System and method for encrypted communication
First Claim
1. A communication system including an internal communication terminal coupled to an intra-organization network, an external communication terminal for accessing the internal communication terminal from an outside of the intra-organization network, and a management server for managing the inter communication terminal and the external communication terminal, wherein:
- the internal communication terminal establishes an encryption communication path between communication terminal and management server for establishing an encryption communication path, to the management server, by performing beforehand authentication;
the external communication terminal establishes the encryption communication path between communication terminal and management server, to the management server;
the external communication terminal transmits a connection request for the internal communication terminal to the management server;
the external communication terminal transmits a connection request for the internal communication terminal to the management server;
the management server generates an encryption communication key for encrypting communication between the external communication terminal and the internal communication terminal, and transmits a connection request for connection from the external communication terminal to the internal communication terminal and the generated encryption communication key to the internal communication terminal by using the already established encryption communication path between the communication terminal and management server;
the internal communication terminal supplies a judgment of whether the connection request from the external communication terminal is permitted, to the management server;
if a judgment result received from the internal communication terminal indicates a communication permission, the management server transmits the generated encryption communication key to the internal communication terminal via the already established encryption communication path between communication terminal and management server;
the external communication terminal and the internal communication terminal establish encryption communication path betweens between communication terminals for establishing a communication terminal between the external communication terminal and the internal communication terminal, by using the encryption communication key received from the management server; and
the external communication terminal performs encryption communication with the internal communication terminal without involving the management server.
1 Assignment
0 Petitions
Accused Products
Abstract
In an encryption communication using VPN technologies, a load on a VPN system becomes large if the number of communication terminals increases. When an external terminal accesses via an internal terminal an application server, processes become complicated because it is necessary to perform authentication at VPN and authentication at the application server. A management server is provided for managing external terminals, internal terminals and application servers. The management server authenticates each communication terminal and operates to establish an encryption communication path between communication terminals. Authentication of each terminal by the management server relies upon a validation server. When the external terminal performs encryption communication with the application server via the internal terminal, two encryption communication paths are established and used between the external terminal and internal terminal and between the internal terminal and application server.
53 Citations
13 Claims
-
1. A communication system including an internal communication terminal coupled to an intra-organization network, an external communication terminal for accessing the internal communication terminal from an outside of the intra-organization network, and a management server for managing the inter communication terminal and the external communication terminal, wherein:
-
the internal communication terminal establishes an encryption communication path between communication terminal and management server for establishing an encryption communication path, to the management server, by performing beforehand authentication;
the external communication terminal establishes the encryption communication path between communication terminal and management server, to the management server;
the external communication terminal transmits a connection request for the internal communication terminal to the management server;
the external communication terminal transmits a connection request for the internal communication terminal to the management server;
the management server generates an encryption communication key for encrypting communication between the external communication terminal and the internal communication terminal, and transmits a connection request for connection from the external communication terminal to the internal communication terminal and the generated encryption communication key to the internal communication terminal by using the already established encryption communication path between the communication terminal and management server;
the internal communication terminal supplies a judgment of whether the connection request from the external communication terminal is permitted, to the management server;
if a judgment result received from the internal communication terminal indicates a communication permission, the management server transmits the generated encryption communication key to the internal communication terminal via the already established encryption communication path between communication terminal and management server;
the external communication terminal and the internal communication terminal establish encryption communication path betweens between communication terminals for establishing a communication terminal between the external communication terminal and the internal communication terminal, by using the encryption communication key received from the management server; and
the external communication terminal performs encryption communication with the internal communication terminal without involving the management server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A communication system including an internal communication terminal coupled to an intra-organization network, an external communication terminal for accessing the internal communication terminal from an outside of the intra-organization network, a management server for managing the inter communication terminal and the external communication terminal, and an application server for providing services, wherein:
-
the management server generates an encryption key for performing encryption communication between the external communication terminal and the internal communication terminal without involving the management server, and transmits the encryption key to the external communication terminal and the internal communication terminal to establish a first encryption communication path between terminals;
the external communication terminal transmits start control information for starting a process request for the application server to the internal communication terminal by using the first encryption communication path between terminals;
the internal communication terminal transmits a connection request for the application server to the management server, in accordance with the start control information received from the external communication terminal;
the management server;
generates an encryption key for performing encryption communication between the external communication terminal and the application server without involving the management server, and transmits the encryption key to the external communication terminal and the application server to establish a second encryption communication path between terminals; and
in response to the start control information received from the external communication terminal, notifies the external communication terminal of establishment of the second encryption communication path between terminal;
in response to the notice, the external communication terminal transmits control information for requesting the application server about a process to the internal communication terminal; and
the internal communication terminal;
requests the application server about the process in accordance with the process control information received from the external communication terminal, by using the second encryption communication path between terminals;
receives a process result of the control information from the application server; and
transmits process result information on the process result to the external communication terminal by using the first encryption communication path between terminals. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification