×

FILE-ACCESS CONTROL APPARATUS AND PROGRAM

  • US 20100043070A1
  • Filed: 09/02/2009
  • Published: 02/18/2010
  • Est. Priority Date: 10/29/2007
  • Status: Active Grant
First Claim
Patent Images

1. A file-access control apparatus designed to control accesses to a document file and comprising a storage device capable of storing document contents, each including an inhibition-type policy and an obligation-type policy, an evaluation control module, a document application unit and an external service unit,wherein the policy evaluation control module comprises:

  • an executability data acquisition means for acquiring executability data items from the document application unit and the external service unit, respectively, and for holding the executability data items;

    an authentication-result acquisition means for acquiring result of authentication of a user and user attribute data, on the basis of a prescribed evaluation data list, on receiving, from the document application unit, event data representing an action made by the user and a document file stored in the storage device;

    means for sending evaluation data composed of the executability data, result of authentication and user attribute data, the event data, the inhibition-type policy, and the obligation-type policy on the basis of a prescribed evaluation data list, on receiving the executability data from the executability data acquisition means;

    means for comparing the authentication result, user attribute data and event data, all included in the evaluation data sent, respectively with the authentication result, user attribute data and event data, all prescribed in the inhibition-type policy, and for sending evaluation result showing the permission or inhibition prescribed in the inhibition-type policy, when the items included in the evaluation data are identical to the items included in the inhibition-type policy;

    obligation-type policy evaluation means for comparing the executability data, event data and evaluation result, all included in the valuation data, with the executability data, event data and evaluation result, all included in the obligation-type policy, and for sending control data including an obligation fulfillment subject and an obligation fulfillment action prescribed in the obligation-type policy, when the items included in the evaluation data are identical to the items included in the obligation-type policy;

    control management means for sending the control data on receiving the control data, on the basis of the obligation fulfillment subject included in the control data; and

    document-application control means for controlling the document application unit, on the basis of the obligation fulfillment action included in the control data sent from the control management means.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×