WO2007094059A1 - Méthode d'émission et réception de données - Google Patents

Méthode d'émission et réception de données Download PDF

Info

Publication number
WO2007094059A1
WO2007094059A1 PCT/JP2006/302666 JP2006302666W WO2007094059A1 WO 2007094059 A1 WO2007094059 A1 WO 2007094059A1 JP 2006302666 W JP2006302666 W JP 2006302666W WO 2007094059 A1 WO2007094059 A1 WO 2007094059A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
receiving
data
transmitting
terminal
Prior art date
Application number
PCT/JP2006/302666
Other languages
English (en)
Japanese (ja)
Inventor
Masanobu Shodoji
Hideyuki Nagai
Original Assignee
R & W, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by R & W, Inc. filed Critical R & W, Inc.
Priority to PCT/JP2006/302666 priority Critical patent/WO2007094059A1/fr
Publication of WO2007094059A1 publication Critical patent/WO2007094059A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Definitions

  • the present invention relates to a method, server, and system for transmitting / receiving capsule data between devices.
  • Patent Document 1 discloses a technique that makes it impossible to send and receive encrypted mails other than a predetermined communication path by using a mail guard device that performs data flow control in an encrypted mail system. Yes.
  • communication protocols such as SFTP (Secure File Transfer Protocol) with improved FTP (File Transfer Protocol) security have been developed.
  • Patent Document 1 Japanese Translation of Special Publication 2001-345832
  • the present invention is less susceptible to attacks such as eavesdropping and tampering on the communication path between devices.
  • a second object is to provide a data transmission / reception method that secures security that is resistant to attacks such as copying from Sano that stores data.
  • the management server storing authentication data for authenticating users of the transmitting terminal and the receiving terminal;
  • the management server In response to the management server receiving connection request data to the management server from the transmission side terminal and the reception side terminal, respectively, based on the connection request data and the authentication data, the transmission side terminal and reception Authenticating the user of each side terminal,
  • the management server identifying the transmitting terminal and the receiving terminal used by the authenticated user.
  • the transmitting-side terminal power in response to receiving the capsule data by the tunneling connection, the management server transmits the encapsulated data to the receiving terminal by the tunneling connection;
  • the management server stores authentication data for authenticating each user of the transmission side terminal and the reception side terminal, from the transmission side terminal and the reception side terminal.
  • the user of each of the transmitting terminal and the receiving terminal is authenticated based on the connection request data and the authentication data, and the authenticated user is authenticated.
  • Identifying the transmitting terminal and the receiving terminal to be used, and establishing a tunneling connection for transmitting and receiving capsule data between the identifying transmitting terminal and the receiving terminal In response to receiving the capsule data by the tunneling connection, the transmission side terminal power is connected to the receiving terminal by the tunneling connection.
  • Send cellized data is transmitted.
  • the terminal can transmit encapsulated mail data or the like via a communication path in which security is ensured by, for example, VPN (Virtual Private Network).
  • VPN Virtual Private Network
  • the receiving terminal can receive it directly, so there is a risk of eavesdropping and tampering attacks. There is a possibility of lowering.
  • the management server is unable to obtain a connection by the tunneling with the receiving side terminal or until the transmission of the capsule data to the receiving side terminal is completed. If you lose
  • the management server waits for connection request data from the receiving terminal and notifies that there is a connection request from the transmitting terminal.
  • the method according to (1) further comprising a step of transmitting data to the receiving terminal.
  • the management server cannot obtain a connection by the tunneling with the receiving terminal, or the transmission of capsule data to the receiving terminal is completed.
  • Connection request from the transmitting terminal while waiting for connection request data from the receiving terminal to establish a connection by tunneling with the receiving terminal when the connection is lost Data notifying that there has been is transmitted to the receiving terminal.
  • the receiving terminal is in a state where it can communicate with the management server, the user of the receiving terminal displays with the data notifying that there is a connection request by tunneling of the transmitting terminal power And so on. Then, the transmitting terminal can transmit the mail data after waiting for establishment of a VPN connection or the like with the receiving terminal. Therefore, the user of the transmitting terminal can give an instruction to transmit capsule data such as mail transmission with secured security regardless of the current connection state of the receiving terminal.
  • the management server is unable to obtain a connection by the tunneling with the transmission side terminal, or until the transmission of the capsule data to the reception side terminal is completed. If you lose
  • the management server In response to receiving the connection request data of the receiving terminal, the management server waits for the connection request data from the transmitting terminal and notifies that there is a connection request from the receiving terminal.
  • the management server is not able to obtain a connection by the tunneling with the transmission side terminal, or transmission of capsule data to the reception side terminal is completed. If the connection is lost before the connection, the reception side terminal waits for the connection request data from the transmission side terminal in response to receiving the connection request data of the reception side terminal power. Data notifying that there has been a connection request from is sent to the transmitting terminal.
  • the transmitting terminal if the transmitting terminal is in a state where it can communicate with the management server, the user of the transmitting terminal displays a display with data notifying that there has been a connection request by tunneling of the receiving terminal. And so on. Therefore, even if the tunneling connection is lost before the transmission of the encapsulated data is completed, the transmission side terminal can make the connection in a timely manner, so that the possibility of data transmission failure may be reduced. .
  • the transmission side terminal performs only notification for requesting reception preparation to the reception side terminal via the management server or directly to the reception side terminal, so that the reception side terminal performs the capsule data Wait for preparation for reception, and confirm the connection by the tunneling. Can stand. Therefore, the user of the transmitting terminal may be able to reduce the restraint time until transmission is completed.
  • the management server storing authentication data for authenticating users of the transmitting terminal and the receiving terminal;
  • the management server authenticating the user of the transmission side terminal based on the connection request data and the authentication data in response to receiving the connection request data to the management server from the transmission side terminal; ,
  • the management server identifying the transmitting terminal used by the authenticated user
  • the management server establishing a tunneling connection for receiving the encapsulated data from the identified transmitting terminal
  • the management server receiving and storing the force Pselich data from the transmitting terminal through the tunneling connection;
  • the management server authenticating the user of the receiving terminal based on the connection request data and the authentication data in response to receiving the connection request data to the management server from the receiving terminal; ,
  • the management server identifying the receiving terminal used by the authenticated user
