Providing document services over networks is well known. In one example, a server receives document service requests from a variety of client machines, such as computer devices, network enabled copier machines, facsimile machines, scanner devices and other multi-function devices. Each of the machines, however, may use one or more different security infrastructures running on their respective operating systems. The security of a document is dependent on the security provided by each of the machines involved in its transfer. Therefore, in order for the server to communicate with the client machines to provide them with document services, the client machines' operating system's security features must be enhanced by a method that can assure security comprehensively. This may include separate authentication methods between each pair of operating systems.
Document service requests and associated documents transmitted through a public network (such as the internet) to the server in this example are at risk of being intercepted, viewed and/or modified by unauthorized persons. Also, when the server in this example receives such document service requests, the requests may include one or more directives. Directives communicate specific options a user may request for the document services. The server fulfills the request and performs the requested actions using one or more server-side machines, including facsimile machines, computer devices, or storage facilities. For example, a directive may include a user's request that a document be printed using a server-side printer on a special type of paper. Further, a directive may include payment information such as a credit card number. Again, since the request is communicated using a public network, the security of the document service transactions are vulnerable to being compromised.
An example of a system for providing secure document services, including any directives, for client-side machines using one or more types of operating systems is described in U.S. patent application Ser. No. 09/946,923, filed on Sep. 5, 2001, and published on Mar. 6, 2003, as US Published Application 2003/0043402. The entire content of U.S. patent application Ser. No. 09/946,923 is hereby incorporated by reference.
As described in US Published Application 2003/0043402, the system runs on a distribution agent Web server accessible from one or more types of network Operating Systems (“OS”) via a Secure Socket Layer (“SSL”) channel. The system includes one or more subsystems, including a receiving system that receives one or more document service requests over a secure communications medium, an authentication system that authenticates each received document service request, a processing system that processes the one or more authenticated document service requests, and a request fulfillment system that fulfills each processed document service request.
For this conventional system to properly provide the described services, the firewall protecting the network must be configured, typically by opening additional ports through the firewall, to permit the desired communications. However, since each additional port opened through the firewall represents additional potential vulnerability to threats, firewall policies tend to resist or prohibit opening new ports for even legitimate access to information.
Therefore, it is desirable to provide a system capable of realizing the above-described secured document services without requiring a network to provide additional ports through an existing firewall. This can be accomplished by utilizing the existing ports in the firewall.