JP2000115247A - Integrated information communication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To construct an inexpensive and large scale communication system, to easily secure reliability and to introduce countermeasures against burglary by charging for system utilization by an authentication server provided inside an integrated information communication system. SOLUTION: The integrated information communication system(ICS) 1 is provided with an imparting rule of an address as a computer information/ communication address. Access controllers 2 to 4, 5 to 7 are provided with an inter-conversion table to manage an address system ADS, ADX, an address system ADS, ADY respectively. The authentication server and a connection server are provided inside the ICS 1, an ICS domain name, an ICS user address, an address in common with a calling origin of the connection server, a function module are included inside an IP terminal, is inspected whether it is registered in the ICS 1 or not by the authentication server in the case of communication of the IP terminal and the communication is performed by setting an address, etc., for performing communication between two IP terminals in the conversion table inside an access controller connected with each of the IP terminal and the IP terminal of a communicating party.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] The present invention relates to a personal computer, a LAN, and the like.
(Local Area Network), telephone (including mobile phone and PHS), FAX (Facsimile), CATV (Cable Televisio)
n), information communication devices or information communication systems such as the Internet can be used not only for dedicated lines but also for ISDN (Integrated
rvices Digital Network), FR (Frame Relay), AT
M (Asynchronous Transfer Mode), IPX (Integrated
The present invention relates to an integrated information communication system integratedly connected via Packet Exchange, satellite, wireless, and public lines. Here, the information communication device communicates with an address (for information communication) for identifying it from the others. The present invention is particularly applicable to connectionless networks (eg, RFC791, RFC1883).
Integrate data transfer services based on the Internet Protocol (IP) technology, and use a unified address system to increase the economics of information and communications as a whole, and ensure security to communicate between connected terminals or systems. The present invention relates to an integrated information communication system that can be used.

[0002]

2. Description of the Related Art With the development of computers and information communication technologies, computer communication networks have recently become widespread within universities, research institutes, government agencies, or within or between companies. The LAN is used as a computer communication network in a company, and has a form as shown in FIG. 64 when the area is spread nationwide. FIG.
In this example, the local LANs use a common protocol,
Each is connected by a dedicated line. Here, for example, company X is LAN-X1, LAN-X2, LAN
-X3, the company Y uses LAN-Y1 as the LAN,
Using LAN-Y2 and LAN-Y3, companies X and Y perform computer communication using communication address systems ADX and ADY, respectively. In such a LAN network, it is necessary to lay an individual dedicated line for each company, so that the system construction is expensive and the LANs of other companies are expensive.
When connecting to a network, it is necessary to match interfaces such as a communication address system, and there is a problem that the interconnection is very difficult and a large cost is required.

On the other hand, in recent years, the Internet has become widespread as a computer communication network on a worldwide scale. In the Internet, the networks are connected using a router of a provider, and TCP / IP (Transmission Co., Ltd.) is used.
ntrol Protocol / Internet Protocol), a dedicated line or FR network is used to connect to remote locations, and a 10 Mbps Ethernet LAN or a 100 Mbps LAN FDDI (F
iber Distributed Date Interface) is used as a communication path. FIG. 65 shows an example of a connection form of the Internet. In the Internet, routers in a provider maintain connection between them while exchanging routing table connection information. Although each router is connected to a plurality of networks, the router determines which of the routers connected to which provider's network to send the received data based on the routing table. Thus, on the Internet, the destination IP address attached to each IP frame (IP datagram) is looked at, and the next router to be sent is determined and sent to that router. This operation is performed by all routers, so that IP frames are successively delivered and delivered to a target computer. FIG. 66 shows the information content of RFC791 of an IP frame used for the Internet, which is divided into a control unit and a data unit. FIG. 67 shows a similar RFC 18
83 shows the information content, which is divided into a control section and a data section, and () indicates the number of bits.

[0004]

However, since the Internet does not have a system for comprehensively managing communication paths, it is not possible to confirm whether or not the communication partner is the intended rightful person, and the communication information cannot be transmitted. There is a problem in security such as a high risk of eavesdropping, and in reality, the IP addresses in many LANs are uniquely determined by users of the LANs, and the LANs are connected to the Internet. At this time, it is necessary to replace the IP address of the user of the LAN with the IP address for the Internet.
In addition, the communication quality such as communication speed and communication error rate varies among the trunk lines constituting the Internet communication line for each LAN line, and is hardly unified. For example, a TV signal of 10 Mbps is used for communication of a TV conference. However, there is a problem that the communication speed is not achieved even if an attempt is made to send the data. Furthermore, there is no manager in charge of maintenance and management such as network failure countermeasures, and the entire network such as network future planning, and it is used for communications of companies and businesses of countries and research institutions where reliability is particularly important. However, there is a problem that the Internet cannot be used with security. In the LAN network and the Internet, the terminal is a personal computer (computer), and it has been difficult to integrate and use a telephone, a facsimile, a CATV, and the like.

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and an object of the present invention is to increase the economical efficiency of information communication system construction without using a dedicated line or the Internet, and to improve the communication speed, communication quality, and communication speed. A plurality of VAs that perform data / information transfer using IP frames that secure security and reliability in communication by integrally assuring measures against failures
An object of the present invention is to provide an integrated information communication system capable of accommodating N. In addition, a single information transfer independent of the type of service such as voice, image (moving image, still image), text, etc., enables comprehensive communication services, analog and digital telephone line services, Internet provider services, fax services, and computer data exchange. An object of the present invention is to provide an integrated information communication system in which services that have been individually serviced, such as services and CATV services, are interconnected. In addition, an integrated system capable of performing inter-company communication without changing the address system for computer communication, which is conventionally used by individual companies (including universities, research institutes, government agencies, and the like) in each company separately. It is also an object to provide an information communication system. I
The P terminal refers to a terminal or a computer having a function of transmitting and receiving an IP frame.

The integrated information communication system of the present invention has a conversion table for address conversion. However, since the conversion table is expensive in memory, it is required to reduce its size as much as possible to reduce the cost. For this purpose, in the present invention, the logical communication line is not written in the conversion table,
Instead, write to the domain name server, reduce the size of the conversion table, and save the trouble of preparing to write to the conversion table. It is another object of the present invention to perform authentication by an authentication server provided in the integrated information communication system, to prevent unauthorized setting of an unauthorized communication line, and to eliminate a difference in billing method regardless of the type of IP terminal.

[0007]

According to the present invention, an ICS user frame having a unique ICS user address system ADX is converted into an ICS network frame having an address system ADS based on management of a conversion table in an access control device. Transmitting at least one or more built-in VANs in accordance with the rules of the address system ADS, and when the VAN reaches another target access control device, converts the VAN into the ICS user address system ADX based on the management of the conversion table. An integrated information communication system adapted to reach another external information communication device, the object of the present invention is to provide an access control device for individually connecting a plurality of external computer communication networks or information communication devices, A relay device for networking the access control device is provided, and information is stored in an integrated address system. Transfer the have the ability to route is achieved by a configuration that can communicate with each other between said plurality of computer communication networks or information communication device. A range of a dedicated line used in communication between companies and between companies shown in FIG. 64 shown as a conventional example corresponds to a computer communication network based on IP in which a common communication network shown by a broken line is replaced.

An object of the present invention is to provide an ICS user frame having a unique ICS user address system ADX by using an address system A based on the management of a conversion table in an access control device.
DS is converted to an ICS network frame having DS, and at least one or more built-in VANs are transmitted in accordance with the rules of the address system ADS. An integrated information communication system configured to convert the data into the ICS user address system ADX and reach another external information communication device, wherein an authentication server and a connection server are provided inside the integrated information communication system; Includes an ICS domain name, an ICS user address, a connection server caller common address, and a function module therein, and transmits the integrated information communication to the authentication server via the connection server when the IP terminal performs communication. Inspection whether the system is registered or not, if registered, the corresponding IP terminal This is achieved by performing communication by setting an address or the like for performing communication between the two IP terminals in a conversion table inside an access control device connected to each of the communication partner's IP terminals. .
Also, the IP terminal specifies its own ICS name and the ICS name of the communication partner, requests the user service server, domain name server, conversion table, etc., and converts the conversion table in the source access control device with the communication partner. By rewriting the conversion table in the access control described above, the logical communication line is set online between the two IP terminals, and from the one IP terminal to the other IP terminal between the two IP terminals using the logical communication line. IP
This is achieved by transmitting a packet and opening a logical communication line between two IP terminals online after communication is completed.

[0009]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 schematically shows the basic principle of the present invention.
ated Information / Communication System: Abbreviated below ”
ICS 1) has an address assignment rule uniquely defined as computer information / communication address, that is, has a specific address system ADS, and has a plurality of external computer communication networks and Information communication equipment, for example, a large number of LANs (in this example, LAN-X1 and LAN-X of company X)
2, LAN-X3 and LAN-Y1, LAN- of company Y
Y2, LAN-Y3) as access points for connection (in this example, 2 to 7). The LAN-X1, LAN-X2, and LAN-X3 of the company X have the same address system ADX, and the LAN-Y1, LAN-Y2, and LAN-Y3 of the company Y have the same address system ADY. The access control devices 2, 3, and 4 have a conversion table for managing the mutual conversion between the address system ADS and the address system ADX, and the access control devices 5, 6, and 7 perform the conversion between the address system ADS and the address system ADY. It has a conversion table for managing mutual conversion. The computer communication data (ICS frame) in ICS1 is the address system ADS of ICS1.
Communication using the IP used in the Internet or the like is performed using the address according to.

Here, a communication operation in the case of the same company will be described. The computer communication data (ICS frame) 80 transmitted from the LAN-X1 of the company X is given an address according to the address system ADX.
Under the management of the conversion table of the access control device 2 in the above, the address is converted into an address in accordance with the address system ADS to become the ICS frame 81. Then, the data is transmitted in the ICS 1 according to the rules of the address system ADS, and when it reaches the target access control device 4, it is restored to the computer communication data 80 of the address system ADX under the management of the conversion table, and the same company X Sent to LAN-X3. Here, the ICS frame transmitted and received inside the ICS1 is referred to as “I
An ICS frame transmitted and received outside the ICS1 is called an “ICS user frame”.
That. The format of the ICS user frame basically targets the format specified in RFC791 used in the Internet or the like and RFC1883.

The ICS network frame 81 includes a network control unit 81-1 and a network data unit 81.
The address (address system ADS) of each ICS logic terminal inside the access control devices 2 and 4 is stored in the network control unit 81-1.
The ICS user frame 80 is used as the network data section 81-2 as it is, or is converted into a network data section 81-2 by converting the data format according to a rule defined inside the ICS1. The conversion rules of the data format include, for example, conversion into cipher text and data compression. The access control device 2 uses the encryption means and the cipher text as the original plain text (I
(CS user frame) and a compressed data restoring means for restoring the compressed data. In the access control device 2,
The ICS user frame 80 is an ICS network frame 81-2, and the network control unit 81-1 is an ICS network frame 81-2.
The operation to be added to the network frame 81-2 is called "IC
The operation of the access control device 4 for removing the network control unit 81-1 from the ICS network frame 81 is referred to as "ICS decapsulation".

[0012] Similarly, the case of inter-company communication will be described.
The computer communication data (ICS user frame) 82 transmitted from the LAN-Y2 of the company Y has an address system A
Although an address according to DY is given, the address is converted into an address according to the address system ADS under the management of the conversion table of the access control device 6 in the ICS 1 to form an ICS frame 83. Then, the data is transmitted in the ICS 1 according to the rules of the address system ADS, and when it reaches the target access control device 3, it is converted into the computer communication data 82 of the address system ADX under the management of the conversion table.
It is transmitted to LAN-X2 of company X. In the present invention, 32 bits and 128 bits are used as the address length, but the address is not limited to these lengths. Even if the address length is changed to other than 32 bits or 128 bits, the essence of the address conversion, which is the basic concept of the present invention, does not change.

