SYSTEM FOR PERFORMING REMOTE OPERATION BETWEEN FIREWALL-EQUIPPED NETWORKS OR DEVICES

US 20020004847A1
Filed: 02/08/1999
Published: 01/10/2002
Est. Priority Date: 05/19/1995
Status: Active Grant

First Claim

Patent Images

1. A system which is provided with a servicing unit connected to a first internal network in which a first firewall is installed for an external network and a serviced unit connected to a second internal network in which a second firewall is installed for said external network, wherein said servicing unit performs a remote operation on said serviced unit through said external network, said serviced unit comprising:

packet communications means for transmitting an identifier specifying the address of said servicing unit connected to said first internal network, setting up a connection with said servicing unit via said second firewall and said first firewall, and transmitting packets to or from said servicing unit over said connection; and

remote operation execution means for fetching remote operation directive information from packets received by said packet communications means and performing a remote operation on said serviced unit as indicated by said remote operation directive information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A remote operation system is disclosed which is used with a network environment in which a unit that provides remote operation services through networks and a unit that receives the services are each safeguarded by a firewall (or “each equipped with a firewall for”) from an external network. The remote operation service receiving unit sets up a connection A with the firewall installed on the remote operation service providing unit side and transmits security check information to that firewall. The firewall checks this security check information and then sets up a connection B with the remote operation service providing unit via its associated internal network when it is determined that the security check information has been sent from a contract user unit. Thereby, information used for remote operation can be transmitted between the two units over a logical path composed of the connections A and B.

38 Citations

32 Claims

1. A system which is provided with a servicing unit connected to a first internal network in which a first firewall is installed for an external network and a serviced unit connected to a second internal network in which a second firewall is installed for said external network, wherein said servicing unit performs a remote operation on said serviced unit through said external network, said serviced unit comprising:
- packet communications means for transmitting an identifier specifying the address of said servicing unit connected to said first internal network, setting up a connection with said servicing unit via said second firewall and said first firewall, and transmitting packets to or from said servicing unit over said connection; and
  
  remote operation execution means for fetching remote operation directive information from packets received by said packet communications means and performing a remote operation on said serviced unit as indicated by said remote operation directive information.

2. A system which is provided with a servicing unit connected to a first internal network in which a first firewall is installed for an external network and a serviced unit connected to a second internal network in which a second firewall is installed for said external network, wherein said servicing unit performs a remote operation on said serviced unit through said external network, said serviced unit comprising:
- packet communications means for setting up a connection with said first firewall via said second firewall and transmitting packets to or from said first firewall over said connection; and
  
  security check means for checking remote operation directive information contained in packets received by said packet communications means for validity;
  
  remote operation execution means for performing a remote operation on said serviced unit as indicated by said remote operation directive information which has been validated by said security check means; and
  
  execution result return means for returning the result of execution of said remote operation by said remote operation execution means to said first firewall through said packet communications means.

3. A system which is provided with a servicing unit connected to a first internal network in which a first firewall is installed for the Internet and a serviced unit connected to a second internal network in which a second firewall is installed for the Internet, wherein said servicing unit performs a remote operation on said serviced unit through said Internet, said serviced unit comprising:
- packet communications means for transmitting an identifier specifying the address of said servicing unit connected to said first internal network, setting up a connection with said servicing unit via said second firewall and said first firewall, and transmitting packets to or from said servicing unit over said connection; and
  
  remote operation execution means for fetching remote operation directive information from packets received by said packet communications means and performing a remote operation on said serviced unit as indicated by said remote operation directive information.

4. A system which is provided with a servicing unit connected to a first internal network in which a first firewall is installed for the Internet and a serviced unit connected to a second internal network in which a second firewall is installed for said Internet, wherein said servicing unit performs a remote operation on said serviced unit through said Internet, said serviced unit comprising:
- packet communications means for setting up a connection with said first firewall via said second firewall and transmitting packets to or from said first firewall over said connection; and
  
  security check means for checking remote operation directive information contained in packets received by said packet communications means for validity;
  
  remote operation execution means for performing a remote operation on said serviced unit as indicated by said remote operation directive information which has been validated by said security check means; and
  
  execution result return means for returning the result of execution of said remote operation by said remote operation execution means to said first firewall through said packet communications means.

5. A central unit which functions as a second firewall against access to a servicing unit via an external network by a serviced unit connected to a first internal network in which a first firewall is installed for said external network, comprising:
- first packet communications means for setting up a first connection with said serviced unit via said first firewall and said external network and transmitting packets to or from said serviced unit over said first connection;
  
  security check means for determining whether or not packets received by said packet communications means after said first connection has been set up are packets transmitted from a serviced unit of a contract user; and
  
  second packet communications means for, when the determination by said security check means is that said packets are packets from said serviced unit of a contract user, setting up a second connection with said servicing unit via a second internal network connected to said central unit and transmitting packets to or from said servicing unit connected to said second internal network over said second connection.
- View Dependent Claims (6, 7)
- - 6. The central unit according to claim 5, further comprising:
    - a database into which contract user validation information has been entered, and wherein said security check means checks received packets as to whether said received packets contain said user validation information in said database, thereby determining whether or not said received packets are packets from a contract user.
  - 7. The central unit according to claim 5, further comprising:
    - a database into which servicing unit identification information used to set up said second connection has been entered, and wherein said second packet communications means retrieves servicing unit identification information corresponding to identification information in packets received by said first packet communications means from said database and sets up said second connection using said servicing unit identification information.

8. A central unit which functions as a second firewall against access to a servicing unit via the Internet by a serviced unit connected to a first internal network in which a first firewall is installed for said Internet, comprising:
- first packet communication means for setting up a first connection with said serviced unit via said first firewall and said Internet and transmitting packets to or from said serviced unit over said first connection;
  
  security check means for determining whether or not packets received by said packet communications means after said first connection has been set up are packets transmitted from a serviced unit of a contract user; and
  
  second packet communications means for, when the determination by said security check means is that said packets are packets from said serviced unit of contract user, setting up a second connection with said servicing unit via a second internal network connected to said central unit and transmitting packets to or from said servicing unit connected to said second internal network over said second connection.
- View Dependent Claims (9, 10)
- - 9. The central unit according to claim 8, further comprising:
    - a database into which contract user validation information has been entered, and wherein said security check means checks received packets as to whether said received packets contain said user validation information entered in said database, thereby determining whether or not said received packets are packets from a contract user.
  - 10. The central unit according to claim 8, further comprising:
    - a database into which IP addresses of servicing units used to set up said second connection have been entered, and wherein said second packet communications means retrieves an IP address corresponding to service identification information in packets received by said first packet communications means from said database and sets up said second connection using said IP address.

11. A remote operation system which is provided with a serviced unit connected to a first internal network in which a first firewall is installed for an external network and a servicing unit connected to a second internal network in which a second firewall is installed for said external network for providing remote operation services to said serviced unit, said servicing unit comprising:
- packet communications means for setting up a connection with said second firewall and transmitting packets to or from said serviced unit over said connection; and
  
  remote operation execution means for producing packets containing a command to perform a remote operation on said serviced unit and transmitting said packets to said second firewall via said packet communications means.
- View Dependent Claims (12)
- - 12. The servicing unit according to claim 11, wherein said remote operation execution means sets up said command according to remote operation directive information contained in packets received by said packet communications means from said serviced unit.

13. A remote operation system which is provided with a serviced unit connected to a first internal network in which a first firewall is installed for the Internet and a servicing unit connected to a second internal network in which a second firewall is installed for said Internet for providing remote operation services to said serviced unit, said servicing unit comprising:
- packet communications means for setting up a connection with said second firewall and transmitting data containing packets to or from said serviced unit over said connection; and
  
  remote operation execution means for fetching remote operation directive information set up by said serviced unit from packets received by said packet communications means, producing packets containing a command to perform a remote operation indicated by said directive information and transmitting said packets to said second firewall.
- View Dependent Claims (14)
- - 14. The servicing unit according to claim 13, wherein said remote operation execution means fetches the result of execution of said remote operation specified by said serviced unit from packets received by said packet communications means and outputs said result of execution to outside.

15. A remote operation service system in which first and second internal networks are connected to an external network by first and second firewalls which are respectively installed in said first and second networks, and a servicing unit connected to said second internal network provides remote operation services to a serviced unit connected to said first internal network, said serviced unit including:
- means for setting up a first connection with said second firewall installed for said second internal network via said first internal network and said first firewall installed for said first internal network; and
  
  means for transmitting packets containing data for a remote operation to or from said servicing unit over said first connection, said second firewall including;
  
  means for, after said first connection has been set up with said serviced unit, setting up a second connection with said servicing unit via said second internal network; and
  
  means for relaying packets between said serviced unit and said servicing unit using said first and second connections, and said servicing unit including;
  
  means for providing remote operation services to said serviced unit by transmitting packets to or from said serviced unit via said second firewall and said second connection.
- View Dependent Claims (16, 17)
- - 16. The system according to claim 15, wherein said second firewall includes validation means for determining whether or not said serviced unit belongs to a contract user on the basis of the contents of data contained in packets transmitted by said serviced unit over said first connection.
  - 17. The system according to claim 15, wherein said serviced unit includes validation means for, when receiving a packet from said second firewall, which said packet transmitted from said servicing unit over said first connection, checking a command for remote operation in said packet for its validity.

18. A remote operation service system in which first and second internal networks are connected to the Internet by first and second firewalls which are respectively installed in said first and second networks, and a servicing unit connected to said second internal network provides remote operation services to a serviced unit connected to said first internal network, said serviced unit including:
- means for setting up a first connection with said second firewall installed for said second internal network via said first internal network and said first firewall installed for said first internal network; and
  
  means for transmitting packets containing data for a remote operation to or from said servicing unit over said first connection, said second firewall including;
  
  means for, after said first connection has been set up with said serviced unit, setting up a second connection with said servicing unit via said second internal network; and
  
  means for relaying packets between said serviced unit and said servicing unit using said first and second connections, and said servicing unit including;
  
  means for providing remote operation services to said serviced unit by transmitting packets to or from said serviced unit via said second firewall and said second connection.
- View Dependent Claims (19, 20)
- - 19. The system according to claim 18, wherein said second firewall includes validation means for determining whether or not said serviced unit belongs to a contract user on the basis of the contents of data contained in packets transmitted by said serviced unit over said first connection.
  - 20. The system according to claim 18, wherein said serviced unit includes validation means for, when receiving a packet from said second firewall, which said packet transmitted from said servicing unit over said first connection, checking a command for remote operation in said packet for its validity.

21. A remote operation service providing method in a remote operation service system in which first and second internal networks are connected to an external network by first and second firewalls which are respectively installed in said first and second networks and a servicing unit connected to said second internal network provides remote operation services to a serviced unit connected to said first internal network, said remote operation service providing method comprising the steps of:
- in said serviced unit, setting up a first connection with said second firewall installed for said second internal network via said first internal network and said first firewall for said first internal network;
  
  in said serviced unit, transmitting packets containing data for performing a remote operation to or from said servicing unit connected to said second internal network over said first connection;
  
  in said second firewall, setting up a second connection with said servicing unit via said second internal network after said first connection has been set up with said serviced unit;
  
  in said second firewall, relaying packets between said serviced unit and said servicing unit over said first and second connections; and
  
  in said servicing unit, providing a remote operation service to said serviced unit by transmitting packets to or from said serviced unit via said second firewall and said second connection.

22. A unit to be serviced which is connected to a first internal network in which a first firewall is installed for an external network and receives a remote operation service from a servicing unit connected to a second internal network in which a second firewall is installed for the external network, comprising:
- packet communications means for transmitting an identifier specifying an address of the servicing unit connected to the second internal network, establishing a connection to the servicing unit through the first and second firewalls, and transmitting a packet to and from the servicing unit through the connection; and
  
  remote operation execution means for retrieving remote operation directive information from the packet received by said packet communications means, and performing a remote operation on the unit to be serviced.
- View Dependent Claims (23)
- - 23. The unit to be serviced according to claim 22, wherein said external network is Internet.

