which the terminal device can be connected.
本発明の更に他の目的は、技術規格が異なる接続先に統一的に接続を制御でき る、端末装置を用いる接続制御システムと接続制御方法を提供することにある。  Still another object of the present invention is to provide a connection control system and a connection control method using a terminal device that can control connection uniformly to connection destinations having different technical standards.
[0026] 本発明の観点では、端末装置は、複数の接続先との接続を設定するための複数の 接続設定情報を保存する第 1保存部と、複数の接続設定情報に基づく接続を制御 するための複数の接続制御情報を保存する第 2保存部と、複数の接続設定情報と複 数の接続制御情報に、特定接続先に対応する組の特定接続設定情報と少なくとも 1 つの特定接続制御情報がそれぞれ存在するとき、特定接続制御情報と特定接続設 定情報に基づいて特定接続先に接続する接続エージェントとを具備する。  [0026] In an aspect of the present invention, the terminal device controls a connection based on the first storage unit that stores a plurality of connection setting information for setting connections with a plurality of connection destinations, and the plurality of connection setting information. A second storage unit that stores a plurality of connection control information, a plurality of connection setting information and a plurality of connection control information, a set of specific connection setting information corresponding to a specific connection destination, and at least one specific connection control information When there is each, there is provided a connection agent for connecting to a specific connection destination based on specific connection control information and specific connection setting information.
[0027] ここで、特定接続制御情報が特定接続先との接続が有効であることを示すとき、接 続エージェントは、特定接続設定情報に基づいて端末装置を接続先と接続する。ま た、特定接続制御情報が特定接続設定情報に対して複数であってもよい。複数の特 定接続制御情報が順序付けられ、異なる範囲で特定接続先との接続が有効であるこ とを示すとき、接続エージェントは、複数の特定接続制御情報に基づいて、順番に、 特定接続設定情報に基づく端末装置の接続先への接続を実行する。 Here, when the specific connection control information indicates that the connection with the specific connection destination is valid, the connection agent connects the terminal device to the connection destination based on the specific connection setting information. Further, the specific connection control information may be plural with respect to the specific connection setting information. Multiple special When the constant connection control information is ordered and indicates that a connection with a specific connection destination is valid in a different range, the connection agent sequentially determines a terminal based on the specific connection setting information based on a plurality of specific connection control information. Executes connection to the connection destination of the device.
また、接続エージェントは、特定接続先に基づいて複数の接続設定情報のうちの 1 つを特定接続設定情報として決定し、特定接続制御情報に基づ 、て複数の接続制 御情報のうち少なくとも 1つを特定接続制御情報として決定する。接続エージェントは Further, the connection agent determines one of the plurality of connection setting information as the specific connection setting information based on the specific connection destination, and at least one of the plurality of connection control information based on the specific connection control information. Are determined as specific connection control information. Connection agent
、特定接続先が検出されたとき、上記の動作を行う。 When the specific connection destination is detected, the above operation is performed.
複数の接続設定情報の各々は、第 1判別情報を有し、複数の接続制御情報の各 々は、第 2判別情報と条件を有することが好ましい。接続エージェントは、特定接続設 定情報の第 1判別情報と複数の接続制御情報の各々の第 2判別情報が条件を満た すか否かを判定する処理を行!、、条件を満たす接続制御情報を特定接続制御情報 として決定する。  Each of the plurality of connection setting information preferably includes first determination information, and each of the plurality of connection control information preferably includes second determination information and a condition. The connection agent performs processing to determine whether or not the first determination information of the specific connection setting information and the second determination information of each of the plurality of connection control information satisfy the condition! Determined as specific connection control information.
また、特定接続先はネットワークであってもよいし、特定接続先は端末装置が接続 されるネットワークに接続されたサーバーであってもよい。  Further, the specific connection destination may be a network, and the specific connection destination may be a server connected to the network to which the terminal device is connected.
また、本発明の他の観点では、接続制御システムは、複数の接続先との接続を設 定するための複数の配布接続設定情報を格納する接続設定情報配布装置と、複数 の配布接続設定情報に基づく接続を制御するための複数の配布接続制御情報を格 納する接続制御情報配布装置と、端末装置とを具備する。端末装置は、第 1保存部 と第 2保存部と、接続設定情報配布装置カゝら複数の配布接続設定情報の少なくとも 一部を複数の接続設定情報として取得して第 1保存部に格納し、接続設定情報配布 装置力 複数の配布接続制御情報の少なくとも一部を複数の接続制御情報として取 得して第 2保存部に格納する通信部と、複数の接続設定情報と複数の接続制御情 報に、特定接続先に対応する組の特定接続設定情報と少なくとも 1つの特定接続制 御情報がそれぞれ存在するとき、特定接続制御情報と特定接続設定情報に基づ 、 て特定接続先に端末装置を接続する接続エージェントとを具備する。  In another aspect of the present invention, the connection control system includes a connection setting information distribution device that stores a plurality of distribution connection setting information for setting a connection with a plurality of connection destinations, and a plurality of distribution connection setting information. A connection control information distributing device for storing a plurality of distributed connection control information for controlling connection based on the terminal, and a terminal device. The terminal device acquires at least a part of the plurality of distribution connection setting information as the first storage unit, the second storage unit, and the connection setting information distribution device as a plurality of connection setting information, and stores them in the first storage unit. , Connection setting information distribution device power A communication unit that acquires at least a part of a plurality of distribution connection control information as a plurality of connection control information and stores them in the second storage unit, a plurality of connection setting information and a plurality of connection control information When there is a pair of specific connection setting information and at least one specific connection control information corresponding to the specific connection destination, the terminal device is connected to the specific connection destination based on the specific connection control information and the specific connection setting information. And a connection agent for connecting.
ここで、新たな接続先が追加されるとき、新たな接続先に対応する配布接続設定情 報が接続設定情報配布装置に追加される。また、複数の配布接続制御情報の各々 は、複数の配布接続設定情報のうち、組となるべき特定接続設定情報の有効性を示 す情報である。 Here, when a new connection destination is added, the distribution connection setting information corresponding to the new connection destination is added to the connection setting information distribution apparatus. Each of the plurality of distribution connection control information indicates the validity of the specific connection setting information to be paired out of the plurality of distribution connection setting information. Information.
また、特定接続先はネットワークであってもよいし、特定接続先は端末装置が接続 されるネットワークに接続されたサーバーであってもよい。  Further, the specific connection destination may be a network, and the specific connection destination may be a server connected to the network to which the terminal device is connected.
また、本発明の他の観点では、接続制御方法は、端末装置が特定接続先に接続さ れるべきとき、第 1保存部に格納された複数の接続設定情報から特定接続先に対応 する特定接続設定情報を抽出することと、第 2保存部に格納された複数の接続制御 情報から、特定接続設定情報と組を構成すべき少なくとも 1つの特定接続制御情報 を抽出することと、特定接続制御情報と特定接続設定情報に基づ ヽて特定接続先に 端末装置を接続することとにより達成される。  In another aspect of the present invention, the connection control method includes a specific connection corresponding to a specific connection destination from a plurality of connection setting information stored in the first storage unit when the terminal device is to be connected to the specific connection destination. Extracting the setting information, extracting at least one specific connection control information to be paired with the specific connection setting information from the plurality of connection control information stored in the second storage unit, and the specific connection control information This is achieved by connecting the terminal device to the specific connection destination based on the specific connection setting information.
ここで、複数の接続設定情報は、複数の接続先との接続を設定するために提供さ れてもい。複数の接続制御情報の各々は、複数の接続設定情報のうち、組となるベ き特定接続設定情報の有効性を示す情報である。  Here, a plurality of connection setting information may be provided for setting a connection with a plurality of connection destinations. Each of the plurality of connection control information is information indicating the validity of the specific connection setting information to be paired among the plurality of connection setting information.
接続するステップは、特定接続設定情報が有効であることを特定接続制御情報が 示すとき、特定接続設定情報に基づいて端末装置を接続先と接続することにより達 成されてもよい。  The step of connecting may be achieved by connecting the terminal device to the connection destination based on the specific connection setting information when the specific connection control information indicates that the specific connection setting information is valid.
特定接続制御情報が特定接続設定情報に対して複数であり、複数の特定接続制 御情報が順序付けられ、異なる範囲で有効性を示してもよ 、。  There may be a plurality of specific connection control information with respect to the specific connection setting information, and the plurality of specific connection control information may be ordered to show the validity in different ranges.
接続するステップは、複数の特定接続制御情報の各々の有効性に基づいて、順番 に端末装置を接続先と接続することにより達成されてもよい。  The connecting step may be achieved by sequentially connecting the terminal device to the connection destination based on the validity of each of the plurality of specific connection control information.
特定接続設定情報を抽出するステップは、接続先が検出されたとき、接続先に基 づいて複数の接続設定情報のうちの 1つを特定接続設定情報として決定すること〖こ より達成されてもよい。  The step of extracting the specific connection setting information may be achieved by determining one of a plurality of connection setting information as the specific connection setting information based on the connection destination when the connection destination is detected. Good.
また、複数の接続設定情報の各々は、第 1判別情報を有し、複数の接続制御情報 の各々は、第 2判別情報と条件を有してもよい。  Each of the plurality of connection setting information may include first determination information, and each of the plurality of connection control information may include second determination information and a condition.
特定接続制御情報を抽出するステップは、特定接続設定情報の第 1判別情報と複 数の接続制御情報の各々の第 2判別情報が条件を満たすか否かを判定する処理を 行うことと、条件を満たす接続制御情報を特定接続制御情報として決定することによ り達成されてもよい。 また、特定接続先はネットワークであってもよいし、特定接続先は端末装置が接続 されるネットワークに接続されたサーバーであってもよい。 The step of extracting the specific connection control information includes performing a process of determining whether or not the first determination information of the specific connection setting information and the second determination information of each of the plurality of connection control information satisfy a condition, This may be achieved by determining connection control information satisfying the condition as specific connection control information. Further, the specific connection destination may be a network, and the specific connection destination may be a server connected to the network to which the terminal device is connected.
