DESCRIPTION RELAY COMMUNICATION SYSTEM AND ACCESS MANAGEMENT
APPARATUS Technical Field [0001]
The present invention relates to a relay communication system that enables computers connected to two different local area networks (LANs) to make communication with each other beyond a wide area network (WAN). Background Art [0002]
Conventionally, a remote maintenance system, which performs, from a remote location, monitoring and maintenance for an electronic instrument installed at home, office or the hke, has been put into practical use. By using the remote maintenance system, a serviceman at a maintenance company can perform maintenance work for the electronic instrument without visiting the place where the electronic instrument is installed. There is a merit that the maintenance company can reduce cost by using the remote maintenance system. Even in the case where a trouble occurs in the electronic instrument, the serviceman can operate the electronic instrument remotely, thus quickly solving the trouble that has occurred. In this way, there is a merit also for a user of the electronic instrument that uses the remote maintenance system. Prior Art Document Patent Document [0003]
[Patent Document l] Japanese Patent Laid-Open Publication No. 2003-223521
2

Summary of the Invention
Problems to be Solved by the Invention
[0004]
Patent Document 1 above discloses a technique for monitoring, from a remote location, an operation control device that controls an air conditioner. The maintenance company of the air conditioner purchases a recording medium, in which monitoring software, a password for accessing the operation control device, and the like are recorded, from the manufacturer of the air conditioner in order to acquire monitoring data of the air conditioner from the operation control device. [0005]
The maintenance company accesses the operation control device by using the password recorded in the recording medium, and acquires the monitoring data from the operation control device by using the monitoring software. In the case where abnormalities are found in the operation control device when analyzing the monitoring data, the maintenance company performs remote maintenance for the operation control device. [0006]
However, timing at which an access right to the operation control device can be set for the maintenance company is limited to the time when the maintenance company purchases the recording medium. Even in the case where the maintenance company is replaced, there is a concern that the previous maintenance company may illegally access the operation control device by using the password recorded in the recording medium.
Moreover, in the case where the maintenance company continuously
3

accesses the operation control device for a long time, there is a concern that a third party other than the serviceman may access the operation control device.
Furthermore, the maintenance company cannot confirm the abnormalities that have occurred in the operation control device, until the monitoring data is analyzed. Therefore, it has been difficult to quickly deal with the abnormalities which have occurred in the operation control device. [0007]
In this connection, in consideration of the foregoing problems, it is an object of the present invention to provide a technique capable of easily controlUng communication between the electronic instrument as a maintenance target and a computer that performs the remote maintenance.
Means for Solving the Problems [0008]
A description is made below of a plurality of aspects as means for solving the problems. These aspects can be arbitrarily combined with one another according to needs.
A relay communication system according to an aspect of the present invention includes: a first relay apparatus; a second relay apparatus; and an access management apparatus. The access management apparatus holds a list of apparatuses accessible by the first relay apparatus. The first relay apparatus requests, to the access management apparatus, the Hst of the apparatuses accessible by the first relay apparatus, select the second relay apparatus from the list, and transmit to the access management apparatus an access request to the second relay apparatus. The second relay apparatus is to be in an initial state of denying access fi-om apparatuses other than the access management
4

apparatus, and shift to a standby state for connection from the first relay apparatus when having received an access permission request from the access management apparatus. The access management apparatus includes^ an access permission unit; and a notification unit. The access permission unit, when having received from the first relay apparatus an access request to the second relay apparatus, determines whether or not to permit the first relay apparatus to access the second relay apparatus based on the list. In a case where the first relay apparatus is permitted to access the second relay apparatus, the notification unit notifies the second relay apparatus of the access permission request and notifies the first relay apparatus of an access permission to the second relay apparatus. The first relay apparatus includes^ a communication session establishment unit that establishes a communication session with the second relay apparatus when having received the access permission. Each of the first relay apparatus and the second relay apparatus includes: a relay communication unit that relays, by using the communication session, communication between a first communication terminal connected to a first LAN on the first relay apparatus side and a second communication terminal connected to a second LAN on the second relay apparatus side. [0009]
The access management apparatus may further include^ a list transmission unit that transmits the hst to the first relay apparatus, and the first relay apparatus may further include: a selection unit that selects the second relay apparatus as an access request destination by using the list. [0010]
The first relay apparatus may further include: an access status notification unit that notifies the access management apparatus of an access
5

status with respect to the second relay apparatus, and the access management apparatus may further include^ an access recording unit that records a change of the access status based on the notice from the access status notification unit.
Each of the first relay apparatus, the second relay apparatus and the access management apparatus may further include^ a relay server information sharing unit that shares among each other a relay server information. The relay server information includes activation information of the first relay apparatus and the second relay apparatus, and including activation/registration information of client terminals connected to the first relay apparatus and the second relay apparatus.
The first relay apparatus may further include: a display unit that displays the relay server information.
The communication session may be a routing session that serves as a media session that performs routing control for a communication packet to be transferred between the first relay apparatus and the second relay apparatus.
In the routing session, the first relay apparatus and the second relay apparatus may exchange network addresses with each other after the routing session is established.
In exchanging the network addresses, the first relay apparatus and the second relay apparatus respectively may permit accesses to all terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
In exchanging the network addresses, the first relay apparatus or the second relay apparatus respectively may permit accesses to a part of terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
6

[0011]
An access management apparatus according to another aspect of the present invention is an apparatus capable of performing communication with a first relay apparatus and a second relay apparatus, including: a list transmission unit; an access permission unit; and a notification unit. The list transmission unit holds a list of apparatuses accessible by the first relay apparatus, and transmits the list to the first relay apparatus. When having received, fi-om the first relay apparatus, an access request to the second relay apparatus, the access permission unit determines whether or not to permit the first relay apparatus to access the second relay apparatus based on the list. In a case where the first relay apparatus is permitted to access the second relay apparatus, the notification unit notifies the second relay apparatus that there is an access fi"om the first relay apparatus, and notifies the first relay apparatus of an access permission to the second relay apparatus. [0012]
A relay communication system according to another aspect of the present invention includes^ a first relay apparatus; a second relay apparatus; and an access management apparatus. The access management apparatus includes^ an access permission unit; a notification unit; and a session information acquisition unit. The access permission unit holds a Hst of apparatuses accessible by the first relay apparatus and when having received from the first relay apparatus an access request to the second relay apparatus, determines whether or not to permit the first relay apparatus to access the second relay apparatus based on the list. In a case where the first relay apparatus is permitted to access the second relay apparatus, the notification unit notifies the second relay apparatus that there is an access from the first relay apparatus, and notifies the first relay
7

apparatus of an access permission to the second relay apparatus. The session information acquisition unit acquires, from the first relay apparatus, a session information regarding a communication session established between the first relay apparatus and the second relay apparatus based on the access permission. The first relay apparatus includes^ a communication session establishment unit that establishes the communication session with the second relay apparatus when having received the access permission. Each of the first relay apparatus and the second relay apparatus includes ^ a relay communication unit that relays, by using the communication session, communication between a first communication terminal connected to a first LAN on the first relay apparatus side and a second communication terminal connected to a second LAN on the second relay apparatus side. The access management apparatus further includes: a disconnection instruction unit that, in a case where it has been determined that the communication session satisfies a predetermined condition based on the session information, transmits a disconnection instruction of the communication session to the first relay apparatus or the second relay apparatus. [0013]
The first relay apparatus may further include^ an establishment notification unit that transmits an establishment notice of the communication session to the access management apparatus, and the disconnection instruction unit may instruct the first relay apparatus to disconnect the communication session in a case where a time that has elapsed since the establishment notice was received reaches a predetermined time or more. [0014]
An access management apparatus according to still another aspect of the
8

present invention is an apparatus capable of performing communication with a first relay apparatus and a second relay apparatus, including: an access permission unit! a notification unit; a session information acquisition unit; and a disconnection instruction unit. The access permission unit holds a list of apparatuses accessible by the first relay apparatus and when having received from the first relay apparatus an access request to the second relay apparatus, and determines whether or not to permit the first relay apparatus to access the second relay apparatus based on the list. In a case where the first relay apparatus is permitted to access the second relay apparatus, the notification unit notifies the second relay apparatus that there is an access from the first relay apparatus, and notifies the first relay apparatus of an access permission to the second relay apparatus. The session information acquisition unit acquires, fi-om the first relay apparatus, a session information regarding a communication session established between the first relay apparatus and the second relay apparatus based on the access permission. In a case where it has been determined that the communication session satisfies a predetermined condition based on the session information, the disconnection instruction unit transmits a disconnection instruction of the communication session to the first relay apparatus or the second relay apparatus. [0015]
A relay communication system according to still another aspect of the present invention includes: a first relay apparatus; a second relay apparatus; and an access management apparatus. The first relay apparatus transmits a predetermined information to the access management apparatus. The first relay apparatus is to be in an initial state of denying access from apparatuses other than the access management apparatus, and shift to a standby state for
9

connection from the second relay apparatus when having received from the access management apparatus a notice that there is an access from the second relay apparatus. The access management apparatus includes^ a Ust holding unit; a specification unit! and an access instruction unit. The list holding unit holds a permission Hst as a list of apparatuses capable of accessing the first relay apparatus. The specification unit specifies the second relay apparatus based on the permission list when having received predetermined information from the first relay apparatus. The access instruction unit notifies the first relay apparatus that there is an access from the second relay apparatus, and instructs the second relay apparatus to access the first relay apparatus. The second relay apparatus includes^ a communication session establishment unit that establishes a communication session between the first relay apparatus and the second relay apparatus based on the instruction from the access instruction unit. Each of the first relay apparatus and the second relay apparatus includes- a relay communication unit that relays, by using the communication session, communication between a communication terminal connected to a LAN on the first relay apparatus side and a communication terminal connected to a LAN on the second relay apparatus side. [0016]
The access management apparatus may further include^ a confirmation unit that confirms whether or not the second relay apparatus specified by the specification unit is in a state of being capable of accessing the first relay apparatus. [0017]
The second relay apparatus may further include: a notification unit that notifies the access management apparatus of a change of a communication status
10

