Device authentication apparatus device authentication method information processing apparatus information processing method and computer program
First Claim
1. A device authentication apparatus comprising:
- a first device provided on the client side of a client/server system; and
a second device provided on the server side of the client/server system, wherein said first device comprises registration requesting means for simultaneously sending a request for registering a MAC address specific to the first device in response to a registration requesting operation of a user;
said second device comprises temporary storage means for, when a registration request having the same MAC address is received a plurality of times or for one time within a predetermined time after a first confirmation operation of the user is performed, temporarily storing the MAC address;
said second device comprises registration confirmation means for sending a registration confirmation to the first device having the MAC address stored in said temporary storage means in response to a second confirmation operation of the user;
said first device comprises registration confirmation responding means for receiving said registration confirmation so as to instruct said registration requesting means to stop the simultaneous sending, and also for sending back a registration confirmation response to the second device which has sent the registration confirmation;
said second device comprises authentication and registration means for authenticating and registering the MAC address which is temporarily stored in said temporary storage means in response to a third confirmation operation of the user, which is performed after said registration confirmation response is received, and said second device rejects access from a client comprising the first device having a MAC address other than the MAC address which is authenticated and registered in the second device itself, and instructs the server not to respond at all to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and a method capable of efficiently and accurately constructing an access control configuration having high security are realized. Only the MAC address of a controller (client) 351 authorized by a user is authenticated and registered in a MAC address table of a device 352, and the device 352 performs MAC address filtering for permitting access by the controller 351 (client) which is authenticated and registered in the MAC address table. Furthermore, by making a registration completion notification and by performing version adjustment, a reliable access control configuration is constructed. The device authentication apparatus 350 avoids access from an unauthorized party which is not authenticated and registered, and makes the presence of a server not known to the controller which attempts to illegally perform device authentication. Therefore, access control with high security is realized.
-
Citations
46 Claims
-
1. A device authentication apparatus comprising:
-
a first device provided on the client side of a client/server system; and
a second device provided on the server side of the client/server system, wherein said first device comprises registration requesting means for simultaneously sending a request for registering a MAC address specific to the first device in response to a registration requesting operation of a user;
said second device comprises temporary storage means for, when a registration request having the same MAC address is received a plurality of times or for one time within a predetermined time after a first confirmation operation of the user is performed, temporarily storing the MAC address;
said second device comprises registration confirmation means for sending a registration confirmation to the first device having the MAC address stored in said temporary storage means in response to a second confirmation operation of the user;
said first device comprises registration confirmation responding means for receiving said registration confirmation so as to instruct said registration requesting means to stop the simultaneous sending, and also for sending back a registration confirmation response to the second device which has sent the registration confirmation;
said second device comprises authentication and registration means for authenticating and registering the MAC address which is temporarily stored in said temporary storage means in response to a third confirmation operation of the user, which is performed after said registration confirmation response is received, and said second device rejects access from a client comprising the first device having a MAC address other than the MAC address which is authenticated and registered in the second device itself, and instructs the server not to respond at all to the client. - View Dependent Claims (2)
-
-
3. A device authentication apparatus comprising:
-
a first device provided on the client side of a client/server system; and
a second device provided on the server side of the client/server system, wherein said first device comprises registration requesting means for simultaneously sending a request for registering a MAC address specific to the first device in response to the registration requesting operation of a user;
said second device comprises temporary storage means for, when a registration request having the same MAC address is received a plurality of times within a predetermined time after a first confirmation operation of a user is performed, temporarily storing the MAC address;
said second device comprises registration confirmation means for sending a registration confirmation and a password request to the first device having the MAC address stored in said temporary storage means in response to a second confirmation operation of the user;
means for displaying the password generated for the user; and
means for storing the generated password in the second device itself;
said first device comprise registration confirmation responding means for receiving said registration confirmation so as to instruct said registration requesting means to stop the simultaneous sending, and also for sending back the password input by the user operation and a registration confirmation response to the second device which has sent the registration confirmation;
said second device comprises authentication and registration means for authenticating and registering the MAC address which is temporarily stored in said temporary storage means when the password received from said registration confirmation responding means is verified against the password stored in the second device itself and the two passwords match each other, and said second device rejects access from a client comprising the first device having a MAC address other than the MAC address which is authenticated and registered in the second device itself, and instructs the server not to respond at all to the client. - View Dependent Claims (4)
-
-
5. A device authentication method comprising:
-
a first process performed on the client side of a client/server system; and
a second process performed on the server side of the client/server system, wherein said first process comprises a registration requesting step of simultaneously sending, on a network, a request for registering a MAC address specific to the client in response to a registration requesting operation of a user;
said second process comprises a temporary storing step of, when a registration request having the same MAC address is received a plurality of times within a predetermined time after a first confirmation operation of the user is performed, temporarily storing the MAC address;
said second process comprises a registration confirmation step of sending to the client side a registration confirmation performed at the client having the MAC address stored in said temporary storing step in response to a second confirmation operation of the user;
said first process comprises a registration confirmation responding step of receiving said registration confirmation so as to instruct said registration requesting step to stop the simultaneous sending, and also for sending back a registration confirmation response to the server which has sent the registration confirmation;
said second process comprises an authentication and registration step of authenticating and registering the MAC address which is temporarily stored in said temporary storing step in response to a third confirmation operation of the user, which is performed after said registration confirmation response is received, and said second process rejects access from a client having a MAC address other than the MAC address which is authenticated and registered in the server itself, and instructs the server not to respond at all to the client. - View Dependent Claims (6)
-
-
7. A device authentication method comprising:
-
a first process performed on the client side of a client/server system; and
a second process performed on the server side of the client/server system, wherein said first process comprises a registration requesting step of simultaneously sending, on a network, a request for registering a MAC address specific to the client in response to the registration requesting operation of a user;
said second process comprises a temporary storing step of, when a registration request having the same MAC address is received a plurality of times within a predetermined time after a first confirmation operation of a user is performed, temporarily storing the MAC address;
said second process comprises a registration confirmation step of sending a registration confirmation and a password request to the first process performed at the client having the MAC address which is temporarily stored in said temporary storing step in response to a second confirmation operation of the user;
said first process comprise a registration confirmation responding step of receiving said registration confirmation so as to instruct said registration requesting step to stop the simultaneous sending, and also for sending back the password input by the user operation and a registration confirmation response to the second process which has sent the registration confirmation;
said second process comprises an authentication and registration step of authenticating and registering the MAC address which is temporarily stored in said temporary storing step when the password received in said registration confirmation responding step is verified against the password set in advance in the server itself and the two passwords match each other, and said second process rejects access from a client having a MAC address other than the MAC address which is authenticated and registered in the server itself, and instructs the server not to respond at all to the client. - View Dependent Claims (8)
-
-
9. A device authentication program comprising:
-
a first program executed on the client side of a client/server system; and
a second program executed on the server side of the client/server system, wherein said first program comprises a registration requesting step of simultaneously sending, on a network, a request for registering a MAC address specific to the client in response to a registration requesting operation of a user;
said second program comprises a temporary storing step of, when a registration request having the same MAC address is received a plurality of times within a predetermined time after a first confirmation operation of the user is performed, temporarily storing the MAC address;
said second program comprises a registration confirmation step of sending a registration confirmation to the first program executed at the client having the MAC address stored in said temporary storing step in response to a second confirmation operation of the user;
said first program comprises a registration confirmation responding step of receiving said registration confirmation so as to instruct said registration requesting step to stop the simultaneous sending, and also for sending back a registration confirmation response to the second program which has sent the registration confirmation;
said second program comprises an authentication and registration step of authenticating and registering the MAC address which is temporarily stored in said temporary storing step in response to a third confirmation operation of the user, which is performed after said registration confirmation response is received, and said second program rejects access from a client having a MAC address other than the MAC address which is authenticated and registered in the server itself, and instructs the server not to respond at all to the client. - View Dependent Claims (10)
-
-
11. A device authentication program comprising:
-
a first program executed on the client side of a client/server system; and
a second program executed on the server side of the client/server system, wherein said first program comprises a registration requesting step of simultaneously sending, on a network, a request for registering a MAC address specific to the client in response to the registration requesting operation of a user;
said second process comprises a temporary storing step of, when a registration request having the same MAC address is received a plurality of times within a predetermined time after a first confirmation operation of the user is performed, temporarily storing the MAC address;
said second program comprises a registration confirmation step of sending a registration confirmation and a password request to the first program executed at the client having the MAC address which is temporarily stored in said temporary storing step in response to a second confirmation operation of the user;
said first program comprise a registration confirmation responding step of receiving said registration confirmation so as to instruct said registration requesting step to stop the simultaneous sending, and also of sending back the password input by the user operation and a registration confirmation response to the second program which has sent the registration confirmation;