  • the management server establishing a connection by tunneling for transmitting the encapsulated data to the specified receiving terminal;
  • the management server transmitting the stored encapsulated data to the receiving terminal through the tunneling connection;
  • the management server stores authentication data for authenticating each user of the transmission side terminal and the reception side terminal, and from the transmission side terminal to the management server In response to receiving the connection request data, the connection request data and the authentication To authenticate the user of the transmitting terminal based on the data, identify the transmitting terminal used by the authenticated user, and receive the encapsulated data from the identified transmitting terminal In response to establishment of a connection by tunneling, receiving and storing the capsule data from the transmitting terminal through the tunneling connection, and receiving connection request data to the management server from the receiving terminal.
  • the user of the receiving terminal is authenticated, the receiving terminal used by the authenticated user is specified, and the specified receiving terminal is A connection by tunneling for transmitting capsule data is established, and the memory stored in the receiving terminal is connected by the tunneling connection.
  • Serui spoon data To send Serui spoon data.
  • the management server is more secure than a server such as a mailbox placed in the DMZ!
  • the capsule data such as e-mail data can be temporarily stored in the area (area where security that can be connected only by VPN etc. is secured). Therefore, the transmitting terminal that can wait for the connection with the receiving terminal to establish a connection can transmit capsule data such as a secure mail. Further, when the transmission side terminal completes transmission of the encapsulated data to the management server, the connection by the tunneling can be released without waiting for transmission of capsule data from the management server to the reception side terminal.
  • the management server waits for connection request data from the receiving terminal to establish connection with the receiving terminal and establishes a connection request data from the transmitting terminal.
  • the method according to (4) further including a step of transmitting data notifying that there has been transmission to the receiving terminal.
  • the management server waits for connection request data from the receiving side terminal and establishes a connection by tunneling with the receiving side terminal, while the transmitting side terminal Transmits data notifying that encapsulated data has been transmitted to the receiving terminal.
  • the user of the receiving terminal knows that capsule data such as mail has been transmitted in a state in which the receiving terminal can communicate with the management server. There is a possibility that the capsule data can be received while ensuring security in a timely manner. Therefore, since encapsulated data such as mail data is not stored on the management server for an unnecessarily long time, there is a possibility that the encapsulated data may be subjected to an attack such as copying.
  • the management server identifying the transmitting terminal and the receiving server used by the authenticated user.
  • the transmitting-side terminal power in response to receiving the capsule data by the tunneling connection, the management server transmits the capsule data to the receiving server by the tunneling connection;
  • the receiving server power storing the encapsulated data addressed to the receiving user
  • the receiving server transmitting the stored encapsulated data to the receiving terminal in response to a request from the receiving terminal;
  • the management server authenticates each of the transmitting user of the transmitting terminal and the receiving user associated in advance with the receiving server.
  • Authenticate each receiving user identify the transmitting terminal and receiving server used by the authenticated user, and between the identifying transmitting terminal and the receiving server, A connection by tunneling for transmitting / receiving the encapsulated data is established, and in response to receiving the capsule data by the connection by the tunneling from the transmission side terminal, the reception side server performs the tunneling by the tunneling described above.
  • the capsule data is transmitted by connection.
  • the receiving server stores the encapsulated data addressed to the receiving user.
  • the management server transmits the stored encapsulated data to the receiving terminal in response to a request from the receiving terminal.
  • the transmission side terminal can communicate with the reception side server via the management server by tunneling, so that the reception side server does not need to be placed in the DMZ.
  • the receiving server placed in the secured area can receive the capsule data such as mails for a plurality of users associated in advance in a lump. Therefore, a user associated with the receiving server that does not need to make a VPN connection with each of a plurality of users can receive the capsule data in the LAN as needed. There is a possibility of improving the efficiency of sending and receiving capsule data such as mail.
  • the management server storing authentication data for authenticating each of a transmission user associated in advance with the transmission side server and a reception user associated in advance with the reception side server;
  • the management server In response to the management server receiving connection request data to the management server from the transmitting server and the receiving server, respectively, based on the connection request data and the authentication data, the transmitting user and the receiving user Each authentication step, The management server identifying the transmitting server and the receiving server associated with the authenticated user; and
  • the transmitting server receiving and storing the encapsulated data from the transmitting terminal;
  • the management server In response to receiving the capsule data from the transmission side sano through the tunneling connection, the management server transmits the capsule data to the reception side server through the tunneling connection;
  • the receiving server storing the encapsulated data addressed to the receiving user
  • the receiving server transmitting the stored encapsulated data to the receiving terminal in response to a request from the receiving terminal;
  • the management server stores authentication data for authenticating each of the transmitting user associated in advance with the transmitting server and the receiving user previously associated with the receiving server.
  • Each of the transmitting user and the receiving user based on the connection request data and the authentication data in response to receiving the connection request data to the management server from the transmitting server and the receiving server, respectively.
  • the sender server and receiver server associated with the authenticated user, and encapsulated data with the specified sender server and with the receiver server. Establish a tunneling connection to send and receive.
  • the management server in response to the transmission server receiving and storing the encapsulated data from the transmission side terminal and receiving the capsule data from the transmission side sano through the tunneling connection, the management server The capsule data is transmitted by the tunneling connection to the receiving server.
  • the receiving side server stores the encapsulated data addressed to the receiving user, from the receiving side terminal In response to the request, the stored capsule data is transmitted to the receiving terminal.
  • the receiving server can communicate with the transmitting server via the management server by tunneling, so that the transmitting server does not need to be placed in the DMZ. Then, the sending server placed in the area where security is secured can collectively receive capsule data such as e-mails associated with multiple users. Therefore, a user associated with the transmitting server that does not need to make a VPN connection with each of a plurality of users can transmit the capsule data in a LAN in a timely manner. There is a possibility of improving the efficiency of data transmission / reception.
