Repeater and network system utililzing the same
First Claim
1. A method for establishing a connection from a transmission terminal to a destination terminal in a network, via a plurality of firewalls arranged to control access thereto, said method comprising:
- transmitting, at said transmission terminal, a connection request for connection designating said destination terminal as destination;
authenticating, at each of said firewalls, a user depending upon user identification associated with said connection request, and confirming acceptance of said connection request, at each of said firewalls;
authenticating, at said destination terminal, the user depending upon user identification associated with said connection request, and confirming acceptance of said connection request after having each of said firewalls authenticated a user of said transmission terminal; and
establishing said connection between said transmission terminal and said destination terminal, via said firewalls.
0 Assignments
0 Petitions
Accused Products
Abstract
In view of providing a network system enabling communication having passed fire walls (repeaters) and assuring high security and operation flexibility through access control based on users and applications, a user-held table indicating correspondence between repeaters and passwords, a repeater-held table indicating correspondence between users and passwords and a table indicating access regions are defined respectively for users, departments of users and official positions of users and a route control information storing table indicating correspondence between networks and next transmitting destination is also provided to execute the access control for each user. Moreover, the repeater is provided with the repeating route control table so that a repeater located in the course of route to the transmitting destination computer and allowing communication from the transmitting side computer is selected from the data repeating control table and the process for requesting the repeating operation of communication with the destination is executed to the selected repeater.
-
Citations
29 Claims
-
1. A method for establishing a connection from a transmission terminal to a destination terminal in a network, via a plurality of firewalls arranged to control access thereto, said method comprising:
- transmitting, at said transmission terminal, a connection request for connection designating said destination terminal as destination;
authenticating, at each of said firewalls, a user depending upon user identification associated with said connection request, and confirming acceptance of said connection request, at each of said firewalls;
authenticating, at said destination terminal, the user depending upon user identification associated with said connection request, and confirming acceptance of said connection request after having each of said firewalls authenticated a user of said transmission terminal; and
establishing said connection between said transmission terminal and said destination terminal, via said firewalls. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
receiving said connection request from said transmission terminal at a first firewall, and confirming that said first firewall has accepted said connection request; and
receiving another connection request from said transmission terminal at a next firewall, confirming that the next firewall has accepted said connection request, and repeating until a last firewall has accepted said connection request from said transmission terminal for connection with said destination terminal.
- transmitting, at said transmission terminal, a connection request for connection designating said destination terminal as destination;
-
3. The method according to claim 2, wherein said step of having said destination terminal authenticated a user of said transmission terminal further comprises:
receiving said connection request from said transmission terminal at said destination terminal, and confirming that said destination terminal has accepted said connection request.
-
4. The method according to claim 1, wherein each of said firewalls further comprises an access control table which stores correspondence between at least one attribute of at least one user and accessible range of said network, and wherein each of said firewalls checks said connection request based on said at least one attribute of said user associated with said connection request and said accessible range of said network in said access control table.
-
5. The method according to claim 4, wherein each of said firewalls makes a comparison between a destination terminal name field of said connection request and a destination terminal name according to said repeating route control table, and determines a next destination with reference to said repeating route control table based on said comparison.
-
6. The method according to claim 1, wherein each of said firewalls further comprises a repeating route control table which stores information of said destination terminal or a firewall provided to establish a communication route between said transmission terminal and said destination terminal.
-
7. The method according to claim 1, wherein each of said firewalls further comprises an access control table which stores at least one correspondence between a first address area including said destination terminal and an address of another firewall provided to transfer the data to said first address area.
-
8. The method according to claim 1, wherein each of said firewalls transmits said connection request to a next destination based on access control information, and wherein said next destination is provided to check said connection request referring to user information field associated with said connection request.
-
9. A method for establishing a connection from a transmission terminal to a destination terminal via a plurality of firewalls arranged to control access thereto, said method comprising the steps of:
-
receiving, at each of said firewalls successively, a connection request packet from said transmission terminal, identifying a user of said transmission terminal depending upon user identification included in said connection request packet, and returning a connection confirming packet containing a result of said user identification back to said transmission terminal; and
receiving, at said destination terminal, said connection request packet from said transmission terminal, identifying a user of said transmission terminal depending upon user identification included in said connection request packet, and returning a connection confirming packet containing a result of said user identification back to said transmission terminal, after having each of said firewalls identified a user of said transmission terminal; and
establishing a connection between said transmission terminal and said destination terminal, via said firewalls.
