WO2022153621A1 - セキュリティ機器、方法、及び非一時的なコンピュータ可読媒体 - Google Patents
セキュリティ機器、方法、及び非一時的なコンピュータ可読媒体 Download PDFInfo
- Publication number
- WO2022153621A1 WO2022153621A1 PCT/JP2021/036609 JP2021036609W WO2022153621A1 WO 2022153621 A1 WO2022153621 A1 WO 2022153621A1 JP 2021036609 W JP2021036609 W JP 2021036609W WO 2022153621 A1 WO2022153621 A1 WO 2022153621A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- address
- information unit
- address information
- security device
- session establishment
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 15
- 230000005540 biological transmission Effects 0.000 claims description 52
- 238000006243 chemical reaction Methods 0.000 claims description 41
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 230000015572 biosynthetic process Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 241000711573 Coronaviridae Species 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/12—Arrangements for remote connection or disconnection of substations or of equipment thereof
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2517—Translation of Internet protocol [IP] addresses using port numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2582—NAT traversal through control of the NAT server, e.g. using universal plug and play [UPnP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/2514—Translation of Internet protocol [IP] addresses between local and global IP addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
Definitions
- This disclosure relates to security devices, methods, and control programs.
- a security device called a session border controller, such as a firewall or an IPS (Intrusion Prevention System), in which security is operating is introduced. That is, in general, a network environment in which a key telephone system, a security device, and a router are connected is constructed in a LAN (Local Area Network).
- LAN Local Area Network
- the purpose of the present disclosure is to provide security devices, methods, and control programs that can facilitate the construction of a network environment.
- the security device is used by being connected to a router arranged at the boundary between a WAN (Wide Area Network) and a LAN (Local Area Network) and a main device of a key telephone system in the LAN. It ’s a security device, An acquisition unit that acquires the first IP (Internet Protocol) address of the main device on the security device side and the second IP address of the security device on the main device side. An address correspondence forming unit that forms an address correspondence for session establishment.
- the session establishment address correspondence relationship includes the first type outer address information unit of the main device including the first IP address and the first session establishment port number, the third IP address of the security device on the router side, and the said.
- the first-class outside address information unit of the security device including the second session establishment port number for the connection target telephone on the WAN side, and the terminal number of the connection target telephone and the session establishment address information unit.
- a first setting control unit that sets a first-class outer address information unit of the main device and a first-class inner address information unit of the security device including the second IP address in the main device. To be equipped.
- the method according to the second aspect is a security used by connecting a router arranged at the boundary between a WAN (Wide Area Network) and a LAN (Local Area Network) and a main unit of a key telephone system in the LAN.
- the method performed by the device, Acquiring the first IP (Internet Protocol) address of the main device on the security device side and the second IP address of the security device on the main device side, and Forming an address correspondence for session establishment, Including
- the session establishment address correspondence relationship includes the first type outer address information unit of the main device including the first IP address and the first session establishment port number, the third IP address of the security device on the router side, and the said.
- the first-class outside address information unit of the security device including the second session establishment port number for the connection target telephone on the WAN side, and the terminal number of the connection target telephone and the session establishment address information unit.
- the control program according to the third aspect is used by being connected to a router arranged at the boundary between a WAN (Wide Area Network) and a LAN (Local Area Network) and a main device of a key telephone system in the LAN.
- a router arranged at the boundary between a WAN (Wide Area Network) and a LAN (Local Area Network) and a main device of a key telephone system in the LAN.
- For security equipment Acquiring the first IP (Internet Protocol) address of the main device on the security device side and the second IP address of the security device on the main device side, and Forming an address correspondence for session establishment, Including
- the session establishment address correspondence relationship includes the first type outer address information unit of the main device including the first IP address and the first session establishment port number, the third IP address of the security device on the router side, and the said.
- the first-class outside address information unit of the security device including the second session establishment port number for the connection target telephone on the WAN side, and the terminal number of the connection target telephone and the session establishment address information unit.
- This disclosure makes it possible to provide security devices, methods, and control programs that can facilitate the construction of a network environment.
- FIG. 1 is a diagram showing an example of the system according to the first embodiment.
- the system 1 includes a telephone 10, a main device 20, a security device 30, a router 40, and a telephone 50.
- the telephone 10 is housed in the main device 20, and the telephone 10 and the main device 20 form, for example, a key telephone system installed in an office.
- the main device 20 is connected to the security device 30.
- the security device 30 is connected to the router 40.
- the router 40 is connected to the Internet (that is, WAN (Wide Area Network)).
- WAN Wide Area Network
- the telephone 10, the main device 20, the security device 30, and the router 40 form a LAN (Local Area Network), and the router 40 is arranged at the boundary between the WAN and the LAN.
- the telephone 50 is connected to the router 40 at least via the Internet.
- the above LAN It is necessary to introduce the security device 30 and the router 40 in the above. Further, it is necessary to make many settings for the main device 20, the security device 30, and the router 40. This setting is difficult for those who are unfamiliar with building a network environment.
- the security device 30 executes the process of realizing the above settings.
- the "session establishment procedure” is executed between the main unit 20 and the telephone 50.
- a session establishment protocol SIP: Session Initiation Protocol
- voice packets are transmitted and received between the main device 20 (telephone 10) and the telephone 50.
- RTP Real-time Transport Protocol
- the voice packet may be referred to as an "RPP packet”.
- the number of each device included in the system 1 is not limited to one, and may be two or more.
- the number of telephones 10 and 50 included in the system 1 is not limited to one, and may be two or more.
- the WAN side of the device of interest included in the LAN may be referred to as “outside”, and the side opposite to “outside” may be referred to as “inside”. That is, focusing on the security device 30, the main device 20 side is “inside” and the router 40 side is “outside”.
- FIG. 2 is a block diagram showing an example of the security device according to the first embodiment.
- the security device 30 has an acquisition unit 31, an address correspondence forming unit 32, and a setting control unit (first setting control unit) 33.
- the acquisition unit 31 acquires the IP address of the main device 20 (hereinafter, may be referred to as a “first IP address”, and the first IP address may be referred to as “IP: R” or “R”). do.
- the acquisition unit 31 may acquire the IP address of the main device 20 from the main device 20 by using a dedicated API (Application Programming Interface). Further, the acquisition unit 31 transmits an "address request" to the main device 20 and assigns an IP address (hereinafter, not shown) to the security device 30 by the DHCP (Dynamic Host Configuration Protocol) function (not shown) of the main device 20. It may be referred to as a "second IP address", and the "second IP address” may be expressed as "IP: Q" or "Q").
- DHCP Dynamic Host Configuration Protocol
- the address correspondence forming unit 32 is the first type outside of the main device 20 including the first IP address (R) and the “first session establishment port number (r1)” based on the information acquired by the acquisition unit 31.
- (P1) ” is associated with the first-class outside address information unit (P: p1) of the security device 60.
- the address correspondence forming unit 32 associates the session establishment address information unit (G: g1) of the connection target telephone (that is, the telephone 50) on the WAN side with the "terminal number" (described later) of the telephone 50. ..
- the "address information unit” represents a set of an IP address and a port number.
- the "outer address information unit” represents the “address information unit” on the WAN side of the device of interest.
- the "first-class outer address information unit” represents an "outer address information unit” including a port number for establishing a session.
- the setting control unit (first setting control unit) 33 sets the address information unit used for the session establishment protocol in the main device 20.
- the setting control unit (first setting control unit) 33 mainly includes, for example, the first-class outer address information unit (R: r1) of the main device 20 and the first-class inner address information unit (Q: q1) of the security device 30. Set in device 20.
- the setting control unit (first setting control unit) 33 may set the above address information unit in the main device 20 by using a dedicated API (Application Programming Interface).
- the first-class outer address information unit (R: r1) of the main device 20 and the first-class inner address information unit (Q: q1) of the security device 30 are the other telephone 10 and the other telephone. Even if it is 50, the same address information unit shall be used.
- the network environment between the main device 20 and the security device 30 for establishing a session can be set.
- the second embodiment mainly relates to the setting of the network environment between the security device and the router for establishing a session. Since the basic configuration of the system in the second embodiment is the same as that of the system 1 in the first embodiment, it will be described with reference to FIG. That is, the system 1 of the second embodiment may replace the security device 30 with the security device 60 described later in the system 1 of the first embodiment.
- FIG. 3 is a block diagram showing an example of the security device according to the second embodiment.
- the security device 60 includes an acquisition unit 61, an address correspondence forming unit 62, a setting control unit (first setting control unit) 63, and a setting control unit (second setting control unit) 64. ..
- the acquisition unit 61 acquires the first IP address (R) of the main device 20 and the second IP address (Q) of the security device, similarly to the acquisition unit 31 of the first embodiment.
