Access server and connection restriction method
First Claim
1. An access server in a network system including an authentication server, a first server or a first communication apparatus to perform a first access restriction or not to perform the access restriction to an access from a user terminal to a site, a second server or a second communication apparatus to perform a second access restriction which is different from the first access restriction to the access from the user terminal to the site, and the access server, the access server comprising:
- a plurality of ports for connection with the user terminal, the authentication server, the first server and/or the first communication apparatus, and the second server and/or the second communication apparatus;
a port conversion unit to change, according to time information which are set in advance in the authentication server and which are received from the authentication server when performing a user authentication with the authentication server, an output destination port of a packet from the user terminal to one of the port to which the first server or the first communication apparatus is connected and the port to which the second server or the second communication apparatus is connected;
a filtering unit to perform filtering on the port to which the user terminal is connected;
an authentication processing unit to perform a process for authentication of the user terminal by communicating with the authentication server; and
a memory to store port change setting information to indicate whether port change is performed for the user terminal, one or plural port change times for changing the output destination port of the packet, filtering setting information to indicate whether filtering is performed for the user terminal, a filtering start time and a filtering end time correspondingly to a user identifier,whereinthe authentication processing unit transmits an authentication request to the authentication server when an access is made from the user terminal, receives an authentication packet including an authentication result, the port change setting information, the port change time for changing the output destination port of the packet, the filtering setting information and a filtering time from the authentication server,the authentication processing unit stores the port change setting information, the port change time for changing the output destination port of the packet, the filtering setting information, the filtering start time and the filtering end time included in the authentication packet into the memory correspondingly to the user identifier,the port conversion unit refers to the memory, and in a case where the port change setting information is set to perform the port change on an arbitrary user identifier, when it becomes the corresponding port change time, the port conversion unit changes an output destination of a packet from the user terminal of the user identifier, andthe filtering unit refers to the memory, and in a case where the filtering setting information for an arbitrary user identifier is set to perform the filtering, when it becomes the corresponding filtering start time, the filtering unit performs the filtering on the port to which the user identifier is connected.
2 Assignments
0 Petitions
Accused Products
Abstract
The access server receives an authentication packet including an authentication result, a port change setting information, a port change time, a filtering setting information and a filtering time from the authentication server. The access server stores the respective information in the authentication packet into a memory. The access server refers to the memory, and in the case where the port change setting information on an arbitrary user identifier is set to perform port change, when it becomes the port change time, the access server changes the output destination of a packet from a user terminal to, for example, a proxy server B from a proxy server A. Besides, in the case where the filtering setting information on an arbitrary user identifier is set to perform filtering, when it becomes the filtering start time, the access server performs filtering on the port to which the user terminal is connected.
-
Citations
16 Claims
-
1. An access server in a network system including an authentication server, a first server or a first communication apparatus to perform a first access restriction or not to perform the access restriction to an access from a user terminal to a site, a second server or a second communication apparatus to perform a second access restriction which is different from the first access restriction to the access from the user terminal to the site, and the access server, the access server comprising:
-
a plurality of ports for connection with the user terminal, the authentication server, the first server and/or the first communication apparatus, and the second server and/or the second communication apparatus; a port conversion unit to change, according to time information which are set in advance in the authentication server and which are received from the authentication server when performing a user authentication with the authentication server, an output destination port of a packet from the user terminal to one of the port to which the first server or the first communication apparatus is connected and the port to which the second server or the second communication apparatus is connected; a filtering unit to perform filtering on the port to which the user terminal is connected; an authentication processing unit to perform a process for authentication of the user terminal by communicating with the authentication server; and a memory to store port change setting information to indicate whether port change is performed for the user terminal, one or plural port change times for changing the output destination port of the packet, filtering setting information to indicate whether filtering is performed for the user terminal, a filtering start time and a filtering end time correspondingly to a user identifier, wherein the authentication processing unit transmits an authentication request to the authentication server when an access is made from the user terminal, receives an authentication packet including an authentication result, the port change setting information, the port change time for changing the output destination port of the packet, the filtering setting information and a filtering time from the authentication server, the authentication processing unit stores the port change setting information, the port change time for changing the output destination port of the packet, the filtering setting information, the filtering start time and the filtering end time included in the authentication packet into the memory correspondingly to the user identifier, the port conversion unit refers to the memory, and in a case where the port change setting information is set to perform the port change on an arbitrary user identifier, when it becomes the corresponding port change time, the port conversion unit changes an output destination of a packet from the user terminal of the user identifier, and the filtering unit refers to the memory, and in a case where the filtering setting information for an arbitrary user identifier is set to perform the filtering, when it becomes the corresponding filtering start time, the filtering unit performs the filtering on the port to which the user identifier is connected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A connection restriction method in a network system including an authentication server, a first server or a first communication apparatus to perform a first access restriction or not to perform the access restriction to an access from a user terminal to a site, a second server or a second communication apparatus to perform a second access restriction which is different from the first access restriction to an access from the user terminal to the site, and an access server, the connection restriction method comprising:
-
transmitting, by the access server, an authentication request to the authentication server when the access is performed from the user terminal; receiving, from the authentication server, an authentication packet including an authentication result, a port change setting information to indicate whether port change is performed for the user terminal, one or plural port change times for changing the output destination port of the packet, a filtering setting information to indicate whether filtering is performed for the user terminal, a filtering start time and a filtering end time; storing, correspondingly to a user identifier, the port change setting information, the port change time for changing the output destination port of the packet, the filtering setting information, the filtering start time and the filtering end time included in the authentication packet into a memory; referring to the memory to change, in a case where the port change setting information on an arbitrary user identifier is set to perform the port change and when it becomes the corresponding port change time, an output destination of a packet from the user terminal of the user identifier to one of a port to which the first server or the first communication apparatus is connected and a port to which the second server or the second communication apparatus is connected; and performing, in a case where the filtering setting information on an arbitrary user identifier is set to perform the filtering and when it becomes the corresponding filtering start time, the filtering on the port to which the user identifier is connected. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification