This application claims priority to Japanese Patent Application No. 2013-232790 filed on Nov. 11, 2013. The entire disclosure of Japanese Patent Application No. 2013-232790 is hereby incorporated herein by reference.
1. Technical Field
The present invention relates to a communication control server, a service providing system, and service providing method.
2. Related Art
One LAN (Local Area Network) is built among a plurality of terminals by connecting and making the plurality of terminals communicable in order to realize a certain work or a service. Also, corresponding to L3 address of L3 packet which is input, a network relaying device (L3 switch) to determine VLAN (virtual LAN) of a transmission destination has been well known (please see Japanese Laid Open Publication No. 2006-128803).
There is a chance that a user of a terminal belonging to a certain LAN thinks wanting to belong to a different LAN at the same time. In this case, a configuration such as one in
Also, in a conventional configuration like this, physical restrictions are so strong. In other words, if the plurality of groups 5, 6 exist in a same building, it is possible to make the terminal 2b belong to each of the plurality of groups 5, 6 by handling a cable. However, if the plurality of groups 5, 6 exist in remote places to each other, it is impossible to connect the terminal 2b to the plurality of groups 5, 6 as show in
The objectives of the present invention is to solve at least one of the problems mentioned above, and to provide the communication control server and the service providing system in order to release the user of the terminal from the physical restriction or a requirement regarding a hardware such as the network cards and the cable which are mentioned above, in order to make it easy for the terminal to belong each of the groups corresponding to each of the services via the Internet, and in order to guarantee security of the communication.
One arrangement of the invention is a communication control server which controls communication via a communication network including Internet, and includes an information holding part configured to hold terminal registration information regulating groups built for a plurality of services, respectively, which are provided within the communication network by a plurality of service providing servers, the terminal registration information associating the groups with terminals which belong to the groups, and a communication control part configured to relay communication between the terminals and communication between the terminals and the service providing servers. The communication control part is further configured to permit communication between the terminals belonging to a common group and communication between the terminals and the service providing servers belonging to the common group, and prohibit communication between the terminals belonging to different groups and communication between the terminals and the service providing servers belonging to the different groups, by referring to the terminal registration information.
With the configuration, of the terminal, relationship of belonging with group (one group or the plurality of the groups) which is built for each of the plurality of the services is administrated by the communication control server. Thus, the terminal is released from the physical restrictions regarding the above mentioned cable or the network card, as long as being connected to the Internet, and receives each of the services by the server for providing the service corresponding to each of the group to which the terminal belongs, and can communicate with another terminal belonging to each of the group. The group like this can be considered as an individual network for each of the groups which is virtually built in the Internet and include the server for the service corresponding to each of the groups and the terminal belonging to the group. Also, because the communication with the terminal which belongs to the different group and the communication with the server for providing the service corresponding to the group to which itself does not belong are prohibited, closed security in the group is guaranteed.
In one of the arrangements of the invention, the information holding part is configured to hold the terminal registration information by corresponding with the groups identification information which the service providing servers allot to the terminals which belong to the groups which the service providing servers correspond to. According to the configuration, the terminal can perform the communication with the server for providing the service and the communication with the terminal belonging to the same group, by using the identification information which the service providing server corresponding to the group to which itself belongs allocates.
In one arrangement of the invention, the communication control server further includes a change processing part configured to change corresponding relationship between the terminals and the groups which the terminal registration information regulates. The communication control part is further configured to relay the communication between the terminals and the communication between the terminals and the service providing servers by referring to the terminal registration information after being changed. According to the configuration, the corresponding relationship between the terminal and the group (one group or the plurality of groups) can be arbitrarily changed. In other words, it is possible to set freely by leaving from the physical restriction or the requirement regarding the network card or the cable as mentioned above.
A technological idea of the invention is not limited to the above mentioned communication control server, but other things, methods, or computer programs, as well as computer readable media, which are realized in various categories. Also, it is possible to recognize of a system of the invention including partially the communication control server, and an example of this includes a plurality of service providing servers configured to provide particular services within a communication network including the Internet, and a communication control server configured to control communication using the communication network. The service providing servers includes an identification information allotting part configured to allot identification information for identifying terminals to the terminals belonging to groups, the groups being built for the services to be provided, respectively. The communication control server includes an information holding part configured to hold terminal registration information regulating the groups which correspond to the plurality of service providing servers, the terminal registration information associating the groups with the identification information of the terminals belonging to the groups, and a communication control part configured to relay communication between the terminals and communication between the terminals and the service providing servers. The communication control part is further configured to permit communication between the terminals belonging to a common group and the communication between the terminals and the service providing servers belonging to the common group, and prohibit communication between the terminals belonging to different groups and communication between the terminals and the service providing servers belonging to the different groups, by referring to the terminal registration information.
Referring now to the attached drawings which form a part of this original disclosure:
Hereinbelow, embodiments of the present invention are explained by referring to drawings.
