Security management method for network system

US 6,275,941 B1
Filed: 03/27/1998
Issued: 08/14/2001
Est. Priority Date: 03/28/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A security management method for a network system in which a client, an application server and an integrated authentication server can communicate with each other through a network, said security management method comprising the steps of:

making a service request by transmitting information of a certificate from said client to said application server;

transmitting the information of the certificate from said application server to said integrated authentication server to request said integrated authentication server to confirm said certificate;

confirming, by said integrated authentication server, said certificate and checking a user for right to access said application server; and

if valid, transmitting a user ID and a password to said application server to perform, by said application server, authentication based on said user ID and said password, wherein said client records, as access history information, results of security check including a result of the confirmation of said certificate which is executed by said integrated authentication server and said application server between initial log-in to the system and final log-off from the system, a result of checking right to access said application server, a result of authentication of said user ID and said password, and a result of checking the right to access data held by said application server, wherein said integrated authentication server records, as access history information, the result of the confirmation of said certificate and the result of the security check including checking the right to access said application server, and wherein said security management method further comprises the steps of;

transmitting, by said client, said access history information recorded by said client to said integrated authentication server, and receiving, by said authentication server, said access history information recorded by said client, and collating said access history information recorded by said client with said access history information recorded by said authentication server to check whether accessing performed by said client is proper.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of application servers, a client, an integrated authentication server and a security information management server are connected to a network. A user having different combinations of user ID'"'"'s and passwords or certificates for a plurality of kinds of services processed by the plurality of application servers makes requests for services to the individual application servers through the client by using a common integrated certificate. An application server receiving the integrated certificate from the client transfers it to the integrated authentication server. The integrated authentication server checks information of the security information management server to decide whether the right of the user to access the service is valid and when valid, transmits to the application server a combination of a user ID of the user and a password or a certificate concerning the service. The application server performs user authentication for the user on the basis of the combination of the user ID and the password or the certificate.

Citations

26 Claims

1. A security management method for a network system in which a client, an application server and an integrated authentication server can communicate with each other through a network, said security management method comprising the steps of:
- making a service request by transmitting information of a certificate from said client to said application server;
  
  transmitting the information of the certificate from said application server to said integrated authentication server to request said integrated authentication server to confirm said certificate;
  
  confirming, by said integrated authentication server, said certificate and checking a user for right to access said application server; and
  
  if valid, transmitting a user ID and a password to said application server to perform, by said application server, authentication based on said user ID and said password, wherein said client records, as access history information, results of security check including a result of the confirmation of said certificate which is executed by said integrated authentication server and said application server between initial log-in to the system and final log-off from the system, a result of checking right to access said application server, a result of authentication of said user ID and said password, and a result of checking the right to access data held by said application server, wherein said integrated authentication server records, as access history information, the result of the confirmation of said certificate and the result of the security check including checking the right to access said application server, and wherein said security management method further comprises the steps of;
  
  transmitting, by said client, said access history information recorded by said client to said integrated authentication server, and receiving, by said authentication server, said access history information recorded by said client, and collating said access history information recorded by said client with said access history information recorded by said authentication server to check whether accessing performed by said client is proper.

2. A security management method for a network system in which a client, an application server and an integrated authentication server can communicate with each other through a network, said security management method comprising the steps of:
- making a service request by transmitting information of a certificate from said client to said application server;
  
  confirming, by said application server, said certificate and transmitting the information of said certificate from said application server to said integrated authentication server to request a user ID and a password, checking, by said integrated authentication server, a user for right to access said application server and if valid, transmitting said user ID and said password to said application server; and
  
  performing, by said application server, authentication based on said user ID and said password, wherein said client records, as access history information, results of security check including a result of the confirmation of said certificate which is executed by said integrated authentication server and said application server between initial log-in to the system and final log-off from the system, a result of checking the right to access said application server, a result of authentication of said user ID and said password, and a result of checking right to access data held by said application server, wherein said integrated authentication server records, as access history information, the result of the security check including checking right to access said application server, and wherein said security management method further comprises the steps of;
  
  transmitting, by said client, said access history information recorded by said client to said integrated authentication server, and receiving, by said authentication server, said access history information recorded by said client, and collating said access history information recorded by said client with said access history information recorded by said authentication server to check whether accessing performed by said client is proper.

