Authentication control system and authentication control method

US 20050125674A1
Filed: 07/20/2004
Published: 06/09/2005
Est. Priority Date: 12/09/2003
Status: Abandoned Application

First Claim

Patent Images

1. An authentication control apparatus for determining an authenticating method of a room entering person who is trying to enter an area where one or more structural elements are present by employing a storage medium into which attribute information of said room entering person has been stored, comprising:

a structural element information acquiring unit for acquiring a security level via a network, which has been set to each of the structural elements which are presently located within said area;

an attribute information acquiring unit for acquiring the attribute information of said room entering person from said storage medium;

a security level determining unit for determining a present security level of said area by employing the security levels of said respective structural elements acquired by said structural element information acquiring unit;

a trust level determining unit for determining a present trust level of said room entering person by employing the attribute information of said room entering person acquired by said attribute information acquiring unit; and

an authenticating method determining unit for determining an authenticating method of said room entering person in a manner that at least one authenticating method is selected from a plurality of authenticating methods by employing said determined present security level of the area and said determined present trust level of said room entering person.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a room entering person who tries to enter an area where one or more structural elements are present is determined by employing a hardware token storing attribute information of the person. A security level of each of the structural elements presently located within the area is acquired via network. The attribute information of the person is acquired from the hardware token. A present security level of the area is determined by employing the security levels of the structural elements. A present trust level of the person is determined by employing the attribute information of the person. An authenticating method of the person is determined in a manner that at least one authenticating method is selected from plural authenticating methods by employing the determined present security level of the area and the determined present trust level of the person.

68 Citations

View as Search Results

13 Claims

1. An authentication control apparatus for determining an authenticating method of a room entering person who is trying to enter an area where one or more structural elements are present by employing a storage medium into which attribute information of said room entering person has been stored, comprising:
- a structural element information acquiring unit for acquiring a security level via a network, which has been set to each of the structural elements which are presently located within said area;
  
  an attribute information acquiring unit for acquiring the attribute information of said room entering person from said storage medium;
  
  a security level determining unit for determining a present security level of said area by employing the security levels of said respective structural elements acquired by said structural element information acquiring unit;
  
  a trust level determining unit for determining a present trust level of said room entering person by employing the attribute information of said room entering person acquired by said attribute information acquiring unit; and
  
  an authenticating method determining unit for determining an authenticating method of said room entering person in a manner that at least one authenticating method is selected from a plurality of authenticating methods by employing said determined present security level of the area and said determined present trust level of said room entering person.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. An authentication control apparatus as claimed in claim 1, wherein:
    - if a total number of structural elements which are present in said area is increased/decreased, then the present security level of said area which is determined by said security level determining unit is increased/decreased.
  - 3. An authentication control apparatus as claimed in claim 1, wherein:
    - the structural elements present within said area contain a person who is located in said area, and to which a predetermined security level has been set.
  - 4. An authentication control apparatus as claimed in claim 1, wherein:
    - said attribute information of said room entering room contains two or more items as to a user ID (identification) of said room entering person, a status of said room entering person, a belonging section of said room entering person, a use frequency of said area by said room entering person, and an access place to said area by said room entering person.
  - 5. An authentication control apparatus as claimed in claim 1, wherein:
    - said area corresponds to a virtual network which is constructed on the network.
  - 6. An authentication control apparatus as claimed in claim 1, wherein:
    - authentication information which is used to authenticate said room entering person has been stored in said storage medium; and
      
      said authentication control apparatus further comprises;
      
      an authentication information acquiring unit for acquiring, from said storage medium and/or said room entering person, authentication information which is required in an authenticating operation by the authenticating method determined by said authenticating method determining unit;
      
      an authentication requiring unit for transmitting an authentication request containing the authentication information acquired by said authentication information acquiring unit to an authentication apparatus which is connected via said network to said authentication control apparatus, and for receiving an authentication result from said authentication apparatus; and
      
      an authentication ticket issuing ticket for producing an authentication ticket in which an authentication level corresponding to the authenticating method determined by said authenticating method determining unit has been designated in a case that the authentication result received by said authentication requesting unit from said authentication apparatus indicates a success of the authenticating operation, and for storing said produced authentication ticket into said storage medium.
  - 7. An authentication control apparatus as claimed in claim 1, wherein:
    - in a case that an authentication ticket of another area has been stored in said storage medium, said attribute information acquiring unit acquires the authentication ticket of said another area in combination with the attribute information of said room entering person; and
      
      in a case that the authentication ticket of said another area has been acquired by said attribute information acquiring unit, said authenticating method determining unit determines an authentication level of said room entering person by employing both the present security level of said area which has been determined by said security level determining unit and the present trust level of said room entering person which has been determined by said trust level determining unit; and
      
