1. Field of the Invention
The present invention relates to a mobile IP communication scheme, and more particularly, to a mobile computer device capable of carrying out communications while moving over a plurality of inter-connected networks, and a packet relay device for relaying data packets having the mobile computer device as destination or source, as well as a packet relay method, a packet transmission method and a packet transfer method used by these devices.
2. Description of the Background Art
In conjunction with availability of a computer system in smaller size and lower cost and a more enriched network environment, the use of computer system has been rapidly expanded into variety of fields, and there is also a transition from a centralized system to a distributed system. In this regard, in recent years, because of the advance and spread of the computer network technology in addition to the progress and improved performance of the computer system itself, it has become possible to realize not only a sharing of resources such as files and printers within an office but also communications (electronic mail, electronic news, file transfer etc.) with outside of an office or organization, and these communications are now widely used.
In particular, in recent years, the use of the world""s largest computer network called xe2x80x9cInternetxe2x80x9d has become very popular, and there are new computer businesses for connecting to the Internet and utilizing open information and services, or for providing information and services to external users who make accesses through the Internet. In addition, new technological developments are made in relation to the use of the Internet.
Also, in conjunction with the spread of such networks, there are technological developments regarding the mobile computing. In the mobile computing, a user carries along a portable computer terminal and makes communications while moving over networks. In some cases, the user may change a location on a network while continuing the communication, so that there is a need for a scheme that manages a changing address of a mobile computer on a network during such a communication in order to route the communication content correctly.
In general, in a case of realizing the mobile computing, a router (home agent) for managing the visiting site information of the mobile computer is provided at a network (home network) to which the mobile computer belongs, and when the mobile computer is away from the home network, the mobile computer sends a registration message for indicating a current location to this home agent. When this registration message is received, the transmission of data destined to the mobile computer is realized by capturing it by the home agent, and carrying out the data routing control with respect to the mobile computer by encapsulating an IP packet destined to an original address of the mobile computer within a packet destined to a current location address of the mobile computer.
For example, in FIG. 1, this role is played by a home agent (HA) 105 in a case where the mobile computer 102 that originally belongs to the home network 101a moves to another network 101b and carries out the communication with another computer (correspondent host: CH) 103 within the other network 101c. This is a scheme called mobile IP which is currently in a process of being standardized by the mobile-IP working group of the IETF which is the standardizing organization for the Internet (see, IETF RFC 2002, IP mobility support (C. Perkins)).
Also, when the networks are wide spread and free connections among networks are realized so that huge amount of data and services can be exchanged, there arises a need to account for the problem of security.
For example, there is a problem as to how to prevent the leakage of the secret information of the organization to the external network, and there is also a problem as to how to protect resources and information connected to the domestic network. The Internet was developed originally for the academic purpose so that the primary concern was the free data and service exchanges by the network connections and the above described problem of security has not been accounted for.
However, in recent years, many corporations and organizations are connecting to the Internet so that there is a need for a mechanism to guard the own network in view of the above described problem of security.
To this end, there is a known scheme for use at a time of exchanging a data packet on the Internet, in which the content of the data packet is to be encrypted and an authentication code is to be attached before the transmission of the data packet to the external, and the authentication code is to be verified and the data packet is to be decrypted at a received site. According to this scheme, even when an outside user picks up the data packet on the external network, the leakage of data content can be prevented because the data content is encrypted, and therefore the secure communication can be realized.
A mutual cipher communication is possible between networks which are protected (guarded) by gateway computers that support such a cipher communication, and when the above described mobile computer itself supports a function of the packet encryption and decryption, a cipher communication between any gateways or a gateway and a mobile computer can be supported.
For example, in an exemplary case shown in FIG. 1, a mobile computer 102 that originally belongs to a home network 101a moves to another network 101b and carries out a cipher communication with another computer (CH: Correspondent Host) 103 in a network 101c, through gateways 104a and 104c that support the encryption/decryption function.
In FIG. 1, when the communications are carried out by using the mobile IP scheme in combination with the packet encryption scheme, a packet transfer route will be as follows: correspondent host (CH) 103xe2x86x92gateway 104cxe2x86x92gateway 104axe2x86x92home agent (HA) 105xe2x86x92gateway 104axe2x86x92mobile computer 102. At the gateway 104a, the packet is decrypted once and sent to the home agent 105, and later on, the packet transmitted from the home agent 105 is encrypted again.
Now, in the mobile IP scheme, the protocol is configured by presupposing only the case where the mobile computer moves over a single address space. Namely, it is assumed that the current location registration message from the visited site is always capable of reaching to the home agent on the home network. However, nowadays, when a large scale organization is connected to the Internet, it is rare to allocate global IP addresses to all the hosts within the organization due to the problem of IP address shortage, and it is more common to operate within the organization using private addresses (RFC 1597) and carry out the address translation into the global address in the case of communicating with the external.
