Security management method for network system
First Claim
1. A security management method for a network system in which a client, an application server and an integrated authentication server can communicate with each other through a network, said security management method comprising the steps of:
- making a service request by transmitting information of a certificate from said client to said application server;
transmitting the information of the certificate from said application server to said integrated authentication server to request said integrated authentication server to confirm said certificate;
confirming, by said integrated authentication server, said certificate and checking a user for right to access said application server; and
if valid, transmitting a user ID and a password to said application server to perform, by said application server, authentication based on said user ID and said password, wherein said client records, as access history information, results of security check including a result of the confirmation of said certificate which is executed by said integrated authentication server and said application server between initial log-in to the system and final log-off from the system, a result of checking right to access said application server, a result of authentication of said user ID and said password, and a result of checking the right to access data held by said application server, wherein said integrated authentication server records, as access history information, the result of the confirmation of said certificate and the result of the security check including checking the right to access said application server, and wherein said security management method further comprises the steps of;
transmitting, by said client, said access history information recorded by said client to said integrated authentication server, and receiving, by said authentication server, said access history information recorded by said client, and collating said access history information recorded by said client with said access history information recorded by said authentication server to check whether accessing performed by said client is proper.
1 Assignment
0 Petitions
Accused Products
Abstract
A plurality of application servers, a client, an integrated authentication server and a security information management server are connected to a network. A user having different combinations of user ID'"'"'s and passwords or certificates for a plurality of kinds of services processed by the plurality of application servers makes requests for services to the individual application servers through the client by using a common integrated certificate. An application server receiving the integrated certificate from the client transfers it to the integrated authentication server. The integrated authentication server checks information of the security information management server to decide whether the right of the user to access the service is valid and when valid, transmits to the application server a combination of a user ID of the user and a password or a certificate concerning the service. The application server performs user authentication for the user on the basis of the combination of the user ID and the password or the certificate.
-
Citations
26 Claims
-
1. A security management method for a network system in which a client, an application server and an integrated authentication server can communicate with each other through a network, said security management method comprising the steps of:
-
making a service request by transmitting information of a certificate from said client to said application server;
transmitting the information of the certificate from said application server to said integrated authentication server to request said integrated authentication server to confirm said certificate;
confirming, by said integrated authentication server, said certificate and checking a user for right to access said application server; and
if valid, transmitting a user ID and a password to said application server to perform, by said application server, authentication based on said user ID and said password, wherein said client records, as access history information, results of security check including a result of the confirmation of said certificate which is executed by said integrated authentication server and said application server between initial log-in to the system and final log-off from the system, a result of checking right to access said application server, a result of authentication of said user ID and said password, and a result of checking the right to access data held by said application server, wherein said integrated authentication server records, as access history information, the result of the confirmation of said certificate and the result of the security check including checking the right to access said application server, and wherein said security management method further comprises the steps of;
transmitting, by said client, said access history information recorded by said client to said integrated authentication server, and receiving, by said authentication server, said access history information recorded by said client, and collating said access history information recorded by said client with said access history information recorded by said authentication server to check whether accessing performed by said client is proper.
-
-
2. A security management method for a network system in which a client, an application server and an integrated authentication server can communicate with each other through a network, said security management method comprising the steps of:
-
making a service request by transmitting information of a certificate from said client to said application server;
confirming, by said application server, said certificate and transmitting the information of said certificate from said application server to said integrated authentication server to request a user ID and a password, checking, by said integrated authentication server, a user for right to access said application server and if valid, transmitting said user ID and said password to said application server; and
performing, by said application server, authentication based on said user ID and said password, wherein said client records, as access history information, results of security check including a result of the confirmation of said certificate which is executed by said integrated authentication server and said application server between initial log-in to the system and final log-off from the system, a result of checking the right to access said application server, a result of authentication of said user ID and said password, and a result of checking right to access data held by said application server, wherein said integrated authentication server records, as access history information, the result of the security check including checking right to access said application server, and wherein said security management method further comprises the steps of;
transmitting, by said client, said access history information recorded by said client to said integrated authentication server, and receiving, by said authentication server, said access history information recorded by said client, and collating said access history information recorded by said client with said access history information recorded by said authentication server to check whether accessing performed by said client is proper.
-
-
3. A security control method for a network system in which a first computer, a second computer and a third computer can communicate with each other through a network, said security control method comprising the steps of:
-
making a service request by transmitting information of a certificate from said first computer to said second computer;
transmitting said information of said certificate from said second computer to said third computer to request said third computer to confirm validity of said certificate;
confirming, by said third computer, validity of said certificate, thereby checking whether a user has a right to access a fourth computer;
if said certificate is valid, transmitting a user identification (ID) and password from said third computer to said second computer to permit said first computer to access said fourth computer using said user ID and password, recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
transmitting, by said first computer, said access history information of said first computer to said third computer; and
receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper. - View Dependent Claims (4, 5, 6)
-
-
7. A security control method for validating a certificate in a network system, comprising the steps of:
-
receiving a service request including information of a certificate from a first computer;
transmitting said information of said certificate to a second computer to request said second computer to confirm validity of said certificate;
receiving from said second computer information indicating whether said certificate is valid, wherein a valid certificate indicates that a user has a right to access a third computer, wherein if said information from said second computer indicates that said certificate is valid, said information includes a user identification (ID) and password for use by said first computer when accessing said third computer, recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
transmitting, by said first computer, said access history information of said first computer to said third computer; and
receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper. - View Dependent Claims (8, 9, 10)
-
-
11. A processing apparatus for use in a network system in which a plurality of processing apparatuses can communicate with each other through a network, said processing apparatus comprising:
-
a processing unit which receives a service request including information of a certificate from a first processing apparatus, transmits said information of said certificate to a second processing apparatus to request said second processing apparatus to confirm validity of said certificate, and receives from said second processing apparatus information indicating whether said certificate is valid, wherein a valid certificate indicates that a user has a right to access a third processing apparatus, wherein if said information from said processing apparatus indicates that said certificate is valid, said information from said second processing apparatus includes a user identification (ID) and password for use by said first processing apparatus when accessing said third processing apparatus, wherein said first processing apparatus records an access history of said first processing apparatus between initial log-in to the system to final log-off from the system as access history information of said first processing apparatus;
wherein reordering, said third processing apparatus records an access history of said third processing apparatus concerning accesses performed by said first processing apparatus as access history information of said third processing apparatus;
wherein said first processing apparatus transmits said access history information of said first processing apparatus to said third processing apparatus, and wherein said third processing apparatus receives said access history information of said first processing apparatus, and collates said access history information of said first processing apparatus with said access history information of said third processing apparatus to check whether access performed by said first processing apparatus is proper. - View Dependent Claims (12, 13, 14)
-
-
15. A computer program stored on a computer readable storage medium for performing security control in a network system in which a first computer, a second computer and third computer can communicate with each other through a network, said computer program, when executed, causes a computer to perform the steps of:
-
making a service request by transmitting information of a certificate from said first computer to said second computer;
transmitting said information of said certificate from said second computer to said third computer to request said third computer to confirm validity of said certificate;
confirming, by said third computer, validity of said certificate, thereby checking whether a user has a right to access a fourth computer;
if said certificate is valid, transmitting a user identification (ID) and password from said third computer to said second computer to permit said first computer to access said fourth computer using said user ID and password;
recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
transmitting, by said first computer, said access history information of said first computer to said third computer; and
receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper. - View Dependent Claims (16, 17, 18)
-
-
19. A computer program stored on a computer readable storage medium for performing security control by validating a certificate in a network system, said computer program, when executed, causes a computer to perform the steps of:
-
receiving a service request including information of a certificate from a first computer;
transmitting said information of said certificate to a second computer to request said second computer to confirm validity of said certificate;
receiving from said second computer information indicating whether said certificate is valid, wherein a valid certificate indicates that a user has right to access a third computer, wherein if said information from said second computer indicates that said certificate is valid, said information from said second computer includes a user identification (ID) and password for use by said first computer when accessing said third computer;
recording, by said first computer, an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer;
recording, by said third computer, an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer;
transmitting, by said first computer, said access history information of said first computer to said third computer; and
receiving, by said third computer, said access history information of said first computer, and collating said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper. - View Dependent Claims (20, 21, 22)
-
-
23. A network system comprising:
-
a network; and
a plurality of computers capable of communicating with each other through said network, wherein a first computer makes a service request by transmitting information of a certificate from said first computer to a second computer, wherein said second computer, in response to said service request, transmits said information of said certificate to a third computer to request said third computer to confirm said validity of said certification, wherein said third computer, in response to said information of said certificate, confirms validity of said certificate by checking whether a user has right to a access a fourth computer, wherein said third computer, if said certificate is valid, transmits a user identification (ID) and password to said second computer to permit said first computer to access said fourth computer using said user ID and password, wherein said first computer records an access history of said first computer between initial log-in to the system to final log-off from the system as access history information of said first computer, wherein said third computer records an access history of said third computer concerning accesses performed by said first computer as access history information of said third computer, wherein said first computer transmits said access history information of said first computer to said third computer, and wherein said third computer receives said access history information of said first computer, and collates said access history information of said first computer with said access history information of said third computer to check whether access performed by said first computer is proper. - View Dependent Claims (24, 25, 26)
-
Specification