JP4227661B2 - Identifier assigning apparatus and program - Google Patents

Description

  The present invention relates to an IP address distribution apparatus and method, and more particularly, to distribution of an IP address such as a DHCP server that distributes an IP address to a terminal (hereinafter referred to as a PC terminal) such as a PC (personal computer) connected to an IP network. The present invention relates to an apparatus and a method.

In a network that communicates using a unique identifier on the network, for example, in a network environment in which communication is performed in accordance with the TCP / IP protocol, a DHCP (Dynamic Host Configuration Protocol) server generally connects a PC terminal connected to the network. In contrast, IP addresses are distributed. Then, the PC terminal is recognized in the IP network by this IP address. Conventionally, various systems for distributing IP addresses to PC terminals connected to an IP network in consideration of security have been proposed.

  For example, in a certain system (see Patent Document 1), an authentication server is provided in an IP network, and a user ID and password sent from a PC terminal connected to the IP network, and a regular user ID and password registered in advance. After confirming that the authentication server is a legitimate user based on the comparison result, the IP address is distributed to the PC terminal that sent the user ID and password. In such a system, since the IP address is distributed only to the PC terminal used by the authorized user, security in the IP network environment is ensured.

In another system (see Patent Document 2), an ID (MTID) for identifying a device connectable to a network (home network) and a router provided on a communication path from the network to an ISP (Internet Service Provider). A database in which a combination with an ID (HGWID) is registered in advance is installed in the ISP. When the device is connected to the network (when the power is turned on), when the MTID is transmitted from the device to the router, the router sends the MTID together with its own HGWID to the ISP, and the combination thereof is stored in the database. If it matches the registered one, the IP address is distributed from the ISP to the device. In such a system, an IP address is distributed to a device whose ID is registered in advance only when it is confirmed that the device is connected to a legitimate network (specified by the router ID). Therefore, security in the network is secured.

  Further, in another system (see Patent Document 3), the host name of the client to be managed is registered in advance in the DHCP server, and the host name of the client that has made an IP address setting request and the registered host name, When the two match, the IP address is distributed from the DHCP server to the client. In such a system, when there are a plurality of DHCP servers in the network, each DHCP server only needs to respond to a request from a client to be managed, so that network traffic can be reduced. Become. In addition, as a result, the IP address is distributed only to the clients whose host names are registered in advance, so that security within the network is also ensured.

Unauthorized access between terminals based on the determination result of whether or not access between terminals connected to the network matches the prohibited communication aspect in advance by registering the prohibited communication aspects in the network Has been proposed (see, for example, Patent Document 4). By using such system security, even if the terminal is already connected to the network after receiving the IP address distribution, unauthorized access to other terminals can be detected, thus improving the security in the network. Will be able to.
JP 2003-30138 A JP 2002-281061 A JP 2000-59387 A JP 7-264178 A JP 2002-77166 A

  In consideration of security in the network, such identifiers are distributed to communication devices that communicate using a unique identifier on the network such as an IP address. Such information cannot be distributed unless the information is registered in advance. For this reason, people outside the organization (for example, business travelers from other offices / sales offices) temporarily connect the PC terminal to the network and use it, as in an in-house network in a company with a lot of traffic. In a network with many cases, when the conventional system as described above is applied, the usability is deteriorated.

  Further, if a security system as described above is provided separately from the system for distributing the identifier, it is disadvantageous in terms of cost and operation.

  The present invention is for solving the above-mentioned conventional drawbacks, and it is easy for a legitimate person to temporarily connect a communication device (PC terminal) to a network, and to prevent unauthorized connection of the communication device as much as possible. An identifier assignment apparatus, method, and program that can be eliminated are provided.

The present invention provides an identifier assignment apparatus that assigns the identifier to a communication device that communicates using a unique identifier.
Management means for managing communication devices;
Control means for receiving a request from a communication device and allocating an identifier to the communication device in response to the request within a predetermined period from the assignment of the identifier to the communication device.

  Preferably, the control means may always assign an identifier to a request from an authorized communication device in response to the request.

  An IP address distribution apparatus according to the present invention is an IP address distribution apparatus that distributes an IP address to a client device based on distribution request information received from a client device connected to an IP network. A lease condition storage unit that stores a lease condition indicating a condition relating to whether or not an IP address can be distributed in association with a device, and when the distribution request information is received from the client device, the lease condition storage unit corresponds to the client device. If lease conditions are not stored, IP address distribution to the client device is permitted, and initial control means for storing the initial lease conditions in the lease condition storage unit in association with the client devices, and the lease condition storage For each client device stored in the Based on the lease condition stored in the lease condition storage unit corresponding to the client device, the condition changing unit for changing the lease condition and whether or not the IP address can be distributed to the client device that is the transmission source of the distribution request information An IP address distribution permission / inhibition control unit to be controlled may be included.

  With such a configuration, distribution of an IP address is permitted for a client device connected to the IP network for the first time, and initial lease conditions are set for the client device. The lease condition for each client device can be changed, and whether or not the IP address can be distributed to the client device that is the transmission source of the distribution request information is controlled based on the lease condition. Accordingly, the lease conditions for each client device can be managed dynamically, and by setting the initial lease conditions appropriately, the client device can be temporarily connected to the IP network, and the client device Frequent unauthorized connection to the IP network can be prevented.

  In the IP address distribution device according to the present invention, when the initial lease condition includes a periodical condition that enables IP address distribution, and the condition changing unit receives distribution request information from a client device. A means for determining whether or not a periodical condition in the initial lease condition stored in the lease condition storage means corresponding to the client device is satisfied, and that the periodical condition is not satisfied A lease prohibition setting unit that changes the initial lease condition to a lease condition prohibiting IP address distribution when the determination is made can be adopted.

  According to such a configuration, the IP address is not distributed to the client device that does not satisfy the periodical condition for enabling the distribution of the IP address in the initial lease condition. Therefore, unauthorized connection to the IP network can be prevented.

  The periodical condition may be defined based on a unit time or may be defined based on a unit number of times of receiving distribution request information.

  Furthermore, in the IP address distribution device according to the present invention, the condition changing means sets the initial lease condition corresponding to the client device based on information related to execution of a predetermined process from the client device to a normal lease condition that is predetermined. It can be set as the structure which has a means to change.

  With such a configuration, a client device that has been able to receive an IP address distribution only under the initial lease condition can be changed based on a predetermined process in the client device under the normal condition. It can be changed to a state where it can be distributed.

  The regular lease condition can be arbitrarily determined in a system to which the IP address distribution device is applied, such as being able to always receive an IP address.

  When the lease condition includes a periodical condition that enables IP address distribution, the condition changing means receives the lease request information corresponding to the client device when receiving the distribution request information from the client device. Means for extending a periodical condition in the lease condition stored in the condition storage means for a predetermined period may be included. In this case, as long as each client device is continuously connected to the IP network, the periodical condition in the lease condition does not expire, and the control of whether or not the IP address can be distributed can be continued.

In addition, when the lease condition includes a periodical condition that enables IP address distribution, the condition changing unit is configured to perform the periodical change in each lease condition stored in the lease condition storage unit at predetermined intervals. And a means for deleting from the lease condition storage means a lease condition for which it is determined that the periodical condition is not satisfied. In this case, it is possible to eliminate the need for continuous management for client devices whose periodical conditions are no longer met.

  Furthermore, the condition changing means includes means for changing the lease condition corresponding to each client device stored in the lease condition storage means based on information relating to execution of a predetermined process from a management apparatus connected to the IP network. It can also be included. In this case, the lease condition for each client device can be changed from the management apparatus.

  The present invention also relates to an identifier assignment method in which a computer or other device, machine, or the like assigns the identifier to a communication device that communicates using a unique identifier, manages the communication device, receives a request from the communication device, An identifier may be assigned to the communication device in response to the request within a predetermined period from the assignment of the identifier to the communication device.