- the acquisition unit 61 further refers to the IP address of the router 40 on the security device 60 side (hereinafter, may be referred to as a "fourth IP address", and the "fourth IP address” is referred to as "IP: L" or "L". (May be represented) is obtained from the router 40.
- the acquisition unit 61 may acquire the fourth IP address assigned from the router 40 to the router 40 by UPnP (Universal Plug and Play).
- UPnP Universal Plug and Play
- the acquisition unit 61 uses the IP address assigned to the security device 60 by the DHCP function (not shown) of the router 40 (that is, the above-mentioned "third IP address”.
- the "third IP address” is referred to as “third IP address”.
- IP: P ”or may be expressed as“ P ”).
- the "third IP address” is the IP address of the security device 60 on the router 40 side.
- the acquisition unit 61 further refers to the global IP address of the router 40 (hereinafter, may be referred to as a “first global IP address”, and the first global IP address is represented by “IP: N” or “N”. There is.) To get.
- the acquisition unit 61 may acquire the first global IP address (N) of the router 40 from the router 40 by UPnP (Universal Plug and Play).
- UPnP Universal Plug and Play
- the address correspondence forming unit 62 forms a "session establishment address correspondence relationship" based on the information acquired by the acquisition unit 61.
- the session establishment address correspondence relationship is the first-class outer address information unit (R: r1) of the main device 20 and the first-class outer address information unit (P: p1) of the security device 60. Is associated with.
- the session establishment address information unit (G: g1) of the connection target telephone (that is, the telephone 50) on the WAN side is associated with the "terminal number" of the telephone 50.
- the session establishment address correspondence relationship associates the first-class outside address information unit (P: p1) of the security device 60 with the first-class outside address information unit (N: p1) of the router 40.
- the first-class outside address information unit (P: p1) of the security device 60 has a third IP address (P) of the security device 60 and a second session establishment port number (p1) for the connection target telephone (that is, the telephone 50). ) And. Further, the first-class outside address information unit (N: p1) of the router 40 includes a first global IP address (N) and a second session establishment port number (p1).
- the second session establishment port number (p1) is a session establishment port number predetermined for the telephone 50 and is set in the telephone 50.
- the setting control unit (first setting control unit) 63 is the first type outer address information unit (R: r1) of the main device 20 and the first type of the security device 60, similarly to the setting control unit 33 of the first embodiment.
- the inner address information unit (Q: q1) is set in the main device 20.
- the setting control unit (second setting control unit) 64 is a type 1 outside address information unit (P: p1) of the security device 60 and a type 1 outside address information unit (N:) of the router 40 in the session establishment address correspondence relationship.
- the control for setting the correspondence of p1) in the router 40 is executed.
- the correspondence relationship that is, "correspondence relationship information" between the first-class outside address information unit (P: p1) of the security device 60 and the first-class outside address information unit (N: p1) of the router 40 is changed. It is transmitted from the security device 60 to the router 40 and held in the router 40.
- the setting control unit (second setting control unit) 64 may set the above correspondence in the router 40 by UPnP (Universal Plug and Play).
- the network environment between the security device 60 and the router 40 for establishing a session can be set.
- the setting control unit (first setting control unit) 63 and the setting control unit (second setting control unit) 64 have been described as separate functional units, but the description is not limited thereto. Instead, the setting control unit (first setting control unit) 63 and the setting control unit (second setting control unit) 64 may be one functional unit.
- the acquisition unit 61 of the security device 60 receives the fourth IP address (L) of the router 40 and the third IP address (P) of the security device 60 from the router 40. ) And get. Further, the acquisition unit 61 acquires the first global IP address (N) of the router 40.
- the acquisition unit 61 acquires the second IP address (Q) of the security device 60 from the main device 20. Further, the acquisition unit 61 acquires the first IP address (R) of the main device 20.
- the address correspondence forming unit 62 forms a "session establishment address correspondence relationship" based on the information acquired by the acquisition unit 61.
- the setting control unit 63 sets the first-class outer address information unit (R: r1) of the main device 20 and the first-class inner address information unit (Q: q1) of the security device 30 in the main device 20.
- the setting control unit 64 determines the correspondence between the first-class outside address information unit (P: p1) of the security device 60 and the first-class outside address information unit (N: p1) of the router 40 in the session establishment address correspondence relationship. The control set to 40 is executed.
- the telephone 50 transmits a session establishment message to the first-class outside address information unit (N: p1) of the router 40 in which the session establishment message is set in advance.
- the session establishment message includes the session establishment address information unit (G: g1) of the telephone 50 as the “source address” and the first-class outside address information unit (N: p1) of the router 40 as the “destination address”.
- the "terminal number" of the telephone 50 is included in the data unit of the session establishment message.
- the session establishment message may be, for example, SIP REGISTER.
- the router 40 receives the session establishment message output from the telephone 50, and changes the "destination address" to the first-class outside address information unit (P: p1) of the security device 60 based on the set correspondence. A message is sent to the security device 60.
- the security device 60 receives the session establishment message received from the router 40, sets the "source address” to the first-class inside address information unit (Q: q1) of the security device 30, and sets the "destination address” to the first device 20 of the main device 20.
- a session establishment message changed to the type 1 outside address information unit (R: r1) is transmitted to the main device 20.
- the address correspondence forming unit 62 associates the session establishment address information unit (G: g1) of the telephone 50 with the "terminal number" of the telephone 50, which is included in the session establishment message.
- the main device 20 receives the session establishment message received from the security device and holds the "terminal number" of the telephone 50.
- the third embodiment relates to the transmission of the session establishment message (SIP packet) and the transmission of the real-time data signal (RTP packet), which are performed after the setting process described in the second embodiment is completed. Since the basic configuration of the system in the third embodiment is the same as that of the system 1 in the first embodiment, it will be described with reference to FIG. That is, the system 1 of the third embodiment may replace the security device 30 with the security device 70 described later in the system 1 of the first embodiment.
- FIG. 4 is a block diagram showing an example of the security device according to the third embodiment.
- the security device 70 includes an acquisition unit 61, an address correspondence forming unit 62, a setting control unit (first setting control unit) 63, a setting control unit (second setting control unit) 64, and a message conversion unit 71. And a data signal conversion unit 72.
- the message conversion unit 71 receives a session establishment message (hereinafter, may be referred to as a “first session establishment message”) from the main unit 20, converts the first session establishment message, and converts the first session establishment message to the telephone 50 as a destination. Form a later first session establishment message.
- the converted first session establishment message is output to the router 40.
- the first session establishment message includes the first-class outer address information unit (R: r1) of the main device 20 as the "source address”, and the first-class inner address information unit (Q) of the security device 70 as the "destination address”. : Q1) is included, and the data unit of the first session establishment message includes the "type 2 outside address information unit (R: r2)" of the main device 20 and the "terminal number (IDT)" of the telephone 50.
- the second-class outer address information unit (R: r2) may be referred to as a first IP address (R) of the main device 20 and a real-time data transmission port (hereinafter, "first real-time data transmission port”. Further, the "first real-time data transmission port” is represented as "r2") and.
- the “Type 2 outside address information unit (R: r2)” of the main device 20 included in the data unit of the first session establishment message is used for NAT traversal.
- the converted first session establishment message includes the first-class outside address information unit (P: p1) of the security device 70 as the "source address”, and the "terminal number (IDT)" of the telephone 50 as the "destination address”.
- the address information unit (G: g1) for establishing a session of the telephone 50 corresponding to the above is included, and the data part of the converted first session establishment message includes the "type 2 outside address information unit (N: p2)" of the router 40. "including.
- the "type 2 outside address information unit (N: p2)" of the router 40 is a real-time data transmission port for the first global IP address (N) and the telephone 50 (hereinafter, "second real-time data transmission port”).
- the "second real-time data transmission port” may be referred to as "p2").
- the "type 2 outer address information unit” represents an “outer address information unit” including a port for real-time data transmission.
- the message conversion unit 71 assigns the second real-time data transmission port (p2) as the real-time data transmission port for the telephone 50.
- the message conversion unit 71 assigns the second type outer address information unit (P: p2) of the security device 70 and the “second type outer address information unit (N: p2)” of the router 40.
- the setting control unit (second setting control unit) 64 of the third embodiment is the second type outer address information unit (N: p2) and security included in the data unit of the converted first session establishment message.
- the router 40 is set to have a correspondence relationship with the second-class outside address information unit (P: p2) of the device 70.
- the address correspondence forming unit 62 of the third embodiment forms the "address correspondence relation for real-time data transmission".
- the "address correspondence relationship for real-time data transmission” corresponds to the "type 2 outside address information unit (R: r2)" of the main device 20 and the type 2 outside address information unit (P: p2) of the security device 70. It is attached.