24. A unit to be serviced which is connected to a first internal network in which a first firewall is installed for an external network and receives a remote operation service from a servicing unit connected to a second internal network in which a second firewall is installed for the external network, comprising:
- packet communications means for establishing a connection to the second firewall through the first firewall, and transmitting a packet to and from the second firewall through the connection;
  
  security check means for checking security of remote operation directive information stored in the packet received by said packet communications means;
  
  remote operation execution means for performing a remote operation on the unit to be serviced according to the remote operation directive information whose security is checked by said security check means; and
  
  execution result return means for returning an execution result of the remote operation performed by said remote operation execution means to the second firewall through said packet communications means.
- View Dependent Claims (25)
- - 25. The unit to be serviced according to claim 24, wherein said external network is Internet.

26. A servicing unit which is connected to the second internal network in which the second firewall is installed for the external network and provides a remote operation service for a unit to be serviced connected to a first internal network in which a first firewall is installed for an external network, comprising:
- packet communications means for establishing a connection to the second firewall, and transmitting a packet storing data to be transmitted to and from the unit to be serviced through the connection; and
  
  remote operation execution means for generating the packet for which a command to perform a remote operation is set for the unit to be serviced, and transmitting the packet to the second firewall through said packet communications means.
- View Dependent Claims (27, 28)
- - 27. The servicing unit according to claim 26, wherein said remote operation execution means sets the command according to the remote operation directive information which is stored in the packet received from the unit to be serviced through said packet communications means.
  - 28. The servicing unit according to claim 26, wherein said external network is Internet.

29. A remote operation method for use with a unit to be serviced which is connected to a second internal network in which a second firewall is installed for an external network and receives a remote operation service from a servicing unit connected to a first internal network in which a first firewall is installed for the external network, comprising the steps of:
- establishing a connection to the servicing unit through the second and first firewalls after transmitting an identifier specifying an address of the servicing unit connected to the first internal network;
  
  transmitting a packet to and from the servicing unit through the connection; and
  
  retrieving remote operation directive information from the received packet and performing a remote operation on the unit to be serviced.

30. A remote operation method for use with a servicing unit, connected to a second internal network in which a second firewall is installed for an external network, for providing a remote operation service for a unit to be serviced which is connected to a first internal network in which a first firewall is installed for the external network, comprising the steps of:
- establishing a connection to the second firewall;
  
  transmitting a packet storing data to be transmitted to and from the unit to be serviced through the connection;
  
  generating a packet in which a command to perform a remote operation on the unit to be serviced is set; and
  
  transmitting the packet to the second firewall through the connection.

31. A remote operation method for use with a unit to be serviced which is connected to a second internal network in which a second firewall is installed for an external network and receives a remote operation service from a servicing unit connected to a first internal network in which a first firewall is installed for the external network, comprising the steps of:
- establishing a connection to the first firewall through the second firewall;
  
  transmitting a packet to and from the first firewall through the connection;
  
  checking security of remote operation directive information stored in a received packet;
  
  performing a remote operation on the unit to be serviced according to the remote operation directive information whose security is checked; and
  
  transmitting an execution result of the remote operation to the first firewall through the connection.

32. A security check method for use with a center device functioning as a second firewall in response to access through an external network to a servicing unit by a unit to be serviced which is connected to a first internal network in which a first firewall is installed for the external network, comprising the steps of:
- establishing a first connection to the unit to be serviced through the first firewall and external network;
  
  transmitting a packet to and from the unit to be serviced through the first connection;
  
  checking after establishing the first connection whether or not a received packet is transmitted from the unit to be serviced of a subscriber;
  
  establishing a second connection to the servicing unit through an internal network when it is determined as a result of the checking that the received packet is transmitted from the unit to be serviced of the subscriber; and
  
  transmitting the packet to and from the servicing unit connected to the internal network through the second connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
TANNO, KAZUHIRA

Granted Patent

US 6,374,298 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/249
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/125   involving control of end-de...

SYSTEM FOR PERFORMING REMOTE OPERATION BETWEEN FIREWALL-EQUIPPED NETWORKS OR DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR PERFORMING REMOTE OPERATION BETWEEN FIREWALL-EQUIPPED NETWORKS OR DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links