Data access management system and management method using access control tickert
First Claim
1. A data access management system for managing access processing performed by an access unit for a data file stored in a memory-loaded device having a memory in which data can be stored, wherein:
- said access unit receives a service permission ticket (SPT), which serves as an access control ticket in which an access mode to be accepted for said access unit is set, from ticket issuing means, and outputs the received service permission ticket (SPT) to said memory-loaded device; and
said memory-loaded device receives the service permission ticket from said access unit, and performs processing according to the access mode indicated in the service permission ticket (SPT).
1 Assignment
0 Petitions
Accused Products
Abstract
To provide a data access management system that enables access control management for data files stored in a memory of a device. The system manages data access processing performed by an access unit for a memory-loaded device, and issues a service permission ticket (SPT), which serves as an access control ticket in which an access mode to be accepted for the access unit, such as a reader/writer, is set. The memory-loaded device receives the service permission ticket (SPT) from the access unit, and performs processing according to the access mode indicated in the service permission ticket (SPT). The service permission tickets (SPTs) in which access modes to be accepted for the access units are set are individually issued according to the access units. Accordingly, various modes of access according to the access units can be executed.
338 Citations
96 Claims
-
1. A data access management system for managing access processing performed by an access unit for a data file stored in a memory-loaded device having a memory in which data can be stored, wherein:
-
said access unit receives a service permission ticket (SPT), which serves as an access control ticket in which an access mode to be accepted for said access unit is set, from ticket issuing means, and outputs the received service permission ticket (SPT) to said memory-loaded device; and
said memory-loaded device receives the service permission ticket from said access unit, and performs processing according to the access mode indicated in the service permission ticket (SPT). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A memory-loaded device having a memory in which data can be stored, comprising:
control means for controlling access processing performed by an access unit for a data file stored in the memory, wherein said control means selects a data file according to a file identifier indicated in a service permission ticket (SPT) received from said access unit, and performs processing on the selected file according to an access mode indicated in the service permission ticket (SPT). - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
18. A data access management method for managing access processing performed by an access unit for a data file stored in a memory-loaded device having a memory in which data can be stored, wherein:
-
said access unit receives a service permission ticket (SPT), which serves as an access control ticket in which an access mode to be accepted for said access unit is set, from ticket issuing means, and outputs the received service permission ticket (SPT) to said memory-loaded device; and
said memory-loaded device receives the service permission ticket from said access unit, and performs processing according to the access mode indicated in the service permission ticket (SPT). - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A program storage medium for providing a computer program for performing data access management processing on a computer system, said data access management processing for managing access processing performed by an access unit for a data file stored in a memory-loaded device having a memory in which data can be stored, said computer program comprising the step of receiving a service permission ticket (SPT), which serves as an access control ticket in which an access mode to be accepted for said access unit that is to access said memory-loaded device is set, and performing processing according to the access mode indicated in the service permission ticket (SPT).
-
28. A data processing system for performing, in response to an access request from an access unit for a memory-loaded device having a memory in which data can be stored, data processing on the memory, wherein:
-
said memory-loaded device receives an access control ticket, which is configured corresponding to the data processing on the memory, from said access unit, and performs the data processing based on rules indicated in the access control ticket; and
said memory-loaded device determines a type of mutual authentication to be conducted with said access unit based on a description in the access control ticket designated or received from said access unit so as to conduct the mutual authentication, and also determines a type of verification of the access control ticket based on the description in the received access control ticket so as to conduct the verification, and responds to the access request from said access unit on the condition that both the mutual authentication and the ticket verification have been successfully conducted. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A memory-loaded device having a memory in which data can be stored, comprising:
-
control means for performing data processing on the memory in response to an access request from an access unit, wherein;
said control means receives an access control ticket, which is configured corresponding to the data processing on the memory, from said access unit, and performs the data processing based on rules indicated in the access control ticket; and
said control means determines a type of mutual authentication to be conducted with said access unit based on a description in the access control ticket designated or received from said access unit so as to conduct the mutual authentication, and also determines a type of verification of the access control ticket based on the description in the received access control ticket so as to conduct the verification, and responds to the access request from said access unit on the condition that both the mutual authentication and the ticket verification have been successfully conducted. - View Dependent Claims (36, 37, 38, 39, 40, 41, 93)
-
-
42. A data processing method for performing, in response to an access request from an access unit for a memory-loaded device having a memory in which data can be stored, data processing on the memory, wherein:
-
said memory-loaded device receives an access control ticket, which is configured corresponding to the data processing on the memory, from said access unit, and performs the data processing based on rules indicated in the access control ticket; and
said memory-loaded device determines a type of mutual authentication to be conducted with said access unit based on a description in the access control ticket designated or received from said access unit so as to conduct the mutual authentication, and also determines a type of verification of the access control ticket based on the description in the received access control ticket so as to conduct the verification, and responds to the access request from said access unit on the condition that both the mutual authentication and the ticket verification have been successfully conducted. - View Dependent Claims (43, 44, 45, 46, 47, 48)
-
-
49. A program storage medium for providing a computer program for performing data processing on a computer system, said data processing to be performed, in response to an access request from an access unit for a memory-loaded device having a memory in which data can be stored, on the memory, said computer program comprising:
-
a step of receiving an access control ticket, which is configured corresponding to the data processing on the memory, from said access unit;
a step of determining a type of mutual authentication to be conducted with said access unit based on a description in the access control ticket designated or received from said access unit so as to conduct the mutual authentication;
a step of determining a type of verification of the access control ticket based on the description of the received access control ticket so as to conduct the verification; and
a step of executing the access request from said access unit on the condition that both the mutual authentication and the ticket verification have been successfully conducted.
