Integrated information communication system using conversion table to convert an external packet into an internal packet by embedding a header
First Claim
1. An integrated information communication system, comprising:
- a first access control apparatus for receiving an external packet via an external communication line and for converting the external packet into an internal packet by assigning the external packet with a simple header based on a conversion table in said access control apparatus, whereinsaid external packet includes an external source address and an external destination address,said simple header includes an internal destination address and an information section;
a network for transferring the internal packet to a second access control apparatus associated to said internal destination address,wherein when a set of three addresses comprising a source internal address assigned to a logic terminal of a communication line termination receiving said external packet, the external destination address of said received external packet and the external source address of the received external packet is registered as a record in the conversion table of said first access control apparatus, said external packet is converted into said internal packet.
2 Assignments
0 Petitions
Accused Products
Abstract
An integrated information communication system capable of improving information security is provided, in which an IP packet is detected which is sent from an external area toward either an operation management server or a relay apparatus, the detected IP packet is not entered inside the integrated information communication system in order to reduce such a chance that the operation management server and the relay apparatus are unfairly attacked. Also, such an IP packet is detected and discarded, which violates an address application rule established so as to keep secret of a communication company network. An address which is applied to either an operation management server or a relay apparatus employed in the integrated information communication system is sectioned, or classified as an “address which is not opened outside network” with respect to an external area of the communication system. A packet filter is installed in an address control apparatus.
47 Citations
11 Claims
-
1. An integrated information communication system, comprising:
-
a first access control apparatus for receiving an external packet via an external communication line and for converting the external packet into an internal packet by assigning the external packet with a simple header based on a conversion table in said access control apparatus, wherein said external packet includes an external source address and an external destination address, said simple header includes an internal destination address and an information section; a network for transferring the internal packet to a second access control apparatus associated to said internal destination address, wherein when a set of three addresses comprising a source internal address assigned to a logic terminal of a communication line termination receiving said external packet, the external destination address of said received external packet and the external source address of the received external packet is registered as a record in the conversion table of said first access control apparatus, said external packet is converted into said internal packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An integrated information communication system comprising:
-
a first access control apparatus for receiving an external packet via an external communication line and for converting the external packet into an internal packet by assigning the external packet with a simple header based on a conversion table in said access control apparatus, wherein said external packet includes an external source address and an external destination address, said simple header includes an internal destination address and an information section; a network for transferring the internal packet to a second access control apparatus associated to said internal destination address, wherein when a set of three addresses comprising a source internal address assigned to a logic terminal of a communication line termination receiving said external packet, the external destination address of said received external packet and the external source address of the received external packet is registered as a record in the conversion table of said first access control apparatus, is said external packet converted into said internal packet wherein the record further comprises an address mask, and wherein said external packet is converted into said internal packet if a logical product of the mask and the external destination address of the received packet coincides with the external destination address in the record.
-
-
10. An IP communication system for transferring IP packets with priority control by using a destination port number, wherein:
-
an IP network is constructed by connecting plural access control apparatus via communication lines; each of said access control apparatus has plural logical terminals and a conversion table, and said conversion table includes a port table, an access control apparatus AC1 includes a conversion table H1, an access control apparatus AC2 includes a conversion table H2, and a port table in said conversion table H2 includes a combination of a receiver priority and a destination port number, a terminal T1 is connected to a logical terminal LP1 of said access control apparatus AC1 via a communication line L1, and a terminal T2 is connected to a logical terminal LP2 of said access control apparatus AC2 via a communication line L2, said terminal T1 sends an external IP packet to said communication line L1l, said external IP packet is inputted to said access control apparatus AC1 from said logical terminal LP1, said access control apparatus AC1 obtains an internal destination address 2, with reference to said conversion table H1, based on both a destination external IP address in said external IP packet and a discrimination information for discriminating said logical terminal LP1, said access control apparatus AC1 forms an internal IP packet including said external IP packet and said internal destination address 2 as its destination address, and said access control apparatus AC1 sends said internal IP packet to said access control apparatus AC2, when said access control apparatus AC2 receives said internal IP packet, said access control apparatus AC2 references a pair of a receiver priority and a destination port number of a port table in said conversion table H2, and said access control apparatus AC2 judges whether said destination port number coincides with a destination port number included in said external IP packet in said internal IP packet or not, in a case that said destination port number does not coincide with said destination port number included in said external IP packet, said access control apparatus AC2 discards said internal IP packet including said external IP packet, in a case that said destination port number coincides with said destination port number included in said external IP packet, said access control apparatus AC2 decides an order to send said internal IP packet from said logical terminal LP2 in accordance with said receiver priority, and whereby said access control apparatus AC2 restores said external IP packet from said internal IP packet, and said restored external IP packet is sent to said terminal T2 via logical terminal LP2 and said communication line L2.
-
-
11. An IP communication system for transferring IP packets with priority control by using a destination port number, wherein:
-
an IP network is constructed by connecting plural access control apparatus via communication lines, each of said access control apparatus has plural logical terminals and a conversion table, and said conversion table includes a port table, an access control apparatus AC1 includes a conversion table H1, an access control apparatus AC2 includes a conversion table H2, and a port table in said conversion table H1 includes a combination of a sender priority and a destination port number, a terminal T1 is connected to a logical terminal LP1 of said access control apparatus AC1 via a communication line Li, and a terminal T2 is connected to a logical terminal LP2 of said access control apparatus AC2 via a communication line L2, said terminal T1 sends an external IP packet to said communication line L1, said external IP packet is inputted to said access control apparatus AC1 from said logical terminal LP1, said access control apparatus AC1 obtains an internal destination address 2, with reference to said conversion table H1, based on both a destination external IP address in said external IP packet and a discrimination information for discriminating said logical terminal LP1, said access control apparatus AC1 references a pair of a sender priority and a destination port number of a port table in said conversion table H1, and said access control apparatus AC1 judges whether said destination port number coincides with a destination port number included in said external IP packet, in a case that said destination port number does not coincide with said destination port number included in said external IP packet, said access control apparatus AC1 discards said external IP packet, in a case that said destination port number coincides with said destination port number included in said external IP packet, said access control apparatus AC1 forms an internal IP packet including said external IP packet and said internal destination address 2 as its destination address, and said access control apparatus AC1 decides an order to send said internal IP packet to said access control apparatus AC2 in accordance with said sender priority, and whereby said access control apparatus AC1 sends said formed internal IP packet to said access control apparatus AC2, said access control apparatus AC2 restores said external IP packet from said internal IP packet, and said restored external IP packet is sent to said terminal T2 via logical terminal LP2 and said communication line L2.
-
Specification