As described above, according to the present invention, intra-company and inter-company computer communication is enabled by the centralized address management of the ICS 1. A user terminal of computer communication generally used is accommodated in a LAN of a user's premises, and is connected to a VAN (Value Added Network) via an access line.
k), a user frame having a different data format and address system for each service type is transferred. For example, an Internet service uses an IP address, and a telephone service uses a telephone number / ISDN.
Number (E.164 address) is used. X.25 packet service X.25 121 addresses are used. On the other hand, in the ICS 1 of the present invention, address conversion (referred to as ICS address conversion) is performed on the conversion table of the access control device based on the input ICS user frame, and data of various structures is unified into a single unified data. The information is transferred by converting the data into a frame of a data format and an address system, that is, an ICS frame.

FIG. 2 shows that the ICS 1 of the present invention is connected to a plurality of VANs.
(VAN-1, VAN-2, VAN-1 3) is schematically shown, each VAN is managed by a VAN operator, and a user of ICS1 applies to the VAN operator for a user communication line. The VAN operator performs the user's IC
An S user address, an ICS network address, and the like are determined, and the information is registered in a conversion table 12 in the access control device 10 as shown in FIG. I
CS1 is an access control device 10-1, 10-2, 10-3, 10-4, 10- as an access point of an external connection element with LANs (or terminals thereof) of companies X and Y.
5, and the relay devices 20-1, 20-2, 20-
3, 20-4 and the ICS network servers 40-1, 40-2,
40-3, 40-4, and 40-5, and ICS address management servers 50-1 and 50-2. Each VAN
A relay device 20 as shown in FIG. 4 is provided in the internal communication path, and an inter-VAN gateway 30 as shown in FIG. 5 is provided as a connection element of VAN-2 and VAN-3. LAN 1-1, 1-2, 1-3,1- shown in FIG.
4 is an access control device 10-1, 10-5, respectively.
User communication lines 36-1, 36- are connected to 10-4, 10-2.
2, 36-3, 36-4.

The access control device 10 (10-1, 10-
2, 10-3, 10-4, and 10-5) are apparatuses for accommodating a user communication line from a user (company X, Y) to the ICS 1, and as shown in FIG. A conversion table 12 as a database for performing address conversion and the like, a line unit 13 of the input / output interface,
And a temporary conversion table 14. Also, the relay device 20
Has a transfer function of the ICS network frame and a routing function of specifying a route, has a processing unit 21 including a CPU and a relay table 22 as shown in FIG.
Reference numeral 2 is used to determine a communication destination when the ICS network frame transmits inside the ICS 1. As shown in FIG. 5, the inter-VAN gateway 30 has a processing device 31 such as a CPU and a relay table 32 for determining the destination of the ICS network frame between the VANs.

The ICS network server 40 comprises a processing unit 41 and an ICS network database 42 as shown in FIG. 6, and the use of the ICS network database 42 is not limited.
For example, user-specific data (user name and address, etc.) corresponding to the ICS user address, data not corresponding to the ICS user address, for example, data representing a communication failure situation inside the VAN, or data not directly related to the VAN, for example, An electronic library that holds and publishes digital documents, a public key of a public encryption system using encryption technology used to authenticate the validity of a sender and a recipient, public certification data and its related data, or a secret key of a secret key system. It is used for holding data such as related data. The processing device 41 refers to the ICS network database 42, acquires corresponding data, and transmits the data to the access control device 10. It should be noted that the ICS network database 42 operates independently and can communicate with other ICS network servers by transmitting and receiving ICS network frames based on IP communication technology, and acquire data from other ICS network servers. I
The CS network server is assigned a unique ICS network address within the ICS.

In the present invention, an address for identifying a computer or terminal used in an ICS network frame is called an “ICS network address”, and an address for identifying a computer or terminal used in an ICS user frame is referred to as an “ICS user”. Address. " ICS
The network address is used only inside the ICS and 3
Either one or both of two types, a 2-bit length and a 128-bit length, are used. Similarly, the ICS user address uses one or both of the 32-bit length and the 128-bit length. The ICS logical terminal, the relay device 20, the gateway between VANs 30 and the ICS network server inside the access control device 10 are each uniquely assigned an ICS network address to uniquely identify them. In addition, IC
The S user address is composed of a VAN upper code and a VAN internal code. When the length of the VAN upper code is represented by C1 bits and the length of the VAN internal code is represented by C2 bits, C1 + C2 represents either 32 bits or 128 bits. Used.

In the present invention, the specific method of determining the VAN upper-level code and the VAN internal code is not specified.
In the case of 1 + C2 = 32 bits, for example, VAN upper code = area management code (4 bits) ‖country code (4 bits) ‖VAN code (8 bits) VAN internal code = VAN area code (4 bits) ‖V
AN access point code (8 bits) ‖user logical code (4 bits) may be determined. FIG. 7 illustrates an example of the ICS user address. Here, the symbol "a @ b" represents a concatenation of data a and b, that is, data obtained by arranging data a and b in this order. ICS network address
As in the case of the user network address, it can be given including the regionality. For example, ICS network address = region management code / country code / VAN code / VAN region code / user logical communication line code. By doing so, the transmission destination is determined in consideration of the area, so that the relay device can efficiently find the transmission destination. The same applies to the case of C1 + C2 = 128 bits. In the present invention, C1 + C2 = 32 bits or C1 + C2 = 128 bits is protected no matter how the partitioning method of the internal fields of the VAN upper code and the VAN internal code and the length of each partitioning field are determined. If so, an ICS frame can be constructed. Also, V
When determining the AN upper-level code and the VAN internal code, a part of these codes may be determined unique to the user. That is,
Users can have user-specific addressing schemes. The address value of the 32-bit expression starts from address 0 (232
-1) Up to address, but within this address, for example, 10
X224 to (10x224 + 224-1),
That is, from (172 × 224 + 16 × 216) address (1
72 × 224 + 32 × 216-1) or from (192 × 224 + 168 × 216) to (192)
(X224 + 169x216-1) In the section up to the address, the present invention is implemented by giving an address determined uniquely to the user.

A physical communication line can be logically divided into a plurality of communication lines for use.
For example, it is realized by a multiplex communication system of a frame relay (FR). In the present invention, a user's communication line is divided into a user physical communication line and one or more user logical communication lines. FIG. 8 shows this state, and is 100 Mbps.
In this example, the user physical communication line 60 having a communication speed of s is divided into two user logical communication lines 61-1 and 61-2 having a communication speed of 50 Mbps. Also, separate computer communication devices 62-1, 62-2, 62-3, 62
-4 are connected to respective user logical communication lines, and IC
S user address “4123, 0025, 0026, 4
124 "is each of the computer communication devices 62-1 to 62-4
The example given to is shown. The user physical communication line 60 is connected to the access control device 63, and the connection point between them is "I
CS logic terminal ”. The ICS logic terminal includes IC
A unique ICS network address is assigned inside S. In the example of FIG. 8, the user logical communication lines 61-1 and 61-2 are connected to the access control device 63, and the connection point I
ICS is applied to each of CS logic terminals 64-1 and 64-2.
Network addresses “8710” and “8711” are assigned.

As described above, since the ICS network server 40 is also given a unique ICS network address,
The ICS network address is the ICS logic terminal or I
The CS network server can be specified as the only one in the ICS. The ICS network server can exchange information with another ICS network server by transmitting and receiving, using the IP communication technology, an ICS network frame to which each ICS network address is assigned. This communication function is called “communication function of ICS network server”. The access control device also has a unique ICS network address inside the ICS, and can exchange information with the ICS network server using the communication function of another ICS network server as the access control device server. The ICS network server communication function is realized using, for example, conventional TCP and UDP (User Datagram Protocol).

As described above, the ICS frame of the present invention includes an ICS network frame transmitted / received inside the ICS, and an ICS user frame transmitted / received outside the ICS. As shown in FIG. 9, a network control unit, a user control unit, a network data unit, and a user data unit are used in ICS encapsulation or ICS decapsulation. That is, when the ICS user frame enters the ICS from the access control device, the ICS user frame becomes a data part of the ICS network frame, and a control unit (network control unit) of the ICS network frame is added (ICS encapsulation). The inside of the network control unit is divided into a basic unit and an extension unit. The basic part is used for, for example, a header specified by RFC791 or RFC1833, and the extension part is used for encryption or the like. If encryption or the like is not required at all, the extension unit is not used and need not be present.

In the network control section of the ICS frame, an area for storing a source address and a destination address is provided. The format of the ICS frame has an address length of 32.
When the address length is 32 bits, for example, when the address length is 32 bits, for example, RFC7 shown in FIG.
A frame format according to the provisions of I.91 is adopted. If the ICS network address is insufficient with 32 bits, for example, 6
When using 4 bits, follow the rules of RFC791,
Insufficient 32 bits (64 bits-32 bits) are written in the option section of the ICS network frame control section, and the length of the network address is used as 64 bits. Here, the above-mentioned address specific to the user is supplemented. A large number of users, for example, (10 × 224)
In the section from the address to the address (10 × 224 + 224-1), the private address (ICS user address 1)
), The ICS network address is assigned in correspondence with the ICS user address.
If the length of the ICS user address is 32 bits, the IC
The length of the S network address is insufficient for 32 bits, and requires, for example, 64 bits. In this case, as described above, the insufficient 32 bits are written in the option section of the ICS network frame control section, and the length of the network address is used as 64 bits. It will be described in the first embodiment that communication between the same users (intra-company communication) is possible using the private address. When the address length is 128 bits, the present invention is implemented by adopting, for example, a frame format defined by RFC1883 shown in FIG. The addresses stored in the source address area and the destination address area in the network control unit are ICS network addresses, which are the originating ICS network address and the destination ICS network address, respectively. Further, the source address area in the user control unit and the address stored in the destination address area are I
A CS user address, and a sender ICS user address and a receiver ICS user address, respectively.

When the present invention is implemented, the format of the ICS frame does not necessarily have to comply with the regulations of RFC791 and RFC1883, and the address is 32 bits and 1 bit.
Any frame format using any of the 28 bits can be used. In general, ICS receives an ICS user frame specified by RFC791 or RFC1883 of a communication protocol from a user. Other frame formats are converted into an ICS user frame format by a conversion unit (conversion unit). It can be handled in the network.

Embodiment 1 (Basic of ICS, intra-enterprise communication and inter-enterprise communication): The first embodiment of the present invention will be described with reference to FIGS.
An embodiment will be described for basic communication for determining a transfer destination in the ICS from a recipient ICS user address based on the management of a conversion table. In the figure, reference numerals 170-1, 170-2, 170-3, and 170-4 denote gateways provided inside the LANs 100-1, 100-2, 100-3, and 100-4, respectively. 170-1 to 170-4.

First, an address system A is connected to the LAN 100-1 of the company X having a unique address system ADX.
A terminal having an address according to DX and an LA of the same company X
Communication with a terminal connected to N100-2 and having an address according to the address system ADX will be described. That is, the ICS user address “00” on the LAN 100-1
12 "and a terminal having an ICS user address" 0034 "on the LAN 100-2. This communication is based on an address system unique to the same company (ADX in this example). The terminal to which the address is set is a typical communication mutually performed via the ICS 100. This is called an intra-company communication service (or an intra-company communication). A terminal having an address according to the address system ADX and a company Y
Communication with a terminal that is connected to the LAN 100-3 and has an address according to the address system ADY will be described. That is, the terminal having the ICS user address “0012” on the LAN 100-1 and the I
This is communication with a terminal having a CS user address “1156”. This communication is a typical terminal intercommunication performed by terminals having different address systems between different companies using an ICS address system that can be used in common with each other. Call.

