ACCESS CONTROL DEVICE AND METHOD THEREOF

US 20090024629A1
Filed: 07/15/2008
Published: 01/22/2009
Est. Priority Date: 07/17/2007
Status: Abandoned Application

First Claim

Patent Images

1. An access control device for separately controlling access of one or more second subjects to data that is kept in one or more of multiple processing nodes by each of one or more first subjects, the second subjects being subjects excluding the first subjects, the processing nodes holding data of the first subjects each controlling access of the respective second subjects to the data of the first subjects based on access control information, comprising:

trustworthiness information collecting means for collecting trustworthiness information, which indicates trustworthiness of each of the second subjects, from one or more of the multiple processing nodes; and

access control proposal information creating means for creating the access control proposal information, which is used to separately control access of the second subjects to each piece of the data of the first subjects, based on access control information that each of the first subjects sets to its own data in advance, and based on the collected trustworthiness information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access control appropriate to each processing node is achieved by evaluating information published by the processing node. An access control device (4) ranks subjects of consumption activities by their trust values, and determines whether or not the ranked subjects include any subject whose rank is improved from the last time. When there exists a subject whose rank is improved from the last time, a subject having data to which access control information is set against the subject with an improved rank is made a proposal that the protection level in the access control information against the subject with an improved rank should be decreased. The access control device (4) also judges whether or not the ranked subjects include any subject whose rank is worsened from the last time. When there exists a subject whose rank is worsened from the last time, a subject having data to which access control information is set against the subject with a worsened rank is made a proposal that the protection level in the access control information against the subject with a worsened rank should be increased.

107 Citations

View as Search Results

11 Claims

1. An access control device for separately controlling access of one or more second subjects to data that is kept in one or more of multiple processing nodes by each of one or more first subjects, the second subjects being subjects excluding the first subjects, the processing nodes holding data of the first subjects each controlling access of the respective second subjects to the data of the first subjects based on access control information, comprising:
- trustworthiness information collecting means for collecting trustworthiness information, which indicates trustworthiness of each of the second subjects, from one or more of the multiple processing nodes; and
  
  access control proposal information creating means for creating the access control proposal information, which is used to separately control access of the second subjects to each piece of the data of the first subjects, based on access control information that each of the first subjects sets to its own data in advance, and based on the collected trustworthiness information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An access control device according to claim 1, wherein the access control proposal information creating means includes:
    - digitalization means for digitalizing the collected trustworthiness information; and
      
      control proposal information creating means for creating the access control proposal information based on the access control information that each of the first subjects sets to its own data in advance, and based on the digitalized trustworthiness information.
  - 3. An access control device according to claim 2, wherein:
    - the trustworthiness information collecting means collects the trustworthiness information over time; and
      
      the digitalization means digitalizes the trustworthiness information such that the trustworthiness information collected at one time has larger influence on the created access control proposal information than the trustworthiness information collected at an earlier time point does.
  - 4. An access control device according to claim 2, wherein:
    - the access control proposal information creating means further includes ranking means for ranking the trustworthiness of each of the second subjects based on the created trustworthiness information; and
      
      the access control proposal information creating means uses trustworthiness rank of each of the second subjects as the digitalized trustworthiness information to create the access control proposal information.
  - 5. An access control device according to claim 4, wherein:
    - the access control proposal information creating means further includes change detecting means for detecting changes in trustworthiness rank of each of the second subjects over time; and
      
      the access control proposal information creating means creates the access control proposal information such that access control over the second subject whose trustworthiness is detected to have improved is eased compared to before the detection, and access control over the second subject whose trustworthiness is detected to have worsened is tightened compared to before the detection.
  - 6. An access control device according to claim 5, wherein the change detecting means calculates, for each of the second subjects, a deviation value of a change between trustworthiness ranks assigned at least at two points in time, detects an improvement in trustworthiness of the second subject when the deviation value of the change between trustworthiness ranks falls within a given first range, and detects a drop in trustworthiness of the second subject when the deviation value of the change in trustworthiness rank falls within a given second range.
  - 7. An access control device according to claim 1, wherein the access control proposal information comprises protection level information, which is used to protect the data of the first subjects by controlling access by the respective second subjects to the data of the first subjects.
  - 8. An access control device according to claim 1, wherein the trustworthiness information collection means collects as the trustworthiness information an evaluation of each piece of information on the second subjects which is published in the multiple processing nodes.

9. An access control method for separately controlling access of one or more second subjects to data that is kept in one or more of multiple processing nodes by each of one or more first subjects, the second subjects being subjects excluding the first subjects, the processing nodes holding data of the first subjects each controlling access of the respective second subjects to the data of the first subjects based on access control information, comprising:
- a trustworthiness information collecting step of collecting trustworthiness information, which indicates trustworthiness of each of the second subjects, from one or more of the multiple processing nodes; and
  
  an access control proposal information creating step of creating the access control proposal information, which is used to separately control access of the second subjects to each piece of the data of the first subjects, based on access control information that each of the first subjects sets to its own data in advance, and based on the collected trustworthiness information.
- View Dependent Claims (10)
- - 10. An access control method according to claim 9, wherein the access control proposal information creating step includes:
    - a digitalization step of digitalizing the collected trustworthiness information; and
      
      a control proposal information creating step of creating the access control proposal information based on the digitalized trustworthiness information.

11. An access control program for separately controlling access of one or more second subjects to data that is kept in one or more of multiple processing nodes by each of one or more first subjects, the second subjects being subjects excluding the first subjects, the processing nodes holding data of the first subjects each controlling access of the respective second subjects to the data of the first subjects based on access control information, the access control program causing a computer to execute:
- a trustworthiness information collecting step of collecting trustworthiness information, which indicates trustworthiness of each of the second subjects, from one or more of the multiple processing nodes; and
  
  an access control proposal information creating step of creating the access control proposal information, which is used to separately control access of the second subjects to each piece of the data of the first subjects, based on access control information that each of the first subjects sets to its own data in advance, and based on the collected trustworthiness information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Miyauchi, Koji

Application Number

US12/173,454
Publication Number

US 20090024629A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

ACCESS CONTROL DEVICE AND METHOD THEREOF

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

107 Citations

11 Claims

Specification

Use Cases

Quick Links

Others

ACCESS CONTROL DEVICE AND METHOD THEREOF

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

11 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others