  • the transmission side server specifies a destination management server that manages a destination on the reception side based on data indicating a transmission destination user of the encapsulated data; and A server sending data identifying the receiving server in response to a request from the sending server;
  • the transmission side server specifies a destination management server that manages a reception side destination based on data indicating a transmission destination user of the encapsulated data.
  • the destination management server transmits data specifying the receiving server in response to the request from the transmitting server.
  • the transmission side server can acquire an IP address or the like specifying the reception side server, for example, by designating a transmission destination mail address. Therefore, a user who transmits encapsulated data such as e-mail data may be able to easily specify the other party associated with the connection request.
  • the sender server storing sender authentication data for authenticating a user of the sender terminal
  • the sender server identifying the sender terminal used by the authenticated user; A step of establishing a tunneling connection for transmitting and receiving the encapsulated data to and from the transmitting terminal that has been identified by the transmitting server;
  • the transmitting server stores sender authentication data for authenticating a user of the transmitting terminal, and receives connection request data from the transmitting terminal. Accordingly, based on the connection request data and the sender authentication data, the user of the transmission side terminal is authenticated, the transmission side terminal used by the authenticated user is specified, and the specified transmission side A connection by tunneling for transmitting and receiving the encapsulated data is established with the terminal, and the capsule data is received from the transmitting terminal by the tunneling connection.
  • the transmission side terminal can be connected to the transmission side sano by tunneling that ensures security. Therefore, a user who transmits capsule data such as mail data can transmit the encapsulated data while ensuring security even if it is not in the same LAN as the transmitting server. Therefore, the sending server can be a server managed by a third party such as ISP (Internet Services Provider).
  • ISP Internet Services Provider
  • the receiver server stores receiver authentication data for authenticating a user of the receiver terminal
  • the receiving server identifying the receiving terminal used by the authenticated user; and The receiving server establishing a tunneled connection for transmitting and receiving encapsulated data with the specified receiving terminal;
  • the receiving server stores receiver authentication data for authenticating a user of the receiving terminal, and establishes a connection by tunneling with the receiving terminal. Therefore, while waiting for the connection request data from the receiving terminal, the capsule data is stored, and data notifying is transmitted to the receiving terminal, and the receiving terminal power connection request is transmitted.
  • the user of the receiving terminal is authenticated based on the connection request data and the receiver authentication data, and the receiving terminal used by the authenticated user is specified.
  • the receiving server establishes a tunneling connection for transmitting and receiving the encapsulated data to and from the specified receiving terminal, and stores the memory by the tunneling connection. Transmitting the Kapuserui ⁇ De over data to the receiving terminal.
  • the receiving side terminal can be connected to the receiving side sano by tunneling that ensures security. Therefore, a user who receives capsule data such as mail data can receive the encapsulated data while ensuring security even if it is not in the same LAN as the receiving server. Therefore, the receiving server can be a server managed by a third party such as an ISP.
  • the management server storing authentication data for authenticating users of the transmitting terminal and the receiving terminal;
  • the transmission side terminal and reception side terminal In response to the management server receiving connection request data to the management server from the transmission side terminal and the reception side terminal, respectively, based on the connection request data and the authentication data, the transmission side terminal and reception Authenticate the user of each side terminal And steps
  • the management server identifying the transmitting terminal and the receiving terminal used by the authenticated user.
  • the management server transmitting communication path data for establishing a connection by tunneling for transmitting / receiving the capsule data to / from the transmitting terminal and the receiving terminal that have been identified;
  • the transmitting terminal transmitting the capsule data to the receiving terminal;
  • the management server stores authentication data for authenticating each user of the transmission side terminal and the reception side terminal, and the management server stores the authentication data from the transmission side terminal and the reception side terminal.
  • each of the transmitting terminal and the receiving terminal is authenticated based on the connection request data and the authentication data, and the authenticated user is authenticated.
  • Communication for establishing a connection by tunneling for identifying the transmitting terminal and the receiving terminal used by the mobile station and for transmitting and receiving capsule data to each other to the identified transmitting terminal and receiving terminal Send route data.
  • the transmission side terminal and the reception side terminal establish a connection by the tunneling, and the transmission side terminal transmits the encapsulated data to the reception side terminal. .
  • the receiving side terminal and the transmitting side terminal directly send and receive capsule data such as mail data, it receives unauthorized access such as eavesdropping and tampering more than when the management server relays it. Potential points can be reduced.
  • the management server storing authentication data for authenticating each of the file server and the transmission / reception server; In response to the management server receiving connection request data to the management server from the file server and the transmission / reception server, respectively, based on the connection request data and the authentication data, each of the file server and the transmission / reception server.
  • the management server identifying the authenticated file server and transmission / reception server
  • the management server establishes a tunneling connection for transmitting / receiving the encapsulated data to / from the specified file server and the transmitting / receiving server;
  • the management server transmitting the reception request data to the file server in response to receiving reception request data indicating a request for reception of the encapsulated data from the transmission / reception server;
  • the management server transmitting the capsule data through the tunneling connection to the transmission / reception server in response to receiving the capsule data from the file sano through the tunneling connection;
  • the management server stores authentication data for authenticating the file server and the transmission / reception server, and sends connection request data from the file server and the transmission / reception server to the management server.
  • the file server and the transmission / reception server are respectively authenticated based on the connection request data and the authentication data
  • the authenticated file server and the transmission / reception server are identified, and the identification is performed.
  • the reception request data is transmitted to the file server, and the file is sent.
  • the Lusa over bar by connection by the tunneling Kapuserui spoon data depending on the reception, and transmits the Kapuserui spoon data by connection by the tunneling to the reception server.
  • a user who obtains a file by FTP or transmits it to a server can establish a connection with the file server that manages the file by tunneling that ensures security. Therefore, there is a possibility that the risk of being attacked by eavesdropping or tampering on the communication path can be reduced.
  • the file server can be placed in a safer area than DMZ, etc., there is a possibility that the risk of being attacked such as file copying can be reduced.
  • connection can be disconnected according to the completion of data transmission. Therefore, the connection time can be minimized.
  • the management server transmits the transmission request data to the file server in response to receiving transmission request data indicating a request for transmission of the encapsulated data from the transmission / reception server; ,
  • the management server In response to receiving the capsule data from the transmission / reception server through the tunneling connection, the management server transmits the capsule data to the file server through the tunneling connection;
  • the transmission request data is sent to the file server in response to the management server receiving transmission request data indicating a request for transmission of the encapsulated data from the transmission / reception server.
  • the capsule server transmits the capsule data to the file server through the tunneling connection.
  • the management server storing authentication data for authenticating each of the file server and the transmission / reception server;
  • the management server is connected to the management server from the file server and the transmission / reception server. Authenticating each of the file server and the transmission / reception server based on the connection request data and the authentication data in response to receiving connection request data to
  • the management server identifying the authenticated file server and transmission / reception server
  • the management server transmitting communication path data for establishing connection by tunneling for transmitting / receiving data encapsulated to the specified file server and transmission / reception server;
  • the file server and the transmission / reception server establish a connection by the tunneling
  • the transmission / reception server transmitting reception request data indicating a request for reception of encapsulated data to the file server;
  • the file server In response to receiving the reception request data, the file server transmitting the capsule data to the transmission / reception server through the tunneling connection;
  • the management server stores authentication data for authenticating each of the file server and the transmission / reception server, and receives connection request data from the file server and the transmission / reception server to the management server. Based on the connection request data and the authentication data, the file server and the transmission / reception server are respectively authenticated based on the connection request data and the authentication data, the authenticated file server and the transmission / reception server are identified, and the identification is performed. Communication path data for establishing a connection by tunneling for transmitting / receiving data that is exchanged with each other is transmitted to the file server and the transmission / reception server.
  • the file server and the transmission / reception server establish a connection by the tunneling, and the transmission / reception server receives reception request data indicating a request for reception of encapsulated data.
  • the file server connects to the transmission / reception server by the tunneling connection. Send data.
  • the capsule server is connected to the file server by the tunneling connection. Send data.
  • a server that manages transmission / reception of encapsulated data between a transmission-side terminal and a reception-side terminal connected via a communication line
  • connection request data and the authentication data Based on the connection request data and the authentication data, the respective users of the transmitting terminal and the receiving terminal in response to receiving connection request data to the server from the transmitting terminal and the receiving terminal, respectively.
  • a server comprising [0057] According to the invention of (16), the same effect as in (1) can be expected by operating the server.
  • the receiver receives data notifying that there is a connection request from the transmitting terminal while waiting for connection request data from the receiving terminal.
  • the transmission In response to receiving the connection request data of the receiving terminal, the transmission transmits data notifying that there is a connection request of the receiving terminal, while waiting for the connection request data of the transmitting terminal.
  • Means for identifying the transmitting terminal used by the authenticated user A transmitting terminal terminal having identified the means for establishing a connection by tunneling for receiving the capsule data;
  • a server comprising
  • connection request data In response to the management server receiving connection request data to the management server from the transmission side terminal and the reception side server, respectively, the connection request data and the Means for authenticating each of the sending user and the receiving user based on authentication data;
  • the receiving server power means for storing the encapsulated data addressed to the receiving user
  • a system comprising:
  • (22) A system for transmitting and receiving encapsulated data between a transmission side terminal and a reception side terminal connected to a management server via a communication line via the transmission side server and the reception side server.
  • the transmitting user and the receiving user In response to the management server receiving connection request data to the management server from the transmitting server and the receiving server, respectively, based on the connection request data and the authentication data, the transmitting user and the receiving user A means of authenticating each, and
  • the management server associates with the authenticated user and the sender server and receiver. Means for identifying the trusted server;
  • the management server establishes a tunneling connection for transmitting / receiving encapsulated data to / from the specified transmitting server and the receiving server;
  • a system comprising:
  • (23) means for the destination server to identify a destination management server that manages a destination on the basis of data indicating a destination user of the encapsulated data; and Means for transmitting data identifying the receiving server in response to a request from the transmitting server;
  • (24) means for the sender server to store sender authentication data for authenticating a user of the sender terminal;
  • (25) means for storing receiver authentication data for the receiving server to authenticate a user of the receiving terminal;
  • the means for transmitting the encapsulated data to the receiving terminal by the receiving server transmits the stored capsule data by the tunneling connection (21) to (24) The system described above.
  • the transmission side terminal and reception Means for authenticating the user of each side terminal In response to the management server receiving connection request data to the management server from the transmission side terminal and the reception side terminal, respectively, based on the connection request data and the authentication data, the transmission side terminal and reception Means for authenticating the user of each side terminal,
  • the transmission side terminal and the reception side terminal force means for establishing a connection by the tunneling;
  • a server comprising
  • (28) means for transmitting the transmission request data to the file server in response to receiving transmission request data indicating a request for transmission of the encapsulated data from the transmission / reception server;
  • each of the file server and the transmission / reception server In response to the management server receiving connection request data to the management server from the file server and the transmission / reception server, respectively, based on the connection request data and the authentication data, each of the file server and the transmission / reception server.
  • a means to authenticate
  • the management server specifies the authenticated file server and transmission / reception server. Means to
  • the file server and the transmission / reception server establish a connection by the tunneling
  • a user who transmits and receives data such as e-mail is not susceptible to attacks such as eavesdropping and tampering on the communication path, and further stores such data such as a mailbox and copies from Sano There is a possibility that data can be sent and received with a high level of security.
  • FIG. 1 is an overall conceptual diagram of a computer system 1 according to an example of a preferred embodiment of the present invention.
  • FIG. 2 is a block diagram showing a configuration of a computer according to an example of a preferred embodiment of the present invention. is there.
  • FIG. 3 is a flowchart showing mail transmission / reception processing according to an example of the preferred embodiment of the present invention.
  • FIG. 4 is a diagram showing an authentication data table 60 according to an example of a preferred embodiment of the present invention.
  • FIG. 5 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention.
  • FIG. 6 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention.
  • FIG. 7 is an overall conceptual diagram of a computer system 2 according to another example of the preferred embodiment of the present invention.
  • FIG. 8 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention.
  • FIG. 9 is an overall conceptual diagram of a computer system 3 according to another example of the preferred embodiment of the present invention.
  • FIG. 10 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention.
  • FIG. 11 is an overall conceptual diagram of a computer system 4 according to another example of the preferred embodiment of the present invention.
  • FIG. 12 is an overall conceptual diagram of a computer system 5 according to another example of the preferred embodiment of the present invention.
  • FIG. 1 is an overall conceptual diagram of a computer system 1 according to an example of a preferred embodiment of the present invention.
  • explanation is limited to transmission / reception of mail data.
  • a management server 10 that manages transmission / reception of mail, a transmission-side terminal 20 that transmits the mail, and a reception-side terminal 30 that receives the mail are connected via a communication network 40.
  • the management server 10 and the transmission side terminal 20 establish a VPN tunnel 50 in response to a connection request from the transmission side terminal 20.
  • the management server 10 and the receiving terminal 30 establish a VPN tunnel 51 in response to a connection request from the receiving terminal 30.
  • VPN connection methods can be employed.
  • the power of Internet VPN based on protocols such as IPsec, PPTP, L2TP, etc.
  • similar technologies that can be developed in the future may be adopted in the present invention.
  • the management server 10 in order to prompt establishment of the VPN tunnels 50 and 51, in response to a request from the transmitting side or the receiving side, the management server 10 notifies the connection request to each other terminal. Data can also be sent.
  • FIG. 2 is a block diagram showing the configuration of each computer (management server 10, transmission side terminal 20, and reception side terminal 30) constituting the computer system 1 according to an example of the preferred embodiment of the present invention.
  • Control unit 110 storage unit 120, input unit 130, display unit 140, and communication control unit 150 are connected via bus 160.
  • the control unit 110 is an information processing unit (CPU) that performs information processing and processing, and controls the computer as a whole.
  • the control unit 110 reads and executes various programs stored in the storage unit 120 as appropriate, thereby realizing various functions according to the present invention in cooperation with the hardware described above.
  • the storage unit 120 includes a local memory used for program execution in combination with the control unit 110, a large capacity memory memory, and a cache memory used for efficiently searching the memory memory. Good.
  • the computer-readable medium that implements the storage unit 120 may include an electrical, magnetic, optical, or electromagnetic implementation. More specifically, semiconductor storage devices, magnetic tapes, floppy disks, random “access” memory (RAM), read-only memory (ROM), CD—ROM and CD—RZW and DV D And an optical disc including
  • the input unit 130 accepts input by the user, and may include a keyboard, a pointing device, and the like.
  • the input unit 130 can be connected to the computer directly or via an intervening IZO controller.
  • the display unit 140 displays a screen for accepting data input to the user, or displays a screen of a calculation processing result by the computer, and includes a cathode ray tube display (CRT), a liquid crystal display ( LCD).
  • CTR cathode ray tube display
  • LCD liquid crystal display
  • the communication control unit 150 connects the computer to a dedicated network or public network. It is a network adapter that enables connection to another arithmetic processing system or storage device via the network. Communication controller 150 may include a modem, cable modem, and Ethernet TM adapter.
  • FIG. 3 is a flowchart showing mail transmission / reception processing according to an example of the preferred embodiment of the present invention. This process can be performed in the computer system 1 shown in FIG.
  • step S105 the transmission side terminal 20 accepts an instruction from the user to make a connection by tunneling such as VPN (hereinafter, only limited to VPN connection). Specifically, for example, an input of a user ID, a password, and the like used in sender authentication (step S115) described later is accepted along with the input of a destination mail address.
  • VPN virtual private network
  • step S110 the transmission side terminal 20 transmits connection request data indicating a VPN connection request to the management server 10.
  • the connection request data includes the destination mail address, user ID, password, etc. acquired in step S105.
  • step S115 the management server 10 authenticates the sender based on the connection request data received from the transmission side terminal 20 and the authentication data stored in advance in the storage unit 120.
  • the authentication data as shown in the authentication data table 60 of FIG. 4, the sender address is associated with the ID and password for identifying the sender, and collated with the connection request data. Thus, it is determined whether or not the user is a valid user.
  • the authentication method is not limited to this, and can be realized by other existing technologies.
  • the management server 10 determines that the sender of the connection request data is a valid user, the management server 10 identifies the transmission-side terminal 20 that is the transmission source, and the transmission-side terminal 20 Determine the communication path leading to 10.
  • step S120 the management server 10 establishes a VPN connection with the transmission side terminal 20 that has authenticated and identified the user in step S115. As a result, a VPN tunnel 50 is established between the two, enabling communication with security.
  • step S125 the management server 10 determines whether or not the VPN connection is established with the receiving terminal 30 that is the mail transmission destination. Notification data indicating that there is a connection request is transmitted to the receiving terminal 30. More specifically For example, the management server 10 generates a mail urging the VPN connection with the management server 10 and sends it to the receiving terminal 30. Note that the security for the purpose of the present invention is not necessarily required for the email that prompts the VPN connection.
  • step S 130 the receiving side terminal 30 receives an instruction input for establishing a VPN connection with the management server 10, as in the case of the transmitting side terminal 20 in step S 105.
  • step S 135 the receiving side terminal 30 transmits connection request data indicating a VPN connection request to the management server 10 as in the case of the transmitting side terminal 20 in step S 110.
  • step S140 the management server 10 authenticates the user of the receiving terminal 30 in the same manner as the transmitting terminal 20 in step S115. Further, when it is determined that the user is a valid user, the receiving side terminal 30 that is the transmission source of the connection request data is specified, and a communication path from the receiving side terminal 30 to the management server 10 is determined.
  • step S145 the management server 10 establishes a VPN connection with the sender terminal 20 identified and identified in step S140, as in the case of the sender terminal 20 in step S120.
