WO2019038802A1 - Network communications system - Google Patents

Abstract

The present invention reduces the connection mediation processing load, and performs communications with no trouble even if there is a problem with direct communication between terminals. The NAT type of routers to be used by each terminal (203A, 203B) is confirmed in advance, and stored in an address table (T60) of a connection mediation device (103). If a connection mediation request (S2) is transmitted from a communication origin (203A) to a communication mediation device (103) in order to start communication from the communication origin (203A) to a communication destination (203B), the communication destination address (AD2) and a communication method indicating normal communication or bypass communication are returned (S4a) in response thereto. If the NAT type of the communication destination (203B) is an asymmetrical type, normal communication is indicated, and direct communication (S7) is carried out between the terminals. If the NAT type of the communication destination (203B) is a symmetrical type, bypass communication is indicated and a bypass communication processing unit (273A, 273B) of each terminal carries out indirect communication (S8a, S8b) through a bypass communication relay unit (143).

Description

Network communication system

The present invention relates to a network communication system for performing communication between terminals via a network.

Today, various terminal devices such as personal computers and smartphones are being connected to the Internet, and communication between terminals via a network is also widely spread. However, when performing communication between terminals using a public network such as the Internet, it is necessary to take some measures to ensure security. Further, in the case of the mobile terminal, since the location on the network changes with time, it is necessary to recognize the current location address of the terminal to be the communication destination by some method.

From such a point of view, in the conventional general network communication system, a relay device that plays the role of taking over communication between the terminal devices is provided. For example, in Patent Document 1 below, a secure first communication channel is secured between the first terminal device and the relay device, and a secure second communication channel is secured between the second terminal device and the relay device. A network communication system is disclosed that secures a communication channel and communicates between both terminal devices via a relay device. However, in a system using such a relay device, all communication data between both terminals passes through the relay device, which causes a problem that the processing load on the relay device is large.

Therefore, recently, using a protocol called SIP (Session Initiation Protocol), a connection mediating device provided on the network performs establishment of a communication session between both terminals, and after establishing a communication session, A method of performing direct communication between both terminals has been proposed. For example, Patent Documents 2 and 3 listed below disclose a network communication system that implements VPN communication between terminals using this SIP. The connection mediation device in this system does not have to relay all of the communication data, and it only needs to assist in establishing a communication session between the two terminals, so the processing load is significantly higher than that of the conventional relay device. It is reduced.

JP, 2005-229436, A JP, 2010-233167, A JP, 2013-038684, A

As described above, the connection mediating apparatus used in the network communication system disclosed in Patent Documents 2 and 3 performs connection mediating processing between both terminals using SIP. Since this connection mediation process is a temporary process until a communication session is established between both terminals, the processing load is reduced compared to the conventional relay process disclosed in Patent Document 1 It will be. However, since it is necessary to be involved until a communication session is established between the two terminals, the processing load can not be ignored if there are requests for mediation from a large number of terminals simultaneously. For this reason, when the concentration of mediation requests is concentrated, there is a risk that the processing capacity of the system may be exceeded even for the temporary mediation processing up to the establishment of the communication session.

Also, in recent years, in order to ensure security, measures may be taken to set various restrictions on communication between terminals. For example, in the case of a terminal device connected to the Internet via a router, an address translation called NAT (Network Address Translation) is performed in the router. There are several types of this NAT, for example, a type of NAT called “Symmetric NAT” (symmetrical NAT) or “Port restricted cone NAT” (in the present application, referred to as “conversated NAT” for convenience) is adopted. In this case, the restriction is imposed that only the external host that has received a packet from the internal host in the past can send back the packet.

Alternatively, in the case of a system on which it is premised that UDP (User Datagram Protocol) is adopted as a protocol of the transport layer of inter-terminal communication to perform direct communication between the terminals, a firewall that blocks UDP packets between the terminals If this exists, packet communication between the two terminals is hindered. Therefore, in practice, even if direct communication between terminals is provided with some restriction due to various factors as described above, it is possible to take measures to enable communication between the two terminals without any problem. It is necessary to take it.

Therefore, the present invention can further reduce the processing load when mediating the connection between a pair of terminal devices, and also disturb the communication between both terminals even if there is a problem in direct communication between the terminal devices. It is an object of the present invention to provide a network communication system that can be performed without the need to

(1) According to a first aspect of the present invention, there is provided a network communication system comprising a plurality of terminal devices mutually connectable via a network, and a connection mediation device which mediates connection between the plurality of terminal devices. ,
A terminal ID for mutually identifying each of the plurality of terminal devices is assigned to each of the plurality of terminal devices, and the connection mediation device is a terminal serving as a communication source terminal and a communication destination using the terminal ID. Execute processing to mediate the connection with the device,
Each of the plurality of terminal devices is
A self address notifying unit for notifying the connection mediating device of a location address indicating a location on the own network;
A communication request accepting unit that accepts a communication request to another terminal apparatus at the communication destination with the self as a communication source;
Connection mediation for transmitting a connection mediation request including communication destination specifying information for specifying the terminal ID of another terminal device of the communication destination to the connection mediation device when the communication request receiving unit receives the communication request Requesting department,
In response to the connection mediation request, when the connection mediation device returns a communication destination address indicating the location of another terminal device of the communication destination on the network, the communication destination address is accessed via the network. A communication start request unit that makes a communication start request;
A communication source session for establishing a communication session with another terminal apparatus at the communication destination and starting communication when a communication start acceptance confirmation is returned from another terminal apparatus at the communication destination in response to the communication start request The establishment unit,
When another terminal device of the communication source makes a communication start request for the communication destination, the communication start acceptance confirmation is transmitted to the other terminal device of the communication source, and between the other terminal device of the communication source A communication destination session establishing unit that establishes a communication session and starts communication
When the communication session is established between the communication source session establishing unit and the communication destination session establishing unit and the normal communication for transmitting and receiving information directly to the other party fails, or when a failure is expected, A detour communication processing unit that executes detour communication that indirectly transmits and receives information to the other party via
Have
The connection intermediary device is
An address table storage unit for storing an address table in which a terminal ID is associated with a location address for each of the terminal devices;
An address table updating unit that updates the contents of the address table based on a notification from a self address notification unit of the terminal device;
When a connection mediation request is transmitted from the connection mediation request unit of the terminal device, the address mediation request is referred to, and the terminal ID specified by the communication destination specifying information included in the connection mediation request is correlated with A communication destination address reply unit that returns a location address as a communication destination address;
When a relay request for bypass communication is made between the bypass communication processing unit of the first terminal device and the bypass communication processing unit of the second terminal device, the bypass communication processing unit of the first terminal device and the second bypass communication processing unit A detour communication relay unit that takes information to be exchanged with the detour communication processing unit of the terminal device and relays the detour communication;
It is intended to have

(2) According to a second aspect of the present invention, in the network communication system according to the first aspect described above,
After the communication start request unit makes a communication start request, if the communication start acceptance confirmation according to the request is not sent back within the predetermined time-out setting time, the bypass communication processing unit sends a request to the bypass communication relay unit. The relay request for the detour communication is made, and the detour communication with the detour communication processing unit of the other party is executed via the detour communication relay unit.

(3) A third aspect of the present invention is the network communication system according to the first aspect described above,
When an acknowledgment is not obtained in response to the communication start request made by the communication start request unit, the detour communication processing unit makes a relay request for detour communication to the detour communication relay unit, and via the detour communication relay unit The detour communication is performed with the detour communication processing unit of the other party.

(4) A fourth aspect of the present invention relates to the network communication system according to the first aspect described above,
Each of the plurality of terminal devices further includes a NAT type confirmation unit that inquires its own NAT type to the NAT type discrimination device via the network, and obtains a response from the NAT type discrimination device.
When the self address notifying unit notifies the connection mediating apparatus of its own location address, the self address notifying unit also notifies of the answer obtained by the NAT type confirmation unit.
In addition to the terminal ID and the location address, the address table storage unit in the connection mediation device further has a function of storing an address table in which the NAT type is associated,
The address table updating unit in the connection mediation device has a function of updating the NAT type in the address table based on the answer included in the notification from the self address notifying unit.
When the communication destination address return unit in the connection mediation device receives the transmission of the connection mediation request, the NAT type of the terminal device of the communication destination is referred to from the outside with reference to the address table. For the packets that have been sent, it is confirmed whether or not the address conversion is “Analog-type NAT,” which performs address conversion under the restriction that only packets from an external host that has received a packet from the terminal device of the communication destination are passed. If the terminal type of the communication destination is not NAT type, select normal communication as the communication method, and if the terminal type of the communication destination is NAT type, communication is selected. As a method, it has a function of selecting a bypass communication and returning the selected communication method together with the communication destination address,
The communication start request unit accesses the communication destination address through the network when the normal communication is selected as the communication method when the communication method is returned together with the communication destination address from the connection mediation device. When the communication start request is made and the bypass communication is selected as the communication method, the bypass communication instruction is issued to the bypass communication processing unit.

(5) According to a fifth aspect of the present invention, in the network communication system according to the fourth aspect described above,
When the self address notifying unit notifies the connection mediating apparatus of its own location address, the self address notifying unit issues a NAT type confirmation instruction to the NAT type confirmation unit;
When the NAT type confirmation unit receives a NAT type confirmation instruction, the NAT type confirmation unit inquires the NAT type discrimination device of its own NAT type, and reports the obtained answer to the self address notification unit,
The self address notifying unit notifies the connection mediating apparatus of the answer based on the report.

(6) A sixth aspect of the present invention is the network communication system according to the first aspect described above,
When the self address notifying unit notifies the connection mediating apparatus of its own location address, first, the first notification is performed using UDP as a communication protocol, and the first notification fails. Subsequently, a second notification using TCP as a communication protocol is performed,
In addition to the terminal ID and the location address, the address table storage unit in the connection mediation device further has a function of storing an address table in which communication protocols are associated,
When updating is performed based on the first notification when the address table update unit in the connection mediation device performs update, UDP is associated as a communication protocol, and update is performed based on the second notification. Associates TCP as a communication protocol,
When the connection mediation request is transmitted, the communication destination address replying unit in the connection mediation device refers to the address table to confirm the communication protocols of the terminal device of the communication source and the terminal device of the communication destination, and both terminals When all communication protocols of the device are UDP, normal communication is selected as the communication method, and when at least one of the communication protocols is TCP, alternative communication is selected as the communication method and the selected communication Has a function to return the method along with the communication destination address,
The communication start request unit uses the communication protocol UDP for the communication destination address when the normal communication is selected as the communication method when the communication method is sent back from the connection mediation device together with the communication destination address. If a communication start request is made by access and bypass communication is selected as the communication method, issue a bypass communication instruction to the bypass communication processing unit,
When normal communication is selected as the communication method, normal communication using the communication protocol UDP is executed between the communication source session establishing unit and the communication destination session establishing unit, and bypass communication is selected as the communication method. In this case, the detour communication via the connection mediation device is executed between the detour communication processing unit at the communication source and the detour communication processing unit at the communication destination using the communication protocol TCP. .

(7) A seventh aspect of the present invention is a network communication system comprising: a plurality of terminal devices mutually connectable via a network; and a connection mediation device that mediates connection between the plurality of terminal devices. ,
A terminal ID for mutually identifying each of the plurality of terminal devices is assigned to each of the plurality of terminal devices, and the connection mediation device is a terminal serving as a communication source terminal and a communication destination using the terminal ID. Execute processing to mediate the connection with the device,
Each of the plurality of terminal devices is
A self address notifying unit for notifying the connection mediating device of a location address indicating a location on the own network;
A communication request accepting unit that accepts a communication request to another terminal apparatus at the communication destination with the self as a communication source;
Connection mediation for transmitting a connection mediation request including communication destination specifying information for specifying the terminal ID of another terminal device of the communication destination to the connection mediation device when the communication request receiving unit receives the communication request Requesting department,
When a communication source address indicating the location on the network of another terminal device of the communication source is transmitted from the connection mediation device, the communication start address is accessed via the network to start communication. Request section,
A communication destination session in which a communication session is established with another terminal apparatus of the communication source and communication is started when a communication start acceptance confirmation is returned from another terminal apparatus of the communication source in response to the communication start request. The establishment unit,
When another terminal apparatus at the communication destination makes a communication start request with the communication source as the communication source, the communication start acceptance confirmation is transmitted to the other terminal apparatus at the communication destination, and between the other terminal apparatus at the communication destination A communication source session establishing unit that establishes a communication session and starts communication
When the communication session is established between the communication source session establishing unit and the communication destination session establishing unit and the normal communication for transmitting and receiving information directly to the other party fails, or when a failure is expected, A detour communication processing unit that executes detour communication that indirectly transmits and receives information to the other party via
Have
The connection intermediary device is
An address table storage unit for storing an address table in which a terminal ID is associated with a location address for each of the terminal devices;
An address table updating unit that updates the contents of the address table based on a notification from a self address notification unit of the terminal device;
When a connection mediation request is transmitted from the connection mediation request unit of the terminal device, the address mediation request is referred to, and the terminal ID specified by the communication destination specifying information included in the connection mediation request is correlated with A communication source address transmission unit that transmits, as a communication source address, the location address associated with the terminal ID of the terminal apparatus of the communication source that has transmitted the connection mediation request to the existing address;
When a relay request for bypass communication is made between the bypass communication processing unit of the first terminal device and the bypass communication processing unit of the second terminal device, the bypass communication processing unit of the first terminal device and the second bypass communication processing unit A detour communication relay unit that takes information to be exchanged with the detour communication processing unit of the terminal device and relays the detour communication;
It is intended to have

(8) According to an eighth aspect of the present invention, in the network communication system according to the seventh aspect described above,
After the communication start request unit makes a communication start request, if the communication start acceptance confirmation according to the request is not sent back within the predetermined time-out setting time, the bypass communication processing unit sends a request to the bypass communication relay unit. The relay request for the detour communication is made, and the detour communication with the detour communication processing unit of the other party is executed via the detour communication relay unit.

(9) A ninth aspect of the present invention is the network communication system according to the seventh aspect described above,
When an acknowledgment is not obtained in response to the communication start request made by the communication start request unit, the detour communication processing unit makes a relay request for detour communication to the detour communication relay unit, and via the detour communication relay unit The detour communication is performed with the detour communication processing unit of the other party.

(10) A tenth aspect of the present invention is the network communication system according to the seventh aspect described above,
Each of the plurality of terminal devices further includes a NAT type confirmation unit that inquires its own NAT type to the NAT type discrimination device via the network, and obtains a response from the NAT type discrimination device.
When the self address notifying unit notifies the connection mediating apparatus of its own location address, the self address notifying unit also notifies of the answer obtained by the NAT type confirmation unit.
In addition to the terminal ID and the location address, the address table storage unit in the connection mediation device further has a function of storing an address table in which the NAT type is associated,
The address table updating unit in the connection mediation device has a function of updating the NAT type in the address table based on the answer included in the notification from the self address notifying unit.
When the communication source address transmission unit in the connection mediation device receives the transmission of the connection mediation request, the NAT type of the terminal device of the communication source is referred to from the outside with reference to the address table. For the packets that have been sent, it is confirmed whether or not the address conversion is “Analog-type NAT” that performs address conversion under the restriction that only packets from an external host that has received a packet from the terminal device of the communication source are passed. If the terminal type of the communication source is not NAT type, select normal communication as the communication method, and if the terminal type of the communication source is NAT type, communication is selected. As a method, it has a function of selecting a bypass communication and returning the selected communication method together with the communication destination address,
The communication start request unit accesses the communication source address through the network when the normal communication is selected as the communication method when the communication method is returned together with the communication source address from the connection mediation device. When the communication start request is made and the bypass communication is selected as the communication method, the bypass communication instruction is issued to the bypass communication processing unit.

(11) According to an eleventh aspect of the present invention, in the network communication system according to the tenth aspect described above,
When the self address notifying unit notifies the connection mediating apparatus of its own location address, the self address notifying unit issues a NAT type confirmation instruction to the NAT type confirmation unit;
When the NAT type confirmation unit receives a NAT type confirmation instruction, the NAT type confirmation unit inquires the NAT type discrimination device of its own NAT type, and reports the obtained answer to the self address notification unit,
The self address notifying unit notifies the connection mediating apparatus of the answer based on the report.

(12) A twelfth aspect of the present invention is the network communication system according to the seventh aspect described above,
When the self address notifying unit notifies the connection mediating apparatus of its own location address, first, the first notification is performed using UDP as a communication protocol, and the first notification fails. Subsequently, a second notification using TCP as a communication protocol is performed,
In addition to the terminal ID and the location address, the address table storage unit in the connection mediation device further has a function of storing an address table in which communication protocols are associated,
When updating is performed based on the first notification when the address table update unit in the connection mediation device performs update, UDP is associated as a communication protocol, and update is performed based on the second notification. Associates TCP as a communication protocol,
When the connection mediation request is sent, the communication source address transmission unit in the connection mediation device refers to the address table to confirm the communication protocols of the terminal device of the communication source and the terminal device of the communication destination, and both terminals When all communication protocols of the device are UDP, normal communication is selected as the communication method, and when at least one of the communication protocols is TCP, alternative communication is selected as the communication method and the selected communication Has a function to return the method along with the communication destination address,
The communication start request unit uses the communication protocol UDP for the communication source address when the normal communication is selected as the communication method when the communication method is returned from the connection mediation device together with the communication source address. If a communication start request is made by access and bypass communication is selected as the communication method, issue a bypass communication instruction to the bypass communication processing unit,
When normal communication is selected as the communication method, normal communication using the communication protocol UDP is executed between the communication destination session establishing unit and the communication source session establishing unit, and bypass communication is selected as the communication method. In this case, the detour communication via the connection mediation device is executed between the detour communication processing unit at the communication destination and the detour communication processing unit at the communication source using the communication protocol TCP. .

(13) A thirteenth aspect of the present invention is the network communication system according to the fourth, fifth, tenth, or eleventh aspect described above,
When the NAT type confirmation unit of the terminal device makes an inquiry about the NAT type via the network, the NAT type of the terminal device of the inquiry source is determined using the communication related to the inquiry, and the determined NAT type is made inquiry A NAT type discrimination device for performing processing for replying to the NAT type confirmation unit of the original terminal device is further provided.

(14) According to a fourteenth aspect of the present invention, in the network communication system according to the thirteenth aspect described above,
A STUN server is used as a NAT type discrimination device.

(15) A fifteenth aspect of the present invention relates to one terminal device constituting a plurality of terminal devices in the network communication system according to the first to twelfth aspects described above.

(16) A sixteenth aspect of the present invention is one terminal device according to the fifteenth aspect described above configured by incorporating a program into a computer.

(17) A seventeenth aspect of the present invention relates to the connection mediating apparatus in the network communication system according to the first to twelfth aspects described above.

(18) An eighteenth aspect of the present invention is the connection mediation device according to the seventeenth aspect described above configured by incorporating a program into a computer.

According to the network communication system of the present invention, the connection mediating apparatus does not have to be involved in the final stage of establishing a communication session between both terminals, and transmits the communication destination address to the terminal apparatus of the communication source (No. In the case of the embodiment 1) or the step of transmitting the communication source address to the terminal apparatus of the communication destination (in the case of the second embodiment), it is sufficient. Therefore, compared with a conventional system that performs connection mediation processing between both terminals using SIP, it is possible to further reduce the processing load when mediating the connection between a pair of terminal devices.

Further, in the network communication system of the present invention, there are two communication methods as a communication method: normal communication for direct communication between terminal devices and bypass communication for indirect communication via a connection mediation device. Even when there is a problem with direct communication between the terminal devices, it is possible to perform communication between the two without any trouble by using the bypass communication.

FIG. 1 is a block diagram showing an entire configuration of a network communication system according to a first embodiment of the prior invention basic invention. It is a block diagram which shows the detailed structure of the terminal device of the network communication system shown in FIG. It is a block diagram which shows the function of the self-address notification part 250 in the terminal device shown in FIG. FIG. 7 is a block diagram showing a procedure of establishing a communication session between a communication source terminal device 200A and a communication destination terminal device 200B in the network communication system shown in FIG. 1; FIG. 5 is a flow chart describing the communication session establishment procedure shown in the block diagram of FIG. 4 in time series. It is a block diagram which shows the whole structure of the network communication system which concerns on 2nd Embodiment of prior application basic invention. It is a block diagram which shows the detailed structure of the terminal device of the network communication system shown in FIG. FIG. 7 is a block diagram showing a procedure of establishing a communication session between a communication source terminal device 400B and a communication destination terminal device 400A in the network communication system shown in FIG. 6; FIG. 9 is a flow chart describing the communication session establishment procedure shown in the block diagram of FIG. 8 in chronological order; It is a figure which shows the 1st modification of the address table shown in FIG. 1 or FIG. It is a figure which shows the 2nd modification of the address table shown in FIG. 1 or FIG. It is a figure which shows the 3rd modification of the address table shown in FIG. 1 or FIG. FIG. 13 is a block diagram showing a modification of the procedure of establishing a communication session between the communication source terminal device 200A and the communication destination terminal device 200B in the network communication system shown in FIG. 1; FIG. 7 is a block diagram showing a modification of the procedure of establishing a communication session between the communication source terminal device 400B and the communication destination terminal device 400A in the network communication system shown in FIG. 6; FIG. 7 is a block diagram showing an embodiment of the prior application basic invention in the case of connecting a terminal device to a network N via a router. FIG. 16 is a diagram showing an example of an address table in the case where information obtained by adding a port number to an IP address is used as a location address in the embodiment shown in FIG. 15; It is a table | surface which shows the notification timing of the self-address in, when the terminal device based on a basic application basic invention is comprised using a communication application program. FIG. 1 is a block diagram showing an entire configuration of an embodiment using a VPN in a network communication system according to a prior invention basic invention. It is a figure which shows the principle of the VPN communication in embodiment shown in FIG. FIG. 19 is a diagram showing an example of an address table to which a VIP address is added for use in the embodiment shown in FIG. 18; FIG. 7 is a block diagram showing a specific example in which a communication failure occurs in the basic application of the prior application. It is a block diagram which shows the detailed structure of the terminal device 201 in the network communication system which concerns on Example 1 of this invention. FIG. 7 is a block diagram showing a procedure of establishing a communication session between a communication source terminal device 201A and a communication destination terminal device 201B in the network communication system according to the first embodiment of the present invention. FIG. 24 is a flow chart describing the communication session establishment procedure in the embodiment 1 shown in the block diagram of FIG. 23 in chronological order. It is a block diagram which shows the detailed structure of the terminal device 402 in the network communication system which concerns on Example 2 of this invention. In the network communication system which relates to the execution example 2 of this invention, it is the block diagram which shows the procedure of communication session establishment between communication origin terminal unit 402B and communication destination terminal unit 402A. FIG. 27 is a flow chart describing, in chronological order, a communication session establishment procedure in Example 2 shown in the block diagram of FIG. 26. FIG. It is a block diagram which shows the detailed structure of the terminal device 203 in the network communication system which concerns on Example 3 of this invention. It is a flowchart explaining pre-processing of the communication procedure in the network communication system concerning Example 3 of this invention in a time series. It is a figure which shows an example of the address table produced by the pre-processing shown in FIG. FIG. 14 is a block diagram showing a procedure for establishing a communication session between a communication source terminal device 203A and a communication destination terminal device 203B in the network communication system according to the third embodiment of the present invention. It is a flowchart which demonstrates the communication session establishment procedure in Example 3 shown by the block diagram of FIG. 31 in a time series. It is a block diagram which shows the detailed structure of the terminal device 404 in the network communication system which concerns on Example 4 of this invention. FIG. 17 is a block diagram showing a procedure for establishing a communication session between a communication source terminal device 404B and a communication destination terminal device 404A in the network communication system according to the fourth embodiment of the present invention. It is a flowchart which demonstrates a communication session establishment procedure in Example 4 shown by the block diagram of FIG. 34 in a time series. It is a block diagram which shows the detailed structure of the terminal device 205 in the network communication system which concerns on Example 5 of this invention. It is a flowchart explaining pre-processing of the communication procedure in the network communication system concerning Example 5 of this invention in a time series. It is a figure which shows an example of the address table produced by the pre-processing shown in FIG. FIG. 21 is a block diagram showing a procedure for establishing a communication session between a communication source terminal device 205A and a communication destination terminal device 205B in the network communication system according to the fifth embodiment of the present invention. FIG. 40 is a flowchart illustrating the communication session establishment procedure in the fifth embodiment illustrated in the block diagram of FIG. 39 in chronological order. It is a block diagram which shows the detailed structure of the terminal device 406 in the network communication system which concerns on Example 6 of this invention. FIG. 21 is a block diagram showing a procedure for establishing a communication session between a communication source terminal device 406B and a communication destination terminal device 406A in a network communication system according to a sixth embodiment of the present invention. It is a flowchart which demonstrates a communication session establishment procedure in Example 6 shown by the block diagram of FIG. 42 in a time series.

Hereinafter, the present invention will be described based on illustrated embodiments. The embodiment described here is the invention described in the international application PCT / JP2017 / 006131 (hereinafter referred to as the prior international application) accompanied by a claim of priority based on PCT / JP2016 / 055960 (hereinafter referred to as the prior application). By adding the function of bypass communication via the connection mediation device to this prior application basic invention on the basis of the basic invention), even when there is a problem in direct communication between the terminal devices, communication between the two In addition, it is possible to obtain the inherent additional effects and effects that “it is possible to do without problems”.

Under such circumstances, an embodiment of the present invention based on the basic application of the prior application will be described as a preferred embodiment of the present invention. Therefore, in the following 11 to 44, first, the basic application of the prior application will be described, and in 55 and later, the features unique to the present invention will be described. Therefore, the contents described in §1 to 以下 4 below (the contents shown in FIGS. 1 to 20) are substantially the same as the embodiment described in the international application PCT / JP2017 / 006131 to be the earlier application.

<<< 1. 1. First embodiment of prior invention basic invention >>>
<1-1. Configuration of First Embodiment of Basic Application of Prior Application>
FIG. 1 is a block diagram showing an entire configuration of a network communication system according to a first embodiment of the prior invention basic invention. As shown, this network communication system comprises a connection mediation device 100 and a plurality of terminal devices 200A to 200D, all of which are mutually connected via a network N (in this example, the Internet) It is possible.

In the drawing, for convenience of explanation, an example using four terminal devices 200A to 200D is shown, but in practice, it is general to use a larger number of terminal devices. The terminal devices 200A to 200D are the same device having a common configuration. Therefore, when referring to this common terminal apparatus, reference numeral 200 is used here, and when it is necessary to distinguish one from the other, A to D are added at the end of the code. The same applies to each symbol indicating an internal component of the terminal device 200.

After all, this network communication system is a system comprising a plurality of terminal devices 200A to 200D that can be connected to each other via the network N, and a connection mediation device 100 that mediates the connection between the plurality of terminal devices. become. As the terminal device 200, various electronic devices such as a personal computer, a mobile phone, and a tablet terminal, which have a function of performing communication by connecting to the network N can be used. On the other hand, the connection mediation device 100 is configured by a server computer that receives access from each of the terminal devices 200A to 200D via the network N.

Each of the terminal devices 200A to 200D is provided with a terminal ID for mutually identifying the individual terminal devices, and the connection mediation device 100 communicates with the terminal device as the communication source using this terminal ID. The processing for mediating the connection with the terminal device to be performed is executed. Here, as illustrated, it is assumed that terminal IDs of “0010”, “0020”, “0030” and “0040” are assigned to the terminal devices 200A, 200B, 200C and 200D, respectively.

In the implementation of the basic application of the prior application, the terminal ID may be any information as long as the information can identify each terminal device mutually. In the illustrated example, since only four terminal devices are used, it is sufficient to use a four-digit number such as "0010" as the terminal ID, but in order to identify each terminal device mutually, In practice, it is preferable to use a number or a combination of a number and an alphabet, because it is necessary to use a unique ID. Specifically, the terminal ID is the serial number of the CPU built in each terminal device, the MAC address assigned to the communication interface, the telephone number or the serial number of the SIM card when using a mobile phone as the terminal device, etc. It can be used as

Each of the terminal devices 200A to 200D is provided with a location address indicating its own location on the network. In the case of the illustrated example, the terminal devices 200A, 200B, 200C, and 200D are respectively provided with location addresses AD1, AD2, AD3, and AD4. As the location address, any address can be used as long as the location of the terminal can be uniquely determined on the network. When using the Internet as the network N and using IP as the communication protocol as in the illustrated example, a global IP address or NAT-ID is used as a location address indicating the location of each terminal device 200 on the network N. It is preferred to use.

The terminal ID is information necessary to identify individual terminal devices to one another, while the location address is information necessary to access individual terminal devices via the network N. Moreover, in the case of many terminal devices, the location address is not always constant, and changes from moment to moment. For example, in the case of a portable terminal device such as a mobile phone or a mobile personal computer, the base address to be communicated with changes as the mobile terminal moves, so the location address also changes with time. Also, in the case of a fixed-point installation type terminal device such as a desktop personal computer, since the IP address and the like given from the provider are updated, the location address also generally changes with time.

As described later, the terminal device 200 used in the basic application of the prior application has a function of notifying the connection mediating device 100 via the network N of the location address indicating the location of the terminal device 200 on its own network. Therefore, the connection mediating apparatus 100 can always grasp the latest address of each of the terminal devices 200A to 200D, and can access each of the terminal devices 200A to 200D as needed.

As illustrated, the connection intermediation device 100 is provided with an address table storage unit 110, an address table update unit 120, and a communication destination address return unit 130. As described above, the connection mediating device 100 is actually configured by a computer such as a server computer. Therefore, each component shown as an individual block in the figure is actually constructed by incorporating a dedicated program into a computer.

The address table storage unit 110 stores an address table T in which terminal IDs and location addresses are associated with each of the terminal devices 200A to 200D, and the address table update unit 120 stores the terminal devices 200A to 200D. The processing of updating the contents of the address table T is performed based on the notification from the server. Further, when there is a connection mediation request from each of the terminal devices 200A to 200D, the communication destination address replying unit 130 performs processing of returning a communication destination address by referring to the address table T.

In the figure, information indicating the correspondence between the terminal ID and the location address is stored as the address table T for each of the four terminal devices 200A to 200D. Specifically, for the terminal device 200A, the terminal ID "0010" is associated with the location address "AD1". For the terminal device 200B, the terminal ID "0020" is associated with the location address "AD2". For the device 200C, the terminal ID "0030" and the location address "AD3" are associated, and for the terminal device 200D, the terminal ID "0040" and the location address "AD4" are associated.

Subsequently, the detailed configuration of the terminal device 200 and the specific processing operation of each component will be described with reference to FIG. As illustrated, the terminal device 200 is provided with a connection mediation request unit 210, a communication request reception unit 220, a communication destination session establishment unit 230, a communication start request unit 240, a self address notification unit 250, and a communication source session establishment unit 260. ing.

This terminal device 200 is also actually composed of various computers (including devices such as mobile phones), and each component shown as an individual block in the figure is actually a program dedicated to the computer. Built by incorporating Besides the above, various components are incorporated in the actual terminal device 200. For example, if the terminal device 200 is a smart phone, incorporating various application programs will add components having various processing functions, but here, the configuration directly related to the basic application of the prior application Only the elements are shown as blocks in the figure, and the description of the other components is omitted. Of course, the terminal device 200 also has components such as an input interface for inputting commands and characters from the user and a display for presenting information to the user, but the description of these components is also omitted. Do.

As a result, the components depicted as six blocks in the terminal device 200 in FIG. 2 are the essential functional elements in the terminal device 200 according to the prior invention basic invention. In this block diagram, three kinds of arrows, thick arrows, thin arrows, and white arrows, are used as arrows indicating the flow of signals between the blocks. Here, thick arrows indicate the flow of signals exchanged between the terminal device 200 and the connection mediation device 100 before establishment of a communication session, and thin arrows indicate the flow between the pair of terminal devices 200. Shows the flow of signals before establishing a communication session. The white arrows indicate the flow of signals exchanged between the pair of terminal devices 200 after establishment of the communication session.

Further, in FIG. 2, six components in the terminal device 200 are drawn using three blocks of an ellipse, a rectangle, and a double rectangle, but this indicates the division of roles of each component. It is the convenience of Specifically, the components shown by the elliptical block are components for the terminal device 200 to execute the process of “address notification”, and the components shown by the rectangular block are the terminal device 200. Is a component that performs processing necessary for functioning as a “communication source”, and the component represented by the double rectangular block is processing required for the terminal device 200 functioning as a “communication destination” Is a component that implements

In the present application, the terms "communication source" and "communication destination" are terms used to distinguish two terminals when they communicate with each other, and spontaneously start communication. The side that performs the processing for this is called the "communication source", and the side that performs the processing necessary to communicate with the "communication source" is called the "communication destination" in response to the "communication source" acting on it. It is. For example, when using two terminal devices as telephones, the calling device is the "communication source" and the called device is the "communication destination". The “communication source” terminal device designates a specific “communication destination” and performs processing for spontaneously starting communication.

Of course, the terminal device 200 becomes a "communication source" or a "communication destination". When it becomes "communication source", processing by the component shown by the rectangular block in Fig. 2 is performed, and when it becomes "communication destination", the component shown by double rectangular block in Fig. 2 Processing is performed. Hereinafter, each function of six components of the terminal device 200 will be described in order.

As described above, the self address notification unit 250 indicated by an elliptic block is a component for executing the process of “address notification”, and the connection mediation address indicating the whereabouts of the own network is used as the connection mediation. A process of notifying the device 100 is executed. If the IP address is used as the location address, the self-address notifying unit 250 performs processing of notifying the connection mediation device 100 via the network N of the IP address assigned to itself at this point.

Usually, since a predetermined global IP address is given from the Internet provider to the terminal device 200 connectable to the Internet, the self address notifying unit 250 connects the global IP address given to the terminal device 200 as a location address. It may be notified to the intermediary device 100. Further, when a private IP address is assigned by using the NAT function of the router, the connection intermediation apparatus 100 may be notified of the NAT-ID as the location address. When notifying the location address, the terminal ID is simultaneously transmitted.

The address table updating unit 120 shown in FIG. 1 updates the address table T in response to such notification. For example, when the terminal ID 200A is notified of the terminal ID “0010” and the location address “AD1” from the terminal device 200A, the address table updating unit 120 determines that the terminal ID “0010” and the location address “AD1”. And in association with each other and stored in the address table T.

As described above, in the case of the general terminal device 200, the location address changes with time. Therefore, for practical use, it is preferable that the self address notifying unit 250 have a function of notifying the present address of the self (terminal device 200) repeatedly at a predetermined cycle. For example, if the self address notifying unit 250 repeatedly performs notification every one minute, the address table T is updated to the latest information every one minute.

Alternatively, the own address notification unit 250 may have a function of notifying the present location address when the location address of the own (terminal device 200) is changed. That is, when the location address is given for the first time, the location address may be notified as an address in the initial state, and thereafter, a new location address may be notified each time the location address is changed. Of course, the operation of repeatedly notifying in a predetermined cycle may be combined with the operation of notifying when the location address is changed.

Next, four components shown by rectangular blocks in FIG. 2 will be described. As described above, these four components execute processing necessary when the terminal device 200 functions as a "communication source".

First, the communication request receiving unit 220 performs processing of receiving a communication request for another terminal apparatus that is the communication destination, using itself as a communication source. For example, when the user of the terminal device 200 (communication source) wants to call a specific partner, the communication request to the effect that he / she wants to communicate with another terminal device (communication destination) possessed by the partner is required. become. This communication request is given, for example, as a user's operation input (for example, an operation on a touch panel) via an input interface (not shown), and includes some information for specifying the other party's terminal device. .

The connection intermediation request unit 210 causes the connection intermediation device 100 to specify communication destination specification information for specifying the terminal ID of another terminal device of the communication destination when the communication request reception unit 220 receives a communication request. Send a connection mediation request including: Here, the communication destination specification information included in the connection mediation request may be the terminal ID of another terminal apparatus of the communication destination, or may be other information capable of specifying the terminal ID. No (details will be described in 3-1 3-1).

Thus, the connection mediation request transmitted from the connection mediation request unit 210 is transmitted to the connection mediation device 100 via the network N (as described above, the bold arrows in the figure indicate the terminal device 200 and the connection mediation device 100). And shows the flow of signals before establishing a communication session). Then, as indicated by a bold arrow in the figure, the connection intermediation apparatus 100 sends back a communication destination address indicating the location of another terminal apparatus to be a communication destination on the network. This is due to the function of the communication destination address reply unit 130 shown in FIG.

That is, when the connection mediation request is transmitted from the connection mediation request unit 210 of the terminal device 200, the communication destination address replying unit 130 refers to the address table T and the communication destination included in the connection mediation request. The location address associated with the terminal ID specified by the specific information is returned as the communication destination address. Of course, the other end of the reply is the terminal device 200 that has made the connection mediation request. In short, when there is a connection mediation request specifying the communication destination from the terminal device of the communication source, the communication destination address replying unit 130 searches for the current location address of the communication destination using the address table T, Processing to reply to the terminal device of the communication source is performed.

As described above, when the connection mediation request unit 210 makes a connection mediation request, the connection mediation device 100 returns a communication destination address indicating the location of another terminal device on the network side of the communication destination. The communication destination address returned in this way is received by the communication start request unit 240. The communication start request unit 240 accesses the communication destination address via the network N and makes a communication start request. As indicated by thin arrows in the figure, this communication start request is a signal addressed to one terminal device 200 (communication destination) from another terminal device 200 (communication destination).

As described above, when the communication start request unit 240 transmits a communication start request to another terminal apparatus at the communication destination, the other terminal apparatus at the communication destination accepts the communication start request in response to the communication start request. A confirmation is sent back (thin arrow in the right side of the figure: this replying process will be described later as the process of the communication destination session establishing unit 230 of another terminal apparatus of the communication destination). The communication start acceptance confirmation sent back in this way is received by the communication source session establishment unit 260. When receiving the communication start acceptance confirmation, the communication source session establishment unit 260 establishes a communication session with another terminal apparatus of the communication destination and starts communication. The white arrows drawn at the right end of FIG. 2 indicate the flow of signals (communication packets) between the two terminals after the communication session is established in this way.

In the above, the four components shown by rectangular blocks in FIG. 2, that is, the components that execute processing when the terminal device 200 functions as a “communication source” have been described. The components indicated by double rectangular blocks, that is, the components that execute processing when the terminal device 200 functions as a “communication destination” will be described.

A component indicated by a double rectangular block in FIG. 2 is a communication destination session establishment unit 230. When the communication destination session establishing unit 230 makes a request to start communication from the other terminal apparatus of the communication source to the communication destination (the downward thin arrow in the left side of the figure), the communication destination session establishing section 230 sends the other terminal apparatus of the communication source. A communication start acceptance confirmation is transmitted (an upward thin arrow on the left side of the figure), and a communication session is established with another terminal apparatus of the communication source to start communication. The white arrows drawn at the left end of FIG. 2 indicate the flow of signals (communication packets) between the two terminals after the communication session is established in this manner.

After all, the communication after establishment of the communication session between the communication source terminal device and the communication destination terminal device is performed between the communication source session establishment unit 260 of the communication source terminal device and the communication destination session establishment unit 230 of the communication destination terminal device. It will be done. In other words, the hollow arrow at the right end of FIG. 2 is connected to the hollow arrow at the left end of FIG. 2 via the network N.

<1-2. Specific communication procedure in the first embodiment>
So far, with reference to FIG. 1 and FIG. 2, each component and its function of the connection mediation apparatus 100 and the terminal device 200 which are the components of the network communication system according to the first embodiment of the prior invention basic invention did. Here, the communication procedure in the network communication system according to the first embodiment will be described based on a specific example.

FIG. 3 is a block diagram showing the function of self address notification unit 250 in the terminal shown in FIG. The connection mediation device 100 is shown at the top of the figure, and two sets of terminal devices 200A and 200B are shown at the bottom of the figure. Although the terminal devices 200C and 200D are not shown here, the function of the self address notification unit 250 is the same. As described above, the exchange of information between the connection mediation device 100 and each of the terminal devices 200A and 200B (indicated by thick arrows) is actually performed via the network N, but here, for convenience of explanation, The illustration of the network N is omitted.

The terminal devices 200A and 200B shown in FIG. 3 have six components in the same manner as the terminal device 200 shown in FIG. That is, the terminal device 200A has the components 210A to 260A, and the terminal device 200B has the components 210B to 260B. These respective components are the same as the components 210 to 260 shown in FIG. (A and B at the end of the code are added to distinguish which terminal device is a component). Since FIG. 3 is a diagram for explaining the self address notification function of the terminal devices 200A and 200B, blocks of components other than the self address notification units 250A and 250B are shown by broken lines.

The self address notifying units 250A and 250B notify the address table updating unit 120 in the connection mediation device 100 of the location address indicating the location of the self on the network. Although FIG. 3 shows an example in which data “0010: AD1” is transmitted as a notification from the own address notification unit 250A to the address table update unit 120, this is because the own terminal ID “0010” is transmitted. Together with the current address “AD1” is transmitted. Similarly, an example in which data "0020: AD2" is transmitted as a notification from the own address notification unit 250B to the address table update unit 120 is shown, but this is not only with the own terminal ID "0020". It indicates that the current location address "AD2" of itself is being transmitted.

The point that the address table update unit 120 that receives such a notification from the self address notification units 250A and 250B of each of the terminal devices 200A and 200B performs processing to update the contents of the address table T based on the notification, As already mentioned in 1-11-1. Further, as described in 1-11-1, the self address notifying units 250A and 250B perform processing for notifying the current location address when the location address is changed repeatedly or at a predetermined cycle. is there.

As described above, the notification process of the location address performed by the self address notification unit 250 is not a direct process for starting communication between the terminal devices, but a preparation process for enabling communication to be started any time. Can. By performing this notification process, the address table T in the connection mediating device 100 can be kept up-to-date, and in fact, when it becomes necessary to communicate between specific terminal devices, the connection mediating device 100 The correct mediation process can be realized by

Subsequently, a processing procedure when actually starting communication between specific terminal devices will be described. FIG. 4 is a block diagram showing a procedure of establishing a communication session between the communication source terminal device 200A and the communication destination terminal device 200B in the network communication system shown in FIG. Also in FIG. 4, the connection mediation device 100 is shown at the top of the figure, and two sets of terminal devices 200A and 200B are shown at the bottom of the figure. Also here, the exchange of information between the connection mediation device 100 and the terminal device 200A (indicated by a thick arrow) and the exchange of information between the terminal devices 200A and 200B (indicated by a thin arrow) are actually the network N. The network N is not shown for convenience of explanation.

Here, for convenience of description, a procedure in the case where the terminal device 200A is a communication source and the terminal device 200B is a communication destination will be described. For this reason, in FIG. 4, for the components in the communication source terminal device 200A, only the components (components of the rectangular block) that execute processing necessary as the communication source are shown by solid lines, and in the communication destination terminal device 200B. As for the components, only the components (components of the double rectangular block) that execute processing necessary for communication are indicated by solid lines, and blocks of other components are indicated by dashed lines.

On the other hand, FIG. 5 is a flow chart explaining the communication session establishment procedure shown in the block diagram of FIG. 4 in chronological order. Hereinafter, the specific communication procedure in the first embodiment will be described according to the flowchart of FIG. 5 with reference to the block diagram of FIG. In the block diagram of FIG. 4, reference symbols S1 to S7 attached to the respective arrows correspond to steps S1 to S7 in the flowchart of FIG. Conversely, in each step of the flow chart of FIG. 5, reference numerals in parentheses correspond to specific blocks in the block diagram of FIG. 4 and indicate specific components related to the contents of the step. It is a thing.

First, in step S1, communication request acceptance processing is performed. This is a process performed by the communication request receiving unit 220A shown in FIG. 4. For example, when the user A of the communication source terminal device 200A wants to call the user B of the communication destination terminal device 200B, It is a process performed based on the operation input of the user A. For example, when each of the terminal devices 200A and 200B is a mobile phone and each telephone number is used as the terminal ID, the user A sends the terminal ID (telephone number) of the terminal device 200B to the terminal device 200A. A communication request S1 accompanied by an input operation may be made. That is, the communication request receiving unit 220A of the terminal device 200A performs processing of receiving the communication request S1 for another terminal device 200B that is the communication destination, using itself as the communication source.

The communication request receiving unit 220A does not necessarily receive the communication request S1 when the user A performs an operation input for making a call. For example, when the users A and B are playing a communication competition type game, a communication request S1 is given from the application program for the game to the communication request receiving unit 220A. Alternatively, if the terminal devices 200A and 200B are personal computers that perform some kind of business processing, and the application program for business processing incorporated in the personal computer 200A automatically performs scheduled report to the personal computer 200B, the application program Thus, the communication request S1 is given to the communication request receiving unit 220A. As described above, the communication request in the basic application of the prior application is not necessarily given by the user, but may be given by a program incorporated in the terminal device.

Thus, when the communication request acceptance is performed in step S1, a connection mediation request is performed in subsequent step S2. This is a process performed by the connection intermediation request unit 210A illustrated in FIG. 4 and, as described above, the communication destination for specifying the terminal ID of another terminal device 200B of the communication destination to the connection intermediation device 100. This is processing of transmitting a connection mediation request S2 including specific information.

Generally, when transmitting and receiving information between two parties connected via a network, the transmitting side of the information transmits its address to the receiving side, and the receiving side returns an acknowledge signal to the address on the transmitting side. Do the process. Therefore, when transmitting the connection mediation request S2 from the connection mediation request unit 210A, its own location address “AD1” is transmitted to the connection mediation device 100 side. The reply process in step S4 to be described later is performed for the location address "AD1".

Thus, when the connection mediation request is transmitted from the connection mediation request unit 210A of the communication source terminal device 200A to the connection mediation device 100, the communication destination address replying unit 130 that received the connection mediation request receives the address in step S3. With reference to the address table stored in the table storage unit 110, it is associated with the terminal ID ("0020" in this example) specified by the communication destination specifying information included in the connection mediation request. The location address is recognized as the communication destination address. For example, assuming that the address table T at that time is as shown in FIG. 1, the address "AD2" associated with the terminal ID "0020" is recognized as the communication destination address.

Therefore, in step S4, the communication destination address replying unit 130 performs processing for sending back the communication destination address "AD2" recognized in step S3. Of course, the reply partner is the communication source terminal device 200A that has made the connection mediation request in step S2. As described above, since the connection mediation request S2 includes the information of the location address “AD1” of the communication source terminal device 200A, the communication destination address reply unit 130 sends the communication destination address to the location address “AD1”. "AD2" can be sent back.

Thus, when the communication destination address reply S 130 (information for transmitting the communication destination address “AD2”) is transmitted from the communication destination address reply unit 130, the communication destination address reply S 4 is received by the communication start request unit 240 A. . After all, when the communication source terminal device 200A sends a connection mediation request S2 to the connection mediation device 100, the connection mediation device 100 responds to the connection mediation request S2 from the location of the communication destination terminal device 200B on the network. A communication destination address "AD2" indicating "" will be returned. Since the address table T prepared in the connection mediation device 100 is constantly updated to the latest state, the communication destination address "AD2" returned is the latest location address of the communication destination terminal device 200B. Become.

Therefore, the communication start request unit 240A that has acquired the communication destination address “AD2” by the communication destination address return S4 sends a communication start request S5 to the communication destination terminal device 200B in step S5. That is, access is made to the communication destination address “AD2” via the network N, and the communication start request is transmitted to the other party. At this time, the own location address (communication source address "AD1") is also transmitted together.

The communication start request S5 addressed to the communication destination address “AD2” is received by the communication destination session establishment unit 230B of the communication destination terminal device 200B. When communication start request S5 is made from communication source terminal apparatus 200A to communication target session establishing section 230B, communication source terminal apparatus 200A via network N is started in step S6. Sends a communication start acceptance confirmation S6. Then, in the subsequent step S7, a communication session is established with the communication source terminal device 200A, and communication S7 is started.

On the other hand, the communication start acceptance confirmation S6 transmitted to the communication source terminal device 200A is received by the communication source session establishment unit 260A. Then, in step S7, the communication source session establishment unit 260A that has received the communication start acceptance confirmation S6 establishes a communication session with the communication destination terminal device 200B and starts communication S7. In short, on the communication source terminal device 200A side, when the communication start acceptance confirmation S6 is returned from the communication destination terminal device 200B in response to the communication start request S5, a communication session is established with the communication destination terminal device 200B. Processing to start communication.

Thus, a communication session is established between the communication source terminal device 200A and the communication destination terminal device 200B, and communication S7 between the two is performed. In the flowchart shown in FIG. 5, the process performed by the connection mediating apparatus 100 is only the address table reference process of step S3 and the communication destination address reply process of step S4. That is, the mediation process performed by the connection mediation device 100 receives the connection mediation request S2 from the communication source terminal device 200A, refers to the address table T (step S3), and obtains the obtained communication destination address from the communication source terminal device 200A. Is the only reply (step S4). A communication session is established between the communication source terminal device 200A and the communication destination terminal device 200B only by the connection mediation device 100 performing such mediation processing, and communication between the two will be started.

As described above, in the network communication system according to the first embodiment of the basic application prior art, the processing load of the connection mediating apparatus 100 becomes extremely light. As described above, in a system that performs connection mediation processing between both terminals using SIP, the processing load is reduced as compared to conventional relay processing, but a session is established between both terminals. It is necessary to be involved until the concentration of mediation requests from a large number of terminal devices, the processing load becomes quite heavy. On the other hand, in the case of the system according to the first embodiment of the basic application basic invention, the connection mediating apparatus 100 does not have to be involved until the communication session is established between the two terminals, and It suffices to carry out the process of transmitting the communication destination address. Therefore, it is possible to further reduce the processing load when mediating the connection between the pair of terminal devices.

As described above, in the network communication system according to the first embodiment of the basic application prior invention, since the connection mediating device 100 does not participate in establishing a communication session, the connection mediating device 100 establishes a communication session between both terminal devices. It can not be grasped whether communication is being performed without any trouble. Therefore, if necessary, after establishment of the communication session, the communication source session establishment unit 260A or the communication destination session establishment unit 230B reports to the connection intermediation apparatus 100 that the communication session has been established without any problem. It is also good.

In the above-described embodiment, when the communication destination session establishing unit 230B makes a communication start request S5 with the communication destination terminal device 200A as the communication destination from the communication source terminal device 200A, the communication source terminal device 200A is notified in step S6. Although the description has been made that the communication start acceptance confirmation is sent, in some cases, the communication start request S5 may be rejected without being accepted, and the communication start acceptance confirmation may not be transmitted (or communication start acceptance). Instead of confirmation, communication start rejection notification may be sent). That is, the communication destination session establishing unit 230B is provided with some condition judging function, and when the communication start request S5 is issued, the communication start acceptance confirmation is transmitted only when the predetermined condition is satisfied. You should do it.

For example, communication is enabled only when user B of communication destination terminal device 200B can set incoming call rejection with respect to communication destination session establishing unit 230 and meets the condition that “no incoming call rejection setting is made”. A process of transmitting the start acceptance confirmation may be performed. Further, if communication source request information (for example, a terminal ID) for specifying the communication source terminal device 200A is included in the communication start request S5, the communication destination session establishment unit 230B performs the communication start request S5. It is possible to accept or reject the request depending on the source of communication.

For example, if a communication source list (so-called black list) which always rejects the communication start request S5 and a communication source list (so-called white list) which always accepts the communication start request S5 are prepared in the communication destination session establishment unit 230B. The communication destination session establishment unit 230B can determine whether to accept or reject the communication start request S5 by referring to the list.

In addition, as described in 3-33-3, when adopting a modification for improving security, it is also possible to adopt an operation of rejecting any security problem in the communication start request S5, if any. It is possible.

<<< 2. 2. Second embodiment of the basic application of the prior application >>>
<2-1. Configuration of Second Embodiment of Prior Invention Basic Invention>
Subsequently, a second embodiment of the basic application of the prior application will be described. FIG. 6 is a block diagram showing an entire configuration of a network communication system according to the second embodiment. As shown, this network communication system comprises a connection mediation device 300 and a plurality of terminal devices 400A to 400D, all of which are mutually connected via a network N (in this example, the Internet) It is possible.

Here, for convenience of explanation, an example using four terminal devices 400A to 400D will be shown, but in practice, it is general to use a larger number of terminal devices. Each of the terminal devices 400A to 400D is the same device having a common configuration, and in the case where the common terminal device is referred to, it is indicated by using the reference numeral 400, and when it is necessary to distinguish between them, It is shown by appending A to D. The same applies to each symbol indicating an internal component of the terminal device 400.

The network communication system shown in FIG. 6 includes a plurality of terminal devices 400A to 400D that can be connected to each other via a network N, and a connection mediation device 300 that mediates connection between the plurality of terminal devices. It turns out that. Also as the terminal device 400, various electronic devices such as personal computers, mobile phones, tablet terminals, etc. having a function of connecting to the network N and performing communication can be used. Further, the connection mediation device 300 is configured by a server computer that receives access from each of the terminal devices 400A to 400D via the network N.

Each of the terminal devices 400A to 400D is assigned a terminal ID for mutually identifying the individual terminal devices, and the connection mediation device 300 communicates with the terminal device as the communication source using this terminal ID. The processing for mediating the connection with the terminal device to be performed is executed. As the terminal ID, as described above, any information may be used as long as the information can identify each terminal device mutually. Here, as in the case of the first embodiment described above, terminal IDs of "0010", "0020", "0030" and "0040" are given to the terminal devices 400A, 400B, 400C and 400D, respectively. It shall be.

Further, each of the terminal devices 400A to 400D is provided with a location address indicating the location on the own network. Here, as in the case of the first embodiment described above, it is assumed that the terminal devices 400A, 400B, 400C, and 400D are provided with location addresses AD1, AD2, AD3, and AD4, respectively. As the location address, any address can be used as long as the location of the terminal can be uniquely determined on the network, but in practice, a global IP address or NAT-ID may be used. . As mentioned above, this location address changes with time.

As illustrated, in the connection mediation device 300, an address table storage unit 310, an address table update unit 320, and a communication source address transmission unit 330 are provided. The connection mediation device 300 is actually configured by a computer such as a server computer. Therefore, each component shown as an individual block in the figure is actually constructed by incorporating a dedicated program into a computer.

The address table storage unit 310 is the same component as the address table storage unit 110 shown in FIG. 1 and has a function of storing an address table T in which terminal IDs and location addresses are associated with each of the terminal devices 400A to 400D. Have. The address table T shown in FIG. 6 is completely the same as the address table T shown in FIG. The address table update unit 320 is the same component as the address table update unit 120 shown in FIG. 1, and performs the process of updating the contents of the address table T based on the notification from each of the terminal devices 400A to 400D. As such, the components 310 and 320 shown in FIG. 6 are substantially the same as the components 110 and 120 shown in FIG. 1, and thus detailed description thereof is omitted here.

On the other hand, the communication source address transmission unit 330 is a component having a function similar to that of the communication destination address return unit 130 shown in FIG. 1, but performs a slightly different operation. That is, when there is a connection mediation request from each of the terminal devices 400A to 400D, the communication source address transmission unit 330 recognizes the communication destination address by referring to the address table T, and transmits the communication source address to the communication destination address. Perform processing to send. A more detailed description of this process will be described later.

Subsequently, the detailed configuration of the terminal device 400 and the specific processing operation of each component will be described with reference to FIG. 7. As illustrated, the terminal device 400 is provided with a connection mediation request unit 410, a communication request reception unit 420, a communication source session establishment unit 430, a communication start request unit 440, a self address notification unit 450, and a communication destination session establishment unit 460. ing.

This terminal device 400 is also actually composed of various computers (including devices such as a mobile phone), and each component shown as an individual block in the figure is actually a program dedicated to the computer. Built by incorporating Of course, the terminal device 400 also incorporates various components and input / output interfaces (not shown) as needed. Here, only the components directly related to the basic application of the prior application are shown in the figure. It is shown as a block, and the description of the other components is omitted.

Also in FIG. 7, similarly to FIG. 2, thick arrows indicating the flow of signals between blocks indicate the flow of signals before establishment of a communication session, which are exchanged between the terminal device 400 and the connection mediation device 300. A thin arrow indicates a flow of signals exchanged between the pair of terminal devices 400 before establishment of a communication session. The white arrows indicate the flow of signals exchanged between the pair of terminal devices 400 after establishment of the communication session.

Further, similarly to FIG. 2, the components shown by the elliptical block in FIG. 7 are the components for the terminal device 400 to execute the “address notification” process, and the configuration shown by the rectangular block The element is a component that executes processing required when the terminal device 400 functions as a "communication source", and the component indicated by a double rectangular block functions as a "communication destination" of the terminal device 400. It is a component that performs the processing necessary for doing so. When the terminal device 400 becomes a "communication source", processing by the components shown by rectangular blocks in FIG. 7 is performed, and when it becomes a "communication destination", double rectangular blocks are displayed in FIG. Processing by the component being performed is performed. Hereinafter, each function of six components of the terminal device 400 shown in FIG. 7 will be described in order.

First, the self address notification unit 450 indicated by an elliptic block is a component for executing the process of “address notification”, and transmits to the connection mediation device 300 a location address indicating the location of the self on the network. Execute processing to notify. The function of the self address notifying unit 450 is the same as the function of the self address notifying unit 250 shown in FIG. The address table update unit 320 shown in FIG. 6 updates the address table T in response to this notification.

Next, five components shown as rectangular blocks or double rectangular blocks in FIG. 7 will be described. As described above, the three components indicated by the rectangular block perform the processing necessary when the terminal device 400 functions as a "communication source", and the two configurations indicated by the double rectangular block. The elements perform processing necessary when the terminal device 400 functions as a “communication destination”.

First, the communication request receiving unit 420 is a component that uses itself as a communication source to receive a communication request for another terminal apparatus that is the communication destination, and has exactly the same function as the communication request receiving unit 220 shown in FIG. It is a component. Further, when the communication request receiving unit 420 receives a communication request, the connection intermediation request unit 410 specifies, with respect to the connection intermediation device 300, a communication destination specification for specifying the terminal ID of another terminal device of the communication destination. It is a component for transmitting a connection mediation request including information, and is a component having the same function as the connection mediation request unit 210 shown in FIG.

Thus, the connection mediation request transmitted from the connection mediation request unit 410 is transmitted to the connection mediation device 300 via the network N (thick arrows in the figure exchange between the terminal device 400 and the connection mediation device 300) Show the flow of signals before establishing a communication session). Then, from the connection mediation device 300, a communication source address is transmitted as indicated by a thick arrow in the figure. The communication source address is received by the communication start request unit 440.

The point to be noted here is that the transmission destination of the communication source address from the connection mediation device 300 is not the terminal device of the communication source that has made the connection mediation request, but is another terminal device that becomes the communication destination. That is, in the example shown in FIG. 7, the connection mediation request unit 410 indicated by a rectangular block is a component in the communication source terminal device, while the communication start request unit 440 indicated by a double rectangular block is a separate element. It is a component in the communication destination terminal device. Therefore, in the above description, the connection mediation request unit 410 for issuing a connection mediation request and the communication start request unit 440 for receiving the communication source address transmitted from the connection mediation device 300 in response to this are terminal devices different from each other. It belongs to 400.

In short, when the connection mediation request is sent from the connection mediation request unit of a certain terminal device 400, the communication source address transmission unit 330 shown in FIG. The location address associated with the terminal ID of the terminal device of the communication source that has transmitted the connection mediation request with respect to the location address associated with the terminal ID identified by the communication destination identification information included in Will be processed as a communication source address.

In order to clarify the processing function of the communication source address transmission unit 330, a specific example (for example, the user B of the terminal device 400B) sets the terminal device 400B shown in FIG. 6 as the communication source and the terminal device 400A as the communication destination here. Is the case where the caller is the calling party and the user A of the terminal device 400A is the called party) and the above procedure is described.

In this case, a connection mediation request for specifying the terminal device 400A as a communication destination is sent from the communication source terminal device 400B to the connection transfer device 300. The communication source address transmission unit 330 having received the connection mediation request recognizes the location address “AD1” of the terminal device 400A designated as the communication destination by referring to the address table T. The communication destination address reply unit 130 in the first embodiment described above performs processing for sending the location address of the communication destination recognized in this way to the communication source (the transmission source of the connection mediation request). On the other hand, the communication source address transmission unit 330 in the second embodiment shown in FIG. 6 addresses the communication source terminal device 400B at the communication source address “A” addressed to the recognized address “AD1” of the communication destination. Send "AD2" (which can be recognized as the source address of the connection mediation request).

After all, in the case of the above example, when the communication source terminal device 400B makes a connection mediation request to the connection mediation device 300, the connection mediation device 300 transmits the communication source address to the communication destination terminal device 400A (the communication source terminal device 400B The location address "AD2" is to be transmitted. This is a point that is largely different from the first embodiment described above.

The communication source address thus transmitted is received by the communication start request unit 440 in the communication destination terminal device 400A, as shown in FIG. The communication start request unit 440 sends a communication start request to the communication source address (the address of the communication source terminal device 400B). That is, when the communication start request unit 440 transmits a communication source address indicating the location on the network of another terminal device of the communication source from the connection intermediation device 300, the communication start request unit 440 transmits the communication source via the network N. It will access the address and make a communication start request. As indicated by thin arrows in the figure, this communication start request is a signal addressed from one terminal device 400 (communication destination) to another terminal device 400 (communication source).

On the other hand, the terminal apparatus (in the above example, the terminal apparatus 400B) for which the communication start request has been made from another terminal apparatus (in the above example, the terminal apparatus 400A) of the communication destination is the communication source session establishing unit Receive at 430 (downward thin arrow on the left side of the figure). Then, the communication source session establishment unit 430 returns a communication start acceptance confirmation to another terminal apparatus (the terminal apparatus 400A in the above example) which is the communication destination (the upward thin arrow in the left side of the figure), Establish a communication session with the other terminal above and start communication. The white arrows drawn at the left end of FIG. 7 indicate the flow of signals (communication packets) between the two terminals after the communication session is established in this way.

Thus, the communication start acceptance confirmation returned from the communication source terminal device 400B to the communication destination terminal device 400A is received by the communication destination session establishment unit 460 of the communication destination terminal device 400A (thin arrow in the right side of the figure). When receiving the communication start acceptance confirmation, the communication destination session establishing unit 460 establishes a communication session with another terminal device 400B of the communication source and starts communication. The white arrows drawn at the right end of FIG. 7 indicate the flow of signals (communication packets) between the two terminals after the communication session is established in this way.

Thus, communication after establishment of a communication session between the communication source terminal device and the communication destination terminal device is performed between the communication source session establishment unit 430 of the communication source terminal device and the communication destination session establishment unit 460 of the communication destination terminal device. It will be done. In other words, the open arrow at the left end of FIG. 7 is connected to the open arrow at the right end of FIG. 7 via the network N.

<2-2. Specific Communication Procedure in Second Embodiment>
So far, each component of the connection mediating apparatus 300 and the terminal apparatus 400 which are components of the network communication system according to the second embodiment of the prior invention basic invention will be described with reference to FIG. 6 and FIG. did. Here, the communication procedure in the network communication system according to the second embodiment will be described based on a specific example.

First, the function of the self address notification unit 450 in the terminal apparatus shown in FIG. 7 is the same as the function of the self address notification units 250A and 250B described with reference to FIG. Do.