  Further, the present invention provides a computer that assigns the identifier to a communication device that communicates using a unique identifier, a management unit that manages the communication device, and a request from the communication device, and assigns the identifier to the communication device. The program may be configured to function as a control unit that assigns an identifier to the communication device in response to the request within a predetermined period. Further, the present invention may be a program in which such a program is recorded on a recording medium readable by a computer, other devices, machines, or the like.

  As described above, according to the present invention, it is possible for a legitimate person to easily connect a communication device (PC terminal) to the network temporarily, and to prevent unauthorized connection of the communication device as much as possible. For example, assignment of an identifier such as an IP address to each communication device on the network can be dynamically controlled. In addition, for example, by appropriately setting initial conditions for allocation, it is possible to temporarily connect the communication device to the network and to prevent frequent unauthorized connection to the network of the communication device. It becomes.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  A system to which an IP address distribution device (DHCP server) according to an embodiment of the present invention is applied is configured as shown in FIG. 1, for example. This example shows an in-house network system.

  In FIG. 1, a DHCP server 10 (IP address distribution device) and a network management PC 20 are connected to a predetermined IP network N (in-house network). In addition, client PCs 31, 32, and 33 that perform processing in the IP network N are connected to the IP network N.

  In such a system, the functional relationship of the DHCP server 10, the network management PC 20, and the client PC 30 (reference number “30” collectively indicates the client PCs 31, 32, and 33 shown in FIG. 1) is shown in FIG. As shown.

In FIG. 2, the DHCP server 10 transmits and receives information to and from the client PC 30 connected to the network N. The DHCP server 10 has a database, which includes an IP address distributed for each client PC (MAC address) and a lease table 11 in which the lease period is described, and whether or not an IP address can be distributed to each client PC. A lease status table 12 in which lease conditions representing conditions are described is stored. The lease status table 12 includes items of “physical identifier” (MAC address) that identifies the client PC and lease conditions (“validity period” and “state”). "State"
Any one of “initial” representing initial lease conditions, “lease permitted” representing IP address distribution permission, and “lease impossible” representing IP address distribution prohibition is set.

  When the client PC 30 is connected to the IP network (when the power is turned on while connected to the IP network N), the client PC 30 sends information related to the IP address distribution request (hereinafter, lease request) to the DHCP server 10. Send. When receiving the lease request, the DHCP server 10 controls whether or not to distribute the IP address based on the lease condition described in the lease status table corresponding to the client PC that is the transmission source of the lease request. Further, when the DHCP server 10 receives the lease request, and there is no lease status table corresponding to the client PC that is the transmission source of the lease request, the “status” = the lease status table of the initial lease condition Is created in association with the client PC (physical identifier).

  The network management PC 20 can update the contents of the lease status table 12 on a predetermined WEB screen provided by the DHCP server 10. Further, the client PC 30 can change the setting of “state” = initial in the lease status table 12 to “state” = leasable on the WEB screen for main registration provided by the DHCP server 10.

  Each time the DHCP server 10 receives a lease request from the client PC 30, the DHCP server 10 executes processing according to the procedure shown in FIG. This process is executed according to a program installed in the DHCP server 10. Note that this program may be provided to the DHCP server 10 via a recording medium such as a CD-ROM, or may be provided to the DHCP server 10 via a network (including the IP network N). Further, it may be stored in advance in the ROM or the like of the DHCP server 10.

  In FIG. 3, when receiving the lease request from the client PC 30, the DHCP server 10 determines whether or not the lease status table 12 corresponding to the client PC 30 that is the transmission source exists (S1). For example, when it is determined that the lease status table 12 does not exist, such as when the client PC 30 is connected to the IP network N for the first time, the DHCP server 10 determines that the lease corresponding to the client PC 30 received together with the lease request. A situation table 12 is created (S2). In the lease status table 12, for example, the following initial lease conditions are set.