-
- 50. A data access control system for issuing a command from an access unit to a memory-loaded device having a memory in which data can be stored, and for performing processing on the data stored in the memory, wherein said memory-loaded device receives an access control ticket, which is configured as access control data for the data stored in the memory, from said access unit, and allows data access on the condition that authentication based on authentication rules indicated in the access control ticket is successfully conducted, and that ID data of said access unit indicated in the access control ticket is successfully verified.
-
57. A memory-loaded device having a memory in which data can be stored, comprising:
control means for issuing a command from an access unit and for performing processing on the data stored in the memory, wherein said control means receives an access control ticket, which is configured as access control data for the data stored in the memory, from said access unit, and allows data access on the condition that authentication based on authentication rules indicated in the access control ticket is successfully conducted, and that ID data of said access unit indicated in the access control ticket is successfully verified. - View Dependent Claims (58, 59, 60, 61, 62, 63)
- 64. A data access control method for issuing a command from an access unit to a memory-loaded device having a memory in which data can be stored, and for performing processing on the data stored in the memory, wherein said memory-loaded device receives an access control ticket, which is configured as access control data for the data stored in the memory, from said access unit, and allows data access on the condition that authentication based on authentication rules indicated in the access control ticket is successfully conducted, and that ID data of said access unit indicated in the access control ticket is successfully verified.
-
71. A program storage medium for providing a computer program for performing processing on a computer system, the processing being performed, by issuing a command from an access unit to a memory-loaded device having a memory in which data can be stored, on the data stored in the memory, said computer program comprising:
-
a step of receiving an access control ticket, which is configured as access control data for the data stored in the memory, from said access unit; and
a step of allowing data access on the condition that authentication based on authentication rules indicated in the access control ticket is successfully conducted, and that ID data of said access unit indicted in the access control ticket is successfully verified.
-
-
72. A memory access control system for controlling memory access from an access unit to a memory-loaded device having a memory in which a plurality of data files are stored, wherein:
-
the memory of said memory-loaded device includes one or more partitions as memory areas managed by corresponding partition managers, and the data files are stored in any of the partitions; and
said memory-loaded device receives an access control ticket from said access unit, and performs access processing on a data file according to a description in the access control ticket, and performs access processing on the plurality of data files based on a plurality of the access control tickets on the condition that device authentication as authentication for said memory-loaded device or partition authentication as authentication for the corresponding partition in which the data file to be accessed is stored is successfully conducted. - View Dependent Claims (73, 74, 75, 76, 77, 78, 79)
-
-
80. A memory-loaded device having a memory in which a plurality of data files are stored, comprising:
control means for controlling memory access from an access unit, wherein;
the memory includes one or more partitions as memory areas managed by corresponding partition managers, and the data files are stored in any of the partitions; and
said control means receives an access control ticket from said access unit, and performs access processing on a data file according to a description in the access control ticket, and performs access processing on the plurality of data files based on a plurality of the access control tickets on the condition that device authentication as authentication for said memory-loaded device or partition authentication as authentication for the corresponding partition in which the data file to be accessed is stored is successfully conducted. - View Dependent Claims (81, 82, 83, 84, 85, 86, 87)
-
88. A memory access control method for controlling memory access from an access unit to a memory-loaded device having a memory in which a plurality of data files are stored, wherein:
-
the memory of said memory-loaded device includes one or more partitions as memory areas managed by corresponding partition managers, and the data files are stored in any of the partitions; and
said memory-loaded device receives an access control ticket from said access unit, and performs access processing on a data file according to a description in the access control ticket, and performs access processing on the plurality of data files based on a plurality of the access control tickets on the condition that device authentication as authentication for said memory-loaded device or partition authentication as authentication for the corresponding partition in which the data file to be accessed is stored is successfully conducted. - View Dependent Claims (89, 90, 91, 92, 94, 95)
-
-
96. A program storage medium for providing a computer program for performing memory access control processing on a computer system, said memory access control processing being for controlling memory access from an access unit to a memory-loaded device having a memory in which a plurality of data files are stored, said computer program comprising:
-
an authentication step of conducting device authentication as authentication for said memory-loaded device or partition authentication as authentication for a corresponding partition stored in a data file to be accessed is stored; and
a step of performing access processing on the plurality of data files based on an access control ticket received from said access unit on the condition that the authentication in said authentication step is successfully conducted.
-
Specification