Therefore, hereinafter, a processing procedure when actually starting communication between specific terminal devices will be described. FIG. 8 is a block diagram showing a procedure for establishing a communication session between the communication source terminal device 400B and the communication destination terminal device 400A in the network communication system shown in FIG. In FIG. 8, the connection mediation device 300 is shown at the top of the figure, and two sets of terminal devices 400A and 400B are shown at the bottom of the figure. Also here, the exchange of information between the connection mediation device 300 and each of the terminals 400A and 400B (indicated by thick arrows) and the exchange of information between the terminals 400A and 400B (indicated by thin arrows) are actually performed. Although it is performed via the network N, illustration of the network N is abbreviate | omitted for convenience of explanation.

Here, for convenience of explanation, a procedure in the case where the terminal device 400B is a communication source and the terminal device 400A is a communication destination will be described. Therefore, in FIG. 8, for the components in the communication source terminal device 400B, only the components (components of the rectangular block) that execute processing required as the communication source are shown by solid lines, and in the communication destination terminal device 400A. As for the components, only the components (components of the double rectangular block) that execute processing necessary for communication are indicated by solid lines, and blocks of other components are indicated by dashed lines.

On the other hand, FIG. 9 is a flow chart for explaining the communication session establishment procedure shown in the block diagram of FIG. 8 in chronological order. Hereinafter, a specific communication procedure in the second embodiment will be described according to the flowchart of FIG. 9 with reference to the block diagram of FIG. In the block diagram of FIG. 8, the symbols S11 to S17 attached to the arrows correspond to the steps S11 to S17 in the flowchart of FIG. Conversely, in each step of the flow chart of FIG. 9, reference numerals in parentheses correspond to specific blocks in the block diagram of FIG. 8 and indicate specific components related to the contents of the step. It is a thing.

First, in step S11, communication request acceptance processing is performed. This is processing for receiving a communication request by the communication request receiving unit 420B shown in FIG. 8 and is the same as the processing described in step S1 in FIG. In the subsequent step S12, a connection mediation request S12 is issued based on the communication request. This is processing performed by the connection mediation requesting unit 410B illustrated in FIG. 8 and is the same as the processing described in step S2 in FIG.

Thus, the connection mediation request unit 410B of the communication source terminal device 400B sends a connection mediation request S12 to the connection mediation device 300 (in the illustrated example, the terminal ID "0010" of the communication destination terminal device 400A is included as communication destination identification information. Is sent, in step S13, the communication source address transmission unit 330 that has received the connection mediation request S12 refers to the address table stored in the address table storage unit 310, and the connection mediation is performed. The location address associated with the terminal ID ("0010" in this example) identified by the communication destination identification information included in the request is recognized as the communication destination address (S13). For example, if the address table T at that time is as shown in FIG. 6, the address "AD1" associated with the terminal ID "0010" is recognized as the communication destination address.

Therefore, in step S14, the communication source address reply unit 330 is associated with the terminal ID "0020" of the communication source terminal device 400B that has transmitted the connection mediation request S12 to the communication destination address "AD1" recognized in step S13. The present location address "AD2" is transmitted as the communication source address (S14).

As described above, in general, when transmitting and receiving information between two parties connected via a network, the transmitting side of the information transmits its own address to the receiving side, and the receiving side acknowledges the address of the transmitting side. Perform processing to send back a signal. Therefore, the communication source address transmission unit 330 can recognize the location address “AD2” of the terminal device 400B that is the transmission source when receiving the connection mediation request S12, so when performing the communication source address transmission S14. , May transmit the recognized location address “AD2” as data.

As described above, when the communication source terminal device 400B sends a connection mediation request S12 to the connection mediation device 300, the connection mediation device 300 addresses the communication destination terminal device 400A in response to the connection mediation request S12. The communication source address "AD2" indicating the location of the communication source terminal device 400B is transmitted to the location address "AD1" searched for in the table T). Since the address table T prepared in the connection mediation device 300 is always updated to the latest state, the communication source address transmission S14 is always performed for the latest location address of the communication destination terminal device 400A. Become.

Thus, when the communication source address transmission S14 (information for transmitting the communication source address “AD2”) is transmitted from the communication source address transmission unit 330, the communication source address transmission S14 is a communication start request of the communication destination terminal device 400A. It is received by section 440A.

In step S15, the communication start request unit 440A that has acquired the communication source address “AD2” by the communication source address transmission S14 sends a communication start request S15 to the communication source terminal device 400B. That is, access is made to the communication source address "AD2" via the network N, and the communication start request is transmitted to the other party. At this time, the own location address (communication source address "AD1") is also transmitted together.

The communication start request S15 addressed to the communication source address “AD2” is received by the communication source session establishment unit 430B of the communication source terminal device 400B. When communication source session establishment unit 430B receives communication start request S15 from communication destination terminal device 400A using itself (terminal device 400B) as the communication source, communication destination terminal device 400A first via network N in step S16. In response to this, the communication start acceptance confirmation S16 is transmitted. Then, in the subsequent step S17, a communication session is established with the communication destination terminal device 400A, and communication S17 is started.

On the other hand, the communication start acceptance confirmation S16 transmitted to the communication destination terminal device 400A is received by the communication destination session establishing unit 460A. Then, in step S17, the communication destination session establishment unit 460A that has received this communication start acceptance confirmation S16 also performs processing for establishing a communication session with the communication source terminal device 400B and starting communication S17. In short, on the communication destination terminal device 400A side, when the communication start acceptance confirmation S16 is returned from the communication source terminal device 400B in response to the communication start request S15, a communication session is established with the communication source terminal device 400B. Processing to start communication.

Thus, a communication session is established between the communication source terminal device 400B and the communication destination terminal device 400A, and communication S17 is performed between the two. In the flowchart shown in FIG. 9, the processing performed by the connection mediating apparatus 300 is only the address table reference processing of step S13 and the communication source address transmission processing of step S14. That is, the mediation processing performed by the connection mediation device 300 refers to the address table T in response to the connection mediation request S12 from the communication source terminal device 400B (step S13), and the communication source is addressed to the obtained communication destination address. Only the address data is transmitted (step S14). A communication session is established between the communication source terminal device 400B and the communication destination terminal device 400A only by the connection mediation device 300 performing such mediation processing, and communication between the two will be started.

As described above, in the network communication system according to the second embodiment of the basic application prior invention, the processing load of the connection mediating apparatus 300 is extremely light as in the network communication system according to the first embodiment. As described above, in a system that performs connection mediation processing between both terminals using SIP, the processing load is reduced as compared to conventional relay processing, but a session is established between both terminals. It is necessary to be involved until the concentration of mediation requests from a large number of terminal devices, the processing load becomes quite heavy. On the other hand, in the case of the system according to the second embodiment of the basic application basic invention, the connection mediating apparatus 300 does not have to be involved until the communication session is established between the two terminals, and It suffices to carry out the process of transmitting the communication source address. Therefore, it is possible to further reduce the processing load when mediating the connection between the pair of terminal devices.

As described above, in the network communication system according to the second embodiment of the basic application prior invention, since the connection mediating device 300 is not involved in establishing a communication session, the connection mediating device 300 establishes a communication session between both terminal devices. It can not be grasped whether communication is being performed without any trouble. Therefore, if necessary, after establishment of the communication session, the communication source session establishment unit 430B or the communication destination session establishment unit 460A reports to the connection mediation device 300 that the communication session has been established without any problem. It is also good.

In the above-described embodiment, when the communication start request unit 440A of the communication destination terminal device 400A receives the communication source address transmission S14 from the connection mediation device 300, the communication start request S15 is automatically transmitted in step S15. In some cases, the communication start request unit 440A has some condition determination function, and when communication source address transmission S14 is received, the communication start request is sent only if the predetermined condition is satisfied. S15 may be transmitted. Alternatively, when the predetermined condition is not satisfied, the communication start rejection notification may be transmitted instead of the communication start request S15.

For example, if communication start request unit 440A is provided with a communication source list (so-called black list) which always rejects communication start and a communication source list (so-called white list) which always permits communication start, communication start request unit 440A If the communication source address transmitted by the communication source address transmission S14 is included in the blacklist by referring to the list, the communication start request S15 is not transmitted or is processed. An operation to transmit a notification of rejection of communication start can be performed. Alternatively, it is also possible to operate to transmit the communication start request S15 only when the communication source address is listed in the white list.

Further, in the above-described embodiment, when the communication source session establishing unit 430B makes a communication start request S15 having the communication source terminal device 400A as the communication source from the communication destination terminal device 400A, in step S16, the communication destination terminal device 400A Although the description has been made that the communication start acceptance confirmation is transmitted, in some cases, the communication start request confirmation may be rejected without accepting the communication start request S15 (or the communication start acceptance may not be transmitted) Instead of confirmation, communication start rejection notification may be sent).

For example, as described in 3-43-4, when adopting a modification for improving security, it is also possible to adopt an operation of rejecting any security problem in the communication start request S15, if any. It is possible.

<<< 3. 3. Modification of the first and second embodiments of the basic application of the prior application >>>
Here, some modified examples will be described for the first embodiment of the prior application basic invention described in § 1 and the second embodiment of the prior application basic invention described in 2 2.

<3-1. Modification of terminal ID>
As described above, an address table T is stored in the address table storage unit 110 in the connection mediating apparatus 100 of FIG. The same applies to the address table storage unit 310 in the connection mediating apparatus 300 of FIG. The address table T is a table in which the terminal ID and the location address are associated with each of the individual terminal devices, and the communication destination address reply unit 130 or the communication source address transmission unit 330 is included in the received connection mediation request. The address table T is referred to based on the communication destination specifying information, and the location address of the communication destination is acquired.

For example, in the case of the first embodiment illustrated in FIG. 4, the connection mediation request S2 includes the terminal ID “0020” of the communication destination terminal device 200B as communication destination identification information, and the communication destination address reply unit 130 By referring to the address table T, the location address “AD2” corresponding to the terminal ID “0020” can be acquired. Similarly, in the case of the second embodiment illustrated in FIG. 8, the connection mediation request S12 includes the terminal ID “0010” of the communication destination terminal device 400A as communication destination identification information, and the communication source address transmission unit 330. Can obtain the location address “AD1” corresponding to the terminal ID “0010” by referring to the address table T.

As described above, in the embodiments described above, the terminal ID of the communication destination terminal apparatus is used as the communication destination identification information included in the connection mediation request. This terminal ID is information for mutually identifying each terminal device, and more specifically, the serial number of the CPU built in each terminal device, the MAC address given to the communication interface, the mobile phone In the case of a terminal device that functions as, a telephone number or a serial number of a SIM card can be used as the terminal ID.

However, in general, it is difficult for a user to store the terminal ID for the terminal device of another user. Therefore, when making a communication request, it is not preferable for the user to directly input these terminal IDs. Therefore, in practice, when making a communication request, it is preferable to specify the communication destination by the user ID instead of specifying the communication destination by the terminal ID. While the terminal ID is an ID for identifying an individual terminal device, the user ID is an ID for identifying an individual user. Generally, a user name or a nickname can be used as a user ID.

In order to be able to make a communication request using the user ID instead of the terminal ID, a correspondence table of the user ID and the terminal ID may be prepared in the communication request receiving unit 220, 420. Then, when the user issues a communication request by specifying a specific user ID (for example, a user name), the communication request accepting unit 220, 420 uses the prepared correspondence table to make the user ID a terminal ID. To the connection intermediation request unit 210, 410. Then, the connection mediation request units 210 and 410 can transmit a connection mediation request including the terminal ID. Such a conversion processing function for converting a user ID (for example, user name) into a terminal ID (for example, a telephone number) is a known function provided as a "telephone number registration function" in a general mobile phone. Detailed description is omitted here.

As another method of making it possible to use the user ID instead of the terminal ID, a method of preparing a correspondence table between the user ID and the terminal ID on the connection mediation device 100, 300 side can also be adopted. For example, instead of the address table T shown in FIGS. 1 and 6, an address table T1 as shown in FIG. 10 is stored in the address table storage units 110 and 310. The address table T1 is a table including, for each of the individual terminal devices, information that associates a user ID specifying a user of the terminal device with a terminal ID of the terminal device.

Although FIG. 10 shows an example using user names such as "John" and "Mary" as the user ID for convenience of explanation, in practice, individual users included in the table can be mutually identified. As described above, the full name of each user is registered as a user ID, and if there is a user with the same first and last name, a user ID that can be distinguished from each other is registered. In practice, the self address notification unit 250, 450 of the terminal device 200, 400 is provided with a function for reporting such a user ID to the connection intermediation device 100, 300 side, and the address table update unit 120, 320 If a function for registering a user ID that has received a report in the address table T1 is provided, it is possible to prepare an address table T1 as shown in FIG.

If the address table T1 is prepared, it is not necessary to recognize the terminal ID of the terminal device to be the communication destination on the terminal device side to be the communication source. For example, in the example shown in FIG. 4, when the communication source terminal device 200A calls the communication destination terminal device 200B, the user A (John) of the communication source terminal device 200A is the user B of the communication destination terminal device 200B. A communication request specifying the user name "Mary" (user ID) as the communication destination may be performed. In this case, a connection mediation request S2 including the user ID “Mary” as communication destination specifying information instead of the terminal ID “0020” is transmitted from the connection mediation request unit 210A to the connection mediation device 100.

The communication destination address reply unit 130 that has received such a connection mediation request S2 refers to the address table T1 shown in FIG. 10 to find the terminal ID corresponding to the user name “Mary” included as communication destination identification information. "0020" can be recognized, and furthermore, the location address "AD2" of the communication destination terminal device 200B having this terminal ID "0020" can be recognized.

FIG. 11 is a diagram showing an address table T2 using an account ID instead of the user ID. While the user ID is information for identifying each user, the account ID is information for identifying a user account established by each user. For example, the account ID “U11111” in the illustrated example is an ID indicating a user account opened by the user “John”, and the account ID “U22222” is an ID indicating a user account opened by the user “Mary” is there. Of course, each user can open multiple accounts if necessary.

The self address notification unit 250, 450 of the terminal device 200, 400 is provided with an application function for opening such an account, and the address table update unit 120, 320, according to the application, a predetermined user account If an account ID is registered in the address table T2, the address table T2 as shown in FIG. 11 can be prepared.

In the example shown in FIG. 4, when the address table T2 as shown in FIG. 11 is prepared in the address table storage unit 110, the connection intermediation request unit 210A becomes “U22222” instead of the terminal ID “0020”. The connection mediation request S2 including the account ID as the communication destination specifying information may be transmitted to the connection mediation device 100.

As described above, in the prior application basic invention, the connection mediation request transmitted from the connection mediation request unit includes some "communication destination specification information" that plays the role of specifying the terminal ID of another terminal apparatus to be the communication destination. It will be enough if it is done. This "communication destination specification information" may be the terminal ID itself, or may be a user ID or account ID as described above.

After all, in the case where the modification described in に 3-1 is applied to the first embodiment described in § 1, in the configuration shown in FIG. Storing an address table T1 (FIG. 10) or T2 (FIG. 11) including information associating the user ID of the terminal device or the account ID of the user account with the terminal ID of the terminal device Let's keep it. Further, the connection intermediation request unit 210A transmits a connection intermediation request S2 using a user ID specifying the user of the terminal apparatus at the communication destination or an account ID specifying the user account as the communication destination specifying information. Then, when the connection mediation request S2 is transmitted from the connection mediation request unit 210A, the communication destination address reply unit 130 refers to the address table T1 or T2 and the user ID included in the connection mediation request S2 or A terminal ID associated with the account ID may be determined, and a location address associated with the determined terminal ID may be returned as a communication destination address.

On the other hand, when applying the modification described in 述 べ 3-1 to the second embodiment described in 2 2, in the configuration shown in FIG. Storing an address table T1 (FIG. 10) or T2 (FIG. 11) including information associating the user ID of the terminal device or the account ID of the user account with the terminal ID of the terminal device Let's keep it. The connection intermediation request unit 410B transmits a connection intermediation request S12 using a user ID specifying a user of a terminal apparatus of a communication destination or an account ID specifying a user account as communication destination specification information. Then, the communication source address transmission unit 330 refers to the address table T1 or T2 when the connection intermediation request S12 is transmitted from the connection intermediation request unit 410B, and the user ID included in the connection intermediation request S12 or The terminal ID associated with the account ID may be determined, and the communication source address may be transmitted to the location address associated with the determined terminal ID.

<3-2. Modification using an alternative terminal>
As described above, the terminal devices that can be used for the basic application of the prior invention are diverse, such as personal computers, mobile phones, tablet terminals, etc. Recently, it has become less common for the same user to use a plurality of terminal devices. Here, in consideration of such a situation, when there is an incoming call for a specific terminal device, a modified example is described in which the incoming call is directed to another terminal device of the same user. .

When implementing the modification described here, an address table T3 as shown in FIG. 12 is prepared in advance. In the case of this address table T3, although the terminal ID and the location address are registered for each of the four sets of user IDs "John", "Mary", "Frank", and "Susie", 2 for the user ID "John" Two terminal IDs "0010" and "0011" are registered, and three user IDs "0030", "0031" and "0032" are registered for the user ID "Frank". This is because the user John owns two terminal devices available for this network communication system, and the user Frank owns three terminal devices.

Here, a plurality of terminal IDs registered in association with the same user ID are grasped as terminal IDs belonging to one group, and one terminal ID belonging to the same group is another terminal ID The address table T3 shown in FIG. 12 can be referred to as an address table in which one or more alternative terminal IDs are registered for a specific terminal ID. In short, when there is registration of a plurality of terminal IDs with the same user name, these terminal IDs are grasped as belonging to the same group, and they are treated to be mutually recognized as alternative terminal IDs. Just do it.

For example, in the case of the example shown in FIG. 12, one alternative terminal ID "0011" is registered for the terminal ID "0010", and conversely, one alternative terminal ID "0010" for the terminal ID "0011" is registered. It will be registered. On the other hand, two alternative terminal IDs "0031" and "0032" are registered for the terminal ID "0030", and two alternative terminal IDs "0030" and "0032" are registered for the terminal ID "0031". For the terminal ID "0032", two alternative terminal IDs "0030" and "0031" are registered.

In the system according to the modification described here, by registering such an alternative terminal ID, when there is a call to a terminal device in an inconvenient state, the call may be substituted. Can be transferred to a terminal device.

For example, the user John owns a first terminal device (terminal ID "0010") consisting of a smartphone and a second terminal device (terminal ID "0011") consisting of a personal computer, and usually either of the terminals Assume that the device is also available. However, one day, it is assumed that the first terminal device consisting of a smartphone is temporarily out of service due to battery exhaustion. In this case, even if the user Mary makes a communication request with his own terminal device as the communication source and the smartphone of the user John as the communication destination, a normal connection can not be made to the smartphone of the user John.

In such a case, in the system according to the modified example described here, the connection mediating apparatus can execute processing for connecting alternatively to the personal computer of the user John serving as the substitute instead of the smart phone of the user John.

When applying the modification described in §3-2 to the first embodiment of the basic application invention described in §1, the following modification may be made to the configuration shown in FIG.

First, the address table storage unit 110 stores an address table (for example, an address table T3 shown in FIG. 12) in which one or more alternative terminal IDs are registered for a specific terminal ID. Then, the communication destination address reply unit 130 has a function of determining whether or not each terminal device is in an inconvenient state of use. Specifically, for example, test access is performed on the terminal device to be determined, and it is determined that there is no problem if there is a normal reply, but if a normal reply is not obtained, use inconvenience It may be determined that the vehicle is in a steady state.

Communication destination address reply section 130 determines whether or not the terminal apparatus to which the original terminal ID specified in the communication destination specification information is assigned is inconvenient in use when connection mediation request S2 is transmitted. Perform processing to judge. Then, if the terminal apparatus to which the original terminal ID is assigned is in an inconvenient state, the location address associated with the alternative terminal ID instead of the original terminal ID is returned as the communication destination address. Do the process you want.

For example, in the state where the address table T3 shown in FIG. 12 is prepared, when a connection mediation request including the original terminal ID "0010" (smart phone of the user John) is transmitted as the communication destination specifying information, the communication destination address The reply unit 130 first performs test access to the location address “AD1” corresponding to the terminal ID “0010”, determines that there is no problem if a normal reply is received, and follows the usual procedure to determine the location address “AD1”. "" May be returned as the communication destination address. In this case, the communication source terminal device can perform communication with the smartphone of the user John given the original terminal ID “0010” as the communication destination.

However, when a normal reply is not obtained for the test access, it is determined that the terminal device (the smartphone of the user John) to which the original terminal ID "0010" is assigned is in an inconvenient state of use, In place of the terminal ID "0010", the address "AD5" associated with the terminal ID "0011" registered as the alternative terminal ID for the terminal ID "0010" in the address table T3 is used as the communication destination address. Make a reply process. In this case, the communication source terminal device communicates not with the smartphone of the user John given the original terminal ID "0010" but with the personal computer of the user John given the alternative terminal ID "0011" as the communication destination. it can.

On the other hand, when the modification described in §3-2 is applied to the second embodiment of the basic application basic invention described in §2, the following modification can be made to the configuration shown in FIG. Good.

First, the address table storage unit 310 stores an address table (for example, an address table T3 shown in FIG. 12) in which one or more alternative terminal IDs are registered for a specific terminal ID. Then, the communication source address transmitting unit 330 is added with a function of determining whether or not each terminal device is in an inconvenient state of use. Specifically, as described above, the test access is performed on the terminal device to be determined, and it is determined that there is no problem if a normal reply is received, but if a normal reply is not obtained. It may be determined that the user is in an inconvenient state of use.

The communication source address transmission unit 330 determines whether or not the terminal device to which the original terminal ID specified by the communication destination specification information is assigned is in an inconvenient state when the connection intermediation request S12 is transmitted. Perform processing to judge. Then, if the terminal apparatus to which the original terminal ID is assigned is in an inconvenient state, connection mediation is performed for the location address associated with the alternative terminal ID instead of the original terminal ID. A process of transmitting the location address of the communication source terminal apparatus that has transmitted the request S12 as the communication source address is performed.

For example, in the state where the address table T3 shown in FIG. 12 is prepared, when a connection mediation request including the original terminal ID “0010” (smart phone of the user John) as the communication destination specifying information is transmitted, the communication source address The transmitting unit 330 first performs test access to the location address “AD1” corresponding to the terminal ID “0010”, determines that there is no problem if a normal reply is received, and follows the usual procedure to determine the location address “AD1”. The communication source address may be sent to In this case, the communication source terminal device can perform communication with the smartphone of the user John given the original terminal ID “0010” as the communication destination.

However, when a normal reply is not obtained for the test access, it is determined that the terminal device (the smartphone of the user John) to which the original terminal ID "0010" is assigned is in an inconvenient state of use, Communication source address addressed to the location address "AD5" associated with the terminal ID "0011" registered as an alternative terminal ID in the address table T3 instead of the terminal ID "0010" of To send In this case, the communication source terminal device communicates not with the smartphone of the user John given the original terminal ID "0010" but with the personal computer of the user John given the alternative terminal ID "0011" as the communication destination. it can. When a plurality of alternative terminal IDs are registered as in the case of the user Frank shown in FIG. 12, priorities may be determined in advance, and alternative terminal IDs to be actually used may be determined in descending order of priority. .

In the above-described embodiment, when the communication destination address reply unit 130 or the communication source address transmission unit 330 receives the connection mediation request, it performs test access to the original communication destination, and is in an inconvenient state. In the alternative, for periodical test access to individual terminals, for terminals that are in an inconvenient state, the address table is The effect may be recorded. In this case, regardless of the presence or absence of the connection mediation request, each terminal device periodically receives test access and receives a check as to whether or not it is in an inconvenient state, and the check result is recorded in the address table. It will be Therefore, when there is a connection mediation request actually, it can be determined based on the record of the address table whether or not it is in an inconvenient state.

Note that the "use inconvenient state" in this modification does not mean only the "unavailable state" as in the state of the battery exhaustion or the state of connection failure to the network. For example, as a function of the terminal device, although it is in a normally usable state, it is considered that the user does not want to arbitrarily use it, and also includes a state in which such setting is performed. For example, when the user sets “incoming call rejection” by his own intention, the terminal device is in “use inconvenient state”. Therefore, in the above example, even if both the smartphone and the personal computer possessed by the user John can operate normally, if the user John sets "rejection of incoming call" to the smartphone, the smartphone It becomes an inconvenient condition.

The setting of “rejecting incoming call” (setting of “use inconvenient state”) may be recorded only in each terminal device, or may be recorded in an address table in the connection mediation device. . By recording in the address table, it is possible to recognize that the user terminal is in the “inconvenient state” without performing test access to each terminal device.

<3-3. Modification to Improve Security (Part 1)>
Here, a modified example for constructing a network communication system with further improved security will be described. Generally, when exchanging information between electronic devices via a network, it is important to secure the authenticity of the other party. Communication with a person whose authenticity is not secured can lead to a cracker attack, which is a security issue. In the case of the network communication system according to the prior application basic invention, communication between each terminal device and the connection mediation device, and communication between the communication source terminal device and the communication destination terminal device are indispensable. Ensuring security in inter-device communication is important.

FIG. 13 is a block diagram showing a modified example of the network communication system according to the first embodiment shown in FIG. 4 in which security is improved. In this modification, two measures are taken to improve the security of the network communication system according to the first embodiment.

The first measure is the addition of mutual authentication processing, and when transmitting and receiving the information indicated by the broken arrows in the figure, mutual authentication processing is performed to confirm the authenticity of the other party between the two. Specifically, first, when transmitting the connection mediation request S2 from the communication source terminal device 200A to the connection mediation device 100, the communication source terminal device 200A and the connection mediation device 100 mutually communicate with each other. A mutual authentication process is performed to confirm the authenticity of the The dashed line indicating the connection mediation request S2 indicates that this mutual authentication process is performed. Therefore, each terminal device 200 and connection mediating device 100 have such an authentication processing function.

In the example shown in the figure, the mutual authentication process when the connection intermediary device 100 sends the communication destination address reply S4 to the communication source terminal device 200A is omitted (the arrow indicating the communication destination address reply S4 is a solid line). Is drawn). This is because, when the connection mediation request S2 is transmitted, the mutual authentication process between the communication source terminal device 200A and the connection mediation device 100 has already been completed, and the authenticity of the other device has been confirmed. It is for. Of course, the mutual authentication process may be performed again when the communication destination address reply S4 is performed.

Further, in the case of the system shown in FIG. 13, also when the communication start request S5 is transmitted from the communication source terminal device 200A to the communication destination terminal device 200B, between the communication source terminal device 200A and the communication destination terminal device 200B. A mutual authentication process is performed to mutually confirm the authenticity of the other device. The dashed line indicating the communication start request S5 indicates that this mutual authentication process is performed. Therefore, each terminal device 200 has such an authentication processing function.

In the illustrated example, the mutual authentication process at the time of performing the communication start acceptance confirmation S6 from the communication destination terminal device 200B to the communication source terminal device 200A is omitted (the arrow indicating the communication start acceptance confirmation S6 is a solid line Is drawn in). This is because mutual authentication processing between the communication source terminal device 200A and the communication destination terminal device 200B has already been completed when transmitting the communication start request S5, and the authenticity of the other device has been confirmed. It is because Of course, the mutual authentication process may be performed again when performing the communication start acceptance confirmation S6.

Various methods are already known as mutual authentication processing for confirming the authenticity of the other party between a pair of devices connected via a network, and therefore detailed description will be omitted here. Generally, mutual authentication processing using the encryption key of the other party is often used. For example, in mutual authentication processing using a public key cryptosystem, one apparatus encrypts specific plaintext data using the public key of the other apparatus, transmits the obtained ciphertext data to the other party, and receives this The other device can adopt a processing procedure of decrypting the ciphertext data using its own encryption key and confirming that the original plaintext data can be restored. If this processing procedure is performed on both sides, it is possible to mutually confirm the authenticity of the other party.

When mutual authentication processing between the communication source terminal device 200A and the communication destination terminal device 200B is performed using the respective encryption keys, using the encryption key, the two parties after establishment of the communication session are used. If the communication S7 is performed by encrypted communication, security can be further improved. Specifically, mutual authentication processing when transmitting the communication start request S5 is performed by processing using the encryption key for the communication source terminal device 200A and the encryption key for the communication destination terminal device 200B, and the communication source terminal If communication S7 after establishment of a communication session between the device 200A and the communication destination terminal device 200B is performed by packet communication for transmitting and receiving a packet encrypted using the encryption key used in the mutual authentication process. Good.

In the system shown in FIG. 13, a second measure taken to improve security is the issuance of an intermediary certificate by the connection intermediary device 100. In the illustrated example, the connection mediating device 100 plays the role of mediating the connection between the communication source terminal device 200A and the communication destination terminal device 200B. The intermediary certificate is a certificate issued by the connection intermediary device 100 in order to prove the fact that “such an intermediary has certainly been performed”. The communication destination terminal device 200B can confirm that the mediation by the connection mediation device 100 is correctly performed by the mediation certificate. Hereinafter, the structure will be described in order.

First, when there is a connection mediation request S2 from the connection mediation request unit 210A to the communication destination address replying unit 130, the communication destination address replying unit 130 receives the transmission of the connection mediation request S2, and specifies the communication source An intermediary certificate is issued indicating that the intermediary process from the terminal device 200A to the specific terminal device 200B which is the communication destination is executed. Then, when the communication destination address reply S4 is performed, the intermediation certificate is sent back to the communication source terminal device 200A together with the communication destination address "AD2".

Therefore, the communication start request unit 240A receives this intermediation certificate together with the communication destination address "AD2". Therefore, when the communication start request S5 is issued to the communication destination address "AD2", the communication start request unit 240A transmits this intermediate certificate together. Then, the communication destination session establishment unit 230B receives the intermediation certificate together with the communication start request S5.

When the communication destination session establishment unit 230B transmits the intermediation certificate together with the communication start request S5 having the communication destination as the communication destination from another terminal apparatus 200A of the communication source, the legitimacy of the intermediation certificate is confirmed. Communication start acceptance confirmation S6 to another terminal apparatus 200A of the communication source under the condition that a communication session is established with another terminal apparatus 200A of the communication source to start communication S7. Make it Of course, if the validity of the intermediation certificate is not confirmed, the communication start acceptance confirmation S6 is not transmitted, and the communication S7 is not started either.

As described above, since the mediation certificate in the above example proves that the connection mediation device 100 has performed “the mediation process from the terminal device 200A to the terminal device 200B”, the communication destination session establishment unit 230B It is possible to confirm the legitimacy of the intermediate certificate by determining whether the content of the communication start request S5 matches the proof content of the intermediate certificate. In the above example, since the communication start request S5 is transmitted from the terminal device 200A and the self-confidence is the terminal device 200B, the mediation proof that "the mediation process from the terminal device 200A to the terminal device 200B is executed" is performed. It can be judged that the book is correct.

The communication destination session establishment unit 230B in the communication destination terminal device 200B receives the communication start request S5 from the communication source terminal device 200A, transmits the communication start acceptance confirmation S6 to the communication source terminal device 200A, and performs communication session To perform communication S7. At this time, there is no problem if the received communication start request S5 is a legitimate signal, but if it is a camouflage signal by a cracker, there is a risk of being damaged by fraud. In addition, when the communication source terminal device 200A is infected with malware, it is hijacked by the cracker, and the communication start request S5 is made by an unauthorized method without following the regular procedure via the connection mediation device 100. There is also the possibility of If the measures to issue the above-mentioned intermediation certificate are taken, it is effective in preventing the fraud by such a cracker.

In consideration of the role of the intermediate certificate, the communication destination address reply unit 130 may create the intermediate certificate, for example, by the following method. First, based on the connection mediation request S2, the location address (“AD1” in the illustrated example) of the specific terminal device 200A serving as the communication source and the location address (in the illustrated example) of the specific terminal device 200B serving as the communication destination "AD2" recognizes. Then, it creates data for intermediary certification that includes these two location addresses. For example, the character strings of both location addresses may be linked as they are and a character string such as “AD1” + “AD2” may be used as data for intermediary certification, and another secret character string “HAPPY” may be added. A character string such as “AD1” + “AD2” + “HAPPY” may be used as data for intermediary certification.

