Network connection system

US 7,681,037 B2
Filed: 03/02/2004
Issued: 03/16/2010
Est. Priority Date: 03/05/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A network connection system comprising:

a client machine;

an authentication server machine; and

a connection server machine;

wherein;

the authentication server machine includes;

a retention unit configured to store second connection authentication information generated by the connection server machine based on user identification information and to store an association between the second connection authentication information and a connection server address of the connection server machine;

a first unit configured to acquire, from the client machine, second connection authentication information that is generated by the client machine based on user identification information input into the client machine and to acquire a client address of the client machine once the first unit receives a connection request from the client machine; and

a second unit configured to transmit the client address to the connection server address associated with the second connection authentication information acquired by the first unit and to transmit the connection server address to the client machine, the authentication server machine transmitting the connection server address to the client machine in an authentication process before having ever received the connection server address from the client machine in the same authentication process;

the client machine includes;

a third unit configured to transmit in a message the second connection authentication information generated by the client machine to the authentication server machine together with the connection request, the message lacking the address of the connection server machine;

a fourth unit configured to receive the connection server address from the authentication server machine; and

a fifth unit configured to prepare first connection authentication information based on the user identification information input into the client machine and to transmit the first connection authentication information to the connection server address of the connection server machine;

the connection server machine includes;

a sixth unit configured to allow the first connection authentication information to be received from the client machine, the client address being received from the authentication server machine; and

a seventh unit configured to perform itself an authentication process by using the first connection authentication information transmitted from the client address, andthe authentication server machine, in response to receiving the second connection authentication information from the client machine, searches the retention unit for the second connection authentication information to determine the connection server address associated with the second connection authentication information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network connection system includes a client apparatus, an authentication server, and a connection server. The authentication server authenticates a user of the client apparatus and transmits a network address of the client apparatus to the connection server. When information indicating the transition to a connection wait state is received from the connection server, the network address of the connection server is transmitted to the client. The client apparatus transmits an encrypted user name and password to the network address. The connection server 11 conducts authentication using the encrypted user name and password.

Citations

11 Claims

1. A network connection system comprising:
- a client machine;
  
  an authentication server machine; and
  
  a connection server machine;
  
  wherein;
  
  the authentication server machine includes;
  
  a retention unit configured to store second connection authentication information generated by the connection server machine based on user identification information and to store an association between the second connection authentication information and a connection server address of the connection server machine;
  
  a first unit configured to acquire, from the client machine, second connection authentication information that is generated by the client machine based on user identification information input into the client machine and to acquire a client address of the client machine once the first unit receives a connection request from the client machine; and
  
  a second unit configured to transmit the client address to the connection server address associated with the second connection authentication information acquired by the first unit and to transmit the connection server address to the client machine, the authentication server machine transmitting the connection server address to the client machine in an authentication process before having ever received the connection server address from the client machine in the same authentication process;
  
  the client machine includes;
  
  a third unit configured to transmit in a message the second connection authentication information generated by the client machine to the authentication server machine together with the connection request, the message lacking the address of the connection server machine;
  
  a fourth unit configured to receive the connection server address from the authentication server machine; and
  
  a fifth unit configured to prepare first connection authentication information based on the user identification information input into the client machine and to transmit the first connection authentication information to the connection server address of the connection server machine;
  
  the connection server machine includes;
  
  a sixth unit configured to allow the first connection authentication information to be received from the client machine, the client address being received from the authentication server machine; and
  
  a seventh unit configured to perform itself an authentication process by using the first connection authentication information transmitted from the client address, andthe authentication server machine, in response to receiving the second connection authentication information from the client machine, searches the retention unit for the second connection authentication information to determine the connection server address associated with the second connection authentication information.
- View Dependent Claims (2, 3)
- - 2. The network connection system according to claim 1, wherein the second connection authentication information is a message digest of the first connection authentication information.
  - 3. The network connection system according to claim 1, wherein the sixth unit of the connection server machine allows the first connection authentication information to be received from the client address for a limited time period.