"State" = initial;
“Validity period” = 2 days;
Thereafter, the “state” of the lease status table 12 is confirmed (S3, S4, S5). When the “state” = initial is confirmed (NO in S3, NO in S4, YES in S5), the DHCP server 10 Determines whether the set value of the “valid period” has already elapsed (S6). If it is determined that the “valid period” set value (initial value = 2 days) has not passed (NO in S6), the DHCP server 10 is selected from unused IP addresses pooled in advance. The IP address is distributed (transmitted) to the client PC 30 that is the transmission source of the lease request (S7). Then, the DHCP server 10 updates the “valid period” of the lease status table 12 corresponding to the client PC 30 to which the IP address has been distributed to a value extended by one day (S8).

As described above, the client PC 30 that has received the IP address distributed from the DHCP server 30 can transmit and receive information on the IP network N by storing the IP address therein. Accordingly, even if a temporary visitor connects his PC to the IP network N (internal network) (first connection), the person can use the PC on the IP network without any trouble. It becomes like this.

  The client PC 30 can perform this registration procedure. This registration procedure is performed as follows.

  The client PC 30 executes the main registration procedure process using a general-purpose browser function. That is, the client PC 30 reads the WEB screen for the main registration procedure provided by the DHCP server 10 and sets information according to a predetermined setting operation by the user. Then, the DHCP server 10 that provides the WEB screen for the main registration procedure executes processing according to the procedure shown in FIG. This process is also executed according to a program provided to the DHCP server 10 in the same manner as the program of the process shown in FIG.

In FIG. 4, a predetermined main registration procedure is performed based on information set on the WEB screen by the client PC 30 (S11). When it is determined that the procedure is completed (YES in S12), the DHCP server 10 The lease conditions of the lease table 12 corresponding to PC30
“State” = Leaseable;
"Expiration date" = one day extension;
Set as follows. That is, “state” = initial state is changed to “state” = leasable, and the set value of “valid period” is changed to a value extended by one day.

  If the procedure completion is not confirmed in the process shown in FIG. 4 (NO in S12), the process ends without changing the lease status table 12 because the procedure process is incomplete. To do.

  As described above, when a lease request is transmitted from the client PC 30 when the client PC 30 that has completed the registration procedure is turned on and the DHCP server 10 receives the lease request, the following processing is performed.

  In FIG. 3, when the DHCP server 10 confirms the existence of the lease status table 12 corresponding to the client PC 30 that is the transmission source of the lease request (YES in S <b> 1), the setting value of “state” in the lease status table 12 is further obtained. Confirm. When it is confirmed that the “state” set by the registration procedure as described above is “leasable” (YES in S3), the DHCP server 10 selects the IP address selected from the previously pooled unused IP addresses. The address is distributed to the client PC 30 that is the transmission source of the lease request (S7), and the “valid period” of the lease status table 12 corresponding to the client PC 30 is updated to a value extended by one day (S8).

  As a result, the DHCP server 10 distributes the IP address according to the above-described processing (S1, S3, S7, S8) every time a lease request transmitted when the power of the client PC 30 that has undergone the registration procedure is turned on is received. Therefore, the client PC 30 can transmit and receive information on the IP network N. Since the “valid period” is also extended by one day every time a lease request is issued, the client PC 30 can repeatedly transmit and receive information on the IP network without performing any special procedure.

For example, when an unauthorized person who does not know about the registration procedure connects his PC to an IP network, the DHCP server 10 sets initial lease conditions for the PC according to the above-described processing (S1 to S9). The lease status table 12 is created and IP addresses are distributed. That is, an unauthorized person's PC (hereinafter referred to as an unauthorized PC) can also transmit and receive information on the IP network N. However, after that, after the set value of the “effective period” of the initial lease condition has passed and the initial lease condition is not satisfied, the unauthorized PC is connected to the IP network N again by the following process: The unauthorized PC cannot be used on the IP network N.

In FIG. 3, when the DHCP server 10 confirms the existence of the lease status table 12 corresponding to the unauthorized PC that is the transmission source of the lease request (YES in S1), the “status” setting in the lease status table 12 is further set. Check the value. When it is confirmed that “state” representing the initial lease condition set as described above = initial (NO in S3, NO in S4, YES in S5), the DHCP server 10 determines in the lease status table 12 It is determined whether or not the set “expiration date” value has already passed (S6). In this case, the DHCP server 10 determines that the set value of the “valid period” has elapsed (YES in S6). Then, the DHCP server 10 determines the lease condition described in the lease status table 12 corresponding to the unauthorized PC.
“State” = not leaseable;
“Effective period” = one day extension;
(S9). Thereafter, the DHCP server 10 terminates the process without particularly distributing the IP address.