Subsequently, data obtained by applying a one-way function using a predetermined encryption key to the data for mediation proof created in this way may be used as a mediation certificate. For example, as the one-way function, an encryption key for communication source terminal device 200A or an encryption key for communication destination terminal device 200B, or a hash function using both of these encryption keys can be used.

For example, the mediation proof data is composed of a character string “AD1” + “AD2” + “HAPPY”, and the character string is subjected to a mediation by causing a hash function using the public key of the communication destination terminal device 200B to act. Take, for example, the case of creating a certificate. The intermediary certificate created in this way is the hash value of the intermediary certificate data.

On the other hand, the communication destination session establishment unit 230B that has received the intermediation certificate together with the communication start request S5 can confirm the legitimacy of the intermediation certificate according to the following procedure. First, as the address of the transmission source of the communication start request S5, the location address “AD1” of the communication source terminal device 200A can be recognized. It can also recognize its own location address "AD2". Then, by using the secret character string “HAPPY” (this secret character string is managed so that only each component of the network communication system can know) which has been previously decided, “AD1” + Create intermediary certification data consisting of the string "AD2" + "HAPPY".

Subsequently, an intermediary certificate is created by applying a hash function using its own public key to the intermediary certificate data. Finally, it may be confirmed that the intermediation certificate thus created matches the intermediation certificate sent along with the communication start request S5. If the two match, the validity of the intermediate certificate is confirmed. Of course, in the case of non-coincidence, the legitimacy can not be confirmed, so it can be judged that there is a possibility that some fraud has been made. That is, when the legitimacy of the mediation certificate can not be confirmed, it is determined that the communication start request S5 received by the communication destination session establishment unit 230B is not made based on the normal mediation processing by the connection mediation device 100. be able to. In such a case, the communication destination session establishment unit 230B rejects the establishment of the communication session without transmitting the communication start acceptance confirmation S6.

In the above example, the hash value for the data for intermediary certification “AD1” + “AD2” + “HAPPY” is used as the intermediary certificate, but of course, the data for intermediary certification itself is used as the intermediary certificate. It is also possible. However, in order to ensure sufficient security, it is preferable to use the hash value, not the intermediary certificate data itself, as the intermediary certificate. Since the data for mediation proof includes location addresses such as "AD1" and "AD2", it is susceptible to tampering by the cracker. Therefore, in practice, as in the above example, it is preferable to create an intermediary certificate by operating a one-way function using some encryption key.

If you create an intermediary certificate using a one-way function, such as a hash function, you can not restore the original intermediary certificate data, so even if the intermediary certificate is in the hands of a cracker, it will be illegally tampered with. The possibility of receiving can be reduced. From the point of preventing unauthorized tampering, it is effective to create an intermediary proof data by adding a secret string such as "HAPPY" in the above example. Of course, it is also possible to use variable elements such as the date, time, and day of the week when the intermediary certificate is issued as the secret string.

<3-4. Modification to Improve Security (Part 2)>
In the above-described §3-3, the modified example in which the security is improved in the first embodiment of the basic application prior art described in §1 has been described. Here, with respect to the second embodiment of the prior invention basic invention described in § 2, a modified example in which security is improved by the same method will be described.

FIG. 14 is a block diagram showing a modified example of the network communication system according to the second embodiment shown in FIG. 8 in which the security is improved. In this modification, two measures are taken to improve the security of the network communication system according to the second embodiment.

The first measure is the addition of mutual authentication processing, and when transmitting and receiving the information indicated by the broken arrows in the figure, mutual authentication processing is performed to confirm the authenticity of the other party between the two. Specifically, first, when transmitting the connection mediation request S12 from the communication source terminal device 400B to the connection mediation device 300, the communication source terminal device 400B and the connection mediation device 300 mutually communicate with each other. A mutual authentication process is performed to confirm the authenticity of the The dashed line indicating the connection mediation request S12 indicates that this mutual authentication process is performed.

Similarly, also when the communication apparatus address transmission S14 is performed from the connection mediation apparatus 300 to the communication destination terminal apparatus 400A, the authenticity of the other apparatus between the connection mediation apparatus 300 and the communication destination terminal apparatus 400A. Mutual authentication process is performed to confirm the The dashed line indicating the connection mediation request S14 indicates that this mutual authentication process is performed. Therefore, each terminal device 400 and connection mediation device 300 have the above-described authentication processing function.

Further, in the case of the system shown in FIG. 14, when the communication start terminal device 400A transmits the communication start request S15 to the communication source terminal device 400B, between the communication destination terminal device 400A and the communication source terminal device 400B. A mutual authentication process is performed to mutually confirm the authenticity of the other device. The dashed line indicating the communication start request S15 indicates that this mutual authentication process is performed. Therefore, each terminal device 400 is provided with such an authentication processing function.

In the illustrated example, the mutual authentication process at the time of performing the communication start acceptance confirmation S16 from the communication source terminal device 400B to the communication destination terminal device 400A is omitted (the arrow indicating the communication start acceptance confirmation S16 is a solid line Is drawn in). This is because when the communication start request S15 is transmitted, the mutual authentication process between the communication destination terminal device 400A and the communication source terminal device 400B has already been completed, and the authenticity of the other device has been confirmed. It is because Of course, the mutual authentication process may be performed again when performing the communication start acceptance confirmation S16.

The specific method of the mutual authentication process is as already described in 3-33-3. Also in the case of the modified example shown in FIG. 14, communication S17 between the two terminal devices after establishment of the communication session may be performed by encrypted communication using the encryption key used in the mutual authentication process.

In the system shown in FIG. 14, the second measure taken to improve security is the issuance of an intermediary certificate by the connection intermediary device 300. In the illustrated example, the connection mediating device 300 plays the role of mediating the connection between the communication source terminal device 400B and the communication destination terminal device 400A. The intermediary certificate is a certificate issued by the connection intermediary device 300 in order to prove the fact that “such an intermediary has certainly been performed”. The communication source terminal device 400B can confirm that the mediation by the connection mediation device 300 is performed correctly by the mediation certificate. Hereinafter, the structure will be described in order.

First, when there is a connection mediation request S12 from the connection mediation request unit 410B to the communication source address transmission unit 330, the communication source address transmission unit 330 receives the transmission of the connection mediation request S12, and specifies the communication source An intermediary certificate is issued indicating that an intermediary process has been performed from the terminal device 400B to the specific terminal device 400A that is the communication destination. Then, when the communication source address reply S14 is performed, the intermediation certificate is sent back to the communication destination terminal device 400A together with the communication source address "AD2".

Therefore, the communication start request unit 440A receives this intermediation certificate together with the communication source address "AD2". Therefore, when making a communication start request S15 to the communication source address "AD2", the communication start request unit 440A transmits this intermediate certificate together. Then, the communication source session establishment unit 430B receives the intermediation certificate together with the communication start request S15.

When the communication source session establishment unit 430B transmits the intermediation certificate together with the communication start request S15 having the communication source as the communication source from another terminal device 400A of the communication destination, the validity of the intermediation certificate is confirmed. On the condition that the communication start acceptance confirmation S16 is transmitted to the other terminal device 400A of the communication destination, and a communication session is established with the other terminal device 400A of the communication destination to start communication S17. Make it Of course, if the validity of the intermediation certificate is not confirmed, the communication start acceptance confirmation S16 is not transmitted, and the communication S17 is not started either.

As described above, since the mediation certificate in the above example proves that the connection mediation device 300 has performed “the mediation process from the terminal device 400B to the terminal device 400A”, the communication source session establishment unit 430B It is possible to confirm the legitimacy of the intermediation certificate by determining whether the content of the communication start request S15 matches the proof content of the intermediation certificate. In the above example, since the communication start request S15 is transmitted from the terminal device 400A and the self-confidence is the terminal device 400B, the mediation proof that "intermediate processing from the terminal device 400B to the terminal device 400A has been executed" is performed. It can be judged that the book is correct.

The communication source session establishment unit 430B in the communication source terminal device 400B receives the communication start request S15 from the communication destination terminal device 400A, transmits the communication start acceptance confirmation S16 to the communication destination terminal device 400A, and performs communication session To perform communication S17. At this time, there is no problem if the received communication start request S15 is a legitimate signal, but if the signal is a camouflage signal by a cracker, there is a risk of being damaged by fraud. In addition, when the communication destination terminal device 400A is infected with malware, it is hijacked by a cracker, and the communication start request S15 is made by an unauthorized method without following the regular procedure via the connection mediation device 300. There is also the possibility of If the measures to issue the above-mentioned intermediation certificate are taken, it is effective in preventing the fraud by such a cracker.

The specific method of creating an intermediary certificate is as described in 3-33-3. That is, also in the case of the modification shown in FIG. 14, the communication source address transmission unit 330 is the location address “AD2” of the specific terminal device 400B as the communication source and the location address “A” of the specific terminal device 400A as the communication destination. An intermediary certificate is operated by acting a one-way function using a predetermined encryption key on data for intermediary certification (including other secret character strings may be added if necessary) including “AD1”. Create it. As the one-way function, an encryption key for the communication source or an encryption key for the communication destination, or a hash function using both of these encryption keys can be used. The specific procedure of the legitimacy confirmation using such an intermediary certificate is as already described in 3-3 3-3, and the description is omitted here.

<<< 4. 4. Practical embodiment using a router >>>
In the first embodiment and the second embodiment of the prior invention basic invention described above, each of the terminal devices 200A to 200D and 400A to 400D is directly connected to the network N (the Internet) for the convenience of illustrating the basic principle of each invention. The description has been made using the diagrams (see FIGS. 1 and 6) showing the connected state. However, usually, each terminal device is connected to the network N (Internet) via a router. Therefore, a practical embodiment in which a terminal device is connected to a network via a router will be described here in the basic application of the prior application.

<4-1. Basic embodiment using a router>
FIG. 15 is a block diagram showing an embodiment of the prior application basic invention in which a terminal device is connected to a network N via a router. Specifically, FIG. 15 shows a state in which three terminal devices 200E, 200F, and 200G are connected to the network N (the Internet) via the same router R.

As described above, the terminal device 200 in the basic application basic invention is any device as long as it is an electronic device such as a personal computer, a mobile phone, a tablet terminal, etc., having a function of connecting to the network N and performing communication. I don't care. In recent years, corporate LANs and home LANs have become widespread, and personal computers and tablet terminals are usually connected to the Internet via routers installed in companies and homes. Also, in recent mobile phone communication networks, base stations having a router function have been used, and mobile phones can be connected to the Internet via the base station having this router function.

Therefore, each terminal device used in the basic application of the prior application is practically connected to the Internet via the router R, as illustrated in FIG. The router R has a function of constructing a LAN, and in the illustrated example, a portion drawn on the left side of the router R constitutes one subnet, and a class C private IP address is assigned. Specifically, each terminal apparatus is assigned an IP address having a network unit “192.168” and host units “0.11”, “0.12”, and “0.13”. Communication between devices in this subnet can be performed without going through router R, but when accessing devices outside the subnet, communication via router R is required.

In the illustrated example, a private IP address of “192.168.0.11” is assigned to the terminal device 200E (terminal ID: 0050), and a private IP address of “192.168.0.12” is attached to the terminal device 200F (terminal ID: 0060). An IP address is assigned, and a private IP address "192.168.0.13" is assigned to the terminal device 200G (terminal ID: 0070). In addition, port numbers are used together with these IP addresses for actual communication. In the figure, port number P1 is for one communication path of terminal device 200E, port numbers P2 and P3 are for two communication paths of terminal device 200F, and port numbers P4 to P7 are for four communication paths of terminal device 200G. An example given is shown.

The port number consists of 2 bytes of data and is used to identify the communication endpoint. For example, in the terminal device 200F shown in the figure, two sets of application programs APP1 and APP2 operating under a predetermined OS program are installed, and a port number P2 is assigned to the communication path for APP1. The port number P3 is assigned to the communication path of Therefore, even for communication using the same IP address “192.168.0.12”, it is possible to distinguish between communication for APP1 and communication for APP2 by the difference in port number P2 / P3.

On the other hand, although two sets of application programs APP1 and APP2 are also installed in the terminal device 200G shown in the figure, two sets of port numbers P4 and P5 are allocated for APP1, and two sets of port numbers for APP2. P6 and P7 are assigned. As described above, it is also possible to assign a plurality of port numbers to the same application program to distinguish a plurality of communication paths from one another. For example, when the application program APP1 is a web browser program, the port number P4 is assigned to communication on the first web page, and the port number P5 is assigned to communication on the second web page. For example, it becomes possible to perform separate and independent communication with each other web server. In this way, port numbers can be arbitrarily assigned according to the convenience of individual application programs.

Here, the following description will be continued assuming that the illustrated application program APP2 is a dedicated communication application program for performing the function as the network communication system according to the prior invention basic invention. In other words, the illustrated terminal devices 200F and 200G are devices such as general-purpose personal computers, smart phones, and tablet-type terminals that operate under the management of a predetermined OS program, and install the communication application program APP2 dedicated to the devices. By doing this, these devices will function as a terminal device according to the basic application of the prior application.

In this case, a self address notification unit 250, a communication request reception unit 220, a connection mediation request unit 210, a communication start request unit 240, a communication source session establishment unit 260, and a communication destination session establishment which are components of the terminal device 200 shown in FIG. The processing function of the unit 230 is realized by executing the communication application program APP2 (a part of the processing functions may be realized by the execution of the OS program). Similarly, a self address notification unit 450, a communication request reception unit 420, a connection mediation request unit 410, a communication start request unit 440, a communication source session establishment unit 430, and a communication destination session establishment which are components of the terminal device 400 shown in FIG. The processing function of the unit 460 is realized by executing the communication application program APP2 (a part of the processing functions may be realized by execution of the OS program).

In FIG. 15, a block showing the application program APP2 and its communication path are shown by thick lines. Communication between each of the terminal devices 200E, 200F, and 200G and devices outside the subnet is performed via the router R. The router R has a network address translation function (NAT (Network Address Translation) function), and the private IP address assigned to the communication path connected to the inside (the left side of the router R in the figure) In addition to the conversion to the global IP address assigned to the communication path connected to the right side of the router R) in, the reverse conversion is also performed.

In the case of the illustrated example, private IP addresses "192.168.0.11" to "192.168.0.13" assigned to the inside of router R and global IP addresses "xx.73.5.111" assigned to the outside of router R Address conversion with (hereinafter referred to as ADx) is performed. Here, xx in the global IP address indicates an arbitrary 1-byte data (in this application, a part of the global IP address is xx, yy, zz, etc. in order to avoid identification of a unique global IP address). I will refer to the symbol). In addition, at the time of the address conversion, conversion of the port number is also performed by a function generally called NAPT (Network Address Port Translation).

For example, the combination "192.168.0.12 (P3)" of the private IP address and the port number given to the communication path from the communication application program APP2 of the terminal device 200F is the combination "xx. 75.1.111 (P13) ". Therefore, for an external device connected via the network (Internet) N, the APP 2 of the terminal device 200 F has a location address “xx.73.5.111 (P13)” (information obtained by adding a port number to an IP address) Will be identified by Similarly, APP2 of the terminal device 200G is specified by the location address “xx.73.5.111 (P16)” or “xx.73.5.111 (P17)”.

In the illustrated example, the same global IP address ADx (specifically, “xx.73.5.111”) is given to a plurality of communication paths outside the router R, but the port numbers are respectively Because they are different, they can be distinguished from each other. Conversely, when there is access from the device outside the router R to the device inside, processing is performed to convert the global IP address ADx into a private IP address. For example, when there is access from an external device to a location address “xx.73.5.111 (P16)”, the location address is converted to “192.168.0.13 (P6)”, and the communication application program of the terminal device 200G It is processed as an access to the first communication channel of APP2. Such a NAPT function is a widely used existing technology, so a detailed description is omitted here.

The terminal device 200, which is a component of the network communication system according to the prior invention basic invention, includes a self address notification unit 250 as shown in FIG. A process of notifying the connection mediating apparatus 100 of the location address indicating the location at the top is performed. As described above, this notification process is actually executed by the communication application program APP2 installed in the terminal device 200.

Therefore, also in the case of the embodiment shown in FIG. 15, the communication application program APP2 notifies the location address to the connection mediating device 100, and the address table updating unit 120 in the connection mediating device 100 receives the notification. For each of the terminal devices, processing of writing information in which the terminal ID and the location address are associated in the address table T in the address table storage unit 110 is executed.

In the case of the embodiment shown in FIG. 15, since the terminal devices 200F and 200G are connected to the network N via the router R, the self-address notifying unit 250 is a private IP in a LAN (subnet) managed by the router R. Performs processing to notify the address as the location address. However, this private IP address is converted to a global IP address ADx by the NAT function of the router R and transmitted to the network N. Therefore, the address delivered to the connection mediation device 100 is not a private IP address but a global IP address ADx, and the address table update unit 120 stores this global IP address ADx in the address table T as a location address. I do.

Further, in the case of the embodiment shown in FIG. 15, information obtained by adding a port number to an IP address is used as a location address indicating the location of each terminal apparatus on the network. For this reason, the self address notification unit 250 performs processing to notify information obtained by adding the port number to the private IP address as the location address, and the information is converted by router R into information obtained by adding the port number to the global IP address. , Reach the connection mediation device 100. Therefore, information obtained by adding the port number to the global IP address is written to the address table T as the location address.

FIG. 16 is a diagram showing an example of an address table in the case where information obtained by adding a port number to an IP address is used as a location address in the embodiment shown in FIG. The address table T41 shown in FIG. 16A is “terminal ID: 0060 based on the notification from the own address notification unit 250 (communication application program APP2) in the terminal device 200F (terminal ID: 0060) shown in FIG. Write the location address (combination of the IP address ADx and the port number P13) corresponding to “” and also notify from the self address notification unit 250 (communication application program APP2) in the terminal device 200G (terminal ID: 0070) In this example, the location address (combination of the IP address ADx and the port number P16, and the combination of the IP address ADx and the port number P17) is written based on the “terminal ID: 0070”.

In the case of the example shown in FIG. 15, the own address notification unit 250 (communication application program APP2) in each of the terminal devices 200F and 200G performs processing of transmitting information in which a port number is added to a private IP address as a location address. Since the router R converts the information into the global IP address with the port number added, the location address actually stored in the address table T41 is, as illustrated, a combination of the global IP address ADx and the port number after conversion. become.

For example, from the self address notifying unit 250 of the terminal device 200F, the information obtained by adding the port number "P3" to the private IP address "192.168.0.12" as the location address indicating the location of the transmission source is the terminal ID " However, when passing through the router R, the location address indicating the location of the sender, which is the source, is the port number “P13” with the global IP address “xx.73.5.111”. Will be converted to the information added. Therefore, in the address table T41, a combination of the global IP address ADx “xx.73.5.111” and the port number “P13” is written as the belonging address corresponding to the terminal ID “0060”.

The address table T42 shown in FIG. 16 (b) is an example of information of the location address column of the address table T41 shown in FIG. 16 (a) as specific data. As described above, in the case of the example shown in FIG. 15, since the global IP address “xx.73.5.111” is assigned to the communication path outside the router R, the address table T42 shown in FIG. The data "xx.73.5.111" is stored in the IP address column of the table. On the other hand, the port number given to the communication path outside router R is a 2-byte number generated so as not to overlap each other by router R, and in the example shown in FIG. 16 (b), 62801 to 62803 Data is stored.

After all, an address table T42 as shown in FIG. 16B is stored in the connection mediating apparatus 100 shown in FIG. 15 for the terminal devices 200F and 200G. Therefore, when there is a connection mediation request including the terminal ID "0060" as communication destination specifying information from an external communication source (not shown), the communication destination address replying unit 130 in the connection mediation device 100 refers to the address table T42. By doing this, the location address corresponding to the terminal ID “0060” (information obtained by adding the port number “62801” to the IP address “xx.735.111”) is returned as the communication destination address. Therefore, the terminal apparatus serving as the communication source can issue a communication start request to the communication destination specified by the IP address “xx.735.111” and the port number “62801”.

The example using the router R in the first embodiment (the embodiment using the connection mediation device 100 and the terminal device 200) mainly shown in FIG. 1 has been described above, but the second embodiment (the connection mediation shown in FIG. 7) The same applies to the case where the router R is used in the embodiment using the device 300 and the terminal device 400).

The address table updating units 120 and 320 in the connection mediating apparatus 100 and 300 update the address table illustrated in FIG. 16 each time a notification of the location address is received from the self address notifying unit 250 or 450 of each terminal device. Do the processing. As described above, in the case of the embodiment shown in FIG. 15, the processing function of the self address notifying unit of the terminal devices 200F and 200G is realized by executing the communication application program APP2 operating under the management of a predetermined OS program. .

Therefore, in practice, it is preferable to perform the notification process of the self address by the self address notification unit 250, 450 at the timing shown in the table of FIG. Timing (1) in the illustrated table is when the user inputs an operation to the communication application program APP2. For example, after the communication application program APP2 is started, a message such as "Prepare for communication (Yes / No)?" Is displayed, and when the user performs an operation input instructing "Yes", An address notification process may be performed. Normally, when the communication application program APP2 is activated, the private IP address of the terminal apparatus and the global IP address corresponding to this have already been determined, and an environment for performing notification processing of the own address is established.

The timing (2) in the illustrated table is at the start of the communication application program APP2. When this timing (2) is adopted, the notification process of the self address is automatically executed without waiting for the display of the message described above and the operation input by the user. In practice, the processing function as the self address notifying unit 250 or 450 may be incorporated into the start routine of the program APP2.

Timing (3) in the illustrated table is at the time of activation of the OS program, which is substantially at the time of activation of the terminal device. When this timing (3) is adopted, the processing function as the self address notifying unit 250 or 450 may be incorporated into the boot routine of the OS program. Usually, processing to determine the private IP address of the terminal device and the corresponding global IP address is performed in the start-up routine of the OS program, so if self-address notification processing is automatically performed after that. Good.

<4-2. Example using VPN>
Subsequently, an embodiment using a VPN (Virtual Private Network) in a network communication system according to the prior invention basic invention will be described. FIG. 15 exemplifies an embodiment in which a terminal apparatus is connected to the network N via the router R. In the case of this example, the local network built inside the router R (left side in the figure) constitutes one private network, and each of the terminal devices 200E, 200F, 200G is a network unit of “192.168”. A private IP address beginning with is assigned. As a method of extending such a private network across public networks such as the Internet N, VPN technology is widely used.

FIG. 18 is a block diagram showing an entire configuration of an embodiment using a VPN in the network communication system according to the prior invention basic invention. Here, for convenience of explanation, three terminal devices 200H, 200I, 200J (terminal IDs are respectively 0081, 0082, 0083, respectively) set in the Tokyo head office of a certain company, and one terminal installed in the Paris branch office A simple example in which a VPN is constructed by a total of four terminal devices 200 K (terminal ID is 0091) will be shown. Also, the three terminal devices 200H, 200I, and 200J installed at the Tokyo head office are called the first terminal devices belonging to the first group, and one terminal device 200K installed at the Paris branch office is made the second group. It will be called the second terminal apparatus to which it belongs.

As illustrated, the first terminal devices 200H, 200I and 200J are connected to the network (Internet) N via a first router R1, and the second terminal device 200K is connected via a second router R2. Network (Internet) N is connected. Therefore, basically, the first terminal devices 200H, 200I, and 200J arranged above the first router R1 in the figure are hosts in the first LAN managed by the first router R1. As a result, the second terminal device 200K disposed below the second router R2 in the figure is a host in the second LAN managed by the second router R2.

Therefore, a private IP address in the first LAN managed by the first router R1 is given to the first terminal device 200H, 200I, 200J, and a second router is given to the second terminal device 200K. A private IP address in the second LAN managed by R2 is assigned. Further, similarly to the example shown in FIG. 15, a port number is also assigned together with the IP address.

In the case of the illustrated example, a private IP address of class B is assigned to the first LAN, and “172.16.6.11 (P1)” and “172.16” are assigned to the first terminal devices 200H, 200I and 200J, respectively. The IP addresses and port numbers are given as “6.12 (P2)” and “172.16.6.13 (P3)” (port numbers P1, P2, P3, etc. are actually 2 bytes of data). These pieces of information are assigned by the first router R1, respectively, to the global IP address ADy as "yy.88.105.19 (P11)", "yy.88.105.19 (P12)", and "yy.88.105.19 (P13)". It is connected to the Internet N after being converted to a combination of the and port numbers. On the other hand, in the illustrated example, a private IP address of class C is assigned to the second LAN, and an IP address and a port number of “192.168.99.11 (P4)” are assigned to the second terminal device 200K. Is granted. This information is converted by the second router R2 into a combination of a global IP address ADz of "zz.99.214.28 (P21)" and a port number, and is then connected to the Internet N.

In this state, the first LAN to which the first terminal devices 200H, 200I and 200J belonging to the first group belong and the second LAN to which the second terminal device 200K belonging to the second group belongs Is a separate and independent private network, but in the case of the illustrated embodiment, a VPN is constructed to extend the range of the first LAN across the Internet N. That is, a private IP address and port number "192.168.99.11 (P4)" in the second LAN managed by the second router R2 are given to the second terminal device 200K, and the first router R1 is The private IP address and port number "172.16.6.14 (P5)" in the first LAN managed by the virtual LAN are virtually assigned as VIP addresses, and the first terminal devices 200H, 200I, 200J and the second VPN settings are made between the terminal device 200 K and the terminal device 200 K so that they can communicate with each other using this VIP address.

Therefore, as indicated by the broken line in the figure, the terminal device 200K installed in the Paris branch office is the first LAN managed by the first router R1, like the terminal devices 200H, 200I and 200J installed in the Tokyo head office. It can be handled as an internal terminal device. FIG. 19 is a diagram showing the principle of VNP communication in the embodiment shown in FIG. The illustrated example shows VPN communication between the terminal device 200H installed at the Tokyo head office and the terminal device 200K installed at the Paris branch office.

As shown in FIG. 19, a VPN communication unit 201H is provided in the terminal device 200H, and a VPN communication unit 201K is provided in the terminal device 200K, and a VPN encrypted communication path is established between the two. Since the data exchanged between the two are encrypted, in fact, although information is transmitted via a public network such as the Internet N, it has convenience and security as if it were private network. Information can be sent and received. The VPN communication units 201H and 201K are actually constructed by dedicated VPN application programs installed in the respective terminal devices. Since the specific structure of such a VPN is a known technique, detailed description is omitted here.

By the way, when using such a VPN structure in the network communication system according to the prior application basic invention, it is convenient to store the VIP address in the address table T stored in the connection mediation device 100. is there. FIG. 20 is a diagram showing an example of an address table to which a VIP address is added for use in the embodiment shown in FIG. The address table T51 shown in FIG. 20 (a) is a location address (IP address and port) corresponding to each terminal ID based on the notification from the own address notification unit 250 in the terminal devices 200H to 200K which are members of the VPN. Number) is stored.

Here, the terminal devices 200H to 200J (terminal ID: 0081 to 0083) are devices belonging to the first LAN built at the Tokyo head office, but the terminal device 200K (terminal ID: 0091) is at the Paris branch office. It is a device that belongs to the constructed second LAN. However, the first LAN is virtually extended to the terminal device 200K according to the above-described VPN structure, and the terminal device 200K is assigned a VIP address “VIP (200 K)”. Therefore, for the terminal ID "0091" of the address table T51 shown in FIG. 20A, a VIP address "VIP (200K)" is further stored in the VIP column.

The address table T52 shown in FIG. 20 (b) is an example of information of the location address column and the VIP column of the address table T51 shown in FIG. 20 (a) as specific data. In the case of the example shown in FIG. 18, information in which port numbers P11 to P13 are added to the global IP address ADy "yy.88.105.19" is given as the location address to each communication path outside the first router R1. In the IP address column of the terminal ID “0081 to 0083” of the address table T52 shown in FIG. 20 (b), data “yy.88.105.19” is stored, and the port number column is stored. Stores a 2-byte number “54701 to 54703” generated by the first router R1.

On the other hand, in each communication path outside the second router R2, information obtained by adding the port number P21 to the global IP address ADz “zz.99.214.28” is given as a location address, as shown in FIG. b) Data of "zz.99.214.28" is stored in the IP address column of the terminal ID "0091" of the address table T52 shown in b), and the port number column is generated by the second router R2 The 2-byte number "61999" is stored. Further, in the VIP column of the terminal ID "0091", a VIP address "172.16.6.14" (virtual private address for the first LAN given to the terminal device 200K by setting of VPN) Is stored.

As described above, in order to store the VIP address "172.1.6.6.14" in the VIP column of the address table T52, the setting of the VPN for the connection mediation device 100 is made in the self address notifying unit 250 of the second terminal device 200K. And the address table updating unit 120 has a function of storing the VIP address in the address table T52 in association with the location address of the second terminal device 200K. Just do it.

Thus, when the VIP address of the second terminal device 200K is stored in the address table T52, for example, when the first terminal device 200H communicates with the second terminal device 200K as a communication destination. In addition, the connection intermediation request unit 210 of the first terminal device 200H can specify the communication destination by using the VIP address “VIP (200K)” of the second terminal device 200K as the communication destination identification information.

Specifically, if the connection intermediation request unit 210 of the terminal device 200H performs a connection intermediation request including a VIP address of “172.1.6.6.14” as communication destination specification information, the communication destination address in the connection intermediation device 100 The reply unit 130 replies the location address "zz.99.214.28 (61999)" corresponding to the VIP address "172.1.6.6.14" as the communication destination address by referring to the address table T52 shown in FIG. 20 (b). be able to. Normally, when the VPN setting is performed, the terminal device 200 K is recognized as a device having a VIP address of “172.1.6.6.14” in the layer of the application program, so a connection mediation request is made using this VIP address. It would be useful if it could be done.

Of course, if necessary, the port number "P5" may be stored together with the VIP address "172.16.6.14". Then, using the information “172.16.6.14 (P5)”, it is possible to make a connection mediation request including designation of a specific port number.

The example of virtually expanding the range of the private network by setting the VPN in the first embodiment (the embodiment using the connection mediation device 100 and the terminal device 200) of the prior application basic invention shown in FIG. 1 has been described above. However, the same applies to the case where the setting of the VPN is performed in the second embodiment (embodiment using the connection mediation device 300 and the terminal device 400) of the prior application basic invention shown in FIG.

<<< 5. 5. Technical problems solved by the present invention >>>
So far, the network communication system according to the prior application basic invention described in International Application PCT / JP2017 / 006131 has been described. However, in the system according to the prior application basic invention, inter-terminal communication may be interrupted depending on the network environment. Hereinafter, specific cases in which such troubles occur will be described.

FIG. 21 is a block diagram showing a specific example in which a communication failure occurs in the network communication system according to the prior invention basic invention. The figure shows that two sets of terminal devices 200A and 200B are connected to the network N (the Internet) via the routers RA and RB, respectively. As described above, the details of the embodiment in which the terminal device is connected to the network using the router are as described in §4. In practice, many terminal devices are connected to the network N via a router as shown.

In the case of the first embodiment of the prior invention basic invention described in § 1, connection mediation is performed by the connection mediation device 100 between both terminals. Three arrows of thick arrows, thin arrows, and white arrows shown in the figure are, as used in 1,1 and 22, arrows indicating the flow of signals between the blocks. That is, thick arrows L1 and L2 indicate signals exchanged between the terminal device 200A or 200B and the connection mediation device 100, and thin arrows L3 indicate before the communication session is established between the pair of terminal devices 200A and 200B. The flow of signals to be exchanged is shown, and the white arrow L4 shows the flow of signals to be exchanged after establishing a communication session between the pair of terminal devices 200A and 200B.

In practice, the flow of signals indicated by the three types of arrows L1 to L4 passes through the router and the network N. For example, the bold arrow L1 is the signal flow through the router RA and the network N, and the bold arrow L2 is the signal flow through the router RB and the network N. A thin arrow L3 and a white arrow L4 indicate the flow of signals through the router RA, the network N, and the router RB.

As described in §4, the terminal device connected to the router is assigned the private IP address PIP, but when the signal travels through the router to the Internet N, it is converted to the global IP address GIP. In the illustrated example, PIP = "192.168.2.1" is given to the terminal device 200A, but when the signal passes through the router RA, PIP = "192.168.2.1" is a global IP address GIP = " It has been converted to "xx.5.1.1". Similarly, PIP = "192.168.10.1" is given to the terminal device 200B, but when the signal passes through the router RB, PIP = "192.168.10.1" is a global IP address GIP = "xx.5.7. Converted to .1. Actually, as described in §4, the conversion is also performed for the port number, but the description for the port number is omitted here.

Thus, the routers RA and RB have a network address translation function (NAT (Network Address Translation) function), and are provided for the communication path connected to the inside (the lower side of the routers RA and RB in the figure). The private IP address is converted to a global IP address assigned to a communication path connected to the outside (upper side of the routers RA and RB in the figure), and the reverse conversion is also performed. There are several types of NAT, specifically, the types such as "Full cone NAT", "Restricted cone NAT", "Port restricted cone NAT", "Symmetric NAT (Symmetric NAT)" ing.

Each NAT type specifies that address conversion is performed according to each specific specification, and the installer of the router considers an appropriate NAT type for each router in consideration of security problems and usage convenience. Will be set. Here, the NAT types to be noted in implementing the network communication system according to the prior application basic invention are “Symmetric NAT (Symmetric NAT)” and “Port restricted cone NAT”. In the present application, the “Symmetric NAT (Symmetric NAT)” and the “Port restricted cone NAT” will be referred to as “a gateway NAT” for convenience. A router to which this "gateway type NAT" is set is "For packets sent from an external host to an internal host (internal terminal device), the external host has received a packet from the internal host in the past. Perform address conversion under the restriction that only packets from the host are passed. For this reason, when the network communication system according to the basic application invention is used, communication with the terminal device inside the router where the gateway NAT is set will be hindered.

For example, in the example of FIG. 21, it is assumed that the NAT of the router RB is set. In this case, when transmitting a signal from the inside to the outside via the router RB, address conversion is performed without any particular limitation. Therefore, a packet from the terminal device 200B to the Internet N can freely pass through the router RB. However, when sending a signal from the outside to the inside through the router RB, the router RB plays the role of a gateway. That is, when a packet is sent from the Internet N to the terminal device 200B, if the sender is an external host that has received a packet from the terminal device 200B in the past, the router RB takes in the packet. Delivery to the terminal device 200B (internal host), but if it is another external host, it is blocked.

Therefore, when the router RB is a router of the gateway NAT, the packet transmitted to the terminal device 200B along the thick arrow L2 mainly by sending the connection mediation device 100 passes the router RB without any problem. Although the packet reaches the device 200B, the packet sent to the terminal device 200B along the thin arrow L3 mainly as the terminal device 200A may be blocked by the router RB. The reason is as follows.

As described in 1,1 and 22, each of the terminal devices 200A and 200B in the network communication system according to the prior application basic invention repeatedly notifies the connection mediation device 100 of its present location address at a predetermined timing. There is. Therefore, the connection mediation device 100 is "an external host that has received a packet from the internal host (terminal device 200B) in the past", and the packet addressed to the terminal device 200B from the connection mediation device 100 is a router RB. Can pass through. However, since the terminal device 200A does not necessarily correspond to "an external host that has received a packet from the internal host (terminal device 200B) in the past", the packet addressed to the terminal device 200B from the terminal device 200A is a router It may be blocked by RB.

As described above, when direct communication between terminals is blocked, connection mediation processing by the network communication system according to the basic application prior art does not function properly. For example, in the case of the example shown in FIG. 4, when the communication start request S5 from the communication start request unit 240A of the communication source terminal device 200A is blocked by the router and does not reach the communication destination terminal device 200B, the communication destination session establishment unit 230B can not establish a communication session, and communication (S7) between both terminals will not be realized. Such a situation is the same as in the case of the second embodiment of the basic application for the prior application described in §2.

Although the example of the communication failure caused by the end-to-end communication being blocked by the router in which the gateway NAT is set up has been described above, there are other causes for the end-to-end communication to be blocked. For example, several protocols, such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), are used as a protocol of the transport layer of communication between terminals via the Internet. In TCP, emphasis is placed on accuracy rather than communication speed, and although devices have been devised to ensure that packets reach the other party, the communication load increases. On the other hand, in UDP, since the emphasis is on communication speed rather than accuracy, packets may be lost, but the communication load is reduced. Therefore, TCP is used for browsing web screens and the like, and UDP is used for voice communication such as telephone calls.

Of course, in the network communication system according to the basic application of the prior application, TCP can be adopted as a communication protocol, and UDP can also be adopted. Therefore, for example, if a system mainly for voice communication is to be constructed, it is preferable to construct a system using UDP to reduce the overall communication load. However, UDP packets may be blocked along the way. For example, if a firewall installed between terminals is specified to block UDP packets, the UDP packets can not pass through the firewall and can not reach the other party.

As described above, in the system according to the first aspect of the present invention, communication between terminals may be interrupted depending on the network environment. The present invention has been made to solve such a problem, and even if direct communication between terminals is provided with some restriction due to various factors as described above, communication between the two terminals is also possible. Provide a way to take measures that will allow you to

In the network communication system according to the present invention, another communication method is premised on direct communication (referred to as "normal communication" herein) between the terminal devices as in the system according to the basic application basic invention As a method, a method called "detour communication" in which communication is indirectly performed via the connection mediation device is prepared. Then, when normal communication fails or when failure in normal communication is expected, communication between both terminals can be performed without trouble by performing detour communication instead of normal communication. ing.

In this bypass communication, all information packets between the two terminals are exchanged via the connection mediation device. As described in 1,1 and 22, each terminal device has a function of notifying the connection mediation device of the current self address at a predetermined timing, so the connection mediation device is under the router of the gateway NAT. The terminal device is also "an external host that has received a packet in the past". Therefore, even if the direct communication between the terminal devices is blocked by the router, the communication between the terminal device and the connection mediation device is not blocked, and the bypass communication will be performed without any problem.

If the system is built on the assumption that normal communication is performed by UDP, if detour communication is performed by TCP, the detour communication should be used instead even if normal communication can not be performed by the UDP block. Thus, communication between the two can be performed without any problem.

Of course, when detour communication is performed instead of normal communication, the connection mediation device needs to relay all the information packets exchanged between the two terminal devices, which increases the processing load. Therefore, when detour communication is performed, the operation effect of "reducing the processing load when mediating connection between a pair of terminal devices", which is a feature of the basic application of the prior application, can not be obtained. However, in the network communication system according to the present invention, basically, the operation based on the normal communication is performed in the same manner as in the basic application of the prior application, and bypassing is performed only for special cases in which communication between terminals is interrupted by the network environment Since communication is to be performed, as a whole, as in the basic application of the prior application, an operation and effect of "reducing the processing load when mediating a connection between a pair of terminal devices" can be obtained, and further, Even when there is a problem in the direct communication between the terminal devices, an inherent effect is obtained that communication between the two can be performed without any problem.

In the present invention, the following three approaches are prepared as approaches for performing detour communication instead of normal communication.
(1) Detour communication at the time of failure It is a method of switching to the detour communication when it is found that the normal communication has failed, and the specific contents will be described in detail in §6.
(2) Bypass communication in the case of local NAT If the NAT type of the router used by each terminal device is checked in advance, and a failure of normal communication is expected due to the presence of the router on which the local NAT is set Instead of normal communication, it is a method of performing bypass communication, and the specific contents will be described in detail in §7.
(3) Bypass communication in case of UDP block If a system is built on the assumption of normal communication by UDP, and a failure of normal communication is expected due to the presence of an element that blocks UDP on the communication path, This is a method of performing bypass communication by TCP instead of normal communication, and the specific contents will be described in detail in §8.

<<< 6. 6. Approach to conduct detour communication at failure >>>
The embodiment described in this section 6 adopts a method of detecting the failure and switching to the bypass communication when the normal communication based on the procedure shown in FIG. 5 or 9 fails in the system according to the basic application basic invention. It is an embodiment. Hereinafter, an example in which such a method is applied to the first embodiment (FIG. 2) of the prior application basic invention shown in § 1 will be described as Example 1, and the second application of the prior application basic invention shown in § 2 will be described. An example applied to the embodiment (FIG. 7) will be described as a second embodiment. Of course, various modifications described in §3 and 44 can also be applied to the first and second embodiments described below. Each component shown as a block in each of the first and second embodiments is actually realized by a dedicated program incorporated in a computer, like the system according to the prior application basic invention described above. It will be

6-1. Example 1>
FIG. 22 is a block diagram showing a detailed configuration of the terminal device 201 in the network communication system according to the first embodiment of the present invention. The terminal device 201 shown here performs communication by adding some corrections to the communication start request unit 240 and the communication source session establishment unit 260 in the terminal device 200 according to the first embodiment of the prior invention basic invention shown in FIG. The start request unit 241 and the communication source session establishment unit 261 further include a bypass communication processing unit 271 (in the figure, a new component is indicated by a bold line frame block) as a new component. The connection intermediation request unit 210, the communication request reception unit 220, the communication destination session establishment unit 230, and the self address notification unit 250, which are the other components, are the same as the respective components of the same reference numerals shown in FIG. The details of are as already described in §1.

Further, in the first embodiment shown in FIG. 22, a connection mediating apparatus 101 is used instead of the connection mediating apparatus 100 shown in FIG. The connection mediating apparatus 101 is obtained by adding the function of relaying the detour communication to the function of the connection mediating apparatus 100 shown in FIG. 2 and the details of the configuration will be described later. As a result, in the first embodiment shown in FIG. 22, the component indicated by the block in which the first digit in the three-digit code is “1” is the unique component to the first embodiment. .

Similar to the system of the prior invention shown in FIG. 2, the system according to the first embodiment includes a plurality of terminal devices (for convenience, only one terminal device 201 can be connected to each other via the network N). And a connection mediation device 101 that mediates the connection between the plurality of terminal devices. Here, each terminal device 201 is provided with a terminal ID for mutually identifying each terminal device, and the connection mediation device 101 uses the terminal ID as a communication source terminal device and the like. The processing of mediating the connection with the terminal device to be the communication destination is executed.

In this figure, thick arrows indicate the flow of signals exchanged between the terminal device 201 and the connection mediation device 101, and thin arrows (except for the arrows inside the block 201) indicate the flow of the pair of terminal devices 201 It shows the flow of signals before establishment of a communication session, which are directly exchanged between the two. The white arrows indicate the flow of signals after communication session establishment, which are directly exchanged between the pair of terminal devices 201. The white arrow indicates the "normal communication", which indicates the original communication assumed by this system, that is, the communication directly performed between the terminal devices 201. On the other hand, the bold arrow extending from the bypass communication processing unit 271 is written as “detour communication”, but when the above “normal communication” fails, the terminal device 201 mediates connection mediation. It indicates that communication to the other party is performed indirectly via the device 101.

The self address notifying unit 250 shown in FIG. 22 is the same component as the self address notifying unit 250 shown in FIG. 2 and notifies the connection mediating apparatus 101 of the location address indicating the location of the self on the network. Perform a function. Since the function has already been described in detail in 11, the description is omitted here.

The functions of the other components are substantially the same as the functions of the corresponding components shown in FIG. However, the communication start request unit 241 has an additional function of notifying the detour communication processing unit 271 to that effect when making a communication start request, and the communication source session establishment unit 261 receives the communication start acceptance confirmation. It has an additional function of notifying the detour communication processing unit 271 to that effect.

With such an additional function, the detour communication processing unit 271 establishes a communication session between the communication source session establishment unit 261 of the communication source terminal device and the communication destination session establishment unit 230 of the communication destination terminal device, and directs the other party directly. It is possible to execute detour communication for indirectly transmitting and receiving information to the other party via the connection mediation device 101 when normal communication (communication indicated by a white arrow in the figure) for transmitting and receiving information fails. . Specifically, after the communication start request unit 241 of the communication source terminal device makes a communication start request addressed to the communication destination terminal device, the communication start acceptance confirmation according to this is not returned within the predetermined timeout setting time. In this case, the bypass communication processing unit 271 performs bypass communication processing.

As described above, since the detour communication processing unit 271 can receive the notification that the communication start request has been made from the communication start request unit 241, the measurement of the elapsed time is started from that point, and within the predetermined timeout setting time. If the communication source session establishment unit 261 does not receive notification that the communication start acceptance confirmation has been received, it determines that the normal communication has failed and starts the bypass communication processing. Specifically, the detour communication processing unit 271 makes a relay request for detour communication to the connection mediation device 101 (as will be described later, the detour communication relay unit 141 therein), and, via the connection mediation device 101, The detour communication with the detour communication processing unit 271 of the other party is executed.

FIG. 23 is a block diagram showing a procedure for establishing a communication session between the communication source terminal device 201A and the communication destination terminal device 201B in the network communication system according to the first embodiment of the present invention shown in FIG. The terminal devices 201A and 201B shown are devices having the same configuration as the terminal device 201 shown in FIG. 22, and as in FIG. 4, the components required in the communication source terminal device 201A are processes necessary as a communication source The components (components of the rectangular block) that execute the command are indicated by solid lines, and the components within the communication destination terminal device 200B include the components (components of the double rectangular block) that perform the processing necessary as the communication destination. It is indicated by a solid line, and blocks of other components are indicated by a broken line. Further, the bypass communication processing units 271A and 271B, which are the components unique to the first embodiment, are indicated by thick line frame blocks.

The connection mediating device 101 (shown in FIG. 22) shown in FIG. 23 is obtained by adding a bypass communication relay unit 141 to the connection mediating device 100 shown in FIG. The address table storage unit 110, the address table update unit 120, and the communication destination address return unit 130, which are the other components, are the same as the respective components of the same reference numerals shown in FIG. As stated in §1. When the bypass communication relay unit 141 receives a relay request for bypass communication between the bypass communication processing unit 271A of the first terminal device 201A and the bypass communication processing unit 271B of the second terminal device 201B, Is a component that takes information passed between the detour communication processing unit 271A of the terminal device 201A and the detour communication processing unit 271B of the second terminal device 201B and relays the detour communication.

The procedure for establishing a normal communication session in this system is the same as the procedure described in § 1 with reference to FIGS. 4 and 5. That is, when the communication request receiving unit 220A of the communication source terminal device 201A receives itself as the communication source and receives the communication request S1 for another terminal device 201B of the communication destination, the connection mediation requesting unit 210A transmits the connection mediation device 101 to the connection mediation device 101. A connection mediation request S2 including communication destination specification information for specifying the terminal ID "0020" of another terminal device 201B as a communication destination is transmitted.

Then, the communication destination address return unit 130 of the connection mediation device 101 is associated with the terminal ID “0020” specified by the communication destination specifying information included in the connection mediation request S2 with reference to the address table. The location address AD2 is returned as the communication destination address (S4). The communication start request unit 241A that has received the reply (S4) accesses the communication destination address AD2 and makes a communication start request S5. At this time, as described above, the communication start request unit 241A notifies the detour communication processing unit 271A that the communication start request S5 has been made, and the detour communication processing unit 271A measures the elapsed time from that point on. Start. As described in Section 5, the communication start request S5 which is communication between terminals may be blocked by the network environment and may not reach the communication destination terminal device 201B. The fact that "S5?" Is described in the figure indicates such a possibility.

When the communication start request S5 arrives at the communication destination session establishing unit 230B on the communication destination terminal device 201B side, the communication start acceptance confirmation S6 is transmitted to the communication source terminal device 201A. Upon receipt of the communication start acceptance confirmation S6, the communication source session establishing unit 261A on the communication source terminal device 201A side notifies the detour communication processing unit 271A to that effect. Then, a communication session is established between the communication source session establishment unit 261A and the communication destination session establishment unit 230B.

However, when the communication start request S5 is blocked by the network environment, of course, the communication start acceptance confirmation S6 from the communication destination session establishment unit 230B is not transmitted. Alternatively, although the communication start request S5 has been successfully received, the communication start acceptance confirmation S6 may be blocked by the network environment. The fact that "S6?" Is described in the figure indicates such a possibility. In such a case, normal communication between the communication source terminal device 201A and the communication destination terminal device 201B ends in failure.

As described above, when the communication start request S5 or the communication start acceptance confirmation S6 is blocked and the normal communication fails, the communication source session establishment unit 261A may receive the communication start acceptance confirmation S6 within the predetermined timeout setting time. Can not. For this reason, in the bypass communication processing unit 271A, the reception report of the communication start acceptance confirmation S6 is not made within the predetermined timeout setting time. Then, the bypass communication processing unit 271A recognizes that the normal communication has failed, and executes the bypass communication process.

That is, when the detour communication processing unit 271A detects a failure in the normal communication, the detour communication processing unit 271A makes a relay request for the detour communication to the detour communication relay unit 141 and, via the detour communication relay unit 141, The detour communication S8a is executed. The bypass communication processing unit 271A acquires the communication destination address AD2 from the communication start request unit 241A, transmits this to the bypass communication relay unit 141, and makes a relay request. In response to the relay request, the bypass communication relay unit 141 accesses the communication destination address AD2 and requests the bypass communication processing unit 271B of the communication destination terminal device 201B to start bypass communication. The bypass communication processing unit 271B sends a reply to the effect that the bypass communication processing unit 271B accepts this to the bypass communication relay unit 141, and executes bypass communication S8b. Thereafter, by the relay by the detour communication relay unit 141, detour communication is performed between the two terminal devices 201A and 201B.

In this bypass communication, all information packets between the two terminal devices 201A and 201B are exchanged via the connection mediation device 101. In this case, since the terminal device 201A, 201B notifies the connection mediation device 101 of the current self address by the function of the self address notification unit 250A, 250B, the connection mediation device 101 is a router of the gateway NAT. It also means "an external host that has received a packet in the past" for the terminal below, and communication between the connection mediation apparatus 101 and the terminal 201A or 201B is performed by the router of the gateway NAT. It will not be rejected. Therefore, even if direct communication between the two terminal devices 201A and 201B is blocked by the router of the gateway NAT, communication between the two terminal devices 201A and 201B can be relayed without any problem by relaying the connection mediation device 101. It will be.

In addition, even when normal communication between both terminal devices 201A and 201B is premised on UDP, if bypass communication S8a and S8b are performed by TCP, even if normal communication can not be performed by a UDP block, bypass communication is performed. S8a and S8b can be performed without any problem. The bypass communication is a form of communication that imposes a large processing load on the connection mediating apparatus 101. However, since it is an emergency measure in case of failure in normal communication, it is important for the overall processing load of the connection mediating apparatus 101. It has no effect.

FIG. 24 is a flow chart explaining the communication session establishment procedure in the embodiment 1 shown in the block diagram of FIG. 23 in chronological order. This flowchart is substantially the same as the flowchart of FIG. 5 showing the communication session establishment procedure in the first embodiment of the prior invention described in 発 明 1. However, the communication start request "S5?" And the communication start acceptance confirmation "S6?" Shown in FIG. 23 may not reach the other party due to factors related to the conditions of the network environment. Step S5 in FIG. 24? , S6? Shows basically the same procedure as steps S5 and S6 in FIG. 5, but assuming that the signal does not reach the other side due to the network environment factor, the whole is shown in parentheses.

Step S6 'is processing to determine whether preparation for normal communication has succeeded or failed. As described above, the communication start request unit 241A performs step S5? When the communication start request is made, the detour communication processing unit 271A is notified of that and the bypass communication processing unit 271A starts measuring the elapsed time from that point. Here, when the receipt report of the communication start acceptance confirmation from the communication source session establishment unit 261A is within the predetermined timeout setting time, the process proceeds to step S7, and the communication source session establishment with the communication destination session establishment unit 230B is established. Normal communication is performed by the unit 261A through the process of establishing a communication session (process similar to step S7 in FIG. 5). On the other hand, when the reception report of the communication start acceptance confirmation is not made within the predetermined time-out setting time, it is determined that the normal communication has failed, and the process proceeds to step S8. In this step S8, the bypass communication processing units 271A and 271B and the bypass communication relay unit 141 perform bypass communication processing (S8a and S8b in FIG. 23).

6-2. Example 2>
FIG. 25 is a block diagram showing a detailed configuration of the terminal device 402 in the network communication system according to the second embodiment of the present invention. The terminal device 402 shown here performs communication by adding some corrections to the communication start request unit 440 and the communication destination session establishment unit 460 in the terminal device 400 according to the second embodiment of the prior invention basic invention shown in FIG. A start request unit 442 and a communication destination session establishment unit 462 are additionally provided with a bypass communication processing unit 472 (in the figure, a new component is indicated by a bold line frame block) as a new component. The connection intermediation request unit 410, the communication request reception unit 420, the communication source session establishment unit 430, and the self address notification unit 450, which are the other components, are the same as the respective components of the same reference numerals shown in FIG. The details of are as already described in §2.

Further, in the second embodiment shown in FIG. 25, a connection mediation device 302 is used instead of the connection mediation device 300 shown in FIG. The connection mediating apparatus 302 is a function of the connection mediating apparatus 300 shown in FIG. 2 with the function of relaying the detour communication added, and the details of the configuration will be described later. As a result, in the second embodiment shown in FIG. 25, the component indicated by the block in which the first digit in the three-digit code is “2” is the unique component to the second embodiment. .

The system according to the second embodiment is similar to the system of the prior invention shown in FIG. And a connection mediation device 302 that mediates the connection between the plurality of terminal devices. Here, each terminal device 402 is assigned a terminal ID for mutually identifying each terminal device, and the connection mediation device 302 uses the terminal ID as a communication source terminal device The processing of mediating the connection with the terminal device to be the communication destination is executed.

Also in this figure, three types of arrows, thick arrows, thin arrows, and white arrows, are used as in the first embodiment described above. White arrows indicate “normal communication”, and thick arrows extending from the bypass communication processing unit 472 indicate “route communication”. In addition, the self address notifying unit 450 is a component identical to the self address notifying unit 450 shown in FIG. 7 and has a function of notifying the connection mediating apparatus 302 of a location address indicating the location of the own on the network. Play. The function has already been described in § 2 and thus the description is omitted here.

The functions of the other components are substantially the same as the functions of the corresponding components shown in FIG. However, when the communication start request unit 442 makes a communication start request, it has an additional function of notifying the detour communication processing unit 472 to that effect, and the communication destination session establishment unit 462 receives the communication start acceptance confirmation. When it does, it has the additional function which notifies that to the detour communication processing section 472.

With such an additional function, the detour communication processing unit 472 establishes a communication session between the communication source session establishment unit 430 of the communication source terminal device and the communication destination session establishment unit 462 of the communication destination terminal device, and directly communicates to the other party. It is possible to execute detour communication for indirectly transmitting and receiving information to the other party via the connection mediation device 302 when normal communication (communication indicated by a white arrow in the figure) for transmitting and receiving information fails. . Specifically, after the communication start request unit 442 of the communication destination terminal device issues a communication start request to the communication source terminal device, the communication start acceptance confirmation according to this is not returned within the predetermined timeout setting time. In this case, the bypass communication processing unit 472 performs bypass communication processing.

As described above, since the detour communication processing unit 472 can receive the notification that the communication start request has been made from the communication start request unit 442, the measurement of the elapsed time is started from that point in time and a predetermined timeout setting time is set. If the communication destination session establishment unit 462 does not receive notification that the communication start acceptance confirmation has been received, it determines that the normal communication has failed, and starts the bypass communication processing. Specifically, the bypass communication processing unit 472 makes a relay request for bypass communication to the connection mediating device 302 (as will be described later, the bypass communication relay unit 342 therein), and, via the connection mediating device 302, The bypass communication with the other party's bypass communication processing unit 472 is performed.

FIG. 26 is a block diagram showing a procedure for establishing a communication session between the communication source terminal device 402B and the communication destination terminal device 402A in the network communication system according to the second embodiment of the present invention shown in FIG. The terminal devices 402A and 402B shown are devices having the same configuration as the terminal device 402 shown in FIG. 25, and as in FIG. 8, the components in the communication source terminal device 402B are processes necessary as a communication source The components (components of the rectangular block) that execute the command are indicated by solid lines, and the components within the communication destination terminal device 402A are the components (components of the double rectangular block) that perform processing necessary as the communication destination. It is indicated by a solid line, and blocks of other components are indicated by a broken line. Further, the bypass communication processing units 472A and 472B, which are components unique to the second embodiment, are indicated by bold line frame blocks.

The connection mediating device 302 (shown in FIG. 25) shown in FIG. 26 is obtained by adding a bypass communication relay unit 342 to the connection mediating device 300 shown in FIG. The address table storage unit 310, the address table update unit 320, and the communication destination address return unit 330, which are the other components, are the same as the respective components of the same reference numerals shown in FIG. As stated in §2. When there is a relay request for bypass communication between the bypass communication processing unit 472A of the first terminal device 402A and the bypass communication processing unit 472B of the second terminal device 402B, the bypass communication relay unit 342 performs the first relay communication relay unit 342A. Is a component that takes information passed between the detour communication processing unit 472A of the terminal device 402A and the detour communication processing unit 472B of the second terminal device 402B and relays the detour communication.

The normal communication session establishment procedure in this system is the same as the procedure described in で 2 with reference to FIGS. 8 and 9. That is, when the communication request receiving unit 420B of the communication source terminal device 402B receives the communication request S11 for another terminal device 402A with the communication destination as the communication source, the connection mediation request unit 410B sends the connection mediation device 302 A connection mediation request S12 including communication destination specification information for specifying the terminal ID "0010" of another terminal device 402A as a communication destination is transmitted.

Then, the communication source address transmission unit 330 of the connection mediation device 302 refers to the address table and is associated with the terminal ID “0010” specified by the communication destination specification information included in the connection mediation request S12. The location address AD1 is recognized as the communication destination address, and the location address AD2 associated with the terminal ID “0020” of the terminal device 402B of the communication source that transmitted the connection mediation request S12 to the communication destination address AD1 It transmits as a communication source address (S14).

Thus, the communication start request unit 442A in the communication destination terminal device 402A that has received the transmission of the communication source address AD2 (S14) accesses the communication source address AD2 and makes a communication start request S15. At this time, as described above, the communication start request unit 442A notifies the detour communication processing unit 472A that the communication start request S15 has been made, and the detour communication processing unit 472A measures the elapsed time from that point on. Start. Note that, as described in Section 5, the communication start request S15, which is communication between terminals, may be blocked by the network environment and may not reach the communication source terminal device 402B. The fact that "S15?" Is described in the figure indicates such a possibility.

When the communication start request S15 arrives at the communication source session establishing unit 430B on the communication source terminal device 402B side, the communication start acceptance confirmation S16 is transmitted to the communication destination terminal device 402A. When receiving the communication start acceptance confirmation S16, the communication destination session establishing unit 462A on the communication destination terminal device 402A side notifies the detour communication processing unit 472A to that effect. Then, a communication session is established between the communication destination session establishment unit 462A and the communication source session establishment unit 430B.

However, when the communication start request S15 is blocked by the network environment, of course, the communication start acceptance confirmation S16 from the communication source session establishment unit 430B is not transmitted. Alternatively, the communication start acceptance confirmation S16 may be blocked by the network environment even though the communication start request S15 has been successfully received. The fact that "S16?" Is described in the figure indicates such a possibility. In such a case, the normal communication between the communication source terminal device 402B and the communication destination terminal device 402A ends in failure.

As described above, when the communication start request S15 or the communication start acceptance confirmation S16 is blocked and the normal communication fails, the communication destination session establishing unit 462A may receive the communication start acceptance confirmation S16 within a predetermined timeout setting time Can not. For this reason, in the bypass communication processing unit 472A, the reception report of the communication start acceptance confirmation S16 is not made within the predetermined timeout setting time. Then, the bypass communication processing unit 472A recognizes that the normal communication has failed, and executes the bypass communication process.

That is, when the detour communication processing unit 472A detects a failure in the normal communication, the detour communication processing unit 472A makes a relay request for the detour communication to the detour communication relay unit 342 and, via the detour communication relay unit 342, The detour communication S18a is executed. The bypass communication processing unit 472A acquires the communication source address AD2 from the communication start request unit 442A, transmits this to the bypass communication relay unit 342, and makes a relay request. In response to the relay request, the bypass communication relay unit 342 accesses the communication source address AD2, and requests the bypass communication processing unit 472B of the communication source terminal device 402B to start bypass communication. The bypass communication processing unit 472B sends a reply to the effect that the bypass communication processing unit 472B accepts this to the bypass communication relay unit 342, and executes the bypass communication S18b. Thereafter, by means of relaying by the detour communication relay unit 342, detour communication is performed between the terminal devices 402A and 402B.

In this bypass communication, all information packets between the two terminal devices 402A and 402B are exchanged via the connection mediation device 302. In this case, the terminal device 402A, 402B notifies the connection mediation device 302 of the current self-address by the function of the self- address notification unit 450A, 450B. It also means "an external host that has received a packet in the past" for the terminal below. Therefore, even if direct communication between the two terminal devices 402A and 402B is blocked by the router of the gateway NAT, communication between the two terminal devices 402A and 402B is relayed without failure by the connection mediation device 302 It will be.

In addition, even when normal communication between both terminal devices 402A and 402B is premised on UDP, if bypass communication S18a and S18b are performed by TCP, even if normal communication can not be performed by the UDP block, bypass communication S18a and S18b can be performed without any problem. The bypass communication is a form of communication that imposes a large processing load on the connection mediation device 302, but since it is an emergency measure in case of failure in normal communication, it is important for the overall processing load of the connection mediation device 302 It has no effect.

FIG. 27 is a flow chart describing the communication session establishment procedure in the second embodiment shown in the block diagram of FIG. 26 in chronological order. This flow chart is substantially the same as the flow chart of FIG. 9 showing the communication session establishment procedure in the second embodiment of the prior invention described in §2. However, the communication start request "S15?" And the communication start acceptance confirmation "S16?" Shown in FIG. 26 may not reach the other party due to factors related to the conditions of the network environment. Step S15 in FIG. , S 16? Shows basically the same procedure as steps S15 and S16 in FIG. 9, but assuming that the signal does not reach the other side due to the network environment factor, the whole is shown in parentheses.

Step S16 'is processing to determine whether preparation for normal communication has succeeded or failed. As described above, the communication start request unit 442A performs step S15? When the communication start request is made, the detour communication processing unit 472A is notified of that and the bypass communication processing unit 472A starts measuring the elapsed time from that point. Here, if the reception report of the communication start acceptance confirmation from the communication destination session establishment unit 462A is within the predetermined timeout setting time, the process proceeds to step S17, and the communication destination session establishment is established with the communication source session establishment unit 430B. A normal communication is performed by the unit 462A through the process of establishing a communication session (the same process as step S17 in FIG. 9). On the other hand, when the reception report of the communication start acceptance confirmation is not made within the predetermined timeout setting time, it is determined that the normal communication has failed, and the process proceeds to step S18. In this step S18, bypass communication processing is performed by the bypass communication processing units 472A and 472B and the bypass communication relay unit 342 (S18a and S18b in FIG. 26).

6-3. Modification of the first embodiment and the second embodiment>
In the first and second embodiments described above, the detour communication processing units 271 and 472 perform the communication start acceptance confirmation S6 according to the communication start request units 241 and 442 after the communication start request units 241 and 442 perform the communication start requests S5 and S15. , S16 is not returned within a predetermined time-out setting time, it is determined that the normal communication has failed, and the detour communication is executed. The modified example described here is a slight modification of the method of determining that normal communication has failed.