between the jQrst relay apparatus and the second relay apparatus, and the access management apparatus may further include^ a recording unit that records the change of the communication status based on the notice from the notification unit. [0018]
An access management apparatus according to still another aspect of the present invention is an apparatus capable of performing communication with a first relay apparatus and a second relay apparatus, including: a list holding unit; a specification unit; a confirmation unit; and an access instruction unit. The list holding unit holds a permission list as a list of apparatuses capable of accessing the first relay apparatus. The specification unit specifies the second relay apparatus based on the permission list when having received a predetermined information from the first relay apparatus. The confirmation unit confirms whether or not the second relay apparatus specified by the specification unit is in a state of being capable of accessing the first relay apparatus. In a case where the second relay apparatus is in the state of being capable of accessing the first relay apparatus, the access instruction unit notifies the first relay apparatus that there is an access from the second relay apparatus, and instructs the second relay apparatus to access the first relay apparatus.
Effects of the Invention [0019]
(l) In the relay communication system according to the one aspect of the present invention, the access management apparatus permits the first relay apparatus to access the second relay apparatus based on the list of the apparatuses accessible by the first relay apparatus. Based on the access
11

permission of the access management apparatus, the first relay apparatus estabhshes the communication session between the first relay apparatus and the second relay apparatus. In such a way, the access management apparatus can control the communication between the first relay apparatus and the second relay apparatus, and accordingly, an illegal access to the second LAN on the second relay apparatus side can be prevented. [0020]
The access management apparatus transmits, to the first relay apparatus, the list of the apparatuses to which access rights are set for the first relay apparatus. Based on the received list, the first relay apparatus determines the access request destination. In such a way, a user of the first relay apparatus can easily confirm the apparatuses accessible by the first relay apparatus. [0021]
The first relay apparatus notifies the access management apparatus of the change of the access status to the second relay apparatus. Based on the notice coming from the first relay apparatus, the access management apparatus records the access status of the first relay apparatus with respect to the second relay apparatus. In such a way, the communication status between the first relay apparatus and the second relay apparatus can be grasped with ease. [0022]
(2) In the relay communication system according to the another aspect of the present invention, the first relay apparatus acquires the access permission to the second relay apparatus fi-om the access management apparatus, and establishes the communication session between the first relay apparatus and the second relay apparatus. At a time of determining that the communication
12

session satisfies a predetermined condition, the access management apparatus instructs the first relay apparatus to disconnect the communication session. In such a way, the access management apparatus can control the establishment and disconnection of the communication session in a unified way. [0023]
At a time of determining that a predetermined time has elapsed since the establishment notice was received, the access management apparatus instructs the first relay apparatus or the second relay apparatus to disconnect the communication session. In such a way, the communication session can be surely disconnected within a fixed time, and accordingly, the risk of an illegal access to the second LAN using the communication session can be lowered. [0024]
(3) In the relay communication system according to the still another aspect of the present invention, in the case of having received predetermined information from the first relay apparatus, the access management apparatus specifies the second relay apparatus based on the permission list. Based on the instruction from the access management apparatus, the second relay apparatus establishes the communication session between the first relay apparatus and the second relay apparatus. Such predetermined information may be, for example, information that indicates an operation of the communication terminal connected to the LAN on the first relay apparatus side, and the Hke. Hence, in response to the status of the communication terminal connected to the LAN on the first relay apparatus side, the communication between the first relay apparatus and the second relay apparatus can be controlled. [0025]
The access management apparatus confirms whether or not the second
13

relay apparatus specified based on the permission list is in a state of being capable of accessing the first relay apparatus. In such a way, the access management apparatus can instruct the apparatus that can surely access the first relay apparatus to access the first relay apparatus. [0026]
The second relay apparatus notifies the access management apparatus of the change of the communication status between the first relay apparatus and the second relay apparatus. The access management apparatus records therein the change of the communication status based on the notice fi-om the second relay apparatus. In such a way, the communication status between the first relay apparatus and the second relay apparatus can be grasped with ease.
Brief Description of the Drawings [0027]
FIG. 1 is a view showing a basic configuration of a relay communication system.
FIG. 2 is a view showing details of relay group information.
FIG. 3 is a view showing details of relay server information.
FIG. 4A is a view showing details of client terminal information.
FIG. 4B is a view showing details of client terminal information.
FIG. 5 is a view showing a configuration of the relay communication system at a time of being used for remote maintenance.
FIG. 6 is a view showing a configuration of a relay server.
FIG. 7 is a view showing a configuration of an access management apparatus.
FIG. 8 is a table showing an access permission list.
14

FIG. 9 is a chart showing a flow of the remote maintenance.
FIG. 10 is a table showing a selection list.
FIG. 11 is a view showing the relay server information in a table format.
FIG. 12 is a table showing access record information.
FIG. 13 is a view showing another configuration example of the relay communication system.
FIG. 14 is a view showing a configuration of an access management apparatus.
FIG. 15 is a chart showing a flow of remote maintenance.
FIG. 16 is a table showing access record information.
FIG. 17 is a chart showing a flow of remote maintenance.
FIG. 18 is a table showing access record information.
Best Modes for Carrying out the Invention [0028]
A description will be made below of embodiments of the present invention while referring to the drawings. [0029]
1. First Embodiment {Basic configuration of relay communication system}
A description will be made of an outline of a relay communication system according to this embodiment. FIG. 1 is a view showing a basic configuration of the relay communication system. The relay communication system shown in FIG. 1 is composed of LANs 1 and 2 and a WAN 100. The WAN 100 is a wide area network, for example, such as the Internet. [0030]
15

A relay server 10 and a client terminal 11 are connected to the LAN 1. A relay server 20 and a client terminal 21 are connected to the LAN 2. A session initiation protocol (SIP) server 101 is connected to the WAN 100. [0031]
The cUent terminals 11 and 21 are terminals such as personal computers. The relay servers 10 and 20 relay communication between the cHent terminal 11 and the client terminal 21. The SIP server 101 relays communication between the relay server 10 and the relay server 20. In this embodiment, the SIP is used as the communication protocol between the relay server 10 and the relay server 20; however, protocols other than the SIP may be used. [0032]
The relay servers 10 and 20 and the client terminals 11 and 21 constitute a relay group capable of communication therebetween, and hold information required for participation in the relay group. The relay server 10 holds relay group information 51, relay server information 52 and client terminal information 53. The relay server 20 holds the relay group information 51, the relay server information 52 and client terminal information 54. The cUent terminals 11 and 21 hold the relay group information 51 and the relay server information 52. [0033]
FIG. 2 is a view showing the relay group information 51. The relay group information 51 includes upper information 511. The upper information 511 corresponds to a group tag. [0034]
The upper information 511 is information regarding the relay group, "id" is an identification information of the relay group, in which "groupA" is set.
16

"lastmod" indicates a latest update time of the relay group information 51.
"name" is a name of the relay group.
[0035]
Lower information 512 is information regarding the relay servers located at a lower level below the relay group. The lower information 512 is incorporated as site tags in the upper information 511. "id" indicates an identification information of the relay servers. In the respective site tags, there are set: "rs-l@abc.net" as the identification information of the relay server 10, and "rs-2@abc.net" as the identification information of the relay server 20. In the case where a new relay server is added to the relay group, a site tag corresponding to the new relay server is added to the lower information 512. [0036]
FIG. 3 is a view showing the relay server information 52. The relay server information 52 is information regarding the relay servers and the client terminals, which constitute the relay group. The relay server information 52 includes upper information 521-1 and 521-2. The upper information 521-1 and 521-2 correspond to the site tags. [0037]
The upper information 521-1 and 521-2 are information regarding the relay servers, which are located at an upper level, and correspond to the relay servers 10 and 20, respectively, "id", "name" and "stat" indicate the identification information, name and start state of the respective relay servers. If the relay server is started, then the start state of the relay server is set as^ "stat = 'active"'. [0038]
The upper information 521-1 includes lower information 522-1. The
17

lower information 522-1 is information regarding the client terminal 11 located at a lower level below the relay server 10. The lower information 522-1 corresponds to a node tag, and is incorporated in the site tag (upper information 521-1). In a similar way, the upper information 521-2 includes lower information 522-2 as information regarding the client terminal 21 located at a lower level below the relay server 20. [0039]
In each of the lower information 522-1 and 522-2, "div", "id" and "name" indicate a name of an installed division, identification information and name of the respective client terminals, "group" indicates the identification information of a relay group to which the client terminal belongs, "site" indicates the identification information of the relay server as a log-on destination of the client terminal. [0040]
If "site= 'rs-l@abc.net"' is set in the lower information 522-1, then the client terminal 11 has logged on to the relay server 10. In this case, the relay server 20 and the client terminal 21 can communicate with the client terminal 11 through the relay server 10. Meanwhile, if the client terminal 11 is not logged on to the relay server 10, then the field of "site" is blank. Thus the relay server 20 and the client terminal 21 cannot communicate with the client terminal 11. [0041]
The number of such node tags (lower information) included in the site tag (upper information) is changed depending on the number of client terminals connected to the relay server. For example, in the case where a new client terminal is connected to the relay server 10, a node tag (lower information) corresponding to the new client terminal is added to the site tag.
18

[0042]
FIG. 4A is a view showing the cUent terminal information 53. In the client terminal information 53, information regarding the client terminal 11 is set. "div", "node addr", "name" and "pass" indicate an installed division name, an internet protocol (IP) address, name and password of the cUent terminal 11. "id" indicates the identification information of the client terminal 11. The identification information of the client terminal 11 is "cl-ll@rs-l.abc.net". "expr" indicates a log-on expiration period of the cHent terminal 11. "port" indicates a port number to be used by the client terminal 11 when the cUent terminal 11 performs communication in the relay group. If the client terminal 11 is not logged on to the relay server 10, then "expr" and "port" are blank. [0043]
FIG. 4B is a view showing the client terminal information 54 corresponding to the client terminal 21. The information regarding the client terminal 21 is recorded in the client terminal information 54 in a similar way to the cUent terminal information 53. The identification information of the client terminal 21 is "cl-21@rs-2.abc.net". [0044]
The relay group information 51 is updated when the number of relay servers which constitute the relay group is changed. The relay server information 52 is updated when a configuration of the relay group, an operation state of a relay server, and a log-on state of a client terminal are changed, and so on. [0045]
For example, in the case where the client terminal 11 has logged off from the relay server 10, the relay server 10 updates the relay server information 52
19

held by the relay server 10, and transmits an update notice of the relay server information 52 to the relay server 20. The relay server 20 relays the update notice to the client terminal 21. Based on the update notice, the relay server 20 and the client terminal 21 update the relay server information 52. In this way, by referring to the relay group information 51 and the relay server information 52, each user of the relay servers 10 and 20 and the client terminals 11 and 21 can confirm, in real time, the configuration of the relay group, the operation state of each computer, and the Uke. [0046]
The cHent terminal information 53 and 54 are used when the relay servers 10 and 20 relay data destined to the client terminals 11 and 21. A case is considered, where the relay server 10 has received data, in which the identification information of the client terminal 11 is designated as a transmission destination, from the relay server 20. The relay server 10 specifies the IP address of the client terminal 11 based on the identification information of the cUent terminal 11, which is designated as the transmission destination, and based on the cHent terminal information 53. The relay server 10 relays the received data to the client terminal 11 by using the specified IP address. [0047] {Configuration of remote maintenance system}
A description is made in detail of a remote maintenance system using the above-mentioned relay communication system. FIG. 5 is a view showing a configuration of the remote maintenance system. The remote maintenance system shown in FIG. 5 has a configuration in which a LAN 3 is newly added to the LANs 1 and 2 shown in FIG. 1. In FIG. 5, indication of the WAN 100 and
20

the SIP server 101 is omitted. [0048]
The LAN 1 is a user network to be used by the user. Network address of the LAN 1 is "172.16.0.0/12" (12 at the end is a subnet mask). To the LAN 1, there are connected the relay server 10, the client terminal 11, and a general server 12. The general server 12 may be a file server, a Web server, or the like, which serves as a target of the remote maintenance. The general server 12 does not function as the relay server or the client terminal. [0049]
The LANs 2 and 3 are networks to be used by a maintenance company that performs the remote maintenance for the LAN 1. [0050]
The LAN 2 may be constructed at a maintenance center, in which a serviceman of the maintenance company is always stationed. Network address of the LAN 2 is "192.168.2.0/24". To the LAN 2, there are connected: the relay server 20, the client terminal 21, and a general terminal 22. The general terminal 22 is a computer that does not function as the relay server or the client terminal, in a similar way to the general server 12. The serviceman performs the remote maintenance for the general server 12, which is connected to the LAN 1, by using the relay server 20. [0051]
The LAN 3 is constructed at a call center that receives inquiries and the like from users. Network address of the LAN 3 is "192.168.3.0/24". To the LAN 3, there are connected: an access management apparatus 30, and a client terminal 31. The access management apparatus 30 functions as a relay server, and in addition, manages an access right to the relay server 10 and the client
21

terminal 11. Therefore, the access management apparatus 30 is capable of communication, which is made through the WAN 100, with the relay servers 10 and 20 and the client terminals 11 and 21. [0052]
In the case where the serviceman performs the remote maintenance for the general server 12 by using the relay server 20, a routing session is established between the relay server 10 and the relay server 20. [0053]
The routing session is a media session for performing routing control for a communication packet to be transferred between the LAN 1 and the LAN 2. The general server 12 does not function as the relay server or the client terminal, and accordingly, is not registered in the relay server information. Hence, normally, the relay server 20 cannot communicate with the general server 12 that is connected to the LAN 1. However, the use of the routing session enables the relay server 20 to communicate with the general server 12. [0054]
In order to establish the routing session, the relay server 20 must acquire an access permission from the relay server 10 through the access management apparatus 30. After acquiring the access permission to the relay sei^^er 10, the relay server 20 establishes the routing session between the relay server 10 and the relay server 20. In this way, the access management apparatus 30 manages access to the relay server 10 and the client terminal 11, which are connected to the LAN 1, thereby restricting unnecessary access to the LAN 1. [0055] {Configurations of relay servers 10 and 20}
FIG. 6 is a view showing a configuration of each of the relay servers 10
22

and 20. In FIG. 6, numbers in parentheses are reference numerals related to
the relay server 20.
[0056]
The relay server 10 (20) includes: a control unit 101 (201), a database storage unit 102 (202), and an interface unit 103 (203). [0057]
The control unit 101 (201) performs overall control for the relay server 10 (20). The control unit 101 (201) includes^ a routing session establishment unit 104 (204) and a routing control unit 105 (205). The routing session establishment unit 104 (204) establishes the routing session between the relay server 10 and the relay server 20. The routing control unit 105 (205) performs the routing control for the communication packets between the LAN 1 and the LAN 2 using the routing session. [0058]
The database storage unit 102 (202) stores therein^ relay group information 61, relay server information 62, and client terminal information 63 (64). In a similar way to FIG. 3, in the relay group information 61, the identification information of the relay servers 10 and 20 and the access management apparatus 30 is recorded. In the client terminal information 63 (64), the information regarding the client terminal 11 (21) is recorded. The relay server information 62 will be described later. [0059]
The interface unit 103 (203) performs communication within the LAN 1 (2) by using a private IP address. The interface unit 103 (203) performs communication, which is made through the WAN 100, by using a global IP address.
23

[0060]
{Configuration of access management apparatus 30}
FIG. 7 is a view showing a configuration of the access management apparatus 30. The access management apparatus 30 includes^ a control unit 301, a database storage unit 302, and an interface unit 303. [0061]
The control unit 301 performs overall control for the access management apparatus 30. The control unit 301 includes^ an access permission confirmation unit 304 and an access recording unit 305. The access permission confirmation unit 304, in response to an access request fi:om the relay server 20, confirms whether or not the relay server 10 permits access from the relay server 20. The access recording unit 305 records a status of the access firom the relay server 20 to the relay server 10. [0062]
The database storage unit 302 stores therein: the relay group information 61, the relay server information 62, client terminal information 65, an access permission list 66, and access record information 67. In the client terminal information 65, information regarding the client terminal 31 is recorded. The access permission list 66 is a list of apparatuses whose accesses are permitted by the relay server 10 and the client terminal 11, which are connected to the LAN 1. The access record information 67 is information that records a change of a communication state of the relay server 20 that is accessing the relay server 10. [0063]
The interface unit 303 performs communication made within the LAN 3 and communication made through the WAN 100 in a similar way to the interface
24

unit 103 of the relay server 10.
[0064]
{Operations of remote maintenance system}
A description is made of operations of the remote maintenance system when the serviceman at the maintenance center operates the relay server 20 to perform the remote maintenance for the general server 12. [0065]
At the call center, an administrator of the access management apparatus 30 creates the access permission Ust 66. The access permission list 66 is stored in the database storage unit 302. [0066]
FIG. 8 is a view showing the access permission list 66. The access permission hst 66 is information in which identification information of access target apparatuses and identification information of apparatuses permitted to access the access target apparatuses are associated with each other. The relay servers and the cHent terminals are set in the access permission list 66, and not the general server 12 and the general terminal 22. In FIG. 8, "rs-3@abc.net" is identification information of the access management apparatus 30. "cl-31@rs-3.abc.net" is identification information of the client terminal 31. [0067]
For example, apparatuses in which the access right to the relay server 10 is set are the relay server 20, the cHent terminals 21 and 31, and the access management apparatus 30. In this way, the access management apparatus 30 manages the apparatuses, which can access the relay server 10 and the client terminal 11, in a unified manner by using the access permission list 66. Simply by changing the access permission Ust 66, the apparatuses which can access the
25

relay server 10 and the client terminal 11 can be changed with ease. [0068]
FIG. 9 is a chart showing a flow of the remote maintenance for the general server 12. As an initial state, the relay server 10 is in a state of accepting access from the access management apparatus 30 and denying accesses from the relay server 20 and the client terminals 21 and 31. [0069]
Based on the operation by the serviceman, the relay server 20 requests the access management apparatus 30 to transmit a selection list 68 (Step Si). The selection list 68 is a list of relay servers and client terminals which permit the access from the relay server 20. The access management apparatus 30 extracts, from the access permission list 66, information corresponding to the relay server 20, and creates the selection list 68. The selection hst 68 is transmitted from the access management apparatus 30 to the relay server 20. [0070]
FIG. 10 is a table showing the selection hst 68. In the selection list 68, the relay server 10 and the client terminal 11 are set as the apparatuses which permit the access from the relay server 20. The serviceman displays the selection list 68 on a monitor of the relay server 20, and confirms that the access right to the relay server 10 is set in the relay server 20. [0071]
Next, with reference to the relay server information 62, the serviceman confirms that the relay server 10 is in operation. FIG. 11 is a view showing the relay server information 62 in a table format. Actually, the relay server information 62 is described in an extensible Markup Language (XML) format like the relay server information 52 (refer to FIG. 3).
26

[0072]
In FIG. 11, left-side columns of the relay server information 62 are upper information 621, and correspond to the site tags (refer to FIG. 3). In the upper information 621, only the identification information and operation state of the relay servers are shown. Right-side columns of the relay server information 62 are lower information 622, and correspond to the node tags (refer to FIG. 3). In the lower information 622, only the identification information and log-on destination of the client terminals are shown. [0073]
With reference to the relay server information 62 displayed on the monitor, the serviceman confirms that the relay server 10 is in operation. The serviceman operates the relay server 20, and instructs the relay server 20 to establish a routing session between the relay server 10 and the relay server 20. [0074]
FIG. 9 is referred to again. Based on such an instruction to establish the routing session, the relay server 20 transmits, to the access management apparatus 30, an access request with respect to the relay server 10 (Step S2). As mentioned above, the relay server 10 is in a state of not permitting the access fi'om the relay server 20. Therefore, before requesting the relay server 10 to establish the routing session, the relay server 20 acquires, through the access management apparatus 30, a permission to access the relay server 10. [0075]
The access management apparatus 30 receives the access request from the relay server 20, based on which the access permission confirmation unit 304 confirms, with reference to the access permission list 66, that the access right to the relay server 10 is set in the relay server 20. The access permission
27

confirmation unit 304 transmits, to the relay server 10, a permission request to request permission of the access to the relay server 10 by the relay server 20 (Step S2.1). The access recording unit 305 creates a new access record information 67. [0076]
FIG. 12 is a table showing the access record information 67. The access record information 67 is information that records an access status of the relay server 20 with respect to the relay server 10. In the access record information 67, there are recorded: the identification information of the relay server 20 as an access request source, and the identification information of the relay server 10 as an access destination. In a first row of update time, "13: 45: 23" is recorded, which is the time when the access management apparatus 30 received the access request. In a first row of connection state, "standby for access" is recorded. At the stage of the processing of Step S2.1, information is not recorded in second row and third row of the update time and the connection state. [0077]
When having received the permission request, the relay server 10 transmits, to the access management apparatus 30, an OK response to the permission request. The relay server 10 shifts to a state of accepting access coming firom the relay server 20. When having received the OK response coming from the relay server 10, the access management apparatus 30 transmits, to the relay server 20, an OK response corresponding to the access request (Step S2). Note that, when the access management apparatus 30 can confirm that the access right to the relay server 10 has been set with reference to the access permission hst 66, the access management apparatus 30 may transmit, to the relay server 20, the OK response corresponding to the access request (Step S2).
28

In this case, in Step S2.1, the access management apparatus 30 may notify the relay server 10 that there is an access coming from the relay server 20. [0078]
In response to the receipt, from the access management apparatus 30, of the OK response corresponding to the access request (Step S2), the relay server 20 starts establishing the routing session. The routing session establishment unit 204 transmits an establishment request of the routing session to the relay server 10 (Step S3). After receiving a response coming from the relay server 10, the routing session establishment unit 204 transmits an ACK to the relay server 10 (Step S4). In such a way, the routing session is established between the relay server 10 and the relay server 20 (Step S5). [0079]
The routing session establishment unit 204 transmits, to the access management apparatus 30, a session establishment notice indicating that the routing session has been established (Step S5.1). Based on the session establishment notice, the access recording unit 305 updates the access record information 67. In the access record information 67, in the second row of the update time, "13^ 45: 27" is recorded as a receiving time of the session establishment notice. In the second row of the connection state, "session is established" is recorded. [0080]
Next, the relay servers 10 and 20 exchange the network addresses of the LANs 1 and 2 as routing targets with each other. The relay server 10 transmits the network address of the LAN 1 to the relay server 20. The relay server 20 transmits the network address of the LAN 2 to the relay server 10. In such a way, communication between the relay server 20 and the general server 12 is
29

enabled through the routing session. By using the relay server 20, the serviceman can start the remote maintenance for the general server 12. [0081]
For example, the serviceman operates the relay server 20 and inputs a control command for the general server 12. The relay server 20 creates a communication packet in which the control command is enclosed. As a transmission destination of the communication packet, IP address "172.16.0.12" of the general server 12 is set. As a transmission source of the communication packet, IP address "192.168.2.20" of the relay server 20 is set. The relay server 20 transmits the created communication packet to the relay server 10 through the routing session. The relay server 10 confirms that such a transmission destination IP address of the communication packet received through the routing session corresponds to the network address of the LAN 1. The relay server 10 transmits the received communication packet to the general server 12. The general server 12 performs processing related to the control command. [0082]
The general server 12 sends out a communication packet (hereinafter, referred to as a "response communication packet") that encloses response information to the control command therein. As a transmission destination of the response communication packet, IP address "192.168.2.20" of the relay server 20 is set. As a transmission source of the response communication packet, IP address "172. 16.0.12" of the general server 12 is set. [0083]
In the case where the relay server 10 has received the response communication packet, the routing control unit 105 confirms that the IP address of the transmission destination (relay server 20) of the response communication
30

packet corresponds to the network address of the LAN 2. In a similar way, the routing control unit 105 confirms that the IP address of the transmission source (general server 12) of the response communication packet corresponds to the network address of the LAN 1. By confirming these points, the routing control unit 105 determines that it is possible to route the received response communication packet. The response communication packet for which such routing is determined to be possible is transferred to the relay server 20 through the routing session. In such a way, the communication between the relay server 20 and the general server 12 is performed. [0084]
The relay servers 10 and 20 can perform routing control for the communication packets coming fi'om aU of the communication terminals connected to the LAN 1 or the LAN 2. The communication terminals here include not only the relay servers and the client terminals, but also all of the terminals including the general server 12 and the general terminal 22. That is to say, the client terminal 21 and the general terminal 22 are also capable of performing communication with the general server 12 by using the routing session. Therefore, the remote maintenance for the general server 12 may be performed by using the chent terminal 21 and the general terminal 22. [0085]
The relay servers 10 and 20 may exchange permitted terminal information, in which the communication terminals capable of using the routing session are specified, with each other. For example, the relay server 20 issues a notice on the identification information and IP address of the relay server 20 as the permitted terminal information. The relay server 10 issues a notice on the name and IP address of the general server 12 as the permitted terminal
31

information. As a result, only a communication packet in which the relay server 20 and the general server 12 are designated as the transmission source and the transmission destination may be transferred by using the routing session. The client terminal 21 and the general terminal 22, which are not related to the remote maintenance for the general server 12, cannot communicate with the communication terminals in the LAN 1. Accordingly, security of the LAN 1 can be enhanced. [0086]
In the case where the remote maintenance is completed, the serviceman instructs the relay server 20 to disconnect the routing session. The relay server 20 transmits a disconnection request of the routing session to the relay server 10 (Step S6). After receiving an OK response to the disconnection request from the relay server 10, the relay server 20 disconnects the routing session. After such disconnection of the routing session, the relay server 10 returns to a state of denying access from the relay server 20. [0087]
After the disconnection of the routing session, the relay server 20 transmits a disconnection notice of the routing session to the access management apparatus 30 (Step S6.1). The access recording unit 305 updates the access record information 67 based on the disconnection notice. In the access recording information 67, in the third row of the update time, "14^ 18- 52" is recorded as a receipt time of the disconnection notice. In the third row of the connection state, "session is disconnected" is recorded. [0088]
As described above, when establishing the routing session with the relay server 10, the relay server 20 acquires the access permission from the relay
32

server 10 through the access management apparatus 30. In such a way, the access management apparatus 30 is capable of controlUng the communication between the relay server 10 and the relay server 20. [0089]
The access management apparatus 30 records the communication status from the time when the relay server 20 requests the access to the relay server 10 to the time when the routing session is disconnected. Therefore, the access status of the relay server 20 with respect to the relay server 10 can be grasped with ease. [0090]
In the above-described embodiment, the description has been made of the example where the access management apparatus 30 functions as the relay server! however, the present invention is not limited to this. For example, the client terminal 31 may include the access permission confirmation unit 304 and the access recording unit 305. In this case, the client terminal 31 processes the access request coming from the relay server 20, and in addition, performs the creation and update of the access record information 67, and the like. To the LAN 3, a relay server similar to the relay servers 10 and 20 may be connected in place of the access management apparatus 30. [0091]
In the above-described embodiment, the description has been made of the example where the routing session is established between the relay server 10 and the relay server 20; however, the present invention is not limited to this. [0092]
For example, the routing session may be established between the relay server 10 and the client terminal 21. In this case, the client terminal 21
33

transmits, to the access management apparatus 30, the access request with respect to the relay server 10. The communication terminals connected to the LAN 2 can perform the remote maintenance for the general server 12 by using the routing session established between the relay server 10 and the client terminal 21. [0093]
Moreover, a case shown in FIG. 13 is considered, where the LAN 1 and a LAN 5 are connected to each other through a general-purpose router 13, and the client terminal 11 and a general server 14 are connected to the LAN 5. In such a network configuration, the routing session may be established between the relay server 20 and the cUent terminal 11. In such a way, the communication terminals connected to the LAN 2 can perform the remote maintenance for the general server 14 connected to the LAN 5. [0094]
In this way, the relay servers and the client terminals function as relay apparatuses which, by using the routing session, relay communication packets transferred between the communication terminal that performs the remote maintenance and the communication terminal that serves as the maintenance target. The access management apparatus 30 manages the access between two relay apparatuses, and thereby preventing illegal access to the communication terminal (general server 12) that serves as the maintenance target. [0095] 2. Second Embodiment
A description is made below of a second embodiment of the present invention. For the second embodiment, FIGS. 1 to 6, FIG. 8, FIG. 10, FIG. 11 and FIG. 13 are used similarly to the first embodiment, and the description
34