図面の簡単な説明 Brief Description of Drawings
[図 1]図 1は、本発明の第 1実施例による接続制御システムの構成図である。 FIG. 1 is a configuration diagram of a connection control system according to a first embodiment of the present invention.
[図 2]図 2は、本発明の第 1実施例による接続制御システムの具体的な例を示す図で ある。  FIG. 2 is a diagram showing a specific example of the connection control system according to the first embodiment of the present invention.
[図 3]図 3は、本発明の第 1実施例による接続制御システムで使用される端末装置の 構成図ある。  FIG. 3 is a block diagram of a terminal device used in the connection control system according to the first embodiment of the present invention.
[図 4]図 4は、本発明に係る接続制御情報及び接続設定情報の一例を示す図である  FIG. 4 is a diagram showing an example of connection control information and connection setting information according to the present invention.
[図 5A]図 5Aは、本発明の第 1実施例におけるネットワーク IDパターンの一例を示す 図である。 FIG. 5A is a diagram showing an example of a network ID pattern in the first embodiment of the present invention.
[図 5B]図 5Bは、本発明の第 1実施例におけるネットワーク IDパターンの他の例を示 す図である。  FIG. 5B is a diagram showing another example of the network ID pattern in the first embodiment of the present invention.
[図 5C]図 5Cは、本発明の第 1実施例におけるネットワーク IDパターンの他の例を示 す図である。  FIG. 5C is a diagram showing another example of the network ID pattern in the first embodiment of the present invention.
[図 5D]図 5Dは、本発明の第 1実施例におけるネットワーク IDパターンの他の例を示 す図である。  FIG. 5D is a diagram showing another example of the network ID pattern in the first embodiment of the present invention.
[図 6A]図 6Aは、本発明の第 1実施例におけるネットワーク IDの一例を示す図である  FIG. 6A is a diagram showing an example of a network ID in the first embodiment of the present invention.
[図 6B]図 6Bは、本発明の第 1実施例におけるネットワーク IDの他の例を示す図であ る。 FIG. 6B is a diagram showing another example of the network ID in the first embodiment of the present invention.
[図 6C]図 6Cは、本発明の第 1実施例におけるネットワーク IDの他の例を示す図であ る。  FIG. 6C is a diagram showing another example of the network ID in the first embodiment of the present invention.
[図 7]図 7は、本発明の第 1実施例による接続制御システムの動作を示すフローチヤ ートである。  FIG. 7 is a flowchart showing the operation of the connection control system according to the first example of the present invention.
[図 8]図 8は、本発明の第 1実施例における接続設定情報と接続制御情報との接続 可否の判定動作を示すフローチャートである。 [図 9]図 9は、本発明の第 2実施例による接続制御システムにおけるネットワーク IDパ ターン及びネットワーク IDを示す図である。 FIG. 8 is a flowchart showing an operation for determining whether or not connection between the connection setting information and the connection control information is possible in the first embodiment of the present invention. FIG. 9 is a diagram showing a network ID pattern and a network ID in the connection control system according to the second embodiment of the present invention.
[図 10]図 10は、本発明の第 2実施例における接続設定情報と接続制御情報との接 続可否の判定動作を示すフローチャートである。  FIG. 10 is a flowchart showing an operation for determining whether or not connection between connection setting information and connection control information is possible in the second embodiment of the present invention.
[図 11]図 11は、本発明の第 3実施例であるサービス利用システムの構成図である。 発明を実施するための最良の形態  FIG. 11 is a configuration diagram of a service utilization system according to a third embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION
[0031] 以下に添付図面を参照して、本発明による端末装置を用いる接続制御システムを 利用するネットワークシステムにつ 、て詳細に説明する。本発明による接続制御シス テムは、企業内ネットワークのような特定のユーザのみが利用するネットワークへの接 続の管理用途に適用できる。又、無線 LANホットスポットのような不特定多数のユー ザが利用するネットワークへの、接続を管理し、課金を行う用途にも適用可能である。  Hereinafter, a network system using a connection control system using a terminal device according to the present invention will be described in detail with reference to the accompanying drawings. The connection control system according to the present invention can be applied to the management of connection to a network that is used only by a specific user such as a corporate network. It can also be applied to applications that manage connections and charge for networks such as wireless LAN hotspots that are used by an unspecified number of users.
[0032] [第 1実施例]  [0032] [First embodiment]
図 1は、本発明の第 1実施例によるネットワークシステムの構成を示すブロック図で ある。図 2は、ネットワークシステムをより具体的に示す図である。第 1実施例のネット ワークシステムは、ネットワーク管理者 Bが管理する接続制御情報配布装置 10と接続 設定情報配布装置 20、ユーザ Aにより使用される端末装置 30、及び端末装置 30が 接続されるネットワーク 40とを備えている。以下に、接続先に端末ユーザ Aの端末装 置 30が接続される例に用いて本発明によるネットワークシステムを説明する。接続先 は、この例では、企業内で使用され、ネットワーク管理者 Bによって管理される無線 L ANを利用したネットワーク 40である。  FIG. 1 is a block diagram showing the configuration of the network system according to the first embodiment of the present invention. FIG. 2 shows the network system more specifically. The network system of the first embodiment includes a connection control information distribution device 10 managed by a network administrator B, a connection setting information distribution device 20, a terminal device 30 used by user A, and a network to which the terminal device 30 is connected. With 40. Hereinafter, the network system according to the present invention will be described using an example in which the terminal device 30 of the terminal user A is connected to the connection destination. In this example, the connection destination is a network 40 using a wireless LAN that is used in the enterprise and managed by the network administrator B.
[0033] ネットワーク管理者 Bにより管理されるネットワーク 40 (40— 1〜40— n)は、無線 LA Nアクセスポイント 401 (401 - 1〜401— n)、 DNSサーノ 402 (402— 1〜402— n) 、 Webサーノ 403 (403— l〜403—n)、ゲー卜ゥェィ装置404 (404—l〜404—n) を備えて 、る。ネットワーク 40はインターネット 50に接続されて 、る。  [0033] The network 40 (40—1 to 40—n) managed by the network administrator B includes a wireless LAN access point 401 (401-1 to 401—n), a DNS server 402 (402—1 to 402—). n), a Web Sano 403 (403-l to 403-n), and a gateway device 404 (404-l to 404-n). Network 40 is connected to Internet 50.
[0034] 無線 LANアクセスポイント 401は、電波到達圏内の端末装置 30に、アクセスポイン トの存在を通知するために、 ESS— IDを定期的に発信する。端末装置 30が電波到 達圏内に入り、ネットワーク 40に接続されると、 Webサーノ 403は、ネットワーク 40に 関する Webページ(ポータルページ)を提供する。また、ゲートウェイ装置 404は、ネ ットワーク 50を経由して、端末装置 30をインターネット 50に接続する。又、端末装置 30は、インターネット 50を利用する場合、 DNSサーノ 402によって、ドメインネーム サービスを受けることができる。 [0034] The wireless LAN access point 401 periodically transmits an ESS-ID to notify the terminal device 30 within the radio wave coverage area of the existence of the access point. When the terminal device 30 enters the radio wave coverage area and is connected to the network 40, the Web Sano 403 provides a Web page (portal page) related to the network 40. The gateway device 404 is connected to the network The terminal device 30 is connected to the Internet 50 via the network 50. Further, when using the Internet 50, the terminal device 30 can receive a domain name service by the DNS sano 402.
[0035] 接続制御情報配布装置 10は、サーバ等のコンピュータ装置であり、ネットワーク管 理者 Bによってキーボード等の入力ユニットから入力される接続制御情報 RIを保持 する。接続制御情報 RIは、接続設定情報 SIとの組合せにより端末装置 30とネットヮ ーク 40と間の接続許否を判定するために使用される。接続制御情報 RIは、許否の判 定基準が変更されるときに、変更される。接続設定情報 Siが新たに追加されるときは 、接続制御情報 RIも追加される。図 4に示されるように、ネットワーク IDパターン 501 と、接続の有効性を示すデータとして有効期限 502を含んでいる。有効期限 502は、 ネットワーク 40との接続が許可される期限を示す。  [0035] The connection control information distribution device 10 is a computer device such as a server, and holds connection control information RI input from an input unit such as a keyboard by the network administrator B. The connection control information RI is used to determine whether or not the connection between the terminal device 30 and the network 40 is permitted in combination with the connection setting information SI. The connection control information RI is changed when the acceptance criteria are changed. When connection setting information Si is newly added, connection control information RI is also added. As shown in FIG. 4, a network ID pattern 501 and an expiration date 502 are included as data indicating the validity of the connection. The expiration date 502 indicates a time limit for permitting connection with the network 40.
[0036] 図 5Aから 5Dは、接続制御情報 RIに含まれるネットワーク IDパターン 501 (501— 1 〜501— 4)の 4つ例を示している。本実施例におけるネットワーク IDパターン 501は 、 XML文書の形で記載されている。ネットワーク IDパターン 501— 1では、最上位階 層のタグく nwid— pattern>は、本 XML文書がネットワーク IDパターン 501に関す る情報を記述していることを示している。この直下のタグから、処理が開始される。次 の階層のタグは、接続設定情報 SIに含まれるネットワーク ID602と、次の階層のタグ に記載のテキストを比較する時の比較条件を示し、く and >の場合、本タグの中の全 ての条件が満たされたネットワーク ID601が組合わせ可能と判断される。次の階層の タグは、く location >と、く organizaton>である。これらはそれぞれ、接続制御情 報 RIにより接続が許可されるネットワークの敷設場所と、管理組織についての情報を 記述している。  FIGS. 5A to 5D show four examples of network ID patterns 501 (501-1 to 501-4) included in the connection control information RI. The network ID pattern 501 in this embodiment is described in the form of an XML document. In the network ID pattern 501-1, the top layer tag nwid-pattern> indicates that this XML document describes information about the network ID pattern 501. Processing is started from the tag immediately below. The next level tag indicates the comparison condition when comparing the network ID 602 included in the connection setting information SI and the text described in the next level tag. It is determined that the network ID 601 that satisfies the above conditions can be combined. The next level tags are location> and organizaton>. Each of these describes the location of the network where connection is permitted by the connection control information RI and information about the management organization.
[0037] 接続制御情報配布装置 10は、図 2に示されるように、赤外線装置 110のような通信 装置を備えている。端末装置 30も赤外線通信装置を備えているとき、接続制御情報 配布装置 10は、赤外線回線を介して接続制御情報 RIを端末装置 30に提供する。  [0037] As shown in FIG. 2, the connection control information distribution device 10 includes a communication device such as an infrared device 110. When the terminal device 30 also includes an infrared communication device, the connection control information distribution device 10 provides the connection control information RI to the terminal device 30 via an infrared line.