In this modification, the communication start request unit 241 or 442 notifies the bypass communication processing unit 271 or 472 of the communication start request, or the session establishing unit 261 or 462 notifies the bypass communication processing unit 271 or 472 of the communication start acceptance confirmation Is unnecessary. Instead, an acknowledgment from the other party to the communication start request S5, S15 is received, and when the acknowledgment is not obtained, it is determined that the normal communication has failed.

Specifically, in the case of the modification of the first embodiment shown in FIG. 23, when the communication start request unit 241A of the communication source terminal device 201A makes a communication start request S5 to the communication destination terminal device 201B, the communication destination The communication destination session establishing unit 230B on the side of the terminal device 201B is made to have a specification in which an acknowledgment to the communication start request S5 is returned. That is, when the communication destination session establishing unit 230B receives the communication start request S5, it sends an acknowledge signal back to the communication start request unit 241A, and the communication start request unit 241A receives this acknowledge signal. Thus, it can be recognized that the communication start request S5 has arrived at the other end.

According to such a specification, the communication start request unit 241A can determine that the normal communication has failed if the acknowledgment is not returned. Therefore, the communication start request unit 241A instructs the detour communication processing unit 271A to perform detour communication when the acknowledgment is not returned. Upon receiving such an instruction, the detour communication processing unit 271A makes a relay request for detour communication to the detour communication relay unit 141, and, via the detour communication relay unit 141, with the other detour communication processing unit 271B. It is sufficient to execute the detour communication of

Similarly, in the case of the modification of the second embodiment shown in FIG. 26, when the communication start request unit 442A of the communication destination terminal device 402A makes a communication start request S15 to the communication destination terminal device 402B, the communication destination terminal device A specification is made such that an acknowledgment to the communication start request S15 is returned from the communication source session establishment unit 430B on the 402B side. That is, when the communication source session establishment unit 430B receives the communication start request S15, the communication start request unit 442A sends back an acknowledge signal to the communication start request unit 442A, and the communication start request unit 442A receives this acknowledge signal. Thus, it can be recognized that the communication start request S15 has arrived at the other end.

In such a specification, the communication start request unit 442A can determine that the normal communication has failed when the acknowledgment is not returned. Therefore, the communication start request unit 442A instructs the detour communication processing unit 472A to perform detour communication when the acknowledgment is not returned. Upon receiving such an instruction, the detour communication processing unit 472A makes a relay request for detour communication to the detour communication relay unit 342, and, via the detour communication relay unit 342, exchanges it with the detour communication processing unit 472B of the other party. It is sufficient to execute the detour communication of

<<< 7. 7. Approach to perform detour communication in the case of junction type NAT >>>
The first and second embodiments described in 6 6 adopt a method of detecting the failure and switching to the bypass communication when the normal communication fails in the system according to the basic application prior art. On the other hand, in the embodiment described in this 77, when a failure is predicted to perform normal communication, this is detected in advance, and a method of performing bypass communication instead of normal communication is employed. is there. More specifically, when there is a possibility that the normal communication is interrupted by the router of the gateway NAT, this is detected in advance, and the method is switched to the bypass communication instead of the normal communication.

As described with reference to FIG. 21, in practice, each of the terminal devices 200A and 200B is generally connected to the Internet N via the routers RA and RB. In this case, as described in §5, when the router type is set to the gateway NAT, the terminal device connected below is set to “An external device has received a packet that it has transmitted in the past. Only packets from the host can be received, and packets from other external hosts are rejected by the router of the relevant NAT.

However, each terminal device can not directly recognize the type of router to which it is connected. Therefore, a NAT type determination device is set on the Internet N so that each terminal device can inquire the type of router to which it is connected. When the terminal device makes an inquiry about the NAT type from the terminal device via the network N, this NAT type determination device uses the communication related to the inquiry to determine the NAT type of the router to which the terminal device of the inquiry source is connected. A determination is made and processing is performed to reply the determined NAT type to the terminal device of the inquiry source.

For example, in the example shown in FIG. 21, if such a NAT type determination device is connected to the network N, the terminal device 200A is connected to itself by querying this NAT type determination device. You can know the NAT type of your router RA. That is, when the terminal type 200A makes an inquiry of the NAT type to the NAT type discrimination apparatus connected to the network N via the router RA, the NAT type discrimination apparatus utilizes the communication related to the inquiry ( The NAT type of the router RA can be determined using various information obtained from packets sent from the router RA).

The NAT type determination device replies the NAT type of the router RA thus determined to the query source terminal device 200A via the router RA. Thus, the terminal device 200A can know the NAT type of the router RA to which the terminal device 200A is connected. Similarly, the terminal device 200B can know the NAT type of the router RB to which the terminal device 200B is connected by making a query to the NAT type determination device in the same manner.

In this way, based on the inquiry from the terminal device, the NAT type of the router to which the terminal device itself is connected (this application calls it's own NAT type) is determined, and this is answered to the inquiry source terminal device A publicly known device called a STUN (Session Traversal Utilities for NATs) server can be used as a NAT type discrimination device that performs processing. Although this STUN server is originally a server installed to enable communication using the STUN protocol, it can be used as a NAT type discrimination device in the present invention. Since this STUN server is a known device that has already been widely used, the description of its configuration and specific processing contents is omitted here.

In this way, in the example shown in FIG. 21, if a NAT type discrimination device (STUN server) is connected to the network N, each of the terminal devices 200A and 200B is a NAT type of the router RA or RB to which it is connected You can know Therefore, when each of the terminal devices 200A and 200B notifies the connection intermediation device 100 of its own address, the connection intermediation device 100 may be notified of the NAT type of the router RA or RB to which it is connected. Can know the NAT type (self NAT type) of the router to which the terminal itself is connected, as well as the address of each terminal.

Therefore, when there is a connection mediation request from the terminal apparatus at the communication source to the terminal apparatus at the communication destination, the connection mediation apparatus 100 checks both NAT types for the router to which both terminal apparatuses are connected. It is possible to know whether there is a router of the NAT type, and if normal communication is performed between the two terminals, the normal communication fails due to the router of the NAT type existing between the two terminals. You can expect to do. Therefore, the connection mediating apparatus 100 can give an instruction to the terminal apparatus to perform bypass communication instead of normal communication when failure of the normal communication is predicted due to the presence of the router of the gateway NAT. . The terminal device that has received such an instruction will perform bypass communication in the same manner as the method described in §6.

Thus, in the embodiment described in this 77, when each terminal device notifies the connection mediating device of its own address, the NAT type (the own NAT type) of the router to which it is connected is also used. I will notify at the same time. Then, when the connection mediation device receives a connection mediation request from the terminal device at the communication source to the terminal device at the communication destination, a failure in normal communication is expected due to the presence of the router of the gateway NAT between both terminals. In the second embodiment, the bypass communication is instructed, and the bypass communication is performed between the two terminals based on the instruction.

Hereinafter, an example in which such a communication method is applied to the first embodiment (FIG. 2) of the prior application basic invention shown in § 1 will be described as a third embodiment, and the second application of the prior application basic invention shown in § 2 An example applied to the embodiment of FIG. 7 (FIG. 7) will be described as a fourth embodiment. Of course, various modifications described in §3 and 44 can also be applied to the third and fourth embodiments described below. Each component shown as a block in each of the third and fourth embodiments is actually realized by a dedicated program incorporated in a computer, like the system according to the prior application basic invention described above. It will be

<7-1. Example 3>
FIG. 28 is a block diagram showing a detailed configuration of the terminal device 203 in the network communication system according to the third embodiment of the present invention. The terminal device 203 shown here adds some corrections to the communication start request unit 240 and the self address notification unit 250 in the terminal device 200 according to the first embodiment of the prior invention basic invention shown in FIG. A request unit 243 and a self address notification unit 253 are additionally provided with a detour communication processing unit 273 and a NAT type confirmation unit 283 (in the figure, a new component is indicated by a bold line frame block) as new components. . The connection intermediation request unit 210, the communication request reception unit 220, the communication destination session establishment unit 230, and the communication source session establishment unit 260, which are other components, are the same as the components of the same reference numerals shown in FIG. The details of the function are as already described in §1.

Further, in the third embodiment shown in FIG. 28, a connection mediation device 103 is used instead of the connection mediation device 100 shown in FIG. The connection mediation device 103 is obtained by adding the function of instructing the communication method (whether normal communication or bypass communication) and the function of relaying bypass communication to the functions of the connection mediation device 100 shown in FIG. Details of the configuration will be described later. As a result, in the third embodiment shown in FIG. 28, the component indicated by the block in which the first digit in the three-digit code is “3” is a component unique to the third embodiment. .

The NAT type discrimination device 500 is shown in FIG. As described above, when the terminal device 203 makes an inquiry about the NAT type through the network N, the NAT type discrimination device 500 uses the communication related to the inquiry to make the NAT type of the terminal device 203 of the inquiry source And the process of returning the determined NAT type to the terminal device of the inquiry source. In fact, as described above, the STUN server can be used as the NAT type discrimination device 500.

The illustrated third embodiment is an example in which a STUN server used separately from the network communication system according to the present invention is used as the NAT type determination apparatus 500 according to the present invention. Of course, a dedicated STUN server for the present invention may be prepared in the server device constituting the connection mediation device 103. In this case, the connection mediating apparatus 103 and the NAT type determination apparatus 500 (a dedicated STUN server for the present invention) will be incorporated in the same server apparatus, and the NAT type determination apparatus 500 may Become one of the components of the system.

Similar to the system of the prior invention shown in FIG. 2, the system according to the third embodiment has a plurality of terminal devices mutually connectable via the network N (in FIG. And a connection mediation device 103 which mediates the connection between the plurality of terminal devices. Here, each terminal device 203 is assigned a terminal ID for mutually identifying each terminal device, and the connection mediation device 103 uses the terminal ID as a communication source terminal device and The processing of mediating the connection with the terminal device to be the communication destination is executed.

The thick arrows in this figure indicate the flow of signals exchanged between the terminal device 203 and the connection mediation device 103, and the thin arrows (except for the arrows inside the block 203) indicate between the pair of terminal devices 203. , And the flow of signals before establishment of a communication session, which are directly exchanged. The white arrows indicate the flow of signals after the communication session is established, which are directly exchanged between the pair of terminal devices 203. The white arrow indicates the “normal communication”, which indicates the original communication assumed by this system, that is, the communication directly performed between the terminal devices 203. On the other hand, the bold arrow extending from the bypass communication processing unit 273 is described as "detour communication", but this is because the terminal device 203 is expected to fail in the above-mentioned "normal communication". Indicates that communication to the other party is indirectly performed via the connection mediation device 103.

The self address notifying unit 253 shown in FIG. 28 has a function of notifying the connection mediating apparatus 103 of the location address indicating the location on the network, as the self address notifying unit 250 shown in FIG. The self address notification function is as already described in detail in §1. However, in addition to the self-address notifying function, the self-address notifying unit 253 also notifies the connection mediation device 103 of the NAT type of the router (not shown in FIG. 28) to which the self is connected. It has additional functions.

This additional function is performed with the help of a new component, the NAT type confirmation unit 283. The NAT type confirmation unit 283 is a component having a function of inquiring the NAT type discrimination device 500 of its own NAT type via the network N and obtaining an answer from the NAT type discrimination device 500. The thick dashed-dotted arrows in the figure indicate the flow of inquiry and reply signals exchanged between the NAT type confirmation unit 283 and the NAT type discrimination device 500. Of course, this signal will be exchanged via a router and network N not shown.

Before the terminal device 203 according to the third embodiment communicates with the other party, the pre-processing shown in the flowchart of FIG. 29 is performed. First, when the own address notification unit 253 notifies the connection intermediation device 103 of its own location address (as described above, the notification of the own address is executed at a predetermined predetermined timing). In S31, an NAT type confirmation instruction is issued to the NAT type confirmation unit 283. When the NAT type confirmation unit 283 receives this NAT type confirmation instruction, in step S32, the NAT type confirmation unit 283 inquires of the NAT type discrimination device 500 about its own NAT type (thick dashed-dotted arrow in FIG. 28).

When there is an inquiry of the NAT type from the NAT type confirmation unit 283 of the terminal device 203 via the network N, the NAT type discrimination device 500 uses the communication related to the inquiry to NAT the terminal device 203 of the inquiry source. The type (the NAT type of the router to which the terminal device 203 is connected) is determined, and in step S33, the determined NAT type is returned to the NAT type confirmation unit 203 of the terminal device 203 of the inquiry source. Since the specific processing method is known as processing of the STUN server, detailed description will be omitted here.

In the subsequent step S34, the NAT type confirmation unit 283 reports the response (NAT type) obtained in step S33 to the self address notification unit 253. In step S35, the self-address notifying unit 253 that has received the report notifies the connection mediation device 103 of the response (NAT type) obtained in step S33 along with the self-address in step S35.

As described above, in the third embodiment, when notifying the connection mediating apparatus 103 of its own location address, the self-address notifying unit 253 also notifies of the answer obtained by the NAT type confirmation unit 283. . Therefore, in FIG. 28, the thick arrow pointing from the own address notification unit 253 to the network N indicates the information of the location address of the terminal device 203 and the NAT type information of the router (not shown) to which the terminal device 203 is connected. The signal contains

In this way, since the information on the location address and the information on the NAT type are notified from the terminal devices 203 to the connection mediation device 103, the address table in the connection mediation device 103 is added to the terminal ID and the location address. Furthermore, information in which the NAT type is associated is stored. That is, in step S36 of the flowchart of FIG. 29, the address table updating unit 123 in the connection mediating apparatus 103 updates the address table including the NAT type. FIG. 30 shows an address table T60 created by such updating. Similar to the address table T shown in FIG. 6, this address table T60 indicates the location address notified from the four sets of terminal devices, but in addition to the location address, the NAT type information (right column) is also included. It is recorded.

As described above, as the NAT type, types such as “Full cone NAT”, “Restricted cone NAT”, “Port restricted cone NAT”, “Symmetric NAT” are put to practical use, but as described in 述 べ 5, Since the "block type NAT" ("Symmetric NAT" and "Port restricted cone NAT") obstructing normal communication, in the address table T60 shown in FIG. 30, the NAT type of the connected router is "section size For the terminal device of type NAT, data of "local type" is recorded, and for the other terminal devices, data of "non-local type" is recorded. Of course, data indicating the actual NAT type such as "Full cone NAT" may be recorded.

Preparation of communication in the network communication system according to the third embodiment shown in FIG. 28 is completed when the pre-processing shown in the flowchart of FIG. 29 is completed. Since the notification of the location address and the NAT type by the self address notification unit 253 is repeatedly executed at a predetermined timing, the latest location address and NAT type are always stored in the address table T60 in the connection mediation device 103 for each terminal device. It will be stored. Therefore, when the connection mediation device 103 receives a connection mediation request from a specific communication source terminal device to a specific communication destination terminal device, the connection mediation device 103 refers to the address table T60 and performs normal communication between both terminals. Then, it is judged whether or not troubles occur in the normal communication by the router in which the "gateway type NAT" is set, and when it is judged that there is no trouble, the normal communication is selected and it is judged that there is a trouble. Selects the bypass communication.

Then, when a communication destination address is returned from the connection mediation device 103 to the communication start request unit 243 of the communication source terminal device 203, information indicating the selected communication method (information indicating whether normal communication or bypass communication) Reply together. Therefore, in FIG. 28, the thick arrow going from the network N to the communication start request unit 243 is a signal including the information of the communication method together with the information of the communication destination address.

When a communication method is returned from the connection mediation device 103 together with the communication destination address, the communication start request unit 243 determines that the normal communication is selected as the communication method. Similarly, the communication destination address is accessed via the network N to make a communication start request. The subsequent communication procedure is as described in §1. On the other hand, when the alternative communication is selected as the communication method, the alternative communication instruction is issued to the alternative communication processing unit 273.

The bypass communication processing unit 273 is a component that performs bypass communication via the connection mediation device 103 as in the bypass communication processing unit 271 in the first embodiment described in §6. That is, the bypass communication processing unit 273 performs indirect information transmission / reception with the other party via the connection mediation device 103 when failure of normal communication (communication indicated by the white arrow in the figure) is expected. Run. As described above, failure prediction is performed in the connection mediating apparatus 103. When the communication start request unit 243 receives a communication method for selecting bypass communication from the connection mediating apparatus 103, this corresponds to the case where the connection mediating apparatus 103 predicts a failure. In this case, the communication start request unit 243 instructs the bypass communication processing unit 273 to perform bypass communication, and the bypass communication processing unit 273 executes bypass communication. Specifically, the detour communication processing unit 273 makes a relay request for detour communication to the connection mediation device 103 (as will be described later, the detour communication relay unit 143 therein), and, via the connection mediation device 103, The detour communication with the detour communication processing unit 273 of the other party is executed.

31 is a block diagram showing a procedure for establishing a communication session between the communication source terminal device 203A and the communication destination terminal device 203B in the network communication system according to the third embodiment of the present invention shown in FIG. The terminal devices 203A and 203B shown are devices having the same configuration as the terminal device 203 shown in FIG. 28. As in FIG. 4, the components in the communication source terminal device 203A are processes necessary as a communication source. The components (components of the rectangular block) that execute the command are indicated by solid lines, and the components within the communication destination terminal device 203B are the components (components of the double rectangular block) that perform the processing necessary as the communication destination. It is indicated by a solid line, and blocks of other components are indicated by a broken line. Further, the bypass communication processing units 273A and 273B and the NAT type confirmation units 283A and 283B, which are components unique to the third embodiment, are indicated by thick line frame blocks.

The connection mediating apparatus 103 (shown in FIG. 28) shown in FIG. 31 adds the bypass communication relay section 143 to the connection mediating apparatus 100 shown in FIG. The table update unit 120 and the communication destination address return unit 130 are configured as the address table storage unit 113, the address table update unit 123, and the communication destination address return unit 133 by providing some additional functions.

The bypass communication relay unit 143 in the connection mediation device 103 has a relay request for bypass communication between the bypass communication processing unit 273A of the first terminal device 203A and the bypass communication processing unit 273B of the second terminal device 203B It is a component that takes information passed between the detour communication processing unit 273A of the first terminal device 203A and the detour communication processing unit 273B of the second terminal device 203B and relays the detour communication.

Further, as illustrated in FIG. 30, the address table storage unit 113 in the connection mediation device 103 further has a function of storing an address table T60 in which the NAT type is associated in addition to the terminal ID and the location address. Then, the address table updating unit 123 in the connection mediation device 103 has an additional function of updating the NAT type in the address table T60 based on the information indicating the NAT type included in the notification from the self address notifying unit 253. .

On the other hand, when the connection mediation request S2 is transmitted from the connection mediation request unit 210A in the communication source terminal device 203A, the communication destination address replying unit 133 in the connection mediation device 103 refers to the address table T60 and performs connection. The location address AD2 associated with the terminal ID "0020" specified by the communication destination specification information included in the intermediation request S2 is returned as the communication destination address, and the NAT type of the terminal device 203B of the communication destination is confirmed. If the NAT type of the terminal device 203B at the communication destination is not the gateway NAT type, normal communication is selected as the communication method, and if the NAT type of the terminal device 203B at the communication destination is the gateway NAT type It has a function of selecting the bypass communication as the communication method and returning the selected communication method together with the communication destination address.

In the example shown in FIG. 31, when the address table T60 as shown in FIG. 30 is stored in the address table storage unit 113, the NAT type of the terminal device 203B (terminal ID: 0020) of the communication destination is "sister type". The communication destination address reply unit 133 selects bypass communication as the communication method. When the communication destination terminal device 203B directly performs communication start request S5 from the communication source terminal device 203A to the communication destination terminal device 203B as described in 5 5, the communication destination terminal device 203B The router RB may block the communication start request S5. In this case, the communication destination address reply unit 133 selects bypass communication as the communication method. In FIG. 31, an example in which information indicating the communication destination address "AD2" and the communication method "detour communication" is returned from the communication destination address reply unit 133 to the communication start request unit 243A (thick arrow S4a in FIG. 31). It is shown. On the other hand, if the NAT type of the terminal device 203B of the communication destination is "non-corruption type", the communication destination address reply unit 133 selects normal communication as the communication method.

The communication start request unit 243A in the communication source terminal device 203A performs normal communication processing when the communication destination address return unit 133 returns a response for selecting “normal communication”. Specifically, when the communication start request unit 243A accesses the communication destination address AD2 and makes a communication start request S5, the communication destination session establishment unit 230B of the other party confirms the communication start acceptance to the communication source session establishment unit 260A. S6 is sent. Thus, a communication session is established between the communication source session establishment unit 260A and the communication destination session establishment unit 230A.

On the other hand, when the communication destination address reply unit 133 returns a reply for selecting the “detour communication”, the communication start request unit 243A performs a bypass communication process. That is, instead of making the communication start request S5, the communication start request unit 243A sends a detour communication instruction S5 'to the detour communication processing unit 273A. Upon receiving the detour communication instruction S5 ', the detour communication processing unit 273A makes a relay request for detour communication to the detour communication relay unit 143, and via the detour communication relay unit 143, the detour communication processing unit 273B The detour communication S8a is executed. The bypass communication processing unit 273A acquires the communication destination address AD2 from the communication start request unit 243A, transmits this to the bypass communication relay unit 143, and makes a relay request. In response to the relay request, the bypass communication relay unit 143 accesses the communication destination address AD2 and requests the bypass communication processing unit 273B of the communication destination terminal device 203B to start bypass communication. The bypass communication processing unit 273B sends a reply to the effect that the bypass communication processing unit 273B accepts this to the bypass communication relay unit 143, and executes bypass communication S8b. Thereafter, by the relay by the detour communication relay unit 143, detour communication is performed between the terminal devices 203A and 203B.

In this bypass communication, all information packets between the two terminal devices 203A and 203B are exchanged via the connection mediation device 103. As described in 55, even if direct communication between both terminal devices 203A and 203B is blocked by the router of the gateway NAT, bypass communication between both terminal devices 203A and 203B is performed by the connection mediation device 103. Since it becomes communication to relay, it is performed without trouble.

FIG. 32 is a flow chart explaining the communication session establishment procedure in the third embodiment shown in the block diagram of FIG. 31 in chronological order. The procedure of normal communication in this flowchart is substantially the same as the flowchart of FIG.

First, in step S1, the communication request acceptance process by the communication request acceptance unit 220A is performed, and in the subsequent step S2, a connection intermediation request is performed by the connection intermediation request unit 210A. Then, in step S3, the communication destination address reply unit 133 refers to the address table T60 stored in the address table storage unit 113, and in step S4a, the communication destination address reply unit 133 causes the communication start request unit 243A to , Communication destination address and communication method are returned. The communication start request unit 243A that has received the reply selects one of the two processing processes in step S4b.

First, when the “normal communication” is instructed as the communication method by the communication destination address reply unit 133, the process proceeds to step S5. The procedures of steps S5 to S7 in the flowchart of FIG. 32 are exactly the same as the procedures of steps S5 to S7 in the flowchart of FIG. That is, in step S5, the communication start request unit 243A sends a communication start request S5 to the communication destination terminal device 203B. The communication destination session establishing unit 230B receives the communication start request S5, and transmits the communication start acceptance confirmation S6 to the communication source terminal device 203A in step S6. Then, in the subsequent step S7, the communication session between the communication destination session establishing unit 230B and the communication source session establishing unit 260A is established, and the normal communication S7 is performed.

On the other hand, when “rerouting communication” is instructed as the communication method, the process proceeds to step S5 ′, and the communication start request unit 243A gives the detour communication instruction to the detour communication processing unit 273A. Then, in the subsequent step S8, the bypass communication process is executed. That is, the detour communication processing is performed by the detour communication processing units 273A and 273B and the detour communication relay unit 143 (S8a and S8b in FIG. 31).

<7-2. Example 4>
FIG. 33 is a block diagram showing a detailed configuration of the terminal device 404 in the network communication system according to the fourth embodiment of the present invention. The terminal device 404 shown here adds some corrections to the communication start request unit 440 and the self address notification unit 450 in the terminal device 400 according to the second embodiment of the prior invention basic invention shown in FIG. A request unit 444 and a self address notification unit 454 are additionally provided with a detour communication processing unit 474 and a NAT type confirmation unit 484 (in the figure, a new component is indicated by a bold line frame block) as new components. . The connection intermediation request unit 410, the communication request reception unit 420, the communication source session establishment unit 430, and the communication destination session establishment unit 460, which are the other components, are the same as the components of the same reference numerals shown in FIG. The details of the function are as already described in §2.

Further, in the fourth embodiment shown in FIG. 33, a connection mediation device 304 is used instead of the connection mediation device 300 shown in FIG. The connection mediation device 304 is obtained by adding the function of instructing the communication method (whether normal communication or bypass communication) and the function of relaying bypass communication to the functions of the connection mediation device 300 shown in FIG. Details of the configuration will be described later. As a result, in the fourth embodiment shown in FIG. 33, the component indicated by the block in which the first digit in the three-digit code is “4” is the unique component to the fourth embodiment. .

The NAT type discrimination device 500 is described in FIG. This NAT type discrimination device 500 is the same device as the device 500 shown in FIG. 28, and when the terminal device 404 makes an inquiry of the NAT type via the network N, it makes an inquiry using the communication related to the inquiry. The NAT type of the original terminal device 404 is determined, and the determined NAT type is returned to the query source terminal device. As described above, in practice, the STUN server can be used as the NAT type discrimination device 500, and the STUN server used separately from the network communication system according to the present invention is diverted as the NAT type discrimination device 500 according to the present invention Alternatively, a dedicated STUN server for the present invention may be prepared in the server device constituting the connection mediation device 304. In the latter case, the connection mediating device 304 and the NAT type determination device 500 (a dedicated STUN server for the present invention) will be incorporated in the same server device, and the NAT type determination device 500 may be a network according to the present invention. It becomes one of the components of the communication system.

Similar to the system of the prior invention shown in FIG. 7, the system according to the fourth embodiment includes a plurality of terminal devices (for convenience, only one terminal device 402 can be connected to each other via the network N). And a connection mediation device 304 that mediates the connection between the plurality of terminal devices. Here, each terminal device 404 is provided with a terminal ID for mutually identifying each terminal device, and the connection mediation device 304 uses the terminal ID as a communication source terminal device and the like. The processing of mediating the connection with the terminal device to be the communication destination is executed.

Also in this figure, three types of arrows, thick arrows, thin arrows, and white arrows, are used as in the embodiments described above. White arrows indicate “normal communication”, and thick arrows extending from the bypass communication processing unit 474 indicate “route communication”. As in the third embodiment, the fourth embodiment is originally intended to perform "normal communication", but when failure of the "normal communication" is expected, the terminal device 404 becomes the connection mediating device 304. It will communicate with the other party indirectly via the connection.

The self address notification unit 454 shown in FIG. 33 has the same function as the self address notification unit 253 of the third embodiment shown in FIG. That is, the self address notifying unit 454 notifies the connection mediating device 304 of the location address indicating the location of the self on the network, and the router to which the self is connected (not shown in FIG. 28). In addition, it has an additional function of notifying the connection mediation device 304 of the NAT type.

This additional function is performed with the help of a new component, the NAT type verification unit 484. Similar to the NAT type confirmation unit 283 of the third embodiment shown in FIG. 28, the NAT type confirmation unit 484 inquires of the NAT type identification apparatus 500 via the network N about its own NAT type It is a component with the ability to get answers from 500. The thick dashed-dotted arrows in the figure indicate the flow of inquiry and reply signals exchanged between the NAT type confirmation unit 484 and the NAT type discrimination device 500. Of course, this signal will be exchanged via a router and network N not shown.

Before the terminal device 404 according to the fourth embodiment communicates with the other party, the pre-processing shown in the flowchart of FIG. 29 is executed as in the third embodiment. This pre-processing has already been described in 7-1 7-1 and thus will not be described here.

After the pre-processing illustrated in the flowchart of FIG. 29 is completed, communication preparation in the network communication system according to the fourth embodiment illustrated in FIG. 33 is completed. Since the latest location address and NAT type are stored for each terminal device in the address table T60 in the connection mediating device 304 by the pre-processing, the connection mediating device 304 can start from the specific communication source terminal device. When a request for connection mediation to a communication destination terminal device comes, referring to the address table T60, when normal communication is performed between both terminals, the router for which the “Spot type NAT” is set makes the normal communication concerned. It is determined whether or not a problem occurs, and if it is determined that there is no problem, normal communication is selected, and if it is determined that there is a problem, bypass communication is selected.

In the case of the third embodiment described above, when the communication source terminal device 203 sends a connection mediation request S2 to the connection mediation device 103, the communication destination address and communication method are sent back to the communication source terminal device 203. On the other hand, in the case of the fourth embodiment described here, when the communication source terminal device 404 sends a connection mediation request S12 to the connection mediation device 304, another terminal of the communication destination, not the communication source terminal device 404. The “communication source address” and the “communication method” are to be transmitted to the device 404. Here, the “communication method” is information indicating whether normal communication or bypass communication, as described above. Therefore, in FIG. 33, the bold-line arrow pointing from network N to communication start request unit 444 at the communication destination (in FIG. 33, it is a component of the communication destination and is therefore shown as a double frame block) It becomes a signal including information on communication method together with address information.

The communication start request unit 444 receives the communication method address from the connection mediation device 304 together with the communication source address, and when the normal communication is selected as the communication method, the second embodiment of the prior invention basic invention and Similarly, the communication source address is accessed via the network N to make a communication start request. The subsequent communication procedure is as described in §2. On the other hand, when the alternative communication is selected as the communication method, the alternative communication instruction is issued to the alternative communication processing unit 474.

Similar to the bypass communication processing unit 273 in the third embodiment described in Section 7-1, the bypass communication processing unit 474 is a component performing bypass communication via the connection mediation device 304. That is, the bypass communication processing unit 474 performs indirect information transmission / reception with the other party via the connection mediation device 304 when failure of normal communication (communication indicated by the white arrow in the figure) is expected. Run. As described above, failure prediction is performed in the connection mediating device 304. When the communication start request unit 444 receives a communication method for selecting bypass communication from the connection mediating apparatus 304, the connection mediating apparatus 304 performs a failure prediction. In this case, the communication start request unit 444 instructs the bypass communication processing unit 474 to perform bypass communication, and the bypass communication processing unit 474 executes bypass communication. Specifically, the bypass communication processing unit 474 makes a relay request for bypass communication to the connection mediating device 304 (as will be described later, the bypass communication relay unit 344 in the connection mediating device 304), The bypass communication with the other party's bypass communication processing unit 474 is executed.

FIG. 34 is a block diagram showing a procedure for establishing a communication session between the communication source terminal device 404A and the communication destination terminal device 404B in the network communication system according to the fourth embodiment of the present invention shown in FIG. The terminal devices 404A and 404B shown are devices having the same configuration as the terminal device 404 shown in FIG. 33, and as in FIG. 8, for the components in the communication source terminal device 404B, processing necessary as a communication source The components (components of the rectangular block) that execute the command are indicated by solid lines, and the components within the communication destination terminal device 404A are the components (components of the double rectangular block) that perform the processing necessary as the communication destination. It is indicated by a solid line, and blocks of other components are indicated by a broken line. Further, the bypass communication processing units 474A and 474B and the NAT type confirmation units 484A and 484B, which are components unique to the fourth embodiment, are indicated by thick line frame blocks.

The connection mediating apparatus 304 (shown in FIG. 33) shown in FIG. 34 adds the detour communication relay section 344 to the connection mediating apparatus 300 shown in FIG. The table updating unit 320 and the communication source address transmitting unit 330 have the address table storage unit 314, the address table updating unit 324, and the communication source address transmitting unit 334 by providing some additional functions.

