METHOD AND SYSTEM FOR ACCESS CONTROL IN CLOUD COMPUTING SERVICE

US 20150046971A1
Filed: 10/26/2012
Published: 02/12/2015
Est. Priority Date: 10/27/2011
Status: Abandoned Application

First Claim

Patent Images

1. A collaborative service server of a cloud computing service, comprising:

a user service list database to store right information of a user associated with a service subscribed to by the user and security policy information associated with the service; and

an access token issuing unit to issue an access token of the service based on a service access request of the user, user authentication, and a service right.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method and system for assigning a suitable right to a user through a security policy based access control in a computing service. A collaborative service server may authenticate a user through a cloud service server, and may issue an access token including user authentication information and user right information. The cloud service server may compare information associated with the access token and an access control list and may determine whether to authorize an access of the user to the service based on the comparison result.

Citations

20 Claims

1. A collaborative service server of a cloud computing service, comprising:
- a user service list database to store right information of a user associated with a service subscribed to by the user and security policy information associated with the service; and
  
  an access token issuing unit to issue an access token of the service based on a service access request of the user, user authentication, and a service right.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The collaborative service server of claim 1, wherein the collaborative service server performs the user authentication through a cloud service server.
  - 3. The collaborative service server of claim 2, wherein the access token issuing unit issues the access token based on a result of the user authentication provided from the cloud service server.
  - 4. The collaborative service server of claim 2, wherein the user service list database provides the right information and the security policy information to the cloud service server.
  - 5. The collaborative service server of claim 1, wherein the access token comprises information associated with the user authentication and the right information.
  - 6. The collaborative service server of claim 1, wherein the user service list database periodically updates the right information and the security policy information.
  - 7. The collaborative service server of claim 1, wherein, in response to a request for a new service from the user, the user service list database updates the right information and the security policy information associated with the service subscribed to by the user.

8. A cloud service server, comprising:
- a policy information unit to store a security policy associated with a service accessed by a user and user right information associated with the service; and
  
  a policy decision unit to compare information associated with an access token with an access control list, the security policy, and the user right information, and to authorize an access of the user to the service when information associated with the access token matches the access control list, the security policy, and the user right information as the comparison result.
- View Dependent Claims (9, 10)
- - 9. The cloud service server of claim 8, further comprising:
    - a policy administration unit to set or correct a right of the user, a service policy, and a role.
  - 10. The cloud service server of claim 9, wherein when the right of the user, the service policy, or the role is set or corrected, the policy administration unit transmits information associated with the set or corrected right of the user, service policy, or role to the collaborative service server.

11. A method of providing a collaborative service in a cloud computing service, the method comprising:
- storing, by a user service list database, right information of a user associated with a service subscribed to by the user and security policy information associated with the service; and
  
  issuing, by an access token issuing unit, an access token of the service based on a service access request of the user, user authentication, and a service right.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, further comprising:
    - performing the user authentication through a cloud service server.
  - 13. The method of claim 12, wherein the issuing comprises issuing the access token based on a result of the user authentication provided from the cloud service server.
  - 14. The method of claim 12, wherein the storing comprises providing the right information and the security policy information to the cloud service server.
  - 15. The method of claim 11, wherein the access token comprises information associated with the user authentication and the right information.
  - 16. The method of claim 11, wherein the user service list database periodically updates the right information and the security policy information.
  - 17. The method of claim 11, wherein, in response to a request for a new service from the user, the user service list database updates the right information and the security policy information associated with the service subscribed to by the user.

18. A method of providing a cloud service, the method comprising:
- storing, by a policy information unit, a security policy associated with a service accessed by a user and user right information associated with the service; and
  
  comparing, by a policy decision unit, information associated with an access token with an access control list, the security policy, and the user right information, to authorize an access of the user to the service when information associated with the access token matches the access control list, the security policy, and the user right information as the comparison result.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising:
    - setting or correcting, by a policy administration unit, a right of the user, a service policy and a role.
  - 20. The method of claim 19, further comprising:
    - transmitting, by the policy administration unit, information associated with the set or corrected right of the user, service policy, or role to the collaborative service server when the right of the user, the service policy, or the role is set or corrected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intellectual Discovery Co., Ltd.
Original Assignee
Intellectual Discovery Co., Ltd.
Inventors
Huh, Eui Nam, Na, Sang Ho, Park, Jun Young, Kim, Jin Taek

Application Number

US14/345,188
Publication Number

US 20150046971A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 9/3213   using tickets or tokens, e....

METHOD AND SYSTEM FOR ACCESS CONTROL IN CLOUD COMPUTING SERVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ACCESS CONTROL IN CLOUD COMPUTING SERVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links