AUTHORITY VERIFICATION SYSTEM, AUTHORITY VERIFICATION METHOD, AND COMPUTER-READABLE STORAGE MEDIUM

US 20180152441A1
Filed: 11/16/2017
Published: 05/31/2018
Est. Priority Date: 11/25/2016
Status: Active Grant

First Claim

Patent Images

1. An authority verification system operable to verify an access authority for a resource, the system comprising:

a per-resource user authority management unit configured to manage per-resource user authorities established for each resource;

a user authority management unit configured to manage user authorities;

a specification unit configured to, in accordance with an access request for a designated resource, specify, based on the per-resource user authorities managed by the per-resource user authority management unit, an authority necessary for the access request with respect to the designated resource, and to specify, based on the user authorities managed by the user authority management unit, a user authority held by a transmission source of the access request;

a refinement unit configured to decide an access authority by refining the specified user authority, by the authority necessary for the access request with respect to the designated resource that is specified by the specification unit;

a validation unit configured to determine whether access to the resource corresponding to the access request is permitted by the access authority refined by the refinement unit; and

a unit configured to permit the transmission source to access the resource in a case where it is determined that the access is permitted by the validation unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A per-resource user authority management unit that manages user authorities per resource, a user authority refinement unit that refines authorities linked to a user by the per-resource user authorities, and an authority verification unit that determines whether execution of processing with respect to a resource is permitted by using an authority that has been refined by the user authority refinement unit are provided.

16 Citations

View as Search Results

12 Claims

1. An authority verification system operable to verify an access authority for a resource, the system comprising:
- a per-resource user authority management unit configured to manage per-resource user authorities established for each resource;
  
  a user authority management unit configured to manage user authorities;
  
  a specification unit configured to, in accordance with an access request for a designated resource, specify, based on the per-resource user authorities managed by the per-resource user authority management unit, an authority necessary for the access request with respect to the designated resource, and to specify, based on the user authorities managed by the user authority management unit, a user authority held by a transmission source of the access request;
  
  a refinement unit configured to decide an access authority by refining the specified user authority, by the authority necessary for the access request with respect to the designated resource that is specified by the specification unit;
  
  a validation unit configured to determine whether access to the resource corresponding to the access request is permitted by the access authority refined by the refinement unit; and
  
  a unit configured to permit the transmission source to access the resource in a case where it is determined that the access is permitted by the validation unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The authority verification system according to claim 1, further comprising:
    - a unit configured to delegate a user authority to the transmission source of the access request and to issue an access token or a JSON web token indicating a delegation source user and a delegated authority, whereinthe user authority that the access request transmission source has is the delegated user authority that is indicated by the access token or the JSON web token, andthe authority necessary for the access request with respect to the designated resource specified by the specification unit is associated with the delegation source user for the user authority.
  - 3. The authority verification system according to claim 1, wherein the refinement unit makes the access authority be an authority that is shared by the authority necessary for the access request with respect to the resource and the user authority held by the transmission source of the access request.
  - 4. The authority verification system according to claim 1, wherein the refinement unit does not grant the access authority in a case where the authority necessary for the access request with respect to the resource is empty.
  - 5. The authority verification system according to claim 1, wherein the refinement unit makes the access authority be the user authority held by the access request transmission source in a case where the authority necessary for the access request with respect to the resource is empty.
  - 6. The authority verification system according to claim 1, further comprising:
    - a unit configured to, in accordance with an operation with respect to the per-resource user authorities, add a designated per-resource user authority to the per-resource user authorities managed by the per-resource user authority management unit; and
      
      a unit configured to delete a designated per-resource user authority from the per-resource user authorities managed by the per-resource user authority management unit.
  - 7. The authority verification system according to claim 6, wherein in a case where per-resource user authorities of a specific user are all deleted from the per-resource user authority managed by the per-resource user authority management unit, a user authority of the specific user is deleted from the user authorities managed by the user authority management unit.
  - 8. The authority verification system according to claim 1, further comprising:
    - an authentication server configured to verify an access authority with respect to the resource and a resource server configured to provide access to the resource in response to a request,wherein the user authority management unit has the authentication server, andthe per-resource user authority management unit has the resource server.
  - 9. The authority verification system according to claim 8, wherein the refinement unit has the authentication server.
  - 10. The authority verification system according to claim 8, wherein the refinement unit has the resource server.

11. A non-transitory computer readable medium storing a program for causing a computer to function as a resource server operable to provide access to a resource, the program comprising:
- a per-resource user authority management unit configured to manage per-resource user authorities for each resource;
  
  a specification unit configured to, in accordance with an access request for a designated resource, specify, based on the per-resource user authorities managed by the per-resource user authority management unit, an authority necessary for the access request with respect to the designated resource;
  
  a unit configured to request an authentication server for determination of whether access to a resource in accordance with the access request is permitted, by an access authority based on a user authority for each user that the authentication server has, and the necessary authority specified by the specification unit; and
  
  a unit configured to permit the access to the resource when it is determined that the access is permitted on the basis of a response from the authentication server.

12. An authority verification method for verifying an access authority for a resource, which is performed by an information processing system, the method comprising:
- managing per-resource user authorities established for each resource;
  
  managing user authorities;
  
  in accordance with an access request for a designated resource, specifying, based on the per-resource user authorities, an authority necessary for the access request with respect to the designated resource, and specifying, based on the user authorities, a user authority held by a transmission source of the access request;
  
  deciding an access authority by refining the specified user authority, by the authority necessary for the access request with respect to the designated resource;
  
  determining whether access to the resource corresponding to the access request is permitted by the access authority; and
  
  permitting the transmission source to access the resource in a case where it is determined that the access is permitted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Tamura, Yu

Granted Patent

US 10,574,645 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 63/0892   by using authentication-aut...

H04L 63/101   Access control lists [ACL]

AUTHORITY VERIFICATION SYSTEM, AUTHORITY VERIFICATION METHOD, AND COMPUTER-READABLE STORAGE MEDIUM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHORITY VERIFICATION SYSTEM, AUTHORITY VERIFICATION METHOD, AND COMPUTER-READABLE STORAGE MEDIUM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links