The bypass communication relay unit 344 in the connection mediation device 304 has a relay request for bypass communication between the bypass communication processing unit 474A of the first terminal device 404A and the bypass communication processing unit 474B of the second terminal device 404B. It is a component that takes information passed between the detour communication processing unit 474A of the first terminal device 404A and the detour communication processing unit 474B of the second terminal device 404B and relays the detour communication.

Further, as illustrated in FIG. 30, the address table storage unit 314 in the connection mediation device 304 has a function of storing an address table T60 in which NAT types are associated in addition to the terminal ID and the location address. The address table updating unit 324 in the connection mediation device 304 has an additional function of updating the NAT type in the address table T60 based on the information indicating the NAT type included in the notification from the self address notifying unit 454. .

On the other hand, when the connection mediation request S12 is transmitted from the connection mediation request unit 410B in the communication source terminal device 404B, the communication source address transmission unit 334 in the connection mediation device 304 refers to the address table T60 and performs connection. The location address AD1 associated with the terminal ID "0010" specified by the communication destination specification information included in the relay request S12 is recognized as the communication destination address, and a connection relay request is issued to the communication destination address AD1. The location address AD2 associated with the terminal ID "0020" of the terminal device 404B of the communication source that has transmitted S12 is transmitted as the communication source address (S14a).

At this time, the communication source address transmission unit 334 refers to the address table T60 to confirm the NAT type of the terminal device 404B of the communication source, and when the NAT type of the terminal device 404B of the communication source is not a junction type NAT. If normal communication is selected as the communication method, and the NAT type of the terminal device 404B of the communication source is a barrier-type NAT, detour communication is selected as the communication method, and the selected communication method is returned together with the communication source address. Do.

In the example shown in FIG. 34, when the address table T60 as shown in FIG. 30 is stored in the address table storage unit 314, the NAT type of the terminal device 404B (terminal ID: 0020) of the communication source is "sister type". The communication source address transmission unit 334 selects bypass communication as the communication method. The communication source terminal device 404B, as described in 5 5, refers to the communication source terminal device 404B when the communication destination terminal device 404A directly issues a communication start request S15 to the communication source terminal device 404B. The router RB may block the communication start request S15. In this case, the communication source address transmission unit 334 selects bypass communication as the communication method. In FIG. 34, an example in which information indicating the communication source address “AD2” and the communication method “detour communication” is transmitted from the communication source address transmission unit 334 to the communication start request unit 444A (thick arrow S14a in FIG. 34). It is shown. On the other hand, when the NAT type of the terminal device 404B of the communication source is "non-in-the-door type", the communication source address transmission unit 334 selects normal communication as the communication method.

The communication start request unit 444A in the communication destination terminal device 404A performs processing of normal communication when there is transmission for selecting “normal communication” from the communication source address transmission unit 334. Specifically, when the communication start request unit 444A accesses the communication source address AD2 to make a communication start request S15, the communication source session establishment unit 430B of the other party confirms the communication start acceptance to the communication destination session establishment unit 460A. S16 is transmitted. Thus, a communication session is established between the communication source session establishment unit 430B and the communication destination session establishment unit 460A.

On the other hand, when there is transmission from the communication source address transmission unit 334 to select “detour communication”, the communication start request unit 444A performs the processing of the bypass communication. That is, instead of performing the communication start request S15, the communication start request unit 444A sends a bypass communication instruction S15 'to the bypass communication processing unit 474A. Upon receiving the detour communication instruction S15 ', the detour communication processing unit 474A makes a relay request for the detour communication to the detour communication relay unit 344 and, via the detour communication relay unit 344, the detour communication processing unit 474B of the other party The detour communication S18a is executed. The bypass communication processing unit 474A acquires the communication source address AD2 from the communication start request unit 444A, transmits this to the bypass communication relay unit 344 and makes a relay request. In response to the relay request, the bypass communication relay unit 344 accesses the communication source address AD2, and requests the bypass communication processing unit 474B of the communication source terminal device 404B to start bypass communication. The bypass communication processing unit 474B sends a reply to the effect that the bypass communication processing unit 474B is accepted to the bypass communication relay unit 344 to execute bypass communication S18b. Thereafter, by the relay by the detour communication relay unit 344, detour communication is performed between the both terminal devices 404 A and 404 B.

In this bypass communication, all information packets between the two terminal devices 404A and 404B are exchanged via the connection mediation device 304. As described in 55, even if direct communication between both terminals 404A and 404B is blocked by the router of the gateway NAT, bypass communication between both terminals 404A and 404B is performed by the connection mediation device 304. Since it becomes communication to relay, it is performed without trouble.

FIG. 35 is a flow chart explaining the communication session establishment procedure in the embodiment 4 shown in the block diagram of FIG. 34 in chronological order. The procedure of normal communication in this flowchart is substantially the same as the flowchart of FIG. 9 showing the communication session establishment procedure in the second embodiment of the prior invention described in §2.

First, in step S11, the communication request acceptance process by the communication request acceptance unit 420B is performed, and in the subsequent step S12, the connection intermediation request unit 410B performs a connection intermediation request. Then, in step S13, the communication source address transmission unit 334 refers to the address table T60 stored in the address table storage unit 314, and in step S14a, communication start of the communication destination terminal device 404A from the communication source address transmission unit 334. The communication source address and the communication method are transmitted to the request unit 444A. In step S14b, the communication start request unit 444A that has received this transmission selects one of the two processing processes.

First, when “normal communication” is instructed as the communication method by the communication source address transmission unit 334, the process proceeds to step S15. The procedures of steps S15 to S17 in the flowchart of FIG. 35 are exactly the same as the procedures of steps S15 to S17 in the flowchart of FIG. That is, in step S15, the communication start request unit 444A sends a communication start request S15 to the communication source terminal device 404B. The communication source session establishment unit 430B receives the communication start request S15, and transmits the communication start acceptance confirmation S16 to the communication destination terminal device 404A in step S16. Then, in the subsequent step S17, a communication session between the communication source session establishment unit 430B and the communication destination session establishment unit 460A is established, and the normal communication S17 is performed.

On the other hand, when “rerouting communication” is instructed as the communication method, the process proceeds to step S15 ′, and the communication start request unit 444A gives the detour communication instruction to the detour communication processing unit 474A. Then, in the subsequent step S18, a bypass communication process is performed. That is, the bypass communication processing units 474A and 474B and the bypass communication relay unit 344 perform bypass communication processing (S18a and S18b in FIG. 34).

<<< 8 8. Approach to conduct bypass communication in case of UDP block >>>
In the fifth and sixth embodiments described in §8, in the system according to the basic application of the prior application, when the normal communication is expected to fail, the method is detected in advance and switched to the bypass communication, This embodiment is common to the third and fourth embodiments described in 77 in that the approach of prior detection of failure is taken. However, in the third and fourth embodiments described in 77, the embodiment described in 迂回 8 is employed while the method of switching to the bypass communication is taken when it is expected that the normal communication is blocked by the router of the gateway NAT. In 5 and 6, in a system based on the assumption that UDP is used as a protocol for normal communication, a method of switching to bypass communication is adopted when it is predicted that a UDP packet may be blocked.

As described in 55, TCP and UDP as communication protocols have advantages and disadvantages, and TCP emphasizes accuracy rather than communication speed, while UDP emphasizes communication speed rather than accuracy. Is placed. For this reason, when constructing a network communication system mainly for voice communication such as telephone, it is preferable to adopt UDP as a protocol for normal communication to reduce the overall communication load. However, if the firewall installed between the terminals has a specification for blocking UDP packets, the UDP packets can not be delivered to the other party by normal communication. On the other hand, since TCP is a protocol widely used for Web browsing, it may be considered that an element that blocks TCP packets does not practically exist on the route to the terminal device.

The fifth and sixth embodiments described in § 8 relate to a system on the premise of adopting UDP as a protocol for normal communication, but it is expected that normal communication can not be performed by the UDP block. In the above, instead of normal communication by UDP, communication between the two is performed by performing bypass communication using a protocol such as TCP.

Here, when it is determined whether or not there is an element that blocks the UDP packet on the route to each terminal device, the notification processing of the own location address performed by the own address notification unit is used. As described in 1,1 and 22, the self address notifying unit functions to notify the connection mediating device of the self address at a predetermined timing. Therefore, in the fifth and sixth embodiments described below, when the self-address notification unit notifies the self-address, first, the first notification is performed using UDP as a communication protocol, and the first notification fails. In the case, subsequently, the second notification using TCP as a communication protocol is performed.

If the notification of the self address is performed by such a method, the connection mediating device, when creating the address table, is whether the self address notification from each terminal device was performed by the communication protocol using UDP. It is possible to recognize whether or not the communication protocol using TCP has been performed, and the communication protocol can be recorded in the address table. The recording of the communication protocol is information indicating whether each terminal can perform normal communication using UDP.

That is, since the terminal device whose communication protocol recording is "UDP" is a terminal device that succeeded in notifying its own address by the first notification using UDP as the communication protocol, at least the terminal device Since it can be determined that there is no element blocking the UDP packet on the communication route between the terminal and the connection mediation device, it is possible for normal communication using UDP as far as it relates to the terminal device and the connection mediation device. No problems will occur. On the other hand, since the terminal device whose communication protocol record is "TCP" is a terminal device that failed to notify its own address by the first notification using UDP as the communication protocol, It can be determined that there is an element blocking the UDP packet on the communication route with the connection mediation device. Of course, since the communication route between the terminal device and the connection mediation device and the communication route between the terminal device and another terminal device are not the same, it is because UDP communication failed or succeeded in the former route. In fact, UDP communication does not necessarily fail or succeed on the latter route. However, when UDP communication fails between a specific terminal device and a connection mediation device, there is a high possibility that UDP communication between the specific terminal device and another terminal device also fails.

Therefore, when there is a connection mediation request from the terminal device at the communication source to the terminal device at the communication destination, the connection mediation device 100 checks the communication protocol recorded in the address table for both terminal devices, It is possible to grasp the possibility that there is an element blocking the UDP packet between them, and it can be predicted whether or not the normal communication between the two terminals will be disturbed. That is, when the communication protocol recorded in the address table for at least one of the terminal device of the communication source and the terminal device of the communication destination is "UDP", UDP exchanged between the two terminals It is expected that packets may be blocked and normal communication with UDP between the two terminals may fail. Therefore, when a failure in normal communication using UDP is predicted, the connection mediation device can give the terminal device an instruction to perform bypass communication instead of the normal communication. The terminal apparatus that has received such an instruction performs bypass communication in the same manner as the methods described in §6 and §7.

Hereinafter, an example in which such a communication method is applied to the first embodiment (FIG. 2) of the prior application basic invention shown in § 1 will be described as a fifth embodiment, and the second application of the prior application basic invention An example applied to the embodiment (FIG. 7) is described as a sixth embodiment. Of course, various modifications described in §3 and 44 can also be applied to the fifth and sixth embodiments described below. Each component shown as a block in each of the fifth and sixth embodiments is actually realized by a dedicated program incorporated in a computer, like the system according to the prior application basic invention described above. It will be

<8-1. Example 5>
FIG. 36 is a block diagram showing a detailed configuration of the terminal device 205 in the network communication system according to the fifth embodiment of the present invention. The terminal device 205 shown here adds some corrections to the communication start request unit 240 and the self address notification unit 250 in the terminal device 200 according to the first embodiment of the prior invention basic invention shown in FIG. A request unit 245 and a self address notification unit 255 are added, and a bypass communication processing unit 275 (in the figure, a new component is indicated by a bold line frame block) is added as a new component.

Further, the communication destination session establishing unit 230 and the communication source session establishing unit 260 are replaced with the communication destination session establishing unit 235 and the communication source session establishing unit 265, respectively. The basic functions of the communication destination session establishment unit 235 and the communication source session establishment unit 265 are similar to those of the communication destination session establishment unit 230 and the communication source session establishment unit 260 shown in FIG. 2, but the communication protocol is limited to UDP. The points are different. That is, in the network communication system shown in the fifth embodiment, the protocol of normal communication is fixed to UDP. The connection intermediation request unit 210 and the communication request reception unit 220, which are the other components, are the same as the respective components of the same reference numerals shown in FIG. 2, and the details of their functions are as already described in §1. .

Further, in the fifth embodiment shown in FIG. 36, a connection mediating apparatus 105 is used instead of the connection mediating apparatus 100 shown in FIG. The connection mediating device 105 is obtained by adding the function of instructing the communication method (whether normal communication or bypass communication) and the function of relaying the reverse communication to the functions of the connection mediating device 100 shown in FIG. Details of the configuration will be described later. As a result, in the fifth embodiment shown in FIG. 36, the component indicated by the block in which the first digit in the three-digit code is “5” is a component unique to the fifth embodiment. .

Similar to the system of the prior invention shown in FIG. 2, the system according to the fifth embodiment includes a plurality of terminal devices (for convenience, only one terminal device 205 can be connected to each other via the network N). And a connection mediation device 105 that mediates the connection between the plurality of terminal devices. Here, each terminal device 205 is provided with a terminal ID for mutually identifying each terminal device, and the connection mediation device 105 uses the terminal ID as a communication source terminal device and the like. The processing of mediating the connection with the terminal device to be the communication destination is executed.

The thick arrows in this figure indicate the flow of signals exchanged between the terminal device 205 and the connection mediation device 105, and the thin arrows (except for the arrows inside the block 205) indicate between the pair of terminal devices 205. , And the flow of signals before establishment of a communication session, which are directly exchanged. The white arrows indicate the flow of signals after communication session establishment, which are directly exchanged between the pair of terminal devices 205. The white arrow indicates "normal communication", which indicates the original communication assumed by this system, that is, the communication directly performed between the terminal devices 205. On the other hand, the bold arrow extending from the detour communication processing unit 275 is described as “detour communication”. This is because the terminal device 205 is expected to fail in the “normal communication” described above. Indicates that communication to the other party is indirectly performed via the connection mediation device 105.

Similar to the self-address notifying unit 250 shown in FIG. 2, the self-address notifying unit 255 shown in FIG. 36 has a function of notifying the connection mediating apparatus 105 of the location address indicating the location of the self on the network. This self address notification process is the preprocess of the communication procedure in the network communication system according to the fifth embodiment, and the basic process contents are as already described in detail in §1. However, the self address notification unit 255 adopts a specific procedure when notifying the connection intermediation device 105 of its own location address.

FIG. 37 is a flow chart for explaining, in chronological order, pre-processing of communication procedures (notification processing of own address) in the network communication system according to the fifth embodiment. First, in step S51, the self address notification unit 255 performs a first notification using UDP as a communication protocol. That is, the UDP packet for notifying the own address is transmitted from the own address notifying unit 255 to the connection mediating device 105. In the following step S52, it is determined whether or not the first notification has succeeded. In response to the self address notification by the UDP packet, if the connection mediation device 105 is configured to send back an acknowledgment signal for confirmation of receipt, the self address notification unit 255 determines whether the acknowledgment is obtained or not. It can be determined whether the notification has succeeded.

If the first notification is successful, the self-address notification process by the self-address notification unit 255 is complete, but if the first notification fails, then in step S53, TCP is used as the communication protocol. The second notification is made. As described above, since TCP is a protocol widely used for browsing the Web, there is no problem considering that the second notification does not fail in practice. If no acknowledgment for the second notification is obtained, the same notification may be made several times.

As described above, the own address notifying unit 255 notifies the connection mediation device 105 of the location address of the own device by the UDP packet or the TCP packet. Therefore, in FIG. 36, the thick arrow pointing from the own address notification unit 255 to the network N is a signal having information on the location address of the terminal device 205, and the communication protocol is UDP or TCP.

Thus, since the information of the location address is notified from the terminal device 205 to the connection mediation device 105 by the communication protocol of UDP or TCP, the address table in the connection mediation device 105 is added to the terminal ID and the location address. Further, information associated with the communication protocol (whether UDP or TCP) used for the self address notification is stored. That is, in step S54 of the flowchart of FIG. 37, the address table updating unit 125 in the connection mediating apparatus 105 updates the address table including the communication protocol. FIG. 38 shows an address table T70 created by such an update. Similar to the address table T shown in FIG. 6, this address table T70 indicates the location addresses notified from the four sets of terminal devices, but in addition to the location addresses, also the communication protocol information (right column) It is recorded.

The communication preparation in the network communication system according to the fifth embodiment shown in FIG. 36 is completed when the pre-processing shown in the flowchart of FIG. 37 is completed. Since notification of the location address by the self address notification unit 255 is repeatedly executed at a predetermined timing, the latest location address and communication protocol are always stored in the address table T70 in the connection mediating device 105 for each terminal device. It will be. Therefore, when the connection mediation device 105 receives a connection mediation request from a specific communication source terminal device to a specific communication destination terminal device, the connection mediation device 105 refers to the address table T70 and performs normal communication between both terminals. Then, it is judged by the UDP block element whether or not trouble occurs in the normal communication, and when it is judged that there is no trouble, the normal communication is selected, and when judged as trouble, the bypass communication is selected.

Specifically, for both of the communication source terminal device and the communication destination terminal device, when the communication protocol recorded in the address table T70 is UDP, the connection mediation device 105 causes no hindrance to the normal communication. Judge as and select normal communication. On the other hand, if at least one of the communication protocols recorded in the address table T70 is TCP, it is judged that there is a problem in the normal communication, and the bypass communication is selected.

Then, when a communication destination address is returned from the connection mediation device 105 to the communication start request unit 245 of the communication source terminal device 205, information indicating the selected communication method (information indicating normal communication or bypass communication) Reply together. Therefore, in FIG. 36, the thick arrow going from the network N to the communication start request unit 245 is a signal including the communication method information together with the communication destination address information.

The communication start request unit 245 transmits the communication method address together with the communication destination address from the connection mediating apparatus 105, and when the normal communication is selected as the communication method, the communication start request unit 245 performs the first embodiment of the prior application basic invention and Similarly, the communication destination address is accessed via the network N to make a communication start request. The subsequent communication procedure is as described in §1. On the other hand, when the alternative communication is selected as the communication method, the alternative communication instruction is issued to the alternative communication processing unit 275.

Similar to the bypass communication processing unit 273 in the third embodiment described in §7, the bypass communication processing unit 275 is a component that performs bypass communication via the connection mediation device 105. That is, the bypass communication processing unit 275 performs indirect information transmission / reception with the other party via the connection intermediation device 105 when failure of normal communication (communication indicated by the white arrow in the figure) is expected. Run. As described above, failure prediction is performed in the connection mediating device 105. When the communication start request unit 245 receives a communication method for selecting bypass communication from the connection mediating device 105, this corresponds to the case where the connection mediating device 105 has predicted a failure. In this case, the communication start request unit 245 instructs the bypass communication processing unit 275 to perform bypass communication, and the bypass communication processing unit 275 executes bypass communication.

Specifically, the bypass communication processing unit 275 makes a relay request for bypass communication to the connection mediating device 105 (as described later, the bypass communication relay unit 145 therein), and, via the connection mediating device 105, The detour communication with the detour communication processing unit 275 of the other party is executed. Since exchange of information packets for this bypass communication is performed by the TCP protocol, even if there is a UDP block element in the middle of the route, the bypass communication will not be disturbed. As a modification, it is also possible to adopt a method in which the detour communication is initially executed by the UDP protocol and switched to the TCP protocol in case of failure.

39 is a block diagram showing a procedure for establishing a communication session between the communication source terminal device 205A and the communication destination terminal device 205B in the network communication system according to the fifth embodiment of the present invention shown in FIG. The terminal devices 205A and 205B shown are devices having the same configuration as the terminal device 205 shown in FIG. 36, and as in FIG. 4, the components in the communication source terminal device 205A are processes necessary as a communication source The components (components of the rectangular block) for executing the command are indicated by solid lines, and the components within the communication destination terminal device 205B are components (components of the double rectangular block) that perform processing required as a communication destination. It is indicated by a solid line, and blocks of other components are indicated by a broken line. Further, the bypass communication processing units 275A and 275B, which are components unique to the fifth embodiment, are indicated by bold line frame blocks.

The connection mediating device 105 (shown in FIG. 36) shown in FIG. 39 adds the detour communication relay portion 145 to the connection mediating device 100 shown in FIG. The table update unit 120 and the communication destination address return unit 130 are configured as the address table storage unit 115, the address table update unit 125, and the communication destination address return unit 135 by providing some additional functions.

The bypass communication relay unit 145 in the connection mediation device 105 has a relay request for bypass communication between the bypass communication processing unit 275A of the first terminal device 205A and the bypass communication processing unit 275B of the second terminal device 205B. It is a component that takes information passed between the detour communication processing unit 275A of the first terminal device 205A and the detour communication processing unit 275B of the second terminal device 205B and relays the detour communication.

Further, as illustrated in FIG. 38, the address table storage unit 115 in the connection mediation device 105 further has a function of storing an address table T70 in which communication protocols are associated, in addition to the terminal ID and the location address. Then, when updating the address table T 70, the address table updating unit 125 in the connection mediation device 105 associates UDP as a communication protocol when updating based on the first notification received by UDP. When updating is performed based on the second notification received by TCP, the communication protocol is updated to correspond to TCP.

On the other hand, when the connection mediation request S2 is transmitted, the communication destination address replying unit 135 in the connection mediation device 105 refers to the address table T70 and communicates the communication protocol of the terminal device of the communication source and the terminal device of the communication destination. If the communication protocols of both terminal devices are both UDP, normal communication is selected as the communication method, and if at least one of the communication protocols is TCP, bypass communication is selected as the communication method. It has a function of returning the selected communication method together with the communication destination address.

In the example shown in FIG. 39, when the address table T70 as shown in FIG. 38 is stored in the address table storage unit 115, the communication protocol of the terminal device 205B (terminal ID: 0020) of the communication destination is “TCP”. Since the communication destination address reply unit 135 selects the bypass communication as the communication method. When the communication protocol of the communication destination terminal device 205B is "TCP", it indicates that the first self-address notification by UDP from the communication destination terminal device 205B is blocked somewhere. Therefore, when the communication start request S5 is sent from the communication source terminal device 205A to the communication destination terminal device 205B, the communication start request S5 may be blocked in the middle of the route to the communication destination terminal device 205B. There is.

In this case, the communication destination address return unit 135 selects the bypass communication as the communication method. In FIG. 39, an example in which information indicating the communication destination address “AD2” and the communication method “detour communication” is returned from the communication destination address reply unit 135 to the communication start request unit 245A (thick arrow S4a in FIG. 39). It is shown. On the other hand, if the communication protocol for both the communication source terminal device 205A and the communication destination terminal device 205B is "UDP", the communication destination address reply unit 135 selects normal communication as the communication method. It will be.

The communication start request unit 245A in the communication source terminal device 205A performs normal communication processing when the communication destination address return unit 135 returns a response for selecting "normal communication". Specifically, when the communication start request unit 245A accesses the communication destination address AD2 and makes a communication start request S5 by UDP, the other party communication destination session establishment unit 235B sends a communication source session establishment unit 265A to UDP. Communication start acceptance confirmation S6 is transmitted. Thus, a communication session by UDP is established between the communication source session establishment unit 265A and the communication destination session establishment unit 235A.

On the other hand, when the communication destination address replying unit 135 returns a reply for selecting the “detour communication”, the communication start request unit 245A performs a bypass communication process. That is, instead of performing the communication start request S5, the communication start request unit 245A sends a bypass communication instruction S5 'to the bypass communication processing unit 275A. When the detour communication processing unit 275 A receives the detour communication instruction S 5 ′, the detour communication processing unit 275 A makes a relay request for detour communication to the detour communication relay unit 145 by TCP, and the bypass communication processing unit of the other party via the detour communication relay unit 145 The bypass communication S8a with TCP is executed with the communication unit 275B. The bypass communication processing unit 275A acquires the communication destination address AD2 from the communication start request unit 245A, transmits this to the bypass communication relay unit 145 by TCP, and makes a relay request. In response to the relay request, the bypass communication relay unit 145 accesses the communication destination address AD2 by TCP, and requests the bypass communication processing unit 275B of the communication destination terminal device 205B to start bypass communication. The bypass communication processing unit 275B sends a reply to the effect that the bypass communication processing unit 275B accepts this to the bypass communication relay unit 145 by TCP, and executes the bypass communication S8b by TCP. Thereafter, by the relay by the detour communication relay unit 145, detour communication by TCP is performed between both the terminal devices 205A and 205B.

In this bypass communication, all information packets between the terminal devices 205A and 205B are exchanged as TCP packets via the connection mediation device 105. Therefore, even if the UDP block element exists in the route between both terminal devices 205A and 205B, the detour communication between both terminal devices 205A and 205B is performed without any problem. As described above, as a modification, it is also possible to adopt a method in which the detour communication is first executed by the UDP protocol and switched to the TCP protocol in case of failure.

FIG. 40 is a flowchart illustrating the communication session establishment procedure in the fifth embodiment shown in the block diagram of FIG. 39 in chronological order. The procedure of normal communication in this flowchart is substantially the same as the flowchart of FIG.

First, in step S1, the communication request acceptance process by the communication request acceptance unit 220A is performed, and in the subsequent step S2, a connection intermediation request is performed by the connection intermediation request unit 210A. This connection mediation request may be either UDP or TCP (it may be made by TCP from the beginning, or it may be made first by UDP, and if the connection mediation request by UDP fails, the connection mediation request by TCP may be made again) . Then, in step S3, the communication destination address reply unit 135 refers to the address table T70 stored in the address table storage unit 115, and in step S4a, the communication destination address reply unit 135 sends the communication start request unit 245A. , Communication destination address and communication method are returned. This reply may also be made by UDP or by TCP. In step S4b, the communication start request unit 245A that has received the reply selects one of the two processing processes.

First, when “normal communication” is instructed as the communication method, the process proceeds to step S5 to perform UDP communication. The procedure of steps S5 to S7 in the flowchart of FIG. 40 is exactly the same as the procedure of steps S5 to S7 in the flowchart of FIG. However, the communication protocol for normal communication is UDP. That is, in step S5, the communication start request unit 245A sends a communication start request S5 to the communication destination terminal device 205B by UDP. The communication destination session establishing unit 235B receives the communication start request S5, and transmits the communication start acceptance confirmation S6 to the communication source terminal device 205A by UDP in step S6. Then, in the subsequent step S7, a communication session between the communication destination session establishment unit 235B and the communication source session establishment unit 265A is established, and the normal communication S7 is performed by UDP.

On the other hand, when "rerouting communication" is instructed as the communication method, the process proceeds to step S5 ', and the communication start request unit 245A gives the detour communication instruction to the detour communication processing unit 275A. Then, in the subsequent step S8, the bypass communication process is executed. That is, the detour communication processing by TCP is performed by the detour communication processing units 275A and 275B and the detour communication relay unit 145 (S8a and S8b in FIG. 39).

<8-2. Example 6>
FIG. 41 is a block diagram showing a detailed configuration of the terminal device 406 in the network communication system according to the sixth embodiment of the present invention. The terminal device 406 shown here adds a slight modification to the communication start request unit 440 and the self address notification unit 450 in the terminal device 400 according to the second embodiment of the prior invention basic invention shown in FIG. A request unit 446 and a self address notification unit 456 are additionally provided with a bypass communication processing unit 476 (in the figure, a new component is indicated by a bold line frame block) as a new component.

Further, the communication source session establishment unit 430 and the communication destination session establishment unit 460 are replaced with a communication source session establishment unit 436 and a communication destination session establishment unit 466, respectively. The basic functions of the communication source session establishment unit 436 and the communication destination session establishment unit 466 are the same as those of the communication source session establishment unit 430 and the communication destination session establishment unit 460 shown in FIG. 7, but the communication protocol is limited to UDP. The points are different. That is, in the network communication system shown in the sixth embodiment, the protocol of normal communication is fixed to UDP. The connection intermediation request unit 410 and the communication request reception unit 420, which are the other components, are the same as the components of the same reference numerals shown in FIG. 7, and the details of their functions are as already described in §2. .

Further, in the sixth embodiment shown in FIG. 41, a connection mediation device 306 is used instead of the connection mediation device 300 shown in FIG. The connection mediation device 306 is obtained by adding the function of instructing the communication method (whether normal communication or bypass communication) and the function of relaying bypass communication to the functions of the connection mediation device 300 shown in FIG. Details of the configuration will be described later. As a result, in the sixth embodiment shown in FIG. 41, the component indicated by the block in which the first digit in the three-digit code is “6” is a component unique to the sixth embodiment. .

Similar to the system of the prior invention shown in FIG. 7, the system according to the sixth embodiment includes a plurality of terminal devices (for convenience, only one terminal device 406 can be connected to each other via the network N). And a connection mediation device 306 that mediates the connection between the plurality of terminal devices. Here, each terminal device 406 is provided with a terminal ID for mutually identifying each terminal device, and the connection mediation device 306 uses the terminal ID as a communication source terminal device. The processing of mediating the connection with the terminal device to be the communication destination is executed.

Also in this figure, three types of arrows, thick arrows, thin arrows, and white arrows, are used as in the embodiments described above. White arrows indicate “normal communication”, and thick arrows extending from the bypass communication processing unit 476 indicate “route communication”. As in the fifth embodiment, the sixth embodiment is originally intended to perform "normal communication", but when failure of the "normal communication" is expected, the terminal device 406 serves as the connection mediation device 306. It will communicate with the other party indirectly via the connection.

Similar to the self address notification unit 450 shown in FIG. 7, the self address notification unit 456 shown in FIG. 41 has a function of notifying the connection mediating device 306 of the location address indicating the location of the self on the network. This self address notification process is referred to as pre-processing of the communication procedure in the network communication system according to the sixth embodiment, and the basic process content is as already described in detail in 自己 2. However, the self address notifying unit 456 adopts a specific procedure when notifying the connection intermediation device 306 of its own location address, as in the self address notifying unit 255 in the fifth embodiment described above.

The specific procedure performed by the own address notification unit 456 is the same as the procedure performed by the own address notification unit 255 in the fifth embodiment, and is as illustrated in the flowchart of FIG. That is, when notifying the connection mediating device 306 of its own location address, the self address notification unit 456 first performs a first notification (corresponding to S51 in FIG. 37) using UDP as a communication protocol, If the first notification fails, subsequently, a second notification (corresponding to S53 in FIG. 37) using TCP as a communication protocol is performed.

As described above, the own address notifying unit 456 notifies the connection mediating device 306 of its own location address by using a UDP packet or a TCP packet. Therefore, in FIG. 41, the thick arrow pointing from the self address notifying unit 456 to the network N is a signal having information of the location address of the terminal device 406, and the communication protocol is UDP or TCP.

Thus, since the information on the location address is notified from the terminal device 406 to the connection mediation device 306 by the communication protocol of UDP or TCP, the address table in the connection mediation device 306 is added to the terminal ID and the location address. Further, information associated with the communication protocol (whether UDP or TCP) used for the self address notification is stored. That is, as in the process of step S54 in the flowchart of FIG. 37, the address table updating unit 326 in the connection mediating device 306 updates the address table including the communication protocol. For example, the address table as shown in FIG. T70 is obtained.

In this way, when the pre-processing according to the flowchart of FIG. 37 is completed, the communication preparation in the network communication system according to the sixth embodiment shown in FIG. 41 is completed. Since the notification of the location address by the self address notification unit 456 is repeatedly executed at a predetermined timing, the latest location address and communication protocol are always stored in the address table T70 in the connection mediation device 306 for each terminal device. It will be. Therefore, when the connection mediation device 306 receives a connection mediation request from a specific communication source terminal device to a specific communication destination terminal device, the connection mediation device 306 refers to the address table T70 and performs normal communication between both terminals. Then, it is judged by the UDP block element whether or not trouble occurs in the normal communication, and when it is judged that there is no trouble, the normal communication is selected, and when judged as trouble, the bypass communication is selected.