[0038] 接続設定情報配布装置 20は、サーバ等のコンピュータ装置であり、ネットワーク管 理者 Bによってキーボード等の入力ユニットから入力される接続設定情報 SIを記録 する装置である。接続設定情報 SIは、ネットワーク 40に対応するネットワークインター フェース 307の設定情報である。接続設定情報 SIは、ネットワーク 40が新たに設置さ れるとき、接続設定情報配布装置 20に追加される。既存のネットワーク 40の規格が 変更されたときは、接続設定情報 SIも変更される。 [0038] The connection setting information distribution device 20 is a computer device such as a server, and is a device that records connection setting information SI input from an input unit such as a keyboard by the network administrator B. Connection setting information SI is a network interface corresponding to network 40. Setting information of face 307. The connection setting information SI is added to the connection setting information distributing device 20 when the network 40 is newly installed. When the existing network 40 standard is changed, the connection setting information SI is also changed.
[0039] 図 4に示されるように、接続設定情報 SIは、無線 LANにおけるネットワークの識別 子である ESS— ID601と、ネットワークを管理するためにネットワーク管理者 Bにより 設定される識別子であるネットワーク ID602と、 WEPキー 603と、端末装置 30が IP 通信を行なうための自端末装置の IPアドレス 604と、端末装置 30がインターネット 50 を利用するために必要なデフォルトゲートウェイ IPアドレス 605と、端末装置 30がドメ インネームサービスを受けるために必要な DNSサーバ IPアドレス 606と、端末装置 3 0がポータルページを表示するために必要な Webサーバ IPアドレス 607を含んで!/ヽ る。このように、接続制御情報 RIは、技術規格に依存する情報を含まず、それらの情 報は接続設定情報 SIのみが有している。これにより、混在するネットワーク構成に対 しても、統一的にネットワーク接続の許否を設定することができる。  [0039] As shown in FIG. 4, the connection setting information SI includes an ESS ID 601 that is a network identifier in a wireless LAN, and a network ID 602 that is an identifier set by the network administrator B to manage the network. WEP key 603, IP address 604 of the terminal device for terminal device 30 to perform IP communication, default gateway IP address 605 necessary for terminal device 30 to use Internet 50, and terminal device 30 It includes the DNS server IP address 606 required to receive the domain name service and the Web server IP address 607 required for the terminal device 30 to display the portal page! As described above, the connection control information RI does not include information depending on the technical standards, and only the connection setting information SI has such information. As a result, even for mixed network configurations, network connection permission / rejection can be set uniformly.
[0040] 図 6Aから 6Cは、接続設定情報 SIに含まれるネットワーク ID601 (601— 1力 601 —3)の例を示す。本実施例におけるネットワーク ID601は、 XML文書として記載さ れている。ネットワーク ID601— 1では、最上位階層のタグく nwid>は、本 XML文 書がネットワーク ID601に関する情報を記述して 、ることを示して 、る。この直下のタ グは、く location>と、く organizaton>である。これらはそれぞれ、接続設定情報 SIによって、接続の設定が可能なネットワークの敷設場所と管理組織についての情 報を記述している。  [0040] FIGS. 6A to 6C show examples of the network ID 601 (601-1 force 601-3) included in the connection setting information SI. The network ID 601 in this embodiment is described as an XML document. In the network ID 601-1, the highest level tag nwid> indicates that this XML document describes information about the network ID 601. The tags directly below are location> and organizaton>. Each of these describes information about the location of the network where the connection can be set and the management organization by the connection setting information SI.
[0041] 接続設定情報配布装置 20は、赤外線装置 210のような通信装置を備えている。ま た、端末装置 30が赤外線による通信装置を有するとき、接続設定情報配布装置 20 は、赤外線回線を介して接続設定情報 SIを端末装置 30に提供する。  [0041] The connection setting information distribution device 20 includes a communication device such as the infrared device 210. In addition, when the terminal device 30 has an infrared communication device, the connection setting information distribution device 20 provides the connection setting information SI to the terminal device 30 via an infrared line.
[0042] 端末装置 30は、端末ユーザ Aにより使用される携帯可能な、情報処理 ·通信機器 である。図 3は、端末装置 30の構成を示すブロック図である。図 3を参照して、端末装 置 30は、接続制御情報保存部 301と、接続設定情報保存部 302と、ネットワーク接 続エージェント 303と、ネットワークインターフェース 307と、表示画面 309と、赤外線 通信装置 310と、 CPU311と、メモリ 312とを備えている。端末装置 30の接続制御情 報保存部 301や接続設定情報保存部 302は、 ROMのような固定的に端末装置 30 に設置される記憶装置でも、メモリーカードや ICチップのような持ち運びが可能な記 録装置でも構わない。 The terminal device 30 is a portable information processing / communication device used by the terminal user A. FIG. 3 is a block diagram showing the configuration of the terminal device 30. As shown in FIG. Referring to FIG. 3, terminal device 30 includes a connection control information storage unit 301, a connection setting information storage unit 302, a network connection agent 303, a network interface 307, a display screen 309, and an infrared communication device 310. A CPU 311 and a memory 312. Connection control information of terminal device 30 The information storage unit 301 and the connection setting information storage unit 302 may be a storage device fixedly installed in the terminal device 30 such as a ROM, or a portable recording device such as a memory card or an IC chip.
[0043] 赤外線通信装置 310は、接続制御情報配布装置 10と接続設定情報配布装置 20 の各々の赤外線通信装置と赤外線回線を確立し、接続制御情報配布装置 10と接続 設定情報配布装置 20から接続制御情報 RIと接続設定情報 SIをそれぞれ受信する。 端末装置 30に受信される接続制御情報 RIは、接続制御情報保存部 301に保存さ れる。この例では、接続制御情報 RI— 1と、接続制御情報 RI— 2と、接続制御情報 RI —3が保存されている。又、端末装置 30に受信される接続設定情報 SIは、接続設定 情報保存部 302に保存される。この例では、接続設定情報 SI— 1と、接続設定情報 SI— 2と、接続設定情報 SI— 3が保存されている。  [0043] The infrared communication device 310 establishes an infrared line with each of the infrared communication devices of the connection control information distribution device 10 and the connection setting information distribution device 20, and is connected from the connection control information distribution device 10 to the connection setting information distribution device 20. Control information RI and connection setting information SI are received respectively. The connection control information RI received by the terminal device 30 is stored in the connection control information storage unit 301. In this example, connection control information RI-1, connection control information RI-2, and connection control information RI-3 are stored. Further, the connection setting information SI received by the terminal device 30 is stored in the connection setting information storage unit 302. In this example, connection setting information SI-1, connection setting information SI-2, and connection setting information SI-3 are stored.
[0044] ネットワーク接続エージェント 303は、端末装置 30とネットワーク 40を接続するため のソフトウェアとして実現される。 CPU311により実行されることにより、無線 LANァク セスポイント検知部 304と、接続制御情報確認部 305と、インタフェース設定部 306と 、ポータルページ表示部 308とを実現している。端末装置 30がネットワーク 40の無線 LANの接続圏内に入った場合、無線 LANアクセスポイント検知部 304は、無線 LA Nアクセスポイント 401を検出し、 ESS— IDを取得する。接続制御情報確認部 305は 、ネットワーク接続エージェント 303によって接続設定情報保存部 302から抽出され る接続設定情報 SIに含まれるネットワーク IDと、接続制御情報保存部 301内の接続 制御情報 RIに含まれるネットワーク IDパターンとを比較し、組合せが可能か否かを判 断する。又、ネットワーク接続エージェント 303によって接続制御情報保存部 303から 抽出される接続制御情報 RIに含まれる有効期限を参照し、有効期限を過ぎていない カゝどうかを確認する。接続制御情報 RIに含まれる有効期限を経過していない場合、 インタフェース設定部 306は、抽出される接続制御情報 RIを使用してインタフェース 307の設定を行なう。ポータルページ表示部 308は、端末装置 30がネットワーク 40 に接続された後に、 Webサーノ 03からポータルページの情報を取得して、表示画 面 309に表示する。  The network connection agent 303 is realized as software for connecting the terminal device 30 and the network 40. By being executed by the CPU 311, a wireless LAN access point detection unit 304, a connection control information confirmation unit 305, an interface setting unit 306, and a portal page display unit 308 are realized. When the terminal device 30 enters the wireless LAN connection area of the network 40, the wireless LAN access point detection unit 304 detects the wireless LAN access point 401 and acquires the ESS ID. The connection control information confirmation unit 305 includes a network ID included in the connection setting information SI extracted from the connection setting information storage unit 302 by the network connection agent 303, and a network included in the connection control information RI in the connection control information storage unit 301. Compare with the ID pattern to determine whether a combination is possible. Further, the network connection agent 303 refers to the expiration date included in the connection control information RI extracted from the connection control information storage unit 303, and confirms whether the expiration date has not passed. If the expiration date included in the connection control information RI has not elapsed, the interface setting unit 306 sets the interface 307 using the extracted connection control information RI. After the terminal device 30 is connected to the network 40, the portal page display unit 308 acquires portal page information from the Web sano 03 and displays it on the display screen 309.
[0045] CPU311は、端末装置 30全体の制御を行な 、、ネットワーク接続エージェント 303 の実行処理を行なう。メモリ 312は、 CPU311が各種処理を行なう際にデータや信号 の一時的な記録を実施する。 [0045] The CPU 311 controls the entire terminal device 30, and the network connection agent 303 The execution process is performed. The memory 312 temporarily records data and signals when the CPU 311 performs various processes.
[0046] 図 7は、本発明による接続制御システムの動作の流れを示して 、る。  FIG. 7 shows an operation flow of the connection control system according to the present invention.
[0047] ネットワーク管理者 Bは、自らが管理しているネットワーク 40に関する接続制御情報 [0047] Network administrator B has connection control information related to network 40 that he / she manages.
RIを接続制御情報配布装置 10に登録する (ステップ Sl)。又、同様にネットワーク 40 に関する接続設定情報 SIを接続設定情報配布装置 20に登録する (ステップ S3)。 端末装置 30からの要求を受けると、接続制御情報配布装置 10は、赤外線通信回線 を介して登録されている接続制御情報 RIの中から、例えば、接続制御情報 RI— 1〜The RI is registered in the connection control information distribution device 10 (step Sl). Similarly, the connection setting information SI related to the network 40 is registered in the connection setting information distributing apparatus 20 (step S3). When receiving the request from the terminal device 30, the connection control information distributing device 10 selects, for example, the connection control information RI-1 to the connection control information RI registered through the infrared communication line.
RI— 3を端末装置 30に提供する (ステップ S2)。又、接続設定情報配布装置 20は、 端末装置 30からの要求を受けると、保持している接続設定情報 SIの中から、接続設 定情報 SI— 1〜SI— 3を赤外線回線を介して端末装置 30に提供する (ステップ S4)RI-3 is provided to the terminal device 30 (step S2). Also, upon receiving a request from the terminal device 30, the connection setting information distribution device 20 sends the connection setting information SI-1 to SI-3 from the held connection setting information SI via the infrared line to the terminal. Provide to device 30 (step S4)
。尚、接続設定情報 SI— 1〜SI— 3はそれぞれ、ネットワーク 40— 1〜40— 3に対応 するインタフェース 307の設定情報である。端末装置 30は、取得された接続制御情 報 RI—1から RI— 3を接続制御情報保存部 301に保存し、接続設定情報 SI— 1〜SI 3を接続設定情報保存部 302に保存する (ステップ S6)。 . The connection setting information SI-1 to SI-3 are setting information of the interface 307 corresponding to the networks 40-1 to 40-3, respectively. The terminal device 30 stores the acquired connection control information RI-1 to RI-3 in the connection control information storage unit 301, and stores the connection setting information SI-1 to SI3 in the connection setting information storage unit 302 ( Step S6).