- the message conversion unit 71 receives a session establishment message (hereinafter, may be referred to as a “second session establishment message”) from the router 40, converts the second session establishment message, and directs the main unit 20 to the destination.
- the converted second session establishment message is formed.
- the second session establishment message after this conversion is output to the main device 20.
- the second session establishment message includes the session establishment address information unit (G: g1) of the telephone 50 as the "source address”, and the first-class outside address information unit (P: p1) of the security device 70 as the "destination address”. ), And the data unit includes the address information unit (G: g2) for real-time data transmission of the telephone 50.
- the address information unit (G: g2) for real-time data transmission of the telephone 50 included in the data unit of the second session establishment message is used for NAT traversal.
- the converted second session establishment message includes the first-class inner address information unit (Q: q1) of the security device 70 as the "source address”, and the first-class outer address information of the main device 20 as the "destination address”.
- a unit (R: r1) is included, and a second-class inner address information unit (Q: q2) of the security device 70 is included in the data unit.
- the second-class inner address information unit (Q: q2) of the security device 70 has a second IP address (Q) of the security device 70 and a real-time data transmission port for the telephone 50 (hereinafter, "third real-time data transmission". It may be referred to as a "credit port”, and the "third real-time data transmission port” may be referred to as "q2").
- the message conversion unit 71 assigns the third real-time data transmission port (q2) as the real-time data transmission port for the telephone 50. In other words, the message conversion unit 71 allocates the second type inner address information unit (Q: q2) of the security device 70.
- the second-class inner address information unit (Q: q2) of the security device 70 included in the data part of the second session establishment message after conversion serves as a "destination address" when the main device 20 transmits a real-time data signal. Used.
- the address correspondence forming unit 62 of the third embodiment adds the second real-time data transmission address information unit (G: g2) of the telephone 50 and the second security device 70 to the above-mentioned "address correspondence relationship for real-time data transmission". Add the seed inside address information unit (Q: q2). By using this "address correspondence relationship for real-time data transmission", real-time data signal conversion by the real-time data signal conversion unit 72, which will be described later, becomes possible.
- the data signal conversion unit 72 receives a real-time data signal (hereinafter, may be referred to as a “first real-time data signal”) from the main device 20, converts the first real-time data signal, and directs the telephone 50 to the destination.
- the converted first real-time data signal is formed. For this conversion, the above-mentioned "address correspondence relationship for real-time data transmission" is used.
- the converted first real-time data signal is output to the router 40.
- the first real-time data signal and the second real-time data signal described later are real-time data signals exchanged between the telephone 10 and the telephone 50.
- the data signal conversion unit 72 may perform encryption processing on the converted first real-time data signal.
- the first real-time data signal includes the second-class outer address information unit (R: r2) of the main device 20 as the "source address” and the second-class inner address information unit (Q) of the security device 70 as the "destination address”. : Includes q2).
- the converted first real-time data signal includes the second-class outside address information unit (P: p2) of the security device 70 as the "source address” and the real-time data transmission address information unit of the telephone 50 as the "destination address”. (G: g2) is included.
- the data signal conversion unit 72 receives a real-time data signal (hereinafter, may be referred to as a “second real-time data signal”) from the router 40, converts the second real-time data signal, and directs the main device 20 to the destination.
- a second real-time data signal after conversion is formed.
- the above-mentioned "address correspondence relationship for real-time data transmission" is used.
- the second real-time data signal after this conversion is output to the main device 20.
- the data signal conversion unit 72 may perform a process of decoding the second real-time data signal.
- the security device 70 since the security device 70 converts the real-time data signal, the security device 70 can be equipped with an encryption / decryption function, and eavesdropping can be prevented.
- the second real-time data signal includes the real-time data transmission address information unit (G: g2) of the telephone 50 as the “source address” and the second-class outside address information unit (P:) of the security device 70 as the “destination address”. Includes p2).
- the converted second real-time data signal includes the second-class inner address information unit (Q: q2) of the security device 70 as the "source address” and the "second-class outer address" of the main device 20 as the "destination address”.
- Information unit (R: r2) "is included.
- the setting control unit (second setting control unit) 64 ends the session for transmitting the real-time data signal between the telephone 10 and the telephone 50 (that is, the call ends).
- the control for deleting the correspondence set in the router 40 is executed.
- the correspondence relationship to be deleted is the correspondence relationship between the second type outer address information unit (P: p2) of the security device 70 and the second type outer address information unit (N: p2) of the router 40.
- the address correspondence forming unit 62 described above "real time”. Data transmission address correspondence "may be deleted.
- FIG. 5 is a diagram provided for explaining the processing operation of the system according to the third embodiment.
- the main device 20 transmits the first session establishment message to the security device 70 (step S101).
- the first session establishment message includes the first-class outer address information unit (R: r1) of the main device 20 as the "source address”, and the first-class inner address information unit (Q) of the security device 70 as the "destination address”. : Q1) is included, and the data unit of the first session establishment message includes the "type 2 outside address information unit (R: r2)" of the main device 20 and the "terminal number (IDT)" of the telephone 50.
- the message conversion unit 71 converts the first session establishment message to form the converted first session establishment message.
- the converted first session establishment message includes the first-class outside address information unit (P: p1) of the security device 70 as the "source address”, and the "terminal number (IDT)" of the telephone 50 as the "destination address”.
- the address information unit (G: g1) for establishing a session of the telephone 50 corresponding to the above is included, and the data part of the converted first session establishment message includes the "type 2 outside address information unit (N: p2)" of the router 40. "including.
- the setting control unit (second setting control unit) 64 is a type 2 outside address information unit (N: p2) included in the data unit of the converted first session establishment message and a type 2 outside address of the security device 70.
- the correspondence relationship with the information unit (P: p2) is set in the router 40.
- the address correspondence forming unit 62 forms an "address correspondence relationship for real-time data transmission".
- the "address correspondence relationship for real-time data transmission" corresponds to the "type 2 outside address information unit (R: r2)" of the main device 20 and the type 2 outside address information unit (P: p2) of the security device 70. It is attached.
- the security device 70 outputs the converted first session establishment message to the router 40 (step S102).
- the router 40 receives the first session establishment message output from the security device 70, and sets the "source address" of the first session establishment message from the first-class outside address information unit (P: p1) of the security device 70. Change to 40 first-class outside address information units (N: p1). At this time, the first-class outside address information unit (P: p1) of the security device 70 and the first-class outside address information unit (N: p1) of the router 40 set by the setting control unit (second setting control unit) 64. ) Is used.
- the router 40 transmits the first session establishment message in which the "source address" is changed to the telephone 50 (step S103).
- the telephone 50 transmits a second session establishment message to the router 40 (step S104).
- This second session establishment message includes the session establishment address information unit (G: g1) of the telephone 50 as the "source address”, and the first-class outside address information unit (N: p1) of the router 40 as the "destination address”. ),
- the data unit includes the address information unit (G: g2) for real-time data transmission of the telephone 50.
- the router 40 receives the second session establishment message transmitted from the telephone 50, and sets the "destination address" of the second session establishment message from the first-class outside address information unit (N: p1) of the router 40 to the security device 70. Change to the first type outer address information unit (P: p1). At this time, the correspondence between the first-class outside address information unit (P: p1) of the security device 70 and the first-class outside address information unit (N: p1) of the router 40 is used.
- the router 40 outputs the second session establishment message in which the "destination address" is changed to the security device 70 (step S105).
- the message conversion unit 71 receives the second session establishment message from the router 40. At this time, the message conversion unit 71 allocates the third real-time data transmission port (q2) as the real-time data transmission port for the telephone 50. Then, the message conversion unit 71 converts the second session establishment message received from the router 40 to form the converted second session establishment message.
- the converted second session establishment message includes the first-class inner address information unit (Q: q1) of the security device 70 as the "source address", and the first-class outer address information of the main device 20 as the "destination address".
- a unit (R: r1) is included, and a second-class inner address information unit (Q: q2) of the security device 70 is included in the data unit.
- the address correspondence forming unit 62 adds the real-time data transmission address information unit (G: g2) of the telephone 50 and the second-class inner address information unit (Q:) of the security device 70 to the above-mentioned "address correspondence relationship for real-time data transmission". q2) and are added.
- the security device 70 outputs the converted second session establishment message to the main device 20 (step S106).
- the main unit 20 is included in the second type outer address information unit (R: r2) of the main unit 20 included in the data unit of the first session establishment message and in the data unit of the second session establishment message after conversion. It is possible to associate with the second type inner address information unit (Q: q2) of the security device 70. Then, if the second-class outside address information unit (R: r2) of the main device 20 is associated with the address of the telephone 10, a session between the telephone 10 and the telephone 50 is established.
- the main device 20 outputs the first real-time data signal to the security device 70 (step S107).