([0028] to [0059]) related to these drawings is also shared. However, for the second embodiment, FIG. 7, FIG. 9 and FIG. 12 of the first embodiment are not used, and FIG. 14, FIG. 15 and FIG. 16, which correspond to FIG. 7, FIG. 9 and FIG. 12, respectively, are used instead. {Configuration of access management apparatus 30}
FIG. 14 is a view showing a configuration of an access management apparatus 30. The access management apparatus 30 includes^ a control unit 1301, the database storage unit 302, and the interface unit 303. [0096]
The control unit 1301 performs overall control for the management relay server 30. The control unit 1301 includes: an access permission confirmation unit 1304 and a communication session management unit 1305. The access permission confirmation unit 1304, in response to an access request from the relay server 20, confirms whether or not the relay server 10 permits access from the relay server 20. The communication session management unit 1305 manages a routing session to be established between the relay server 10 and the relay server 20. [0097]
The communication session management unit 1305 includes^ a disconnection instruction unit 1306 and an access recording unit 1307. In the case where a fijced time has elapsed since the routing session was established, the disconnection instruction unit 1306 instructs the relay server 20 to disconnect the routing session. The access recording unit 1307 records a status of the relay server 20 accessing the relay server 10. [0098]
The database storage unit 302 stores therein: the relay group
35

information 61, the relay server information 62, the client terminal information 65, the access permission list 66, and the access record information 67. In the client terminal information 65, information regarding the client terminal 31 is recorded. The access permission list 66 is a list of apparatuses whose accesses are permitted by the relay server 10 and the cUent terminal 11, which are connected to the LAN 1. The access record information 67 is information that records the change of the communication state of the relay server 20 that is accessing the relay server 10. [0099]
The interface unit 303 performs communication made within the LAN 3 and communication made through the WAN 100 in a similar way to the interface unit 103 of the relay server 10. [0100] {Operations of remote maintenance system}
A description is made of operations of the remote maintenance system when the serviceman at the maintenance center operates the relay server 20 to perform the remote maintenance for the general server 12. [0101]
At the call center, the administrator of the access management apparatus 30 creates the access permission Hst 66. The access permission list 66 is stored in the database storage unit 302. [0102]
FIG. 8 is a view showing the access permission list 66. The access permission list 66 is the information in which the identification information of the access target apparatuses and the identification information of the apparatuses permitted to access the access target apparatuses are associated
36

with each other. The relay servers and the cUent terminals are set in the access permission list 66, and not the general server 12 and the general terminal 22. In FIG. 8, "rs-3@abc.net" is the identification information of the access management apparatus 30. "cl-31@rs-3.abc.net" is the identification information of the chent terminal 31. [0103]
For example, the apparatuses in which the access right to the relay server 10 is set are the relay server 20, the client terminals 21 and 31, and the access management apparatus 30. In this way, the access management apparatus 30 manages the apparatuses, which can access the relay server 10 and the cUent terminal 11, in the unified manner by using the access permission hst 66. Simply by changing the access permission list 66, the apparatuses which can access the relay server 10 and the client terminal 11 can be changed with ease. [0104]
FIG. 15 is a chart showing a flow of the remote maintenance for the general server 12. As an initial state, the relay server 10 is in a state of accepting access fi'om the access management apparatus 30 and denying accesses from the relay server 20 and the client terminals 21 and 31. [0105]
Based on the operation by the serviceman, the relay server 20 requests the access management apparatus 30 to transmit a selection list 68 (Step Si). The selection list 68 is a list of relay servers and chent terminals which permit the access fi-om the relay server 20. The access management apparatus 30 extracts, from the access permission list 66, the information corresponding to the relay server 20, and creates the selection list 68. The selection Ust 68 is
37

transmitted from the access management apparatus 30 to the relay server 20. [0106]
FIG. 10 is a table showing the selection list 68. In the selection list 68, the relay server 10 and the client terminal 11 are set as the apparatuses which permit the access from the relay server 20. The serviceman displays the selection list 68 on the monitor of the relay server 20, and confirms that the access right to the relay server 10 is set in the relay server 20. [0107]
Next, with reference to the relay server information 62, the serviceman confirms that the relay server 10 is in operation. FIG. 11 is a view showing the relay server information 62 in the table format. Actually, the relay server information 62 is described in the extensible Markup Language (XML) format like the relay server information 52 (refer to FIG. 3). [0108]
In FIG. 11, the left-side columns of the relay server information 62 are the upper information 621, and correspond to the site tags (refer to FIG. 3). In the upper information 621, only the identification information and operation state of the relay servers are shown. The right-side columns of the relay server information 62 are the lower information 622, and correspond to the node tags (refer to FIG. 3). In the lower information 622, only the identification information and log-on destination of the client terminals are shown. [0109]
With reference to the relay server information 62 displayed on the monitor, the serviceman confirms that the relay server 10 is in operation. The serviceman operates the relay server 20, and instructs the relay server 20 to establish a routing session between the relay server 10 and the relay server 20.
38

[Olio]
FIG. 15 is referred to again. Based on such an instruction to establish the routing session, the relay server 20 transmits, to the access management apparatus 30, an access request with respect to the relay server 10 (Step S2). As mentioned above, the relay server 10 is in a state of not permitting the access from the relay server 20. Therefore, before requesting the relay server 10 to establish the routing session, the relay server 20 acquires, through the access management apparatus 30, the permission to access the relay server 10. [0111]
The access management apparatus 30 receives the access request from the relay server 20, based on which the access permission confirmation unit 304 confirms, with reference to the access permission list 66, that the access right to the relay server 10 is set in the relay server 20. The access permission confirmation unit 304 transmits, to the relay server 10, a permission request to request the permission of the access to the relay server 10 by the relay server 20 (Step S2.1). The access recording unit 1307 creates a new access record information 67. [0112]
FIG. 16 is a table showing the access record information 67. The access record information 67 is the information that records the access status of the relay server 20 with respect to the relay server 10. In the access record information 67, there are recorded^ the identification information of the relay server 20 as the access request source, and the identification information of the relay server 10 as the access destination. In a first row of the update time, "13: 45: 23" is recorded, which is the time when the access management apparatus 30 received the access request. In a first row of the connection state, "standby for
39

access" is recorded. At the stage of the processing of Step S2.1, information is not recorded in second row to fourth row of the update time and the connection state. [0113]
When having received the permission request, the relay server 10 transmits, to the access management apparatus 30, an OK response to the permission request. The relay server 10 shifts to a state of accepting access coming from the relay server 20. When having received the OK response coming from the relay server 10, the access management apparatus 30 transmits, to the relay server 20, the OK response corresponding to the access request (Step S2). Note that, when the access management apparatus 30 can confirm that the access right to the relay server 10 has been set with reference to the access permission list 66, the access management apparatus 30 may transmit, to the relay server 20, the OK response corresponding to the access request (Step S2). In this case, in Step S2.1, the access management apparatus 30 may notify the relay server 10 that there is an access coming from the relay server 20. [0114]
In response to the receipt, from the access management apparatus 30, of the OK response corresponding to the access request (Step S2), the relay server 20 starts establishing the routing session. The routing session establishment unit 204 transmits an establishment request of the routing session to the relay server 10 (Step S3). After receiving a response coming from the relay server 10, the routing session establishment unit 204 transmits an ACK to the relay server 10 (Step S4). In such a way, the routing session is established between the relay server 10 and the relay server 20 (Step S5). [0115]
40

The routing session establishment unit 204 transmits, to the access management apparatus 30, a session estabhshment notice indicating that the routing session has been estabhshed (Step S5.1). The access management apparatus 30 receives the session estabhshment notice, in response to which the disconnection instruction unit 1306 starts to measure a time (session duration time) that has elapsed from the receipt of the session establishment notice. Based on the session establishment notice, the access recording unit 1307 updates the access record information 67. In the access record information 67, in the second row of the update time, "13: 45"- 27" is recorded as the receiving time of the session establishment notice. In the second row of the connection state, "session is established" is recorded. [0116]
Next, the relay servers 10 and 20 exchange the network addresses of the LANs 1 and 2 as the routing targets with each other. The relay server 10 transmits the network address of the LAN 1 to the relay server 20. The relay server 20 transmits the network address of the LAN 2 to the relay server 10. In such a way, communication between the relay server 20 and the general server 12 is enabled through the routing session. By using the relay server 20, the serviceman can start the remote maintenance for the general server 12. [0117]
For example, the serviceman operates the relay server 20 and inputs the control command for the general server 12. The relay server 20 creates a communication packet in which the control command is enclosed. As the transmission destination of the communication packet, the IP address "172.16.0.12" of the general server 12 is set. As the transmission source of the communication packet, the IP address "192.168.2.20" of the relay server 20 is set.
41

The relay server 20 transmits the created communication packet to the relay server 10 through the routing session. The relay server 10 confirms that the transmission destination IP address of the communication packet received through the routing session corresponds to the network address of the LAN 1. The relay server 10 transmits the received communication packet to the general server 12. The general server 12 performs the processing related to the control command. [0118]
The general server 12 sends out a communication packet (hereinafter, referred to as a "response communication packet") that encloses the response information to the control command therein. As the transmission destination of the response communication packet, the IP address "192.168.2.20" of the relay server 20 is set. As the transmission source of the response communication packet, the IP address "172. 16.0.12" of the general server 12 is set. [0119]
In the case where the relay server 10 has received the response communication packet, the routing control unit 105 confirms that the IP address of the transmission destination (relay server 20) of the response communication packet corresponds to the network address of the LAN 2. In a similar way, the routing control unit 105 confirms that the IP address of the transmission source (general server 12) of the response communication packet corresponds to the network address of the LAN 1. By confirming these points, the routing control unit 105 determines that it is possible to route the received response communication packet. The response communication packet for which the routing is determined to be possible is transferred to the relay server 20 through the routing session. In such a way, the communication between the relay server
42

20 and the general server 12 is performed. [0120]
The relay servers 10 and 20 can perform routing control for the communication packets coming from all of the communication terminals connected to the LAN 1 or the LAN 2. The communication terminals here include not only the relay seiners and the client terminals, but also all of the terminals including the general server 12 and the general terminal 22. That is to say, the cUent terminal 21 and the general terminal 22 are also capable of performing communication with the general server 12 by using the routing session. Therefore, the remote maintenance for the general server 12 may be performed by using the cUent terminal 21 and the general terminal 22. [0121]
Though not shown in FIG. 15, in the case where the serviceman completes the remote maintenance and instructs the disconnection of the routing session, the relay servers 10 and 20 disconnect the routing session. The relay server 20 transmits a disconnection completion notice of the routing session to the access management apparatus 30. Details of the disconnection of the routing session will be described later. [0122]
There may be a case where, though the serviceman completes the remote maintenance for the general server 12, the serviceman does not instruct the relay server 20 to disconnect the routing session. In such a case, the access management apparatus 30 instructs the relay server 20 to disconnect the routing session. [0123]
Specifically, after receiving the session establishment notice, the
43

disconnection instruction unit 1306 measures the session duration time. In the case where the disconnection instruction unit 1306 does not receive the disconnection completion notice from the relay server 20, and the session duration time exceeds a time limit (for example, one hour) preset in the disconnection instruction unit 1306, the disconnection instruction unit 1306 issues a disconnection instruction of the routing session to the relay server 20 (Step S6). In Step S6, the access management apparatus 30 may issue the disconnection instruction of the routing session to the relay server 10. In this case, the relay server 10 operates in a similar way to the relay server 20 described as follows. [0124]
The access recording unit 1307 updates the access record information 67 based on the disconnection instruction. In the access recording information 67, in the third row of the update time, "14: 45: 27" is recorded as a time when the disconnection instruction is issued to the relay server 20. In the third row of the connection state, "session disconnection is instructed" is recorded. [0125]
In response to the disconnection instruction, the relay server 20 transmits a disconnection request of the routing session to the relay server 10 (Step S6.I). After the relay server 20 receives, from the relay server 10, an OK response to the disconnection request, the routing session is disconnected. After the disconnection of the routing session, the relay server 20 transmits, to the access management apparatus 30, a disconnection completion notice as a response to the disconnection instruction from the access management apparatus 30. The relay server 10 returns to a state of denying access from the relay server 20.
44

