Information processing system, information processing apparatus, access control method, and program

US 10,282,525 B2
Filed: 10/27/2015
Issued: 05/07/2019
Est. Priority Date: 10/30/2014
Status: Active Grant

First Claim

Patent Images

1. An information processing system including at least one information processing apparatus, the information processing system comprising:

a first processor that is connected to a service providing apparatus via a network and configured to receive a request to use the service providing apparatus from a service use apparatus, to give, in a case where the request includes information of a completed authentication, based on setup information in which a type of giving information to be given to the request is set, the giving information of the type set in the setup information, and to send the request along with the giving information to the service providing apparatus, the giving information indicating information to be given to a HTTP header of the request and a name of a header to be given to the HTTP header of the request when an authentication is successful, the service providing apparatus providing a service requested by the service use apparatus based on the giving information; and

a second processor that is configured to administer the giving information corresponding to the information of the completed authentication, and to provide the giving information corresponding to the information of the completed authentication received from the first processor to the first processor,wherein the first processor receives the request from the service providing apparatus, and gives, in a case where the request includes the information of the completed authentication, the giving information of the type set to the setup information to a response corresponding to the request,wherein the first processor stores the authorized information of the completed authentication, which is included in the request from the service use apparatus to the service providing apparatus or the authorized information of the completed authentication, which is included in the request from the service providing apparatus, in a memory unit, andwherein, when the memory unit stores the information of the completed authentication, the first processor uses the information of the completed authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing system including at least one information processing apparatus includes an access control unit configured to receive a request from a service use apparatus to a service providing apparatus, to give, in a case where the request includes information of a completed authentication, based on setup information in which a type of giving information to be given to the request is set, the giving information of the type set in the setup information, and to send the request to the service providing apparatus; and an information providing unit configured to administer the giving information corresponding to the information of the completed authentication, and to provide the giving information corresponding to the information of the completed authentication received from the access control unit to the access control unit.

Citations

13 Claims

1. An information processing system including at least one information processing apparatus, the information processing system comprising:
- a first processor that is connected to a service providing apparatus via a network and configured to receive a request to use the service providing apparatus from a service use apparatus, to give, in a case where the request includes information of a completed authentication, based on setup information in which a type of giving information to be given to the request is set, the giving information of the type set in the setup information, and to send the request along with the giving information to the service providing apparatus, the giving information indicating information to be given to a HTTP header of the request and a name of a header to be given to the HTTP header of the request when an authentication is successful, the service providing apparatus providing a service requested by the service use apparatus based on the giving information; and
  
  a second processor that is configured to administer the giving information corresponding to the information of the completed authentication, and to provide the giving information corresponding to the information of the completed authentication received from the first processor to the first processor,wherein the first processor receives the request from the service providing apparatus, and gives, in a case where the request includes the information of the completed authentication, the giving information of the type set to the setup information to a response corresponding to the request,wherein the first processor stores the authorized information of the completed authentication, which is included in the request from the service use apparatus to the service providing apparatus or the authorized information of the completed authentication, which is included in the request from the service providing apparatus, in a memory unit, andwherein, when the memory unit stores the information of the completed authentication, the first processor uses the information of the completed authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 9, 10, 11, 12, 13)
- - 2. The information processing system according to claim 1,wherein the first processor receives the request from the service providing apparatus using an application programming interface (API).
  - 3. The information processing system according to claim 1,wherein the first processor differentiates an access control corresponding to the information of the completed authentication by determining a type of the service use apparatus based on the information indicative of the type of the service use apparatus included in the request and set to the setup information.
  - 4. The information processing system according to claim 1,wherein, in a case where a form of the response is designated when the information of the completed authentication is not authorized, the first processor returns an error response for the request in the designated form.
  - 5. The information processing system according to claim 1,wherein, in a case where the request is from the service use apparatus having no authority of using the service, the first processor gives a reason why there is no authority of using the service to the request, and send the request to the service providing apparatus.
  - 6. The information processing system according to claim 1,wherein the first processor gives the giving information to a header portion of the request.
  - 9. The information processing system according to claim 1, wherein the information of the completed authentication includes an authentication ticket.
  - 10. The information processing system according to claim 1, wherein a name of the authentication ticket designates a name in a cookie for the authentication ticket.
  - 11. The information processing system according to claim 1, wherein the first processor is configured to send the request along with the giving information to the service providing apparatus only when the authentication is successful.
  - 12. The information processing system according to claim 1, wherein the giving information includes an identical person information header including a user information header and a license information header.
  - 13. The information processing system according to claim 1, wherein the information of the completed authentication includes a user authentication ticket and a device authentication ticket.

7. An information processing apparatus comprising:
- a first processor that is connected to a service providing apparatus via a network and configured to receive a request to use the service providing apparatus from a service use apparatus, to give, in a case where the request includes information of a completed authentication, based on setup information in which a type of giving information to be given to the request is set, the giving information of the type set in the setup information, and to send the request along with the giving information to the service providing apparatus, the giving information indicating information to be given to a HTTP header of the request and a name of a header to be given to the HTTP header of the request when an authentication is successful, the service providing apparatus providing a service requested by the service use apparatus based on the giving information; and
  
  a third processor that is configured to acquire the giving information corresponding to the information of a completed authentication from an information providing apparatus which administers the giving information corresponding to information of the completed authentication,wherein the first processor receives the request from the service providing apparatus, and gives, in a case where the request includes the information of the completed authentication, the giving information of the type set to the setup information to a response corresponding to the request,wherein the first processor stores the authorized information of the completed authentication, which is included in the request from the service use apparatus to the service providing apparatus or the authorized information of the completed authentication, which is included in the request from the service providing apparatus, in a memory unit, andwherein, when the memory unit stores the information of the completed authentication, the first processor uses the information of the completed authentication.

8. An access control method performed in an information processing system including an access control apparatus which is connected to a service providing apparatus via a network and receives a request to use the service providing apparatus from a service use apparatus, and an information providing apparatus which administers giving information corresponding to information of a completed authentication and provides the giving information corresponding to the information of the completed authentication to the access control apparatus, the access control method comprising:
- acquiring, in a case where the request includes information of the completed authentication, by the access control apparatus, the giving information corresponding to the information of the completed authentication from the information providing apparatus, the giving information indicating information to be given to a HTTP header of the request and a name of a header to be given to the HTTP header of the request when an authentication is successful, the service providing apparatus providing a service requested by the service use apparatus based on the giving information;
  
  giving, based on setup information in which a type of giving information to be given to the request is set, the giving information of the type set in the setup information, and sending the request along with the giving information to the service providing apparatus,receiving the request from the service providing apparatus, and giving, in a case where the request includes the information of the completed authentication, the giving information of the type set to the setup information to a response corresponding to the request,storing the authorized information of the completed authentication, which is included in the request from the service use apparatus to the service providing apparatus or the authorized information of the completed authentication, which is included in the request from the service providing apparatus, in a memory unit, andwhen the memory unit stores the information of the completed authentication, using the information of the completed authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Kashiyama, Shigeki, Nakajima, Masato, Ohzaki, Hiroki, Fukuda, Yasuharu
Primary Examiner(s)
Gee, Jason K
Assistant Examiner(s)
Holmes, Angela R

Application Number

US14/923,626
Publication Number

US 20160125177A1
Time in Patent Office

1,288 Days
Field of Search

726 10
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/33   using certificates

H04L 63/0807   using tickets, e.g. Kerbero...

Information processing system, information processing apparatus, access control method, and program

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Information processing system, information processing apparatus, access control method, and program

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links