- This first real-time data signal is received by the main device 20 from the telephone 10.
- the first real-time data signal includes the second-class outer address information unit (R: r2) of the main device 20 as the "source address” and the second-class inner address information unit (Q) of the security device 70 as the "destination address”. : Q2) is included.
- the data signal conversion unit 72 converts the first real-time data signal to form the converted first real-time data signal.
- the converted first real-time data signal includes the second-class outside address information unit (P: p2) of the security device 70 as the "source address” and the real-time data transmission address information unit of the telephone 50 as the "destination address”. (G: g2) is included.
- P: p2 second-class outside address information unit
- G: g2 real-time data transmission address information unit of the telephone 50
- the security device 70 outputs the converted first real-time data signal to the router 40 (step S108).
- the router 40 receives the first real-time data signal output from the security device 70, and sets the "source address" of the first real-time data signal from the second-class outside address information unit (P: p2) of the security device 70. Change to type 2 outside address information unit (N: p2). At this time, the type 2 outside address information unit (N: p2) set by the setting control unit (second setting control unit) 64 and the type 2 outside address information unit (P: p2) of the security device 70 Correspondence is used.
- the router 40 transmits the first real-time data signal in which the "source address" is changed to the telephone 50 (step S109).
- the telephone 50 transmits a second real-time data signal to the router 40 (step S110).
- This second real-time data signal includes the real-time data transmission address information unit (G: g2) of the telephone 50 as the “source address” and the second type outer address information unit (N:) of the router 40 as the “destination address”. Includes p2).
- the router 40 receives the second real-time data signal transmitted from the telephone 50, and sets the "destination address" of the second real-time data signal from the second-class outside address information unit (N: p2) of the router 40 to the security device 70. Change to the second type outer address information unit (P: p2). At this time, the type 2 outside address information unit (N: p2) set by the setting control unit (second setting control unit) 64 and the type 2 outside address information unit (P: p2) of the security device 70 Correspondence is used.
- the router 40 outputs the second real-time data signal in which the "destination address" is changed to the security device 70 (step S111).
- the data signal conversion unit 72 converts the second real-time data signal to form the converted second real-time data signal.
- the second real-time data signal after this conversion includes the second-class inner address information unit (Q: q2) of the security device 70 as the "source address” and the "second-class outer” of the main device 20 as the "destination address”.
- Address information unit (R: r2) "is included.
- the above-mentioned "address correspondence relationship for real-time data transmission" is used.
- the security device 70 outputs the converted second real-time data signal to the main device 20 (step S112).
- the main device 20 outputs the received second real-time data signal to the telephone 10.
- the setting control unit (second setting control unit) 64 sends the router 40 when the session for transmitting the real-time data signal between the telephone 10 and the telephone 50 ends (that is, when the call ends). Executes the control to delete the set correspondence.
- the correspondence relationship to be deleted is the correspondence relationship between the second type outer address information unit (P: p2) of the security device 70 and the second type outer address information unit (N: p2) of the router 40.
- the correspondence relationship between the type 2 outside address information unit (N: p2) and the type 2 outside address information unit (P: p2) of the security device 70 is described. It is set to the router 40, but is not limited to this.
- the correspondence between the type 2 outside address information unit (N: p2) and the type 2 outside address information unit (R: r2) of the main unit 20 may be set in the router 40.
- the real-time data signal between the main device 20 (telephone 10) and the telephone 50 can be directly transmitted, so that the load on the security device 70 and the LAN bandwidth can be reduced.
- FIG. 6 is a diagram showing a hardware configuration example of a security device.
- the security device 100 has a processor 101, a memory 102, and an interface 103.
- the processor 101 may be, for example, a microprocessor, an MPU (Micro Processing Unit), or a CPU (Central Processing Unit).
- the processor 101 may include a plurality of processors.
- the memory 102 is composed of a combination of a volatile memory and a non-volatile memory.
- the memory 102 may include storage located away from the processor 101.
- the processor 101 may access the memory 102 via an I / O interface (not shown).
- the security devices 30, 60, and 70 of the first to third embodiments can each have the hardware configuration shown in FIG.
- the acquisition units 31, 61 of the security devices 30, 60, 70 of the first to third embodiments, the address correspondence forming units 32, 62, and the setting control units (first setting control units) 33, 63 are set.
- the control unit (second setting control unit) 64, the message conversion unit 71, and the data signal conversion unit 72 may be realized by the processor 101 reading and executing the program stored in the memory 102.
- the program is stored using various types of non-transitory computer readable medium and can be supplied to the security devices 30, 60, 70.
- non-temporary computer-readable media examples include magnetic recording media (eg, flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (eg, magneto-optical disks).
- examples of non-temporary computer-readable media include CD-ROM (Read Only Memory), CD-R, and CD-R / W.
- examples of non-transitory computer-readable media include semiconductor memory.
- the semiconductor memory includes, for example, a mask ROM, a PROM (Programmable ROM), an EPROM (Erasable PROM), a flash ROM, and a RAM (Random Access Memory).
- the program may also be supplied to security devices 30, 60, 70 by various types of temporary computer readable media. Examples of temporary computer-readable media include electrical, optical, and electromagnetic waves.
- the temporary computer-readable medium can supply the program to the security devices 30, 60, 70 via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.
- a security device used by connecting a router arranged at the boundary between a WAN (Wide Area Network) and a LAN (Local Area Network) and the main device of a key telephone system in the LAN.
- An acquisition unit that acquires the first IP (Internet Protocol) address (R) of the main device on the security device side and the second IP address (Q) of the security device on the main device side.
- An address correspondence forming unit that forms an address correspondence for session establishment.
- the session establishment address correspondence relationship includes the first type outer address information unit (R: r1) of the main device including the first IP address (R) and the first session establishment port number (r1), and the router.
- the first-class outside address information unit (P:) of the security device including the third IP address (P) of the security device on the side and the port number (p1) for establishing a second session for the connection target telephone on the WAN side. p1), and the terminal number (IDT) of the connection target telephone and the session establishment address information unit (G: g1) are associated with each other.
- a first-class outer address information unit (R: r1) of the main device and a first-class inner address information unit (Q: q1) of the security device including the second IP address (Q) are set in the main device. 1st setting control unit and Security equipment equipped with.
- the acquisition unit further acquires the fourth IP address (L) of the router, which is the IP address of the router on the security device side, and the first global IP address (N) of the router.
- L the fourth IP address of the router
- N the first global IP address of the router.
- the session establishment address correspondence relationship includes the first-class outside address information unit (R: r1) of the main device, the first-class outside address information unit (P: p1) of the security device, and the connection target telephone.
- the first-class outside address information unit (P: p1) of the security device In addition to the terminal number (IDT) and the session establishment address information unit (G: g1), the first-class outside address information unit (P: p1) of the security device, the first global IP address (N), and the above.
- the first-class outer address information unit (N: p1) of the router including the second session establishment port number (p1) is associated with the second session establishment port number (p1).
- a first session establishment message transmitted from the main device includes a first-class outside address information unit (R: r1) of the main device as a source address, and a first-class inside of the security device as a destination address.
- a second type that includes an address information unit (Q: q1) and includes a first IP address (R) of the main device and a first real-time data transmission port (r2) in the data unit of the first session establishment message.
- the converted first session establishment message includes the first-class outside address information unit (P: p1) of the security device as the source address, and the session establishment address information unit (G) of the connection target phone as the destination address. : G1) is included, and the first global IP address (N) and the second real-time data transmission port (p2) for the connection target phone are added to the data part of the converted first session establishment message.
- the second setting control unit includes a second type outer address information unit (P: p2) of the security device including the third IP address (P) and the second real-time data transmission port (p2), and the router.
- the correspondence relationship with the second type outer address information unit (N: p2) of the above is set in the router.
- the message conversion unit includes a session establishment address information unit (G: g1) of the connection target telephone as a source address, and includes a first-class outside address information unit (P: p1) of the security device as a destination address.
- the second session establishment message including the real-time data transmission address information unit (G: g2) of the connection target telephone in the data unit is received, and the received second session establishment message is converted into the main device.
- Form a converted second session establishment message destined for The converted second session establishment message includes the first-class inner address information unit (Q: q1) of the security device as the source address, and the first-class outer address information unit (R) of the main device as the destination address.
- the second type inner address information unit of the security device including: r1) and including the second IP address (Q) and the third real-time data transmission port (q2) for the connection target telephone in the data unit. Including (Q: q2), The security device described in Appendix 5.
- (Appendix 7) Receives a real-time data signal including the type 2 outside address information unit (R: r2) of the main device as the source address and the type 2 inside address information unit (Q: q2) of the security device as the destination address.