Each of the servers 30, 40, 50, . . . is a server for providing the service, and the each provides particular service by using the communication network including the Internet IN to the user. “Service” in the present specification can be free of charge or subject to fees. Also, providing to employees a network and information necessary for work of companies or the like is a kind of the service. For example, the server for providing the service functions only in providing to the employee (user) of a particular part of a company a network and information necessary for implementing work of the particular part. Hereinafter, for convenience, a service which a server 30 provides is a service A, a service which a server 40 provides is a service B, and a service which a server 50 provides is a service C.
The communication control server 60 holds each group built for each of the plurality of services (service A, B, C) and a terminal registration information (information holding part 12) which regulates information with the terminal (terminal that the user uses), and controls (relays) the communication between terminals and communication between the terminal and the servers 30, 40, 50, . . . , by referring to the terminal registration information (communication control part 13). The communication control server 60 is configured between the servers 30, 40, 50, . . . and a tunnel router 70. Hereinbelow, the group of the terminal which is built corresponding to one service is called a service group. Also, the group which corresponds to the service A is called service A group, the group which corresponds to the service B is called service B group, and the group which corresponds to the service C is called service C.
The service providing system 10 is connected to the Internet IN via the tunnel router 70. Also, the plurality of terminals (terminals a, b, c, . . . ) which the user uses is connected to the Internet IN via broadband routers (router 80, 81, 82, . . . ) configured at a home, an office, or the like. Needless to say, it is fine that the LAN is prepared for the plurality of terminals, which are connected to the plurality of the routers 80, 81, 82, . . . , for each of the routers 80, 81, 82, . . . . For example, smartphones, tablet type terminals, desk top type or lap top type personal computers (PC) or the like, printers, scanners, facsimile, and combined devices of these, various devices having network functions can be considered as the terminals a, b, c, . . . .
Each configuration in the service providing system 10 as shown in
The server which provides the above mentioned service can exist outside the service providing system 10. For example, the service providing system 10 is connected to an external server 41 (
The identification information is assigned from the servers 30, 40, and 50 . . . to which the service group corresponds, as the terminals a, b, c, . . . belong to at least one of the service groups. In other words, each of the servers 30, 40, 50, . . . includes the identification information allotting part 11 which allots to the terminal belonging (demanding to belong) to the service group, that corresponds, the identification information identifying the terminal. Here, the identification information which is allotted is IP address (for example, IP v6 address). The allotting the IP address is realized by automatic allotting the IP address using DHCP (Dynamic Host Configuration Protocol) or by automatically allotting the IP address using RA (Router Advertisement). For example, in using the RA, the terminal a demanding to join the service A group receives a RA message from the server for providing the service A, and the IP address is allotted to the terminal a by automatically generating the IP address from the RA and a MAC address of itself. In case of the DHCP, the terminal a demanding to join the service A group, inquiry of the IP address necessary to join the service A group is transmitted by broadcasting. For this inquiry, each of the servers 30, 40, 50, . . . receives, the server 30 corresponding to the service A group of this replies to the terminal a, and the terminal a notifies candidates of the IP address which is usable. Thereafter, the server 30 allots to the terminal a one of IP address which has not been allotted at that time among the IP addresses in a settable range being determined beforehand by performing the communication between the server 30 and the terminal to follow the sequence of the DHCP. The terminal a sets to itself the IP address (for example 3000:0:0:1::10) being necessary to join the service A group being allotted like this.
Likewise, the IP address being necessary to join the service B group is allotted from the server 40 corresponding to the service B group to the terminal b which demands to join the service B group. Below, the terminal a has set the IP address (3000:0:0:1::10) being necessary for joining the service A group, the terminal b has set the IP address (3000:0:0:2::10) being necessary for joining the service B group and the IP address (3000:0:0:3::10) being necessary for joining the service C group, and the terminal c has set the IP address (3000:0:0:3::11) being necessary for joining the service C group. The communication control server 60 (information holding part 12) holds the terminal registration information by corresponding the identification information including the IP address with each of the service groups in the service providing system 10.
Likewise, in the example of the table T, identification information “d”, “e”, “f” of terminals d, e, f (each not shown in
In the present embodiment, the communication of the tunnel router 70 of the service providing system 10 and each of the terminals a, b, c . . . via the internet IN is implemented by tunneling. Tunneling is a technology, by building a virtual path (tunnel) between two for communication, which makes the communication possible, although a network (for example, a network provided by a different internet service provider (ISP)) with an address system or a communication protocol between the two. VPN (Virtual Private Network) or IPsec (Security Architecture of Internet Protocol) is well known for the technology to build the tunnel. For example, when data (IP packet) are sent to a tunnel a from the server 30, the tunnel router 70, which is an entrance of the tunnel, recognizes IPv6 address of the server 30 as a transmission origin and adds a header which designates a global address (IPv4 address) of a router (router 80) of a recipient to a IP packet for which IPv6 address of the terminal is made as a transmission destination. And the IP packet following the head is sent to the router 80 via the Internet IN. When the IP packet is received, the router 80 transmits the IP packet without the header to the original transmission destination (IPv6 address of the transmission destination; namely terminal a). By the tunneling like this, the communication can be implemented by using IPv6 address via a network of IPv4 address system.
In step S140, the communication control part 13 following the confirmation at step S120 most recently, passes (permits) the communication as is, when the communication is between the terminals belonging to the common service group, or the communication between the terminal and the server to which the service group to which the terminal belongs corresponds. On the other hand, when the communication is between the terminals belonging to the different service groups, or the communication is between the terminal and the server to which the service group to which the terminal does not belong corresponds, its communication is canceled (banned).
For example, following the examples in
In other words, according to the present embodiment, regardless of a place at which the service providing system 10 is built and a place at which the terminals a, b, c, . . . exist, the communication control server 60 administrates the groups (service groups) for each of the services A, B, C, . . . , and guarantees the communication with in each of the service groups. Further, the communication control server 60 surely prevents information leakage to outside the service group by banning the communication across the service groups. The service group like this including a server for providing a service to which the service group corresponds builds a virtually individual network for each of the groups which does not have physical limitations such as distance. Also, according to the present embodiment, each of the terminals is easy to belong to the plurality of service groups in the service providing system 10, and is released, when compared with conventional arrangement (
Also, within the individual network for each group as mentioned above, a communication is possible by one-to-many multicast. For example, the terminal a can transmits data simultaneously to the server 30 to which the service A group or to a different terminal which belongs to the service A group to which itself belongs. Also, the server 30 can notify updates of orders or information by push with regards to the service A to each of the terminals which belongs to the service A group to which itself belongs.
Also, as mentioned above, the communication between the terminal b and the terminal c is performed via the communication control server 60. For this reason, for example, when one (terminal b) is a PC including a printer driver, and the other (terminal c) is a printer which is driven and controlled by the printer driver, even if the both are physically remotely located, searching for the printer by the PC (printer driver), printing by the printer on the basis of an order from the PC (printer driver), acquiring status information from the printer by the PC (printer driver), notifying from the printer to the PC (printer driver), and the like can be performed in a way completely same as a PC and a printer which are located in LAN built locally.
Further for the present embodiment, the communication control server 60 includes a change processing part 14 which changes a corresponding relationship between the service group which the terminal registration information regulates and the terminal. The communication control server 60 is connected to a terminal 61 (
In the example of the change like this, at the time in which the identification information of the terminal b is recorded by corresponding to the service A group, the identification information of the terminal b does not includes the IP address allotted from the server 30 of the service A group. However, after the change is implemented, a new IP address for joining the service A group is allotted from the server 30, by the automatic allotting of the IP address by RA or DHCP to the terminal b. The new IP address allotted like this is over written in the identification information of the terminal b to which the service A group corresponds in the terminal registration information.
In
Further, the present invention is not limited to the above mentioned embodiments, and can be implemented in various arrangements, as long as staying within its concept. For example, examples below are possible. Substance of combinations of the above mentioned embodiments and each example below is included in the disclosure of the present invention.
The terminal 90 as one example shown in
In the description above, a terminal which will belong to a service group receive IP address from a server corresponding to the service group. In other word, the IP address which is allotted from each of the servers 30, 40, 50, . . . to the terminal is allotted from different IP group (range of different IP address). However, the service providing system 10, for example, can allot unique IP address, which can be commonly used within the service providing system 10, to each of the terminals. For the example, after receiving the unique IP address for each of the terminals from either server (servers 30, 40, 50, . . . or the communication control server 60) of the service providing system 10, each of the terminals performs the communication with the service group to which it belongs at that time by using the IP address (regardless of whether or not changing to service group to which it belongs). Alternatively, for a different example, the service providing system 10 can allot one IP address of the IP group to each of the terminals which belongs to one or the plurality of the service groups, not all. Alternatively, for a different example, the service providing system 10 can allot IP address from a plurality of IP groups to each of the terminals which belongs one of the service groups.
In understanding the scope of the present invention, the term “comprising” and its derivatives, as used herein, are intended to be open ended terms that specify the presence of the stated features, elements, components, groups, integers, and/or steps, but do not exclude the presence of other unstated features, elements, components, groups, integers and/or steps. The foregoing also applies to words having similar meanings such as the terms, “including”, “having” and their derivatives. Also, the terms “part,” “section,” “portion,” “member” or “element” when used in the singular can have the dual meaning of a single part or a plurality of parts. Finally, terms of degree such as “substantially”, “about” and “approximately” as used herein mean a reasonable amount of deviation of the modified term such that the end result is not significantly changed. For example, these terms can be construed as including a deviation of at least ±5% of the modified term if this deviation would not negate the meaning of the word it modifies.
While only selected embodiments have been chosen to illustrate the present invention, it will be apparent to those skilled in the art from this disclosure that various changes and modifications can be made herein without departing from the scope of the invention as defined in the appended claims. Furthermore, the foregoing descriptions of the embodiments according to the present invention are provided for illustration only, and not for the purpose of limiting the invention as defined by the appended claims and their equivalents.
Number | Date | Country | Kind |
---|---|---|---|
2013-232790 | Nov 2013 | JP | national |