  Thereafter, when receiving a lease request from the unauthorized PC, the DHCP server 10 confirms that the lease condition set as described above in the lease status table 12 corresponding to the unauthorized PC is “state” = lease impossible. Then (YES in S1, NO in S3, YES in S4), the set value of the “valid period” in the lease status table 12 is further extended by one day (S9), and the process is performed without distributing the IP address. Terminate.

  As described above, an IP address is distributed to an unauthorized PC at the first connection, but connection to the IP network N is completely prohibited after the set value of the “valid period” has elapsed. It will be.

  The DHCP server 10 executes the arrangement of the lease status table 12 according to the procedure shown in FIG. 5 for each predetermined period (set in the interval timer) independently of the above-described processes (see FIGS. 3 and 4). To do. This process is also executed according to a program provided to the DHCP server 10 in the same manner as the program of the process shown in FIG.

  In FIG. 5, the DHCP server 10 sequentially reads the lease table 12 stored in the database (S21). Then, the DHCP server 10 confirms the “valid period” in each lease status table 12 (S12), and deletes the lease table 12 that has passed the set value of “valid period”.

  This eliminates subsequent unauthorized processing (confirmation processing in S1 in FIG. 3) and management in the DHCP server 10. Further, as described above, the lease status table 12 created when a temporary visitor connects his / her PC to the IP network N (internal network) (first connection) also has an “effective period”. It is deleted when the set value elapses. Therefore, the initial lease condition ("state" = initial, "validity period" = 2 days) is set when the person visits the company again after the validity period elapses and connects his / her PC to the IP network N. Since the new lease status table 12 is created, the person can use the PC on the IP network without any trouble as described above.

The DHCP server 10 manages the relationship between the IP address distributed as described above and the distribution destination client PC in the lease table 11. The DHCP server 10 uses an IP address according to a broadcast or multicast communication method.
The IP addresses stored in each client PC connected to the network N can be collected. Then, by comparing the collected result with the relationship between the client PC and the IP address recorded in the lease table 11, it is determined whether or not there is a PC that has illegally stored the IP address on the IP network. be able to. The DHCP server 10 can notify the network management PC 20 of the determination result.

  In the system described above, the network management PC 20 can change the contents of the lease status table 12 corresponding to each client PC stored in the database of the DHCP server 10 using a general-purpose browser function. That is, the network management PC 20 reads the management WEB screen provided by the DHCP server 10 and sets information according to a predetermined setting operation by the administrator. Then, the DHCP server 10 that provides the management WEB screen executes processing according to the procedure shown in FIG. This process is also executed according to a program provided to the DHCP server 10 in the same manner as the program of the process shown in FIG.

  In FIG. 6, information set on the WEB screen by the network PC 20 (target client PC, lease conditions, etc.) is acquired (S31), and when it is determined that the setting is completed (YES in S32), the DHCP server 10 updates the lease condition of the lease table 12 corresponding to the set client PC 30 to the set lease condition (S33).

  In the course of the process shown in FIG. 6, if the confirmation of the completion of the setting is not made (NO in S32), the process ends without changing the lease status table 12 because the setting process is incomplete. .

In this way, the contents of the lease status table 12 stored in the database of the DHCP server 10 can be changed by the network management PC 20, so that, for example, when an unauthorized PC connected to the IP network N is found, the network management PC 20 The lease conditions in the lease status table 12 corresponding to the unauthorized PC
“State” = not leaseable;
“Effective period” = 1 day extension;
Can be changed. As a result, the subsequent connection of the unauthorized PC to the IP network N can be prohibited.

  According to the DHCP server 10 (IP address distribution device) according to the embodiment as described above, the IP is created based on the lease status table 12 that is created and updated (lease conditions) for each client PC 30. It becomes possible to dynamically control whether or not an IP address can be distributed to each client PC connected to the network N. For the first client PC connected to the IP network, the IP address is unconditionally distributed and a lease status management table with initial lease conditions is created. Even if a person connects his / her PC to the IP network N (in-house network) (first connection), the person can use the PC on the IP network without any trouble.

  Further, after the set value of “valid period” in the initial lease condition has passed, “state” = initial state in the lease status table 12 is changed to “state” = non-leasable, so that the “valid” of the unauthorized PC Connection to the IP network N after the set value of “period” has elapsed, in particular, can be prevented without using other resources such as an authentication server.

Further, in the above-described system, each client PC 30 can perform the main registration procedure process on the WEB screen provided by the DHCP server 10, and the network management PC 2
0 can also perform processing related to changing the contents of the lease status table 12 on the WEB screen provided by the DHCP server 10, so that each client PC 30 and network management PC 20 do not have a special function (application). Those processes can be performed only by providing a general-purpose browser function.

  Although the above-described system is assumed to be an in-house network, the network on which the system is constructed is not limited to this, and can be any network. For example, the system can be applied to a network connection environment (Hot Spot (registered trademark)) installed in a place (restaurant or public facility) where unspecified people gather. In such a system, there is an operation mode in which use of a hot spot (registered trademark) is permitted as a consideration for the facility user. It is possible to utilize the system as described above for the purpose of eliminating use without qualification or permitting use for a certain period of time.

  The IP network described above may be wired or wireless (for example, a wireless LAN).

  In addition, a program that causes a device such as a computer or a machine to realize any of the above functions can be recorded on a recording medium that can be read by the computer or the like. The function can be provided by causing a computer or the like to read and execute the program of the recording medium.

  Here, a computer-readable recording medium refers to a recording medium that stores information such as data and programs by electrical, magnetic, optical, mechanical, or chemical action and can be read from a computer. Say. Examples of such a recording medium that can be removed from the computer include a flexible disk, a magneto-optical disk, a CD-ROM, a CD-R / W, a DVD, a DAT, an 8 mm tape, and a memory card.

  In addition, as a recording medium fixed to a computer or the like, there are a hard disk, a ROM (read only memory), and the like.

  Furthermore, this embodiment discloses the following invention. In addition, the constituent elements included in any of the following inventions (hereinafter referred to as supplementary notes) may be combined with the constituent elements of other supplementary notes.

(Appendix 1) An IP address distribution device that distributes an IP address to a client device based on distribution request information received from a client device connected to an IP network,
Lease condition storage means for storing lease conditions representing conditions relating to whether or not to distribute IP addresses in association with client devices;
When distribution request information is received from a client device, if lease conditions corresponding to the client device are not stored in the lease condition storage unit, distribution of an IP address to the client device is permitted, and Initial control means for associating and storing initial lease conditions in the lease condition storage means;
Condition changing means for changing lease conditions corresponding to each client device stored in the lease condition storage means;
IP address distribution availability control means for controlling whether or not an IP address can be distributed to a client device that is a transmission source of distribution request information based on lease conditions stored in correspondence with the client device in the lease condition storage means. IP address distribution device.

(Supplementary Note 2) The initial lease condition includes a periodical condition that enables distribution of an IP address,
When the condition change means receives distribution request information from a client device, it determines whether or not a periodical condition in the initial lease condition stored in the lease condition storage means corresponding to the client device is satisfied. Means for determining;
The IP address distribution according to appendix 1, further comprising lease prohibition setting means for changing the initial lease condition to a lease condition prohibiting IP address distribution when it is determined that the periodical condition is not satisfied. apparatus.

  (Additional remark 3) The said condition change means is a means to change the said initial lease conditions corresponding to the said client apparatus to the regular lease conditions which predetermined distribution of IP address based on the information which concerns on the predetermined process execution from a client apparatus The IP address distribution device according to Supplementary Note 1 or 2, wherein:

(Supplementary Note 4) The lease condition includes a periodical condition that enables distribution of an IP address,
The condition changing means includes means for extending a period condition in the lease condition stored in the lease condition storage means corresponding to the client device for a predetermined period when distribution request information is received from the client device. The IP address distribution device according to any one of 1 to 3.

