Communication terminal, communication control apparatus, communication system, communication control method, and program

摘要

Provided a communication terminal configured to provide a tethering function controls permission of communication of a different apparatus using the tethering function provided by the communication terminal, based on at least one of attribute information of the different apparatus, a communication destination of the different apparatus, and information on an interface of a network to which the communication terminal is connected, in accordance with a control policy stored in a storage unit in advance.

主权项

1. A communication terminal configured to provide a tethering function, the communication terminal comprising:
a first interface to communicatively connect to a different apparatus; one or more second interfaces to communicatively connect to a network; a communication flow control unit configured to perform predetermined communication control for the different apparatus communicatively connected to the communication terminal and communicatively connected to the network using the tethering function provided by the communication terminal, the predetermined communication control including permission or blocking of communication and path allocation of assigning the second interface through which the communication is performed when permitting the communication, for the different apparatus using the tethering function provided by the communication terminal, based on attribute information of the different apparatus, a communication destination of the different apparatus, and information on the second interface of the network to which the communication terminal is connected, in accordance with a control policy; and a storage that stores the control policy, wherein the control policy stored in the storage includes:
an attribute field including one or more attributes of different apparatuses;a communication destination field including one or more communication destination server groups, in association with each attribute of the different terminal;a second interface type field including, in association with each communication destination server group, one or more second interface types respectively corresponding to one or more types of networks to which one or more second interfaces communicatively connect; anda control action field specifying permission or blocking of the communication, in association with each second interface type, the communication flow control unit searches the control policy stored in the storage, to find one or more control actions corresponding to the attribute of the different apparatus, the communication destination and one or more second interface types, and the communication flow control unit selects a second interface of the one or more second interfaces, based on a communication security strength associated with a type thereof, out of the one or more available second interfaces included in the communication terminal, with the control actions associated therewith indicating permission, while the communication flow control unit blocks communication of the different apparatus with the communication destination when the one or more control actions associated with one or more second interfaces included in the communication terminal each indicate blocking.