Access administration method and device therefor to provide access administration services on a computer network
First Claim
1. Access data issuing device adapted to receive information for generating access data that defines an access for accessing a service that is offered on a computer network, thereby generating access data based on the received information and issuing the access data so as to be utilized on the computer network, wherein the access data comprises:
- data identification information identifying each access data;
publisher identification information identifying a publisher;
service content specification information specifying a service content to which the publisher grants access data;
an access privilege designator being granted;
user verification information verifying legitimacy of a party to whom the access data is granted;
publisher verification information verifying the legitimacy of the publisher; and
content verification information verifying the legitimacy of the content of the access data.
1 Assignment
0 Petitions
Accused Products
Abstract
To reduce the burden of administering a service, thereby inducing utilization of the service. An access administration system includes a publisher DB 21, access data verification unit 24, access data determiner 25, access data issuing unit 1, an access submission unit 6. The publisher DB 21 stores publisher information pertaining to publishers who are authorized to issue predetermined access data. The access data verification unit 24 verifies the legitimacy of the access data received. The access determination unit 25 determines the access according to the access data received and a result of the verification, and reports the access to a service provision device. The access data issuing unit 1 generates access data. The access submission unit 6 sends access data to the access data verification unit 24. When access data can be granted to a user by a user that is not the publisher of the access data, it is preferred that the system includes a supplemental data issuing unit 3, which generates a supplemental data and appends the supplemental data to the access data, thereby creating a new access data. For verification of the legitimacy of the access data and supplemental data, it is preferable that digital signatures according to a public key encryption system be used.
-
Citations
15 Claims
-
1. Access data issuing device adapted to receive information for generating access data that defines an access for accessing a service that is offered on a computer network, thereby generating access data based on the received information and issuing the access data so as to be utilized on the computer network, wherein the access data comprises:
-
data identification information identifying each access data;
publisher identification information identifying a publisher;
service content specification information specifying a service content to which the publisher grants access data;
an access privilege designator being granted;
user verification information verifying legitimacy of a party to whom the access data is granted;
publisher verification information verifying the legitimacy of the publisher; and
content verification information verifying the legitimacy of the content of the access data.
-
-
2. An access administration system for administering computer network service access privileges, said system for use in conjunction with a service provision module for providing publisher-issued services to terminals on a computer network, said access administration system comprising:
-
storing means for storing predetermined publisher information relating to publishers having authority to issue predetermined access data for the publisher-issued services;
verifying means for verifying received access data legitimacy based on the access data received and the publisher information;
access privilege determining means for determining access privileges based on the access data received and an access data legitimacy verification result, and for reporting the determined access privilege to the service provision module;
first issuing means for installation in an information terminal for a publisher, said first issuing means for preparing access data and for issuing the access data for utilization by the information terminal;
access submission means for submitting access data to said verifying means when a service from the service provision module is requested. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
second issuing means for installation in a terminal wherein the access data is utilizable in preparing predetermined supplemental data, appending the supplemental data to the access data, and issuing the supplemental-data appended access data for utilization by the information terminal;
wherein said verifying means verifies the legitimacy of the supplemental-data appended access data.
-
-
4. An access administration system as set forth in claim 2, further comprising:
-
invalid data storing means for storing access data invalidated by a publisher; and
invalidation reporting means for reporting the invalidated access data to said invalid data storing means.
-
-
5. An access administration system as set forth in claim 2, further comprising:
-
confidence storing means for assigning to the publisher and other users a confidence level with respect to users other than said publisher and storing the confidence level; and
confidence registering means for registering in said confidence storing means the confidence level with respect to users other than said publisher;
whereinsaid verifying means further verifies the legitimacy of the access data based on access data-distributed user confidence level.
-
-
6. An access administration system as set forth in claim 2, wherein:
-
the access data includes information denoting an expiration date on which the access data expires; and
the verifying means further verifies the legitimacy of the access data based on a date on which the service is requested in comparison with the expiration date.
-
-
7. An access administration system as set forth in claim 3, wherein:
-
the access data further includes a maximum number of parties which can utilize the access data; and
the verifying means verifies the legitimacy of the access data based on a number of supplemental data added in comparison with the maximum number of parties which can utilize the access data.
-
-
8. An access administration system as set forth in claim 2, wherein the predetermined publisher information includes publisher identification information identifying the publisher of the access data;
- and verification information verifying the legitimacy of the access data.
-
9. An access administration system as set forth in claim 2, wherein the predetermined access data includes:
-
data identification information identifying the access data;
publisher identification information identifying the publisher;
service content specification information specifying a service content to which the publisher grants access data;
an access privilege designator being granted;
user verification information verifying the legitimacy of a user to whom the access data is granted;
publisher verification information verifying the legitimacy of the publisher; and
content verification information verifying the legitimacy of the content of the access data.
-
-
10. An access administration system as set forth in claim 2, wherein the publisher information includes publisher identification information identifying the publisher of the access data and a public key that corresponds to a private key of the publisher according to a public key encryption system, or encryption information to obtain said public keys and
the access data includes data identification information identifying the access data, said publisher identification information service content specification information specifying a service content to which the publisher grants access data an access privilege designator being granted, a public key that corresponds to a private key of the access data according to the public key encryption system, or encryption information to obtain said public key, and a digital signature of the publisher that is applied to said data identification information, said publisher identification information, said access privilege designator, and one of said public key and said encryption information, according to the public key encryption system. -
11. An access administration system as set forth in claim 3, wherein the supplemental data includes grantor verification information verifying the legitimacy of a party who grants the access data, and grantee verification information verifying the legitimacy of a party to whom the access data is granted.
-
12. An access administration system as set forth in claim 11, wherein:
-
said grantor verification information is a digital signature of the party who grants the access data according to a public encryption key system; and
said grantee verification information is a public key that corresponds to a private key of the party who grants the access data with the supplemental data appended thereto.
-
-
13. A supplemental data issuing device for receiving access data that defines an access privilege for accessing a service that is offered on a computer network, and information for generating a predetermined supplemental data, thereby generating a supplemental data based on the information and issuing a new access data from the access data received with a supplemental data appended thereto so as to be utilized by a terminal, wherein the supplemental data comprises:
-
grantor verification information verifying legitimacy of a party who grants the access data and the supplemental data; and
grantee verification information verifying the legitimacy of a party to whom a license and the supplemental data are granted.
-
-
14. A computer-readable storage device having an access data issuing program, said access data issuing program being adapted to execute:
-
receiving information for generating access data that defines an access for accessing a service that is offered on a computer network, generating access data based on the received information, and issuing the access data so as to be utilized on the computer network, wherein the access data includes data identification information identifying the access data, publisher identification information identifying a publisher service content specification information specifying a service content to which the publisher grants a license, an access privilege designator being granted, user verification information verifying legitimacy of a party to whom the access data is granted, publisher verification information verifying the legitimacy of the publishers, and content verification information verifying the legitimacy of the content of the access data.
-
-
15. A computer-readable storage device having a data adding program, said data adding program being adapted to execute:
-
receiving access data that defines an access for accessing a service that is offered on a computer network, and information for generating a predetermined supplemental data;
generating a supplemental data based on the information; and
issuing a new access data from the access data received and the supplemental data appended thereto so as to be utilized on a computer network;
wherein the supplemental data includes grantor verification information verifying legitimacy of a party who grants the access data and the supplemental data, and grantee verification information verifying the legitimacy of a party to whom a license and the supplemental data are granted.
-
Specification