-
-
10. A network system comprising:
-
a transmission terminal;
a firewall arranged to execute access control; and
a destination terminal;
wherein said transmission terminal transmits a connection request packet designating said destination terminal and including at least one attribute of a user of said transmission terminal in a user information field;
wherein said firewall, under a data transfer condition regarding said connection request packet, transfers said connection request packet toward said destination terminal, and under no data transfer condition regarding said connection request packet, checks said connection request packet for user authentication and transmits a connection confirming packet including a result of said user authentication designating said transmission terminal; and
wherein said transmission terminal, in the case of said connection confirming packet indicative that said firewall has accepted said connection request packet, transmits another connection request packet designating said destination terminal, and in the case of said connection confirming packet indicative that said destination terminal has accepted said connection request packet, confirms a communication route between said transmission terminal and said destination terminal is established. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A network system having at least two networks each being connected to at least one terminal, said network system comprising:
-
a transmission terminal arranged to transmit a connection request packet designating a destination terminal and including at least one user attribute in a user information field;
a repeater arranged to connect said networks together, and configured to receive said connection request packet, and identify said user by referring to said user information field stored in said connection request packet; and
a destination terminal arranged to transmit a connection confirming packet as a response to said connection request packet, and configured to receive said connection request packet, and identify said user by referring to said user information field stored in said connection request packet, wherein said transmission terminal confirms that each of said repeater and said destination terminal identifies said user and a communication route between said transmission terminal and said destination terminal is established. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A communication system having a client apparatus and a server apparatus in a network having repeaters that conceal routing information from the client apparatus, the client apparatus establishing a connection and communicating with the server apparatus via the plurality of the repeaters,
each of the repeaters and the client apparatus comprising: -
a repeating route control table that stores destination of a connection request in case of connecting with another apparatus and an identification of a next apparatus to be connected in case of sending the connection request to the destination;
each of the repeaters comprising;
means for, in response to the connection request, requesting a connection from the client apparatus to the server apparatus, from the client apparatus or the preceding repeater, determining a next destination of the connection request based on identification of the server apparatus in the connection request, and selecting either the server apparatus or the next repeater based on the next destination according to the repeating route control table;
means for connecting to the next repeater in case of selecting the next repeater;
means for re-sending the connection request to the connected next repeater; and
means for receiving a response to the connection request from the next repeater and sending the response to either the preceding repeater or the client apparatus; and
the client apparatus comprising;
means for, in case of requesting a connection with the server apparatus, determining a next destination of the connection request based on the identification of the server apparatus, and selecting the next repeater based on the next destination;
means for connecting to the selected repeater;
means for sending a connection request with the server apparatus to the connected repeater;
means for deciding whether to client apparatus is connected to the server apparatus or not based on a result of a connection request received from the repeater requesting the connection to the server apparatus; and
means for sending a connection request with the server apparatus to the connected repeater, when the decision indicates the client apparatus is connected not to the server apparatus but to the repeater. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
an authentication information table which correlates and stores information for authentication with information for identifying another apparatus; and
means, in case of reception the connection request including the identification, for authenticating another apparatus identified by the identification based on the authentication information table.
-
-
24. The communication system according to claim 23, wherein the authentication information table of the client apparatus comprise an identification and information for authentication, both of which are for authenticating each of the repeaters;
-
wherein the authentication information table of each of the repeater comprises an identification and information for authentication, both of which are for authenticating the client apparatus; and
wherein the client apparatus further comprises means for authenticating each of the repeaters.
-
-
25. The communication system according to claim 23,
wherein the authentication information table of the client apparatus comprises an identification and information for authentication for authenticating the next repeater; -
wherein the authentication information table of each of the repeater comprises an identification and information for authentication for authenticating the next repeater; and
wherein the client apparatus and the repeaters comprise means for authenticating the next apparatus.
-
-
26. The communication system according to claim 21, wherein the client apparatus and one of the repeaters further comprise:
-
means for having the same information for encryption; and
means for communicating encrypted data with each other using the same information for encryption.
-
-
27. The communication system according to claim 21, wherein the client apparatus and the repeaters further comprise:
-
means for having the same encryption information as the next apparatus; and
means for communicating encrypted data with the next apparatus using the same encryption information.
-
-
28. The communication system according to claim 21, wherein the client apparatus and one of the repeaters comprise:
-
means for sending information for revising information in the repeating route control table to another apparatus; and
means for revising information in the repeating route control table according to the information sent from the another apparatus for revising.
-
-
29. The communication system according to claim 21,
wherein the repeating route control table of the client apparatus or the repeater further comprises priority information assigning a priority to information in the repeating route control table; -
wherein the client apparatus and one of the repeaters comprises;
means for sending information indicative of changing the priority in the repeating route control table of other apparatuses; and
means for changing the priority in the repeating route control table according to the information indicative of changing the priority received from the other apparatuses; and
wherein means for selecting the next repeater selects one of the other apparatuses using the priority information in the repeating route control table.
-
Specification