- a data signal conversion unit that converts the received real-time data signal to form the converted real-time data signal is further provided.
- the converted real-time data signal includes the second-class outer address information unit (P: p2) of the security device as the source address and the real-time data transmission address information unit (G:) of the connection target telephone as the destination address. Including g2), The security device described in Appendix 6.
- the second setting control unit sets the security device in the router when the session for transmitting the real-time data signal between the other telephone housed in the main device and the connection target telephone ends.
- the correspondence between the type 2 outside address information unit (P: p2) of the above and the type 2 outside address information unit (N: p2) of the router is deleted.
- the first session establishment message and the second session establishment message are SIP (Session Initiation Protocol) packets.
- SIP Session Initiation Protocol
- the real-time data signal is an RTP (Real-time Transport Protocol) packet.
- RTP Real-time Transport Protocol
- (Appendix 11) It is a method executed by a security device used by connecting a router arranged at the boundary between a WAN (Wide Area Network) and a LAN (Local Area Network) and the main device of a key telephone system in the LAN. , Acquiring the first IP (Internet Protocol) address (R) of the main device on the security device side and the second IP address (Q) of the security device on the main device side, and Forming an address correspondence for session establishment, Including The session establishment address correspondence relationship includes the first type outer address information unit (R: r1) of the main device including the first IP address (R) and the first session establishment port number (r1), and the router.
- R: r1 the first type outer address information unit
- the first-class outer address information unit (R: r1) of the main device and the first-class inner address information unit (Q: q1) of the security device including the second IP address (Q) are set in the main device. Including more to do, Method.
- (Appendix 12) For security equipment used by connecting a router arranged at the boundary between a WAN (Wide Area Network) and a LAN (Local Area Network) and the main device of a key telephone system in the LAN. Acquiring the first IP (Internet Protocol) address (R) of the main device on the security device side and the second IP address (Q) of the security device on the main device side, and Forming an address correspondence for session establishment, Including The session establishment address correspondence relationship includes the first-class outside address information unit of the main device including the first IP address (R) and the first session establishment port number (r1), and the security device on the router side.
- IP Internet Protocol
- the first-class outside address information unit (P: p1) of the security device including the third IP address (P) of the security device and the port number (p1) for establishing a second session for the connection target telephone on the WAN side, and The terminal number (IDT) of the connection target telephone and the session establishment address information unit (G: g1) are associated with each other.
- a first-class outer address information unit (R: r1) of the main device and a first-class inner address information unit (Q: q1) of the security device including the second IP address (Q) are set in the main device. Including more to do, A control program that executes processing.
- System 10 Telephone 20 Main device 30 Security equipment 31 Acquisition unit 32 Address correspondence formation unit 33 Setting control unit (1st setting control unit) 40 Router 50 Telephone 60 Security equipment 61 Acquisition unit 62 Address correspondence formation unit 63 Setting control unit (1st setting control unit) 64 Setting control unit (second setting control unit) 70 Security equipment 71 Message conversion unit 72 Data signal conversion unit
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス及び前記主装置側の前記セキュリティ機器の第2IPアドレスを取得する取得部と、
セッション確立用アドレス対応関係を形成するアドレス対応形成部であって、
前記セッション確立用アドレス対応関係は、前記第1IPアドレスと第1セッション確立用ポート番号とを含む前記主装置の第1種外側アドレス情報ユニットと、前記ルータ側の前記セキュリティ機器の第3IPアドレスと前記WAN側の接続対象電話機のための第2セッション確立用ポート番号とを含む前記セキュリティ機器の第1種外側アドレス情報ユニットと、及び前記接続対象電話機の端末番号とセッション確立用アドレス情報ユニットと、を対応づけている、
前記アドレス対応形成部と、
前記主装置の第1種外側アドレス情報ユニットと、前記第2IPアドレスを含む前記セキュリティ機器の第1種内側アドレス情報ユニットとを前記主装置に設定する第1設定制御部と、
を具備する。
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス及び前記主装置側の前記セキュリティ機器の第2IPアドレスを取得すること、及び、
セッション確立用アドレス対応関係を形成すること、
を含み、
前記セッション確立用アドレス対応関係は、前記第1IPアドレスと第1セッション確立用ポート番号とを含む前記主装置の第1種外側アドレス情報ユニットと、前記ルータ側の前記セキュリティ機器の第3IPアドレスと前記WAN側の接続対象電話機のための第2セッション確立用ポート番号とを含む前記セキュリティ機器の第1種外側アドレス情報ユニットと、及び前記接続対象電話機の端末番号とセッション確立用アドレス情報ユニットと、を対応づけており、
前記主装置の第1種外側アドレス情報ユニットと、前記第2IPアドレスを含む前記セキュリティ機器の第1種内側アドレス情報ユニットとを前記主装置に設定することをさらに含む。
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス及び前記主装置側の前記セキュリティ機器の第2IPアドレスを取得すること、及び、
セッション確立用アドレス対応関係を形成すること、
を含み、
前記セッション確立用アドレス対応関係は、前記第1IPアドレスと第1セッション確立用ポート番号とを含む前記主装置の第1種外側アドレス情報ユニットと、前記ルータ側の前記セキュリティ機器の第3IPアドレスと前記WAN側の接続対象電話機のための第2セッション確立用ポート番号とを含む前記セキュリティ機器の第1種外側アドレス情報ユニットと、及び前記接続対象電話機の端末番号とセッション確立用アドレス情報ユニットと、を対応づけており、
前記主装置の第1種外側アドレス情報ユニットと、前記第2IPアドレスを含む前記セキュリティ機器の第1種内側アドレス情報ユニットとを前記主装置に設定することをさらに含む、
処理を、実行させる。
<システムの概要>
図1は、第1実施形態におけるシステムの一例を示す図である。図1においてシステム1は、電話機10と、主装置20と、セキュリティ機器30と、ルータ40と、電話機50とを有している。電話機10は、主装置20に収容されており、電話機10と主装置20とは、例えばオフィスに導入されたキーテレフォンシステムを構成する。また、主装置20は、セキュリティ機器30と接続される。セキュリティ機器30は、ルータ40と接続される。ルータ40は、インターネット(つまり、WAN(Wide Area Network))と接続される。すなわち、電話機10と主装置20とセキュリティ機器30とルータ40とは、LAN(Local Area Network)を構成し、ルータ40は、WANとLANとの境界に配設される。電話機50は、少なくともインターネットを介してルータ40と接続される。
図2は、第1実施形態におけるセキュリティ機器の一例を示すブロック図である。図2においてセキュリティ機器30は、取得部31と、アドレス対応形成部32と、設定制御部(第1設定制御部)33とを有している。
第2実施形態は、主に、セッション確立のためのセキュリティ機器とルータとの間のネットワーク環境の設定に関する。なお、第2実施形態におけるシステムの基本構成は、第1実施形態におけるシステム1と同じなので、図1を参照して説明する。すなわち、第2実施形態のシステム1は、第1実施形態のシステム1においてセキュリティ機器30を後述するセキュリティ機器60に置き換えればよい。
図3は、第2実施形態におけるセキュリティ機器の一例を示すブロック図である。図3においてセキュリティ機器60は、取得部61と、アドレス対応形成部62と、設定制御部(第1設定制御部)63と、設定制御部(第2設定制御部)64とを有している。
以上の構成を有するセキュリティ機器の処理動作の一例について説明する。
第3実施形態は、第2実施形態で説明した設定処理が完了した後に行われる、セッション確立メッセージ(SIPパケット)の伝送及びリアルタイムデータ信号(RTPパケット)の伝送に関する。なお、第3実施形態におけるシステムの基本構成は、第1実施形態におけるシステム1と同じなので、図1を参照して説明する。すなわち、第3実施形態のシステム1は、第1実施形態のシステム1においてセキュリティ機器30を後述するセキュリティ機器70に置き換えればよい。
図4は、第3実施形態におけるセキュリティ機器の一例を示すブロック図である。図4においてセキュリティ機器70は、取得部61と、アドレス対応形成部62と、設定制御部(第1設定制御部)63と、設定制御部(第2設定制御部)64と、メッセージ変換部71と、データ信号変換部72とを有している。
第3実施形態におけるシステムの動作例について説明する。図5は、第3実施形態におけるシステムの処理動作の説明に供する図である。
以上の説明では、「リアルタイムデータ送信用アドレス対応関係」として、第2種外側アドレス情報ユニット(N:p2)とセキュリティ機器70の第2種外側アドレス情報ユニット(P:p2)との対応関係をルータ40に設定したが、これに限定されない。例えば、第2種外側アドレス情報ユニット(N:p2)と主装置20の第2種外側アドレス情報ユニット(R:r2)との対応関係をルータ40に設定してもよい。これにより、主装置20(電話機10)と電話機50との間のリアルタイムデータ信号を直接伝送することができるためセキュリティ機器70の負荷、及びLANの帯域を低下することができる。
<1>なお、図1では、主装置20は、セキュリティ機器30(60,70)と接続され、セキュリティ機器30(60,70)は、ルータ40と接続されるとしたが、これに限定されない。例えば、主装置20(電話機10)、セキュリティ機器30(60,70)、ルータ40は、ネットワークを介して接続されLANを構成するとしてもよい。
<2>図6は、セキュリティ機器のハードウェア構成例を示す図である。図6においてセキュリティ機器100は、プロセッサ101と、メモリ102と、インタフェース103とを有している。プロセッサ101は、例えば、マイクロプロセッサ、MPU(Micro Processing Unit)、又はCPU(Central Processing Unit)であってもよい。プロセッサ101は、複数のプロセッサを含んでもよい。メモリ102は、揮発性メモリ及び不揮発性メモリの組み合わせによって構成される。メモリ102は、プロセッサ101から離れて配置されたストレージを含んでもよい。この場合、プロセッサ101は、図示されていないI/Oインタフェースを介してメモリ102にアクセスしてもよい。
WAN(Wide Area Network)とLAN(Local Area Network)との境界に配設されたルータと前記LAN内のキーテレフォンシステムの主装置と接続されて用いられる、セキュリティ機器であって、
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス(R)及び前記主装置側の前記セキュリティ機器の第2IPアドレス(Q)を取得する取得部と、
セッション確立用アドレス対応関係を形成するアドレス対応形成部であって、
前記セッション確立用アドレス対応関係は、前記第1IPアドレス(R)と第1セッション確立用ポート番号(r1)とを含む前記主装置の第1種外側アドレス情報ユニット(R:r1)と、前記ルータ側の前記セキュリティ機器の第3IPアドレス(P)と前記WAN側の接続対象電話機のための第2セッション確立用ポート番号(p1)とを含む前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)と、及び前記接続対象電話機の端末番号(IDT)とセッション確立用アドレス情報ユニット(G:g1)と、を対応づけている、
前記アドレス対応形成部と、
前記主装置の第1種外側アドレス情報ユニット(R:r1)と、前記第2IPアドレス(Q)を含む前記セキュリティ機器の第1種内側アドレス情報ユニット(Q:q1)とを前記主装置に設定する第1設定制御部と、
を具備するセキュリティ機器。
前記取得部は、前記セキュリティ機器側の前記ルータのIPアドレスである前記ルータの第4IPアドレス(L)と、前記ルータの第1グローバルIPアドレス(N)と、をさらに取得する、
付記1記載のセキュリティ機器。
前記セッション確立用アドレス対応関係は、前記主装置の第1種外側アドレス情報ユニット(R:r1)、前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)、並びに、前記接続対象電話機の端末番号(IDT)及びセッション確立用アドレス情報ユニット(G:g1)に加えて、前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)と、前記第1グローバルIPアドレス(N)と前記第2セッション確立用ポート番号(p1)とを含む前記ルータの第1種外側アドレス情報ユニット(N:p1)を対応づけている、
付記2記載のセキュリティ機器。
前記セッション確立用アドレス対応関係における前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)と前記ルータの第1種外側アドレス情報ユニット(N:p1)の対応関係を前記ルータに設定する第2設定制御部をさらに具備する、
付記3記載のセキュリティ機器。
前記主装置から送信された第1セッション確立メッセージであって、送信元アドレスとして前記主装置の第1種外側アドレス情報ユニット(R:r1)を含み、宛先アドレスとして前記セキュリティ機器の第1種内側アドレス情報ユニット(Q:q1)を含み、且つ、前記第1セッション確立メッセージのデータ部に前記主装置の第1IPアドレス(R)と第1リアルタイムデータ送信用ポート(r2)とを含む第2種外側アドレス情報ユニット(R:r2)を含む、前記第1セッション確立メッセージを受け取り、前記受け取った第1セッション確立メッセージを変換して、前記接続対象電話機を宛先とする変換後の第1セッション確立メッセージを形成するメッセージ変換部をさらに具備し、
前記変換後の第1セッション確立メッセージは、送信元アドレスとして前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)を含み、宛先アドレスとして前記接続対象電話機のセッション確立用アドレス情報ユニット(G:g1)を含み、且つ、前記変換後の第1セッション確立メッセージのデータ部に前記第1グローバルIPアドレス(N)と前記接続対象電話機のための第2リアルタイムデータ送信用ポート(p2)とを含む前記ルータの第2種外側アドレス情報ユニット(N:p2)を含み、
前記第2設定制御部は、前記第3IPアドレス(P)と前記第2リアルタイムデータ送信用ポート(p2)とを含む前記セキュリティ機器の第2種外側アドレス情報ユニット(P:p2)と、前記ルータの第2種外側アドレス情報ユニット(N:p2)との対応関係を前記ルータに設定する、
付記4記載のセキュリティ機器。
前記メッセージ変換部は、送信元アドレスとして前記接続対象電話機のセッション確立用アドレス情報ユニット(G:g1)を含み、宛先アドレスとして前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)を含み、且つ、データ部に前記接続対象電話機のリアルタイムデータ送信用アドレス情報ユニット(G:g2)を含む、第2セッション確立メッセージを受け取り、前記受け取った第2セッション確立メッセージを変換して、前記主装置を宛先とする変換後の第2セッション確立メッセージを形成し、
前記変換後の第2セッション確立メッセージは、送信元アドレスとして前記セキュリティ機器の第1種内側アドレス情報ユニット(Q:q1)を含み、宛先アドレスとして前記主装置の第1種外側アドレス情報ユニット(R:r1)を含み、且つ、データ部に前記第2IPアドレス(Q)と前記接続対象電話機のための第3リアルタイムデータ送信用ポート(q2)とを含む前記セキュリティ機器の第2種内側アドレス情報ユニット(Q:q2)を含む、
付記5記載のセキュリティ機器。
送信元アドレスとして前記主装置の第2種外側アドレス情報ユニット(R:r2)を含み且つ宛先アドレスとして前記セキュリティ機器の第2種内側アドレス情報ユニット(Q:q2)を含むリアルタイムデータ信号を受け取り、前記受け取ったリアルタイムデータ信号を変換して、変換後のリアルタイムデータ信号を形成するデータ信号変換部をさらに具備し、
前記変換後のリアルタイムデータ信号は、送信元アドレスとして前記セキュリティ機器の第2種外側アドレス情報ユニット(P:p2)を含み且つ宛先アドレスとして前記接続対象電話機のリアルタイムデータ送信用アドレス情報ユニット(G:g2)を含む、
付記6記載のセキュリティ機器。
前記第2設定制御部は、前記主装置に収容された他の電話機と前記接続対象電話機との間の前記リアルタイムデータ信号の伝送のためのセッションが終了したとき、前記ルータに設定した前記セキュリティ機器の第2種外側アドレス情報ユニット(P:p2)と前記ルータの第2種外側アドレス情報ユニット(N:p2)との対応関係を削除する、
付記7記載のセキュリティ機器。
前記第1セッション確立メッセージ及び前記第2セッション確立メッセージは、SIP(Session Initiation Protocol)パケットである、
付記5又は6に記載のセキュリティ機器。
前記リアルタイムデータ信号は、RTP(Real-time Transport Protocol)パケットである、
付記7又は8に記載のセキュリティ機器。
WAN(Wide Area Network)とLAN(Local Area Network)との境界に配設されたルータと前記LAN内のキーテレフォンシステムの主装置と接続されて用いられる、セキュリティ機器によって実行される方法であって、
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス(R)及び前記主装置側の前記セキュリティ機器の第2IPアドレス(Q)を取得すること、及び、
セッション確立用アドレス対応関係を形成すること、
を含み、