[0126]
Based on the disconnection completion notice, the access recording unit 1307 updates the access record information 67. In a fourth row of the update time, "14: 45: 29" is recorded as a receipt time of the disconnection completion notice. In a fourth row of the connection state, "session is disconnected" is recorded. [0127]
As described above, in the case where a fixed time has elapsed since the routing session was established, the access management apparatus 30 forces the relay server 20 to disconnect the routing session. In such a way, the routing session is prevented from being left in the established state. Hence, a third party other than the serviceman can be prevented from illegally accessing the communication terminal connected to the LAN 1, by using the routing session. [0128]
As mentioned above, there may be a case where, before the session duration time exceeds the time limit, the routing session is disconnected based on the disconnection instruction firom the serviceman. In this case, the relay server 20 spontaneously transmits the disconnection completion notice to the access management apparatus 30. The disconnection instruction unit 1306 stops measuring the session duration time when the access management apparatus 30 receives the disconnection completion notice. The access recording unit 1307 updates the access record information 67 based on the disconnection completion notice. In this case, the information corresponding to the third row of the update time and the connection state in the access record information 67 is not recorded. [0129]
45

As described above, when establishing the routing session with the relay server 10, the relay server 20 acquires the access permission from relay server 10 through the access management apparatus 30. In such a way, the access management apparatus 30 is capable of controlling the communication between the relay server 10 and the relay server 20. [0130]
The access management apparatus 30 measures the session duration time after receiving the session establishment notice, and instructs the relay server 20 to disconnect the routing session when the session duration time exceeds the time limit. In such a way, the routing session can be surely disconnected. [0131]
In the above-described embodiment, the description has been made of the example where the access management apparatus 30 transmits the disconnection instruction to the relay server 20 when the session duration time exceeds the time limit; however, the present invention is not limited to this. The access management apparatus 30 may transmit the disconnection instruction to the relay server 20 in response to an instruction from the administrator of the access management apparatus 30. [0132]
In the above-described embodiment, the description has been made of the example where the access management apparatus 30 functions as the relay serverJ however, the present invention is not limited to this. For example, the cUent terminal 31 may include the access permission confirmation unit 1304 and the communication session management unit 1305. In this case, the client terminal 31 processes the access request coming from the relay server 20. The
46

disconnection instruction of the routing session and the processing regarding the access record information 67 are also performed by the cUent terminal 31. To the LAN 3, a relay server similar to the relay servers 10 and 20 may be connected in place of the access management apparatus 30. [0133]
In the above-described embodiment, the description has been made of the example where the routing session is established between the relay server 10 and the relay server 20! however, the present invention is not limited to this. [0134]
For example, the routing session may be established between the relay server 10 and the client terminal 21. In this case, the client terminal 21 transmits, to the access management apparatus 30, the access request with respect to the relay server 10. The communication terminals connected to the LAN 2 can perform the remote maintenance for the general server 12 by using the routing session established between the relay server 10 and the client terminal 21. [0135]
Moreover, a case shown in FIG. 13 is considered, where the LAN 1 and a LAN 5 are connected to each other through the general-purpose router 13, and the cUent terminal 11 and the general server 14 are connected to the LAN 5. In such a network configuration, the routing session may be established between the relay server 20 and the client terminal 11. In such a way, the communication terminals connected to the LAN 2 can perform the remote maintenance for the general server 14 connected to the LAN 5. [0136]
In this way, the relay servers and the cUent terminals function as the
47

relay apparatuses which, by using the routing session, relay communication packets transferred between the communication terminal that performs the remote maintenance and the communication terminal that serves as the maintenance target. The access management apparatus 30 manages the access between two relay apparatuses, and thereby preventing illegal access to the communication terminal (general server 12) that serves as the maintenance target. [0137]
In the above-described embodiment, the description has been made of the example where the time limit is fixed; however, the present invention is not limited to this. The time hmits corresponding to the access destinations of the relay server 20 may be set. For example, the time limit may be set at one hour when the relay server 20 accesses the relay server 10, and the time limit may be set at 30 minutes when the relay server 20 accesses the cUent terminal 21. [0138] 3. Third Embodiment
A description is made below of a third embodiment of the present invention. For the third embodiment, FIGS. 1 to 8, FIG. 11 and FIG. 13 are used similarly to the first embodiment, and the description ([0028] to [0063]) related to these drawings is also shared. However, for the third embodiment, FIG. 17 and FIG. 18 are used instead, which correspond to FIG. 9 and FIG. 11, respectively. {Operations of remote maintenance system}
A description is made of operations of the remote maintenance system when the serviceman at the maintenance center operates the relay server 20 to perform the remote maintenance for the general server 12.
48

[0139]
At the call center, the administrator of the access management apparatus 30 creates the access permission list 66. The access permission list 66 is stored in the database storage unit 302. [0140]
FIG. 8 is a view showing the access permission list 66. The access permission hst 66 is the information in which the identification information of the access target apparatuses and the identification information of the apparatuses permitted to access the access target apparatuses are associated with each other. The relay servers and the cUent terminals are set in the access permission list 66, and not the general server 12 and the general terminal 22. In FIG. 8, "rs-3@abc.net" is the identification information of the access management apparatus 30. "cl-31@rs-3.abc.net" is the identification information of the cUent terminal 31. [0141]
For example, the apparatuses in which the access right to the relay server 10 is set are the relay server 20, the cUent terminals 21 and 31, and the access management apparatus 30. In this way, the access management apparatus 30 manages the apparatuses, which can access the relay server 10 and the client terminal 11, in the unified manner by using the access permission Ust 66. Simply by changing the access permission list 66, the apparatuses which can access the relay server 10 and the client terminal 11 can be changed with ease. [0142]
FIG. 17 is a chart showing a flow of the remote maintenance for the general server 12. As an initial state, the relay server 10 is in a state of
49

accepting access jfrom the access management apparatus 30 and denying accesses from the relay server 20 and the client terminals 21 and 31. [0143]
The relay server 10 monitors the operations of the general server 12. In the case where an error occurs in the general server 12, the relay server 10 automatically issues an error occurrence notice to the access management apparatus 30 (Step Si). In Step SI, the relay server 10 may transmit the error occurrence notice based on an operation by an administrator of the LAN 1. The relay server 10 may transmit, to the access management apparatus 30, a maintenance start request to request the remote maintenance for the general server 12. [0144]
In the case where the access management apparatus 30 receives the error occurrence notice or the maintenance start request, the access permission confirmation unit 304 specifies the apparatus that performs the remote maintenance for the general server 12. As shown in FIG. 5, the general server 12 is connected to the LAN 1. Therefore, based on the access permission list 66, the access permission confirmation unit 304 specifies the relay server 20, which can access the relay server 10, as the apparatus that performs the remote maintenance. Though not shown in FIG. 8, in the access permission list 66, priorities of the apparatuses which perform the remote maintenance for the access target apparatus are set. Based on the priorities in the access permission Ust 66, the relay server 20 is specified as the apparatus that performs the remote maintenance. [0145]
Next, with reference to the relay server information 62, the access
50

permission confirmation unit 304 confirms that the relay servers 10 and 20 are in operation. FIG. 11 is a view showing the relay server information 62 in the table format. Actually, the relay server information 62 is described in the extensible Markup Language (XML) format like the relay server information 52 (refer to FIG. 3). [0146]
In FIG. 11, the left-side columns of the relay server information 62 are the upper information 621, and correspond to the site tags (refer to FIG. 3). In the upper information 621, only the identification information and operation state of the relay servers are shown. The right-side columns of the relay server information 62 are the lower information 622, and correspond to the node tags (refer to FIG. 3). In the lower information 622, only the identification information and log-on destination of the chent terminals are shown. [0147]
FIG. 17 is referred to again. The access management apparatus 30 transmits, to the relay server 20, a confirmation request to confirm whether or not the relay server 20 can handle the remote maintenance for the general server 12 (Step Sl.l). When having received the confirmation request, the relay server 20 displays, on the monitor, a message that requests the execution of the remote maintenance for the general server 12. The serviceman operates the relay server 20, and instructs the relay server 20 to handle the remote maintenance. An OK response corresponding to the confirmation request is transmitted from the relay server 20 to the access management apparatus 30. [0148]
Simultaneously with the transmission (Step Sl.l) of the confirmation request, the access recording unit 305 creates a new access record information
51