[0048] このように、端末装置 30に保存される接続制御情報 RIと接続設定情報 SIは、必要 の都度取得することができるので、接続可能なネットワーク 40を増やすことができ、又 、ネットワークの技術規格が変更されても柔軟に対応することができる。  [0048] Thus, since the connection control information RI and the connection setting information SI stored in the terminal device 30 can be acquired whenever necessary, the number of connectable networks 40 can be increased, and the network Even if technical standards are changed, it is possible to respond flexibly.
[0049] 接続制御情報 RIと接続設定情報 SIの配布及び端末装置 30内における保存を DR M (Digital Right Management)技術を用いて行なわれると、セキュリティが向上 する。 DRM技術の利用によって、ネットワーク管理者 B力 端末ユーザ Aによる接続 制御情報 RIや接続設定情報 SIの内容の閲覧や変更に対して、制限を加えることが 可能になる。これにより、例えばネットワーク接続制御情報 RI内の有効期限 502を、 端末ユーザ Bが勝手に書き換えるなどの行為を禁止することができるようになる。 [0049] If distribution of connection control information RI and connection setting information SI and storage in terminal device 30 are performed using DRM (Digital Right Management) technology, security is improved. By using DRM technology, it becomes possible to limit the browsing and modification of the contents of connection control information RI and connection setting information SI by network administrator B power terminal user A. As a result, for example, the terminal user B can be prohibited from rewriting the expiration date 502 in the network connection control information RI.
[0050] ステップ S2から S6によって、予め接続制御情報 RIと接続設定情報 SIを保持してい る端末装置 30が、ネットワーク 40—1の接続圏内に入った場合、ネットワーク接続ェ ージェント 303の無線 LANアクセスポイント検知部 304は、無線 LANアクセスポイン ト 401— 1を検出し、無線 LANアクセスポイント 401— 1から送信される ESS—IDを 取得する(ステップ S 8)。 [0050] When the terminal device 30 that holds the connection control information RI and the connection setting information SI in advance in steps S2 to S6 enters the connection area of the network 40-1, the wireless LAN access of the network connection agent 303 is performed. The point detection unit 304 detects the wireless LAN access point 401-1, and uses the ESS-ID transmitted from the wireless LAN access point 401-1. Obtain (step S8).
[0051] ネットワーク接続エージェント 303は、取得された ESS—IDと一致する ESS—IDを キー値として持つ接続設定情報 SIを接続設定情報保存部 302内から検索する。この 例では、接続設定情報 SI— 1が抽出されたとする (ステップ S10)。尚、本説明では、 ネットワーク 40— 1〜40— 3の ESS—IDと、接続設定情報 SI— l〜SI— 3の ESS—I Dがそれぞれ対応して 、るものとする。  [0051] The network connection agent 303 searches the connection setting information storage unit 302 for connection setting information SI having the ESS-ID that matches the acquired ESS-ID as a key value. In this example, it is assumed that the connection setting information SI-1 is extracted (step S10). In this description, it is assumed that the ESS-IDs of the networks 40-1 to 40-3 correspond to the ESS-IDs of the connection setting information SI-1 to SI-3, respectively.
[0052] ネットワーク接続エージェント 303は、接続制御情報保存部 301内のネットワーク接 続制御情報 RIを順に読みだし、接続制御情報確認部 305で接続設定情報 SI— 1と 組合せることができるかを確認する (ステップ S 12)。接続制御情報確認部 305は、接 続制御情報 RIのネットワーク IDパターン 501内の条件において、抽出された接続設 定情報 SI内のネットワーク ID602と一致する力否かにより、接続設定情報 SIと接続 制御情報 RIとの組合せの可能性を判定する。  [0052] The network connection agent 303 sequentially reads the network connection control information RI in the connection control information storage unit 301, and checks whether the connection control information confirmation unit 305 can combine it with the connection setting information SI-1 (Step S12). The connection control information confirmation unit 305 controls the connection setting information SI and the connection control depending on whether or not the network ID pattern 501 in the connection control information RI matches the network ID 602 in the extracted connection setting information SI. Determine possible combinations with information RI.
[0053] 図 8は、ステップ S12における接続設定情報 SIと接続制御情報 RIとの組合せを判 定するときの動作を示す。ネットワーク接続エージェント 303は、接続制御情報 RI— 1 を読み出す。接続制御情報確認部 305は、ネットワーク IDパターン 501— 1中の比 較条件であるタグを参照する (ステップ SB1)。参照された比較条件タグが < not >タ グの場合は (ステップ SB2)、く not >タグ直下のタグを再帰処理し、処理結果の論 理反転を返す (ステップ SB3)。参照された比較条件タグがく and >タグの場合は (ス テツプ SB4)、く and >タグ直下のタグを順に再帰処理し、全ての処理結果の論理積 を返す (ステップ SB5)。参照された比較条件タグが < or >タグの場合は (ステップ S B6)、 < or >タグ直下のタグを順に再帰処理し、全ての処理結果の論理和を返す( ステップ SB7)。  FIG. 8 shows the operation when determining the combination of the connection setting information SI and the connection control information RI in step S12. The network connection agent 303 reads the connection control information RI-1. The connection control information confirmation unit 305 refers to the tag that is the comparison condition in the network ID pattern 501-1 (step SB1). If the referenced comparison condition tag is a <not> tag (step SB2), the tag immediately under the not> tag is recursively processed and the logical inversion of the processing result is returned (step SB3). If the referenced comparison condition tag is “>” and “>” (step SB4), the tags immediately below “>” and “>” are recursively processed in order, and the logical product of all processing results is returned (step SB5). If the referenced comparison condition tag is an <or> tag (step SB6), the tags immediately under the <or> tag are recursively processed in order, and the logical sum of all the processing results is returned (step SB7).
[0054] 接続制御情報確認部 305は、タグ直下のテキスト、例えば、く location >タグ直下 のネットワーク敷設場所の情報や、 < organization>タグ直下のネットワーク管理組 織の情報を、ネットワーク IDパターン 501— 1とネットワーク ID602— 1から抽出する( ステップ SB8、ステップ SB9)。次に、抽出されたテキストを比較し (ステップ SB10)、 一致して!/、れば真値を返し (ステップ SB11)、不一致であれば偽値を返す (ステップ SB12)。比較条件タグ直下の全ての処理結果は、タグに記載の条件で論理計算し て真偽を返し、真値であれば、接続設定情報 SIと組み合わせ可能な接続制御情報 RIと判定し、偽値であれば組合せ不可能な接続制御情報 RIと判定する。 [0054] The connection control information confirmation unit 305 uses the network ID pattern 501—the text immediately below the tag, for example, the information on the network laying location immediately below the location> tag and the information on the network management organization immediately below the <organization> tag. 1 and network ID602—1 (Step SB8, Step SB9). Next, the extracted texts are compared (step SB10), and if they match! /, A true value is returned (step SB11), and if they do not match, a false value is returned (step SB12). All processing results directly under the comparison condition tag are logically calculated under the conditions described in the tag. If it is a true value, it is determined as connection control information RI that can be combined with the connection setting information SI, and if it is a false value, it is determined as connection control information RI that cannot be combined.
[0055] この例では、タグは < and>であるので (ステップ SB4)、 < and>直下のタグの条 件を順に比較し、く and>タグ中の、全ての条件の比較結果の論理積を返す (ステツ プ SB5)。接続制御情報確認部 305は、ネットワーク IDパターン 501— 1のく locatio n >タグの情報と、ネットワーク ID602— 1中のく location >タグの情報を取り出し( ステップ SB8、ステップ SB9)、比較する(ステップ SB10)。両者とも com. X X X . jp . jigyoshoA. fab6であり、ネットワーク敷設場所情報は一致するので、真値を返す( ステップ SB11)。次に、ネットワーク IDパターン 501— 1中のく organization >タグ の情報と、ネットワーク ID602— 1中のく organization >タグの情報を取り出し (ステ ップ SB8、ステップ SB9)、比較する(ステップ SB10)。両者とも com. X X X . jp. cl . drlであり、ネットワーク管理組織情報は一致するので、真値を返す (ステップ SB 11 ) oこうして、く and>タグ中の全ての条件が満たされるので(全て真値)、全ての処理 結果の論理積は、真値となり、接続制御情報 RI—1は、接続設定情報 SI—1と組合 わせが可能であると判定される。  [0055] In this example, the tag is <and> (step SB4), so the conditions of the tags immediately under <and> are compared in order, and the AND of the comparison results of all the conditions in the <and> tag. Is returned (step SB5). The connection control information confirmation unit 305 takes out the information of the network ID pattern 501-1 <location> tag and the information of the location> tag in the network ID 602-1 (step SB8, step SB9) and compares them (step SB8). SB10). Both are com. X X X. Jp. JigyoshoA. Fab6, and the network laying location information matches, so a true value is returned (step SB11). Next, the information of the organization> tag in the network ID pattern 501-1 is extracted from the information of the organization> tag in the network ID 602-1 (step SB8, step SB9) and compared (step SB10). Since both are com. XXX. Jp. Cl. Drl and the network management organization information matches, the true value is returned (step SB 11) o Since all conditions in the <and> tag are satisfied (all (True value), the logical product of all the processing results is a true value, and it is determined that the connection control information RI-1 can be combined with the connection setting information SI-1.
[0056] 同様に、ネットワーク接続エージェント 303は、接続制御情報 RI— 2を読み出し、組 合せを判定する。接続制御情報確認部 305は、く and >タグを入力として受け取り( ステップ SB4)、く and >直下のタグの条件を順に比較し、く and>タグ中の全ての 条件の比較結果の論理積を返す (ステップ SB5)。接続制御情報確認部 305は、ネ ットワーク IDパターン 501— 2のく location>タグの情報と、ネットワーク ID602— 1 中のく location>タグの情報を取り出し (ステップ SB8、ステップ SB9)、比較する(ス テツプ SB10)。両者は異なっているため、ネットワーク敷設場所情報については、偽 値を返す (ステップ SB11)。次に、く or >タグを入力として受け取り(ステップ SB6)、 く or >直下のタグの条件を順に比較し、く or >タグ中の全ての条件の比較結果の 論理和を返す(ステップ SB7)。ネットワーク IDパターン 501— 2中のく organization >タグの情報と、ネットワーク ID602— 1中のく organization >タグの情報を取り出 し (ステップ SB8、ステップ SB9)、比較する(ステップ SB10)。ネットワーク IDパター ン 501— 2に記載の 2つのネットワーク管理組織情報と不一致であるので、 2つとも偽 値を返す (ステップ SB11)。その後、く or >タグ直下の条件について処理が終わると 、処理結果の論理和を計算する。この場合、両者とも偽値であるので偽値を返す。 ( ステップ SB7)。く and >タグ中の全ての条件が満たされず、全ての処理結果の論理 積は、偽値となり、接続制御情報 RI— 2は、接続設定情報 SI—1と組合わせ不可能と 判定される。 Similarly, the network connection agent 303 reads the connection control information RI-2 and determines the combination. The connection control information confirmation unit 305 receives く and> as an input (step SB4), and sequentially compares the conditions of and and> directly under the tag, and>and> ANDs the comparison results of all the conditions in the tag. Return (step SB5). The connection control information confirmation unit 305 extracts the location> tag information in the network ID pattern 501-2 and the location> tag information in the network ID 602-1 (step SB8, step SB9) and compares them (step SB8). Step SB10). Since they are different, a false value is returned for the network location information (step SB11). Next, ku or> tag is received as an input (step SB6), ku or> conditions of the tag immediately below are compared in order, and logical sum of the comparison results of all conditions in ku or> tag is returned (step SB7). . The network ID pattern 501—2 organization> tag information and the network ID 602—1 organization> tag information are retrieved (step SB8, step SB9) and compared (step SB10). Since the two network management organization information described in network ID pattern 501-2 are inconsistent, both are false. Returns the value (step SB11). After that, when processing is completed for the condition directly under the tag or> tag, the logical sum of the processing results is calculated. In this case, since both are false values, a false value is returned. (Step SB7). All conditions in the <and> tag are not satisfied, and the logical product of all the processing results is a false value, and it is determined that the connection control information RI-2 cannot be combined with the connection setting information SI-1.