<< Common Preparation >> In describing this example,
The address format and the like are determined as follows, but the specific numerical values and formats shown here are merely examples, and the present invention is not limited thereto. The ICS network address is represented by a four-digit number, and both the sender ICS user address and the receiver ICS user address are represented by a four-digit number. Then, of the sender ICS user address and the receiver ICS user address, an address whose upper two digits are not “00” is defined as an inter-company communication address.
It is the only value inside CS100. Top 2 of sender ICS user address and receiver ICS user address
The address having the digit “00” is used as the intra-company communication address. However, the intra-company communication address may overlap with the intra-company communication address of another company within the ICS 100. Further, the conversion table 113 provided in the access control device 110-1.
-1 is the source ICS network address, the destination ICS
Network address, sender ICS user address,
It contains the recipient ICS user address, request identification, speed category, etc. The request identification registered in the conversion table 113-1 is
For example, the intra-company communication service is represented by “1”, the inter-company communication service is represented by “2”, and the virtual leased line connection described in other embodiments is represented by “3”. The speed category is the line speed required for communication from the ICS network address,
It includes the throughput (for example, the number of ICS frames transferred within a certain time).

<< Preparation for Intra-Company Communication >> LAN 100
-1 and the user of the LAN 100-2 specify the terminal to the VAN operator so that the intra-company communication between the terminals connected to each LAN can communicate via the VAN-1 and VAN-3. Make an application. Then, in response to the application, the VAN operator accesses the access control devices 110-1 and 110-1 connected to the LANs 100-1 and 100-2.
In the conversion table of −5, the above-mentioned ICS network address,
While setting the ICS user address, request identification, etc.,
The data is also written and stored in the ICS address management server 150-1.

The setting items for VAN-1 are as follows. The ICS network address is determined from the ICS logical terminal of the access control device 110-1 to which the LAN 100-1 is connected.
The S network address is “7711”. The intra-company communication address of one terminal connected to the LAN 100-1 to which the application was made is "0012"
S user address. The inter-company communication address used by the terminal having this address is "2212", and this is the sender ICS user address. Then, the access control device 1 connected to the LAN 100-2 to which the application was made
The ICS network address is determined from the ICS logical terminal 10-5. Here, the ICS network address is set to “9922” and this is set as the incoming ICS network address. Further, the ICS user address of one terminal connected to the LAN 100-2 is set to “0034”, which is set as the receiver ICS user address. The value “1” indicating the company communication service for which the application has been made is set as the request identification, and the above is registered in the conversion table 113-1.

The setting items for VAN-3 are as follows. The value required for the reverse communication (communication from the LAN 100-2 to the LAN 100-1) is set in the conversion table of the access control device 110-5 that connects the LAN 100-2 to which the application has been made. In other words, the reverse data is set for the originating ICS network address and the destination ICS network address, and at the same time, the reverse data is set for the sender ICS user address and the receiver ICS user address. It is assumed that the ICS network address of the LAN 100-2 is “9922” and is the originating ICS network address. In-house ICS of terminal connected to LAN 100-2
The user address “0034” is set as the sender ICS user address, and the ICS user address “0012” of the communication destination terminal is set as the receiver ICS user address. Further, the ICS network address “7711” of the LAN 100-1 is set as the incoming ICS network address, the value of the request identification indicating the intra-enterprise communication service is set to “1”, and this is the request identification. Access control device 1
Write and register in the conversion table of 10-5.

<< Intra-Company Communication Operation >> The terminal having the ICS user address “0012” receives the ICS user frame P1.
Is sent. The sender ICS user address “0012” is set in the ICS user frame P1, and the receiver I
“0034” is set in the CS user address.

Next, a description will be given with reference to the flowchart of FIG. The ICS user frame P1 is transmitted to the access control device 110-1 via the user logical communication line 180-1.
Is forwarded to The access control device 110-1 is a LAN
100-1 originating ICS network address “771
1 "(steps S100, S101) and the received IC
S user frame recipient ICS user address “00”
34, the conversion table 113-1 is referred to, and from the request identification value "1", it is known that this communication is an intra-company communication (step S102), which corresponds to the receiver ICS user address "0034". An incoming ICS network address “9922” is obtained (step S103), and then I
CS encapsulation is performed (step S106). FIG. 12 is a flowchart showing the above procedure, and the intra-company communication is the flow (1) therein. In addition, sender I
The CS user address may be used, for example, to specify the source of the ICS frame.

The access control device 110-1 forms an ICS network frame P2 by ICS encapsulation and transmits it to the relay device 120-1. Since the uniqueness of the ICS network address of the network control unit is guaranteed inside the ICS, it does not collide with other ICS frames. The ICS network frame P2 passes through the relay devices 120-1 and 120-2 based on the destination ICS network address, and reaches the access control device 110-5 of the VAN-3. Access control device 110-
5 removes the network control unit from the ICS network frame P4 and decapsulates the ICS, reproduces the same ICS user frame P5 as the ICS user frame P1 from the network data portion of the ICS frame, and executes LAN encapsulation.
Transfer to 100-2. ICS user frame is LAN
100-2 is routed and transferred to the terminal having the ICS user address “0034”.

<< Preparation for Inter-company Communication >> As an example of the inter-company communication service, the LAN 1 conforming to the address system ADX is used.
ICS user address “001” connected to 00-1
Terminal with 2 "and LAN1 according to address system ADY
ICS user address “115” connected to 00-3
Communication with a terminal having 6 ". LAN 100
-1 and the user of the LAN 100-3 designate a terminal to each of the connected VANs so that communication can be performed via the VAN-1 and VAN-2, and apply to the VAN operator. The VAN operator requests the LAN 10
The necessary items are set in the conversion tables of the access control devices connected to 0-1 and the LAN 100-3.

The setting items for VAN-1 are as follows. The ICS network address of the LAN 100-1 is set to “7711”, and the LAN 1
The intra-company communication address of one terminal connected to 00-1 is "0012", and this is the sender ICS user address. The inter-company communication address assigned to the terminal of this ICS user address is “2212”, and this is the sender ICS user address (between companies). The ICS of the access control device 110-4 connected to the ICS network address of the LAN 100-3 to which the application was made
The ICS network address is determined from the logical terminal. Here, “8822” is used as the incoming ICS network address. The ICS user address of one terminal connected to the LAN 100-3 is set to "1156".
And this is set as the recipient ICS user address. Further, the value “2” indicating the inter-enterprise communication service for which the application has been made is set as the request identification, and the above is registered in the conversion table 113-1.

The setting items relating to VAN-2 are as follows. As a conversion table of the access control device 110-4 to which the LAN 100-3 is connected, a temporary conversion table 114- which holds data in the opposite direction for a certain period, for example, 24 hours.
Set 2. That is, regarding the ICS network address “8822” to which the LAN 100-3 using the communication service between companies is connected, the originating ICS network address, the sender ICS user address, the recipient ICS user address, the terminating ICS network address, the request identification, etc. Is provided in the access control device 110-4. However, the temporary conversion table 114
The timing of setting -2 will be described later. In the above other embodiment, the temporary conversion table 114-2 is not set.

<< Operation of Intercompany Communication >> An ICS user frame having an ICS user address “0012” set to “0012” for the sender ICS user address and “1156” for the receiver ICS user address Send F1. The ICS user frame F1 is transferred to the access control device 110-1 via the user logical communication line 180-1.

The access control device 110-1 is connected to the LAN1
The outgoing ICS network address of “00-1” “771”
1 "(steps S100, S101) and the recipient ICS
Using the user address "1156" and the conversion table 113-
1 to know that the request identification is "2", that is, the inter-company communication service (step S102). Next, the incoming call I corresponding to the receiver ICS user address "1156"
It knows that the CS network address is "8822" (step S104) and replaces the sender ICS user address "0012" with the inter-company communication address "221".
(Step S105) The access control device 110-1 transmits the ICS network address “7”.
711 ”, the sender ICS user address“ 2212 ”,
Recipient ICS user address "1156", incoming ICS
A network control unit is added as a network address “8822” to perform ICS encapsulation, and the ICS is transmitted to the relay device 120-1 as an ICS network frame F2 (step S106). The above procedure corresponds to the flow (2) in the flowchart of FIG.

In the above inter-enterprise communication, when the sender ICS user address in the ICS user frame F1 is set to the inter-enterprise communication address “2212”, the sender and the receiver communicate with each other using the inter-company communication address. Is performed (steps S102 and S104). In this case, the access control device 110-1 transmits the sender ICS user address “22”.
12 "to the inter-company communication address" 2212 "is not required because it becomes unnecessary.
(3) in the flowchart of FIG. The sender IC
The S user address may be used, for example, to specify the source of the ICS frame.

The relay device 120-1 converts the ICS network frame based on the incoming ICS network address into the relay device 120-2 in the VAN-1, the gateway 130 between VANs, and the relay device 120-3 in the VAN-2.
, And is transferred to the access control device 110-4 in the VAN-2. Next, a description will be given with reference to the flowchart of FIG. The access control device 110-4 receives the ICS network frame (step S110), creates an ICS user frame F5 from the network data part (step S111: ICS decapsulation),
The ICS logical terminal to be transmitted is determined from the S network address ((1) in step S112).
-3 (step S113). Calling IC at the same time
S network address “8822” and sender ICS
The relationship between the user address “1156”, the receiver ICS user address “2212”, and the terminating ICS network address “7711” is determined by the access control device 110-4.
If they are not registered in the conversion table inside the
The kind address is set to "2" of the request identification, that is, the designation of the inter-company communication in the temporary conversion table 114-2 (step S).
112 (2)). The setting content of the temporary conversion table 114-2 is updated by performing processing such as deleting it when there is no usage for 24 hours, for example. ICS user frame is LAN1
The packet is routed through 00-3 and transferred to the terminal having the ICS user address "1156". Conversion table 114-
2 is a conversion table 113.
In the case of being divided into "intra-company" and "between companies" as in -1, for example, the sender ICS user address (intra-company)
Is "0023" and the value of the sender ICS user address (between companies) is "1159", the destination address of the user control unit of the ICS user frame immediately after the ICS decapsulation is performed. Of the ICS user frame whose address value is “1159” written in the column of “1159”, the process of rewriting the destination address value of the user control unit of this ICS user frame to “0023” is performed in the above-described step S112 (1). ). To summarize the effects of the above processing, the ICS user address “0023” for intra-company communication is used inside the LAN.
However, for other companies outside the LAN, it can be claimed that the ICS user address for inter-company communication is "1159". In the other embodiment described above, the temporary table 11
Do not set to 4-2. In still another embodiment, the conversion table 113-1 stores the sender ICS user address (in a company).
And does not include the sender ICS user address (between companies)
Further, the flowchart (2) of FIG.
105 is not included. In step S104, the sender ICS user address is not referred. An advantage of this embodiment is that when there are many sender ICS user addresses for one receiver ICS user address, the number of registrations in the conversion table can be reduced to only one receiver ICS user address.

Embodiment 2 (Virtual Private Line): The operation of the virtual private line connection according to the present invention will be described with reference to FIG.
Here, the virtual leased line connection is independent of the ICS user address in the user control unit of the ICS user frame.
Incoming ICS registered with ICS user frame in conversion table
This is communication that is fixedly transferred to a network address,
It takes the form of one-to-one or one-to-N. The components in FIG. 14 are almost the same as those in FIGS. 10 and 11 of the first embodiment, and the difference is the registered contents of the conversion table. In the conversion table of the access control device, the incoming ICS network address is fixedly determined from the outgoing ICS network address, so the sender ICS user address (within a company), the sender ICS user address (between companies), and the recipient ICS user The address is not registered or is ignored even if it is registered.