4. An authentication server machine connected to a plurality of client machines and a plurality of connection server machines, the authentication server machine comprising:
- a retention unit configured to store second connection authentication information generated based on user identification information and to store an association between each second connection authentication information and a connection server address of a corresponding connection server machine;
  
  a first unit configured to acquire the second connection authentication information from a client machine and a client address once the first unit receives a connection request from the client machine; and
  
  a second unit configured to transmit the acquired client address to the connection server address of the connection server machine associated with the acquired second connection authentication information, and to transmit the connection server address to the client machine which has transmitted the connection request, whereinthe authentication server machine, in response to receiving the second connection authentication information from the client machine, searches the retention unit for the second connection authentication information to determine the connection server address associated with the second connection authentication information, andthe authentication server machine transmits the connection server address to the client machine in an authentication process before having ever received the connection server address from the client machine in the same authentication process.

5. A network connection system comprising:
- a client machine;
  
  an authentication server machine; and
  
  a connection server machine, wherein;
  
  the authentication server machine includes;
  
  a retention unit configured to store a first encrypted user name and a first encrypted password, which are encrypted by a first encryption method, and to store an association between a connection server address of the connection server machine and the first encrypted user name and the first encrypted password;
  
  a first unit configured to acquire the first encrypted user name and the first encrypted password and a client address once the first unit receives a connection request from the client machine, the first encrypted user name and the first encrypted password being an identification information for identifying a user of the client machine anda second unit configured to transmit the acquired client address to the connection server address associated with the user identification information, to receive from the connection server machine information indicating that the connection server machine has shifted to a connection wait state, and to transmit the connection server address to the client machine, the authentication server machine transmitting the connection server address to the client machine in an authentication process before having ever received the connection server address from the client machine in the same authentication process;
  
  the client machine includes;
  
  a third unit configured to transmit to the authentication server machine in a message the first encrypted user name and the first encrypted password, which are encrypted by the first encryption method, together with the connection request, the message lacking the address of the connection server machine;
  
  a fourth unit configured to receive the connection server address from the authentication server machine, and to transmit to the connection server address a second encrypted user name and a second encrypted password, which are generated by encrypting using a second encryption method a user name and a password input by the user, andthe authentication server machine, in response to receiving the first encrypted user name and the first encrypted password from the client machine, searches the retention unit for the first encrypted user name and the first encrypted password to determine the connection server address associated with the first encrypted user name and the first encrypted password.

6. An authentication server machine operating with a plurality of client machines and a plurality of connection server machines, the authentication server machine comprising:
- a retention unit configured to store user names and passwords, which are encrypted by a predetermined method, and to store associations between both of each user name and each password and a connection server address of a corresponding connection server machine;
  
  a first unit configured to acquire an acquired encrypted user name, an acquired encrypted password, and an acquired client address once the first unit receives a connection request from the client machine, the encrypted user name and password being an identification information of a user of the client machine; and
  
  a second unit configured to transmit the acquired client address to the connection server address associated with the acquired encrypted user name and password, to receive from the connection server machine information indicating that the connection server machine has shifted from a state in which authentication information is not allowed to be received from the client address to a state in which authentication information is allowed to be received from the client address, and to transmit the connection server address to the client machine, which has issued the connection request, whereinthe authentication server machine, in response to receiving the identification information of a user of the client machine from the client machine, searches the retention unit for the identification information of a user of the client machine to determine the connection server address associated with the identification information of a user of the client machine, andthe authentication server machine transmits the connection server address to the client machine in an authentication process before having ever received the connection server address from the client machine in a same authentication process.

7. A connection method using a network connection system including a client apparatus, an authentication server, and a connection server, the method comprising:
- storing in the authentication server second connection authentication information generated by the connection server based on first connection authentication information;
  
  associating the second connection authentication information with a connection server address of the connection server;
  
  transmitting in a message by the client apparatus to the authentication server a second connection authentication information generated by the client apparatus as user identification information together with a connection request, the message lacking an address of the connection server;
  
  acquiring a client address and the user identifying information from the client apparatus once the authentication server receives the connection request from the client apparatus;
  
  transmitting the client address to the connection server address of the connection server once the user identification information is authenticated based on the second connection authentication information;
  
  transmitting, by the authentication server, the connection server address to the client apparatus, the authentication server transmitting the connection server address to the client apparatus in an authentication process before having ever received the connection server address from the client apparatus in the same authentication process;
  
  receiving by the client apparatus the connection server address from the authentication server;
  
  transmitting by the client apparatus a first connection authentication information to the connection server address;
  
  receiving by the connection server the first connection authentication information from the client address; and
  
  performing an authentication process by using the first connection authentication information transmitted from the client address.
- View Dependent Claims (8)
- - 8. The connection method according to claim 7, further comprising:
    - allowing the connection server to receive the first connection authentication information from the client address for a limited time period.