前記セッション確立用アドレス対応関係は、前記第1IPアドレス(R)と第1セッション確立用ポート番号(r1)とを含む前記主装置の第1種外側アドレス情報ユニット(R:r1)と、前記ルータ側の前記セキュリティ機器の第3IPアドレス(P)と前記WAN側の接続対象電話機のための第2セッション確立用ポート番号(p1)とを含む前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)と、及び前記接続対象電話機の端末番号(IDT)とセッション確立用アドレス情報ユニット(G:g1)と、を対応づけており、
前記主装置の第1種外側アドレス情報ユニット(R:r1)と、前記第2IPアドレス(Q)を含む前記セキュリティ機器の第1種内側アドレス情報ユニット(Q:q1)とを前記主装置に設定することをさらに含む、
方法。
WAN(Wide Area Network)とLAN(Local Area Network)との境界に配設されたルータと前記LAN内のキーテレフォンシステムの主装置と接続されて用いられる、セキュリティ機器に、
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス(R)及び前記主装置側の前記セキュリティ機器の第2IPアドレス(Q)を取得すること、及び、
セッション確立用アドレス対応関係を形成すること、
を含み、
前記セッション確立用アドレス対応関係は、前記第1IPアドレス(R)と第1セッション確立用ポート番号(r1)とを含む前記主装置の第1種外側アドレス情報ユニットと、前記ルータ側の前記セキュリティ機器の第3IPアドレス(P)と前記WAN側の接続対象電話機のための第2セッション確立用ポート番号(p1)とを含む前記セキュリティ機器の第1種外側アドレス情報ユニット(P:p1)と、及び前記接続対象電話機の端末番号(IDT)とセッション確立用アドレス情報ユニット(G:g1)と、を対応づけており、
前記主装置の第1種外側アドレス情報ユニット(R:r1)と、前記第2IPアドレス(Q)を含む前記セキュリティ機器の第1種内側アドレス情報ユニット(Q:q1)とを前記主装置に設定することをさらに含む、
処理を、実行させる制御プログラム。
10 電話機
20 主装置
30 セキュリティ機器
31 取得部
32 アドレス対応形成部
33 設定制御部(第1設定制御部)
40 ルータ
50 電話機
60 セキュリティ機器
61 取得部
62 アドレス対応形成部
63 設定制御部(第1設定制御部)
64 設定制御部(第2設定制御部)
70 セキュリティ機器
71 メッセージ変換部
72 データ信号変換部
Claims (12)
- WAN(Wide Area Network)とLAN(Local Area Network)との境界に配設されたルータと前記LAN内のキーテレフォンシステムの主装置と接続されて用いられる、セキュリティ機器であって、
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス及び前記主装置側の前記セキュリティ機器の第2IPアドレスを取得する取得手段と、
セッション確立用アドレス対応関係を形成するアドレス対応形成手段であって、
前記セッション確立用アドレス対応関係は、前記第1IPアドレスと第1セッション確立用ポート番号とを含む前記主装置の第1種外側アドレス情報ユニットと、前記ルータ側の前記セキュリティ機器の第3IPアドレスと前記WAN側の接続対象電話機のための第2セッション確立用ポート番号とを含む前記セキュリティ機器の第1種外側アドレス情報ユニットと、及び前記接続対象電話機の端末番号とセッション確立用アドレス情報ユニットと、を対応づけている、
前記アドレス対応形成手段と、
前記主装置の第1種外側アドレス情報ユニットと、前記第2IPアドレスを含む前記セキュリティ機器の第1種内側アドレス情報ユニットとを前記主装置に設定する第1設定制御手段と、
を具備するセキュリティ機器。 - 前記取得手段は、前記セキュリティ機器側の前記ルータのIPアドレスである前記ルータの第4IPアドレスと、前記ルータの第1グローバルIPアドレスと、をさらに取得する、
請求項1記載のセキュリティ機器。 - 前記セッション確立用アドレス対応関係は、前記主装置の第1種外側アドレス情報ユニット、前記セキュリティ機器の第1種外側アドレス情報ユニット、並びに、前記接続対象電話機の端末番号及びセッション確立用アドレス情報ユニットに加えて、前記セキュリティ機器の第1種外側アドレス情報ユニットと、前記第1グローバルIPアドレスと前記第2セッション確立用ポート番号とを含む前記ルータの第1種外側アドレス情報ユニットを対応づけている、
請求項2記載のセキュリティ機器。 - 前記セッション確立用アドレス対応関係における前記セキュリティ機器の第1種外側アドレス情報ユニットと前記ルータの第1種外側アドレス情報ユニットの対応関係を前記ルータに設定する第2設定制御手段をさらに具備する、
請求項3記載のセキュリティ機器。 - 前記主装置から送信された第1セッション確立メッセージであって、送信元アドレスとして前記主装置の第1種外側アドレス情報ユニットを含み、宛先アドレスとして前記セキュリティ機器の第1種内側アドレス情報ユニットを含み、且つ、前記第1セッション確立メッセージのデータ部に前記主装置の第1IPアドレスと第1リアルタイムデータ送信用ポートとを含む第2種外側アドレス情報ユニットを含む、前記第1セッション確立メッセージを受け取り、前記受け取った第1セッション確立メッセージを変換して、前記接続対象電話機を宛先とする変換後の第1セッション確立メッセージを形成するメッセージ変換手段をさらに具備し、
前記変換後の第1セッション確立メッセージは、送信元アドレスとして前記セキュリティ機器の第1種外側アドレス情報ユニットを含み、宛先アドレスとして前記接続対象電話機のセッション確立用アドレス情報ユニットを含み、且つ、前記変換後の第1セッション確立メッセージのデータ部に前記第1グローバルIPアドレスと前記接続対象電話機のための第2リアルタイムデータ送信用ポートとを含む前記ルータの第2種外側アドレス情報ユニットを含み、
前記第2設定制御手段は、前記第3IPアドレスと前記第2リアルタイムデータ送信用ポートとを含む前記セキュリティ機器の第2種外側アドレス情報ユニットと、前記ルータの第2種外側アドレス情報ユニットとの対応関係を前記ルータに設定する、
請求項4記載のセキュリティ機器。 - 前記メッセージ変換手段は、送信元アドレスとして前記接続対象電話機のセッション確立用アドレス情報ユニットを含み、宛先アドレスとして前記セキュリティ機器の第1種外側アドレス情報ユニットを含み、且つ、データ部に前記接続対象電話機のリアルタイムデータ送信用アドレス情報ユニットを含む、第2セッション確立メッセージを受け取り、前記受け取った第2セッション確立メッセージを変換して、前記主装置を宛先とする変換後の第2セッション確立メッセージを形成し、
前記変換後の第2セッション確立メッセージは、送信元アドレスとして前記セキュリティ機器の第1種内側アドレス情報ユニットを含み、宛先アドレスとして前記主装置の第1種外側アドレス情報ユニットを含み、且つ、データ部に前記第2IPアドレスと前記接続対象電話機のための第3リアルタイムデータ送信用ポートとを含む前記セキュリティ機器の第2種内側アドレス情報ユニットを含む、
請求項5記載のセキュリティ機器。 - 送信元アドレスとして前記主装置の第2種外側アドレス情報ユニットを含み且つ宛先アドレスとして前記セキュリティ機器の第2種内側アドレス情報ユニットを含むリアルタイムデータ信号を受け取り、前記受け取ったリアルタイムデータ信号を変換して、変換後のリアルタイムデータ信号を形成するデータ信号変換手段をさらに具備し、
前記変換後のリアルタイムデータ信号は、送信元アドレスとして前記セキュリティ機器の第2種外側アドレス情報ユニットを含み且つ宛先アドレスとして前記接続対象電話機のリアルタイムデータ送信用アドレス情報ユニットを含む、
請求項6記載のセキュリティ機器。 - 前記第2設定制御手段は、前記主装置に収容された他の電話機と前記接続対象電話機との間の前記リアルタイムデータ信号の伝送のためのセッションが終了したとき、前記ルータに設定した前記セキュリティ機器の第2種外側アドレス情報ユニットと前記ルータの第2種外側アドレス情報ユニットとの対応関係を削除する、
請求項7記載のセキュリティ機器。 - 前記第1セッション確立メッセージ及び前記第2セッション確立メッセージは、SIP(Session Initiation Protocol)パケットである、
請求項5又は6に記載のセキュリティ機器。 - 前記リアルタイムデータ信号は、RTP(Real-time Transport Protocol)パケットである、
請求項7又は8に記載のセキュリティ機器。 - WAN(Wide Area Network)とLAN(Local Area Network)との境界に配設されたルータと前記LAN内のキーテレフォンシステムの主装置と接続されて用いられる、セキュリティ機器によって実行される方法であって、
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス及び前記主装置側の前記セキュリティ機器の第2IPアドレスを取得すること、及び、
セッション確立用アドレス対応関係を形成すること、
を含み、
前記セッション確立用アドレス対応関係は、前記第1IPアドレスと第1セッション確立用ポート番号とを含む前記主装置の第1種外側アドレス情報ユニットと、前記ルータ側の前記セキュリティ機器の第3IPアドレスと前記WAN側の接続対象電話機のための第2セッション確立用ポート番号とを含む前記セキュリティ機器の第1種外側アドレス情報ユニットと、及び前記接続対象電話機の端末番号とセッション確立用アドレス情報ユニットと、を対応づけており、
前記主装置の第1種外側アドレス情報ユニットと、前記第2IPアドレスを含む前記セキュリティ機器の第1種内側アドレス情報ユニットとを前記主装置に設定することをさらに含む、
方法。 - WAN(Wide Area Network)とLAN(Local Area Network)との境界に配設されたルータと前記LAN内のキーテレフォンシステムの主装置と接続されて用いられる、セキュリティ機器に、
前記セキュリティ機器側の前記主装置の第1IP(Internet Protocol)アドレス及び前記主装置側の前記セキュリティ機器の第2IPアドレスを取得すること、及び、
セッション確立用アドレス対応関係を形成すること、
を含み、
前記セッション確立用アドレス対応関係は、前記第1IPアドレスと第1セッション確立用ポート番号とを含む前記主装置の第1種外側アドレス情報ユニットと、前記ルータ側の前記セキュリティ機器の第3IPアドレスと前記WAN側の接続対象電話機のための第2セッション確立用ポート番号とを含む前記セキュリティ機器の第1種外側アドレス情報ユニットと、及び前記接続対象電話機の端末番号とセッション確立用アドレス情報ユニットと、を対応づけており、
前記主装置の第1種外側アドレス情報ユニットと、前記第2IPアドレスを含む前記セキュリティ機器の第1種内側アドレス情報ユニットとを前記主装置に設定することをさらに含む、
処理を、実行させる制御プログラムを格納する非一時的なコンピュータ可読媒体。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA3208363A CA3208363A1 (en) | 2021-01-15 | 2021-10-04 | Security device, method, and non-transitory computer-readable medium |
EP21919512.0A EP4280551A4 (en) | 2021-01-15 | 2021-10-04 | SECURITY DEVICE, METHOD AND NON-TRANSITIOUS COMPUTER-READABLE MEDIUM |
US18/271,380 US20240073288A1 (en) | 2021-01-15 | 2021-10-04 | Security device, method, and non-transitory computer-readable media |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021004763A JP7067815B1 (ja) | 2021-01-15 | 2021-01-15 | セキュリティ機器、方法、及び制御プログラム |
