Network system, internal server, terminal device, storage medium and packet relay method
First Claim
Patent Images
1. A network system, comprising:
- a firewall that connects an external network and an internal network;
a terminal device being provided on the external network;
an application server being provided on the internal network, the application server that provides data to the terminal device based on a request from the terminal device; and
an external server being provided on a DMZ of the firewall or on the external network, the external server configured to receive a request from the terminal device to connect to the application server and relay communication between the terminal device and the application server through an internal server;
the internal server being provided on the internal network, the internal configured to relay communication between the external server and the application server, the internal server further, comprising;
a receiving unit that receives a packet for the terminal device from the application server;
an encrypting unit that encrypts the packet in such a manner that an encrypted packet is able to be decrypted only by the terminal device; and
a transmitting unit that transmits the encrypted packet to the external server via the firewall, the external server further comprising;
a receiving unit that receives the packet encrypted by the internal server; and
a transmitting unit that transmits the received encrypted packet to the terminal device without decrypting the received encrypted packet, wherein communication between the external server and the internal server is permitted when a session is established based on a connection request from the internal server to connect to the external server, and the external server relays the request from the terminal device for connection to the application server through the internal server as a response to the connection request from the internal server.
1 Assignment
0 Petitions
Accused Products
Abstract
A network system has a firewall that connects an external network and an internal network. A terminal device is provided on the external network. An application server is provided on the internal network and provides data to the terminal device based on a request from the terminal device. An external server is provided on a DMZ of the firewall or on the external network, and relays communication between the terminal device and the application server based on the request from the terminal device through an internal server. The internal server is provided on the internal network, and relays communication between the external server and the application server. The internal server has an encrypting unit that encrypts the packet in such a manner that an encrypted packet is able to be decrypted only by the terminal device.
37 Citations
14 Claims
-
1. A network system, comprising:
-
a firewall that connects an external network and an internal network;
a terminal device being provided on the external network;
an application server being provided on the internal network, the application server that provides data to the terminal device based on a request from the terminal device; and
an external server being provided on a DMZ of the firewall or on the external network, the external server configured to receive a request from the terminal device to connect to the application server and relay communication between the terminal device and the application server through an internal server;
the internal server being provided on the internal network, the internal configured to relay communication between the external server and the application server, the internal server further, comprising;
a receiving unit that receives a packet for the terminal device from the application server;
an encrypting unit that encrypts the packet in such a manner that an encrypted packet is able to be decrypted only by the terminal device; and
a transmitting unit that transmits the encrypted packet to the external server via the firewall, the external server further comprising;
a receiving unit that receives the packet encrypted by the internal server; and
a transmitting unit that transmits the received encrypted packet to the terminal device without decrypting the received encrypted packet, wherein communication between the external server and the internal server is permitted when a session is established based on a connection request from the internal server to connect to the external server, and the external server relays the request from the terminal device for connection to the application server through the internal server as a response to the connection request from the internal server. - View Dependent Claims (2, 3)
-
-
4. An internal server being provided on an internal network, the internal server communicating with an external server via a firewall connected between an external network and the internal network, the external server being provided on a DMZ of the firewall or on the external network, the internal server comprising:
-
a receiving unit that receives a packet for a terminal device from an application server, the terminal device being provided on the external network;
an encrypting unit that encrypts the packet in such a manner that an encrypted packet is able to be decrypted only by the terminal device; and
a transmitting unit that transmits the encrypted packet to the external server, wherein communication between the external server and the internal server is permitted when a session is established based on a connection request from the internal server to connect to the external server, and the internal server relays a request from the terminal device for connection to the application server through the external server as a response to the connection request. - View Dependent Claims (5)
-
-
6. A terminal device being provided on an external network, the external network being connected an internal network through a firewall,
the internal network having an application server that provides data to the terminal device based on a request from the terminal device and an internal server that relays communication between an external server and an application server, the external server being provided on a DMZ of the firewall or on the external network, the external server that relays communication between the terminal device and the application server based on the request from the terminal device through an internal server, the terminal device comprising: -
a receiving unit that receives a packet transmitted from the application server;
a determining unit that determines whether or not the packet received by the receiving unit contains absolute address information for accessing a communication device, the communication device including the application server or a database server connected to the internal network, the database server that provides additional information to the terminal device; and
a changing unit that changes the absolute address information to address information via the external server when the absolute address information is contained.