      in a case that said determined authentication level is lower than said authentication level designated by said authentication ticket of said another area, a re-authenticating operation of said room entering person is omitted.
  - 8. An authentication control apparatus as claimed in claim 1, wherein:
    - said one or more structural elements include at least one appliance connected to said network, said authentication control apparatus further comprises;
      
      an access ticket issuing unit for producing an access ticket which indicates a right by which said room entering person accesses said appliance, and for storing said produced access ticket into said storage medium; and
      
      a justification checking unit operated in such a manner that when said authentication ticket has been stored in said storage medium, said justification checking unit checks justification of said stored authentication ticket, and wherein;
      
      when said justification checking unit judges that said authentication ticket stored in said storage medium is justified, said justification checking unit instructs said access ticket issuing unit to produce the access ticket.
  - 9. An authentication control apparatus as claimed in claim 8, wherein:
    - said authentication control apparatus further comprises;
      
      a security policy accepting unit for accepting a security policy from said room entering person, which is applied to a communication with said structural element, in a case that said access ticket issuing unit produces the access ticket and then stores the produced access ticket into said storage medium, and a security policy setting unit for setting the security policy accepted by said security policy accepting unit to said structural element in correspondence with the access ticket produced by said access ticket issuing unit.
  - 10. An authentication control apparatus as claimed in claim 1, further comprising:
    - an authentication unit for performing a user authentication operation in accordance with the authenticating method determined by said authenticating method determining unit.

11. An authentication control method for determining an authenticating method of a room entering person who is trying to enter an area where either one or more structural elements are present by employing a storage medium into which attribute information of said room entering person has been stored, comprising:
- a structural element information acquiring step for acquiring a security level via a network, which has been set to each of the structural elements which are presently located within said area;
  
  an attribute information acquiring step for acquiring the attribute information of said room entering person from said storage medium;
  
  a security level determining step for determining a present security level of said area by employing the security levels of said respective structural elements acquired in said structural element information acquiring step;
  
  a trust level determining step for determining a present trust level of said room entering person by employing the attribute information of said room entering person acquired in said attribute information acquiring step; and
  
  an authenticating method determining step for determining an authenticating method of said room entering person in a manner that at least one authenticating method is selected from a plurality of authenticating methods by employing both said determined present security level of the area and said determined present trust level of said room entering person.

12. A computer readable storage medium for storing thereinto a program which is used to execute, in a computer, an authentication control method for determining an authenticating method of a room entering person who is trying to enter an area where one or more structural elements are present by employing a hardware token into which attribute information of said room entering person has been stored, wherein:
- said authentication control method is comprised of;
  
  a structural element information acquiring step for acquiring a security level via a network, which has been set to each of the structural elements which are presently located within said area, an attribute information acquiring step for acquiring the attribute information of said room entering person from said hardware token, a security level determining step for determining a present security level of said area by employing the security levels of said respective structural elements acquired in said structural element information acquiring step, a trust level determining step for determining a present trust level of said room entering person by employing the attribute information of said room entering person acquired in said attribute information acquiring step, and an authenticating method determining step for determining an authenticating method of said room entering person in such a manner that at least one authenticating method is selected from a plurality of authenticating methods by employing both said determined present security level of the area and said determined present trust level of said room entering person.

13. A program stored in a computer readable storage medium to determine an authenticating method of a room entering person who is trying to enter an area where one or more structural elements are present by employing a hardware token into which attribute information of said room entering person has been stored, comprising:
- a structural element information acquiring step for acquiring a security level via a network, which has been set to each of the structural elements which are presently located within said area;
  
  an attribute information acquiring step for acquiring the attribute information of said room entering person from said hardware token;
  
  a security level determining step for determining a present security level of said area by employing the security levels of said respective structural elements acquired in said structural element information acquiring step;
  
  a trust level determining step for determining a present trust level of said room entering person by employing the attribute information of said room entering person acquired in said attribute information acquiring step; and
  
  an authenticating method determining step for determining an authenticating method of said room entering person in a manner that at least one authenticating method is selected from a plurality of authenticating methods by employing both said determined present security level of the area and said determined present trust level of said room entering person.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Sakata, Masayuki, Nishiki, Kenya

Application Number

US10/893,908
Publication Number

US 20050125674A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G07C 2209/04   Access control involving a ...

G07C 9/22   in combination with an iden...

G07C 9/28   the pass enabling tracking ...

Authentication control system and authentication control method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

68 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication control system and authentication control method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links