[0057] 接続制御情報 RI- 3についても同様に、ネットワーク IDパターン 501— 3の条件は < and>であり、 < organization >の情報が不一致であるので、結果は偽値となり、 接続制御情報 RI— 3は、接続設定情報 SI— 1と組合わせ不可能と判定される。  [0057] Similarly for connection control information RI-3, the condition of network ID pattern 501-3 is <and> and the information of <organization> does not match, so the result is a false value, and connection control information RI — 3 is determined not to be combined with connection setting information SI-1.
[0058] 従って、ネットワーク接続エージェント 303は、接続制御情報確認部 305で接続設 定情報 SI— 1と組合せが可能と判定された接続制御情報 RI— 1を抽出する (ステップ S13)。接続制御情報確認部 305は、抽出された接続制御情報 RI—1に含まれる有 効期限 502を確認する (ステップ S14)。有効期限を過ぎている場合、ネットワーク接 続エージェント 303は接続処理を終了し、ネットワーク 40— 1に接続しない (ステップ S15) 0又、接続制御情報保存部 301に、接続設定情報 SI— 1と組合せ可能な接続 制御情報 RIを保持していない場合、接続処理を終了し、ネットワーク 40— 1に接続し ない(ステップ S 15)。 Accordingly, the network connection agent 303 extracts the connection control information RI-1 that is determined by the connection control information confirmation unit 305 to be combined with the connection setting information SI-1 (step S13). The connection control information confirmation unit 305 confirms the expiration date 502 included in the extracted connection control information RI-1 (step S14). If the expiration date has passed, the network connection agent 303 terminates the connection process and does not connect to the network 40-1 (step S15). 0 Also, the connection control information storage unit 301 is combined with the connection setting information SI-1. If the possible connection control information RI is not held, the connection process is terminated and the connection to the network 40-1 is not made (step S15).
[0059] 抽出された接続制御情報 RI— 1が有効期限内である場合、ネットワークインタフエ —ス設定部 306は、接続設定情報 SI—1に含まれる IPアドレス 604と、デフォルトゲ 一トウエイ IPアドレス 605と、 DNSサーバ IPアドレス 606と、 Webサーバ IPアドレス 60 7を用いて、ネットワークインタフェース 307の設定を行ない、無線 LANアクセスポィ ント 401— 1を介してネットワーク 40— 1と端末装置 30との接続を実行する (ステップ S 16)。接続が完了すると、ネットワーク接続エージェント 303は、 Webサーノ 403— 1 力もネットワーク 40— 1を通じてポータルページ情報を取得し、ポータルページ表示 部 308によって処理し、表示画面 309に表示して、端末ユーザ Aに提示する(ステツ プ S20)。  [0059] When the extracted connection control information RI-1 is within the validity period, the network interface setting unit 306 includes the IP address 604 included in the connection setting information SI-1 and the default gateway IP address. Configure network interface 307 using 605, DNS server IP address 606, and Web server IP address 607, and connect network 40-1 and terminal device 30 via wireless LAN access point 401-1. (Step S16). When the connection is completed, the network connection agent 303 acquires the portal page information through the Web server 403-1 and the network 40-1, processes it by the portal page display unit 308, displays it on the display screen 309, and displays it to the terminal user A. Present (step S20).
[0060] 端末装置 30が、無線 LANアクセスポイント 401— 1から離れ、接続圏外に入ると、 無線 LANアクセスポイント 401— 1からの電波が届かなくなるので、端末装置 30とネ ットワーク 40— 1の間の接続は切断される。 [0061] 次に、端末装置 30がネットワーク 40— 2の接続圏内に入った場合、無線 LANァク セスポイント検知部 304は、無線 LANアクセスポイント 401— 2を検出し、無線 LAN アクセスポイント 401— 2から送信される ESS— IDを取得する(ステップ S8)。ネットヮ ーク接続エージェント 303は、取得した ESS— IDと一致する ESS— IDをキー値とし て持つ接続設定情報 SIを接続設定情報保存部 302内力も検索して、キー値が一致 する接続設定情報 SI— 2を抽出する (ステップ S10)。 [0060] When the terminal device 30 moves away from the wireless LAN access point 401-1, and enters the outside of the connection range, the radio wave from the wireless LAN access point 401-1 does not reach, so between the terminal device 30 and the network 40-1 Will be disconnected. [0061] Next, when the terminal device 30 enters the connection range of the network 40-2, the wireless LAN access point detection unit 304 detects the wireless LAN access point 401-2 and detects the wireless LAN access point 401-2. ESS—ID sent from 2 is acquired (step S8). The network connection agent 303 searches the connection setting information storage unit 302 for the connection setting information SI having the ESS ID that matches the acquired ESS ID as a key value, and the connection setting information that matches the key value. SI-2 is extracted (step S10).
[0062] ネットワーク接続エージェント 303は、接続制御情報 RI— 1を読み出し、組合せの 可能性を判定する。接続制御情報確認部 305は、ネットワーク IDパターン 501— 1中 の比較条件タグを参照する(ステップ SB1)。本タグはく and>であるので (ステップ S B4)、く and>直下の条件を順に比較し、く and >タグ中の全ての処理結果の論理 積を返す (ステップ SB5)。接続制御情報確認部 305は、ネットワーク IDパターン 501 1の < location >タグの情報と、ネットワーク ID602— 2中の < location >タグの 情報を取り出し (ステップ SB8、ステップ SB9)、比較する (ステップ SB10)。両者の情 報は、異なっているため、ネットワーク敷設場所情報については、偽値を返す (ステツ プ SB11)。次に、ネットワーク IDパターン 501— 1中のく organization>タグの情報 と、ネットワーク ID602— 2中のく organization >タグの情報を取り出し (ステップ SB 8、ステップ SB9)、比較する(ステップ SB10)。両者は一致せず、ネットワーク管理組 織情報については、偽値を返す (ステップ SB11)。く and >タグ中の全ての条件が 満たされず、全ての処理結果の論理積は、偽値となり、接続制御情報 RI— 1は、接 続設定情報 SI— 2と組合わせ不可能と判定される。  [0062] The network connection agent 303 reads the connection control information RI-1 and determines the possibility of combination. The connection control information confirmation unit 305 refers to the comparison condition tag in the network ID pattern 501-1 (step SB1). Since this tag is “and” and “>” (step S B4), the conditions directly under “and” and “>” are compared in order, and the logical product of all the processing results in the “and” tag is returned (step SB5). The connection control information confirmation unit 305 extracts the <location> tag information of the network ID pattern 501-1 and the <location> tag information of the network ID 602-2 (step SB8, step SB9) and compares them (step SB10). . Since the information of both is different, a false value is returned for the network location information (step SB11). Next, the information of the organization> tag in the network ID pattern 501—1 and the information of the organization> tag in the network ID 602—2 are extracted (step SB 8, step SB9) and compared (step SB10). Both do not match, and a false value is returned for the network management organization information (step SB11). All conditions in the <and> tag are not satisfied, and the logical product of all the processing results is a false value, and it is determined that the connection control information RI-1 cannot be combined with the connection setting information SI-2 .
[0063] 次に、ネットワーク接続エージェント 303は、接続制御情報 RI— 2を読み出し、組合 せを判定する。接続制御情報確認部 305は、ネットワーク IDパターン 501— 2中の比 較条件タグを参照する(ステップ SB1)。本タグはく and >であるので (ステップ SB4) 、く and >直下のタグを順に比較し、く and >タグ中の全ての処理結果の論理積を 返す (ステップ SB5)。接続制御情報確認部 305は、ネットワーク IDパターン 501— 2 のく location >タグの情報と、ネットワーク ID602— 2中のく location >タグの情報 を取り出し (ステップ SB8、ステップ SB9)、比較する(ステップ SB10)。両者とも com . X X X . jp. jigyoshoB. bldg9で一致するので、ネットワーク敷設場所情報につい ては、真値を返す (ステップ SB11)。次に、く or >タグを入力として受取り(ステップ S Bl)、く or >タグ直下の処理結果の論理和を返す(SB7)。ネットワーク IDパターン 5 01— 2中のく organization >タグの情報と、ネットワーク ID602— 2中のく organiz ation>タグの情報を取り出し (ステップ SB8、ステップ SB9)、比較する(ステップ SB 10)。ネットワーク IDパターン 501— 2中のく organization>タグの情報に com. X X X . jp. cl. dr2が含まれているので、ネットワーク管理組織情報については、真値 を返す。く and>タグ中の全ての条件が満たされるので、全ての処理結果の論理積 は真値となり、接続制御情報 RI— 2は、接続設定情報 SI— 2と組合わせが可能と判 断する。 Next, the network connection agent 303 reads the connection control information RI-2 and determines the combination. The connection control information confirmation unit 305 refers to the comparison condition tag in the network ID pattern 501-2 (step SB1). Since this tag is “and” and “>” (step SB4), the tags immediately after “and” and “>” are compared in order, and the logical product of all the processing results in the “and” tag is returned (step SB5). The connection control information confirmation unit 305 extracts the location> tag information in the network ID pattern 501-2 and the location> tag information in the network ID 602-2 (steps SB8 and SB9) and compares them (step SB10). ). Since both match with com.XXX.jp.jigyoshoB.bldg9, the network laying location information Returns a true value (step SB11). Next, ku or> tag is received as an input (step S Bl), and the logical sum of the processing results immediately below ku or> tag is returned (SB7). Network ID pattern 5 01—The information of the organization> tag in 2 and the information of the organization> tag in the network ID 602—2 are extracted (step SB8, step SB9) and compared (step SB 10). Network ID pattern 501—com.XXX.jp.cl.dr2 is included in the information of the organization> tag in 2. Therefore, true value is returned for network management organization information. Since all conditions in the <and> tag are satisfied, the logical product of all the processing results is a true value, and it is determined that the connection control information RI-2 can be combined with the connection setting information SI-2.
[0064] 接続制御情報 RI-3についても同様に、ネットワーク IDパターン 501— 3の比較条 件がく and>であり、ネットワーク敷設場所情報、ネットワーク管理組織情報、ともに 一致し、論理積の結果、真値となり、接続制御情報 RI— 3は、接続設定情報 SI— 2と 組合わせが可能と判定される。  [0064] Similarly for connection control information RI-3, the comparison condition of network ID pattern 501-3 is "and>", and the network installation location information and the network management organization information match, and the result of logical product is true. It is determined that the connection control information RI-3 can be combined with the connection setting information SI-2.
[0065] 従って、ネットワーク接続エージェント 303は、接続制御情報 RI— 2と、接続制御情 報 RI— 3を抽出する (ステップ S 13)。  Therefore, the network connection agent 303 extracts the connection control information RI-2 and the connection control information RI-3 (step S13).
[0066] 接続制御情報確認部 305は、接続制御情報 RI— 2に含まれる有効期限 502— 2を 確認し、有効期限を過ぎている場合、接続制御情報 RI— 3に含まれる有効期限 502 —3を確認する。有効期限 502— 3も有効期限が過ぎている場合、ネットワークエー ジェント 303は接続処理を終了し、ネットワーク 40 - 1に接続しな 、(ステップ S 15)。  [0066] The connection control information confirmation unit 305 confirms the expiration date 502-2 included in the connection control information RI-2, and if the expiration date has passed, the expiration date 502 included in the connection control information RI-3 Check 3. If the expiration date 502-3 has also expired, the network agent 303 terminates the connection process and does not connect to the network 40-1 (step S15).