-
-
7. A computer-readable storage medium that stores a program for controlling an internal server by use of a computer,
the internal server being present on an internal network that communicates, via a firewall connected between an external network and an internal network, with an external server present on a DMZ of the firewall or on the external network, with communication with the external server being permitted only by a session established on the basis of a request from the internal server to connect to the external server, due to access restriction settings of the firewall, and with the internal server relaying to an application server on the internal server a request from a terminal device on the external network to connect to the application server relayed via the external server, in response to the internal server'"'"'s request to connect to the external server, the program operable to drive the internal server to execute under control of the computer comprising: -
receiving a packet destined for the terminal device on the external network from the application server;
determining whether or not the received packet contains absolute address information for accessing a communication device present on the internal network;
changing the absolute address information to address information via the external server when the absolute address information is contained;
encrypting the packet whose address information is changed by the changing unit, in such a manner that an encrypted packet is able to be decrypted only by the terminal device when the absolute address information is not contained; and
transmitting the encrypted packet to the external server.
-
-
8. A computer-readable storage medium that stores a program for controlling a terminal device by use of a computer,
the terminal device being fed with desired data on an external network from an application server in a network system, the network system including a firewall connected between the external network and an internal network; - an application server present on the internal network, the application server supplying desired data in response to a request from the external network;
an external server present on a DMZ of the firewall or on the external network, the external server receiving a request from the external network to connect to the application server and relaying communication with the application server; and
an internal server present on the internal network, the internal server relaying communication between the external server and the application server, with communication between the external server and the internal server being permitted only by a session established on the basis of a connection request from the internal server to connect to the external server, and with the external server relaying the request from the terminal device for connection to the application server as a response to the connection request from the internal server, the program operable to drive the terminal device to execute under control of the computer comprising;
receiving a packet transmitted from the application server;
determining whether or not the received packet contains absolute address information for accessing a communication device present on the internal network; and
changing the absolute address information to address information via the external server when the absolute address information is contained.
- an application server present on the internal network, the application server supplying desired data in response to a request from the external network;
-
9. A packet relay method for relay processing of a packet on a network system, the network system including a firewall connected between an external network and an internal network;
- a terminal device present on the external network;
an application server present on the internal network, the application server that provides data to the terminal device in response to a request from the terminal device;
an external server present on a DMZ of the firewall or on the external network, the external server that receives the request from the terminal device to connect to the application server and relays communication between the terminal device and the application server; and
an internal server present on the internal network, the internal server that relays communication between the external server and the application server, with communication between the external server and the internal server being permitted only by a session established on the basis of a connection request from the internal server to connect to the external server, and with the external server relaying the request from the terminal device for connection to the application server as a response to the connection request from the internal server, the packet relay method comprising;
receiving by the internal server a packet for the terminal device from the application server;
determining by the internal server whether or not the packet received contains absolute address information for accessing a communication device present on the internal network;
changing the absolute address information to address information via the external server when the absolute address information is contained;
encrypting the received packet to be decrypted by only the terminal device after having changed the absolute address information when the absolute address information is contained, or without any change when the absolute address information is not contained;
transmitting by the internal server the encrypted packet to the external server via the firewall;
receiving by the external server the packet encrypted by the internal server; and
transmitting by the external server intact the received encrypted packet to the terminal device without decrypting the encrypted packet.
- a terminal device present on the external network;
-
10-11. -11. (canceled)
-
12. The network system according 1, wherein the external server requests the terminal device to provide user information, and the external server establishes connection to the terminal device.
-
13. A network system comprising:
-
an internal network having an internal server;
an external network having a terminal device; and
a firewall that connects the internal network to the external network, wherein the internal server transmits data to the terminal device and the data is encrypted by the internal server in such a manner that an encrypted packet is able to be decrypted only by the terminal device. - View Dependent Claims (14)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeFuji Xerox Company Limited (Xerox Holdings Corp.)
-
Original AssigneeFuji Xerox Company Limited (Xerox Holdings Corp.)
-
InventorsSaito, Kazuo
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/11
-
CPC Class CodesH04L 63/0209 Architectural arrangements,...H04L 63/029 Firewall traversal, e.g. tu...H04L 63/0428 wherein the data content is...H04L 63/166 at the transport layer
