Authentication switch and network system

US 9,325,685 B2
Filed: 10/03/2013
Issued: 04/26/2016
Est. Priority Date: 02/04/2013
Status: Active Grant

First Claim

Patent Images

1. An authentication switch that is connected to a terminal, an authentication server which performs an authentication process, a first server that holds a first content associated with the authentication process of the authentication server, and a second server with which the terminal can communicate according to an authentication result of the authentication server through a network, and the authentication switch is disposed between the terminal and the first server, the second server, and the authentication server, the authentication switch comprising:

an interface to communicate with the terminal, the first server, the second server, and the authentication server through the network;

a processor; and

a memory which stores instructions that, when executed by the processor, cause the processor to implement;

a state monitoring unit that monitors a state of the first server;

a local web server that holds a second content associated with the authentication process of the authentication server;

a redirect notifying unit that makes a redirect notification including a redirect destination to the terminal on the basis of an access status from the terminal and the state of the first server when receiving an access request to the second server from the terminal, such that when the access status indicates that the terminal is not authenticated, the redirect notifying unit makes the redirect notification including a URL of the first server as the redirect destination when the state of the first server indicates the first server is operating, and makes the redirect notification including a URL of the local web server when the state of the first server indicates the first server has failed;

an authentication unit that stores the access status and updates, when the state of the first server indicates the first server is operating, the access status of the terminal on the basis of an authentication result from the authentication server based on data associated with the first content, which is supplied to the terminal in response to a request from the terminal according to the redirect destination, and updates, when the state of the first server indicates the first server has failed, the access status of the terminal on the basis of the authentication result from the authentication server based on data associated with the second content, which is supplied to the terminal in response to a request from the terminal according to the redirect destination; and

a relay processing unit that relays a communication from the terminal to the second server according to the information included in the access request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication switch monitors a failure of an external server, and redirect information to a Web server that holds authentication information registration screen data is provided to a terminal using a monitoring result. A life-and-death monitoring control unit for monitoring life and death of an external Web server is disposed within an authentication switch to monitor the life and death of the external Web server. An authentication processing unit within the authentication switch switches the redirect information on the basis of a life-and-death monitoring table of the external Web server provided in the life-and-death monitoring control unit in response to an authentication request from the terminal, and enables web authentication even when the external Web server is in failure.

8 Citations

View as Search Results

8 Claims

1. An authentication switch that is connected to a terminal, an authentication server which performs an authentication process, a first server that holds a first content associated with the authentication process of the authentication server, and a second server with which the terminal can communicate according to an authentication result of the authentication server through a network, and the authentication switch is disposed between the terminal and the first server, the second server, and the authentication server, the authentication switch comprising:
- an interface to communicate with the terminal, the first server, the second server, and the authentication server through the network;
  
  a processor; and
  
  a memory which stores instructions that, when executed by the processor, cause the processor to implement;
  
  a state monitoring unit that monitors a state of the first server;
  
  a local web server that holds a second content associated with the authentication process of the authentication server;
  
  a redirect notifying unit that makes a redirect notification including a redirect destination to the terminal on the basis of an access status from the terminal and the state of the first server when receiving an access request to the second server from the terminal, such that when the access status indicates that the terminal is not authenticated, the redirect notifying unit makes the redirect notification including a URL of the first server as the redirect destination when the state of the first server indicates the first server is operating, and makes the redirect notification including a URL of the local web server when the state of the first server indicates the first server has failed;
  
  an authentication unit that stores the access status and updates, when the state of the first server indicates the first server is operating, the access status of the terminal on the basis of an authentication result from the authentication server based on data associated with the first content, which is supplied to the terminal in response to a request from the terminal according to the redirect destination, and updates, when the state of the first server indicates the first server has failed, the access status of the terminal on the basis of the authentication result from the authentication server based on data associated with the second content, which is supplied to the terminal in response to a request from the terminal according to the redirect destination; and
  
  a relay processing unit that relays a communication from the terminal to the second server according to the information included in the access request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The authentication switch according to claim 1,wherein the redirect notification unit determines the redirect destination from among the first server, a plurality of additional first servers that hold the first content, and the local web server.
  - 3. The authentication switch according to claim 1,wherein the redirect notification unit determines the redirect destination according to terminal and connection information, or the type of a given site of a network accessed from the terminal.
  - 4. The authentication switch according to claim 1,wherein interface receives communications from the terminal according to http protocol, and the authentication process is a Web authenticating process conducted based on the access request to the second server from the terminal.
  - 5. The authentication switch according to claim 1,wherein a first content and the second content login screens for conducting the authentication process.
  - 6. The authentication switch according to claim 1wherein the first content is larger in size than the second content.

7. An authentication processing method in an authentication switch that is connected to an authentication server which performs an authentication process, a first server that holds a first content associated with the authentication process of the authentication server, and a second server with which the terminal can communicate according to an authentication result of the authentication server through a network,the authentication switch is disposed between the terminal and the first server, the second server, and the authentication server, andthe authentication switch includes a local web server that holds a second content associated with the authentication process of the authentication server,the authentication processing method comprising:
- monitoring a state of the first server;
  
  storing an access status of the terminal;
  
  when receiving an access request to the second server from the terminal, the access status indicates that the terminal is not authenticated, and the state of the first server indicates the first server is operating, transmitting a redirect notification including a URL of the first server as a redirect destination to the terminal;
  
  when receiving the access request to the second server from the terminal, the access status indicates that the terminal is not authenticated, and the state of the first server indicates the first server has failed, transmitting the redirect notification including a URL of the local web server as the redirect destination to the terminalupdating, when the state of the first server indicates the first server is operating, the access status of the terminal on the basis of an authentication result from the authentication server based on data associated with the first content, which is supplied to the terminal in response to a request from the terminal according to the redirect notification;
  
  updating, when the state of the first server indicates the first server has failed, the access status of the terminal on the basis of the authentication result from the authentication server based on data associated with the second content, which is supplied to the terminal in response to the request from the terminal according to the redirect notification; and
  
  relaying a communication from the terminal to the second server according to the access request.

8. A network system, comprising:
- a terminal;
  
  an authentication server which performs an authentication process;
  
  a first server that holds a first content associated with data to be transmitted to the authentication server;
  
  a second server with which the terminal communicates according to an authentication result of the authentication server; and
  
  an authentication switch that is connected to the terminal, the first server, the second server, and the authentication server through a network, and the authentication switch is disposed between the terminal and the first server, the second server, and the authentication serverwherein the authentication switch includes;
  
  an interface to communicate with the terminal, the first server, the second server, and the authentication server through the network;
  
  a processor; and
  
  a memory which stores instructions that, when executed by the processor, cause the processor to implement;
  
  a state monitoring unit that monitors a state of the first server;
  
  a local web server that holds a second content associated with the authentication process of the authentication server;
  
  a redirect notifying unit that makes a redirect notification including a redirect destination to the terminal on the basis of an access status from the terminal and the state of the first server when receiving an access request to the second server from the terminal, such that when the access status indicates that the terminal is not authenticated, the redirect notifying unit makes the redirect notification including a URL of the first server as the redirect destination when the state of the first server indicates the first server is operating, and makes the redirect notification including a URL of the local web server when the state of the first server indicates the first server has failed;
  
  an authentication unit that stores the access status and updates, when the state of the first server indicates the first server is operating, the access status of the terminal on the basis of an authentication result from the authentication server based on data associated with the first content, which is supplied to the terminal in response to a request from the terminal according to the redirect destination, and updates, when the state of the first server indicates the first server has failed, the access status of the terminal on the basis of the authentication result from the authentication server based on data associated with the second content, which is supplied to the terminal in response to a request from the terminal according to the redirect destination; and
  
  a relay processing unit that relays a communication from the terminal to the second server according to the information included in the access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alaxala Networks Corporation (Fortinet Inc.)
Original Assignee
Alaxala Networks Corporation (Fortinet Inc.)
Inventors
Higuchi, Hidemitsu, Nomi, Motohide, Yamamoto, Yasunori
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Korsak, Oleg

Application Number

US14/045,560
Publication Number

US 20140223511A1
Time in Patent Office

936 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 67/563   Data redirection of data ne...

Authentication switch and network system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication switch and network system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links