9. A connection method using a network connection system including a client apparatus, an authentication server, and a connection server, the method comprising:
- storing by the authentication server a user name and a password which are encrypted by a first encryption method;
  
  storing in a retention unit in the authentication server an association between both the encrypted user name and the encrypted password and a connection server address of the connection server;
  
  transmitting in a message by the client apparatus to the authentication server a connection request and the user name and the password which are encrypted by the first encryption method, the message lacking an address of the connection server;
  
  receiving by the authentication server the connection request from the client apparatus;
  
  acquiring a client address of the client apparatus and the user name and the password, which are encrypted by the first encryption method, as information identifying a user of the client apparatus;
  
  searching, by the authentication server, in response to receiving the information identifying the user of the client apparatus from the client apparatus, the retention unit for the information identifying the user of the client apparatus to determine the connection server address associated with the information identifying the user of the client apparatus;
  
  transmitting, by the authentication server, the connection server address to the client apparatus in an authentication process before having ever received the connection server address from the client apparatus in the same authentication process;
  
  transmitting the client address to the connection server address;
  
  receiving by the connection server the client address;
  
  switching, by the connection server, from a state in which authentication information is not allowed to be received from the client address to a state in which authentication information is allowed to be received from the client address, the switching occurring in response to the receiving of the client address;
  
  transmitting to the authentication server information indicating that the connection server has shifted to a connection wait state in which the connection server allows communication from the address of the client apparatus for a predetermined period;
  
  encrypting using a second encryption method a user name and a password input by a user;
  
  transmitting to the connection server address the user name and the password which are encrypted by the second encryption method; and
  
  performing, by the connection server, an authentication process by using the user name and the password which are encrypted by the second encryption method and are received by the connection server from the client apparatus.
- View Dependent Claims (10)
- - 10. The connection method according to claim 9, further comprising:
    - after a limited time period has elapsed since the connection server performs the switching, switching back from the state in which authentication information is allowed to be received from the client address to the state in which authentication information is not allowed to be received from the client address.

11. A computer readable storage medium storing a program causing a computer of a client apparatus to execute an access processing to a network system including an authentication server and a connection server, wherein,the authentication server includes (i) a first unit that acquires, from the connection server, an address of the connection server and user identification information encrypted by the connection server with a first encryption method and (ii) a first retention unit that stores the address of the connection server and the encrypted user identification information which are acquired by the first unit,the connection server includes a second retention unit that stores unique information which is unique to the client apparatus and the user identification information,the client apparatus includes a third retention unit that stores an address of the authentication server, first information and second information, wherein the first information is generated by the connection server by encrypting predetermined information with the unique information as a key and the second information is generated by the connection server by encrypting predetermined information with the user identification information as a key,the access processing comprising:
- requesting a user to enter user identification information,receiving user identification information from the user,generating unique information which is unique to the client apparatus in response to receiving the user identification information,decrypting the first information stored in the third retention unit by using the generated unique information as a key,decrypting the second information stored in the third retention unit by using the received user identification information as a key,judging whether the decrypted first and second information are correct,encrypting the received user identification information with the first encryption method if the decrypted first and second information is correct,transmitting in a message, to the authentication server, an access request and the received used identification information encrypted with the first encryption method, the message lacking the address of the connection server, andreceiving from the authentication server the address of the connection server before having ever transmitted the connection server address to the authentication server in the same access processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fuji Xerox Company Limited (Fujifilm Holdings Corporation)
Original Assignee
Fuji Xerox Company Limited (Fujifilm Holdings Corporation)
Inventors
Yoshida, Takeo
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Louie; Oscar A

Application Number

US10/790,082
Publication Number

US 20040177248A1
Time in Patent Office

2,205 Days
Field of Search

713/186, 713168-171, 713181-184, 713/153, 713/155, 726/2, 726/3, 726/11, 726/12, 726/16, 726/17, 726/21, 726/8, 726/26, 726/27, 380/44, 380/45, 380/59, 380/277, 380/278, 380283-285
US Class Current

713/168
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

Network connection system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Network connection system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links