Communication system for establishing higher security communication and server and computer readable medium therefor
First Claim
1. A communication system, comprising a server and at least one client, the communication system being configured to establish, between the server and the at least one client, a first communication based on a first protocol and a second communication based on a second protocol with higher security than the first protocol,wherein the server comprises a server-side processor configured to control:
- an information receiving unit which receives first information for judging feasibility of the second communication from the at least one client via the first communication based on the first protocol, before establishment of the second communication;
an information extracting unit which extracts second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication;
a judging unit which judges whether the second communication between the server and the at least one client is feasible based on the first information and the second information, before establishment of the second communication;
a command sending unit which sends, to the at least one client via the first communication, a command to send a request for establishing the second communication when the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information, before establishment of the second communication; and
a first-communication maintaining unit which maintains the first communication unless the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information,wherein each of the at least one client comprises a client-side processor configured to control;
an information sending unit which sends the first information to the information receiving unit via the first communication;
a command receiving unit which receives the command sent by the command sending unit; and
a request sending unit which sends, to the server, the request for establishing the second communication in response to the command received by the command receiving unit,wherein the first information comprises issuer information of a client certificate stored in the at least one client, the issuer information representing an issuer of the client certificate who has given a digital signature,wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate,wherein the judging unit is configured to judge whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, andwherein the command sending unit is configured to send, to the at least one client, with the server, the command to instruct to send the request for establishing the second communication when the judging unit judges that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
A communication system includes a server and at least one client. The server includes a first communication unit that performs first communication with each client based on a first protocol, a second communication unit that performs second communication with each client based on a second protocol, an information receiving unit that receives first information with the first communication unit, an information extracting unit that extracts second information, a judging unit that judges whether the second communication is feasible based on the first and second information, and a command sending unit that sends a command for issuing a request for establishing the second communication when the second communication is feasible. Each client includes an information sending unit that sends the first information, a command receiving unit that receives the command, and a request sending unit that issues the request to the first communication unit in response to the command.
-
Citations
17 Claims
-
1. A communication system, comprising a server and at least one client, the communication system being configured to establish, between the server and the at least one client, a first communication based on a first protocol and a second communication based on a second protocol with higher security than the first protocol,
wherein the server comprises a server-side processor configured to control: -
an information receiving unit which receives first information for judging feasibility of the second communication from the at least one client via the first communication based on the first protocol, before establishment of the second communication; an information extracting unit which extracts second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication; a judging unit which judges whether the second communication between the server and the at least one client is feasible based on the first information and the second information, before establishment of the second communication; a command sending unit which sends, to the at least one client via the first communication, a command to send a request for establishing the second communication when the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information, before establishment of the second communication; and a first-communication maintaining unit which maintains the first communication unless the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information, wherein each of the at least one client comprises a client-side processor configured to control; an information sending unit which sends the first information to the information receiving unit via the first communication; a command receiving unit which receives the command sent by the command sending unit; and a request sending unit which sends, to the server, the request for establishing the second communication in response to the command received by the command receiving unit, wherein the first information comprises issuer information of a client certificate stored in the at least one client, the issuer information representing an issuer of the client certificate who has given a digital signature, wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate, wherein the judging unit is configured to judge whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, and wherein the command sending unit is configured to send, to the at least one client, with the server, the command to instruct to send the request for establishing the second communication when the judging unit judges that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A server usable in a communication system configured to establish, between the server and at least one client, a first communication based on a first protocol and a second communication based on a second protocol with higher security than the first protocol, the server comprising a server-side processor configured to control:
-
an information receiving unit which receives first information for judging feasibility of the second communication from the at least one client via the first communication based on the first protocol, before establishment of the second communication; an information extracting unit which extracts second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication; a judging unit which judges whether the second communication between the server and the at least one client is feasible based on the first information and the second information, before establishment of the second communication; a command sending unit configured to send, to the at least one client via the first communication, a command to send a request for establishing the second communication when the judging unit judges that the first information is identical to the second information based on the received first information and the extracted second information, before establishment of the second communication; and a first-communication maintaining unit which maintains the first communication unless the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information, wherein the first information comprises issuer information of a client certificate stored in the at least one client, the issuer information representing an issuer of the client certificate who has given a digital signature, wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate, wherein the judging unit is configured to judge whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, and wherein the command sending unit is configured to send, to the at least one client via the first communication, the command to send the request for establishing the second communication when the judging unit judges that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer usable medium comprising computer readable instructions stored thereon that cause a server to establish a first communication with at least one external device based on a first protocol and a second communication with the at least one external device based on a second protocol with higher security than the first protocol, wherein the computer readable instructions cause the server to perform steps of:
-
receiving first information for judging feasibility of the second communication from the at least one external device via the first communication based on the first protocol, before establishment of the second communication; extracting second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication; judging whether the second communication between the server and the at least one external device is feasible based on the first information and the second information, before establishment of the second communication; sending, to the at least one external device via the first communication, a command to send a request for establishing the second communication when it is judged that the second communication between the server and the at least one external device is feasible based on the received first information and the extracted second information, before establishment of the second communication, and maintaining the first communication unless the judging unit judges that the second communication between the server and the at least one external device is feasible based on the received first information and the extracted second information, wherein the first information comprises issuer information of a client certificate stored in the at least one external device, the issuer information representing an issuer of the client certificate who has given a digital signature, wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate, wherein the judging step comprises a step of judging whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, and wherein the sending step comprises a step of sending, to the at least one external device, with the server, the command to instruct to send the request for establishing the second communication when it is judged that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate. - View Dependent Claims (14, 15, 16, 17)
-
Specification