[0067] 抽出された接続制御情報 RI— 2が有効期限内である場合、ネットワークインタフエ —ス設定部 306は、接続設定情報 SI— 2に含まれる IPアドレス 604と、デフォルトゲ 一トウエイ IPアドレス 605と、 DNSサーバ IPアドレス 606と、 Webサーバ IPアドレス 60 7を用いて、ネットワークインタフェース 307の設定を行ない、無線 LANアクセスポィ ント 401— 1を介してネットワーク 40— 1と端末装置 30との接続を実行する (ステップ S 16)。以後、同様にステップ S18からステップ S20の動作をする。又、接続制御情報 RI— 2が有効期限外で接続制御情報 RI— 3が有効期限内である場合、ネットワーク インタフェース設定部 306は、同様に接続設定情報 SI— 2を使用してネットワークィ ンタフエース 307の設定を行ない、ネットワーク 40— 1と端末装置 30との接続を実行 する(ステップ S16)。以後、同様にステップ S18からステップ S20の動作をする。 [0067] When the extracted connection control information RI-2 is within the validity period, the network interface setting unit 306 includes the IP address 604 included in the connection setting information SI-2, and the default gateway IP address. Configure network interface 307 using 605, DNS server IP address 606, and Web server IP address 607, and connect network 40-1 and terminal device 30 via wireless LAN access point 401-1. (Step S16). Thereafter, the operations from step S18 to step S20 are similarly performed. If the connection control information RI-2 is outside the valid period and the connection control information RI-3 is within the valid period, the network interface setting unit 306 similarly uses the connection setting information SI-2 to establish the network interface 307. The network 40-1 and the terminal device 30 are connected. (Step S16). Thereafter, the operations from step S18 to step S20 are similarly performed.
[0068] 次に、端末装置 30がネットワーク 40— 3の接続圏内に入った場合、無線 LANァク セスポイント検知部 304は、無線 LANアクセスポイント 401— 3を検出し、無線 LAN アクセスポイント 401— 3から送信される ESS— IDを取得する(ステップ S8)。ネットヮ ーク接続エージェント 303は、取得した ESS— IDと一致する ESS— IDをキー値とし て持つ接続設定情報 SIを接続設定情報保存部 302内力も検索して、キー値が一致 する接続設定情報 SI— 3を抽出する (ステップ S10)。 [0068] Next, when the terminal device 30 enters the connection range of the network 40-3, the wireless LAN access point detector 304 detects the wireless LAN access point 401-3, and the wireless LAN access point 401-3. ESS—ID sent from 3 is acquired (step S8). The network connection agent 303 searches the connection setting information storage unit 302 for the connection setting information SI having the ESS ID that matches the acquired ESS ID as a key value, and the connection setting information that matches the key value. SI-3 is extracted (step S10).
[0069] ネットワーク接続エージェント 303は、同様にして、接続制御情報保存部 301から、 接続制御情報 RI—1乃至接続制御情報 RI— 3を読み出し、組合せを判定する。ネッ トワーク ID602— 3中のく location>タグは、 com. X X X .jp.jigyoshoB.bldglO、 く organization >タグは、 com. X X X .jp.cl.dr3であり、適合するネットワーク IDパ ターンはないため、接続制御情報 RI— 1乃至接続制御情報 RI— 3を抽出できず、ネ ットワークエージェント 303は接続処理を終了し、ネットワーク 40— 1に接続しな ヽ(ス テツプ S 15)。 Similarly, the network connection agent 303 reads the connection control information RI-1 to the connection control information RI-3 from the connection control information storage unit 301, and determines the combination. The location> tag in network ID 602—3 is com. XXX .jp.jigyoshoB.bldglO, and the organization> tag is com. XXX .jp.cl.dr3, and there is no matching network ID pattern. Therefore, the connection control information RI-1 to the connection control information RI-3 cannot be extracted, and the network agent 303 ends the connection process and does not connect to the network 40-1 (step S15).
[0070] 又、ネットワークの敷設場所情報や、管理組織情報は正規表現で記載され、例えば 、図 5 (b)に示されるネットワーク IDパターン 501— 4のように敷設場所情報が com. x xx. jp. jigyoshoB. *、管理組織情報力 Scom. xxx. jp. cl. *である場合、 com. x xx. jp. jigyoshoBを含む全てのネットワーク IDとマッチングする。図 6の例では、ネ ットワーク ID602— 2及びネットワーク ID602— 3とマッチングする。従って、端末装置 30がネットワーク IDパターン 501— 4を含む接続制御情報 RIを保持している場合、 ネットワーク 40 - 1にもネットワーク 40 - 2にも接続することができる。  [0070] Further, the network installation location information and the management organization information are described in regular expressions. For example, the installation location information is com. X xx. As shown in the network ID pattern 501-4 shown in Fig. 5 (b). jp. jigyoshoB. *, management organization information ability Scom. xxx. jp. cl. If *, it matches all network IDs including com. x xx. jp. jigyoshoB. In the example of Fig. 6, it matches network ID 602-2 and network ID 602-2. Therefore, when the terminal device 30 holds the connection control information RI including the network ID pattern 501-4, it can be connected to both the network 40-1 and the network 40-2.
[0071] 以上のように、ネットワーク 40に接続するための接続設定情報 SIと、接続の許否を 実行する接続制御情報 RIの組合せは、 1対 1の一通りに限らず、 1対多、あるいは多 対多でも構わない。又、接続制御情報 RIに含める有効期限 502のような接続許否を 決定する情報を多種多様に変えて、ネットワーク接続の許否を柔軟に設定することが できる。例えば、ネットワーク 40の使用料金を定めたプリペイド情報を接続制御情報 RIに含めることで、一定の課金額に達した時点から、端末装置 30が接続可能なネッ トワーク 40を減らすことが可能となる。又、ある接続設定情報 SIに対して組合わせ可 能な接続制御情報 RIが 2個用意され、順序付けが行われる。第 1接続制御情報 RIを 、ネットワークを無料利用可能であるが、有効期限のあるものにしておき、第 2接続制 御情報 RIを、プリペイド情報を含むものにしておく。これにより、ネットワーク接続エー ジヱント 303は、第 1接続制御情報に基づ 、て最初に時点までは無料でネットワーク 40を利用できることを判定するが、それ以降は第 2接続制御情報に基づいて有料 (プ リペイド)であり、有効性に期限があることを判定する。この結果プリペイドを使い切つ た時点で、ネットワークに接続不可能になるといった制御も可能である。更に、接続 時間帯情報を含めることで、時間毎の接続可能な端末装置 30の台数を制限すること ができる。 [0071] As described above, the combination of the connection setting information SI for connecting to the network 40 and the connection control information RI for executing connection permission / inhibition is not limited to one-to-one, but to one-to-many, or Many-to-many. In addition, it is possible to flexibly set network connection permission / rejection by changing various information for determining connection permission / rejection such as the expiration date 502 included in the connection control information RI. For example, by including prepaid information that defines the usage fee of the network 40 in the connection control information RI, it is possible to reduce the number of networks 40 to which the terminal device 30 can be connected after reaching a certain charge amount. Also, it can be combined for certain connection setting information SI Two pieces of effective connection control information RI are prepared and ordered. The first connection control information RI can be used free of charge for the network, but it has an expiration date, and the second connection control information RI includes prepaid information. As a result, the network connection agent 303 determines that the network 40 can be used free of charge until the first time based on the first connection control information, but thereafter, the network connection agent 303 is charged based on the second connection control information ( Prepaid) and it is determined that there is a validity period. As a result, it is possible to control such that when the prepaid is used up, it becomes impossible to connect to the network. Furthermore, by including connection time zone information, the number of terminal devices 30 that can be connected for each hour can be limited.
[0072] 又、接続先ネットワークの技術規格が複数種類ある場合でも、それぞれの技術規格 に沿った接続設定情報 SIを用意すれば良ぐ接続制御情報 RIは技術規格に依らな いように構成できるので、複数技術規格の混在するネットワークに対しても、統一的に 接続の許否の判定を行うことができる。  [0072] Even when there are multiple types of technical standards for the connection destination network, the connection control information RI can be configured so that it does not depend on the technical standards, as long as the connection setting information SI is prepared according to each technical standard. Therefore, it is possible to determine whether to permit or reject a connection even for a network with multiple technical standards.
[0073] 次に、本発明の第 2実施例による接続制御システムを説明する。第 2実施例の接続 制御システムは、構成は第 1実施例と同様であるが、接続制御情報と接続設定情報 が異なる。図 9は、本発明の第 2実施例において使用されるネットワーク IDパターン 5 01とネットワーク ID602の構成を示す。ネットワーク IDパターン 501及びネットワーク I D602は、 IPアドレス表記法で記述されている。ネットワーク IDパターン 501は、ネット ワーク 40を識別する識別情報 501Aと、 mask501Bと、比較条件 501Cとを有してい る。比較条件 501Cは、接続制御情報 RIと接続設定情報 SIとが組合せ可能であるか を判定する時の条件であり、論理式で示される。接続制御情報確認部 305は、接続 制御情報 RIと接続設定情報 SIとが組合せ可能である力判定する時、比較条件 501 Cに基づいて mask501Bとネットワーク ID602と計算する。一例として、ネットワーク I Dパターン 501の構成では、識別情報 501Aは 10. 15. 0. 0と記述され、 mask501 Bは 255. 255. 0. 0と記述され、比較条件 501Cを andと記述され、ネットワーク ID6 02は、 10. 15. 34. 2と記述されている。  Next, a connection control system according to the second embodiment of the present invention will be described. The connection control system of the second embodiment has the same configuration as that of the first embodiment, but connection control information and connection setting information are different. FIG. 9 shows the configuration of the network ID pattern 5001 and the network ID 602 used in the second embodiment of the present invention. Network ID pattern 501 and network ID 602 are described in IP address notation. The network ID pattern 501 includes identification information 501A for identifying the network 40, a mask 501B, and a comparison condition 501C. The comparison condition 501C is a condition for determining whether the connection control information RI and the connection setting information SI can be combined, and is represented by a logical expression. The connection control information confirmation unit 305 calculates the mask 501B and the network ID 602 based on the comparison condition 501C when determining the force that the connection control information RI and the connection setting information SI can be combined. For example, in the configuration of the network ID pattern 501, the identification information 501A is described as 10.15.0.0, mask501B is described as 255.255.0.0, the comparison condition 501C is described as and, and the network ID6 02 is described as 10. 15. 34.2.
[0074] 本発明の第 2実施例による接続制御システムでは、図 7に示される第 1実施例と同 じ動作で、端末装置 30とネットワーク 40とを接続する。 [0075] 図 10は、図 7のステップ S12における接続設定情報 SIと接続制御情報 RIとの組合 せの可能性の判定するときの動作を示す。ネットワーク接続エージェント 303は、接 続制御情報 RIを読み出し、組合せの可能性を判定する。接続制御情報確認部 305 は、ネットワーク IDパターン 501中の mask501Bを取出す (ステップ SC1)。次にネッ トワーク IDパターン 501中の比較条件 501Cを参照して論理計算の計算方式を決定 する (ステップ SC3)。そして、 mask501Bとネットワーク IDとの論理計算を実施する( ステップ SC4)。この例では、比較条件 501Cは andであるので、ネットワーク IDの 10 . 15. 34. 2と mask501Bの 255. 255. 0. 0との!^理積(2進数表記による!^理積) を実行する。ネットワーク IDパターン 501から識別情報 501Aを取り出し (ステップ SC 7)、ステップ SC5における計算結果と比較して、組み合わせの可能性の判定を行う( ステップ SC9)。この場合、識別情報 501Aとステップ SC5における計算結果の値は ともに、 10. 15. 0. 0と一致しているので、このネットワーク IDパターン 501と持つ接 続制御情報 RIは、接続設定情報と組み合わせ可能であると判定される (ステップ SC 11)。もし、識別情報 501Aとステップ SC5における計算結果の値が一致していない 場合、組合せ不可能と判定される (ステップ SC13)。 In the connection control system according to the second embodiment of the present invention, the terminal device 30 and the network 40 are connected by the same operation as in the first embodiment shown in FIG. FIG. 10 shows an operation when determining the possibility of the combination of the connection setting information SI and the connection control information RI in step S12 of FIG. The network connection agent 303 reads the connection control information RI and determines the possibility of combination. The connection control information confirmation unit 305 extracts the mask 501B from the network ID pattern 501 (Step SC1). Next, the calculation method of the logical calculation is determined with reference to the comparison condition 501C in the network ID pattern 501 (step SC3). Then, logical calculation of mask 501B and network ID is performed (step SC4). In this example, since the comparison condition 501C is and, the network ID 10.15.34.2 and the mask501B 255.255.0.0! ^ Performs AND operation (in binary notation! ^ AND operation). The identification information 501A is extracted from the network ID pattern 501 (step SC7), and compared with the calculation result in step SC5, the possibility of combination is determined (step SC9). In this case, since both the identification information 501A and the value of the calculation result in step SC5 match 10.15.0.0, the connection control information RI with this network ID pattern 501 is combined with the connection setting information. It is determined that it is possible (step SC 11). If the identification information 501A and the value of the calculation result in step SC5 do not match, it is determined that the combination is impossible (step SC13).
[0076] 上記の例の比較条件 501Cは andである力 orや notのような他の論理式でも、そ の組合せでも構わない。  [0076] The comparison condition 501C in the above example may be another logical expression such as force or or not, and a combination thereof.
[0077] この方法では、 XML文書で記述する場合に比べて、ネットワーク IDパターン 501と ネットワーク ID602に含むことのできる情報の自由度は落ちるが、組合せの可能性の 判定処理が簡単で、高速処理が可能となる。  [0077] In this method, the degree of freedom of the information that can be included in the network ID pattern 501 and the network ID 602 is lower than that described in the XML document, but the determination process of the possibility of combination is simple, and high-speed processing is possible. Is possible.
[0078] 以上のように、本発明による接続制御システムは、端末装置 30内において接続の 可否確認を実施し、ネットワークを通じて外部のサーバの助けを必要としない。このた め、接続する前に接続可否を判定できる。  As described above, the connection control system according to the present invention checks whether or not connection is possible in the terminal device 30 and does not require the help of an external server through the network. Therefore, it is possible to determine whether or not connection is possible before connection.
[0079] 又、ネットワーク 40への接続許否を判定する権利情報と、インタフェース 307の設 定情報を分離し、ネットワーク 40の技術規格に依存する情報は、全てインタフェース 307の設定情報側に格納しており、ネットワーク 40への接続制御情報 RIには含まれ ていない。従って、複数の無線 LANの技術規格が混在するネットワーク構成に対し ても、統一的にネットワーク接続の許否を設定できる。 [0080] 図 11は、本発明の第 3実施例による接続制御システムの構成を示すブロック図であ る。図 11を参照して、第 3実施例では、ネットワーク上で提供されるサービス (例えば 、 VoIPサービス)に対して、権利情報と設定情報が分離して管理され、サービスを利 用する際に利用の拒否の判定及び接続設定が実行される。この場合、 VoIPサービ スを利用するための権利情報 RI'の内容は、 VoIP技術規格に依存せず、 VoIPサー ビスを利用するための設定情報 SI'の内容は、 VoIPサービスを利用するために必要 な設定情報項目が含まれる。 [0079] In addition, the right information for determining whether to permit connection to the network 40 and the setting information of the interface 307 are separated, and all the information depending on the technical standard of the network 40 is stored on the setting information side of the interface 307. Therefore, it is not included in the connection control information RI to the network 40. Therefore, even for a network configuration in which multiple wireless LAN technical standards are mixed, network connection permission / inhibition can be set uniformly. FIG. 11 is a block diagram showing the configuration of the connection control system according to the third example of the present invention. Referring to FIG. 11, in the third embodiment, rights information and setting information are managed separately for services provided on the network (for example, VoIP service) and used when using the services. Refusal determination and connection setting are executed. In this case, the contents of the rights information RI 'for using the VoIP service does not depend on the VoIP technical standard, and the settings information SI' for using the VoIP service is used to use the VoIP service. Contains necessary setting information items.
[0081] 第 3実施例において、第 1実施例における接続制御システムは、ネットワークサービ ス利用システムとして構成される。図 11に、ネットワークサービス利用システムの構成 を示す。本発明によるネットワークサービス利用システムは、端末装置 30'と、端末装 置 30,に接続されるネットワーク 40,と、ネットワーク 40,上で提供される VoIPサービ スを利用するための設定に使用する設定情報 SI'を保持する設定情報配布装置 30 2'と、 VoIPサービスを使用できるか否かを判定するために用いられる権利情報 RI, を保持する権利情報配布装置 301 'とを備える。又、 VoIPサービスをネットワーク 40 ,上に提供するサービス提供サーバ 307'がネットワーク 40'に接続されている。  [0081] In the third embodiment, the connection control system in the first embodiment is configured as a network service utilization system. Figure 11 shows the configuration of the network service utilization system. The network service utilization system according to the present invention is configured to use the terminal device 30 ′, the network 40 connected to the terminal device 30, and the setting for using the VoIP service provided on the network 40. A setting information distribution device 302 ′ holding information SI ′ and a right information distribution device 301 ′ holding right information RI, which is used to determine whether or not the VoIP service can be used. In addition, a service providing server 307 ′ for providing VoIP service on the network 40 is connected to the network 40 ′.
[0082] 端末装置 30'は、権利情報保存部 301 'と、設定情報保存部 302'と、サービス利 用エージェント 303'とを備える。端末装置 30'は、前もって権利情報配布装置 10'か ら権利情報 RI'を取得して権利情報保持部 301 'に保持する。又、設定情報配布装 置 20'から設定情報 SI'を取得して設定情報保持部 302'に保持する。サービス利用 エージェント 303'は、権利情報確認部 305'と、設定情報送信部 306'とを備える。  The terminal device 30 ′ includes a right information storage unit 301 ′, a setting information storage unit 302 ′, and a service utilization agent 303 ′. The terminal device 30 ′ acquires the rights information RI ′ from the rights information distribution device 10 ′ in advance and holds it in the rights information holding unit 301 ′. In addition, the setting information SI ′ is acquired from the setting information distribution device 20 ′ and is held in the setting information holding unit 302 ′. The service utilization agent 303 ′ includes a right information confirmation unit 305 ′ and a setting information transmission unit 306 ′.
[0083] 端末装置 30'がネットワーク 40'上の VoIPサービスを利用する際、先ず、サービス 利用エージェント 303,は、そのネットワーク 40,上の VoIPサービスを利用するための 設定に使用する設定情報 SI'を抽出する。又、設定情報 SI'に対応する権利情報 RI 'を権利情報保存部 301 'から検索して抽出する。対応する権利情報 RI'がな!ヽ場合 、端末装置 30は該当するネットワーク 40'の VoIPサービスを利用できない。ここで、 権利情報保存部 301 'に保存される権利情報 RI'が、権利情報 RI— 1 '〜RI-n'、 設定情報保存部 302'に保存される設定情報 SI'が、設定情報 SI— 1 '〜SI— nで あり、権利情報 RI'、設定情報 SI'にはそれぞれ A、 B、 C、 D、 E、 F等の共通した情 報が含まれているとする。 [0083] When the terminal device 30 'uses the VoIP service on the network 40', the service use agent 303 first sets the setting information SI 'used for setting to use the VoIP service on the network 40. To extract. Further, the right information RI ′ corresponding to the setting information SI ′ is retrieved from the right information storage unit 301 ′ and extracted. If the corresponding rights information RI 'is !, the terminal device 30 cannot use the VoIP service of the corresponding network 40'. Here, the right information RI ′ stored in the right information storage unit 301 ′ is the right information RI-1′˜RI-n ′, and the setting information SI ′ stored in the setting information storage unit 302 ′ is the setting information SI. — 1 'to SI — n. Rights information RI' and setting information SI 'are common information such as A, B, C, D, E, F, etc. Information is included.
[0084] VoIPサービスを利用するための設定に使用される設定情報 SI'が設定情報 SI— 3 ,である時、サービス利用エージェント 303'は、設定情報保存部 302'から設定情報 SI— 3'を抽出し、設定情報 SI— 3'に含まれる情報 Cを有する権利情報 RI'を権利 情報保存部 301 'から検索し、権利情報 RI— 2'を抽出する。権利情報確認部 305' は、権利情報 RI— 2'を参照して、 VoIPサービスの利用拒否を判定する。この際、権 利情報 RI— 2 'は使用可能期限である有効期限等の利用条件を含む。  [0084] When the setting information SI 'used for setting to use the VoIP service is the setting information SI-3, the service use agent 303' receives the setting information SI-3 'from the setting information storage unit 302'. The right information RI ′ having the information C included in the setting information SI—3 ′ is retrieved from the right information storage unit 301 ′, and the right information RI—2 ′ is extracted. The rights information confirmation unit 305 ′ refers to the rights information RI-2 ′ to determine refusal to use the VoIP service. At this time, the rights information RI-2 'includes usage conditions such as an expiration date, which is the expiration date.
[0085] 権利確認部 305'で該当する VoIPサービスが利用可能であると判断されると、設定 情報送信部 306'は、設定情報 SI— 3'をネットワーク 40'を介して、サービス提供サ ーバ 307'に送信し、 VoIPサービスを利用するための設定を行ない、サービスの提 供を受ける。  [0085] When the right confirmation unit 305 ′ determines that the corresponding VoIP service is available, the setting information transmission unit 306 ′ sends the setting information SI-3 ′ to the service providing service via the network 40 ′. Send the message to 307 ', configure the settings to use the VoIP service, and receive the service.
[0086] 以上のように、サービスの技術規格に依存せず利用可否のみを判定する権利情報 と、サービスの技術規格に依存し、サービスを利用するための設定に用いられる設定 情報を分離して保持することで、端末装置 30が利用可能なネットワーク毎のサービス の数や種類を柔軟に変更でき、更に、端末装置 30内で設定情報と権利情報を一括 管理することで複数の技術規格のサービスが混在するネットワーク 40に対して、統一 的にサービスの利用可否を設定できる。  [0086] As described above, the right information for determining only availability without depending on the service technical standard and the setting information used for setting to use the service depending on the service technical standard are separated. By holding, the number and types of services for each network that can be used by the terminal device 30 can be flexibly changed. Furthermore, the setting information and rights information can be collectively managed in the terminal device 30 to provide services of multiple technical standards. It is possible to set the availability of services uniformly for the network 40 in which.
[0087] 本発明の接続制御システム及び端末装置によれば、ネットワークへ接続する前に 端末装置内で接続可否を判定できる。又、端末装置が接続可能なネットワークの数 や構成を柔軟に変更できる。  According to the connection control system and the terminal device of the present invention, it is possible to determine whether or not connection is possible within the terminal device before connecting to the network. In addition, the number and configuration of networks to which terminal devices can be connected can be flexibly changed.
[0088] 更に、複数の技術規格が混在するネットワーク構成に対して、統一的にネットワーク への接続の許否を設定することができる。  Furthermore, it is possible to uniformly set whether to connect to a network for a network configuration in which a plurality of technical standards are mixed.

Claims

請求の範囲 The scope of the claims
[1] 複数の接続先との接続を設定するための複数の接続設定情報を保存する第 1保存 部と、  [1] a first storage unit for storing a plurality of connection setting information for setting a connection with a plurality of connection destinations;
前記複数の接続設定情報に基づく前記接続を制御するための複数の接続制御情 報を保存する第 2保存部と、  A second storage unit for storing a plurality of connection control information for controlling the connection based on the plurality of connection setting information;
前記複数の接続設定情報と前記複数の接続制御情報に、特定接続先に対応する 組の特定接続設定情報と少なくとも 1つの特定接続制御情報がそれぞれ存在すると き、前記特定接続制御情報と前記特定接続設定情報に基づ!、て前記特定接続先に 接続する接続エージェントと  When the plurality of connection setting information and the plurality of connection control information each include a pair of specific connection setting information and at least one specific connection control information corresponding to a specific connection destination, the specific connection control information and the specific connection Based on the setting information! And the connection agent that connects to the specific destination
を具備する端末装置。  A terminal device comprising:
[2] 請求項 1に記載の端末装置において、 [2] In the terminal device according to claim 1,
前記特定接続制御情報が前記特定接続先との接続が有効であることを示すとき、 前記接続エージェントは、前記特定接続設定情報に基づ 、て前記端末装置を前記 接続先と接続する  When the specific connection control information indicates that the connection with the specific connection destination is valid, the connection agent connects the terminal device with the connection destination based on the specific connection setting information.
端末装置。  Terminal device.
[3] 請求項 1に記載の端末装置において、  [3] In the terminal device according to claim 1,
前記特定接続制御情報が前記特定接続設定情報に対して複数であり、 前記複数の特定接続制御情報が順序付けられ、異なる範囲で前記特定接続先と の接続が有効であることを示すとき、前記接続エージェントは、前記複数の特定接続 制御情報に基づいて、順番に、前記特定接続設定情報に基づく前記端末装置の前 記接続先への接続を実行する  When the specific connection control information is plural for the specific connection setting information, the specific connection control information is ordered, and indicates that the connection with the specific connection destination is valid in a different range, the connection The agent sequentially connects to the connection destination of the terminal device based on the specific connection setting information based on the plurality of specific connection control information.
端末装置。  Terminal device.
[4] 請求項 1乃至 3のいずれかに記載の端末装置において、  [4] In the terminal device according to any one of claims 1 to 3,
前記接続エージェントは、前記特定接続先に基づ 、て前記複数の接続設定情報 のうちの 1つを前記特定接続設定情報として決定し、前記特定接続制御情報に基づ いて前記複数の接続制御情報のうち少なくとも 1つを前記特定接続制御情報として 決定する  The connection agent determines one of the plurality of connection setting information as the specific connection setting information based on the specific connection destination, and the plurality of connection control information based on the specific connection control information Determine at least one of them as the specific connection control information
端末装置。 Terminal device.
[5] 請求項 4に記載の端末装置において、 [5] In the terminal device according to claim 4,
前記接続エージェントは、前記特定接続先が検出されたとき、前記特定接続先に 基づいて前記複数の接続設定情報のうちの 1つを前記特定接続設定情報として決 定し、前記特定接続設定情報に基づいて前記複数の接続制御情報のうち少なくとも 1つを前記特定接続制御情報として決定する  When the specific connection destination is detected, the connection agent determines one of the plurality of connection setting information as the specific connection setting information based on the specific connection destination, and includes the specific connection setting information in the specific connection setting information. And determining at least one of the plurality of connection control information as the specific connection control information
端末装置。  Terminal device.
[6] 請求項 4又は 5に記載の端末装置において、  [6] In the terminal device according to claim 4 or 5,
前記複数の接続設定情報の各々は、第 1判別情報を有し、  Each of the plurality of connection setting information includes first discrimination information;
前記複数の接続制御情報の各々は、第 2判別情報と条件を有し、  Each of the plurality of connection control information has second determination information and a condition,
前記接続エージェントは、前記特定接続設定情報の前記第 1判別情報と前記複数 の接続制御情報の各々の前記第 2判別情報が前記条件を満たすか否かを判定する 処理を行!ヽ、前記条件を満たす前記接続制御情報を前記特定接続制御情報として 決定する  The connection agent performs a process of determining whether or not the first determination information of the specific connection setting information and the second determination information of each of the plurality of connection control information satisfy the condition! The connection control information satisfying the condition is determined as the specific connection control information
端末装置。  Terminal device.
[7] 請求項 1乃至 6のいずれかに記載の端末装置であって、  [7] The terminal device according to any one of claims 1 to 6,
前記特定接続先はネットワークである  The specific connection destination is a network
端末装置。  Terminal device.
[8] 請求項 1乃至 6のいずれかに記載の端末装置であって、  [8] The terminal device according to any one of claims 1 to 6,
前記特定接続先は前記端末装置が接続されるネットワークに接続されたサーバー である  The specific connection destination is a server connected to a network to which the terminal device is connected
端末装置。  Terminal device.
[9] 複数の接続先との接続を設定するための複数の配布接続設定情報を格納する接 続設定情報配布装置と、  [9] A connection setting information distribution device for storing a plurality of distribution connection setting information for setting a connection with a plurality of connection destinations,
前記複数の配布接続設定情報に基づく前記接続を制御するための複数の配布接 続制御情報を格納する接続制御情報配布装置と、  A connection control information distribution device for storing a plurality of distribution connection control information for controlling the connection based on the plurality of distribution connection setting information;
端末装置とを具備し、  A terminal device,
前記端末装置は、  The terminal device
第 1保存部と第 2保存部と、 前記接続設定情報配布装置から前記複数の配布接続設定情報の少なくとも一部 を複数の接続設定情報として取得して前記第 1保存部に格納し、前記接続設定情報 配布装置カゝら前記複数の配布接続制御情報の少なくとも一部を複数の接続制御情 報として取得して前記第 2保存部に格納する通信部と、 A first storage unit and a second storage unit; At least a part of the plurality of distribution connection setting information is acquired as a plurality of connection setting information from the connection setting information distribution device and stored in the first storage unit, and the plurality of distributions including the connection setting information distribution device A communication unit that acquires at least a part of the connection control information as a plurality of connection control information and stores it in the second storage unit; and
前記複数の接続設定情報と前記複数の接続制御情報に、特定接続先に対応する 組の特定接続設定情報と少なくとも 1つの特定接続制御情報がそれぞれ存在すると き、前記特定接続制御情報と前記特定接続設定情報に基づ!、て前記特定接続先に 前記端末装置を接続する接続エージェントと  When the plurality of connection setting information and the plurality of connection control information each include a pair of specific connection setting information and at least one specific connection control information corresponding to a specific connection destination, the specific connection control information and the specific connection Based on the setting information! And a connection agent that connects the terminal device to the specific connection destination
を具備する接続制御システム。  A connection control system comprising:
[10] 請求項 9に記載の接続制御システムにお 、て、 [10] In the connection control system according to claim 9,
新たな接続先が追加されるとき、前記新たな接続先に対応する配布接続設定情報 が前記接続設定情報配布装置に追加され、  When a new connection destination is added, distribution connection setting information corresponding to the new connection destination is added to the connection setting information distribution device,
前記複数の配布接続制御情報の各々は、前記複数の配布接続設定情報のうち、 前記組となるべき前記特定接続設定情報の有効性を示す情報である  Each of the plurality of distribution connection control information is information indicating the validity of the specific connection setting information to be paired among the plurality of distribution connection setting information.
接続制御システム。  Connection control system.
[11] 請求項 9又は 10に記載の接続制御システムであって、 [11] The connection control system according to claim 9 or 10,
前記特定接続先はネットワークである  The specific connection destination is a network
接続制御システム。  Connection control system.
[12] 請求項 9又は 10に記載の接続制御システムであって、 [12] The connection control system according to claim 9 or 10,
前記特定接続先は前記端末装置が接続されるネットワークに接続されたサーバー である  The specific connection destination is a server connected to a network to which the terminal device is connected
接続制御システム。  Connection control system.
[13] 端末装置が特定接続先に接続されるべきとき、第 1保存部に格納された複数の接 続設定情報カゝら前記特定接続先に対応する特定接続設定情報を抽出するステップ と、  [13] When the terminal device is to be connected to the specific connection destination, extracting specific connection setting information corresponding to the specific connection destination from a plurality of connection setting information stored in the first storage unit;
第 2保存部に格納された複数の接続制御情報から、前記特定接続設定情報と組を 構成すべき少なくとも 1つの特定接続制御情報を抽出するステップと、  Extracting at least one specific connection control information to be paired with the specific connection setting information from a plurality of connection control information stored in the second storage unit;
前記特定接続制御情報と前記特定接続設定情報に基づいて前記特定接続先に 前記端末装置を接続するステップと Based on the specific connection control information and the specific connection setting information, the specific connection destination Connecting the terminal device;
を具備する接続制御方法。  A connection control method comprising:
[14] 請求項 13に記載の接続制御方法において、  [14] In the connection control method according to claim 13,
前記複数の接続設定情報は、複数の接続先との接続を設定するために提供され、 前記複数の接続制御情報の各々は、前記複数の接続設定情報のうち、前記組とな るべき前記特定接続設定情報の有効性を示す情報である  The plurality of connection setting information is provided for setting a connection with a plurality of connection destinations, and each of the plurality of connection control information is the identification of the plurality of connection setting information to be the set. Information indicating the validity of the connection setting information
接続制御方法。  Connection control method.
[15] 請求項 14に記載の接続制御方法において、 [15] The connection control method according to claim 14,
前記接続するステップは、  The connecting step includes:
前記特定接続設定情報が有効であることを前記特定接続制御情報が示すとき、前 記特定接続設定情報に基づいて前記端末装置を前記接続先と接続するステップ を具備する接続制御方法。  A connection control method comprising: connecting the terminal device to the connection destination based on the specific connection setting information when the specific connection control information indicates that the specific connection setting information is valid.
[16] 請求項 14に記載の接続制御方法において、 [16] In the connection control method according to claim 14,
前記特定接続制御情報が前記特定接続設定情報に対して複数であり、 前記複数の特定接続制御情報が順序付けられ、異なる範囲で有効性を示し、 前記接続するステップは、  The specific connection control information is plural with respect to the specific connection setting information, the plurality of specific connection control information is ordered and indicates validity in different ranges, and the step of connecting includes:
前記複数の特定接続制御情報の各々の有効性に基づ!、て、順番に前記端末装置 を前記接続先と接続するステップ  Based on the validity of each of the plurality of specific connection control information, and sequentially connecting the terminal device to the connection destination
を具備する接続制御方法。  A connection control method comprising:
[17] 請求項 13乃至 16のいずれかに記載の接続制御方法において、 [17] In the connection control method according to any one of claims 13 to 16,
前記特定接続設定情報を抽出するステップは、  The step of extracting the specific connection setting information includes:
前記接続先が検出されたとき、前記接続先に基づ ヽて前記複数の接続設定情報 のうちの 1つを前記特定接続設定情報として決定するステップ  A step of determining one of the plurality of connection setting information as the specific connection setting information based on the connection destination when the connection destination is detected;
を具備する接続制御方法。  A connection control method comprising:
[18] 請求項 17に記載の接続制御方法において、 [18] In the connection control method according to claim 17,
前記複数の接続設定情報の各々は、第 1判別情報を有し、  Each of the plurality of connection setting information includes first discrimination information;
前記複数の接続制御情報の各々は、第 2判別情報と条件を有し、  Each of the plurality of connection control information has second determination information and a condition,
前記特定接続制御情報を抽出するステップは、 前記特定接続設定情報の前記第 1判別情報と前記複数の接続制御情報の各々の 前記第 2判別情報が前記条件を満たす力否かを判定する処理を行うステップと、 前記条件を満たす前記接続制御情報を前記特定接続制御情報として決定するス テツプ The step of extracting the specific connection control information includes: Performing a process of determining whether or not the first determination information of the specific connection setting information and the second determination information of each of the plurality of connection control information satisfy the condition; and the connection control satisfying the condition Step for determining information as the specific connection control information
を具備する接続制御方法。  A connection control method comprising:
[19] 請求項 13乃至 18のいずれかに記載の接続制御方法であって、 [19] The connection control method according to any one of claims 13 to 18,
前記接続先はネットワークである  The connection destination is a network
接続制御方法。  Connection control method.
[20] 請求項 13乃至 18のいずれかに記載の接続制御方法であって、  [20] The connection control method according to any one of claims 13 to 18,
前記接続先は、ネットワークに接続されたサービス提供サーバである  The connection destination is a service providing server connected to a network.
接続制御方法。  Connection control method.
PCT/JP2005/014514 2004-08-10 2005-08-08 Connection control system using terminal device, and connection control method WO2006016553A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2006531622A JP4872128B2 (en) 2004-08-10 2005-08-08 Connection control system and connection control method using terminal device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004-233275 2004-08-10
JP2004233275 2004-08-10

Publications (1)

Publication Number Publication Date
WO2006016553A1 true WO2006016553A1 (en) 2006-02-16

Family

ID=35839322

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/014514 WO2006016553A1 (en) 2004-08-10 2005-08-08 Connection control system using terminal device, and connection control method

Country Status (2)

Country Link
JP (1) JP4872128B2 (en)
WO (1) WO2006016553A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013048397A (en) * 2011-02-17 2013-03-07 Panasonic Corp Network connection device and method
JP2013172310A (en) * 2012-02-21 2013-09-02 Oki Electric Ind Co Ltd Wireless access device, wireless terminal, program and wireless communication system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1070577A (en) * 1996-04-09 1998-03-10 Internatl Business Mach Corp <Ibm> Processor connection method and data processing system
JP2001202249A (en) * 2000-01-21 2001-07-27 Sony Corp Information communication system and terminal equipment
JP2003091467A (en) * 2001-07-13 2003-03-28 Internatl Business Mach Corp <Ibm> Computer device, portable information equipment, method for registering network connection, method for selecting network connection, method for setting network, storage medium and program
JP2003323363A (en) * 2002-04-30 2003-11-14 Fujitsu Ltd Environment setting unit, environment setting program and information processor
JP2004038567A (en) * 2002-07-03 2004-02-05 Sharp Corp Information processor, communication terminal, information processing method, communication method, program for realizing these methods, and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003101679A (en) * 2001-09-25 2003-04-04 Sony Corp Portable communication terminal apparatus and computer program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1070577A (en) * 1996-04-09 1998-03-10 Internatl Business Mach Corp <Ibm> Processor connection method and data processing system
JP2001202249A (en) * 2000-01-21 2001-07-27 Sony Corp Information communication system and terminal equipment
JP2003091467A (en) * 2001-07-13 2003-03-28 Internatl Business Mach Corp <Ibm> Computer device, portable information equipment, method for registering network connection, method for selecting network connection, method for setting network, storage medium and program
JP2003323363A (en) * 2002-04-30 2003-11-14 Fujitsu Ltd Environment setting unit, environment setting program and information processor
JP2004038567A (en) * 2002-07-03 2004-02-05 Sharp Corp Information processor, communication terminal, information processing method, communication method, program for realizing these methods, and storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013048397A (en) * 2011-02-17 2013-03-07 Panasonic Corp Network connection device and method
JP2013048399A (en) * 2011-02-17 2013-03-07 Panasonic Corp Network connection device and method therefor
US8904491B2 (en) 2011-02-17 2014-12-02 Panasonic Corporation Network connecting device and method
US9276770B2 (en) 2011-02-17 2016-03-01 Panasonic Intellectual Property Management Co., Ltd. Network connecting device and method
JP2013172310A (en) * 2012-02-21 2013-09-02 Oki Electric Ind Co Ltd Wireless access device, wireless terminal, program and wireless communication system

Also Published As

Publication number Publication date
JPWO2006016553A1 (en) 2008-07-31
JP4872128B2 (en) 2012-02-08

Similar Documents

Publication Publication Date Title
JP3776705B2 (en) COMMUNICATION SYSTEM, MOBILE TERMINAL DEVICE, GATEWAY DEVICE, AND COMMUNICATION CONTROL METHOD
US7640004B2 (en) Wireless LAN system, wireless terminal, wireless base station, communication configuration method for wireless terminal, and program thereof
JP3557056B2 (en) Packet inspection device, mobile computer device, and packet transfer method
JP5507462B2 (en) Authentication method that does not duplicate credentials for multiple users belonging to different organizations
US5944794A (en) User identification data management scheme for networking computer systems using wide area network
JP3695538B2 (en) Network service connection method / program / recording medium / system, access point, wireless user terminal
US6792474B1 (en) Apparatus and methods for allocating addresses in a network
US7861283B2 (en) User position utilization system
JP3419391B2 (en) LAN that allows access to authentication denied terminals under specific conditions
US20090293106A1 (en) Method and apparatus for controlling wireless network access privileges based on wireless client location
JP2002359623A (en) Wireless communication setting method, communication terminal, access point terminal, recording medium and program
JP2004505383A (en) System for distributed network authentication and access control
US20160373933A1 (en) Wireless network having multiple communication allowances
US9270652B2 (en) Wireless communication authentication
CN109937608A (en) Sensing data is acquired from sensor device
JP4888785B2 (en) Authentication system
JP2004062417A (en) Certification server device, server device and gateway device
US20050210288A1 (en) Method and apparatus for eliminating dual authentication for enterprise access via wireless LAN services
WO2004080009A1 (en) Linkage information management system and message transfer control system
JP4872128B2 (en) Connection control system and connection control method using terminal device
JP4646080B2 (en) Authentication system for authenticating a wireless terminal, authentication method thereof, and wireless base station
JP2000341749A (en) Method and system for managing connection of mobile terminal
JP2010074481A (en) Lan system, terminal device, utilization application device, and user account acquiring method
JP2006121728A (en) Communication system, mobile terminal device, gateway device, and communication control method
JP2005108153A (en) Information service system for vehicle

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2006531622

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase