This invention relates to a computer system equipped with a plurality of computers, and more particularly to a technology of assuring secrecy and data integrity of communication through a network.
In recent years, internet protocol (hereinafter, abbreviated as “IP”) networks have been used in general. Accordingly, importance is attached to a network security technology. Used for assuring security of the IP network is a known technology of establishing a safe communication path, i.e., security association (hereinafter abbreviated as “SA”) between computers engaged in communication with each other.
According to the technology of establishing SA, the computers exchange SA information containing an encryption method or an encryption key and establish SA before they start communication. Then, the computers manage the SA information regarding the established SA. The computers carry out packet encryption or decryption based on the managed SA information.
STUN protocol specifications are disclosed in RFC 3489 (retrieved from the Internet at URL: http://www.ieft.org/rfc/rfc3489.tct). According to the specifications, a terminal connected to NAT can predict an address allocated from the NAT by using the STUN protocol to communicate with a STUN server.