1. Field of the Invention
The present invention relates to a method and an apparatus for communication control in a communication network system formed by a plurality of computers including mobile computers for communicating data with each other and providing necessary services over a plurality of interconnected networks, for the purpose of controlling accesses to mobile computers that are moving over the networks.
2. Description of the Background Art
In conjunction with the reduction of size and cost of a computer system and the progress of a network environment, the use of a computer system has been expanded to a variety of fields rapidly, and the transition from a centralized system to a distributed system is in progress. Moreover, in recent years, in addition to the advance and the improved performance of a computer system itself, the advance and spread of the computer network technology has enabled communications (such as electronic mails, electronic news, file transfer, etc.) with externals of one office or one organization, in addition to the sharing of resources (such as files, printers, etc.) within one office, which are now widely used. Particularly, in recent years, the use of the worldwide computer network called Internet has widely spread, and there are new computer businesses for supporting connections to the Internet for the purpose of utilizing opened information and services or for providing information and services to external users accessing through the Internet. Furthermore, developments of many new technologies concerning the use of the Internet are currently in progress.
In addition, in conjunction with such a spread of the computer network, developments of technologies concerning mobile computing are also currently in progress. In the mobile computing, a user can make communications by using a portable terminal or computer while moving over the networks. There are even cases in which a location on the networks is changed while being in a communication, so that there is a need for a scheme to manage addresses of mobile computers on the networks which are changing during communications in order to properly deliver communication contents to the mobile computers.
On the other hand, as the computer networks spread and free connections among the networks are realized so that enormous amount of data and services are to be communicated through the networks, there arises a need to account for the problems of security. For example, it is necessary to account for a problem as to how to prevent a leakage of secret information of an organization to the external network, or a problem as to how to protect resources and information associated with an organization's network from illegal accesses from externals of an organization. The Internet was originally constructed for the academic purposes so that it was primarily concerned with the realization of free communications of data and services by network connections and the problems of security were not taken into account. However, recently, many commercial companies and groups are being connected to the Internet so that there has been a need for a mechanism to protect own organization's network in view of the problems of security.
To this end, in a case of connection a plurality of networks, it is common to provide a mechanism called firewall which monitors and checks data communicated through these networks for the purpose of preventing the illegal accesses from externals and the leakage of internal data to externals. By providing the firewall, it becomes possible to prevent the illegal accesses from externals and the leakage of secret information to externals, while enabling internal computers to receive external services safely.
Also, in a case of communicating important data with particularly high secrecy through external networks, there is a scheme for encrypting data contents before transmitting data packets to the external and decrypting received data contents at a receiving side. According to this scheme, even if a third person at outside the organization spoofs the data packets on the external network, the data contents would not be leaked to that third person because the data contents are encrypted, so that it becomes possible to guarantee the safe communication.
In this regard, such encryption/decryption is possible between the networks which are protected (guarded) by the firewalls which support this encryption/decryption. In a case of an access to the mobile computer described above, when the mobile computer moves to a network managed by the same organization which is managing the home network of the mobile computer and the this visited network is guarded by the firewall which supports the encryption/decryption, the encryption/decryption can be carried out similarly as in a case of communication between the computers within the same network. In such a case, for the purpose of addressing computers, it suffices to use the private addresses within that organization.
On the other hand, when the mobile computer moves to a network managed by an external organization or a network which is managed by the own organization but not guarded by the firewall, this mobile computer has to be treated as an external computer. Consequently, the encryption/decryption cannot be carried out, and the private address within that organization cannot be used within the external organization so that a totally different way of addressing this mobile computer will be necessary.
However, the conventional mobile computing scheme is not provided with a processing for changing the address according to a current location of the mobile computer. In the conventional mobile computing scheme, external addresses which are unique over all networks are given to all mobile computers, and the access to the mobile computer is realized by managing a table of correspondence between addresses (private addresses) within the own organization and external addresses.
This conventional mobile computing scheme has a problem in that, in general, there is only a limited number of addresses which are unique over the external networks (Internet), and it is expected that a number of available external addresses will be insufficient for allocation to all the mobile computers when the mobile computers become popular.