3. A security control method for a network system in which a first computer, a second computer and a third computer can communicate with each other through a network, said security control method comprising the steps of:
- making a service request by transmitting information of a certificate from said first computer to said second computer;
  
  transmitting said information of said certificate from said second computer to said third computer to request said third computer to confirm validity of said certificate;
  
  confirming, by said third computer, validity of said certificate, thereby checking whether a user has a right to access a fourth computer;
  
  if said certificate is valid, transmitting a user identification (ID) and password from said third computer to said second computer to permit said first computer to access said fourth computer using said user ID and password, recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
  
  recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
  
  transmitting, by said first computer, said access history information of said first computer to said third computer; and
  
  receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper.
- View Dependent Claims (4, 5, 6)
- - 4. A security control method according to claim 3, wherein said fourth computer is indirectly connected to said first computer.
  - 5. A security control method according to claim 4, wherein said first computer is a client, said second computer is an application server and said third computer is an integrated authentication server.
  - 6. A security control method according to claim 3, wherein said first computer is a client, said second computer is an application server and said third computer is an integrated authentication server.

7. A security control method for validating a certificate in a network system, comprising the steps of:
- receiving a service request including information of a certificate from a first computer;
  
  transmitting said information of said certificate to a second computer to request said second computer to confirm validity of said certificate;
  
  receiving from said second computer information indicating whether said certificate is valid, wherein a valid certificate indicates that a user has a right to access a third computer, wherein if said information from said second computer indicates that said certificate is valid, said information includes a user identification (ID) and password for use by said first computer when accessing said third computer, recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
  
  recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
  
  transmitting, by said first computer, said access history information of said first computer to said third computer; and
  
  receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper.
- View Dependent Claims (8, 9, 10)
- - 8. A security control method according to claim 7, wherein said third computer is indirectly connected to said first computer.
  - 9. A security control method according to claim 8, wherein said first computer is a client and said second computer is an integrated authentication server.
  - 10. A security control method according to claim 7, wherein said first computer is a client and said second computer is an integrated authentication server.

11. A processing apparatus for use in a network system in which a plurality of processing apparatuses can communicate with each other through a network, said processing apparatus comprising:
- a processing unit which receives a service request including information of a certificate from a first processing apparatus, transmits said information of said certificate to a second processing apparatus to request said second processing apparatus to confirm validity of said certificate, and receives from said second processing apparatus information indicating whether said certificate is valid, wherein a valid certificate indicates that a user has a right to access a third processing apparatus, wherein if said information from said processing apparatus indicates that said certificate is valid, said information from said second processing apparatus includes a user identification (ID) and password for use by said first processing apparatus when accessing said third processing apparatus, wherein said first processing apparatus records an access history of said first processing apparatus between initial log-in to the system to final log-off from the system as access history information of said first processing apparatus;
  
  wherein reordering, said third processing apparatus records an access history of said third processing apparatus concerning accesses performed by said first processing apparatus as access history information of said third processing apparatus;
  
  wherein said first processing apparatus transmits said access history information of said first processing apparatus to said third processing apparatus, and wherein said third processing apparatus receives said access history information of said first processing apparatus, and collates said access history information of said first processing apparatus with said access history information of said third processing apparatus to check whether access performed by said first processing apparatus is proper.
- View Dependent Claims (12, 13, 14)
- - 12. A processing apparatus according to claim 11, wherein said third processing apparatus is indirectly connected to said first processing apparatus.
  - 13. A processing apparatus according to claim 12, wherein said processing apparatus is an application server, said first processing apparatus is a client and said second processing apparatus is an integrated authentication server.
  - 14. A processing apparatus according to claim 11, wherein said processing apparatus is an application server, said first processing apparatus is a client and said second processing apparatus is an integrated authentication server.

