1. Field of the Invention
The present invention relates to a communication apparatus and a method thereof.
2. Description of the Related Art
In recent years, a technology for realizing data communications over an Internet Protocol (IP) network, based on a virtual communication path (session) established between communication apparatuses has been widely used (e.g., Japanese Patent Application Laid-Open No. 2007-110387).
As a session control protocol for controlling establishment, continuation, and disconnection of a session between communication apparatuses, there is used a protocol referred to as a Session Initiation Protocol (SIP), in the Request for Comments (RFC) 3261. As a method for negotiating various parameters of the data communication, when the communication apparatus starts data communication with a partner apparatus using the SIP, there is specified an Offer-Answer model or a model for determining a communication terminal that establishes connection of Transmission Control Protocol (TCP) when performing the data communication using the TCP.
The Offer-Answer model is a model in which a communication terminal that makes a start request of the data communication offers various parameters usable in the data communication, and a communication partner answers a parameter that the communication partner actually uses in the data communication from among the offered parameters (Refer to RFC3264“An Offer/Answer Model with SIP”).
In the case where the TCP is used in the data communication, the communication terminal which makes start request of the data communication offers negotiation information including connection modes of “Active”, “Passive”, or “Actpass”, for determination of a terminal which establishes connection of the TCP. Then, the partner communication apparatus determines a TCP connection terminal by selecting the connection mode of the TCP from among the offers (Refer to RFC4145 “TCP-Based Media Transport in the SIP”).
However, in the conventional Offer-Answer model, when the communication apparatus offers various parameters of the data communication, the communication apparatus indicates all parameters which can be used in the data communication to the partner communication apparatus, and the partner communication apparatus selects the parameters to be used in the data communication from among them. Therefore, the communication apparatus which has offered the parameters encounters a problem that all the parameters such as capability and settings of itself may be eventually known by the partner communication apparatus.
As a specific example, a case where a connection setting of a Secure Socket Layer Virtual Private Network (SSL VPN) to be used in the data communication according to the Offer-Answer model is negotiated will be described. Since the SSL VPN is connected by the TCP, it is necessary for a client to connect to a server when connection is started. Further, it is necessary for both of the server and the client to negotiate on settings such as a type of encryption and presence/absence of compression. Moreover, the server needs to notify the client of an IP address and a port number for getting access to at least itself, as connection waiting information of the TCP.
To begin with, the communication apparatus offers all settings of the VPNs which are supported by itself. In the offered settings, the settings such as encryption types connectable as the client, information about encryption types connectable as the server, and the IP address and the port number for getting access to itself are included. The partner communication apparatus performs negotiation about the VPN to be used in the data communication by replying the settings to be actually used from among these.
What is a problem herein is to offer settings of the VPN which are not actually used to the partner communication apparatus. In particular, it is not desirable in terms of security that information of the server is known by the partner communication apparatus.