  • a VPN tunnel 51 is established between the two, and communication with secured security becomes possible.
  • the processing related to the transmitting terminal 20 from step S105 to step S120 and the processing related to the receiving terminal 30 from step S130 to step S145 are not limited to each other in processing order. Absent. That is, when the processing related to the receiving terminal 30 is performed before the processing related to the transmitting terminal 20, the VPN connection between the management server 10 and the receiving terminal 30 is established. The connection request notification in step S 125 is not required.
  • step S150 the management server 10 receives mail data from the transmission side terminal 20.
  • the mail data is encapsulated with the header information added by the sending terminal, which allows VPN communication.
  • the mail data may be encrypted using IPsec or the like, which further suppresses eavesdropping and tampering of the packet and enhances security. it can.
  • step S 155 the management server 10 transmits the mail data to the receiving side terminal 30.
  • FIG. 5 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention. The processing can be performed in the computer system 1 shown in FIG.
  • Step S205 to step S245 are the same as in the mail transmission / reception processing flow A (Fig. 4), and the management server 10 performs VPN connection with the transmission side terminal 20 and the reception side terminal 30.
  • step S250 when the VPN connection between the management server 10 and the transmission side terminal 20 is disconnected when the VPN connection between the management server 10 and the reception side terminal 30 is established (for example, in step S250) Since the management server 10 establishes the VPN connection again, in step S255, the VPN connection with the receiving terminal 30 is established for the sending terminal 20 and the mail is ready to be received. Notification to that effect.
  • the management server 10 In response to accepting the VPN connection instruction data from the sending terminal 20 in step S260, the management server 10 receives the connection request data (step S265) and authenticates the sender (step S270). Then, a VPN connection is established with the sender terminal 20 (step S275). The processing from step S260 to step S275 is the same as the processing from step S205 to step S220.
  • the established connection with the transmitting terminal 20 is disconnected in step S250. However, the connection may not be performed, and the process may wait until the receiving terminal 30 is ready (a VPN connection is established in step S245). In this case, the VPN connection between the management server 10 and the transmission side terminal 20 is not performed in step S215 and step S220.
  • the management server 10 transmits the mail data received from the transmission side terminal 20 to the reception side terminal 30 as in the case of the mail transmission / reception processing flow A in FIG.
  • FIG. 6 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention. The processing can be performed in the computer system 1 shown in FIG.
  • Steps S305 to S325 are the same as in the mail transmission / reception processing flow A (Fig. 4), and the management server 10 establishes a VPN connection with the transmission side terminal 20 to the reception side terminal 30. Send connection request notification.
  • the VPN connection between the management server 10 and the transmission side terminal 20 is established, and therefore the management server 10 receives the mail data from the transmission side terminal 20 in step S330.
  • step S335 the management server 10 temporarily stores the mail data received in step S330 in the mailbox.
  • the mailbox can be placed in the DMZ in a normal mail system.
  • the management server 10 communicates with the VPN through a VPN connection, so it can be placed in a secure LAN. This can reduce the possibility of attacks such as copying of mail data by a malicious third party.
  • step S340 and step S355 the management server 10 establishes a VPN connection with the receiving side terminal 30 (similar to the mail transmission / reception processing flows A (FIG. 4) and B (FIG. 5)). As a result, the receiving terminal 30 is ready to receive mail data.
  • step S360 management server 10 transmits the mail data stored in step S335 to receiving side terminal 30.
  • the mail data that has been sent It is also possible to erase the force of the task.
  • the time for which the mail data is stored in the management server 10 can be minimized, so that the possibility of receiving an attack such as copying of the mail data can be reduced.
  • FIG. 7 is an overall conceptual diagram of a computer system 2 according to another example of the preferred embodiment of the present invention.
  • the transmission side terminal 20 and the reception side terminal 30 are VPN-connected via the management server 10 by establishing the VPN tunnels 50 and 51.
  • the computer system 2 shown in FIG. 7 by establishing the VPN tunnel 52, the transmission side terminal 20 and the reception side terminal 30 are directly connected to each other via the management server 10.
  • the management server 10 transmits data related to the route from the transmission side terminal 20 to the reception side terminal 30.
  • the transmission side terminal 20 and the reception side terminal 30 mutually identify each other and establish a VPN connection.
  • FIG. 8 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention. This processing can be performed in the computer system 2 shown in FIG.
  • step S405 and step S415 the management server 10 receives the connection request data from the transmission side terminal 20, and performs authentication of the sender, identification of the transmission side terminal 20, and determination of the communication path (mail).
  • Transmission / reception process flow A (same as steps S105 to S115 in Fig. 3).
  • the management server 10 does not make a VPN connection with the transmission side terminal 20, but only sends a connection request notification to the reception side terminal 30 (step S420).
  • step S425 and step S435 the management server 10 receives the connection request data from the receiving terminal 30, identifies the receiver, specifies the receiving terminal 30, and determines the communication path (mail). Transmission / reception processing flow A (same as steps S130 to S140 in Fig. 3). Here, the management server 10 does not make a VPN connection with the receiving terminal 30.
  • the management server 10 uses the route data in the communication to identify each other with respect to the transmission side terminal 20 and the reception side terminal 30, respectively. Send.
  • step S450 the transmission side terminal 20 and the reception side terminal 30 perform VPN connection based on the route data received in step S440 and step S445.
  • step S455 the transmission side terminal 20 transmits mail data to the reception side terminal 30 through the VPN connection established in step S450.
  • FIG. 9 is an overall conceptual diagram of a computer system 3 according to another example of the preferred embodiment of the present invention.
  • VPN tunnels 50 and 51 are established on the route from the sending terminal 20 to the receiving server, as in the case of the computer system 1 (Fig. 1).
  • FIG. 10 is a flowchart showing mail transmission / reception processing according to another example of the preferred embodiment of the present invention. This processing can be performed in the computer system 3 shown in FIG.
  • step S505 step S520 is the same as the mail transmission / reception processing flow A (FIG. 4), and the management server 10 establishes a VPN connection with the transmission side terminal 20.
  • step S535 the receiving server 35 establishes a VPN connection with the management server 10. Specifically, for example, the receiving server 35 periodically inquires the management server 10 and, when there is a connection request from the transmitting terminal 20, the VPN connection is made. The connection request data is transmitted to the management server 10 to be performed (step S525).
  • the management server 10 In response to receiving the connection request data from the receiving server 35, the management server 10 is a user associated with the receiving server 35 (for example, one ID associated with the mail addresses of multiple users). And the receiving server 35 is specified (step S530).
