Emergency access interception according to black list
First Claim
1. An access controller that controls an access to an information resource stored in a storage device, a plurality of the access controllers and the storage devices being connected with a network, the access controller comprising:
- an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;
an access interception module configured to intercept an access by an access prohibited user listed on an access prohibition list;
an input module configured to input user information corresponding to the access prohibited user; and
a list update module configured to update the access prohibition list corresponding to each access controller connected with the network, according to the user information input through the input module.
3 Assignments
0 Petitions
Accused Products
Abstract
This invention addresses to execute an emergency access interception in a widely distributed environment.
An access controller 100 manages an access control list (ACL) 110 recording access right to each object, and a black list (BL) 120 recording user information corresponding to the emergency access interception. The access controller 100 receives a request for authentication to access right and judges whether or not the access right is proper, first according to the BL 120 then ACL110. In case where the user information corresponding to the request is recorded in the BL 120, the access controller 100 sends out the user information to other access controllers and instructs them to register it in the black list. This invention effectively actualizes the emergency access interception under the widely distributed environment in case where the interception is required for any user.
-
Citations
23 Claims
-
1. An access controller that controls an access to an information resource stored in a storage device, a plurality of the access controllers and the storage devices being connected with a network, the access controller comprising:
-
an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;
an access interception module configured to intercept an access by an access prohibited user listed on an access prohibition list;
an input module configured to input user information corresponding to the access prohibited user; and
a list update module configured to update the access prohibition list corresponding to each access controller connected with the network, according to the user information input through the input module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An access controller that controls an access to an information resource stored in a storage device, a plurality of the access controllers and the storage devices being connected with a network, the access controller comprising:
-
an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;
a receiving module configured to receive user information of an access prohibited user, from other access controller;
a list update module configured to update an access prohibition list, which records user information of access prohibited users, according to the received user information; and
an access interception module configured to restrict the access by reference to the access prohibition list prior to the access control list. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An access control system in which a plurality of storage devices for storing information resources and access controllers for controlling accesses to the information resources are connected with a network, each access controller comprising:
-
an access restriction module configured to restrict access to each information resource according to an access control list that records access right to each information resource;
an access interception module configured to restrict the access by reference to an access prohibition list, which records user information of access prohibited users, prior to the access control list;
at least one of the access controllers corresponding to the updated access prohibition list further comprising a distribution module configured to send out the user information or the updated access prohibition list to other access controller in response to the update; and
the other access controller further comprising a list update module configured to receive the user information or the updated access prohibition list and to update the access prohibition list of the other access controller. - View Dependent Claims (16, 17)
-
-
18. An access control system in which a plurality of storage devices for storing information resources and access controllers for controlling an access to the information resources are connected with a network, each access controller comprising:
-
an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;
an access interception module configured to restrict the access by reference to an access prohibition list, which records user information of access prohibited users, prior to the access control list;
a distribution module configured to broadcast the user information to other access controller in response to update of own access prohibition list;
a list update module configured to update own access prohibition list in case of receiving the user information;
an access control list update module configured to update the access control list according to the user information after updating the access prohibition list; and
a user information deletion module configured to delete the user information from the access prohibition list after updating the access control list.
-
-
19. An access control method for controlling an access to an information resource stored in a storage device, the method is executed by an access controller in a system where a plurality of the access controllers and the storage devices are connected with a network, the method comprising the steps of:
-
restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
intercepting an access by an access prohibited user listed on an access prohibition list;
inputting user information corresponding to the access prohibited user; and
updating the access prohibition list corresponding to each access controller connected with the network, according to the input user information.
-
-
20. An access control method for controlling an access to an information resource stored in a storage device, the method is executed by an access controller in a system where a plurality of the access controllers and the storage devices are connected with a network, the method comprising the steps of:
-
restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
receiving user information of an access prohibited user from other access controller;
updating an access prohibition list on which user information of access prohibited users is recorded, according to the received user information; and
restricting the access by reference to the access prohibition list prior to the access control list.
-
-
21. An access control method for controlling an access to information resources in an access control system where a plurality of storage devices for storing information resources and access controllers are connected with a network, the method comprising the steps of:
-
each access controller restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
each access controller restricting the access by reference to an access prohibition list, which records user information of access prohibited users, prior to the access control list;
at least one of the access controllers corresponding to the updated access prohibition list sending out the user information or the updated access prohibition list to other access controller in response to the update; and
the other access controller receiving the user information or the updated access prohibition list and updating the access prohibition list of the other access controller.
-
-
22. A computer readable recording medium in which a computer program executed by an access controller to control an access to an information resource stored in a storage device is stored, the computer program being executed in a system where a plurality of the access controllers and the storage devices are connected with a network, the computer program comprising:
-
a first program code for restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
a second program code for intercepting an access by an access prohibited user listed on an access prohibition list;
a third program code for inputting user information corresponding to the access prohibited user; and
a fourth program code for updating the access prohibition list corresponding to each access controller connected with the network, according to the input user information.
-
-
23. A computer readable recording medium in which a computer program executed by an access controller to control an access to an information resource stored in a storage device is stored, the computer program being executed in a system where a plurality of the access controllers and the storage devices are connected with a network, the computer program comprising:
-
a first program code for restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
a second program code for receiving user information of an access prohibited user from other access controller;
a third program code for updating an access prohibition list on which user information of access prohibited users is recorded, according to the received user information; and
a fourth program code for restricting the access according to the access prohibition list prior to the access control list.
-
Specification