DEVICE AND MANAGEMENT MODULE
First Claim
1. A device holding control target data inside the device, the device comprising:
- a state management unit configured to manage a life cycle state that the device is presently in;
a user authentication unit configured to receive authentication data, authenticate a user, and give a response indicating a group to which the user belongs; and
an access control unit configured toacquire a present life cycle state from the state management unit when an access request to access the control target data is received,authenticate the user by the user authentication unit and acquire the group of the authenticated user,acquire access possibility information based on the present life cycle state and the group of the user who has made the access request, the access possibility information being acquired from a state access control policy associated with the control target data, andcontrol access to the control target data based on the access possibility information, whereinthe state management unit manages a fixed life cycle state and a variable life cycle state having a parent that is one of the fixed life cycle states, wherein the variable life cycle state can be added, changed, or deleted, andthe access control unit implements control with respect to the fixed life cycle state before the variable life cycle state.
1 Assignment
0 Petitions
Accused Products
Abstract
A device holding control target data inside, includes a state management unit configured to manage the present life cycle state of the device; a user authentication unit configured to authenticate a user and output a group of the user; and an access control unit configured to acquire a present life cycle state when an access request to access the control target data is received, acquire the group of the authenticated user, acquire access possibility information based on the present life cycle state and the group of the user, and control access to the control target data based on the access possibility information. The state management unit manages a fixed life cycle state, and a variable life cycle state that can be added, changed, or deleted, and the access control unit implements control on the fixed life cycle state before the variable life cycle state.
18 Citations
7 Claims
-
1. A device holding control target data inside the device, the device comprising:
-
a state management unit configured to manage a life cycle state that the device is presently in; a user authentication unit configured to receive authentication data, authenticate a user, and give a response indicating a group to which the user belongs; and an access control unit configured to acquire a present life cycle state from the state management unit when an access request to access the control target data is received, authenticate the user by the user authentication unit and acquire the group of the authenticated user, acquire access possibility information based on the present life cycle state and the group of the user who has made the access request, the access possibility information being acquired from a state access control policy associated with the control target data, and control access to the control target data based on the access possibility information, wherein the state management unit manages a fixed life cycle state and a variable life cycle state having a parent that is one of the fixed life cycle states, wherein the variable life cycle state can be added, changed, or deleted, and the access control unit implements control with respect to the fixed life cycle state before the variable life cycle state. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A management module installed in a device holding control target data inside the device, the management module comprising:
-
a state management unit configured to manage a life cycle state that the device is presently in; a user authentication unit configured to receive authentication data, authenticate a user, and give a response indicating a group to which the user belongs; and an access control unit configured to acquire a present life cycle state from the state management unit when an access request to access the control target data is received, authenticate the user by the user authentication unit and acquire the group of the authenticated user, acquire access possibility information based on the present life cycle state and the group of the user who has made the access request, the access possibility information being acquired from a state access control policy associated with the control target data, and control access to the control target data based on the access possibility information, wherein the state management unit manages a fixed life cycle state and a variable life cycle state having a parent that is one of the fixed life cycle states, wherein the variable life cycle state can be added, changed, or deleted, and the access control unit implements control with respect to the fixed life cycle state before the variable life cycle state.
-
-
7. A non-transitory computer-readable recording medium storing a program that causes a computer that constitutes a management module installed in a device holding control target data inside the device, to execute a process comprising:
-
managing a life cycle state that the device is presently in; receiving authentication data, authenticating a user, and giving a response indicating a group to which the user belongs; acquiring a present life cycle state managed at the managing when an access request to access the control target data is received, authenticating the user and acquiring the group of the authenticated user, acquiring access possibility information based on the present life cycle state and the group of the user who has made the access request, the access possibility information being acquired from a state access control policy associated with the control target data, and controlling access to the control target data based on the access possibility information, wherein the managing includes managing a fixed life cycle state and a variable life cycle state having a parent that is one of the fixed life cycle states, wherein the variable life cycle state can be added, changed, or deleted, and the controlling includes implementing control with respect to the fixed life cycle state before the variable life cycle state.
-
Specification