WO2023157294A1 - Client sans disque, serveur, programme associé, procédé de connexion de réseau et procédé de libération de réseau - Google Patents

Client sans disque, serveur, programme associé, procédé de connexion de réseau et procédé de libération de réseau Download PDF

Info

Publication number
WO2023157294A1
WO2023157294A1 PCT/JP2022/006945 JP2022006945W WO2023157294A1 WO 2023157294 A1 WO2023157294 A1 WO 2023157294A1 JP 2022006945 W JP2022006945 W JP 2022006945W WO 2023157294 A1 WO2023157294 A1 WO 2023157294A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
diskless client
key
network
encryption key
Prior art date
Application number
PCT/JP2022/006945
Other languages
English (en)
Japanese (ja)
Inventor
文彦 澤崎
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2022/006945 priority Critical patent/WO2023157294A1/fr
Publication of WO2023157294A1 publication Critical patent/WO2023157294A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to a diskless client, a server and its program, a network connection method, and a network release method.
  • Non-Patent Document 1 A diskless client system using PXE (Preboot Execution Environment), which is a network boot specification, is also known (Non-Patent Documents 2 and 3).
  • PXE Preboot Execution Environment
  • the above-mentioned conventional technology is based on the premise that it is used in a LAN (Local Area Network), that is, the diskless client and network are reliable. Therefore, it is difficult to use the conventional technology described above in an environment such as home gateways and wireless base stations where mass users or third parties may touch. Specifically, in the conventional technology described above, terminal authentication of diskless clients poses a problem in an environment where mass users or third parties may access.
  • LAN Local Area Network
  • the present invention has been made in view of these points, and the object of the present invention is to safely authenticate diskless clients in an environment where mass users or third parties may touch.
  • a diskless client is a diskless client that accesses a shared disk of a server, and includes encryption key storage means for pre-storing a first encryption key unique to each diskless client so that it cannot be read from the outside; network connection information acquisition means for requesting a network connection to the server, and acquiring network connection information and a boot file address from the server in response to the request; boot file acquisition for obtaining a boot file corresponding to the address and a second encryption key different from the first encryption key through the encrypted connection by performing authentication means, boot means for booting using the boot file acquired by the boot file acquisition means, and authentication between the boot means and the server using the second encryption key to establish an encrypted connection, shared disk access means for accessing the shared disk of the server via the encrypted connection.
  • diskless clients can be safely authenticated in environments where mass users or third parties may touch.
  • FIG. 4 is a sequence diagram showing operations of the diskless client authentication system according to the embodiment
  • FIG. 1 is a block diagram showing the configuration of a diskless client according to an embodiment
  • FIG. It is a block diagram which shows the structure of the server which concerns on embodiment.
  • 4 is a flow chart showing a network connection method according to an embodiment
  • 4 is a flow chart showing a network release method according to an embodiment
  • 3 is a hardware configuration diagram showing an example of a computer that implements the functions of the server according to the embodiment
  • FIG. 2 is a hardware configuration diagram showing an example of a computer that implements functions of a diskless client according to an embodiment
  • FIG. 1 is a block diagram showing the configuration of a diskless client according to an embodiment
  • FIG. It is a block diagram which shows the structure of the server which concerns on embodiment.
  • 4 is a flow chart showing a network connection method according to an embodiment
  • 4 is a flow chart showing a network release method according to an embodiment
  • 3 is a hardware configuration diagram showing an
  • FIG. 1 is a sequence diagram showing the operation of the diskless client authentication system 1 according to this embodiment.
  • the server 3 authenticates the diskless client 2, and the authenticated diskless client 2 accesses the shared disk of the server 3.
  • the diskless client authentication system 1 comprises a diskless client 2 and a server 3.
  • a diskless client 2 and a server 3 are connected via a network such as the Internet.
  • a network such as the Internet.
  • a cryptographic key is usually used as a means of authentication and communication encryption.
  • the diskless client 2 When the diskless client 2 is used as a home gateway or wireless base station, not only the third party but also the user must not know the contents of the encryption key. If the content of the encryption key were to become known to the user, a terminal other than the contract object could be used as the diskless client 2 . Therefore, the encryption key must not be readable by the user, and must be secretly managed within the hardware so that it cannot be read from the outside.
  • this encryption key will be referred to as key A (first encryption key).
  • This key A is assumed to be an encryption key of a general public key cryptosystem (for example, RSA). That is, in the diskless client authentication system 1, the diskless client 2 secretly manages the secret key of the public key cryptosystem as the key A, and distributes the public key of the public key cryptosystem to the server 3 in advance.
  • a general public key cryptosystem for example, RSA
  • Booting of the diskless client 2 consists of three procedures: IP address and other environment information acquisition procedure S1 for hardware (firmware) processing, boot file acquisition procedure S2, and shared disk access procedure S3 for software processing.
  • key B second encryption key
  • a general cryptographic key such as a public key cryptosystem or a common key cryptosystem (for example, AES) can be used.
  • the server 3 In the IP address and other environmental information acquisition procedure S1, when the server 3 receives a DHCP (BOOTStrap Protocol) IP address request (step S10), it generates a key B (step S11). Then, the server 3 transmits network connection information such as IP address, subnet mask, gateway, etc., and the address of the boot file to the diskless client 2 (step S12).