(Supplementary Note 5) The lease condition includes a periodical condition that enables distribution of an IP address,
The condition changing means is means for determining whether or not the periodical condition in each lease condition stored in the lease condition storage means is satisfied for each predetermined period;
The IP address distribution device according to any one of supplementary notes 1 to 4, further comprising: a unit that deletes the lease condition for which the periodical condition is not satisfied from the lease condition storage unit.

  (Additional remark 6) The said condition change means changes the lease conditions corresponding to each client apparatus memorize | stored in the said lease condition memory | storage means based on the information which concerns on the predetermined process execution from the management apparatus connected to the said IP network The IP address distribution device according to any one of appendices 1 to 5, further comprising means.

(Supplementary note 7) An IP address distribution method for distributing an IP address to a client device based on distribution request information received from a client device connected to an IP network,
When the distribution request information is received from the client device, the lease condition corresponding to the client device is stored in the lease condition storage unit that stores the lease condition indicating the condition relating to whether or not the IP address can be distributed in association with each client device. If not, an initial control step of permitting distribution of the IP address to the client device and storing an initial lease condition in the lease condition storage unit in association with the client device;
A condition changing step for changing a lease condition corresponding to each client device stored in the lease condition storage means;
An IP address distribution permission / inhibition control step for controlling whether or not an IP address can be distributed to a client device as a transmission source of distribution request information based on a lease condition stored in the lease condition storage unit corresponding to the client device. IP address distribution method.

(Supplementary Note 8) The initial lease condition includes a periodical condition that enables IP address distribution,
In the condition changing step, when distribution request information is received from a client device, whether or not a periodical condition in the initial lease condition stored in the lease condition storage unit corresponding to the client device is satisfied is determined. A determining step;
The IP address distribution according to appendix 7, further comprising a lease prohibition setting step for changing the initial lease condition to a lease condition prohibiting the distribution of an IP address when it is determined that the periodical condition is not satisfied. Method.

  (Additional remark 9) The said condition change step has a step which changes the said initial lease conditions corresponding to the said client apparatus into the lease conditions which always permit distribution of an IP address based on the information which concerns on the predetermined process execution from a client apparatus. The IP address distribution method according to appendix 7 or 8.

(Supplementary Note 10) The lease condition includes a periodical condition that enables distribution of an IP address,
The condition changing step includes means for extending a periodical condition in the lease condition stored in the lease condition storage means corresponding to the client device for a predetermined period when distribution request information is received from the client device. The IP address distribution method according to any one of 7 to 9.

(Supplementary Note 11) The lease condition includes a periodical condition that enables distribution of an IP address,
The condition changing step determines, for each predetermined period, whether or not the periodical condition in each lease condition stored in the lease condition storage means is satisfied;
The IP address distribution method according to any one of appendices 7 to 10, further comprising a step of deleting the lease condition for which it is determined that the periodical condition is not satisfied from the lease condition storage unit.

(Supplementary Note 12) A computer for performing processing for distributing an IP address to a client device based on distribution request information received from the client device connected to the IP network,
When the distribution request information is received from the client device, the lease condition corresponding to the client device is stored in the lease condition storage unit that stores the lease condition indicating the condition relating to whether or not the IP address can be distributed in association with each client device. If not, initial control means for permitting distribution of the IP address to the client device and for storing an initial lease condition in the lease condition storage means in association with the client device;
Condition changing means for changing lease conditions corresponding to each client device stored in the lease condition storage means;
Let the lease condition storage unit function as an IP address distribution permission control unit that controls whether or not the IP address can be distributed to the client device that is the transmission source of the distribution request information based on the lease condition stored corresponding to the client device. Program for.

(Additional remark 13) In the identifier allocation apparatus which allocates the said identifier to the communication apparatus which communicates using a unique identifier,
Management means for managing communication devices;
Control means for receiving a request from a communication device, and assigning an identifier to the communication device in response to the request if the identifier is assigned to the communication device within a predetermined period;
An identifier assigning device comprising: (1)
(Supplementary note 14) The identifier assigning device according to supplementary note 13, wherein the control means always assigns an identifier in response to a request from an authorized communication device in response to the request. (2)
(Supplementary note 15) In an identifier assignment method for assigning the identifier to a communication device that communicates using a unique identifier,
Manage communication equipment,
Receives requests from communication devices,
If an identifier is assigned to the communication device in response to the request if it is within a predetermined period from the assignment of the identifier to the communication device,
An identifier assigning method characterized by the above. (3)
(Supplementary note 16) The identifier assigning method according to supplementary note 15, wherein an identifier is always assigned to a request from an authorized communication device in response to the request. (4)
(Supplementary Note 17) A computer that assigns the identifier to a communication device that communicates using a unique identifier.
Management means for managing communication devices;
Control means for receiving a request from a communication device, and assigning an identifier to the communication device in response to the request if the identifier is assigned to the communication device within a predetermined period;
Program to make it function. (5)

It is a figure which shows the system with which the IP address distribution apparatus which concerns on embodiment of this invention is applied. FIG. 1 is a diagram illustrating a functional relationship among a DHCP server, a management PC device, and a client PC device in the system. It is a flowchart which shows the flow of the process performed when a DHCP server receives a lease request. It is a flowchart which shows the flow of this registration procedure processing in a DHCP server. It is a flowchart which shows the flow of the process for organizing the lease status table performed for every predetermined period in a DHCP server. It is a flowchart which shows the flow of the process for changing the content of the lease status table in a DHCP server.

Explanation of symbols

10 DHCP server 20 Network management PC
30, 31, 32, 33 Client PC

Claims (6)

In an identifier assignment apparatus that assigns the identifier to a communication device that communicates using a unique identifier based on a request from the communication device,
A management means for managing a state related to the communication device and a validity period of the state in association with the communication device;
If a request from a communication device is received, and the status regarding the communication device indicates that assignment is possible, and if the elapsed time from the time when the identifier is assigned to the communication device is within the valid period, the request is sent in response to the request. While assigning an identifier to a communication device, if the status relating to the communication device indicates that assignment is not possible and the elapsed time from the time of assignment to the communication device exceeds the valid period, the valid period is extended by a predetermined period and the An identifier assigning device comprising: control means for assigning no identifier to the communication device in response to a request. When a request from a communication device is received for the first time,
The identifier assigning apparatus according to claim 1, wherein the management means sets the state to an initial state, and the control means assigns an identifier to the communication device in response to a request from the communication device. When a request from a communication device is received,
The control means extends the valid period by a predetermined period and cannot assign the status when the status regarding the communication device indicates an initial state and the elapsed period from the time of assignment of the identifier to the communication device exceeds the valid period. The identifier assigning apparatus according to claim 2, wherein an identifier is not assigned to the communication device in response to the request. A computer that assigns the identifier to a communication device that communicates using a unique identifier based on a request from the communication device;
A management means for managing a state related to the communication device and a validity period of the state in association with the communication device;
If a request from a communication device is received, and the status regarding the communication device indicates that assignment is possible, and if the elapsed time from the time when the identifier is assigned to the communication device is within the valid period, the request is sent in response to the request. While assigning an identifier to a communication device, if the status relating to the communication device indicates that assignment is not possible and the elapsed time from the time of assignment to the communication device exceeds the valid period, the valid period is extended by a predetermined period and the A program for functioning as control means that does not assign an identifier to the communication device in response to a request. When a request from a communication device is received for the first time,
5. The program according to claim 4, wherein the management unit sets the state to an initial state, and the control unit allocates an identifier to the communication device in response to a request from the communication device. When a request from a communication device is received,
The control means extends the valid period by a predetermined period and cannot assign the status when the status regarding the communication device indicates an initial state and the elapsed period from the time of assignment of the identifier to the communication device exceeds the valid period. 6. The program according to claim 5, wherein an identifier is not assigned to the communication device in response to the request.

Images