In general, a scheme called NAT (Network Address Translation) is often employed as a scheme for transferring a packet originated from a private address to a global address region. The NAT is a scheme in which a correspondence between the private address on an inner side and the global address on an outer side is managed according to information such as a port number of an IP packet, and a packet is transferred by applying appropriate address translation.
However, when the packet encryption scheme is used in combination as described above, this mechanism for distributing packets according to the port numbers does not work properly. Also, when the mobile IP scheme is used in combination, the registration request message is initially transmitted from the mobile computer that has moved to the external, and the correspondence between the private address on an inner side and the global address on an outer side is established at a timing of this message, so that the direction of actions involved is opposite to that of the conventional NAT scheme.
In other words, in the system which uses the mobile IP scheme and the packet encryption scheme in combination, there is a need to provide a scheme for establishing a correspondence between the global address and the private address, which is operable even when a region of the port number or the like is hidden as a result of encryption of the packet content, and which is also operable even in the case where an external mobile computer initiates a communication session.
As described, in the case of supporting mobile computers by utiling the mobile IP scheme in general, when a mobile computer moves over a plurality of addresses spaces (as in the case of moving from a private one to a global one), there is a need to provide a scheme for controlling a packet format of a registration request to be transmitted to a home agent of a home network depending on a current location of the mobile computer, and a scheme for receiving a transmitted packet once at an entrance of the organization that is located at a border between the private network and the global network, and transferring it to a corresponding home agent inside the organization after checking its content.
Thus, in the conventional mobile IP scheme, the protocol has been configured under the assumption of the reachability from the mobile computer to the home network, so that there has been a constraint that the mobile computer can only move within the address space common to the home network. For this reason, when the organization is operated using the private addresses, there has been a drawback that the mobile IP scheme cannot be used directly if the mobile computer moves outside (the global address region) of the origanization network.
It is therefore an object of the present invention to provide a mobile IP communication scheme for a computer system in which a plurality of computers can communicate with each other by being mutually connected through a plurality of inter-connected communication networks where an automatic routing control for the mobile computer is supported by the mobile IP scheme, which is capable of realizing the following mobile computer control. Namely, in this scheme, a packet such as that of a location registration message originating from the mobile computer that has moved to a region under the address management different from the home network is received once at an entrance of the organization network, and transferred to a corresponding home agent within the organization after checking its content, while the mobile computer side generates and transmits a packet in appropriate format according to its own current location.
Specifically, the present invention provides a mobile computer device, a packet relay device, a mobile computer management device, a packet relay method, a packet transmission method and a packet transfer method for realizing such a mobile IP communication scheme.
According to one aspect of the present invention there is provided a packet relay device in a network system supporting a mobile computer that is capable of carrying out communications while moving over a plurality of inter-connected networks, for relaying packets having an address of the mobile computer device as a destination or source, the packet relay device comprising: a packet receiving unit for receiving a packet in a first format using a global address which is transmitted by the mobile computer for a location registration from a visited site managed by a global address system, and checking a content of the packet; and a packet transfer unit for transferring the packet in a second format using a private address, to a correspondent computer in a home network of the mobile computer managed by a private address system, according to the content of the packet.
According to another aspect of the present invention there is provided a mobile computer device capable of carrying out communications while moving over a plurality of inter-connected networks, comprising: a current location setting unit for storing an information indicating whether or not the mobile computer device is currently connected to a private address space identical to that of a home network in which a mobile computer management device for managing a current location address of the mobile computer device and transferring a packet destined to the mobile computer device to the current location address is provided; a relay device information unit for storing a global address in a global address space of a packet relay device which is provided at a border between the private address space and the global address space and relaying a packet to be exchanged between one computer connected to the private address space and another computer connected to the global address space; and a transmission unit for transmitting to the packet relay device at least a registration request packet that is containing the current location address and destined to the mobile computer management device, by using the global address stored by the relay device information unit, when the current location setting unit stores the information indicating that the mobile computer device is currently not connected to the private address space.
According to another aspect of the present invention there is provided a mobile computer management device provided at a home network of a mobile computer that is capable of carrying out communications while moving over a plurality of inter-connected networks, the mobile computer management device comprising: a memory unit for storing in correspondence at least a home address of the mobile computer and a current location address of the mobile computer when the mobile computer is moving outside the home network; a registration unit for decrypting an encrypted packet received from a packet relay device and registering the current location address into the memory unit when a decrypted packet is a registration request packet containing the current location address which is transmitted from the mobile computer to the mobile computer management device, the packet relay device being provided at a border between a private address space by which the home network is managed and a global address space and relaying a packet to be exchanged between one computer connected to the private address space and another computer connected to the global address space; and a transfer unit for transferring a packet destined to a home address of the mobile computer in the home network to the current location address according to the memory unit.