The company X uses the virtual leased line connection to connect to the access control apparatus 210-1.
A case will be described where communication is performed between the LAN 200-2 of the company X connected to the access control device 210-5.

<< Preparation >> The user applies for a virtual private line connection to the VAN operator. The VAN operator uses the L of company X
Access control device 210-1 for connecting AN 200-1
An ICS network address "7711" of an ICS logical terminal at a connection point between the user logical communication line 240-1 and the access control device 210-5 for connecting the LAN 200-2 of the company X, and the user logical communication line 240 ICS network address “9922” of the ICS logical terminal at the connection point with the 2-2. Next, the VAN operator adds the outgoing ICS network address “7711” and the incoming ICS to the conversion table 213-1 of the access control device 210-1.
The network address “9922” and the request type are set. FIG. 14 shows an example in which the request type “3” is a virtual private line connection. Similarly, the access control device 21
In the conversion table of 0-5, the transmission ICS network address “9922” and the reception ICS network address “77”
11 "and the information of the request type are set.

<< Procedure >> This will be described with reference to the flowchart of FIG. Company X LAN 200-1 is ICS200
To the ICS through the user logical communication line 240-1
The user frame F10 is transmitted. Access control device 2
10-1 is the ICS network address “7711”
ICS user frame F10 is received from the ICS logic terminal (steps S200 and S201), and the conversion table 213 is input.
Reference is made to the request identification value "3" of the originating ICS network address "7711" of "-1" to recognize that it is a virtual leased line connection (step S202), and the destination ICS network address "9922" is read (step S20).
3). Next, the access control device 210-1 adds a network control unit in which the incoming ICS network address is set to “9922” and the outgoing ICS network address is set to “7711” to the ICS user frame F10 to create the ICS network frame F11. (Step S204: ICS encapsulation), the relay device 2
The data is transmitted to 20-1 (step S205). IC
The relay device 22 that has received the S network frame F11
0-1 is the incoming I of the ICS network frame F11
The destination is determined based on the CS network address, and the ICS network frame F is sent to the relay device 220-2.
12 is sent out. ICS network frame F12
Is transferred to the access control device 210-5 via the relay device 220-4 in the VAN-3.

The access control device 210-5 removes the network control unit from the ICS network frame F13 (ICS decapsulation) and replaces the ICS user frame F14 with the ICS network address "992".
2 "ICS logic terminal to user logic communication line 240-
Send to 2. The LAN 200-2 of the company X is I
The CS user frame F14 is received. In the same manner as described above, data can be transmitted from the LAN 200-2 to the LAN 200-1, so that mutual communication is possible. In the above description, since it is clear that the sender and the receiver need not be the same company X, the LAN 200-1 of the other company Y and the LAN 200-
For example, the ICS user frame can be forwarded to the third frame.

In the above description, one-to-one communication has been described as an example, but one-to-N communication is also possible. For example, FIG.
The conversion table 213-1 of the access control device 210-1 of
As indicated by “7712” of the originating ICS network address, a plurality of destination ICS network addresses may be set. In this example, two ICS network addresses “6611” and “8822” are set. Upon receiving the ICS user frame from the ICS logical terminal with the ICS network address of “7712”, the access control device 210-1 adds the first ICS network frame to which the network control unit in which the incoming ICS network address is set to “6611” is added. Then, a second ICS network frame to which a network control unit in which the incoming ICS network address is set to "8822" is created and transmitted to the relay device 220-1. As a result, one-to-two communication can be performed. Further, by transferring individual ICS network frames in the same manner as described above, one-body N communication is possible.

Embodiment 3 (Operation of Integrated Information Communication System): A description will be given with reference to FIGS. ICS1
9000-1 is VAN19010-1, VAN190
20-1, access control device 19300-1, 1931
0-1, 19320-1, 19330-1, relay apparatus 1
9400-1,19410-1,1942-1,19
430-1, Inter-VAN gateway 19490-1. Server device 19500-1,19510-1,19520
-1, 19530-1, and 19540-1. Each server device is assigned an ICS network address, and includes a plurality of ICS network servers inside each server device. These multiple ICS network servers are based on TCP communication protocol and U
It is distinguished by the port number used in the DP communication protocol. Access control devices 19300-1, 19310-
1, 19320-1, and 19330-1 are conversion tables 19301-1, 19311-1, 19321-1,
19331-1, each of which includes a conversion table server 1973
1-1, 19732-1, 19733-1, 19734
-1 and each domain name server 1974
1-1, 19742-1, 19743-1, 19744
-1 and the resource management server 19751-
1,1975-2,19753-1,19754-1
And the relay device 19400-1 is connected to the route information server 19
761-1 and a resource management server 19975-1.
2-1; the relay apparatus 19420-1 includes the path information server 19763-1; the relay apparatus 19430-1 includes the path information server 19764-1;
00-1 is the user service server 19711-1, IC
Server apparatus 195 including the S authority server 19721-1
10-1 includes a general resource management server 19750-1 and a general route information server 19760-1;
9520-1 is a user service server 19712-1,
Server device 1 including ICS authority server 19722-1
9530-1 is an ICS network server 1998 having an ICS user address "1200" and performing an electronic library service.
0-1 and an ICS network server 19981 that provides a travel guidance service with the ICS user address “1300”
-1 and the server device 19540-1 is the integrated ICS
Authority server 19720-1, domain name server 19
740-1, an overall conversion table server 19730-1, and an overall user service server 19710-1.

The access control device, the relay device,
The server device and the gateway between VANs are ICS network communication lines 19040-1, 19041-1, 19042-1,
19043-1 and the like, and can exchange information with each other using the ICS network communication function. The server device is made, for example, by giving a computer an ICS network communication function,
A program for executing a server function runs therein. Reference numeral 19110-1 denotes an FR network, and a conversion unit 19111
-1 and 19112-1 are communication lines of the FR exchange network and I
The interface conversion with the ICS network communication line for transferring the CS network frame is performed, which is the same as that described in the other embodiments. Also, 1
Reference numeral 9900-1 denotes an ATM network, and a conversion unit 19901-1
And 19902-1 describe communication lines and ICs of ATM switching networks.
It performs interface conversion with the ICS network communication line for transferring the S network frame. ICS190
LAN 19600-1, 19601 outside 00-1
-1, 19602-1, 19603-1, 19604
1, 1965-1, and IP terminals 19606-1, 196 having a function of transmitting and receiving an ICS network frame.
07-1 is an embodiment connected.

<< Hierarchical Structure of ICS Network Server >> A description will be given with reference to FIGS. 18 to 23. The general user service server 19710-1 is a user service server 19711-
1, 19712-1 has an upper control right in the sense of giving an instruction or reporting individual information. The upper control right is shown in a tree structure in FIG. 19811-
Reference numeral 1 denotes a communication path for exchanging information between the general user service server 19710-1 and the user service server 19711-1, which comprises an ICS network communication line, a relay device, and the like. General ICS authority server 19720-1, general conversion table server 19730-1, general domain name server 1974
0-1, the general resource management server 19750-1, and the general route information server 19760-1 are the same as shown in FIGS. 19 to 23, respectively. In this embodiment, the server has two tree structures, but the number of access control devices, relay devices, and server devices installed in the ICS may be increased to three or more. The routing information server has a routing table used by the relay device and the access control device with a function of transmitting and receiving inside the ICS. The resource management server is provided with management functions such as grasping the installation state of the relay device, the access control device, and the server device and the failure information.

<< ICS19000- by ICS operator
Operation 1 >> ICS Operator 19960-1 and 19961-
1 gives an instruction such as operation start to the general user service server 19710-1, the general conversion table server 19730-1, the general resource management server 1950-1, and the general route information server 19760-1, or reports individual information. Thus, the operation of the ICS19000-1 can be easily performed.

<< ICS19000- by ICS officials
Management of 1 >> ICS official 19950-1 is the supervising ICS authority server 19720-1, supervising domain name server 197
It is possible to easily manage the addresses and the like used in the ICS19000-1 by giving an instruction such as operation start to 40-1 or reporting individual information.

<< Socket Number and Server >> Each ICS network server has an ICS user address and an ICS network address. Having a number is an added matter to other embodiments. That is, each of the servers is 32
It is identified by a total of 48 bits of ICS network address and 16 bits of port number (this is called a socket number). Each server has an ICS 190
00-1 includes programs each having a unique function, and some servers have an "operation interface" as described later. here,
The “operation interface” is a function for transmitting and receiving commands such as information exchange with an operator via a keyboard or the like, operation of each server function, operation start, and the like. Each server assigns an ICS network address to, for example, an access control device or a relay device, and a plurality of programs inside the devices.
Assign a different port number to (server) and distinguish by socket number. Each server has an ICS network communication function as described in the other embodiments, and can exchange information with each other using the ICS network address and the port number.

<< Registration of User to ICS-1: Inter-Company Communication and ICS Network Server >> A description will be given with reference to FIGS. 16, 17, and 24. Applicant 192 for ICS19000-1
00-1 applies to the ICS receiver 19940-1 for ICS participation (procedure P100). "Application acceptance data" is IC
S user address ICS network address and IC
The ICS usage items excluding the S name are, for example, request identification (intra-company communication, inter-company communication, virtual private line connection, IC
Communication network conditions such as S network server classification), speed class, priority, etc., charging conditions, open connection conditions, fee payment method, user name and address (identification data), signature conditions, encryption conditions, etc. The meaning of the items has been described in other embodiments. The ICS receptionist 19940-1 stores the “application reception data” in the user service server 1971.
1-1 through the “operation interface”
"Application reception data" is stored in the user database 19611-
1 (procedure P110). Next, the user service server 19711-1 requests the ICS authority server 19721-11 for its ICS user address, ICS network address and ICS name using the ICS network communication function (procedure P120). ICS officials 1972
1-1 is an ICS network address assignment record table 19622 holding the requested ICS address and ICS name in the database 19621-1.
1 (FIG. 25), ICS user address assignment record table 1962
3-1 (FIG. 26), the assignment is made (procedure P130), the assignment result is recorded in the assignment table, and the assignment result is returned to the user service server 19711-1 (procedure P).
140). The user service server 19711-11 is
The assignment result obtained from the ICS authority server 19721-1 is
Store in user database 19611-1 (procedure P
150). FIG. 25 shows an example of the ICS network address assignment record table 19622-1. In the first row of the table, the ICS network address “7700” is stored in the ICS logical terminal identification code LT- of the node identification code ACU-1. 0
01 and the assignment destination identification symbol is user-1
The assignment date is an example of April 1, 1998, and it is predetermined that the node identification code ACU-1 indicates the access control device 19300-1. In the third row of the table, the ICS network address “9630” is assigned to the port number “620” of the node identification code SVU-1, the allocation destination identification code is Sv-001, and the allocation date is 98 Is the example of February 1, 2002, and the node identification symbol SVU-1
Indicates the server device 19530-1 in advance.

FIG. 26 shows an example of the ICS user address assignment record table. The first line of the table contains the ICS user address “4610” and the ICS name (also called ICS domain name) “ddl.ccl.bbl”. .Aal.j
"p" is assigned, the value of the request identification is "2", the assignment destination identification symbol is user-1, and the assignment date is April 1, 1998.
It is an example of the day. Further, in the fourth row of the table, the ICS user address “1200” is added to the ICS name “rrl.
qq. pp. jp ", the request identification value is" 4 ", the allocation destination identification code is Sv-001, and the allocation date is February 1, 1998. The user service server 19711-1 is Provide information to the conversion table server 19731-1 via the ICS network communication function so as to write the application content of the use applicant 19200-1 and the acquired ICS network address to the conversion table 1931-1 in the access control device 19300-1. (Procedure P160) The contents to be provided are described in other embodiments, such as the originating ICS network address, sender ICS user address, request identification, speed class, priority, signature condition, encryption condition, and open class. The ICS network address and ICS user address described above have a request identification value of “2”. Ri For enterprise communications originating ICS network address and sender ICS
Register as a user address. If the value of the request identification is “4”, that is, the ICS network server, it is registered as the destination ICS network address and the recipient ICS user address. The conversion table server 19731-1 adds the above content to the conversion table 1931-1 (procedure P170).
. At this point, the incoming ICS network address and the recipient ICS user address are not registered in the conversion table 1931-1, and the "registering of communication partner" described later in the present embodiment.
In the conversion table 19301-1.

Next, the conversion table server 19731-1 executes the IC
It notifies the S domain name server 19641-1 of the ICS network address, ICS user address and ICS name (procedure P180). ICS domain name server 19
741-1 is an internal database 19641-1.
The ICS network address, the ICS user address, and the ICS name received are written and stored (procedure P190).
-1 (procedure P200). Conversion table server 197
31-1 confirms this report (procedure P210), and notifies the user service server 19711- of completion of the series of procedures.
1 (procedure P220), and the user service server 1
9711-1 confirms this report (procedure P230), and notifies the use applicant of the ICS user address and ICS name as the allocation result (procedure P240). Since the ICS network address is used only inside the ICS, the use applicant is not notified. Further, in the case of the ICS network server, that is, when the value of the request identification is “4”, the user service server 19711-1 sends the ICS 1900
It notifies all conversion table servers inside 0-1 and requests registration in the conversion tables of all access control devices.

<< Rewrite Management of Conversion Table by Integrated Conversion Table Server >> Procedures P800 to 960 in the lower part of FIG. 24, FIG.
This will be described with reference to FIGS. The general conversion table server 19730-1 instructs the conversion table server 19731-1 to rewrite the contents of the conversion table 1931-1, for example, the speed class priority, the originating ICS network address, and some or all items of the conversion table. (Procedure P
800), the conversion table server 19731-1 changes the contents of the conversion table 1931-1-1 according to this instruction (procedure P8).
10). Also, the domain name server 19741-1 has an IC
Instruct rewriting of S network address etc. (procedure P
820), the domain name server 19741-1 updates its internal table according to this instruction (procedure P830), and reports the result to the conversion table server 19731-1 (procedure P84).
0), the conversion table server 19731-1 confirms (procedure P8)
50), and report it to the overall conversion table server 19730-1 (procedure P860). Also, the general conversion table server 19730
-1 instructs the user service server 19711-1 to rewrite the contents of the user database 19611-1, for example, the speed class, the ICS network address, and other items (procedure P900). According to this instruction, the contents of the user database 19611-1 are updated (procedure P
910). Further, the ICS authority server 19721-1 returns the unnecessary ICS network address, ICS user address, and ICS name or transmits a new request (procedure P920), and the ICS authority server 19721-1.
Updates the ICS network address assignment record table 19622-1 and the ICS user address assignment record table 19623-1 in accordance with this instruction (procedure P930), and reports the result to the user service server 19711-1 (in order P940). ), User service server 19711-
1 (procedure P950), and the overall conversion table server 197
30-1 (procedure P960).

In the above description, the overall conversion table server 1
9730-1 is the first user service server 197
It is also possible to execute the procedures P900 to P960 by calling 11-1 and secondly invoke the conversion table server 19731-1 to execute the procedures P800 to P860. Because of this, the ICS operator 199
60-1 instructs the general conversion table server 19730-1 to request a rewriting of the contents of the access control table, and thereby a domain name server or an ICS that manages the conversion table inside the access control device and address information associated with the conversion table. By exchanging information with the authority server, it is possible to easily manage the rewriting of the contents of the consistent conversion table, that is, update management of all the conversion tables of the access control device inside the ICS19000-1.

<< User Communication Partner Registration >> This will be described with reference to FIG. Applicant 19200 for ICS19000-1
-1 applies to ICS receiver 19940-1 for communication partner registration with the domain name of the communication partner (procedure P30
0). The ICS receiver 19940-1 receives the domain name of this communication partner (procedure P310), and converts the conversion table server 1973.
1-1 is transmitted (procedure P320). Conversion table server 19
731-1 is a domain name server 19740-1, 197
Information exchange with 42-1 etc. (procedures P330, P331),
ICS corresponding to the domain name of the contacted communication partner
The network address and the ICS user address are acquired, and the contents of the conversion table 1931-1 are updated (procedure P3
40), and report the result (procedures P350, P360). The updated result is shown in a conversion table 1931-2. The obtained ICS network address is the incoming ICS network address, and the ICS user address is the recipient IC.
Each of the S user addresses is registered in a conversion table as shown in FIG. Note that the columns of the ICS network server, the incoming ICS network address, and the recipient ICS user address are left blank.

<< Registration of User to ICS-2: Intra-Company Communication and Virtual Private Line >> A description will be given with reference to FIG. The difference between the intra-company communication and the above-mentioned inter-company communication is that the ICS user address is submitted and the ICS name cannot be used. Therefore, there is no ICS name assigned, and the ICS name is used. Procedure (P180, P19
0, P200). First, the ICS19000-1 user 19200-1
Apply for ICS subscription to ICS receptionist 19940-1
(Procedure P400). The “application reception data” is an ICS usage item excluding the ICS network address and the ICS name. For example, an ICS user address, for example, a request identification (intra-company communication, inter-company communication, virtual private line connection, IC
This is the same as the inter-company communication described above, such as S network server classification), speed class, and priority. As the ICS user address, at least one set of the sender ICS user address and the receiver ICS user address is presented. In the case of a virtual leased line connection, the sender ICS user address and the receiver I
Not presenting the CS user address is different from the case of intra-company communication.

The ICS receiver 19940-1 stores the “application reception data” in the user service server 19711-1.
Is input through the "operation interface", and the "application reception data" is stored in the user database 19611-1 (procedure P410). Next, the user service server 19
The 711-1 requests the ICS authority server 19721-1 for its ICS user address, ICS network address and ICS name using the ICS network communication function.
(Procedure P420). The ICS authority server 19721-1 allocates only the ICS network address in the same manner as the above-mentioned procedure P130 (procedure P430), records the result of the assignment in the above-mentioned assignment table, and returns the result of the assignment to the user service server 19711-1. (Procedure P440). The user service server 19711-1 stores the assignment result obtained from the ICS authority server 19721-1 in the user database 19611-1 (procedure P450). The user service server 19711-1 converts the contents of the application and the acquired ICS network address into the conversion table server 19
7373-1 (procedure P460), the conversion table server 19731-1 registers it in the conversion table 19301 (procedure P460).
370), and report the completion of registration (procedures P480, P49)
5). FIG. 33 shows an example in which intra-company communication and registration of a virtual leased line are performed in the conversion table 19301.

<< Description of Domain Name Server >> Referring to FIG. 34, an example of four layers will be described with reference to FIG. 34 for the procedures P330 and P331 relating to the domain name server. The ICS network address of the internal table 19600-1 of the domain name server for the domain name "root" is "9500", and the domain names "al" and
"A2", "a3",... Exist. For example, the ICS network address where the domain name server handling the domain name "a1" is located is "9610", and the port number is "44".
The ICS network address of the internal table 19610-1 of the domain name server for the domain name "a1" is "9610", and the domain names "bl" and "b2" are subordinate thereto. ”,“ B3 ”
Exists, for example, indicating that the ICS network address where the domain name server handling the domain name “b2” is located is “9720” and the port number is “440”. The ICS network address of the internal table 19620-1 of the domain name server for the domain name "b2" is "9720", and the domain names "c4", "c5", "c6", etc. exist below the ICS network address. However, for example, in the domain name "c5", since the display of the end point column is "YES", no domain name exists below the domain name. In this example, the I name corresponding to the ICS name "c5.b2.al."
CS network address is "9720" and IC
This indicates that the S user address is “4510”. Note that a record of the internal table 19620-1 of the domain name server, that is, a set of data including a combination of the ICS name (ICS domain name), the ICS network address, and the ICS user address "4610" is written in the "name of the domain name server". Resource record ".

<< Calling of Domain Name Server >> Referring to FIG. 38, conversion table server 19630-1 changes domain name servers 19640-1, 19650-1, and 19660-1.
The procedure for calling the ICS network address and the ICS user address corresponding to the domain name "c5.b2.al." Conversion table server 196
30-1 is a resolver 19635- inside the conversion table.
1. Enter the domain name "c5.b2.al." Re
The resolver 19635-1 uses the ICS network communication function to convert the ICS frame 19641-1 containing "al"
When sent to the domain name server 19640-1, an ICS frame 19642-1 including the ICS network address "9610" of the ICS domain name server for "a1" is returned. Next, the resolver 19635-1 sets “b2”
Is sent to the ICS domain name server 19650-1, the ICS network address “972” of the ICS domain name server for “b2” is sent.
An ICS frame 19652-1 containing a "0" is returned.
When the CS frame 19661-1 is sent to the ICS domain name server 19660-1, the ICS network address “9820” of “c5” and the ICS user address “4
An ICS frame 19662-1 containing 520 "is returned. With the above procedure, the conversion table server 19630-
1 is an I corresponding to the domain name “c5.b2.al.”
Acquire the CS network address “9820” and the ICS user address “4520”.

<< Rewriting Conversion Table from IP Terminal >> FIG.
9 and FIG. 40. Domain name "c5.b
2. The ICS user frame including "al."
608-1 to the conversion table server 19731-1
(Procedure P500). The conversion table server 19731-1 inquires of the domain name server (procedure P510), and the domain name server returns the I corresponding to the domain name “c5.b2.al”.
Search and acquire the CS network address “9820” and the ICS user address “4520” (procedure P52
0), when replying to the conversion table server 19731-1 (procedure P53O), the conversion table server writes in the conversion table 1931-1 (procedure P540) and reports it to the IP terminal 19608-1 (procedure P550). In this procedure, the ICS network address “9820” is the destination network address, the ICS user address “4520” is the recipient ICS user address, and FIG. 28 shows a rewritten conversion table. FIG. 28 omits the description contents of the conversion table corresponding to the request identification included in FIG. Next, I
From the P terminal 19608-1, the ICS user frame including the designation to change the speed class to "2" is registered in the conversion table 1931-1X.
-1 (procedure P600). Conversion table server 197
31-1 rewrites the registered contents of the conversion table 1931-1X to the speed class "2" in accordance with the designation (procedure P610).
It reports to P terminal 19608-1 (procedure P620). The conversion table rewritten by this procedure is expressed as 19301-Y
(FIG. 29).