67. [0149]
FIG. 18 is a table showing the access record information 67. In the access record information 67 shown in FIG. 18, the identification information of the relay server 20 is recorded as the access request source, and the identification information of the relay server 10 is registered as the access destination. In a first row of the update time, "13: 45: 18" is recorded, which is the transmission time of the confirmation request. In a first row of the connection state, "confirmation request is transmitted" is recorded. At the stage of Step Sl.l, information is not recorded in second to fourth rows of the update time and the connection state. [0150]
When having received an OK response to the confirmation request (Step Sl.l), the access permission confirmation unit 304 issues to the relay server 10, as a response to the error occurrence notice (Step Si), a notice indicating that the relay server 20 is starting the access. The relay server 10 shifts to a state of accepting access coming from the relay server 20. [0151]
Next, the access permission confirmation unit 304 transmits, to the relay server 20, an access start request to instruct the relay server 20 to access the relay server 10 (Step S2). In the access record information 67, in the second row of the update time, "13: 45: 23" is recorded, which is the transmission time of the access start request, "access is instructed" is recorded in the second row of the connection state. [0152]
In response to the receipt of the access start request, the relay server 20
52

starts establishing the routing session. The routing session establishment unit 204 transmits an establishment request of the routing session to the relay server 10 (Step S2.1). After receiving an OK response to the establishment request of the routing session from the relay server 10, the routing session establishment unit 204 transmits an ACK to the relay server 10 (Step S3). The relay server 20 transmits, to the access management apparatus 30, an OK response to the access start request (Step S2). [0153]
With such processing of Steps S2.1 and S3, the routing session is established between the relay server 10 and the relay server 20 (Step S4). The routing session establishment unit 204 transmits, to the access management apparatus 30, the session establishment notice indicating that the routing session has been established (Step S4.1). The access recording unit 305 updates the access record information 67 based on the session establishment notice. In the access record information 67, in the third row of the update time, "13: 45: 2T' is recorded as the receiving time of the session establishment notice. In the third row of the connection state, "session is established" is recorded. [0154]
Next, the relay servers 10 and 20 exchange the network addresses of the LANs 1 and 2 as the routing targets with each other. The relay server 10 transmits the network address of the LAN 1 to the relay server 20. The relay server 20 transmits the network address of the LAN 2 to the relay server 10. In such a way, the communication between the relay server 20 and the general server 12 is enabled through the routing session. By using the relay server 20, the serviceman can start the remote maintenance for the general server 12. [0155]
53

For example, the serviceman operates the relay server 20 and inputs the control command for the general server 12. The relay server 20 creates the communication packet in which the control command is enclosed. As the transmission destination of the communication packet, the IP address "172.16.0.12" of the general server 12 is set. As the transmission source of the communication packet, the IP address "192.168.2.20" of the relay server 20 is set. The relay server 20 transmits the created communication packet to the relay server 10 through the routing session. The relay server 10 confirms that the transmission destination IP address of the communication packet received through the routing session corresponds to the network address of the LAN 1. The relay server 10 transmits the received communication packet to the general server 12. The general server 12 performs the processing related to the control command. [0156]
The general server 12 sends out a communication packet (hereinafter, referred to as a "response communication packet") that encloses the response information to the control command therein. As the transmission destination of the response communication packet, the IP address "192.168.2.20" of the relay server 20 is set. As the transmission source of the response communication packet, the IP address "172. 16.0.12" of the general server 12 is set. [0157]
In the case where the relay server 10 has received the response communication packet, the routing control unit 105 confirms that the IP address of the transmission destination (relay server 20) of the response communication packet corresponds to the network address of the LAN 2. In a similar way, the routing control unit 105 confirms that the IP address of the transmission source
54

(general server 12) of the response communication packet corresponds to the network address of the LAN 1. By confirming these points, the routing control unit 105 determines that it is possible to route the received response communication packet. The response communication packet for which the routing is determined to be possible is transferred to the relay server 20 through the routing session. In such a way, the communication between the relay server 20 and the general server 12 is performed. [0158]
The relay servers 10 and 20 can perform routing control for the communication packets coming from all of the communication terminals connected to the LAN 1 or the LAN 2. The communication terminals here include not only the relay servers and the client terminals, but also all of the terminals including the general server 12 and the general terminal 22. That is to say, the chent terminal 21 and the general terminal 22 are also capable of performing communication with the general server 12 by using the routing session. Therefore, the remote maintenance for the general server 12 may be performed by using the client terminal 21 and the general terminal 22. [0159]
The relay servers 10 and 20 may exchange the permitted terminal information, in which the communication terminals capable of using the routing session are specified, with each other. For example, the relay server 20 issues a notice on the identification information and IP address of the relay server 20 as the permitted terminal information. The relay server 10 issues a notice on the name and IP address of the general server 12 as the permitted terminal information. As a result, only the communication packet in which the relay server 20 and the general server 12 are designated as the transmission source
55

and the transmission destination may be transferred by using the routing session. The cUent terminal 21 and the general terminal 22, which are not related to the remote maintenance for the general server 12, cannot communicate with the communication terminals in the LAN 1. Accordingly, the security of the LAN 1 can be enhanced. [0160]
In the case where the remote maintenance is completed, the serviceman instructs the relay server 20 to disconnect the routing session. The relay server 20 transmits a disconnection request of the routing session to the relay server 10 (Step S5). After receiving an OK response to the disconnection request from the relay server 10, the relay server 20 disconnects the routing session. After the disconnection of the routing session, the relay server 10 returns to the state of denying access from the relay server 20. [0161]
After the disconnection of the routing session, the relay server 20 transmits a disconnection notice of the routing session to the access management apparatus 30 (Step S5.1). The access recording unit 305 updates the access record information 67 based on the disconnection notice. In the access recording information 67, in the fourth row of the update time, "14: 18: 52" is recorded as the receipt time of the disconnection notice. In the fourth row of the connection state, "session is disconnected" is recorded. [0162]
As described above, when having received the error occurrence notice, the access management apparatus 30 specifies the relay server 20 as the apparatus that accesses the relay server 10, based on the access permission list 66. The relay server 20 starts the remote maintenance for the general server 12 by using
56

the routing session established based on the access start request. In this way, the access management apparatus 30 can control the communication between the relay server 10 and the relay server 20 according to the operation state of the general server 12. Hence, it is possible to quickly deal with the error that has occurred in the general server 12. [0163]
The access management apparatus 30 transmits the confirmation request to the relay server 20 specified based on the access permission list 66. In such a way, the access management apparatus 30 can instruct an apparatus, which can surely access the relay server 10, to access the relay server 10. [0164]
The access management apparatus 30 records the communication status of the relay server 20 from the time when the confirmation request is transmitted to the relay server 20 to the time when the routing session is disconnected. Therefore, the communication status of the relay server 20 can be grasped with ease. [0165]
In the above-described embodiment, the description has been made of the example where the access management apparatus 30 functions as the relay server! however, the present invention is not limited to this. For example, the client terminal 31 may include the access permission confirmation unit 304 and the access recording unit 305. In this case, the client terminal 31 performs the transmission (Step Sl.l) of the confirmation request, the transmission (Step S2) of the access start request, the update of the access record information 67, and the like. To the LAN 3, a relay server similar to the relay servers 10 and 20 may be connected in place of the access management apparatus 30.
57

[0166]
In the above-described embodiment, the description has been made of the example where the routing session is established between the relay server 10 and the relay server 20! however, the present invention is not limited to this. [0167]
For example, the routing session may be established between the relay server 10 and the client terminal 21. In this case, the access management apparatus 30 transmits the confirmation request (Step Sl.l) and the access start request (Step S2) to the client terminal 21. The communication terminals connected to the LAN 2 can perform the remote maintenance for the general server 12 by using the routing session established between the relay server 10 and the client terminal 21. [0168]
Moreover, a case shown in FIG. 13 is considered, where the LAN 1 and a LAN 5 are connected to each other through the general-purpose router 13, and the client terminal 11 and the general server 14 are connected to the LAN 5. In such a network configuration, the routing session may be established between the relay server 20 and the client terminal 11. In such a way, the communication terminals connected to the LAN 2 can perform the remote maintenance for the general server 14 connected to the LAN 5. [0169]
In this way, the relay servers and the client terminals function as the relay apparatuses which, by using the routing session, relay communication packets transferred between the communication terminal that performs the remote maintenance and the communication terminal that serves as the maintenance target. The access management apparatus 30 manages the access
58

between two relay apparatuses, and thereby preventing illegal access to the communication terminal (general server 12) that serves as the maintenance target.
The description has been made above of the embodiments of the present invention! however, the present invention is not limited to the above-described embodiments, and is modifiable in various ways within the scope without departing from the spirit of the present invention. In particular, it is possible to arbitrarily combine the plurality of embodiments described in this specification and modification examples thereof with one another according to needs.
Explanation of Symbols
[0170]
1,2,3 LAN
10,20 RELAY SERVER
11, 21, 31 CLIENT TERMINAL
12 GENERAL SERVER
22 GENERAL TERMINAL
30 ACCESS MANAGEMENT APPARATUS
100 WAN
101, 201, 301 CONTROL UNIT
102, 202, 302 DATABASE STORAGE UNIT

104, 204 ROUTING SESSION ESTABLISHMENT UNIT
105, 205 ROUTING CONTROL UNIT

304 ACCESS PERMISSION CONFIRMATION UNIT
305 ACCESS RECORDING UNIT
59

WE CLAIM:
1. A relay communication system comprising:
a first relay apparatus;
a second relay apparatus; and
an access management apparatus configured to hold a list of apparatuses accessible by the first relay apparatus,
wherein the first relay apparatus is configured to request, to the access management apparatus, the list of the apparatuses accessible by the first relay apparatus, select the second relay apparatus from the Hst, and transmit to the access management apparatus an access request to the second relay apparatus,
the second relay apparatus is configured to be in an initial state of denying access from apparatuses other than the access management apparatus, and shift to a standby state for connection from the first relay apparatus when having received an access permission request fi'om the access management apparatus,
wherein the access management apparatus includes:
an access permission unit configured to, when having received from the first relay apparatus an access request to the second relay apparatus, and determine whether or not to permit the first relay apparatus to access the second relay apparatus based on the list; and
a notification unit configured to, in a case where the first relay apparatus is permitted to access the second relay apparatus, notify the second relay apparatus of the access permission request, and notify the first relay apparatus of an access permission to the second relay apparatus,
the first relay apparatus includes:
a communication session establishment unit configured to establish a
60

communication session with the second relay apparatus when having received the access permission, and
each of the first relay apparatus and the second relay apparatus includes-a relay communication unit configured to relay, by using the communication session, communication between a first communication terminal connected to a first LAN on the first relay apparatus side and a second communication terminal connected to a second LAN on the second relay apparatus side.
2. The relay communication system according to claim 1,
wherein the access management apparatus fiirther includes:
a list transmission unit configured to transmit the list to the first relay apparatus, and
the first relay apparatus fiirther includes:
a selection unit configured to select the second relay apparatus as an access request destination by using the list.
3. The relay communication system according to either one of claims 1 and
2,
wherein the first relay apparatus further includes^
an access status notification unit configured to notify the access
management apparatus of an access status with respect to the second relay
apparatus, and
the access management apparatus further includes^
an access recording unit configured to record a change of the access
status based on the notice from the access status notification unit.
61

