摘要:
When a packet transfer equipment receives a packet, it extracts several types of information contained in the received packet such as the destination IP address and the destination port number and, using the extracted information as the key, inquires of a packet transfer method resolution server about the information related to the packet transfer method. The server keeps the correspondences between several types of information contained in the packet and one or more type of information related to the packet transfer method in the database and, in response to the inquiry from the packet transfer equipment, replies one or more type of information related to the packet transfer method. The packet transfer equipment rewrites several types of information such as the destination IP address and the destination port number according to one or more type of information obtained and transfers the received packet.
摘要:
When a packet transfer equipment receives a packet, it extracts several types of information contained in the received packet such as the destination IP address and the destination port number and, using the extracted information as the key, inquires of a packet transfer method resolution server about the information related to the packet transfer method. The server keeps the correspondences between several types of information contained in the packet and one or more type of information related to the packet transfer method in the database and, in response to the inquiry from the packet transfer equipment, replies one or more type of information related to the packet transfer method. The packet transfer equipment rewrites several types of information such as the destination IP address and the destination port number according to one or more type of information obtained and transfers the received packet.
摘要:
A DNS Proxy unit (A12a) holds the domain name of an encrypted communication target node in a CUG setting table (A125a), intercepts a name resolution request for a communication partner node output from an application (A11x) to a DNS server (B1a), determines by looking up the CUG setting table (A125a) whether the communication partner is an encrypted communication target node, and if the communication partner is an encrypted communication target node, registers the IP address of the name-resolved communication partner in an encrypted communication path setting table (A142a). A data packet sent from the application (A11x) to the IP address is intercepted by a data transmission/reception unit (A14a). A data packet to an IP address registered in the encrypted communication path setting table (A142a) is encrypted by a communication encryption unit (A141a) and transmitted to the communication partner. In this way, in executing encrypted communication with a plurality of communication partners by using a communication encryption function provided by an OS, setting of the encrypted communication target node can be done by using a domain name.
摘要:
If the communication partner of a client node (A1a) is an encryption communication target node (C1), a DNS Proxy unit (A12a) in the client node rewrites a response to a name resolution request for the communication partner node of an application from the actual IP address of the communication partner node to a loopback address that changes depending on the communication partner. On the basis of the destination loopback address of a data packet transmitted from the application, a communication encryption module (A13a) in the client node identifies the communication partner and the encryption communication path to be used for communication with the communication partner. Hence, encryption communication can simultaneously be executed directly with a plurality of communication partner nodes by using the communication encryption module that operates as an independent process.
摘要:
The DNS server according to the present invention includes a user information identification unit which identifies an attribute of a user who has transmitted a DNS query message through a user information obtaining unit and handing over an identification result to a response generation unit, a user information obtaining unit for referring to a user information database to obtain user attribute information of a user who has transmitted a DNS query message, and a response generation unit for searching a response database for a name resolution method relevant to user attribute information handed over from the user information identification unit to conduct name resolution according to the found name resolution method, thereby enabling name resolution to be minutely customized for each attribute of a user.
摘要:
If the communication partner of a client node (A1a) is an encryption communication target node (C1), a DNS Proxy unit (A12a) in the client node rewrites a response to a name resolution request for the communication partner node of an application from the actual IP address of the communication partner node to a loopback address that changes depending on the communication partner. On the basis of the destination loopback address of a data packet transmitted from the application, a communication encryption module (A13a) in the client node identifies the communication partner and the encryption communication path to be used for communication with the communication partner. Hence, encryption communication can simultaneously be executed directly with a plurality of communication partner nodes by using the communication encryption module that operates as an independent process.
摘要:
A DNS Proxy unit (A12a) holds the domain name of an encrypted communication target node in a CUG setting table (A125a), intercepts a name resolution request for a communication partner node output from an application (A11x) to a DNS server (B1a), determines by looking up the CUG setting table (A125a) whether the communication partner is an encrypted communication target node, and if the communication partner is an encrypted communication target node, registers the IP address of the name-resolved communication partner in an encrypted communication path setting table (A142a). A data packet sent from the application (A11x) to the IP address is intercepted by a data transmission/reception unit (A14a). A data packet to an IP address registered in the encrypted communication path setting table (A142a) is encrypted by a communication encryption unit (A141a) and transmitted to the communication partner. In this way, in executing encrypted communication with a plurality of communication partners by using a communication encryption function provided by an OS, setting of the encrypted communication target node can be done by using a domain name.
摘要:
A network relay device includes a packet buffer for temporarily storing a received packet, and a packet buffer control section for changing an effective buffer number depending on the received amount of packet. When a traffic amount is small, the packet buffer control section reduces the power consumption by stopping the feeding of power or the supply of clock to a part of the packet buffers. The network relay device further includes plural table memories storing a table for deciding the transfer destination of packet, and a table memory control section for changing an effective table number according to a required number of table entries. When the required table entry number is small, the table memory control section reduces the power consumption by stopping the feeding of power or the supply of clock to a part of the table memories.
摘要:
In a client terminal of a communication system, a cipher session establishing section establishes a cipher session use connection between the client terminal as a source client terminal and a relay server by transmitting/receiving a cipher session establishment message between the source client terminal and the relay server, and notifies header information contained in a cipher session header to the relay server. A shared key managing section holds a client shared key with a destination client terminal, A data enciphering section performs encipherment of a data and/or MAC (Message Authentication Code) calculation of the data by using the client shared key and to output the performing result as a client cipher data. A message producing section produces a data communication message including a cipher data field in which the client cipher data is inserted and a non-cipher data field in which the cipher session header containing the header information is inserted. A transmitting section transmits the data communication messages destined to the destination client terminal to the relay server by using the cipher session use connection.