said second program comprises an authentication and registration step of authenticating and registering the MAC address which is temporarily stored in said temporary storing step when the password received from said registration confirmation responding step is verified against the password set in advance in the server itself and the two passwords match each other, and said second program rejects access from a client having a MAC address other than the MAC address which is authenticated and registered in the server itself, and instructs the server not to respond at all to the client. - View Dependent Claims (12)
-
-
13. An information processing apparatus for performing an access control process comprising:
-
a data transmission and reception section for performing data transmission and reception with a client as an access requesting device;
a storage section for storing access control information containing a client MAC address;
a registration processing section for performing a client MAC address registration process based on a registration request from client;
a data output section for performing data output based on a device signal from said registration processing section; and
a data input section for inputting data to said registration processing section, wherein said registration processing section outputs registration confirmation data to be transmitted to the client on the basis of the determination that the registration is possible in accordance with the registration request from the client, and performs a process for outputting registration confirmation data to be transmitted to said client on the basis of the reception of a registration confirmation response from said client with respect to the registration completion confirmation data. - View Dependent Claims (14, 15, 16)
-
-
17. An information processing apparatus for performing an access control process, said information processing apparatus comprising:
-
a data transmission and reception section for performing data transmission and reception with a client as an access requesting device;
a storage section for storing access control information containing a client MAC address; and
a registration processing section for performing a client MAC address registration process based on a registration request from the client, wherein said registration processing section compares the version information of a device authentication program, contained in the registration request from the client, with the version information of a device authentication program executed in its own device, and selects and performs a process in accordance with the processing sequence of the program of the older version between the two programs on the basis of the comparison result. - View Dependent Claims (18)
-
-
19. An information processing apparatus for performing an access control process, said information processing apparatus comprising:
-
a data transmission and reception section for performing data transmission and reception with a client as an access requesting device;
a storage section for storing access control information containing a client MAC address; and
a registration processing section for performing a client MAC address registration process based on a registration request from the client, wherein said registration processing section determines whether or not the client MAC address contained in the registration request from the client is registered in access control information stored in said storage section, and performs a process for outputting, as transmission data for said client, a registration completion notification indicating that the registration has been completed on the basis of the determination that the registration has been completed. - View Dependent Claims (20)
-
-
21. An information processing apparatus as a client for performing an access right registration process on a server, said information processing apparatus comprising:
-
a data transmission and reception section for performing data transmission and reception with the server;
a storage section for storing a client MAC address;
a registration request processing section for performing a client MAC address registration requesting process;
a data output section for performing data output based on a device signal from said registration request processing section; and
a data input section for inputting data to said registration request processing section, and said registration request processing section performs a process for outputting, as a response for the registration confirmation, a registration confirmation response to be transmitted to said server on the basis of the registration confirmation received from the server registration request and for outputting, as a response for the registration completion confirmation from said server, registration completion confirmation to be transmitted to said server. - View Dependent Claims (22, 23)
-
-
24. An information processing apparatus as a client for performing an access right registration process on a server, said information processing apparatus comprising:
-
a data transmission and reception section for performing data transmission and reception with the server;
a storage section for storing a client MAC address; and
a registration request processing section for performing a client MAC address registration requesting process, wherein said registration request processing section performs a comparison between the version information of a device authentication program, contained in the registration confirmation from the server, and the version information of a device authentication program to be executed in its own device, and selects and performs a process in accordance with the processing sequence of the program of the older version of the two programs on the basis of the comparison result. - View Dependent Claims (25)
-
-
26. An information processing apparatus as a client that performs an access right registration process on the server, said information processing apparatus comprising:
-
a data transmission and reception section for performing data transmission and reception with the server;
a storage section for storing a client MAC address;
a registration request processing section for performing a client MAC address registration requesting process; and
a data output section for performing data output on the basis of a device signal from said registration request processing section, wherein said registration request processing section determines whether or not registration completion notification data indicating that the registration has been completed is contained in the registration confirmation received from the server, and outputs, as a device signal, determination information such that the registration completion notification data is contained, and said data output section performs message output based on said device signal.
-
-
27. An information processing method for performing a device registration process for the purpose of access control, said information processing method comprising:
-
a data reception step of receiving a registration request from a client as an access requesting device; and
a registration processing step of performing a client MAC address registration process based on said registration request, wherein said registration processing step includes a step of performing a process for outputting registration confirmation data to be transmitted to the client on the basis of the determination that the registration is possible in accordance with the registration request from the client and of outputting registration completion confirmation data to be transmitted to said client on the basis of the reception of the registration confirmation response from said client with respect to the registration confirmation data. - View Dependent Claims (28, 29, 30)
-
-
31. An information processing method for performing a device registration process for the purpose of access control, said information processing method comprising:
-
a data reception step of receiving a registration request from a client as an access requesting device; and
a registration processing step of performing a client MAC address registration process on the basis of said registration request, wherein said registration processing step includes a step of comparing the version information of a device authentication program, contained in the registration request from the client, with the version information of a device authentication program executed in its own device, and of selecting and performing a process in accordance with the processing sequence of the program of the older version between the two programs on the basis of the comparison result. - View Dependent Claims (32)
-
-
33. An information processing method for performing a device registration process for the purpose of access control, said information processing method comprising:
-
a data reception step of receiving a registration request from a client as an access requesting device;
a step of determining whether or not the client MAC address contained in the registration request from the client is registered in the access control information stored in a storage section; and
a step of outputting, as transmission data for said client, a registration completion notification indicating that the registration has been completed on the basis of the determination that the registration has been completed. - View Dependent Claims (34)
-
-
35. An information processing method at a client that performs an access right registration process with respect to a server, said information processing method comprising:
-
a step of transmitting a registration request to the server;
a step of outputting, as a response for the registration request, a registration confirmation response to be transmitted to said server on the basis of the registration confirmation received from said server; and
a step of outputting, as a response for the registration completion confirmation from said server, a registration completion confirmation response to be transmitted to said server. - View Dependent Claims (36, 37)
-
-
38. An information processing method at a client that performs an access right registration process with respect to a server, said information processing method comprising:
-
a step of transmitting a registration request to the server;
a comparison processing step of performing a comparison between the version information of the device authentication program, contained in the registration confirmation received, as a response for said registration request, from the server and the version information of the device authentication program executed in its own device; and
a step of selecting and performing a process in accordance with the processing sequence of the program of the older version between the two programs on the basis of said comparison processing result. - View Dependent Claims (39)
-
-
40. An information processing method at a client that performs an access right registration process with respect to a server, said information processing method comprising:
-
a step of transmitting a registration request to the server;
a step of determining whether or not registration completion notification data indicating that the registration has been completed is contained in the registration confirmation received from the server as a response for said registration request; and
a step of performing message output in accordance with said device signal based on said determination that the registration completion notification is contained.
-
-
41. A computer program for performing a device registration process for the purpose of access control, said computer program comprising:
-
a data reception step of receiving a registration request from a client as an access requesting device; and
a registration processing step of performing a client MAC address registration process based on said registration request, wherein said registration processing step includes a step of performing a process for outputting registration confirmation data to be transmitted to the client on the basis of the determination that the registration is possible in accordance with the registration request from the client and for outputting registration completion confirmation data to be transmitted to said client on the basis of the reception of the registration confirmation response from said client with respect to the registration confirmation data.
-
-
42. A computer program for performing a device registration process for the purpose of access control, said computer program comprising:
-
a data reception step of receiving a registration request from a client as an access requesting device; and
a registration processing step of performing a client MAC address registration process on the basis of said registration request, wherein said registration processing step includes a step of comparing the version information of a device authentication program, contained in the registration request from the client with the version information of a device authentication program executed in its own device, and selecting and performing a process in accordance with the processing sequence of the program of the older version between the two programs on the basis of the comparison result.
-
-
43. A computer program for performing a device registration process for the purpose of access control, said computer program comprising:
-
a data reception step of receiving a registration request from a client as an access requesting device;
a step of determining whether or not the client MAC address contained in the registration request from the client is registered in the access control information stored in a storage section; and
a step of outputting, as transmission data for said client, a registration completion notification indicating that the registration has been completed on the basis of the determination that the registration has been completed.
-
-
44. A computer program for performing an access right registration process with respect to a server, said computer program comprising:
-
a step of transmitting a registration request to the server;
a step of outputting, as a response for the registration request, a registration confirmation response to be transmitted to said server on the basis of the registration confirmation received from said server; and
a step of outputting, as a response for the registration completion confirmation from said server, a registration completion confirmation response to be transmitted to said server.
-
-
45. A computer program for performing an access right registration process with respect to a server, said computer program comprising:
-
a step of transmitting a registration request to the server;
a comparison processing step of performing a comparison between the version information of the device authentication program, which is contained in the registration confirmation received from the server as a response for said registration request, and the version information of the device authentication program executed in its own device; and
a step of selecting and performing a process in accordance with the processing sequence of the program of the older version between the two programs on the basis of said comparison processing result.
-
-
46. A computer program for performing an access right registration process with respect to a server, said computer program comprising:
-
a step of transmitting a registration request to the server;
a step of determining whether or not registration completion notification data indicating that the registration has been completed is contained in the registration confirmation received from the server as a response for said registration request; and
a step of outputting, as a device signal, information based on said determination that the registration completion notification is contained, and performing message output in accordance with said device signal.
-
Specification