<< Moving Terminal Between Access Control Devices >> IC
As can be seen from the example of the S user address assignment record table 19623-1, the first line of this table indicates that the ICS user address "4610" contains the ICS name (also called the ICS domain name) "dd1.cc1.bb1". .Aa1.j
p ”is assigned, and the ICS user address and ICS
It is characterized by holding a name. For example, IC
Terminal 19608 with S-user address "4610"
-1 (FIG. 16) is moved from the access control device 19300-1 to the access control device 19320-1 (FIG. 17). For example, when a new ICS network address “7821” is assigned to this terminal, the conversion table 19321- 1
Inside the transmission ICS network address "782"
1 and the sender ICS user address "4610" are registered as a pair, in which case the ICS name "dd1. cc1. bb1. aa1. jp ”is I
ICS user address "4610" as specified by CS user address assignment record table 19623-1
And the ICS name is not changed. ICS name inside the domain name server "dd1.c
c1. bb1. aa1. jp ", the ICS network address" 7700 ", and the ICS user address" 46 ".
The resource record including the combination with the ICS name “dd1. cc1. bb1. aa1. jp ”and IC
It is changed to the S network address “7821” and the ICS user address “4610”. That is, ICS
The network address “7700” is replaced by another address “7
821 ”, but the ICS name“ dd1.
cc1. bb1aa1. jp ”and the ICS user address“ 4610 ”are not rewritten.
The ICS user address assignment management table of the S authority server and the resource record of the domain name server hold the ICS user address and the ICS name, and only one of them is not changed. Thus, when the terminal is moved between the access control devices, the ICS user address and the ICS name of the terminal need not be changed. (Another Embodiment: Determination of ICS User Address by User) In the above embodiment, a modification is made so that the user determines the ICS user address. That is, the user (application applicant 19200-1) is
When subscribing to -1, the ICS user address is added. The ICS receiver 19940-1 newly includes the ICS user address in the application reception data. Also,
The ICS authority server 19711-1 stores the I
CS user address to ICS user address assignment table 19
623-1. By the above method, the user can determine his / her own ICS user address by himself and the degree of freedom is improved.

Embodiment 4 (Charging by Authentication Server): This embodiment relates to a method of charging by using an authentication server, and an IP terminal selects an appropriately selected “IP” in an ICS network.
It is used by connecting to an access control device that connects terminals.
Among the access control devices that connect the IP terminals, the IP terminal used as a base is a “home IP terminal”, and the IP terminal used by moving from a home IP terminal to another place, such as being carried to a travel destination, is a “destination IP terminal”. Call. The billing method disclosed in the present invention is characterized in that there is no difference between the home IP terminal and the destination IP terminal.

In the description of this embodiment, a‖b represents data (concatenated data) obtained by arranging data a and data b. The function y = Ei (k, x) is an encryption function or a data compression function. In the case of an encryption function, y is a cipher text, k is an encryption key, and x is data before being compressed. i
Is a function number (i = 1, 2,...) For distinguishing the function from the others.

<< Overall Configuration >> FIGS. 41 and 42 show the overall schematic configuration of a method of charging using the authentication server according to the present embodiment. , 21020-2, 2103
0-2, 21040-2, 21050-2, 21060
-2, relay devices 21080-2, 21081-2, 21
082-2, 21083-2, authentication server 21100-
2, 2101-2, 211102-2, 21103-
2. Domain name server 21130-2, 21131
2, 211132-2, 21133-2, user service server 21250-2, ICS authority server 21260-
2 inclusive. The access control device 21010-2 includes a conversion table 21013-2, a conversion table server 21016-2, and a connection server 21018-2.
020-2 is a conversion table 21023-2, a conversion table 21026
-2, including a connection server 21028. Connection server 210
The ICS user address “6310” is assigned to 18-2 and 21028-2.
2 has a function of connecting an externally used IP terminal to an access control device appropriately selected. Conversion table server 210
16-2 has a function of rewriting the contents of the conversion table 21013-2.
It has a function of rewriting the contents of 23-2. LAN21
150-2 includes a home IP terminal 211151-2;
AN 21160-2 includes an IP terminal 21161-2,
21170-2 is an IP terminal. Destination IP terminal 21
Reference numeral 200-2 denotes the home IP terminal 21115-2 moved to this position. This will be described below with reference to FIG.

<< Application for Using IP Terminal >> IP Terminal 212
The owner of 00-2 is the ICS use applicant 21270-2
And presents the password PW via the user service server 21250-2.
Apply for ICS domain name and ICS user address to 1260-2 (procedure: T10, T20). The ICS authority server 21260-2 uses the only rule inside the ICS 21000-2 to use the IP terminal 21200-2.
A CS domain name “c1, b1.a1.” Is assigned. As a result, the home IP terminal 21115-2 and the destination IP
The terminal 21200-2 is identified by the ICS domain name “c1, b1, a1,” inside the ICS 21000-2. Further, the ICS authority server 21260-
2 is an ICS user address for IP terminal 21200-2 "
1200 "and the ICS domain name" c1, b1,
c1. Expiration date, eg, "1999-12-31"
Is determined. Next, the ICS authority server 21260-2
Domain name of ICS use applicant 21270-2 "c1,
b1, a1 ", the password PW, and the network identifier" B00
1 ", expiration date" 1999-12-31 ", and function number of function Ei used inside IP terminal 21200-2"
By attaching the “i” to the authentication server 21100-2 and requesting writing in the authentication table 21100-3 (procedure: T30), the ICS use applicant 21270 is attached.
-2 is registered.

The result of the writing is shown in the row of the management number 1 in the authentication table 21100-3, and the domain name “c1, b
1, a1. ", Function number" 2 ", password PW value"
224691 ", expiration date" 1999-12-31 ",
This indicates that the value of the network identifier is “B001”.
Next, the ICS authority server sets the domain name server 21130
-2, the ICS domain name “c1, b1, a1.” And the ICS user address “1200” are registered (procedure:
T40).

Next, the ICS receiver 21271-2
The ICS domain name “c1.b1.a1.”, The ICS user address “1200”, and the special ICS user address representing the connection server call source IP terminal (common to the connection server call source) IP address 2120, which is embedded with the ICS user address “6310” of the connection server.
A “function module” that realizes the function of the function Ei is embedded in the inside 210202-2 of 0-2.

<< Setting of communication line via connection server >>
IP terminal 21200-2 is connected to access control device 21020
-2, and the domain name “c1.b1.a1.” Of the IP terminal 21200-2 and the domain name of the communication partner ”
c2. b2. a2. A description will be given of an example of inter-company communication for transmitting and receiving an IP frame to and from the user. b2. a2. “Tg = 5 for designating transmission / reception of IP frame,“ tg ”, own password PW, and designation of destination connection period (TTL
) Is input from the input unit 21204-2. To this end, 2 inside the IP terminal 21200-2
1201-2 and 21202-2 are used. Also,
The IP frame unit 21203-2 is used to generate and transmit / receive an ICS user IP frame, PK02, PK03, PK04, and the like. Next, the IP terminal 21200-
2 generates a user IP frame PK02 and transmits it to the access control device 21020-2 via the ICS user logical communication line 21210-2 (procedure: T50). The user IP frame PK02 has the sender domain name “c1.
b1. a1. ", Recipient domain name" c2. b2. a
2. ", The encryption parameter RP2, and the connection period (represented by TTL).
And data calculated inside the IP terminal 21202-2. In other words, the date “yy-mm-dd-sssss” is generated as the time random number TR (TR = yy-mm-dd-sssss), and the clock inside the IP terminal 21202-2 and the function Ei are used. And R
P2 = Ei (PW, TR) ‖TR is calculated. The access control device 21020-2 uses the ICS user frame P
K02 received and the IC assigned to the ICS logic terminal
The S network address “7800” is obtained, the request identification is “4” from the conversion table 21023-2, and the sender ICS user address written in the ICS user frame PK02 is “1000” (connection server call Source common address), holds the ICS network address “7800”, and, together with the ICS user frame PK02, the receiver ICS user address “631”
0 "to the connection server 21028-2 (procedure:
T60). The ICS network address “7800” held in this procedure is used in a procedure T90 described later.

Next, the connection server 210280-2 has an IC
Using the S network communication function, the domain name "c1.b1.a
1. "And the encryption parameter RP2
-2 (procedure: T70). Authentication server 2110
0-2 reads the value of the password PW and the function number written in the authentication table 21100-3, selects the function Ei, and reads the password PW. Next, the encryption parameter R
Since P2 is such that RP2 = Ei (PW, TR) ‖TR, t = Ei (PW, TR) is calculated using the time random number TR in the latter half of the encryption parameter RP2. If the value of the temporary variable t calculated here matches Ei (PW, TR) in the first half of the received encryption parameter RP2,
It can be confirmed that the password PW input to IP terminal 21200-2 is correct. Since the time function TR includes the date (TR = yy-mm-dd-sssss), if the received date is different from the processing time, it is possible to detect a fraud. Next, the authentication server 21100-2
-2 is written in the authentication table 21100-3 (regularly registered) and the network identifier "B001" is reported to the connection server 21028-2 (procedure: T80).

Next, the connection server 21028-2 sends the domain name “c1.b” to the domain name server 2131-2.
1. a1. And the ICS network address “7800” acquired and held, requesting an ICS user address attached to the domain name,
Acquire the user address “1200” (Procedure: T9
0). At this time, the domain name server 2131-2 is
The domain name “c1.b1.a1.” And the ICS network address “7800” already stored in the procedure T40 already stored are collectively stored. By doing so, for example, the domain name “c1.b1.
a1. When asked for "ICS user address" 1
200 "and ICS network address" 7800 "
Can be answered immediately. Next, the connection server 21028-2 transmits the domain name “c2.b2.a”.
2. "To the domain name server 2131-2.
ICS user address “25” attached to this domain name
00 ”and the ICS network address“ 8200 ”(procedure: T100).

Next, the connection server 21028-2 operates as an IC
ICS network address “7800” of the ICS logic terminal to which the S user frame was input (held in step T60)
ICS user address “1200” acquired from the domain name server immediately before, and ICS user address “25”
00 ", the ICS network address" 8200 ", and the network identifier transmitted from the authentication server 21100-2 to the conversion table server 21026-2 (procedure: T1
10). The conversion table server 2120-6 transmits the 4
The same address is written in the conversion table 21023-2. The value of the request identification is "10", that is, the communication between companies via the connection server. The network identifier (NID) is "B00
The conversion table 2101 also specifies the destination connection period “5” days included in the ICS user frame PK02.
Write to 3-2. Next, the connection server 21028-2
Is a conversion table 21033-2 inside the access control device 21154-2 to which the communication partner IP terminal 21161-2 indicated by the domain name “c2.b2.a2.” Is connected.
Is written in the same manner as described above (procedure: T1).
20). This end report is sent to the access control device 21020.
This is performed by sending the ICS user frame PK03 to the IP terminal 21200-2 via -2 (procedure: T140). Here, the ICS user frame PK0
3 is the domain name "c1.b of the IP terminal 21200-2.
1. a1. "ICS user address accompanying""120
0 "and the communication partner's domain name" c2. b2. a2. "
And the ICS user address "2500" accompanying the

<< Use of IP Terminal >> IP Terminal 21200-
2 is a conversion table 2102 created according to the procedure described above.
By using 3-2, inter-company communication can be performed in the same manner as described in the other embodiments (procedure: T150 to T2).
10). Also, the conversion table server 21026-2, when the destination connection period specification “5” has passed, the conversion table 21023-
The mobile connection written inside 2 can be destroyed.

<< Charge Notification >> Access Control Unit 2102
0-2 notifies the billing server 21100-2 of the communication charge (procedure: T300), and the billing server 21100-2 additionally records it in the billing record column in the authentication table 21100-3. << Detailed description of access method to authentication server >> In the above description, the connection server 21028-2 is the authentication server 211
The domain name "c" is assigned to a plurality of authentication servers including 00-2.
1. b1. a1. To the IP terminal 21200-
Whether the authentication request included in the ICS network frame PK02 generated by the IP terminal 21 is correct,
A method of checking whether the domain name “c1.b1.a1.” Of 200-2 has been registered in the authentication server will be described in detail. FIG. 44 is a diagram showing an embodiment of a "domain name tree" having four levels, in which a root domain name "root" is provided at level 1 of the tree, and a domain name "a1", .. Exist, and, for example, domain names “b1”, “b2”, “b3” of level 3 exist below the domain name “a1”.
Next, for example, the level 4 domain names “c1”, “c2”, “c3”,... Exist below the domain name “b1”.