JP2021-004763 | 2021-01-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022153621A1 true WO2022153621A1 (ja) | 2022-07-21 |
Family
ID=81606853
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2021/036609 WO2022153621A1 (ja) | 2021-01-15 | 2021-10-04 | セキュリティ機器、方法、及び非一時的なコンピュータ可読媒体 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20240073288A1 (ja) |
EP (1) | EP4280551A4 (ja) |
JP (1) | JP7067815B1 (ja) |
CA (1) | CA3208363A1 (ja) |
WO (1) | WO2022153621A1 (ja) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040128554A1 (en) * | 2002-09-09 | 2004-07-01 | Netrake Corporation | Apparatus and method for allowing peer-to-peer network traffic across enterprise firewalls |
JP2006025002A (ja) * | 2004-07-06 | 2006-01-26 | Nippon Telegr & Teleph Corp <Ntt> | Fw制御を行うsip通信制御装置およびそのfw制御方法 |
JP2010193094A (ja) | 2009-02-17 | 2010-09-02 | Oki Networks Co Ltd | 通信中継装置、プログラム及び方法、並びにネットワークシステム |
JP2021004763A (ja) | 2019-06-25 | 2021-01-14 | オムロン株式会社 | 異常検知装置、異常検知方法およびプログラム |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4371955B2 (ja) * | 2004-09-01 | 2009-11-25 | Necインフロンティア株式会社 | ボタン電話システム及びそれに用いる音声データ通信方法 |
JP5158588B2 (ja) * | 2007-11-07 | 2013-03-06 | Necインフロンティア株式会社 | SIP電話機、VoIPシステム及びそれらに用いる同一ネットワーク内通信方法並びにそのプログラム |
JP4818428B2 (ja) * | 2009-12-25 | 2011-11-16 | 株式会社東芝 | 通信システム及び電話交換装置及び制御方法 |
JP2014197774A (ja) * | 2013-03-29 | 2014-10-16 | ソニー株式会社 | 通信機器、通信システム、通信機器の制御方法およびプログラム |
JP5988407B1 (ja) * | 2015-05-13 | 2016-09-07 | Necプラットフォームズ株式会社 | 通信経路制御装置、通信経路制御システム、通信経路制御方法及び通信経路制御プログラム |
US10419544B2 (en) * | 2015-12-22 | 2019-09-17 | Ribbon Communications Operating Company, Inc. | Methods and apparatus for managing the use of IP addresses |
-
2021
- 2021-01-15 JP JP2021004763A patent/JP7067815B1/ja active Active
- 2021-10-04 EP EP21919512.0A patent/EP4280551A4/en active Pending
- 2021-10-04 CA CA3208363A patent/CA3208363A1/en active Pending
- 2021-10-04 WO PCT/JP2021/036609 patent/WO2022153621A1/ja active Application Filing
- 2021-10-04 US US18/271,380 patent/US20240073288A1/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040128554A1 (en) * | 2002-09-09 | 2004-07-01 | Netrake Corporation | Apparatus and method for allowing peer-to-peer network traffic across enterprise firewalls |
JP2006025002A (ja) * | 2004-07-06 | 2006-01-26 | Nippon Telegr & Teleph Corp <Ntt> | Fw制御を行うsip通信制御装置およびそのfw制御方法 |
JP2010193094A (ja) | 2009-02-17 | 2010-09-02 | Oki Networks Co Ltd | 通信中継装置、プログラム及び方法、並びにネットワークシステム |
JP2021004763A (ja) | 2019-06-25 | 2021-01-14 | オムロン株式会社 | 異常検知装置、異常検知方法およびプログラム |
Non-Patent Citations (2)
Title |
---|
See also references of EP4280551A4 |
UCHIDA, NAOKI; INABA, TORU; SUZUKI, YASUSHI; SAKURAI, KAZUYA: "Hybrid VoIP Architecture Applicable to the Public Switched Telephone Network", IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, IEICE, vol. J87-B, no. 6, 1 June 2004 (2004-06-01), JP , pages 843 - 854, XP009538347, ISSN: 1881-0209 * |
Also Published As
Publication number | Publication date |
---|---|
US20240073288A1 (en) | 2024-02-29 |
EP4280551A1 (en) | 2023-11-22 |
EP4280551A4 (en) | 2024-06-12 |
JP7067815B1 (ja) | 2022-05-16 |
JP2022109451A (ja) | 2022-07-28 |
CA3208363A1 (en) | 2022-07-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8228861B1 (en) | Efficient handover of media communications in heterogeneous IP networks using handover procedure rules and media handover relays | |
JP4443558B2 (ja) | IPv4/IPv6統合ネットワークシステムの保安通信方法及びその装置 | |
US8605730B2 (en) | System and method for multimedia communication across disparate networks | |
US9602470B2 (en) | Network device, IPsec system and method for establishing IPsec tunnel using the same | |
US20050232273A1 (en) | Communications system and a gateway device | |
US20080267395A1 (en) | Apparatus and method for encrypted communication processing | |
CN110933197A (zh) | 一种分布式代理网络 | |
TW201409985A (zh) | 減少網路位址表頭的系統、裝置及方法 | |
JP4679393B2 (ja) | Sip通信システム、sipゲートウェイ装置及びそれらに用いるsip通信制御方法 | |
WO2022153621A1 (ja) | セキュリティ機器、方法、及び非一時的なコンピュータ可読媒体 | |
JP2005341084A (ja) | Vpnシステム、リモート端末及びそれらに用いるリモートアクセス通信方法 | |
US7577837B1 (en) | Method and apparatus for encrypted unicast group communication | |
JP4376094B2 (ja) | 無線通信装置 | |
JP2009171132A (ja) | データ中継装置、データ中継方法およびデータ中継プログラム | |
JP2008236275A (ja) | 通信システム、パケット転送処理装置及びそれらに用いる通信セッション制御方法 | |
JP2007519356A (ja) | セキュリティを備えた遠隔制御ゲートウェイ管理 | |
JP4372629B2 (ja) | Fw制御を行うsip通信制御装置およびそのfw制御方法 | |
JP2010028295A (ja) | Vpnサーバ、通信制御方法、および、プログラム | |
US11818572B2 (en) | Multiple authenticated identities for a single wireless association | |
JP4060764B2 (ja) | 通信装置 | |
JP5908411B2 (ja) | あらかじめ分散された静的ネットワークアドレス変換マップを用いることによりプライベートsipベースのipネットワークとのヒューマン/マシン通信リンクの迅速な確立の容易化 | |
Radley | Programmed routing in the direction of MST by virtue of port dependent decision device | |
WO2002089415A1 (en) | Method for communication audio and video data in multimedia communication system using h.323 protocol | |
JP2006042044A (ja) | トンネリング方法および装置、ならびにそのプログラムと記録媒体 | |
JP2018014548A (ja) | 接続装置及び接続方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21919512 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 18271380 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 3208363 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2021919512 Country of ref document: EP Effective date: 20230816 |