15. A computer program stored on a computer readable storage medium for performing security control in a network system in which a first computer, a second computer and third computer can communicate with each other through a network, said computer program, when executed, causes a computer to perform the steps of:
- making a service request by transmitting information of a certificate from said first computer to said second computer;
  
  transmitting said information of said certificate from said second computer to said third computer to request said third computer to confirm validity of said certificate;
  
  confirming, by said third computer, validity of said certificate, thereby checking whether a user has a right to access a fourth computer;
  
  if said certificate is valid, transmitting a user identification (ID) and password from said third computer to said second computer to permit said first computer to access said fourth computer using said user ID and password;
  
  recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
  
  recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
  
  transmitting, by said first computer, said access history information of said first computer to said third computer; and
  
  receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper.
- View Dependent Claims (16, 17, 18)
- - 16. A computer program according to claim 15, wherein said fourth computer is indirectly connected to said first computer.
  - 17. A computer program according to claim 16, wherein said first computer is a client, second computer is an application server and said third computer is an integrated authentication server.
  - 18. A computer program according to claim 15, wherein said first computer is a client, second computer is an application server and said third computer is an integrated authentication server.

19. A computer program stored on a computer readable storage medium for performing security control by validating a certificate in a network system, said computer program, when executed, causes a computer to perform the steps of:
- receiving a service request including information of a certificate from a first computer;
  
  transmitting said information of said certificate to a second computer to request said second computer to confirm validity of said certificate;
  
  receiving from said second computer information indicating whether said certificate is valid, wherein a valid certificate indicates that a user has right to access a third computer, wherein if said information from said second computer indicates that said certificate is valid, said information from said second computer includes a user identification (ID) and password for use by said first computer when accessing said third computer;
  
  recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
  
  recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
  
  transmitting, by said first computer, said access history information of said first computer to said third computer; and
  
  receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper.
- View Dependent Claims (20, 21, 22)
- - 20. A computer program according to claim 19, wherein said third computer is indirectly connected to said first computer.
  - 21. A computer program according to claim 19, wherein said first computer is a client and said second computer is an integrated authentication server.
  - 22. A computer program according to claim 21, wherein said first computer is a client and said second computer is an integrated authentication server.

23. A network system comprising:
- a network; and
  
  a plurality of computers capable of communicating with each other through said network, wherein a first computer makes a service request by transmitting information of a certificate from said first computer to a second computer, wherein said second computer, in response to said service request, transmits said information of said certificate to a third computer to request said third computer to confirm said validity of said certification, wherein said third computer, in response to said information of said certificate, confirms validity of said certificate by checking whether a user has right to a access a fourth computer, wherein said third computer, if said certificate is valid, transmits a user identification (ID) and password to said second computer to permit said first computer to access said fourth computer using said user ID and password, wherein said first computer records an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer, wherein said third computer records an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer, wherein said first computer transmits said access history information of said first computer to said third computer, and wherein said third computer receives said access history information of said first computer, and collates said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper.
- View Dependent Claims (24, 25, 26)
- - 24. A network system according to claim 23, wherein said fourth computer is indirectly connected to said first computer.
  - 25. A network system according to claim 24, wherein said first computer is a client, said second computer is an application server and said third computer is an integrated authentication server.
  - 26. A network system according to claim 23, wherein said first computer is a client, said second computer is an application server, and said third computer is an integrated authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi America Limited (Hitachi, Ltd.)
Inventors
Shimizu, Michihiro, Ikeuchi, Manabu, Saito, Yoko
Primary Examiner(s)
Lee, Thomas
Assistant Examiner(s)
NGUYEN, NGUYEN X

Application Number

US09/048,986
Time in Patent Office

1,236 Days
Field of Search

713/201, 713/182, 713/175
US Class Current

726/2
CPC Class Codes

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

G06F 2221/2115   Third party

H04L 63/0428   wherein the data content is...

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

Security management method for network system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Security management method for network system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links