NETWORK SYSTEM

US 20150350107A1
Filed: 01/15/2014
Published: 12/03/2015
Est. Priority Date: 01/31/2013
Status: Active Grant

First Claim

Patent Images

1. A network system comprising:

a first node;

a second node; and

an access control list of each object shared by the first node and the second node, the access control list including an access control entry in which an account ID and an access right of an account permitted to access the object are recorded,wherein the first node comprisesan account association table in which an account name and an account ID of an account created at the node itself are recorded in association with each other and in which an account name and an account ID of an account created at the second node are recorded in association with each other andan access control list change unit that, in response to an access control list change request including identification information on an object an access control list of which is to be changed, an account name of an account for which an access control entry is to be changed, and change contents, retrieves an account ID recorded in association with the account name in the access control list change request, from the account association table and changes, in accordance with the change contents, an access control entry in which the retrieved account ID is recorded and that is included in the access control list of the object indicated by the identification information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an account association table the account IDs and account names of accounts created at nodes are associated and recorded. In response to an access control list change request including the account name of an account the access control entry of which is to be changed and the contents of the change, an access control list change unit retrieves an account ID recorded while being associated with the account name from the account association table and changes, in accordance with the contents of the change, an access control entry in which the retrieved account ID is recorded among account control entries in an access control list to be changed.

18 Citations

View as Search Results

8 Claims

1. A network system comprising:
- a first node;
  
  a second node; and
  
  an access control list of each object shared by the first node and the second node, the access control list including an access control entry in which an account ID and an access right of an account permitted to access the object are recorded,wherein the first node comprisesan account association table in which an account name and an account ID of an account created at the node itself are recorded in association with each other and in which an account name and an account ID of an account created at the second node are recorded in association with each other andan access control list change unit that, in response to an access control list change request including identification information on an object an access control list of which is to be changed, an account name of an account for which an access control entry is to be changed, and change contents, retrieves an account ID recorded in association with the account name in the access control list change request, from the account association table and changes, in accordance with the change contents, an access control entry in which the retrieved account ID is recorded and that is included in the access control list of the object indicated by the identification information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The network system according to claim 1,wherein the first node includesa first account information storage unit,a first account management unit that, in response to a first account creation request including an account name of an account to be created, generates a first account ID for uniquely identifying the account at the node itself, and stores, in the first account information storage unit, first account information including the generated first account ID and the account name in the first account creation request, andan account association table management unit that stores, in association with each other in the account association table, the first account ID created by the first account management unit and the account name in the first account creation request, and that stores, in association with each other in the account association table, a second account ID and an account name included in an account association table registration request received from the second node, andwherein the second node includesa second account information storage unit anda second account management unit that, in response to a second account creation request including an account name of an account to be created, generates a second account ID for uniquely identifying the account in the node itself, and that stores, in the second account information storage unit, second account information including the generated second account ID and the account name in the second account creation request and transmits, to the first node, an account association table registration request including the second account ID and the account name in the second account creation request.
  - 3. The network system according to claim 1, comprising a third node including an access control unit that transmits, to the first node, an access request including identification information on an access target object, an account name to be used to access the object indicated by the identification information, and access contents, when the first node is operating normally, and transmits, to the second node, an access request including identification information on an access target object, an account name to be used to access the object indicated by the identification information, and access contents, when the first node is facing failure.
  - 4. The network system according to claim 1, wherein the object shared by the first node and the second node is a file stored in a shared storage accessible from the first node and the second node.
  - 5. The network system according to claim 4, wherein the first node includes a file registration unit that, in response to a file registration request, retrieves all account IDs recorded in association with an account name of a creator of a registration target file, from the account association table, and creates an access control entry in which one of the retrieved account IDs and a preset access right are recorded in association with each other, in the access control list of the registration target file.

6. A node comprising:
- an account association table in which an account name and an account ID of an account created at the node itself are recorded in association with each other and an account name and an account ID of an account created in a different node are recorded in association with each other; and
  
  an access control list change unit that, in response to an access control list change request including identification information on an object an access control list of which is to be changed among objects shared by the node itself and the different node, an account name of an account for which an access control entry is to be changed, and change contents, retrieves an account ID recorded in association with the account name in the access control list change request, from the account association table and changes, in accordance with the change contents, an access control entry in which the retrieved account ID and an access right are recorded and that is included in the access control list of the object indicated by the identification information.

7. An access control list change method for a network system including a first node, a second node, and an access control list of each object shared by the first node and the second node, the access control list including an access control entry in which an account ID and an access right of an account permitted to access the object are recorded, the access control list change method comprising:
- in response to an access control list change request including identification information on an object an access control list of which is to be changed, an account name of an account for which an access control entry is to be changed, and change contents, the first node retrieving an account ID recorded in association with the account name in the access control list change request, from an account association table in which an account name and an account ID of an account created at the node itself are recorded in association with each other and in which an account name and an account ID of an account created at the second node are recorded in association with each other, and changing, in accordance with the change contents, an access control entry in which the retrieved account ID is recorded and that is included in the access control list of the object indicated by the identification information.

8. A non-transitory computer readable storage medium recording thereon a program, causing a computer including an account association table in which an account name and an account ID of an account created in the computer itself are recorded in association with each other and an account name and an account ID of an account created in a different computer are recorded in association with each other, to function asan access control list change unit that, in response to an access control list change request including identification information on an object an access control list of which is to be changed among objects shared by the computer itself and the different computer, an account name of an account for which an access control entry is to be changed, and change contents, retrieves an account ID recorded in association with the account name in the access control list change request, from the account association table and changes, in accordance with the change contents, an access control entry in which the retrieved account ID and an access right are recorded and that is included in the access control list of the object indicated by the identification information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Kayaba, Seijiro

Granted Patent

US 10,129,173 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06F 21/604   Tools and structures for ma...

G06F 21/6209   to a single file or object,...

H04L 47/808   User-type aware

H04L 63/101   Access control lists [ACL]

H04L 67/10   in which an application is ...

H04L 67/306   User profiles

NETWORK SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links