  • step S535 the management server 10 establishes a VPN connection with the receiving server 35 identified in step S530. Thereby, the security of the path from the transmission side terminal 20 to the reception side server 35 is ensured.
  • the management server 10 transmits the mail data to the receiving server 35 in response to receiving the mail data from the transmitting terminal 20.
  • step S550 the receiving server 35 stores the mail data received in step S545.
  • the mail bot that stores mail data is placed in the DMZ. In the case of this embodiment, it can be accessed via a VPN connection, so the security to which the receiving terminals 30a and 30b belong is ensured. Can be placed in a LAN. This makes it less susceptible to attacks such as copying mail data from a mailbox.
  • the receiving server 35 may periodically attempt to connect to the management server 10 as described above, but the procedure to reach the VPN connection is not limited to this.
  • the management server 10 that has made a VPN connection with the transmission-side terminal 20 may transmit connection request data to the reception-side server 35.
  • the receiving server 35 authenticates the management server 10, and the receiving server 35 stores authentication data for authenticating the management server 10.
  • the same configuration as that of the reception side server 35 shown in Fig. 9 is also introduced to the transmission side, and mail data once received from a plurality of transmission side terminals 20 in the LAN is transmitted at a predetermined timing.
  • a server may be operated.
  • the actual VPN connection is made between the servers installed in the LAN on the sending and receiving sides.
  • the overhead for establishing a VPN connection can be improved by tuning the timing of communication. May be able to balance the efficiency of sending and receiving e-mail with safety and immediacy.
  • FIG. 11 is an overall conceptual diagram of a computer system 4 according to another example of the preferred embodiment of the present invention.
  • the transmitting server 25 receives and stores mail data from the transmitting terminals 20a and 20b.
  • the management server 10 establishes a VPN tunnel 50 with the transmission server 25 and a VPN tunnel 51 with the reception server 35 in the same manner as the computer system 3 (FIG. 9).
  • the receiving server 35 stores the mail data transmitted by the VPN tunnels 50 and 51.
  • the receiving terminals 30a and 30b used by the mail receiving user acquire the mail data stored in the receiving server 35 within the LAN. Since the receiving server 35 and the receiving terminals 30a and 30b are connected by the VPN tunnel 54, mail data can be obtained from outside the LAN.
  • the receiving server can also be a server managed by a third party such as an ISP.
  • the receiving server 35 plays the role of the management server 10 in the VPN tunnel 51. That is, the receiving server 35 authenticates the users of the receiving terminals 30a and 30b in response to receiving the connection request data of the receiving terminals 30a and 30b, identifies the receiving terminals 30a and 30b, and identifies the VPN tunnel. Establish 54.
  • receiving side server 35 collectively stores the mails of a plurality of users while ensuring security, and receives the mails to the users of receiving side terminals 30a and 30b as necessary. Notify As a result, the users of the receiving side terminals 30a and 30b can receive the mail data by establishing the timely receiving side server 35 and the secure VPN tunnel 54. Note that mail data received by the receiving terminals 30a and 30b can be deleted from the receiving server 35.
  • the transmission side server 25 and the transmission side terminals 20a and 20b are connected by the VPN tunnel 53.
  • the user who sends the mail can also send the mail data to the sending server 25 even by an external LAN force.
  • the sending server 25 is the same as the receiving server 35. It can also be a server managed by a third party such as P.
  • the transmitting server 25 authenticates the user of the transmitting terminals 20a and 20b in response to receiving the connection request data from the transmitting terminals 20a and 20b, and sets the transmitting terminals 20a and 20b. Specifically, a VPN tunnel 53 is established. Then, the transmission server 25 collectively stores the mail data of a plurality of users while ensuring security.
  • mail data that has been sent to the receiving server 35 may be deleted from the sending server 25.
  • data for notifying that transmission has been completed may be transmitted to the transmitting side terminals 20a and 20b. This allows the user to confirm that the email has been sent safely.
  • a VPN tunnel that connects the sending server 25 and the receiving server 35 in the same manner as the computer system 2 (Fig. 7) that can send and receive mail data by using the VPN tunnels 50 and 51. 52 may be established.
  • the sender and receiver of the mail establish the tunneling of VPN or the like in the communication path, and send and receive the mail data that secures security that is not easily attacked by eavesdropping or tampering. Can do. Further, according to the encryption of the mail data, security can be further improved.
  • mail data can be copied from the mail box by not placing a mailbox for storing mail data, or by placing a temporary storage mailbox in an area such as a LAN that is safer than the DMZ. It can send and receive mail data with security that is difficult to attack.
  • FIG. 12 is an overall conceptual diagram of a computer system 5 according to another example of the preferred embodiment of the present invention.
  • the file server 70 stores various files used by the transmission / reception server 80.
  • the sending / receiving server 80 is a file placed in the DMZ.
  • GET a file is received from the server 70! /
  • PUT a file is sent to the file server 70 (PUT).
  • the above-described file transmission / reception is performed via the VPN tunnels 55 and 56.
  • the management server 10 authenticates the file server 70 and the transmission / reception server 80 by receiving connection request data from the file server 70 and the transmission / reception server 80.
  • the file server 70 and the transmission / reception server 80 are specified, and a VPN connection is established with each of them. Since the VPN tunnels 55 and 56 are thus established, the file server 70 and the transmission / reception server 80 are connected through the management server 10 through a secure connection.
  • the file server 70 can synchronize with the connection request data from the transmission / reception server 80 by periodically transmitting connection request data to the management server 10, for example.
  • the transmission / reception server 80 transmits transmission / reception request data indicating a file transmission or reception request to the file server 70.
  • the transmission / reception request data may be transmitted via the management servo 10.
  • the transmission / reception server transmits the target file to the management server 10, and the management server 10 responds to the file server 70 in response to the reception of the file. Send the file.
  • the file server 70 transmits the target file to the management server 10, and the management server 10 sends the file to the transmission / reception server 80 in response to the reception of the file. Send.
  • connection path may be configured such that the file server 70 and the transmission / reception server 80 are directly connected to the VPN in accordance with the computer system 2 (FIG. 7).
  • the file server 70 since the file server 70 is VPN-connected, the file server 70 that is usually placed in the DMZ can be placed in an area where there is less risk of file copying or the like (such as a corporate LAN). [0175] Note that the management server 10 disconnects the VPN tunnels 55 and 56 in response to the completion of the file transmission / reception, thereby completing the file transfer with the minimum required connection time. be able to.
  • the management server 10 can automatically resume transmission / reception of a file interrupted due to a line failure or the like according to line restoration by monitoring the connection state between the file server 70 and the transmission / reception server 80.
  • file transmission / reception is automatically performed by a night notch or the like, and for the user, there is a possibility that the certainty of file transmission / reception can be improved while ensuring security.