According to another aspect of the present invention there is provided a packet relay method in a network system supporting a mobile computer that is capable of carrying out communications while moving over a plurality of inter-connected networks, for relaying packets having an address of the mobile computer device as a destination or source, the method comprising the steps of: receiving a packet in a first format using a global address which is transmitted by the mobile computer for a location registration from a visited site managed by a global address system, and checking a content of the packet; and transferring the packet in a second format using a private address, to a correspondent computer in a home network of the mobile computer managed by a private address system, according to the content of the packet.
According to another aspect of the present invention there is provided a packet transmission method in a mobile computer device capable of carrying out communications while moving over a plurality of inter-connected networks, the method comprising the steps of: (a) storing an information indicating whether or not the mobile computer device is currently connected to a private address space identical to that of a home network in which a mobile computer management device for managing a current location address of the mobile computer device and transferring a packet destined to the mobile computer device to the current location address is provided; (b) storing a global address in a global address space of a packet relay device which is provided at a border between the private address space and the global address space and relaying a packet to be exchanged between one computer connected to the private address space and another computer connected to the global address space; and (c) transmitting to the packet relay device at least a registration request packet that is containing the current location address and destined to the mobile computer management device, by using the global address stored at the step (b), when the step (a) stores the information indicating that the mobile computer device is currently not connected to the private address space.
According to another aspect of the present invention there is provided a packet transfer method in a mobile computer management device provided at a home network of a mobile computer that is capable of carrying out communications while moving over a plurality of inter-connected networks, the method comprising the steps of: storing in correspondence at least a home address of the mobile computer and a current location address of the mobile computer when the mobile computer is moving outside the home network, in a memory; decrypting an encrypted packet received from a packet relay device and registering the current location address into the memory when a decrypted packet is a registration request packet containing the current location address which is transmitted from the mobile computer to the mobile computer management device, the packet relay device being provided at a border between a private address space by which the home network is managed and a global address space and relaying a packet to be exchanged between one computer connected to the private address space and another computer connected to the global address space; and transferring a packet destined to a home address of the mobile computer in the home network to the current location address according to the memory.
According to another aspect of the present invention there is provided an article of manufacture, comprising: a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a packet relay device in a network system supporting a mobile computer that is capable of carrying out communications while moving over a plurality of inter-connected networks, for relaying packets having an address of the mobile computer device as a destination or source, the computer readable program code means includes: first computer readable program code means for causing said computer to receive a packet in a first format using a global address which is transmitted by the mobile computer for a location registration from a visited site managed by a global address system, and check a content of the packet; and second computer readable program code means for causing said computer to transfer the packet in a second format using a private address, to a correspondent computer in a home network of the mobile computer managed by a private address system, according to the content of the packet.
According to another aspect of the present invention there is provided an article of manufacture, comprising: a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a mobile computer device capable of carrying out communications while moving over a plurality of inter-connected networks, the computer readable program code means includes: first computer readable program code means for causing said computer to store an information indicating whether or not the mobile computer device is currently connected to a private address space identical to that of a home network in which a mobile computer management device for managing a current location address of the mobile computer device and transferring a packet destined to the mobile computer device to the current location address is provided; second computer readable program code means for causing said computer to store a global address in a global address space of a packet relay device which is provided at a border between the private address space and the global address space and relaying a packet to be exchanged between one computer connected to the private address space and another computer connected to the global address space; and third computer readable program code means for causing said computer to transmit to the packet relay device at least a registration request packet that is containing the current location address and destined to the mobile computer management device, by using the global address stored by the second computer readable program code means, when the first computer readable program code means stores the information indicating that the mobile computer device is currently not connected to the private address space.
According to another aspect of the present invention there is provided an article of manufacture, comprising: a computer usable medium having computer readable program code means embodied therein for causing a computer to function as a mobile computer management device provided at a home network of a mobile computer that is capable of carrying out communications while moving over a plurality of inter-connected networks, the computer readable program code means includes: first computer readable program code means for causing said computer to store in correspondence at least a home address of the mobile computer and a current location address of the mobile computer when the mobile computer is moving outside the home network, in a memory; second computer readable program code means for causing said computer to decrypt an encrypted packet received from a packet relay device and register the current location address into the memory when a decrypted packet is a registration request packet containing the current location address which is transmitted from the mobile computer to the mobile computer management device, the packet relay device being provided at a border between a private address space by which the home network is managed and a global address space and relaying a packet to be exchanged between one computer connected to the private address space and another computer connected to the global address space; and third computer readable program code means for causing said computer to transfer a packet destined to a home address of the mobile computer in the home network to the current location address according to the memory.
Other features and advantages of the present invention will become apparent from the following description taken in conjunction with the accompanying drawings.