Specifically, for both of the communication source terminal device and the communication destination terminal device, when the communication protocol recorded in the address table T70 is UDP, the connection mediation device 306 causes no hindrance to the normal communication. Judge as and select normal communication. On the other hand, if at least one of the communication protocols recorded in the address table T70 is TCP, it is judged that there is a problem in the normal communication, and the bypass communication is selected.

In the case of the fifth embodiment described above, when the communication source terminal device 205 sends a connection mediation request S2 to the connection mediation device 105, the communication destination address and communication method are returned to the communication source terminal device 205. On the other hand, in the case of the sixth embodiment described here, when the communication source terminal device 406 sends a connection mediation request S12 to the connection mediation device 306, another terminal of the communication destination, not the communication source terminal device 406. The “communication source address” and the “communication method” are to be transmitted to the device 406. Here, the “communication method” is information indicating whether normal communication or bypass communication, as described above. Therefore, in FIG. 41, the bold arrow pointing from network N to communication start request communication unit 446 (shown as a double-framed block because it is a component of communication destination in FIG. 41) is the communication source It becomes a signal including information on communication method together with address information.

When the communication start request unit 446 returns a communication method together with the communication source address from the connection mediation device 306, when the normal communication is selected as the communication method, the communication start request unit 446 is the second embodiment of the prior invention basic invention and Similarly, the communication source address is accessed via the network N to make a communication start request. The subsequent communication procedure is as described in §2. On the other hand, when the alternative communication is selected as the communication method, the alternative communication instruction is issued to the alternative communication processing unit 476.

The bypass communication processing unit 476 is a component that performs bypass communication via the connection mediation device 306 in the same manner as the bypass communication processing unit 275 in the fifth embodiment described in §8-1. That is, the bypass communication processing unit 476 performs indirect information transmission / reception to / from the other party via the connection mediation device 306 when failure of normal communication (communication indicated by a white arrow in the figure) is expected. Run. As described above, failure prediction is performed in the connection mediating device 306. When the communication start request unit 446 receives a communication method for selecting bypass communication from the connection mediating device 306, this corresponds to a case in which the connection mediating device 306 has predicted failure. In this case, the communication start request unit 446 instructs the detour communication processing unit 476 to perform detour communication, and the detour communication processing unit 476 executes detour communication by TCP. Specifically, the detour communication processing unit 476 requests the connection mediation device 306 (as will be described later, in the detour communication relay unit 346 therein) to relay the detour communication by TCP, and the connection mediation device 306 Then, the bypass communication by the TCP with the bypass communication processing unit 476 of the other party is executed. As described above, as a modification, it is also possible to adopt a method in which the detour communication is first executed by the UDP protocol and switched to the TCP protocol in case of failure.

42 is a block diagram showing a procedure for establishing a communication session between the communication destination terminal device 406A and the communication source terminal device 406B in the network communication system according to the sixth embodiment of the present invention shown in FIG. The terminal devices 406A and 406B shown are devices having the same configuration as the terminal device 406 shown in FIG. 41, and as in FIG. 8, for the components in the communication source terminal device 406B, processing necessary as a communication source The components (components of the rectangular block) that execute the command are indicated by solid lines, and the components within the communication destination terminal device 406A are the components (components of the double rectangular block) that perform the processing necessary as the communication destination. It is indicated by a solid line, and blocks of other components are indicated by a broken line. Further, the bypass communication processing units 476A and 476B, which are components unique to the sixth embodiment, are indicated by thick line frame blocks.

The connection mediating device 306 (shown in FIG. 41) shown in FIG. 42 adds the detour communication relay portion 346 to the connection mediating device 300 shown in FIG. The table update unit 320 and the communication destination address return unit 330 have the address table storage unit 316, the address table update unit 326, and the communication source address transmission unit 336 by providing some additional functions.

The bypass communication relay unit 346 in the connection mediation device 306 has a relay request for bypass communication between the bypass communication processing unit 476A of the first terminal device 406A and the bypass communication processing unit 476B of the second terminal device 406B. It is a component that takes information relayed between the detour communication processing unit 476A of the first terminal device 406A and the detour communication processing unit 476B of the second terminal device 406B and relays the detour communication.

Further, as illustrated in FIG. 38, the address table storage unit 316 in the connection mediation device 306 further has a function of storing an address table T70 in which communication protocols are associated, in addition to the terminal ID and the location address. Then, when updating the address table T 70, the address table updating unit 326 in the connection mediation device 306 associates UDP as a communication protocol when updating based on the first notification received by UDP. When updating is performed based on the second notification received by TCP, the communication protocol is updated to correspond to TCP.

On the other hand, when the connection mediation request S12 is transmitted from the connection mediation request unit 410B in the communication source terminal device 406B, the communication source address transmission unit 336 in the connection mediation device 306 refers to the address table T70 for connection. The location address AD1 associated with the terminal ID "0010" specified by the communication destination specification information included in the relay request S12 is recognized as the communication destination address, and a connection relay request is issued to the communication destination address AD1. The location address AD2 associated with the terminal ID "0020" of the terminal device 406B of the communication source that has transmitted S12 is transmitted as a communication source address (S14a).

At this time, the communication source address transmission unit 336 refers to the address table T70 to confirm the communication protocol of the terminal device of the communication source and the terminal device of the communication destination, and the communication protocol of both terminal devices is UDP. In this case, it has a function of selecting normal communication as the communication method, and selecting detour communication as the communication method when at least one of the communication protocols is TCP, and transmitting the selected communication method together with the communication source address. .

The communication start request unit 446A in the communication destination terminal device 406A performs a process of normal communication when there is transmission for selecting “normal communication” from the communication source address transmission unit 336. Specifically, when the communication start request unit 446A accesses the communication source address AD2 and makes a communication start request S15 by UDP, the communication source session establishment unit 436B of the other party transmits to the communication destination session establishment unit 466A by UDP. Communication start acceptance confirmation S16 is transmitted. Thus, a communication session by UDP is established between the communication source session establishment unit 436B and the communication destination session establishment unit 466A.

On the other hand, when there is a transmission from the communication source address reply unit 336 to select “detour communication”, the communication start request unit 446A performs processing of bypass communication. That is, instead of performing the communication start request S15, the communication start request unit 446A sends a bypass communication instruction S15 'to the bypass communication processing unit 476A. When the detour communication processing unit 476 A receives the detour communication instruction S 15 ′, the detour communication processing unit 476 A makes a relay request for detour communication to the detour communication relay unit 346 by TCP, and the bypass communication processing unit of the other party via the detour communication relay unit 346 A bypass communication S18a with TCP is performed with 476B. The bypass communication processing unit 476A acquires the communication source address AD2 from the communication start request unit 446A, transmits this to the bypass communication relay unit 346, and makes a relay request. In response to the relay request, the bypass communication relay unit 346 accesses the communication source address AD2 by TCP, and requests the bypass communication processing unit 476B of the communication source terminal device 406B to start bypass communication by TCP. The bypass communication processing unit 476B sends a reply by TCP to the effect of accepting the request to the bypass communication relay unit 346, and executes the bypass communication S18b by TCP. Thereafter, by the relay by the detour communication relay unit 346, detour communication is performed by TCP between the both terminal devices 406A and 406B.

In this bypass communication, all information packets between the two terminal devices 406A and 406B are exchanged as TCP packets via the connection mediation device 306. Therefore, even if the UDP block element exists in the route between the two terminal devices 406A and 406B, the detour communication between the two terminal devices 406A and 406B is performed without any problem. As described above, as a modification, it is also possible to adopt a method in which the detour communication is first executed by the UDP protocol and switched to the TCP protocol in case of failure.

FIG. 43 is a flowchart illustrating the communication session establishment procedure in the sixth embodiment illustrated in the block diagram of FIG. 42 in chronological order. The procedure of normal communication in this flowchart is substantially the same as the flowchart of FIG. 9 showing the communication session establishment procedure in the second embodiment of the prior invention described in §2.

First, in step S11, the communication request acceptance process by the communication request acceptance unit 420B is performed, and in the subsequent step S12, the connection intermediation request unit 410B performs a connection intermediation request. Then, in step S13, the communication source address transmission unit 336 refers to the address table T70 stored in the address table storage unit 316, and in step S14a, the communication source address transmission unit 336 starts communication with the communication destination terminal device 406A. The communication source address and the communication method are transmitted to the request unit 446A. In step S14b, the communication start request unit 446A that has received this transmission selects one of the two processing processes.

First, when “normal communication” is instructed as the communication method, the process proceeds to step S15. The procedure of steps S15 to S17 in the flowchart of FIG. 43 is exactly the same as the procedure of steps S15 to S17 in the flowchart of FIG. However, the communication protocol for normal communication is UDP. That is, in step S15, the communication start request unit 446A sends a communication start request S15 to the communication source terminal device 406B by UDP. The communication source session establishment unit 436B receives the communication start request S15, and transmits the communication start acceptance confirmation S16 to the communication destination terminal device 406A by UDP in step S16. Then, in the subsequent step S17, the communication session between the communication source session establishment unit 436B and the communication destination session establishment unit 466A is established, and the normal communication S17 is performed by UDP.

On the other hand, when “rerouting communication” is instructed as the communication method, the process proceeds to step S15 ′, and the communication start request unit 446A gives the detour communication instruction to the detour communication processing unit 476A. Then, in the subsequent step S18, a bypass communication process is performed. That is, the bypass communication processing by TCP is performed by the bypass communication processing units 476A and 476B and the bypass communication relay unit 346 (S18a and S18b in FIG. 42).

The network communication system according to the present invention enables stable communication between arbitrary terminal devices in a state where various terminal devices connectable to the Internet, such as personal computers, mobile phones, tablet terminals, etc., are used. It provides technology and has sufficient industrial availability.

100: connection mediation device 101: connection mediation device 103 of the first embodiment: connection mediation device 105 of the third embodiment: connection mediation device 110 of the fifth embodiment: address table storage unit 113: address table storage unit 115 of the third embodiment Address table storage unit 120 of the fifth embodiment: address table update unit 123: address table update unit 125 of the third embodiment: address table update unit 130 of the fifth embodiment: communication destination address reply unit 133: communication destination address of the third embodiment Reply unit 135: communication destination address reply unit 141 of the fifth embodiment: bypass communication relay unit 143 of the first embodiment: bypass communication relay unit 145 of the third embodiment: bypass communication relay units 200, 200A to 200K of the fifth embodiment: terminal Devices 201H, 201K: VPN communication units 201, 201A, 201B: terminal devices 203, 203A, 20 of the first embodiment B: terminal devices 205, 205A, 205B of the third embodiment: terminal devices 210, 210A, 210B of the fifth embodiment: connection mediation request units 220, 220A, 220B: communication request receiving units 230, 230A, 230B: communication destination session establishment Sections 235, 235A, 235B: communication destination session establishment units 240, 240A, 240B of the fifth embodiment: communication start request units 241, 241A, 241B: communication start request units 243, 243A, 243B of the first embodiment: third embodiment Communication start request units 245, 245A, 245B: communication start request units 250, 250A, 250B of the fifth embodiment: self address notification units 253, 253A, 253B: self address notification units 255, 255A, 255B of the third embodiment: embodiment Self address notification unit 260, 260A, 260B: communication source session confirmation Sections 261, 261A, 261B: communication source session establishment units 265, 265A, 265B of the first embodiment: communication source session establishment units 271, 271A, 271B of the fifth embodiment: bypass communication processing units 273, 273A, 273B of the first embodiment The detour communication processing units 275, 275A, 275B of the third embodiment: The detour communication processing units 283, 283A, 283B of the fifth embodiment: NAT type confirmation unit 300 of the third embodiment: connection mediating device 302: connection mediation of the second embodiment Device 304: Connection mediating device 306 of the fourth embodiment: Connection mediating device 310 of the sixth embodiment: Address table storage unit 314: Address table storage unit 316 of the fourth embodiment: Address table storage unit 320 of the sixth embodiment: Address table update Unit 324: Address table update unit 326 of the fourth embodiment: Address table update unit 3 of the sixth embodiment 30: communication source address transmission unit 334: communication source address transmission unit 336 of the fourth embodiment: communication source address transmission unit 342 of the sixth embodiment: bypass communication relay unit 344 of the second embodiment: bypass communication relay unit 346 of the fourth embodiment : Detour communication relay units 400 and 400A to 400D of the sixth embodiment: terminal devices 402 and 402A and 402B: terminal devices 404 and 404A and 404B of the second embodiment: terminal devices 406 and 406A and 406B of the fourth embodiment: sixth embodiment Terminal devices 410, 410A, 410B: connection mediation request units 420, 420A, 420B: communication request reception units 430, 430A, 430B: communication source session establishment units 436, 436A, 436B: communication source session establishment unit 440 of the sixth embodiment , 440A, 440B: communication start request units 442, 442A, 442B: communication start request unit 444 of the second embodiment. 444A, 444B: communication start request units 446, 446A, 446B of the fourth embodiment: communication start request units 450, 450A, 450B of the sixth embodiment: self address notification units 454, 454A, 454B: self address notification unit of the fourth embodiment 456, 456A, 456B: self address notifying unit 460, 460A, 460B of the sixth embodiment: communication destination session establishing unit 462, 462A, 462B: communication destination session establishing unit 466, 466A, 466B of the second embodiment: sixth embodiment Communication destination session establishment units 472, 472 A, 472 B: bypass communication processing units 474, 474 A, 474 B of the second embodiment: bypass communication processing units 476, 476 A, 476 B of the fourth embodiment: bypass communication processing units 484, 484 A of the sixth embodiment , 484 B: NAT type confirmation unit 500 of the fourth embodiment: NAT type discrimination device D1 ~ AD7: address where ADx, ADy, ADz: global IP address APP1, APP2: application program GIP: Global IP address L1 ~ L4: arrow N indicates a flow of signals between blocks: Network (Internet)
P1 to P21: Port number PIP: Private IP address R, R1, R2, RA, RB: Routers S1 to S54: Steps T, T1 to T3, T41, T42, T51, T52, T60, T70: Address table of the flow chart

Claims (18)

1. A plurality of terminal devices (201, 203, 205) mutually connectable via a network (N), and a connection mediation device (101, 103, 105) that mediates connection between the plurality of terminal devices Network communication system, and
   Each of the plurality of terminal devices (201, 203, 205) is provided with a terminal ID for mutually identifying each terminal device, and the connection mediating device (101, 103, 105) is the terminal Execute processing for mediating connection between the terminal device (201A, 203A, 205A) as the communication source and the terminal device (201B, 203B, 205B) as the communication destination using the ID,
   Each of the plurality of terminal devices (201, 203, 205)
   A self address notifying unit (250, 253, 255) for notifying the connection mediating device (101, 103, 105) of a location address indicating the location of the self on the network;
   A communication request accepting unit (220A) that receives a communication request (S1) for another terminal apparatus (201B, 203B, 205B) that is the communication destination with the own (201A, 203A, 205A) as the communication source;
   When the communication request receiving unit (220A) receives the communication request (S1), another terminal device (201B, 203B, etc.) of the communication destination with respect to the connection mediation device (101, 103, 105) A connection mediation request unit (210A) for transmitting a connection mediation request (S2) including communication destination specification information for specifying the terminal ID (0020) of 205B);
   In accordance with the connection mediation request (S2), a communication destination address indicating the location of another terminal device (201B, 203B, 205B) of the communication destination on the network from the connection mediation device (101, 103, 105) And a communication start request unit (241A, 243A, 245A) that makes a communication start request (S5) by accessing the communication destination address (AD2) via the network (N) when (AD2) is returned. ,
   When a communication start acceptance confirmation (S6) is returned from another terminal device (201B, 203B, 205B) of the communication destination in response to the communication start request (S5), the other terminal device of the communication destination ((5B) Communication source session establishing units (260A, 261A, 265A) that establish communication sessions with 201B, 203B, 205B and start communication (S7);
   When another terminal apparatus (201A, 203A, 205A) of the communication source makes a communication start request (S5) with the self as a communication destination, for the other terminal apparatus (201A, 203A, 205A) of the communication source Communication destination session establishment unit (230B) which transmits a communication start acceptance confirmation (S6), establishes a communication session with another terminal apparatus (201A, 203A, 205A) of the communication source and starts communication (S7) , 235 B),
   When a communication session is established between the communication source session establishment unit (260A, 261A, 265A) and the communication destination session establishment unit (230B, 235B), and normal communication for directly transmitting and receiving information to the other party fails And a detour communication processing unit (271, 273, 275) that executes detour communication to perform indirect information exchange with the other party via the connection mediation device (101, 103, 105) when a failure is predicted. ,
   Have
   The connection mediating device (101, 103, 105)
   An address table storage unit (110, 113, 115) for storing an address table (T, T60, T70) in which the terminal ID and the location address are associated with each of the terminal devices (201, 203, 205); ,
   Address table updating unit (updating the contents of the address table (T, T60, T70) based on the notification from the self address notifying unit (250, 253, 255) of the terminal device (201, 203, 205) 120, 123, 125),
   When the connection mediation request (S2) is transmitted from the connection mediation request unit (210A) of the terminal device (201A, 203A, 205A), referring to the address table (T, T60, T70) A communication destination address replying unit (A) that returns, as a communication destination address, the location address (AD2) associated with the terminal ID (0020) specified by the communication destination identification information included in the connection mediation request (S2); 130, 133, 135),
   When a relay request for bypass communication is made between the bypass communication processing unit (271, 273, 275) of the first terminal device and the bypass communication processing unit (271, 273, 275) of the second terminal device A bypass communication relay unit (141, 143, 145) which takes information passed between the bypass communication processing unit of the first terminal apparatus and the bypass communication processing unit of the second terminal apparatus and relays the bypass communication; When,
   A network communication system characterized by having:
2. In the network communication system according to claim 1,
   After the communication start request unit (241A) makes a communication start request (S5), if the communication start acceptance confirmation (S6) according to this is not returned within the predetermined timeout setting time, the bypass communication processing unit (271A) requests the bypass communication relay unit (141) to relay the bypass communication, and the bypass with the other party's bypass communication processing unit (271B) via the bypass communication relay unit (141) A network communication system for performing communication.
3. In the network communication system according to claim 1,
   When no acknowledgment is obtained for the communication start request (S5) made by the communication start request unit (241A), the bypass communication processing unit (271A) transmits the bypass communication to the bypass communication relay unit (141). A network communication system characterized by making a relay request and executing bypass communication with the other party's bypass communication processing unit (271B) via the bypass communication relay unit (141).
4. In the network communication system according to claim 1,
   Each of the plurality of terminal devices (203) inquires its own NAT type to the NAT type discrimination device (500) via the network (N), and obtains a response from the NAT type discrimination device. (283), and
   When the self address notifying unit (253) notifies the connection mediating apparatus (103) of its own location address, the self address notifying unit (253) additionally notifies the answer obtained by the NAT type confirmation unit (283).
   In addition to the terminal ID and the location address, the address table storage unit (113) in the connection mediation device (103) further has a function of storing an address table (T60) in which the NAT type is associated,
   The address table updating unit (123) in the connection mediating apparatus (103) updates the NAT type in the address table (T60) based on the answer contained in the notification from the self address notifying unit (253). Have the ability to
   When the communication destination address reply part (133) in the connection mediation device (103) receives the transmission of the connection mediation request (S2), it refers to the address table (T60) and the NAT type of the terminal device of the communication destination “For packets sent from the outside to the terminal device of the communication destination, address conversion is performed under the restriction that only packets from the external host that have received packets from the terminal device of the communication destination will be passed Check if the terminal type of the communication destination is not a gateway type NAT, select normal communication as the communication method, and NAT of the terminal of the communication destination When the type is a gateway NAT, it has a function of selecting a bypass communication as the communication method and returning the selected communication method together with the communication destination address,
   When the communication start request unit (243A) returns a communication method together with the communication destination address (AD2) from the connection mediation device (103), the network (if normal communication is selected as the communication method) N) The communication destination address (AD2) is accessed via the N) to make a communication start request (S5), and when detour communication is selected as the communication method, the detour communication processing unit (273A) is sent A network communication system characterized by performing a bypass communication instruction (S5 ').
5. In the network communication system according to claim 4,
   When the self address notifying unit (253) notifies the connection intermediation apparatus (103) of its own location address, it issues a NAT type confirmation instruction (S31) to the NAT type confirmation unit (283),
   When the NAT type confirmation unit (283) receives the NAT type confirmation instruction, the NAT type determination unit (500) inquires for its own NAT type (S32), and the obtained answer (S33) Report to the self address notification unit (253) (S34),
   A network communication system characterized in that the self address notifying unit (253) notifies (S35) the response to the connection mediating apparatus (103) based on the report.
6. In the network communication system according to claim 1,
   When the self address notifying unit (255) notifies the connection intermediation device (105) of its own location address, first, it performs a first notification (S51) using UDP as a communication protocol, and When the notification of the number of times fails, the second notification (S53) using TCP as the communication protocol is subsequently performed.
   In addition to the terminal ID and the location address, the address table storage unit (115) in the connection mediation device (105) further has a function of storing an address table (T70) in which communication protocols are associated,
   When the address table update unit (125) in the connection mediation device (105) performs the update (S54), in the case of performing the update based on the first notification, the UDP is associated as a communication protocol, and If updating is performed based on the notification twice, TCP is associated as a communication protocol,
   The communication destination address reply unit (135) in the connection mediation device (105) refers to the address table (T70) when the connection mediation request (S2) is sent, and the communication source terminal device and communication If the communication protocol of the previous terminal device is confirmed and the communication protocols of both terminal devices are both UDP, normal communication is selected as the communication method, and at least one of the communication protocols is TCP. Selecting a bypass communication as the communication method and returning the selected communication method together with the communication destination address,
   When the communication start request unit (245A) receives a communication method from the connection mediation device (105) together with the communication destination address (AD2), the communication is selected when the normal communication is selected as the communication method. When the communication start request (S5) is issued to the destination address (AD2) by access using the communication protocol UDP, and the detour communication is selected as the communication method, the detour communication processing unit (275A) detours Make a communication instruction (S5 '),
   When normal communication is selected as the communication method, normal communication (S7) using the communication protocol UDP is executed between the communication source session establishment unit (265A) and the communication destination session establishment unit (235B). When detour communication is selected as the communication method, connection mediation is performed using communication protocol TCP between the detour communication processing unit (275A) of the communication source and the detour communication processing unit (275B) of the communication destination. A network communication system characterized by performing bypass communication via a device (105).
7. A plurality of terminal devices (402, 404, 406) mutually connectable via a network (N), and a connection mediation device (302, 304, 306) that mediates connection between the plurality of terminal devices Network communication system, and
   Each of the plurality of terminal devices (402, 404, 406) is provided with a terminal ID for identifying the respective terminal devices from one another, and the connection mediating device (302, 304, 306) is the terminal Execute processing for mediating connection between the terminal apparatus (402B, 404B, 406B) as the communication source and the terminal apparatus (402A, 404A, 406A) as the communication destination using the ID,
   Each of the plurality of terminal devices (402, 404, 406)
   A self address notification unit (450, 454, 456) for notifying the connection mediating device (302, 304, 306) of a location address indicating the location of the self on the network;
   A communication request accepting unit (420B) that accepts a communication request (S11) for another terminal apparatus (402A, 404A, 406A) that is the communication destination with the own (402B, 404B, 406B) as the communication source;
   When the communication request receiving unit (420B) receives the communication request (S11), another terminal device (402A, 404A,) of the communication destination with respect to the connection mediation device (302, 304, 306) A connection mediation request unit (410B) for transmitting a connection mediation request (S12) including communication destination specification information for specifying the terminal ID (0010) of 406A);
   When the communication source address (AD2) indicating the location of another terminal device (402B, 404B, 406B) of the communication source on the network is transmitted from the connection mediation device (302, 304, 306), the network A communication start request unit (442A, 444A, 446A) that makes a communication start request (S15) by accessing the communication source address (AD2) via (N);
   When another terminal apparatus (402B, 404B, 406B) of the communication source returns a communication start acceptance confirmation (S16) in response to the communication start request (S15), the other terminal apparatus of the communication source (S15) A communication destination session establishment unit (460A, 462A, 466A) which establishes a communication session with 402B, 404B, 406B and starts communication (S17);
   If another terminal apparatus (402A, 404A, 406A) at the communication destination makes a communication start request (S15) with the own (402B, 404B, 406B) as the communication source, the other terminal apparatus (402A) at the communication destination , 404A, 406A) and transmits a communication session with another terminal device (402A, 404A, 406A) to start communication (S17). Communication source session establishing unit (430B, 436B),
   When a communication session is established between the communication source session establishment unit (430B, 436B) and the communication destination session establishment unit (460A, 462A, 466A) and normal communication fails to transmit and receive information directly to the other party And a detour communication processing unit (472, 474, 476) that executes detour communication for indirectly transmitting and receiving information to the other party via the connection mediation device (302, 304, 306) when a failure is predicted. ,
   Have
   The connection mediating device (302, 304, 306)
   An address table storage unit (310, 314, 316) for storing an address table (T, T60, T70) in which the terminal ID and the location address are associated with each of the terminal devices (402, 404, 406); ,
   Address table updating unit (updating the contents of the address table (T, T60, T70) based on the notification from the self address notifying unit (450, 454, 456) of the terminal device (402, 404, 406) 320, 324, 326),
   When the connection mediation request (S12) is transmitted from the connection mediation request unit (410B) of the terminal device (402B, 404B, 406B), the address table (T, T60, T70) is referred to. Transmitting the connection mediation request (S12) to the location address (AD1) associated with the terminal ID (0010) specified by the communication destination specification information included in the connection mediation request (S12) A communication source address transmission unit (330, 334, 336) for transmitting, as a communication source address, the location address (AD2) associated with the terminal ID (0020) of the terminal device (402B, 404B, 406B) of the communication source ,
   When there is a relay request for bypass communication between the bypass communication processing unit (472, 474, 476) of the first terminal device and the bypass communication processing unit (472, 474, 476) of the second terminal device A detour communication relaying unit (342, 344, 346) which takes information passed between the detour communication processing unit of the first terminal device and the detour communication processing unit of the second terminal device and relays detour communication; When,
   A network communication system characterized by having:
8. In the network communication system according to claim 7,
   After the communication start request unit (442A) makes a communication start request (S15), if the communication start acceptance confirmation (S16) according to this is not returned within the predetermined timeout setting time, the bypass communication processing unit (472A) requests the bypass communication relay unit (342) to relay the bypass communication, and the bypass with the other party's bypass communication processing unit (472B) via the bypass communication relay unit (342) A network communication system for performing communication.
9. In the network communication system according to claim 7,
   When no acknowledgment is obtained for the communication start request (S15) made by the communication start request unit (442A), the bypass communication processing unit (472A) transmits the bypass communication to the bypass communication relay unit (342). A network communication system characterized by making a relay request and performing bypass communication with the other party's bypass communication processing unit (472B) via the bypass communication relay unit (342).
10. In the network communication system according to claim 7,
    A NAT type confirmation unit that each of a plurality of terminal devices (404) inquires its own NAT type to the NAT type discrimination device (500) via the network (N), and obtains a response from the NAT type discrimination device (484), and
    When the self address notifying unit (454) notifies the connection intermediation apparatus (304) of its own location address, the self address notifying unit (454) additionally notifies the answer obtained by the NAT type confirmation unit (484).
    In addition to the terminal ID and the location address, the address table storage unit (314) in the connection mediation device (304) further has a function of storing an address table (T60) in which the NAT type is associated,
    The address table updating unit (324) in the connection mediating apparatus (304) updates the NAT type in the address table (T60) based on the answer contained in the notification from the self address notifying unit (454). Have the ability to
    When the communication source address transmission unit (334) in the connection mediation device (304) receives the transmission of the connection mediation request (S12), the NAT type of the terminal device of the communication source with reference to the address table (T60) “For packets sent to the terminal device of the communication source from the outside, address conversion is performed under the restriction that only packets from the external host that have received packets from the terminal device of the communication source are passed Check if the terminal type of the communication source is not a gateway type NAT, select normal communication as the communication method, and NAT of the terminal of the communication source When the type is a gateway NAT, it has a function of selecting a bypass communication as the communication method and returning the selected communication method together with the communication destination address,
    When the communication start request unit (444A) receives a communication method from the connection mediation device (304) together with the communication source address (AD2), the network (if normal communication is selected as the communication method) N) The communication source address (AD2) is accessed via the N) to make a communication start request (S15), and when detour communication is selected as the communication method, the detour communication processing unit (474A) is sent A network communication system characterized by performing a bypass communication instruction (S15 ').
11. In the network communication system according to claim 10,
    When the self address notifying unit (454) notifies the connection intermediation device (304) of its own location address, it issues a NAT type confirmation instruction (S31) to the NAT type confirmation unit (484),
    When the NAT type confirmation unit (484) receives the NAT type confirmation instruction, the NAT type determination unit (500) inquires the NAT type of its own (S32), and the obtained answer (S33) Report (S34) to the self address notification unit (454);
    A network communication system characterized in that the self address notifying unit (454) notifies (S35) the response to the connection mediating device (304) based on the report.
12. In the network communication system according to claim 7,
    When the self address notifying unit (456) notifies the connection intermediation device (306) of its own location address, first, it performs first notification (S51) using UDP as a communication protocol, and When the notification of the number of times fails, the second notification (S53) using TCP as the communication protocol is subsequently performed.
    In addition to the terminal ID and the location address, the address table storage unit (316) in the connection mediation device (306) further has a function of storing an address table (T70) in which communication protocols are associated,
    When the address table update unit (326) in the connection mediation device (306) performs update (S54), in the case of performing update based on the first notification, UDP is associated as a communication protocol, and If updating is performed based on the notification twice, TCP is associated as a communication protocol,
    The communication source address transmitter (336) in the connection mediation device (306) refers to the address table (T70) when the connection mediation request (S12) is sent, and the terminal device and communication of the communication source If the communication protocol of the previous terminal device is confirmed and the communication protocols of both terminal devices are both UDP, normal communication is selected as the communication method, and at least one of the communication protocols is TCP. Selecting a bypass communication as the communication method and returning the selected communication method together with the communication destination address,
    When the communication start request unit (446A) receives a communication method from the connection mediation device (306) together with the communication source address (AD2), the communication is selected when the normal communication is selected as the communication method. When the communication start request (S15) is issued to the original address (AD2) by access using the communication protocol UDP, and the detour communication is selected as the communication method, the detour communication processing unit (476A) detours Make a communication instruction (S5 '),
    When normal communication is selected as the communication method, normal communication (S17) using the communication protocol UDP is executed between the communication destination session establishing unit (466A) and the communication source session establishing unit (436B). When detour communication is selected as the communication method, connection mediation is performed using the communication protocol TCP between the detour communication processing unit (476A) of the communication destination and the detour communication processing unit (476B) of the communication source. A network communication system, characterized by performing bypass communication via the device (306).
13. The network communication system according to any one of claims 4, 5, 10 and 11.
    When the NAT type confirmation unit (283, 484) of the terminal device (203, 404) makes an inquiry about the NAT type via the network (N), the terminal device of the inquiry source using the communication related to the inquiry A network communication system characterized by further comprising a NAT type discrimination device (500) for discriminating the NAT type of S.sub.1 and returning the discriminated NAT type to the NAT type confirmation unit of the inquiry source terminal device.
14. In the network communication system according to claim 13,
    A network communication system characterized by using a STUN server as a NAT type discrimination device (500).
15. One terminal device (201, 203, 205, 402, 404, 406) constituting a plurality of terminal devices in the network communication system according to any one of claims 1 to 12.
16. The program which functions a computer as one terminal device (201, 203, 205, 402, 404, 406) of Claim 15.
17. Connection mediator (101, 103, 105, 302, 304, 306) in a network communication system according to any of the preceding claims.
18. A program that causes a computer to function as the connection mediating device (101, 103, 105, 302, 304, 306) according to claim 17.

Images