Abstract

L'invention concerne une méthode d'émission et réception de données sécurisées de façon à rendre très difficile les attaques par écoute, falsification, etc., des chemins de communication entre dispositifs et une copie, etc., vers un serveur de stockage de données. Un serveur de gestion (10) gérant l'émission et la réception de données encapsulées et un dispositif terminal (30) pour les recevoir côté réception sont connectés ensemble par un réseau de communication. Le serveur de gestion (10) et un dispositif terminal (20) en un côté émission établissent un tunnel VPN (50) lors d'une requête de connexion du dispositif terminal (20) en un côté émission. De même, le serveur de gestion (10) et le dispositif terminal (30) en un côté réception établissent un tunnel VPN (51) lors d'une requête de connexion du dispositif terminal (30) en un côté réception. Ainsi, lorsque le tunnel VPN est établi du dispositif terminal (20) du côté émission vers le dispositif terminal (30) du côté réception par le serveur de gestion (10), l'émission et la réception des données encapsulées sont réalisées.
PCT/JP2006/302666 2006-02-15 2006-02-15 Méthode d'émission et réception de données WO2007094059A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/302666 WO2007094059A1 (fr) 2006-02-15 2006-02-15 Méthode d'émission et réception de données

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2006/302666 WO2007094059A1 (fr) 2006-02-15 2006-02-15 Méthode d'émission et réception de données

Publications (1)

Publication Number Publication Date
WO2007094059A1 true WO2007094059A1 (fr) 2007-08-23

Family

ID=38371253

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/302666 WO2007094059A1 (fr) 2006-02-15 2006-02-15 Méthode d'émission et réception de données

Country Status (1)

Country Link
WO (1) WO2007094059A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010251951A (ja) * 2009-04-14 2010-11-04 Nippon Telegr & Teleph Corp <Ntt> Vpn接続制御装置、システム、方法、認証サーバ、およびvpnクライアント、ならびにプログラム
JP2012054909A (ja) * 2011-07-14 2012-03-15 Springsoft Inc 静的nat形成装置、リバースプロキシサーバ及び仮想接続制御装置
JP2016029467A (ja) * 2014-07-14 2016-03-03 ゼネラル・エレクトリック・カンパニイ サイバー保護が為された空隙の遠隔モニタリングおよび診断インフラストラクチャ
CN115208758A (zh) * 2022-06-14 2022-10-18 福建新大陆通信科技股份有限公司 一种应急广播设备批量管理方法

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003069493A1 (fr) * 2002-01-18 2003-08-21 Telcordia Technologies, Inc. Etablissement de connexions a travers des pare-feu et des traducteurs d'adresses de reseaux
JP2004140482A (ja) * 2002-10-16 2004-05-13 Fujitsu Ltd 暗号通信を行うノード装置、暗号通信システムおよび方法
JP2004153366A (ja) * 2002-10-29 2004-05-27 Crc Solutions Corp 仮想プライベートネットワーク(vpn)システム及び中継ノード
JP2005286971A (ja) * 2004-03-31 2005-10-13 Hitachi Communication Technologies Ltd ゲートウェイ装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003069493A1 (fr) * 2002-01-18 2003-08-21 Telcordia Technologies, Inc. Etablissement de connexions a travers des pare-feu et des traducteurs d'adresses de reseaux
JP2004140482A (ja) * 2002-10-16 2004-05-13 Fujitsu Ltd 暗号通信を行うノード装置、暗号通信システムおよび方法
JP2004153366A (ja) * 2002-10-29 2004-05-27 Crc Solutions Corp 仮想プライベートネットワーク(vpn)システム及び中継ノード
JP2005286971A (ja) * 2004-03-31 2005-10-13 Hitachi Communication Technologies Ltd ゲートウェイ装置

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2010251951A (ja) * 2009-04-14 2010-11-04 Nippon Telegr & Teleph Corp <Ntt> Vpn接続制御装置、システム、方法、認証サーバ、およびvpnクライアント、ならびにプログラム
JP2012054909A (ja) * 2011-07-14 2012-03-15 Springsoft Inc 静的nat形成装置、リバースプロキシサーバ及び仮想接続制御装置
JP2016029467A (ja) * 2014-07-14 2016-03-03 ゼネラル・エレクトリック・カンパニイ サイバー保護が為された空隙の遠隔モニタリングおよび診断インフラストラクチャ
CN115208758A (zh) * 2022-06-14 2022-10-18 福建新大陆通信科技股份有限公司 一种应急广播设备批量管理方法
CN115208758B (zh) * 2022-06-14 2023-05-30 福建新大陆通信科技股份有限公司 一种应急广播设备批量管理方法

Similar Documents

Publication Publication Date Title
US8019868B2 (en) Method and systems for routing packets from an endpoint to a gateway
US6832321B1 (en) Public network access server having a user-configurable firewall
CN107438074A (zh) 一种DDoS攻击的防护方法及装置
WO2007094059A1 (fr) Méthode d&#39;émission et réception de données
CN103731410A (zh) 虚拟网络构建系统、方法、小型终端及认证服务器
JP2008276457A (ja) ネットワーク保護プログラム、ネットワーク保護装置およびネットワーク保護方法
JP2005122695A (ja) 認証方法、サーバ計算機、クライアント計算機、および、プログラム
JP2006277752A (ja) コンピュータ遠隔管理方法
JP3935823B2 (ja) Httpセッション・トンネリング・システム、その方法、及びそのプログラム
CN116155649A (zh) 基于二层隧道协议的工业互联网络的构建方法
JP3810998B2 (ja) コンピュータ遠隔管理方法
WO2011160390A1 (fr) Procédé et système de gestion d&#39;équipement réseau d&#39;agent
JP2011166312A (ja) 仮想プライベートネットワークシステム、通信方法及びコンピュータプログラム
CN115549900A (zh) 一种量子安全数据发送、接收方法及通信系统
JP2011019125A (ja) 通信制御装置、通信制御方法および通信制御プログラム
JP2008199498A (ja) ゲートウェイ装置およびセッション管理方法
JPH11243394A (ja) Ip−atmハイブリッド通信装置および通信網
JP2007086894A (ja) データ中継方法及びデータ中継システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06713807

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP