Emergency access interception according to black list

US 20050108257A1
Filed: 02/26/2004
Published: 05/19/2005
Est. Priority Date: 11/19/2003
Status: Active Grant

First Claim

Patent Images

1. An access controller that controls an access to an information resource stored in a storage device, a plurality of the access controllers and the storage devices being connected with a network, the access controller comprising:

an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;

an access interception module configured to intercept an access by an access prohibited user listed on an access prohibition list;

an input module configured to input user information corresponding to the access prohibited user; and

a list update module configured to update the access prohibition list corresponding to each access controller connected with the network, according to the user information input through the input module.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention addresses to execute an emergency access interception in a widely distributed environment.

An access controller 100 manages an access control list (ACL) 110 recording access right to each object, and a black list (BL) 120 recording user information corresponding to the emergency access interception. The access controller 100 receives a request for authentication to access right and judges whether or not the access right is proper, first according to the BL 120 then ACL110. In case where the user information corresponding to the request is recorded in the BL 120, the access controller 100 sends out the user information to other access controllers and instructs them to register it in the black list. This invention effectively actualizes the emergency access interception under the widely distributed environment in case where the interception is required for any user.

Citations

23 Claims

1. An access controller that controls an access to an information resource stored in a storage device, a plurality of the access controllers and the storage devices being connected with a network, the access controller comprising:
- an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  an access interception module configured to intercept an access by an access prohibited user listed on an access prohibition list;
  
  an input module configured to input user information corresponding to the access prohibited user; and
  
  a list update module configured to update the access prohibition list corresponding to each access controller connected with the network, according to the user information input through the input module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An access controller in accordance with claim 1, wherein the list update module sends out other access controller a registration instruction to register the input user information on the access prohibition list of the other access controller.
  - 3. An access controller in accordance with claim 1, wherein the list update module sends out updated access prohibition list to other access controller.
  - 4. An access controller in accordance with claim 1, wherein the access interception module also intercepts the access that has not completed.
  - 5. An access controller in accordance with claim 1 further comprising access control list update module configured to update the access control list according to the access prohibition list.
  - 6. An access controller in accordance with claim 5, wherein the list update module deletes the user information on the access prohibition list at a predetermined timing.
  - 7. An access controller in accordance with claim 6, wherein the predetermined timing is after the update of the access control list has been completed.
  - 8. An access controller in accordance with claim 6, wherein the predetermined timing is after the update of all access control list has been completed.

9. An access controller that controls an access to an information resource stored in a storage device, a plurality of the access controllers and the storage devices being connected with a network, the access controller comprising:
- an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  a receiving module configured to receive user information of an access prohibited user, from other access controller;
  
  a list update module configured to update an access prohibition list, which records user information of access prohibited users, according to the received user information; and
  
  an access interception module configured to restrict the access by reference to the access prohibition list prior to the access control list.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. An access controller in accordance with claim 9, wherein the access interception module also intercepts the uncompleted access.
  - 11. An access controller in accordance with claim 9 further comprising access control list update module configured to update the access control list according to the access prohibition list.
  - 12. An access controller in accordance with claim 11, wherein the list update module deletes the user information on the access prohibition list at a predetermined timing.
  - 13. An access controller in accordance with claim 12, wherein the predetermined timing is after the update of the access control list has been completed.
  - 14. An access controller in accordance with claim 12, wherein the predetermined timing is after the update of all access control list has been completed.

15. An access control system in which a plurality of storage devices for storing information resources and access controllers for controlling accesses to the information resources are connected with a network, each access controller comprising:
- an access restriction module configured to restrict access to each information resource according to an access control list that records access right to each information resource;
  
  an access interception module configured to restrict the access by reference to an access prohibition list, which records user information of access prohibited users, prior to the access control list;
  
  at least one of the access controllers corresponding to the updated access prohibition list further comprising a distribution module configured to send out the user information or the updated access prohibition list to other access controller in response to the update; and
  
  the other access controller further comprising a list update module configured to receive the user information or the updated access prohibition list and to update the access prohibition list of the other access controller.
- View Dependent Claims (16, 17)
- - 16. An access control system in accordance with claim 15, wherein the distribution module broadcasts the user information or the updated access prohibition list over all of other access controllers.
  - 17. An access control system in accordance with claim 15, wherein the distribution module of each access controller sends out the user information or the updated prohibition list to predetermined another access controller, thereby transmitting the user information or the updated prohibition list from one access controller to another.

18. An access control system in which a plurality of storage devices for storing information resources and access controllers for controlling an access to the information resources are connected with a network, each access controller comprising:
- an access restriction module configured to restrict access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  an access interception module configured to restrict the access by reference to an access prohibition list, which records user information of access prohibited users, prior to the access control list;
  
  a distribution module configured to broadcast the user information to other access controller in response to update of own access prohibition list;
  
  a list update module configured to update own access prohibition list in case of receiving the user information;
  
  an access control list update module configured to update the access control list according to the user information after updating the access prohibition list; and
  
  a user information deletion module configured to delete the user information from the access prohibition list after updating the access control list.

19. An access control method for controlling an access to an information resource stored in a storage device, the method is executed by an access controller in a system where a plurality of the access controllers and the storage devices are connected with a network, the method comprising the steps of:
- restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  intercepting an access by an access prohibited user listed on an access prohibition list;
  
  inputting user information corresponding to the access prohibited user; and
  
  updating the access prohibition list corresponding to each access controller connected with the network, according to the input user information.

20. An access control method for controlling an access to an information resource stored in a storage device, the method is executed by an access controller in a system where a plurality of the access controllers and the storage devices are connected with a network, the method comprising the steps of:
- restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  receiving user information of an access prohibited user from other access controller;
  
  updating an access prohibition list on which user information of access prohibited users is recorded, according to the received user information; and
  
  restricting the access by reference to the access prohibition list prior to the access control list.

21. An access control method for controlling an access to information resources in an access control system where a plurality of storage devices for storing information resources and access controllers are connected with a network, the method comprising the steps of:
- each access controller restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  each access controller restricting the access by reference to an access prohibition list, which records user information of access prohibited users, prior to the access control list;
  
  at least one of the access controllers corresponding to the updated access prohibition list sending out the user information or the updated access prohibition list to other access controller in response to the update; and
  
  the other access controller receiving the user information or the updated access prohibition list and updating the access prohibition list of the other access controller.

22. A computer readable recording medium in which a computer program executed by an access controller to control an access to an information resource stored in a storage device is stored, the computer program being executed in a system where a plurality of the access controllers and the storage devices are connected with a network, the computer program comprising:
- a first program code for restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  a second program code for intercepting an access by an access prohibited user listed on an access prohibition list;
  
  a third program code for inputting user information corresponding to the access prohibited user; and
  
  a fourth program code for updating the access prohibition list corresponding to each access controller connected with the network, according to the input user information.

23. A computer readable recording medium in which a computer program executed by an access controller to control an access to an information resource stored in a storage device is stored, the computer program being executed in a system where a plurality of the access controllers and the storage devices are connected with a network, the computer program comprising:
- a first program code for restricting access to each information resource according to an access control list on which access right to each information resource is recorded;
  
  a second program code for receiving user information of an access prohibited user from other access controller;
  
  a third program code for updating an access prohibition list on which user information of access prohibited users is recorded, according to the received user information; and
  
  a fourth program code for restricting the access according to the access prohibition list prior to the access control list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Hitachi, Ltd.
Inventors
Sonoda, Koji, Iwasaki, Masaaki, Ishii, Yohsuke

Granted Patent

US 7,424,475 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/101 Access control lists [ACL]

Emergency access interception according to black list

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Emergency access interception according to black list

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links