Method for encrypted communication with a computer system and system therefor
First Claim
1. A communication system, comprising:
- a plurality of computer boards connected to an intra-organization network;
a terminal device that connects to an external network to access the plurality of computer boards; and
a management server that manages the plurality of computer boards and the terminal device and retains a computer board use status table for managing use status of the plurality of computer boards, and assigns a virtual computer board ID to at least one of the plurality of computer boards in the computer board use status table;
wherein;
the terminal device and the management server execute a terminal device-to-management server encrypted communication path establishment step that performs mutual authentication and establishes an encrypted communication path therebetween;
the management server executes a computer board allocation step that selects any one of the plurality of computer boards as a connection destination computer board, and instructs activation of the selected connection destination computer board;
the activated connection destination computer board executes a computer board-to-management server encrypted communication path establishment step that performs authentication with the management server and establishes an encrypted communication path therebetween; and
the terminal device executes a terminal device-to-computer board encrypted communication path establishment step that establishes via the management server an encrypted communication path between the terminal device and the activated connection destination computer board, which does not pass the management server, wherein;
in the computer board allocation step, the terminal device transmits a request for connection to a virtual computer board, which designates, as a connection destination, any of virtual computer board IDs included in the computer board use status table, to the management server;
the management server selects, as the connection destination computer board, one of the plurality of computer boards that corresponds to the virtual computer board ID designated by the request for connection and that is unused, by referring to the computer board use status table; and
in the terminal device-to-computer board encrypted communication path establishment step, the management server converts the virtual computer board ID designated by the request for connection received from the terminal device, into a computer board ID assigned to the activated connection destination computer board, and transmits the request for connection into which the converted computer board ID is incorporated, to the connection destination computer board.
1 Assignment
0 Petitions
Accused Products
Abstract
To solve problems in that a load on a VPN device is large in a case where the number of terminal devices increases in encrypted communication using a VPN technique, and that only communication between the terminal device and the VPN device is encrypted, thus disabling end-to-end encrypted communication, a communication system is provided, including: a terminal device; a plurality of blades; and a management server that manages the blades, in which: the management server selects a blade, authenticates the terminal device and the selected blade, and mediates encrypted communication path establishment between the terminal device and the selected blade; the terminal device and the blade perform encrypted communication without the mediation of the management server; and the management server requests a validation server to authenticate each terminal.
-
Citations
8 Claims
-
1. A communication system, comprising:
-
a plurality of computer boards connected to an intra-organization network; a terminal device that connects to an external network to access the plurality of computer boards; and a management server that manages the plurality of computer boards and the terminal device and retains a computer board use status table for managing use status of the plurality of computer boards, and assigns a virtual computer board ID to at least one of the plurality of computer boards in the computer board use status table;
wherein;the terminal device and the management server execute a terminal device-to-management server encrypted communication path establishment step that performs mutual authentication and establishes an encrypted communication path therebetween; the management server executes a computer board allocation step that selects any one of the plurality of computer boards as a connection destination computer board, and instructs activation of the selected connection destination computer board; the activated connection destination computer board executes a computer board-to-management server encrypted communication path establishment step that performs authentication with the management server and establishes an encrypted communication path therebetween; and the terminal device executes a terminal device-to-computer board encrypted communication path establishment step that establishes via the management server an encrypted communication path between the terminal device and the activated connection destination computer board, which does not pass the management server, wherein; in the computer board allocation step, the terminal device transmits a request for connection to a virtual computer board, which designates, as a connection destination, any of virtual computer board IDs included in the computer board use status table, to the management server; the management server selects, as the connection destination computer board, one of the plurality of computer boards that corresponds to the virtual computer board ID designated by the request for connection and that is unused, by referring to the computer board use status table; and in the terminal device-to-computer board encrypted communication path establishment step, the management server converts the virtual computer board ID designated by the request for connection received from the terminal device, into a computer board ID assigned to the activated connection destination computer board, and transmits the request for connection into which the converted computer board ID is incorporated, to the connection destination computer board. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification