Method for encrypted communication with a computer system and system therefor

US 8,019,996 B2
Filed: 10/10/2007
Issued: 09/13/2011
Est. Priority Date: 10/10/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A communication system, comprising:

a plurality of computer boards connected to an intra-organization network;

a terminal device that connects to an external network to access the plurality of computer boards; and

a management server that manages the plurality of computer boards and the terminal device and retains a computer board use status table for managing use status of the plurality of computer boards, and assigns a virtual computer board ID to at least one of the plurality of computer boards in the computer board use status table;

wherein;

the terminal device and the management server execute a terminal device-to-management server encrypted communication path establishment step that performs mutual authentication and establishes an encrypted communication path therebetween;

the management server executes a computer board allocation step that selects any one of the plurality of computer boards as a connection destination computer board, and instructs activation of the selected connection destination computer board;

the activated connection destination computer board executes a computer board-to-management server encrypted communication path establishment step that performs authentication with the management server and establishes an encrypted communication path therebetween; and

the terminal device executes a terminal device-to-computer board encrypted communication path establishment step that establishes via the management server an encrypted communication path between the terminal device and the activated connection destination computer board, which does not pass the management server, wherein;

in the computer board allocation step, the terminal device transmits a request for connection to a virtual computer board, which designates, as a connection destination, any of virtual computer board IDs included in the computer board use status table, to the management server;

the management server selects, as the connection destination computer board, one of the plurality of computer boards that corresponds to the virtual computer board ID designated by the request for connection and that is unused, by referring to the computer board use status table; and

in the terminal device-to-computer board encrypted communication path establishment step, the management server converts the virtual computer board ID designated by the request for connection received from the terminal device, into a computer board ID assigned to the activated connection destination computer board, and transmits the request for connection into which the converted computer board ID is incorporated, to the connection destination computer board.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.

Citations

8 Claims

1. A communication system, comprising:
- a plurality of computer boards connected to an intra-organization network;
  
  a terminal device that connects to an external network to access the plurality of computer boards; and
  
  a management server that manages the plurality of computer boards and the terminal device and retains a computer board use status table for managing use status of the plurality of computer boards, and assigns a virtual computer board ID to at least one of the plurality of computer boards in the computer board use status table;
  
  wherein;
  
  the terminal device and the management server execute a terminal device-to-management server encrypted communication path establishment step that performs mutual authentication and establishes an encrypted communication path therebetween;
  
  the management server executes a computer board allocation step that selects any one of the plurality of computer boards as a connection destination computer board, and instructs activation of the selected connection destination computer board;
  
  the activated connection destination computer board executes a computer board-to-management server encrypted communication path establishment step that performs authentication with the management server and establishes an encrypted communication path therebetween; and
  
  the terminal device executes a terminal device-to-computer board encrypted communication path establishment step that establishes via the management server an encrypted communication path between the terminal device and the activated connection destination computer board, which does not pass the management server, wherein;
  
  in the computer board allocation step, the terminal device transmits a request for connection to a virtual computer board, which designates, as a connection destination, any of virtual computer board IDs included in the computer board use status table, to the management server;
  
  the management server selects, as the connection destination computer board, one of the plurality of computer boards that corresponds to the virtual computer board ID designated by the request for connection and that is unused, by referring to the computer board use status table; and
  
  in the terminal device-to-computer board encrypted communication path establishment step, the management server converts the virtual computer board ID designated by the request for connection received from the terminal device, into a computer board ID assigned to the activated connection destination computer board, and transmits the request for connection into which the converted computer board ID is incorporated, to the connection destination computer board.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A communication system according to claim 1, wherein:
    - in the computer board allocation step, the management server refers to the computer board use status table to select one of the plurality of computer boards that is unused as the connection destination computer board; and
      
      in the terminal device-to-computer board encrypted communication path establishment;
      
      step;
      
      the terminal device transmits a request for connection to the selected connection destination computer board to the management server via the terminal device-to-management server encrypted communication path;
      
      the management server generates an encryption key that is to be used for the encrypted communication path established between the terminal device and the connection destination computer board;
      
      the management server transmits via the computer board-to-management server encrypted communication path the request for connection from the terminal device and the generated encryption key to the connection destination computer board;
      
      the connection destination computer board judges whether the terminal device can be connected thereto in response to the request for connection received from the management server, and transmits a result of the judgment to the management server via the computer board-to-management server encrypted communication path;
      
      the management server transmits the result of the judgment received from the connection destination computer board and, when the result of the judgment indicates that the terminal device can be connected to the connection destination computer board, the generated encryption key to the terminal device via the terminal device-to-management server encrypted communication path; and
      
      the terminal device establishes the terminal device-to-computer board encrypted communication path upon reception of the generated encryption key transmitted from the management server.
  - 3. A communication system according to claim 1, wherein, when the terminal device and the connection destination computer board terminate the terminal device-to-computer board encrypted communication path established:
    - the terminal device transmits a termination request for the terminal device-to-computer board encrypted communication path, into which computer board ID information of the connection destination computer board is incorporated, to the management server via the terminal device-to-management server encrypted communication path;
      
      the management server transmits the received termination request to the connection destination computer board via the computer board-to-management server encrypted communication path;
      
      the connection destination computer board transmits to the management server a termination response to the termination request received from the management server via the computer board-to-management server encrypted communication path;
      
      the management server transmits to the terminal device the termination response received from the connection destination computer board via the terminal device-to-management server encrypted communication path;
      
      the terminal device and the connection destination computer board execute a terminal device-to-computer board encrypted communication path termination step that, by discarding the encryption key, terminates the terminal device-to-computer board encrypted communication path;
      
      the management server gives a power-off instruction to the connection destination computer board after the terminal device-to-computer board encrypted communication path is terminated; and
      
      the connection destination computer board executes, upon reception of the instruction from the management server, a computer board power-off step that cuts off power supply of the connection destination computer board.
  - 4. A communication system according to claim 3, further comprising a storage device that stores data read by the plurality of computer boards, wherein, in the computer board allocation step,the management server instructs the selected connection destination computer board to turn on power and read information necessary for the terminal device from the storage device, as the instruction of the activation;
    - andthe connection destination computer board turns on power and reads the information necessary for the terminal device, from the storage device in the activation instructed by the management server.
  - 5. A communication system according to claim 4, wherein the management server further instructs the connection destination computer board to rewrite the information to the storage device when the connection destination computer board executes the computer board power-off step.
  - 6. A communication system according to claim 1, wherein the computer board use status table retains:
    - the virtual computer board ID corresponding to at least one of the plurality of computer boards,computer board identification information that identifies a computer board corresponding to the virtual computer board ID,a use status that indicates whether the computer board is in use,user information that indicates, when the use status of the computer board is one of “
      
      in use” and
      
      “
      
      allocated”
      
      ,a user who is using the terminal device to which the computer board that is one of “
      
      in use” and
      
      “
      
      allocated”
      
      is allocated, anda read computer board ID indicating a computer board ID read by the allocated and activated computer board.
  - 7. A communication system according to claim 6, wherein, when the terminal device and the connection destination computer board terminate the terminal device-to-computer board encrypted communication path:
    - the terminal device transmits a termination request for the terminal device-to-computer board encrypted communication path, into which the virtual computer board ID information of the connection destination computer board is incorporated, to the management server via the terminal device-to-management server encrypted communication path;
      
      the management server specifies, as the connection destination computer board corresponding to the termination request, a computer board that corresponds to the virtual computer board ID and the read computer board ID regarding the terminal device, by referring to the computer board use status table;
      
      the management server transmits the termination request to the specified connection destination computer board corresponding to the virtual computer board ID via the computer board-to-management server encrypted communication path;
      
      the connection destination computer board transmits to the management server a termination response to the termination request received from the management server via the computer board-to-management server encrypted communication path;
      
      the management server transmits to the terminal device the termination response received from the connection destination computer board via the terminal device-to-management server encrypted communication path;
      
      the terminal device and the connection destination computer board execute a terminal device-to-computer board encrypted communication path termination step that, by discarding the generated encryption key, terminates the terminal device-to-computer board encrypted communication path;
      
      the management server gives a power-off instruction to the connection destination computer board after the terminal device-to-computer board encrypted communication path is terminated; and
      
      the connection destination computer board executes, upon reception of the instruction from the management server, a computer board power-off step that cuts off power supply of the connection destination computer board.
  - 8. A communication system according to claim 1, further comprising a validation server that verifies a certificate, wherein:
    - the management server requests the validation server to verify the certificate of at least one of the terminal device and the connection destination computer board, when performing authentication of the at least one of the terminal device and the connection destination computer board in at least one of the terminal device-to-management server encrypted communication path establishment step and the computer board-to-management server encrypted communication path establishment step;
      
      the validation server transmits a result of the validation of the certificate to the management server as a response; and
      
      the management server judges, when the result of the validation transmitted as a response from the validation server indicates success, that the authentication of the at least one of theterminal device and the connection destination computer board has succeeded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Hoshino, Kazuyoshi, Takata, Osamu, Hashimoto, Yoko, Fujishiro, Takahiro, Kaji, Tadashi
Primary Examiner(s)
Homayounmehr; Farid

Application Number

US11/907,260
Publication Number

US 20080098221A1
Time in Patent Office

1,434 Days
Field of Search

713168-169, 713155-159, 380/229, 705/67
US Class Current

713/169
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04L 67/1001   for accessing one among a p...

H04L 67/1006   with static server selectio...

H04L 67/1008   based on parameters of serv...

H04L 67/1029   using data related to the s...

Method for encrypted communication with a computer system and system therefor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method for encrypted communication with a computer system and system therefor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links