×

Security management method for network system

  • US 6,275,941 B1
  • Filed: 03/27/1998
  • Issued: 08/14/2001
  • Est. Priority Date: 03/28/1997
  • Status: Expired due to Fees
First Claim
Patent Images

1. A security management method for a network system in which a client, an application server and an integrated authentication server can communicate with each other through a network, said security management method comprising the steps of:

  • making a service request by transmitting information of a certificate from said client to said application server;

    transmitting the information of the certificate from said application server to said integrated authentication server to request said integrated authentication server to confirm said certificate;

    confirming, by said integrated authentication server, said certificate and checking a user for right to access said application server; and

    if valid, transmitting a user ID and a password to said application server to perform, by said application server, authentication based on said user ID and said password, wherein said client records, as access history information, results of security check including a result of the confirmation of said certificate which is executed by said integrated authentication server and said application server between initial log-in to the system and final log-off from the system, a result of checking right to access said application server, a result of authentication of said user ID and said password, and a result of checking the right to access data held by said application server, wherein said integrated authentication server records, as access history information, the result of the confirmation of said certificate and the result of the security check including checking the right to access said application server, and wherein said security management method further comprises the steps of;

    transmitting, by said client, said access history information recorded by said client to said integrated authentication server, and receiving, by said authentication server, said access history information recorded by said client, and collating said access history information recorded by said client with said access history information recorded by said authentication server to check whether accessing performed by said client is proper.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×