  • DHCP Broadband Packet Control Protocol
  • a boot file is a file necessary for booting the diskless client 2 (for example, a root file system). Also, the address of the boot file represents the path of the server 3 where the boot file is stored.
  • the diskless client 2 is authenticated using the key A, and an encrypted connection is established between the diskless client 2 and the server 3 (step S20). Then, the diskless client 2 requests the boot file from the server 3 via the encrypted connection (step S21), and acquires the boot file and key B from the server 3 (step S22).
  • the diskless client 2 boots using the boot file obtained from the server 3 (step S23).
  • the diskless client 2 is authenticated using the key B, and an encrypted connection is established between the diskless client 2 and the server 3 (step S30). Then, the diskless client 2 requests access to the shared disk from the server 3 via the encrypted connection (step S31), and accesses the shared disk after receiving an OK response from the server 3 (steps S32 and S33). .
  • FIG. 2 is a block diagram showing the configuration of the diskless client 2 according to this embodiment.
  • the diskless client 2 accesses the shared disk of the server 3, and as shown in FIG. and shared disk access means 24 .
  • NW the network
  • the encryption key storage means 20 pre-stores the unique key A for each diskless client 2 so that it cannot be read from the outside.
  • a tamper-resistant device such as a trusted platform module (TPM) can be used as the encryption key storage means 20 .
  • the encryption key storage means 20 stores, as the key A, a private key of public key cryptography. For example, the key A may be written into the encryption key storage means 20 when the diskless client 2 is manufactured.
  • the network connection information acquisition means 21 requests network connection from the server 3 (step S10 in FIG. 1). This network connection request is to request an IP address using "DHCP REQUEST" or the like. In response to the request, the network connection information acquisition means 21 acquires network connection information such as IP address, subnet mask, gateway, etc., and the address of the boot file from the server 3 (step S12 in FIG. 1). . Then, the network connection information acquiring means 21 outputs the acquired address of the boot file to the boot file acquiring means 22 .
  • the boot file acquisition means 22 uses the key A of the encryption key storage means 20 to perform authentication with the server 3 and establish an encrypted connection (step S20 in FIG. 1). For example, the boot file acquisition means 22 establishes a transport using a protocol of TCP (Transmission Control Protocol)+TLS (Transport Layer Security) or QUIC+TLS. Also, the boot file acquisition means 22 requests the boot file from the server 3 via the encrypted connection, and acquires the boot file corresponding to the address and the key B from the server 3 (see FIG. 1). Steps S21, S22). The boot file acquisition means 22 then outputs the acquired boot file to the boot means 23 and outputs the key B to the shared disk access means 24 .
  • TCP Transmission Control Protocol
  • TLS Transport Layer Security
  • QUIC+TLS Transaction Layer Security
  • the boot means 23 uses the boot file acquired by the boot file acquisition means 22 to boot.
  • the boot means 23 may specify an option to NFS-mount the shared disk and set the mounted file system as the root file system.
  • the shared disk access means 24 uses the key B acquired by the boot file acquisition means 22 to authenticate with the server 3 and establish an encrypted connection (step S30 in FIG. 1). For example, the shared disk access means 24 establishes a transport using TCP+TLS or QUIC+TLS procedures. Then, the shared disk access means 24 requests the server 3 to connect to the shared disk via the encrypted connection, and accesses the shared disk of the server 3 (steps S31 to S33 in FIG. 1).
  • FIG. 3 is a block diagram showing the configuration of the server 3 according to this embodiment.
  • the server 3 includes network connection request determination means 30, network connection information transmission means 31, encryption key generation means 32, boot file transmission means 33, shared disk access control means 34, It comprises a shared disk 35 , network opening request determination means 36 , encryption key destruction means 37 , network opening means 38 and encryption key storage means 39 .
  • the network connection request determination means 30 determines whether or not the diskless client 2 has requested network connection. When the network connection request determining means 30 determines that the diskless client 2 requests network connection, it commands the network connection information transmitting means 31 to transmit the network connection information.
  • the network connection information transmission means 31 transmits the network connection information and the address of the boot file to the diskless client 2 in response to the network connection request from the diskless client 2 .
  • the network connection information transmission means 31 transmits the network connection information and the address of the boot file to the diskless client 2 according to the command from the network connection request determination means 30 .
  • the encryption key generation means 32 generates a key B different from the key A distributed in advance.
  • the encryption key generating means 32 generates the key B, which is a disposable key for each DHCP session, by a general public key cryptosystem or common key cryptosystem. Then, the encryption key generation means 32 stores the generated key B and the association between the key B and the diskless client 2 requesting network connection in the encryption key storage means 39 .
  • This association is, for example, information in which the IP address of the diskless client 2 requesting network connection and the key B are associated with each other.
  • the boot file transmission means 33 uses the pre-distributed key A to establish an encrypted connection with the diskless client 2 by performing authentication, similar to the boot file acquisition means 22 in FIG. Then, the boot file transmission means 33 transmits the boot file corresponding to the address and the key B of the encryption key storage means 39 to the diskless client 2 via the encrypted connection.
  • the shared disk access control means 34 uses the key B to establish an encrypted connection with the diskless client 2 by performing authentication, similar to the shared disk access means 24 in FIG. Then, the shared disk access control means 34 allows the diskless client 2 to access the shared disk 35 via the encrypted connection. Thus, the shared disk access control means 34 controls access to the shared disk 35 by the diskless client 2 .
  • the shared disk 35 is a recording device such as an HDD (Hard Disk Drive) or SSD (Solid State Drive) that stores shared files used by the diskless clients 2 .
  • the shared file is a disk image file representing a Linux (registered trademark) file system. This shared file may be common to the diskless client 2 or may be individual according to the hardware configuration of the diskless client 2 .
  • the network release request determination means 36 determines whether or not the diskless client 2 has requested network release. For example, a network release request is to release the IP address assigned to the diskless client 2 by means of "DHCP RELEASE", lease timer timeout, server 3 command, or the like. Then, when the network release request determination means 36 determines that the diskless client 2 has requested the network release, it instructs the encryption key destruction means 37 to destroy the key B.
  • a network release request is to release the IP address assigned to the diskless client 2 by means of "DHCP RELEASE", lease timer timeout, server 3 command, or the like.
  • the encryption key destruction means 37 destroys the association between the diskless client 2 requesting network release and the key B, and destroys the key B.
  • the encryption key destruction means 37 destroys the key B of the diskless client 2 and the association between the diskless client 2 and the key B from the encryption key storage means 39 in accordance with the command from the network opening request determination means 36. (delete.
  • the network release means 38 releases the diskless client 2 requesting network release from the network.
  • the network release means 38 releases the IP address assigned to the diskless client 2 that requested network release.
  • the encryption key storage means 39 is a storage device such as an HDD or SSD that stores the key B and the association between the diskless client 2 and the key B.
  • FIG. 4 is a flow chart showing a network connection method according to this embodiment.
  • the network connection request determination means 30 determines whether or not there is an IP request event.
  • This IP request event is an event indicating a network connection request from the diskless client 2, such as "DHCP REQUEST".
  • step S100 If there is an IP request event (Yes in step S100), the server 3 proceeds to the process of step S110. If there is no IP request event (No in step S100), the server 3 proceeds to the process of step S140.
  • step S110 the network connection information transmitting means 31 performs predetermined DHCP-related IP request processing (network connection processing).
  • This DHCP-related IP request processing is processing for transmitting network connection information and the address of the boot file to the diskless client 2 .
  • step S120 the encryption key generating means 32 generates a key B.
  • step S ⁇ b>130 the encryption key generation means 32 stores the key B and the association between the key B and the diskless client 2 requesting network connection in the encryption key storage means 39 .
  • step S140 the server 3 determines whether or not to end the process. For example, when the server 3 detects the occurrence of an asynchronous event instructing termination such as SIGTERM reception, the server 3 determines to terminate the process.
  • an asynchronous event instructing termination such as SIGTERM reception
  • step S140 If the process is not to end (No in step S140), the server 3 returns to the process of step S100.
  • FIG. 5 is a flow chart showing the network release method according to this embodiment.
  • the network opening request determination means 36 determines whether or not there is an IP opening event.
  • This IP release event is an event representing a network release request from the diskless client 2, such as "DHCP RELEASE", a lease timer timeout, or a server 3 command.
  • step S200 If there is an IP release event (Yes in step S200), the server 3 proceeds to the process of step S210. If there is no IP release event (No in step S200), the server 3 proceeds to the process of step S240.
  • step S ⁇ b>210 the encryption key destruction means 37 destroys the association between the diskless client 2 requesting network release and the key B from the encryption key storage means 39 .
  • step S ⁇ b>220 the encryption key destruction means 37 destroys the key B from the encryption key storage means 39 .
  • step S230 the network opening means 38 performs predetermined DHCP-related IP opening processing (network opening processing).
  • This DHCP-related IP release processing is processing for releasing the IP address assigned to the diskless client 2 .
  • step S240 the server 3 determines whether or not to end the process. For example, when the server 3 detects the occurrence of an asynchronous event instructing termination such as SIGTERM reception, the server 3 determines to terminate the process.
  • an asynchronous event instructing termination such as SIGTERM reception
  • step S240 If the process is not to end (No in step S240), the server 3 returns to the process of step S200.
  • the server 3 is implemented by a computer 900 configured as shown in FIG.
  • FIG. 6 is a hardware configuration diagram showing an example of a computer 900 that implements the functions of the server 3 according to this embodiment.
  • Computer 900 includes CPU (Central Processing Unit) 901, ROM (Read Only Memory) 902, RAM (Random Access Memory) 903, HDD (Hard Disk Drive) 904, input/output I/F (Interface) 905, communication I/F 906 and media I/F907.
  • CPU Central Processing Unit
  • ROM Read Only Memory
  • RAM Random Access Memory
  • HDD Hard Disk Drive
  • I/F Interface
  • the CPU 901 operates based on programs stored in the ROM 902 or HDD 904, and controls each functional unit shown in FIG.
  • the ROM 902 stores a boot program executed by the CPU 901 when the computer 900 is started, a program related to the hardware of the computer 900, and the like.
  • the CPU 901 controls an input device 910 such as a mouse and keyboard, and an output device 911 such as a display and printer via an input/output I/F 905 .
  • the CPU 901 acquires data from the input device 910 and outputs the generated data to the output device 911 via the input/output I/F 905 .
  • the HDD 904 stores programs executed by the CPU 901 and data used by the programs.
  • the communication I/F 906 receives data from another device (eg, a maintenance terminal, etc.) (not shown) via a communication network (eg, network 920) and outputs the data to the CPU 901. Send to another device via a communication network.
  • the media I/F 907 reads programs or data stored in the recording medium 912 and outputs them to the CPU 901 via the RAM 903 .
  • the CPU 901 loads a program related to target processing from the recording medium 912 onto the RAM 903 via the media I/F 907, and executes the loaded program.
  • the recording medium 912 is an optical recording medium such as a DVD (Digital Versatile Disc) or a PD (Phase change rewritable Disk), a magneto-optical recording medium such as an MO (Magneto Optical disk), a magnetic recording medium, a conductor memory tape medium, a semiconductor memory, or the like. is.
  • the CPU 901 of the computer 900 implements the functions of the server 3 by executing a program loaded on the RAM 903 .
  • Data in the RAM 903 is stored in the HDD 904 .
  • the CPU 901 reads a program related to target processing from the recording medium 912 and executes it.
  • the CPU 901 may read a program related to target processing from another device via a communication network (network 920).
  • the diskless client 2 is implemented by a computer 900A configured as shown in FIG.
  • FIG. 7 is a hardware configuration diagram showing an example of a computer 900A that implements the functions of the diskless client 2 according to this embodiment.
  • This computer 900A is the same as the computer 900 in FIG. 6 except that it has a tamper resistant device 913 instead of the HDD 904, so the description is omitted.
  • the diskless client 2 accesses the shared disk of the server 3, and includes an encryption key storage means 20 for pre-storing a unique key A for each diskless client 2 so that it cannot be read from the outside, and a network connection to the server 3. Authentication is performed with the server 3 using the network connection information acquisition means 21 that acquires the network connection information and the address of the boot file from the server in response to the request, and the key A is encrypted.
  • boot file acquisition means 22 for setting up an encrypted connection and acquiring a boot file corresponding to an address and a key B different from key A via the encrypted connection;
  • a boot means 23 that boots using a file and a key B are used to establish an encrypted connection by performing authentication with the server 3, and accessing the shared disk of the server 3 via the encrypted connection.
  • a shared disk access means 24 is provided.
  • the diskless client 2 key A used in hardware processing and key B used in software processing are separated, and key A is secretly managed so that it cannot be read by software processing. As a result, the diskless client 2 can be safely authenticated in an environment where mass users or third parties may touch it.
  • the encryption key storage means 20 is characterized by storing, as the key A, a private key of public key cryptography.
  • the diskless client 2 can be safely authenticated, making key management easier.
  • the encryption key storage means 20 is characterized by being a tamper-resistant device.
  • the server 3 has a shared disk 35 that is accessed by the diskless client 2.
  • the server 3 provides the diskless client 2 with network connection information and a boot file address.
  • encryption key generation means 32 for generating a key B different from the pre-distributed key A;
  • a boot file transmission means 33 for establishing a connection and transmitting a boot file corresponding to an address and a key B via the encrypted connection, and using the key B, authentication is performed with the diskless client 2.
  • shared disk access control means 34 for establishing an encrypted connection and allowing the diskless client 2 to access the shared disk 35 via the encrypted connection.
  • the diskless client 2 can be safely authenticated in an environment where mass users or third parties may touch it.
  • the boot file transmission means 33 is characterized by using a public key of public key cryptography as the key A.
  • the diskless client 2 can be safely authenticated, making key management easier.
  • the diskless client 2 requires little on-site work and is easy to set up. Furthermore, since the diskless client 2 does not include a storage device such as an HDD that easily breaks down, failures of the device are reduced, and maintenance costs such as equipment repair/replacement can be reduced. Furthermore, the diskless client 2 can share the environment (replication) by accessing the same disk area of the server 3 .
  • the diskless client 2 is suitable for cloud infrastructure, home gateways, wireless base stations, and the like. In particular, home gateways and wireless base stations have a large number of facilities, and installation locations are dispersed in homes and buildings.
  • the first encryption key of the public key cryptosystem is used, but it is not limited to this.
  • the first encryption key of the common key cryptosystem may be used.
  • the server is described as independent hardware, but the present invention is not limited to this.
  • the present invention can also be realized by a program for causing hardware resources such as a CPU, memory, and hard disk provided in a computer to function as the server described above.
  • This program may be distributed via a communication line, or may be distributed by being written in a recording medium such as a CD-ROM or flash memory.
  • diskless client authentication system 2 diskless client 20 encryption key storage means 21 network connection information acquisition means 22 boot file acquisition means 23 boot means 24 shared disk access means 3 server 30 network connection request determination means 31 network connection information transmission means 32 encryption key Generation means 33 Boot file transmission means 34 Shared disk access control means 35 Shared disk 36 Network opening request determination means 37 Encryption key destruction means 38 Network opening means 39 Encryption key storage means