4. The relay communication system according to any one of claims 1 to 3, wherein each of the first relay apparatus, the second relay apparatus and the access management apparatus further includes ^ a relay server information sharing unit configured to share among each other a relay server information, the relay server information includes activation information of the first relay apparatus and the second relay apparatus, and activation/registration information of client terminals connected to the first relay apparatus and the second relay apparatus.
5. The relay communication system according to claim 4, wherein the first relay apparatus further includes^ a display unit configured to display the relay server information.
6. The relay communication system according to any one of claims 1 to 5, wherein the communication session is a routing session that serves as a media session that performs routing control for a communication packet transferred between the first relay apparatus and the second relay apparatus.
7. The relay communication system according to claim 6, wherein, in the routing session, the first relay apparatus and the second relay apparatus exchange network addresses with each other after the routing session is established.
8. The relay communication system according to claim 7, wherein, in exchanging the network addresses, the first relay apparatus and the second
62

relay apparatus respectively permit accesses to all terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
9. The relay communication system according to claim 7, wherein, in exchanging the network addresses, the first relay apparatus or the second relay apparatus respectively permit accesses to a part of terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
10. An access management apparatus capable of performing communication with a first relay apparatus and a second relay apparatus, comprising:
a list transmission unit configured to hold a list of apparatuses accessible by the first relay apparatus and transmit the list to the first relay apparatus;
an access permission unit configured to, when having received from the first relay apparatus an access request to the second relay apparatus, determine whether or not to permit the first relay apparatus to access the second relay apparatus based on the list; and
a notification unit configured to, in a case where the first relay apparatus is permitted to access the second relay apparatus, notify the second relay apparatus that there is an access from the first relay apparatus, and notify the first relay apparatus of an access permission to the second relay apparatus.
11. A relay communication system comprising:
a first relay apparatus;
a second relay apparatus; and
63

an access management apparatus,
wherein the access management apparatus includes^
an access permission unit configured to hold a fist of apparatuses accessible by the first relay apparatus and, when having received fi'om the first relay apparatus an access request to the second relay apparatus, determine whether or not to permit the first relay apparatus to access the second relay apparatus based on the list;
a notification unit configured to, in a case where the first relay apparatus is permitted to access the second relay apparatus, notify the second relay apparatus that there is an access fi-om the first relay apparatus, and notify the first relay apparatus of an access permission to the second relay apparatus; and
a session information acquisition unit configured to acquire, from the first relay apparatus, a session information regarding a communication session established between the first relay apparatus and the second relay apparatus based on the access permission,
the first relay apparatus includes:
a communication session establishment unit configured to establish the communication session with the second relay apparatus when having received the access permission,
each of the first relay apparatus and the second relay apparatus includes:
a relay communication unit configured to relay, by using the communication session, communication between a first communication terminal connected to a first LAN on the first relay apparatus side and a second communication terminal connected to a second LAN on the second relay apparatus side, and
the access management apparatus further includes^
64

a disconnection instruction unit configured to, in a case where it has been determined that the communication session satisfies a predetermined condition based on the session information, transmit a disconnection instruction of the communication session to the first relay apparatus or the second relay apparatus.
12. The relay communication system according to claim 11,
wherein the first relay apparatus further includes^
an establishment notification unit configured to transmit an establishment notice of the communication session to the access management apparatus, and
the disconnection instruction unit instructs the first relay apparatus to disconnect the communication session in a case where a time that has elapsed since the establishment notice was received reaches a predetermined time or more.
13. The relay communication system according to either one of claims 11 and 12, wherein each of the first relay apparatus, the second relay apparatus and the access management apparatus further includes^ a relay server information sharing unit configured to share among each other a relay server information, the relay server information includes activation information of the first relay apparatus and the second relay apparatus, and activation/registration information of client terminals connected to the first relay apparatus and the second relay apparatus.
14. The relay communication system according to claim 13, wherein the first
65

relay apparatus further includes- a display unit configured to display the relay server information.
15. The relay communication system according to any one of claims 11 to 14, wherein the communication session is a routing session that serves as a media session that performs routing control for a communication packet transferred between the first relay apparatus and the second relay apparatus.
16. The relay communication system according to claim 15, wherein, in the routing session, the first relay apparatus and the second relay apparatus exchange network addresses with each other after the routing session is established.
17. The relay communication system according to claim 16, wherein, in exchanging the network addresses, the first relay apparatus and the second relay apparatus respectively permit accesses to all terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
18. The relay communication system according to claim 16, wherein, in exchanging the network addresses, the first relay apparatus or the second relay apparatus respectively permit accesses to a part of terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
19. An access management apparatus capable of performing communication
66

with a first relay apparatus and a second relay apparatus, comprising-
an access permission unit configured to hold a list of apparatuses accessible by the first relay apparatus and, when having received fi:om the first relay apparatus an access request to the second relay apparatus, and determine whether or not to permit the first relay apparatus to access the second relay apparatus based on the list,'
a notification unit configured to, in a case where the first relay apparatus is permitted to access the second relay apparatus, notify the second relay apparatus that there is an access fi*om the first relay apparatus, and notify the first relay apparatus of an access permission to the second relay apparatus,'
a session information acquisition unit configured to acquire, fi-om the first relay apparatus, a session information regarding a communication session established between the first relay apparatus and the second relay apparatus based on the access permission^ and
a disconnection instruction unit configured to, in a case where it has been determined that the communication session satisfies a predetermined condition based on the session information, transmit a disconnection instruction of the communication session to the first relay apparatus or the second relay apparatus.
, 20. A relay communication system comprising^ a first relay apparatus,' a second relay apparatus! and an access management apparatus,
wherein the first relay apparatus is configured to transmit a predetermined information to the access management apparatus, the first relay
67

apparatus is configured to be in an initial state of denying access from apparatuses other than the access management apparatus, and shift to a standby state for connection from the second relay apparatus when having received from the access management apparatus a notice that there is an access from the second relay apparatus,
the access management apparatus includes^
a list holding unit configured to hold a permission hst as a list of apparatuses capable of accessing the first relay apparatus,'
a specification unit configured to specify the second relay apparatus based on the permission list when having received the predetermined information fi-om the first relay apparatus! and
an access instruction unit configured to notify the first relay apparatus that there is an access fi'om the second relay apparatus, and instruct the second relay apparatus to access the first relay apparatus,
the second relay apparatus includes^
a communication session establishment unit configured to establish a communication session between the first relay apparatus and the second relay apparatus based on the instruction firom the access instruction unit, and
each of the first relay apparatus and the second relay apparatus includes-
a relay communication unit configured to relay, by using the communication session, communication between a communication terminal connected to a LAN on the first relay apparatus side and a communication terminal connected to a LAN on the second relay apparatus side.
21. The relay communication system according to claim 20,
wherein the access management apparatus further includes^
68

a confirmation unit configured to confirm whether or not the second relay apparatus specified by the specification unit is in a state of being capable of accessing the first relay apparatus.
22. The relay communication system according to either one of claims 20 and
21,
wherein the second relay apparatus further includes^
a notification unit configured to notify the access management apparatus
of a change of a communication status between the first relay apparatus and the
second relay apparatus, and
the access management apparatus further includes^
a recording unit configured to record the change of the communication
status based on the notice from the notification unit.
23. The relay communication system according to any one of claims 20 to 22, wherein each of the first relay apparatus, the second relay apparatus and the access management apparatus further includes^ a relay server information sharing unit configured to share among each other a relay server information, the relay server information includes activation information of the first relay apparatus and the second relay apparatus, and activation/registration information of client terminals connected to the first relay apparatus and the second relay apparatus.
24. The relay communication system according to claim 23, wherein the second relay apparatus further includes^ a display unit configured to display the relay server information.
69

25. The relay communication system according to any one of claims 20 to 24, wherein the communication session is a routing session that serves as a media session that performs routing control for a communication packet transferred between the first relay apparatus and the second relay apparatus.
26. The relay communication system according to claim 25, wherein, in the routing session, the first relay apparatus and the second relay apparatus exchange network addresses with each other after the routing session is established.
27. The relay communication system according to claim 26, wherein, in exchanging the network addresses, the first relay apparatus and the second relay apparatus respectively permit accesses to all terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
28. The relay communication system according to claim 26, wherein, in exchanging the network addresses, the first relay apparatus or the second relay apparatus respectively permit accesses to a part of terminals connected to the respective LANs to which the first relay apparatus and the second relay apparatus are connected.
29. An access management apparatus capable of performing communication with a first relay apparatus and a second relay apparatus, comprising:
a list holding unit configured to hold a permission list as a list of
70

apparatuses capable of accessing the first relay apparatus;
a specification unit configured to specify the second relay apparatus based on the permission list when having received a predetermined information from the first relay apparatus!
a confirmation unit configured to confirm whether or not the second relay apparatus specified by the specification unit is in a state of being capable of accessing the first relay apparatus! and
an access instruction unit configured to, in a case where the second relay apparatus is in the state of being capable of accessing the first relay apparatus, notify the first relay apparatus that there is an access from the second relay apparatus, and instruct the second relay apparatus to access the first relay apparatus.