GATEWAY DEVICE, AND SERVICE PROVIDING SYSTEM
First Claim
1. A gateway device for controlling access to a processing device connected with an internal network from an external network, the gateway device comprising:
- a control information transfer control unit;
an access control management updating unit; and
a control information access unit, whereinthe access control management updating unit, when receiving an access execution instruction from the external network, acquires determination information on the access execution instruction, the determination information being set an accessible attribute of the processing device per transmission source of the access execution instruction;
the control information transfer control unit determines whether execution of the access execution instruction should be permitted or not using the determination information, and transmits the access execution instruction, execution of which is determined to be permitted, to the control information access unit;
the control information access unit transmits the received access execution instruction to the processing device, and transmits a result message of the access execution instruction to the control information transfer control unit; and
the control information transfer control unit transmits the result message to the transmission source of the access execution instruction.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided are a control device, system, and method capable of controlling an accessible range of information on an individual external device basis even in the case of a valid access for the information from an external device. An ACL management server is installed to introduce an ACL associating a service provider ID identifying a service provider accessing an ECU mounted on an automobile with an attribute of an ECU that the service provider can access or with an ASIL determined for the ECU, and to manage the ACL safely and in the latest state. Also, a service providing server is installed for providing services for reading and rewriting ECU control information in accordance with a request from a user. A gateway is installed for determining, using the ACL, whether access to the ECU should be granted with respect to access instruction execution information received from the service providing server.
-
Citations
8 Claims
-
1. A gateway device for controlling access to a processing device connected with an internal network from an external network, the gateway device comprising:
-
a control information transfer control unit; an access control management updating unit; and a control information access unit, wherein the access control management updating unit, when receiving an access execution instruction from the external network, acquires determination information on the access execution instruction, the determination information being set an accessible attribute of the processing device per transmission source of the access execution instruction; the control information transfer control unit determines whether execution of the access execution instruction should be permitted or not using the determination information, and transmits the access execution instruction, execution of which is determined to be permitted, to the control information access unit; the control information access unit transmits the received access execution instruction to the processing device, and transmits a result message of the access execution instruction to the control information transfer control unit; and the control information transfer control unit transmits the result message to the transmission source of the access execution instruction. - View Dependent Claims (2, 3, 4)
-
-
5. A service providing system comprising a service enjoying device, a service providing device, a service execution management device, and a service execution determination information management device, wherein
the service execution management device is connected with one or more processing devices via an internal network; -
the service enjoying device transmits a service execution request to the service providing device; the service providing device transmits an access execution instruction based on the service execution request to the service execution management device via an external network; the service execution management device transmits an acquisition request for determination information on the access execution instruction to the service execution determination information management device via the external network when receiving the access execution instruction from the service providing device; the service execution determination information management device transmits the determination information to the service execution management device; the service execution management device determines whether execution of the access execution instruction should be permitted or not using the received determination information, transmits the access execution instruction, execution of which is determined to be permitted, to the processing devices via the internal network, and transmits an execution result based on the access execution instruction to the service providing device via the external network; and the service providing device transmits the received execution result to the service enjoying device, wherein the determination information indicates permission or rejection of executing the access execution instruction on the basis of a combination of an attribute of the service enjoying device, an attribute of the service providing device, and attributes of the processing devices. - View Dependent Claims (6, 7, 8)
-
Specification