FIG. 45 shows an internal table 21102-3 of the authentication server 210102-2 handling the domain name "root". For example, a domain server 21101 handling the domain name "a1" under the domain name "root". -2
ICS network address is “7971” and the port number is “710”. FIG.
6 is an authentication server 21101 that handles the domain name “a1”
2 shows an internal table 21101-3. For example, the ICS network address of the domain server 21100-2 that handles the domain name "b1" under the domain name "a1" is "7981", and the port number is "710". It indicates that there is. FIG. 47 shows an internal table 21100-3 of the authentication server 21100-2 handling the domain name "b1". For example, the domain name "c1"
Since the display in the column of the end point of 100-3 is "YES", there is no lower domain name, and in this example, the domain name "c1.b1.a1." Is registered in the authentication server. Password PW “224691”, expiration date ”
98-22-31 "and the like are recorded.

<< Calling of Authentication Server >> Referring to FIG. 48, connection server 21028-2 establishes authentication server 21102.
-2, 21101-2, 21100-2,
A method of checking whether the domain name “c1.b1.a1.” Has been registered in the authentication server will be described. Here, the connection server 21028-2 holds therein the ICS network address of the authentication server that handles the level 1 domain “root” shown in FIG. In the case where communication is frequently performed with authentication servers that handle level 2 and level 3 domains, the ICS network addresses of these authentication servers are also held. Connection server 2102
8-2 inputs the domain name “c1.b1.a1.”, The encryption parameter PR2, and the network identifier “B001” to the internal resolver 21029-2. Resolver 21029-
2 uses the ICS network communication function and uses the domain name "root"
When the ICS frame 21335-2 including the domain name “a1” under “t” and the encryption parameter RP2 is sent to the authentication server 210102-2, the ICS network address “7971 of the authentication server 210101-2 that handles the domain name“ a1 ”is sent. ICS frame containing 21336-2
Reply. Next, when the resolver 21029-2 sends the ICS frame 21345-2 including the domain name “b1” to the authentication server 210101-2, the ICS network address “798” of the authentication server handling the domain name “b1”.
The ICS frame 21346-2 including 1 "is returned.
Next, the resolver 21029-2 outputs the domain name "c1".
ICS frame 21355-2 including
When it is sent to 100-2, since the domain name "c1", in this case, the end point column of 21100-3 is "Yes", it can be determined that the authentication information has been registered. As described above, since “root”, “a1”, and “b1” are processed in this order, the domain names “c1.b1.
a1. It can be seen that the authentication information for "" is registered in the internal table 21100-3.

The authentication server 21100-2 checks the received encryption parameter RP2, and checks the expiration date “1999-12”.
31 ". The authentication server 21100-2 reads the password PW and the value of the function number written in the authentication table 21100-3, and executes the function E
Select i. The encryption parameter RP2 is RP2 = Ei
Since (PW, TR) ‖TR, using the time random number TR in the latter half of the encryption parameter RP2, t = E
i (PW, TR) is calculated. The value of the temporary variable t calculated here is the first half Ei of the received encryption parameter RP2.
If (PW, TR) matches, IP terminal 21200-2
Confirm that the password PW entered in is correct. The above result is reported to the connection server 21028-2. As a result, the connection server 21028-2 knows the authentication result (pass or fail) of the IP terminal. << Detailed Description of Domain Name Server >> In the description of FIG. 43, an example of four layers will be described with reference to FIG. 50 for procedures T90 and T100 relating to the domain name server. The ICS network address of the internal table 19600-2 of the domain name server for the domain name “root” is “95”.
00 ", and domain names" a1 "and" a "
2 ”,“ a3 ”... Exist, for example, the domain name“ a1 ”
This indicates that the ICS network address where the domain name server handling the “<” is located is “9610” and the port number is “440”. The ICS network address of the internal table 19610-2 of the domain name server for the domain name "a1" is "9610", and the domain names "b1", "b2", "b3",. For example, it indicates that the ICS network address where the domain name server handling the domain name “b2” is located is “9720” and the port number is “440”. Internal table 19 of the domain name server for the domain name "b2"
The ICS network address of 620-2 is "972
0 ”, and the domain names“ c4 ”and“ c ”
5 ”,“ c6 ”..., For example, the domain name“ c5 ”
Since the display of the end point column is "Yes", no domain name exists below the end point column. In this example, the ICS name "c5.
b2. a1. The ICS network address corresponding to "" is "9720", and the ICS user address is "45".
10 ". The record of the internal table 19620-2 of the domain name server, that is, the ICS
A set of data including a combination of a name (ICS domain name), an ICS network address, and an ICS user address "4610" is stored in the "
Resource record ".

<< Calling of Domain Name Server >> Referring to FIG. 54, conversion table server 19630-2 sets domain name server 19640-2, 19650-2, 19660-2.
Will be described to search for an ICS network address and an ICS user address corresponding to the domain name “c5.b2.a1.”. Conversion table server 1963
0-2 is a resolver 19635-2 inside this conversion table.
Enter the domain name "c5.b2.a1." The resolver 19635-2 uses the ICS network communication function to perform "a
When the ICS frame 19641-2 including "1" is sent to the ICS domain name server 19640-2, the IC for "a1"
ICS network address of the S domain name server "9
The ICS frame 19642-2 containing “610” is returned.The resolver 19635-2 sends the ICS frame 19651-2 containing “b2” to the ICS domain name server 19650-2, and then the ICS domain for “b2” is sent. An ICS frame 19652-2 containing the ICS network address "9720" of the name server is returned, and the resolver 19635-2 then sends an ICS frame containing "c5".
ICS domain name server 19 with frame 19661-2
When sent to 660-2, an ICS frame 19662-2 including the ICS network "9820" of "c5" and the ICS user address "4520" is returned. Through the above procedure, the conversion table server 19630-2 acquires the ICS network address “9820” and the ICS user address “4520” corresponding to the domain name “c5.b2.a1.”.

<< Another Embodiment of Including Authentication Server in Domain Name Server >> The domain name tree of FIG. 44 targeted by the authentication server 21110-2 is shown in another embodiment and targeted by the domain name server. It has the same structure as the domain name tree. Therefore, each domain server can store the data of the authentication server described in the present embodiment and include the function of the authentication server. In other words, another embodiment of the present invention integrates the authentication server described in the present embodiment with the domain name server described in the other embodiment.

Embodiment-5 (Inter-company communication with ICS name designation): This will be described with reference to FIGS. ICS19
000-2 is VAN19010-2, VAN1902
0-2, access control device 19300-2, 19310
−2, 19320-2, 19330-2, relay device 19
Access control device 19300-2 includes a conversion table 1931-2 and a conversion table server 19731-2. The access control device 19
320-2 is a conversion table 19321-2 and a conversion table server 1
9733-2. Domain name server 19741-2
Is connected to the relay device 19400-2 via the ICS network communication line, and the domain name server 19743-2 is connected to the relay device 19400-2.
410-2 is connected via an ICS network communication line.

The above-described access control device, relay device,
The conversion table server and the domain name server are respectively provided with an ICS network address, and the ICS network communication lines 19040-2, 19041-2, 19042-2, 1
It is the same as that described in the other embodiments that they are connected to each other by using the 9043-2 or the like and can exchange information using the ICS network communication function.

Outside the ICS19000-2, a LAN
19610-2, 19611-2, 19612-2
19613-2, IP terminals 19620-2 and 19621 having a function of transmitting and receiving an ICS network frame
2, 19622-2, 19623-2 are connected. In this embodiment, the IP packet is I
Used as a synonym for CS frame.

<< User Registration >> Along with FIGS. 55 and 56,
The user registration will be described with reference to FIG. User 192
00-2 applies to the VAN 19010-2 for "user registration" via the VAN operator 19940-2 (procedure P100). The VAN operator 19940-2,
The user service server 19711-2 is operated to accept the user's application (procedure P110), and the ICS name and I
CS network address, ICS user address
A request is made to the CS authority server 19721-2 via the ICS network communication line (procedure P120), and the ICS authority server 1972
1-2 is an ICS name or I for user 19200-2.
The CS network address and the ICS user address are assigned (procedure P130), and the result is reported to the user service server 19711-2 (procedure P140).
Maintain names, ICS network addresses, and ICS user addresses in its database 19611-2
(Procedure P150). User service server 19711-2
Is the ICS assigned to user 19200-2
Report the name, ICS network address and ICS user address to the domain name server 19641-2.
(Procedure P160), Domain name server 19641-2
Holds the ICS name and the IP address in its internal table (procedure P170), and reports the completion of the procedure to the user service server 19711-2 (procedure P180). VAN Operator 19940-2
Is the procedure P1 from the user service server 19711-2.
After obtaining the report of No. 80, the user 19200-2 is notified that the user registration procedure has been completed. FIG. 58 conceptually shows how the domain name server 19641-2 holds the ICS name and the IP address. For example, the record of the item No. 3 (the horizontal orchid) has the ICS name “NM3”.
ICS network address corresponding to the IP terminal, i.e., IP terminal 19620-2, is "7720".
This indicates that the CS user address is “4630”. The record of the item number 4 has the ICS name “NM
The ICS network address corresponding to the IP terminal of "4", that is, the IP terminal 19622-2 is "7810".
Indicates that the ICS user address is “4740”.

<< On-line setting of ICS logical communication line >>
55 to FIG. 56 and FIGS.
The online setting of the CS logical communication line will be described. The IP terminal 19620-2 transmits an IP packet 19621-2 including its own ICS name “NM3” and the communication partner ICS name “NM4” to the user service server 19711.
When the address “1100” of the C.-2 is designated and transmitted to the access control device 19300-2 via the user logical communication line (procedure P300), the access control device 19300-
2 is based on the same principle as that described in the other embodiments using the conversion table 1931-2 having the contents shown in FIG.
IC obtained by performing encapsulation and ICS encapsulation
S The internal IP packet is converted to the internal IP address “8100”.
Is transmitted to the user service server 19711-2 specified by (1) (procedure P310). User service server 197
11-2 receives the transmitted ICS internal IP packet, transmits the ICS names “NM3” and “NM4” contained therein to the domain name server 19641-2 (procedure P320), and The ICS network address “7720” and the ICS user address “4630” corresponding to “NM3” are acquired. Similarly, an ICS network address “7810” and an ICS user address “4740” corresponding to the ICS name “NM4” are obtained (procedure P330), and the obtained plural addresses are stored in the user service server 19711-2.
(Procedure P340). If necessary, the domain name server 19641-2 requests another domain name server, for example, 19643-2, to obtain the address. Next, the user service server 19711-2 notifies the conversion table server 19731-2 of the plurality of addresses (procedure P350), and the conversion table server 19731-2 writes the plurality of addresses to the conversion table 1931-2 (procedure P350). P360, procedure P370), and receives a report of the completion of writing (procedure P380, procedure P390). FIG. 60 shows a state of the conversion table 1931-2 before writing, and FIG. 61 shows a state of the conversion table 1931-2 after writing (193).
01-2-1). Further, the user service server 19711-2 notifies the conversion table server 19733-2 of the plurality of addresses (procedure P400), and the conversion table server 19733-2 writes the plurality of addresses in the conversion table 19321-2 (procedure P410). , Procedure P42
0), and receives a report of the completion of writing (procedure P430, procedure P440). FIG. 62 shows a conversion table 19321- before writing.
63 shows the conversion table 19 after writing.
321-2 (1932-12-1) is shown.

<< Communication between IP Terminals >> From the IP terminal 19620-2 having the ICS user address “4630”,
IP terminal 1 having ICS user address "4740"
The IP packet PK1 is transmitted toward 9622-2. The ICS encapsulation is performed in the access control device 19300-2 to become the ICS internal IP packet PK2, and the ICS internal communication lines 19042-2 and 19040-
2 and the like, and reaches the access control device 19320-2, where the ICS is decapsulated to become an IP packet PK3 and reaches the IP terminal 19622-2. In the above procedure, the conversion table 19301-
2-1 is used, and the conversion table 19321 is used for ICS decapsulation inside the access control device 19320-2.
-2-1 is used. However, steps P370 and P42
0 changes to "erase".

<< Online Release of Logical Communication Line >> FIG. 59
In the same order as the online setting of the logical communication line described with reference to, the setting release is requested instead of the setting request. As a result, the contents of the conversion table 19301-2-1 return to the contents of the conversion table 1931-2, and the conversion table 19321-2
The contents of -1 return to the contents of the conversion table 19321-2.

To summarize the above procedure, the IP terminal 196
20-2 designates its own ICS name "NM3" and the ICS name "NM4" of the communication partner IP terminal 19622-2, and specifies the user service server 19711-2, the domain name server 19641-2, and the conversion table server 1973.
1-2, and conversion tables 1931-2 and 193
The contents of 22-2 are rewritten, and the logical communication line is set online between the two IP terminals. Next, 2
An IP packet can be transmitted from one IP terminal to another IP terminal using a logical communication line between two IP terminals. After the end of this communication, the logical communication line between the two IP terminals can be released online.

[0089]

As described above, according to the present invention, it is not necessary to use a high-priced dedicated line, and a high-speed communication line used for moving image communication such as TV is not provided, or a communication line facility is provided. A relatively inexpensive large-scale communication system can be constructed without using the Internet where the person in charge of the expansion plan is absent. In addition, the private address system for computer communication of individual companies (including government agencies, universities, etc.), which had been individually serviced in the past, was hardly changed,
There is an advantage that communication between companies can be performed together with communication within the company.
Furthermore, since the network administrator has the control of the network, management such as troubleshooting of the entire network becomes clear, and reliability is easily secured.
Eavesdropping prevention measures are possible by means of encrypted communication inside the ICS. Further, since the network itself can add an electronic signature to the ICS frame as an option, tampering of the ICS frame can be detected, and information security can be significantly improved. According to the present invention, a single information transfer (transfer of IP datagrams) independent of services such as voice, image, text, etc., enables services that have been conventionally implemented individually such as telephone line services and Internet provider services to be exchanged. , An integrated information communication system connected to the system can be realized.

Although the integrated information communication system of the present invention has a conversion table for address conversion, a procedure is instructed to the conversion table server and written into the conversion tables inside each of the two access control devices of the transmission source and the transmission destination. , ICS logical communication lines are not written in the conversion table, but are written in the domain name server instead, and are written in the conversion table before starting communication. For this reason, the number of preparation steps for writing in the conversion table can be omitted, and the size of the conversion table can be reduced. By reducing the size of the conversion table, the cost of the system can be reduced. In addition, since authentication is performed by the authentication server provided in the integrated information communication system, unauthorized and unauthorized communication line settings can be prevented, and billing between the home IP terminal and the destination IP terminal can be prevented. Since there is no difference depending on the method, there is an advantage that the information can be grasped centrally by the accounting record inside the authentication server.

[Brief description of the drawings]

FIG. 1 is a block diagram schematically showing a basic principle of the present invention.

FIG. 2 is a block diagram illustrating an example of a network in which the ICS of the present invention is configured by a plurality of VANs.

FIG. 3 is a block diagram illustrating a configuration example of an access control device.

FIG. 4 is a block diagram illustrating a configuration example of a relay device.

FIG. 5 is a block diagram illustrating a configuration example of an inter-VAN gateway.

FIG. 6 is a block diagram illustrating a configuration example of an ICS network server.

FIG. 7 is an array diagram showing an example of an ICS user address used in the present invention.

FIG. 8 is a connection diagram showing a connection relationship between an ICS logic terminal and a user communication line.

FIG. 9 shows an ICS user frame and an IC used in the present invention.
FIG. 3 is a diagram illustrating a relationship with an S network frame.

FIG. 10 is a part of a block diagram showing a first embodiment (intra-company communication, inter-company communication) of the present invention.

FIG. 11 is a part of a block configuration diagram showing the first embodiment of the present invention.

FIG. 12 is a flowchart illustrating an operation example of the access control device.

FIG. 13 is a flowchart illustrating an operation example of an access control device in inter-company communication.

FIG. 14 is a block diagram showing a second embodiment (virtual leased line) of the present invention.

FIG. 15 is a flowchart illustrating an operation example of an access control device in a virtual leased line connection.

FIG. 16 is a part of a block diagram showing a third embodiment (operation of the integrated information communication system) of the present invention.

FIG. 17 is a part of a block diagram showing a third embodiment (operation of the integrated information communication system) of the present invention.

FIG. 18 is a diagram for explaining the third embodiment.

FIG. 19 is a diagram for explaining the third embodiment.

FIG. 20 is a diagram illustrating a third embodiment.

FIG. 21 is a diagram for explaining a third embodiment.

FIG. 22 is a diagram illustrating a third embodiment.

FIG. 23 is a diagram for explaining the third embodiment.

FIG. 24 is a diagram for explaining the third embodiment.

FIG. 25 is a diagram showing an example of an ICS network address assignment record table used in the third embodiment.

FIG. 26 is a diagram showing an example of an ICS user address assignment record table used in the third embodiment.

FIG. 27 is a diagram illustrating an example of a conversion table used in the third embodiment.

FIG. 28 is a diagram illustrating an example of a conversion table used in the third embodiment.

FIG. 29 is a diagram illustrating an example of a conversion table used in the third embodiment.

FIG. 30 is a procedure diagram for explaining the third embodiment.

FIG. 31 is a diagram illustrating an example of a conversion table used in the third embodiment.

FIG. 32 is a procedure diagram for explaining the third embodiment.

FIG. 33 is a diagram showing an example of a conversion table used in the third embodiment.

FIG. 34 is a diagram illustrating a domain name server.

FIG. 35 is a diagram illustrating a domain name server.

FIG. 36 is a diagram for explaining a domain name server.

FIG. 37 is a diagram illustrating a domain name server.

FIG. 38 is a diagram for explaining calling of a domain name server.

FIG. 39 is a diagram for describing rewriting of a conversion table from an IP terminal.

FIG. 40 is a diagram for describing rewriting of a conversion table from an IP terminal.

FIG. 41 is a part of a block diagram showing a fourth embodiment (billing by an authentication server) of the present invention.

FIG. 42 is a part of a block diagram showing a fourth embodiment (billing by an authentication server) of the present invention.

FIG. 43 is a time chart for explaining a fourth embodiment of the present invention.

FIG. 44 is a diagram for explaining a method of accessing the authentication server in the fourth embodiment.

FIG. 45 is a diagram for explaining the fourth embodiment.

FIG. 46 is a diagram for explaining the fourth embodiment.

FIG. 47 is a diagram for explaining the fourth embodiment.

FIG. 48 is a diagram illustrating a call of the authentication server in the fourth embodiment.

FIG. 49 is a diagram illustrating a call of the authentication server in the fourth embodiment.

FIG. 50 is a diagram illustrating a domain server according to a fourth embodiment.

FIG. 51 is a diagram illustrating a domain server according to a fourth embodiment.

FIG. 52 is a diagram illustrating a domain server according to a fourth embodiment.

FIG. 53 is a diagram illustrating a domain server according to a fourth embodiment.

FIG. 54 is a diagram for describing calling of a domain server in the fourth embodiment.

FIG. 55 is a part of a configuration diagram showing a fifth embodiment (inter-company communication designated by an ICS name) of the present invention;

FIG. 56 is a part of a configuration diagram showing a fifth embodiment (inter-company communication designated by an ICS name) of the present invention;

FIG. 57 is a diagram for describing user registration in the fifth embodiment.

FIG. 58: Domain name server is ICS name, IP
FIG. 6 is a diagram illustrating a state in which an address is held.

FIG. 59 is a diagram for describing online setting of an ICS logical communication line.

FIG. 60 is a diagram for explaining online setting of an ICS logical communication line.

FIG. 61 is a diagram for explaining online setting of an ICS logical communication line.

FIG. 62 is a diagram for describing online setting of an ICS logical communication line.

FIG. 63 is a diagram for explaining online setting of an ICS logical communication line.

FIG. 64 is a block diagram for explaining a conventional LAN network.

FIG. 65 is a diagram showing a form example of the Internet.

FIG. 66 is a diagram illustrating an IP frame defined by RFC791.

FIG. 67 is a diagram showing an IP frame defined by RFC1883.

[Explanation of symbols]

 1, 100 Integrated information communication system (ICS) 2, 3, 4, 5, 10 Access control device 20 Relay device 30 Gateway between VAN 40 ICS network server 50 ICS network address management server 60 User physical communication line

Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat II (Reference) H04L 12/66 F term (Reference) 5B089 GA11 HA01 HA06 KA15 KA16 KB12 KB13 KG08 KH03 5K030 GA11 GA20 HA08 HB08 HC01 HD06 HD09 JT02 KA05 LB18 5K033 AA04 AA08 BA04 CB09 DA06 EC04

Claims (8)

[Claims] An ICS user frame having a unique ICS user address system ADX is converted into an ICS network frame having an address system ADS based on the management of a conversion table in the access control device, and at least one built-in ICS network frame is provided. Is transmitted in accordance with the rules of the address system ADS, and when it reaches another target access control device, the ICS is managed based on the conversion table.
In an integrated information communication system that is converted into a user address system ADX and reaches another external information communication device, an authentication server and a connection server are provided inside the integrated information communication system, and a system is provided by the authentication server. An integrated information communication system, wherein usage fee is charged. 2. The IP terminal of the integrated information communication system,
ICS domain name, ICS user address,
Including a connection server caller common address and a function module, when the IP terminal performs communication, receives a check as to whether or not the authentication server has been registered in the integrated information communication system via the connection server, and registers If it is already set, an address or the like for performing communication between the two IP terminals is set in a conversion table inside the access control device connected to each of the corresponding IP terminal and the communication partner IP terminal. 2. The integrated information communication system according to claim 1, wherein communication is performed by: 3. The integrated information communication system according to claim 2, wherein the authentication server is included in a server having the ICS domain name. 4. The integrated information communication system according to claim 2, wherein said IP terminal is a home IP terminal. 5. The integrated information communication system according to claim 2, wherein said IP terminal is a destination IP terminal. 6. The integrated information communication system includes a billing server, the access control device notifies the billing server of a communication fee, and the billing server records the billing in a billing record column in an authentication table. The integrated information communication system according to claim 2, wherein 7. An ICS user frame having a unique ICS user address system ADX is converted into an ICS network frame having an address system ADS based on the management of a conversion table in the access control device, and at least one built-in ICS network frame is provided. Is transmitted in accordance with the rules of the address system ADS, and when it reaches another target access control device, the ICS is managed based on the conversion table.
In an integrated information communication system which is converted to a user address system ADX and reaches another external information communication device, an IP terminal designates its own ICS name and the ICS name of a communication partner to provide a user service. Requesting a server, domain name server, conversion table, etc., rewrites the conversion table in the access control device of the transmission source and the conversion table in the access control of the communication destination, and performs logical communication between the two IP terminals A line is set online, an IP packet is transmitted from one to the other IP terminal between the two IP terminals using the logical communication line, and after the communication is completed, the logical communication line between the two IP terminals can be released online. An integrated information communication system characterized in that: 8. The integrated information communication system according to claim 7, wherein said access control device performs ICS encapsulation and ICS decapsulation using said conversion table.