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

Ce client sans disque (2) comprend : un moyen de stockage de clé de chiffrement (20) permettant de stocker au préalable une clé A de façon à ce qu'elle soit illisible depuis l'extérieur ; un moyen d'acquisition d'informations de connexion de réseau (21) permettant d'acquérir, à partir d'un serveur (3), des informations de connexion de réseau et l'adresse d'un fichier d'amorçage ; un moyen d'acquisition de fichier d'amorçage (22) permettant d'acquérir un fichier d'amorçage qui correspond à l'adresse et une clé B ; un moyen d'amorçage (23) permettant d'amorcer à l'aide du fichier d'amorçage ; et un moyen d'accès à un disque partagé (24) permettant d'accéder à un disque partagé du serveur (3) par l'intermédiaire d'une connexion chiffrée.
PCT/JP2022/006945 2022-02-21 2022-02-21 Client sans disque, serveur, programme associé, procédé de connexion de réseau et procédé de libération de réseau WO2023157294A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/006945 WO2023157294A1 (fr) 2022-02-21 2022-02-21 Client sans disque, serveur, programme associé, procédé de connexion de réseau et procédé de libération de réseau

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/006945 WO2023157294A1 (fr) 2022-02-21 2022-02-21 Client sans disque, serveur, programme associé, procédé de connexion de réseau et procédé de libération de réseau

Publications (1)

Publication Number Publication Date
WO2023157294A1 true WO2023157294A1 (fr) 2023-08-24

Family

ID=87578165

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/006945 WO2023157294A1 (fr) 2022-02-21 2022-02-21 Client sans disque, serveur, programme associé, procédé de connexion de réseau et procédé de libération de réseau

Country Status (1)

Country Link
WO (1) WO2023157294A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6189100B1 (en) * 1998-06-30 2001-02-13 Microsoft Corporation Ensuring the integrity of remote boot client data
US20050028154A1 (en) * 2003-05-30 2005-02-03 Sun Microsystems, Inc. Method and system for securely installing software over a network
JP2007141102A (ja) * 2005-11-21 2007-06-07 Internatl Business Mach Corp <Ibm> ソフトウェアをインストールするためのプログラム、記録媒体、及び装置
JP2007299136A (ja) * 2006-04-28 2007-11-15 Ntt Data Corp ネットワークアクセス制御システム、端末、アドレス付与装置、端末システム認証装置、ネットワークアクセス制御方法、及び、コンピュータプログラム
WO2009122526A1 (fr) * 2008-03-31 2009-10-08 富士通株式会社 Procédé de réalisation d'un client léger et terminal client et serveur pour celui-ci
US20150067399A1 (en) * 2013-08-28 2015-03-05 Jon Jaroker Analysis, recovery and repair of devices attached to remote computing systems

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6189100B1 (en) * 1998-06-30 2001-02-13 Microsoft Corporation Ensuring the integrity of remote boot client data
US20050028154A1 (en) * 2003-05-30 2005-02-03 Sun Microsystems, Inc. Method and system for securely installing software over a network
JP2007141102A (ja) * 2005-11-21 2007-06-07 Internatl Business Mach Corp <Ibm> ソフトウェアをインストールするためのプログラム、記録媒体、及び装置
JP2007299136A (ja) * 2006-04-28 2007-11-15 Ntt Data Corp ネットワークアクセス制御システム、端末、アドレス付与装置、端末システム認証装置、ネットワークアクセス制御方法、及び、コンピュータプログラム
WO2009122526A1 (fr) * 2008-03-31 2009-10-08 富士通株式会社 Procédé de réalisation d'un client léger et terminal client et serveur pour celui-ci
US20150067399A1 (en) * 2013-08-28 2015-03-05 Jon Jaroker Analysis, recovery and repair of devices attached to remote computing systems

Similar Documents

Publication Publication Date Title
US11509458B2 (en) Method and system for securely replicating encrypted deduplicated storages
US10623272B2 (en) Authenticating connections and program identity in a messaging system
JP4965747B2 (ja) ネットワークを介したセキュリティ保護された動的な資格証明書の配布
US10402206B2 (en) Methods and systems for attaching an encrypted data partition during the startup of an operating system
US9398001B1 (en) System for and method of providing single sign-on (SSO) capability in an application publishing environment
US7454421B2 (en) Database access control method, database access controller, agent processing server, database access control program, and medium recording the program
US8254579B1 (en) Cryptographic key distribution using a trusted computing platform
US8782414B2 (en) Mutually authenticated secure channel
US8549112B2 (en) Computer-readable medium storing access control program, access control method, and access control device
US20090290715A1 (en) Security architecture for peer-to-peer storage system
US20080046715A1 (en) Method and apparatus for converting authentication-tokens to facilitate interactions between applications
CN104094554A (zh) 无服务器名称指示(sni)的隐式ssl证书管理
WO2011050703A1 (fr) Système et procédé de traitement en nuage, et dispositif agent d&#39;informatique en nuage
JP3833652B2 (ja) ネットワークシステム、サーバ装置、および認証方法
US20220103714A1 (en) Communication system, communication control device, communication control method, recording medium, and program
US10326599B2 (en) Recovery agents and recovery plans over networks
US11153099B2 (en) Reestablishing secure communication with a server after the server&#39;s certificate is renewed with a certificate authority unknown to the client
WO2023157294A1 (fr) Client sans disque, serveur, programme associé, procédé de connexion de réseau et procédé de libération de réseau
US7287157B2 (en) Digital content system
KR102149209B1 (ko) 가상머신을 제공하는 방법 및 장치
US11805117B2 (en) Onboarding for remote management
JP6162611B2 (ja) 通信制御サーバ、通信制御方法、及びプログラム
JP2010217595A (ja) 情報処理装置、情報処理方法およびプログラム
JP6100376B2 (ja) 中継処理装置、中継処理方法、およびプログラム
JP2006202121A (ja) 耐障害性サービス提供システム、サーバ装置およびクライアント装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22927193

Country of ref document: EP

Kind code of ref document: A1