Communication system for establishing higher security communication and server and computer readable medium therefor

US 8,005,969 B2
Filed: 09/24/2007
Issued: 08/23/2011
Est. Priority Date: 09/29/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A communication system, comprising a server and at least one client, the communication system being configured to establish, between the server and the at least one client, a first communication based on a first protocol and a second communication based on a second protocol with higher security than the first protocol,wherein the server comprises a server-side processor configured to control:

an information receiving unit which receives first information for judging feasibility of the second communication from the at least one client via the first communication based on the first protocol, before establishment of the second communication;

an information extracting unit which extracts second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication;

a judging unit which judges whether the second communication between the server and the at least one client is feasible based on the first information and the second information, before establishment of the second communication;

a command sending unit which sends, to the at least one client via the first communication, a command to send a request for establishing the second communication when the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information, before establishment of the second communication; and

a first-communication maintaining unit which maintains the first communication unless the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information,wherein each of the at least one client comprises a client-side processor configured to control;

an information sending unit which sends the first information to the information receiving unit via the first communication;

a command receiving unit which receives the command sent by the command sending unit; and

a request sending unit which sends, to the server, the request for establishing the second communication in response to the command received by the command receiving unit,wherein the first information comprises issuer information of a client certificate stored in the at least one client, the issuer information representing an issuer of the client certificate who has given a digital signature,wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate,wherein the judging unit is configured to judge whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, andwherein the command sending unit is configured to send, to the at least one client, with the server, the command to instruct to send the request for establishing the second communication when the judging unit judges that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system includes a server and at least one client. The server includes a first communication unit that performs first communication with each client based on a first protocol, a second communication unit that performs second communication with each client based on a second protocol, an information receiving unit that receives first information with the first communication unit, an information extracting unit that extracts second information, a judging unit that judges whether the second communication is feasible based on the first and second information, and a command sending unit that sends a command for issuing a request for establishing the second communication when the second communication is feasible. Each client includes an information sending unit that sends the first information, a command receiving unit that receives the command, and a request sending unit that issues the request to the first communication unit in response to the command.

Citations

17 Claims

1. A communication system, comprising a server and at least one client, the communication system being configured to establish, between the server and the at least one client, a first communication based on a first protocol and a second communication based on a second protocol with higher security than the first protocol,wherein the server comprises a server-side processor configured to control:
- an information receiving unit which receives first information for judging feasibility of the second communication from the at least one client via the first communication based on the first protocol, before establishment of the second communication;
  
  an information extracting unit which extracts second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication;
  
  a judging unit which judges whether the second communication between the server and the at least one client is feasible based on the first information and the second information, before establishment of the second communication;
  
  a command sending unit which sends, to the at least one client via the first communication, a command to send a request for establishing the second communication when the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information, before establishment of the second communication; and
  
  a first-communication maintaining unit which maintains the first communication unless the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information,wherein each of the at least one client comprises a client-side processor configured to control;
  
  an information sending unit which sends the first information to the information receiving unit via the first communication;
  
  a command receiving unit which receives the command sent by the command sending unit; and
  
  a request sending unit which sends, to the server, the request for establishing the second communication in response to the command received by the command receiving unit,wherein the first information comprises issuer information of a client certificate stored in the at least one client, the issuer information representing an issuer of the client certificate who has given a digital signature,wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate,wherein the judging unit is configured to judge whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, andwherein the command sending unit is configured to send, to the at least one client, with the server, the command to instruct to send the request for establishing the second communication when the judging unit judges that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The communication system according to claim 1,wherein the server further comprises:
    - a determining unit configured to determine whether the request for establishing the second communication that is received from the at least one client is a specified one that needs high-security communication unless the judging unit judges that the second communication between the server and the at least one client is feasible; and
      
      a control unit configured to prohibit the first communication based on the first protocol using the server when the determining unit determines that the request received from the at least one client is a specified one that needs high-security communication.
  - 3. The communication system according to claim 2,wherein the control unit maintains the first communication based on the first protocol using the server unless the determining unit determines that the request received from the at least one client is a specified one that needs high-security communication.
  - 4. The communication system according to claim 3,wherein the server further comprises a printing unit,wherein the determining unit determines whether the request received from the at least one client is a request for printing unless determining that the request is a specified one that needs high-security communication, andwherein the control unit controls the printing unit to perform a printing operation through the first communication based on the first protocol when the determining unit determines that the request is a request for printing.
  - 5. The communication system according to claim 2,wherein the determining unit is configured to determine whether a request received from the at least one client is a request for one of registration and change of a password unless the judging unit judges that the second communication between the server and the at least one client is feasible, andwherein the control unit is configured to prohibit the first communication based on the first protocol using the server when the determining unit determines that the request received from the at least one client is a request for one of registration and change of a password.
  - 6. The communication system according to claim 1,wherein the first information comprises a plurality of pieces of information for judging feasibility of the second communication, andwherein the judging unit judges whether the second communication between the server and the at least one client is feasible based on at least one of the plurality of pieces of information of the first information and second information.

7. A server usable in a communication system configured to establish, between the server and at least one client, a first communication based on a first protocol and a second communication based on a second protocol with higher security than the first protocol, the server comprising a server-side processor configured to control:
- an information receiving unit which receives first information for judging feasibility of the second communication from the at least one client via the first communication based on the first protocol, before establishment of the second communication;
  
  an information extracting unit which extracts second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication;
  
  a judging unit which judges whether the second communication between the server and the at least one client is feasible based on the first information and the second information, before establishment of the second communication;
  
  a command sending unit configured to send, to the at least one client via the first communication, a command to send a request for establishing the second communication when the judging unit judges that the first information is identical to the second information based on the received first information and the extracted second information, before establishment of the second communication; and
  
  a first-communication maintaining unit which maintains the first communication unless the judging unit judges that the second communication between the server and the at least one client is feasible based on the received first information and the extracted second information,wherein the first information comprises issuer information of a client certificate stored in the at least one client, the issuer information representing an issuer of the client certificate who has given a digital signature,wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate,wherein the judging unit is configured to judge whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, andwherein the command sending unit is configured to send, to the at least one client via the first communication, the command to send the request for establishing the second communication when the judging unit judges that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The server according to claim 7, further comprising:
    - a determining unit configured to determine whether the request for establishing the second communication that is received from the at least one client is a specified one that needs high-security communication unless the judging unit judges that the second communication between the server and the at least one client is feasible; and
      
      a control unit configured to prohibit the first communication based on the first protocol using the server when the determining unit determines that the request received from the at least one client is a specified one that needs high-security communication.
  - 9. The server according to claim 8,wherein the control unit maintains the first communication based on the first protocol using the server unless the determining unit determines that the request received from the at least one client is a specified one that needs high-security communication.
  - 10. The server according to claim 9,wherein the server further comprises a printing unit,wherein the determining unit determines whether the request received from the at least one client is a request for printing unless determining that the request is a specified one that needs high-security communication, andwherein the control unit controls the printing unit to perform a printing operation through the first communication based on the first protocol when the determining unit determines that the request is a request for printing.
  - 11. The server according to claim 8,wherein the determining unit is configured to determine whether a request received from the at least one client is a request for one of registration and change of a password unless the judging unit judges that the second communication between the server and the at least one client is feasible, andwherein the control unit is configured to prohibit the first communication based on the first protocol using the server when the determining unit determines that the request received from the at least one client is a request for one of registration and change of a password.
  - 12. The server according to claim 7,wherein the first information comprises a plurality of pieces of information for judging feasibility of the second communication, andwherein the judging unit judges whether the second communication between the server and the at least one client is feasible based on at least one of the plurality of pieces of information of the first information and second information.

13. A non-transitory computer usable medium comprising computer readable instructions stored thereon that cause a server to establish a first communication with at least one external device based on a first protocol and a second communication with the at least one external device based on a second protocol with higher security than the first protocol, wherein the computer readable instructions cause the server to perform steps of:
- receiving first information for judging feasibility of the second communication from the at least one external device via the first communication based on the first protocol, before establishment of the second communication;
  
  extracting second information for judging the feasibility of the second communication from information stored in the server, before establishment of the second communication;
  
  judging whether the second communication between the server and the at least one external device is feasible based on the first information and the second information, before establishment of the second communication;
  
  sending, to the at least one external device via the first communication, a command to send a request for establishing the second communication when it is judged that the second communication between the server and the at least one external device is feasible based on the received first information and the extracted second information, before establishment of the second communication, andmaintaining the first communication unless the judging unit judges that the second communication between the server and the at least one external device is feasible based on the received first information and the extracted second information,wherein the first information comprises issuer information of a client certificate stored in the at least one external device, the issuer information representing an issuer of the client certificate who has given a digital signature,wherein the second information comprises subject information of a CA (Certificate Authority) certificate, stored in the server, for verifying the client certificate, the subject information representing an owner of the CA certificate,wherein the judging step comprises a step of judging whether the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate, andwherein the sending step comprises a step of sending, to the at least one external device, with the server, the command to instruct to send the request for establishing the second communication when it is judged that the issuer information of the client certificate is identical to the subject information of the CA certificate for verifying the client certificate.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer usable medium according to claim 13,wherein the computer readable instructions cause the server to perform further steps of:
    - determining whether the request for establishing the second communication that is received from the at least one external device is a specified one that needs high-security communication unless it is judged that the second communication between the server and the at least one external device is feasible; and
      
      prohibiting the first communication based on the first protocol using the server when it is determined that the request received from the at least one external device is a specified one that needs high-security communication.
  - 15. The non-transitory computer usable medium according to claim 14,wherein the computer readable instructions cause the server to perform a further step of maintaining the first communication based on the first protocol using the server unless it is determined in the determining step that the request received from the at least one external device is a specified one that needs high-security communication.
  - 16. The non-transitory computer usable medium according to claim 15,wherein the determining step comprises a step of determining whether the request received from the at least one external device is a request for printing unless it is determined that the request is a specified one that needs high-security communication, andwherein the computer readable instructions cause the server to perform a further step of performing a printing operation through the first communication based on the first protocol when it is determined in the determining step that the request is a request for printing.
  - 17. The non-transitory computer usable medium according to claim 14,wherein the determining step comprises a step of determining whether a request received from the at least one external device is a request for one of registration and change of a password unless it is judged that the second communication between the server and the at least one external device is feasible, andwherein the prohibiting step comprises a step of prohibiting the first communication based on the first protocol using the server when it is determined that the request received from the at least one external device is a request for one of registration and change of a password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Brother Kogyo Kabushiki Kaisha (Brother Industries Limited)
Original Assignee
Brother Kogyo Kabushiki Kaisha (Brother Industries Limited)
Inventors
Otsuka, Naoki, Miyazawa, Masafumi, Ohara, Kiyotaka
Primary Examiner(s)
Strange; Aaron
Assistant Examiner(s)
Casaw; Tobias J

Application Number

US11/860,390
Publication Number

US 20080082677A1
Time in Patent Office

1,429 Days
Field of Search

709/229
US Class Current

709/229
CPC Class Codes

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04N 1/00464   using browsers, i.e. interf...

H04N 2201/0094   Multifunctional device, i.e...

Communication system for establishing higher security communication and server and computer readable medium therefor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Communication system for establishing higher security communication and server and computer readable medium therefor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links