Integrated information communication system
2 Assignments
0 Petitions
Accused Products
Abstract
An integrated information communication system capable of improving information security is provided, in which an IP packet is detected which is sent from an external area toward either an operation management server or a relay apparatus, the detected IP packet is not entered inside the integrated information communication system in order to reduce such a chance that the operation management server and the relay apparatus are unfairly attacked. Also, such an IP packet is detected and discarded, which violates an address application rule established so as to keep secret of a communication company network. An address which is applied to either an operation management server or a relay apparatus employed in the integrated information communication system is sectioned, or classified as an “address which is not opened outside network” with respect to an external area of the communication system. A packet filter is installed in an address control apparatus.
-
Citations
31 Claims
-
1-3. -3. (canceled)
-
4. An integrated information communication system, comprising:
-
a first access control apparatus for receiving an external packet via an external communication line and for converting the external packet into an internal packet by assigning the external packet with a simple header based on a conversion table in said access control apparatus, wherein said external packet includes an external source address and an external destination address, said simple header includes an internal destination address and an information section;
a network for transferring the internal packet to a second access control apparatus associated to said internal destination address;
wherein when a set of three addresses comprising a source internal address assigned to a logic terminal of a communication line termination receiving said external packet, the external destination address of said received external packet and the external source address of the received external packet is registered as a record in the conversion table of said first access control apparatus, said external packet is converted into said internal packet. - View Dependent Claims (6, 10, 11, 12, 14, 15, 16)
-
-
5. (canceled)
-
7. An integrated information communication system comprising:
-
a first access control apparatus for receiving an external packet via an external communication line and for converting the external packet into an internal packet by assigning the external packet with a simple header based on a conversion table in said access control apparatus, wherein said external packet includes an external source address and an external destination address, said simple header includes an internal destination address and an information section;
a network for transferring the internal packet to a second access control apparatus associated to said internal destination address, wherein when a set of three addresses comprising a source internal address assigned to a logic terminal of a communication line termination receiving said external packet, the external destination address of said received external packet and the external source address of the received external packet is registered as a record in the conversion table of said first access control apparatus, is said external packet converted into said internal packet wherein the record further comprises an address mask, and wherein said external packet is converted into said internal packet if a logical product of the mask and the external destination address of the received packet coincides with the external destination address in the record.
-
-
8-9. -9. (canceled)
-
13. (canceled)
-
17. An IP network, wherein
said IP network has access control apparatus, said access control apparatus includes a conversion table which controls conversions from an external packet to an internal packet and from the internal packet to the external packet, said conversion table includes plural records, a terminal address at a destination side is registered as an external destination address item in the record, and only when a destination address is non-private address, the internal packet is transferred in said IP network by regarding the external packet as the internal packet.
-
18. An IP network, wherein
said IP network has access control apparatus, said access control apparatus includes a conversion table which controls conversions from an external packet to an internal packet and from the internal packet to the external packet, said conversion table includes plural records, wherein each record comprises at least one of a source transmitting permission field and a destination transmitting permission field for indicating if transmitting of the internal packet associated with said record is permitted or not, and wherein charging of said IP network is carried out by designating any one of the source transmitting permission and the destination transmitting permission in the record.
-
19. An IP network, wherein
said IP network has access control apparatus, said access control apparatus includes a conversion table which controls conversions from an external packet to an internal packet and from the internal packet to the external packet, said conversion table includes plural records, wherein each record comprises a source receiving permission field for indicating if receiving of the internal packet associated with said record is permitted or not, and wherein charging of said IP network is carried out by designating the source receiving permission in the record.
-
20-22. -22. (canceled)
-
23. An integrated information communication system for transferring IP packets, comprising:
-
a first access control apparatus having a first logic terminal with a first internal address;
a second access control apparatus having a second logic terminal with a second internal address;
a router for transmitting from the first to the second access control apparatus an internal packet having an internal destination address equal to the second internal address;
whereinthe first access control apparatus comprises a table having a first record that includes;
the second internal address; and
a first external destination address;
the first access control apparatus being provided for receiving on the first logic terminal an IP packet comprising an external IP destination address, and for transforming the IP packet into an internal packet having an internal destination address equal to the second internal address if the external IP destination address matches the first external destination address. - View Dependent Claims (24, 25, 26)
-
-
27. An integrated information communication system for transferring IP packets, comprising:
-
a first access control apparatus having a first logic terminal with a first internal address;
a second access control apparatus having a second logic terminal with a second internal address;
a router for transmitting from the first to the second access control apparatus an internal packet having an internal destination address equal to the second internal address;
whereinthe first access control apparatus comprises a table having a first record that includes;
a first mask;
a first external source address; and
the second internal address;
the first access control apparatus being provided for receiving on the first logic terminal an IP packet comprising an external IP source address, and for transforming the IP packet into an internal packet having an internal destination address equal to the second internal address if a logical product of the first mask and the external IP source address coincides with the first external source address. - View Dependent Claims (28, 29)
-
-
30. An integrated information communication system, comprising:
-
a first access control apparatus having a first logic terminal with a first internal address, said first access control apparatus being provided for receiving external packets from said first logic terminal;
a second access control apparatus having a second logic terminal with a second internal address, said second access control apparatus being provided for transmitting external packets from said second logic terminal;
a router for transmitting from the first to the second access control apparatus an internal packet having an internal destination address equal to the second internal address;
whereinthe first access control apparatus comprises a table having a at least a record that includes;
said first internal address, an internal destination address equal to said second internal address, a first external source address, a first external destination address and a request identification field having a value indicating a private address communication, if private address communication is to take place via said first logic terminal toward said second logic terminal;
orsaid first internal address, at least one of a second external source address and a second external destination address, and a request identification field having a value indicating a non-private address communication, if non-private address communication is to take place from said second external source address via said first logic terminal, or via said first logic terminal toward said second external destination address;
said first access control apparatus being provided for, when an external packet is received from said first logic terminal;
if said at least one record has a request identification field indicative of a private address communication, determining if both an external source address and an external destination address contained in said external packet correspond to said first external source address and said first external destination address, and if so, converting said external packet into an internal packet by employing said first and second internal addresses; and
if said at least one record has a request identification field indicative of a non-private address communication, determining if an external source address contained in said external packet corresponds to said second external source address or if an external destination address contained in said external packet corresponds to said second external destination address, and if so, using said external packet directly as an internal packet;
said first access control apparatus being provided for transferring the internal packet via said router to said second access control apparatus;
the system comprising a packet filter for detecting and discarding packets having an external destination address outside a predetermined range. - View Dependent Claims (31)
-
Specification