Device and method for controlling access to open and non-open network segments

US 7,596,805 B2
Filed: 12/12/2002
Issued: 09/29/2009
Est. Priority Date: 12/13/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A communication device which accepts an access from a single or plural other communication devices through a network in accordance with the operation of plural users, comprising:

storage unit;

an open segment comprising an open access controller for access via a public network;

a non-open segment comprising a non-open access controller for access via a dedicated line, the non-open access controller being separate from, and not directly connected to, the open access controller;

a common router for managing access to the open segment and access to the non-open segment, the common router coupled to at least one of the single or plural other communication devices by a dedicated line and the common router coupled to at least another one of the single or plural other communication devices by a public network, and the common router routing the access received from the public network to the open segment, and routing the access received through the dedicated line to one of the open segment and the non-open segment;

a managing unit for managing access authority data that defines access authority for at least one of a directory defined in a storage area of said storage unit and file data stored in the directory related to at least one of a user who makes the access or a group to which the user belongs; and

an access control unit for inquiring to said managing unit in accordance with the access and controlling the access to said storage unit on the basis of the access authority data received from said managing unit in response to the inquiry concerning every user or group,wherein the managing unit and said storage unit are commonly used by both the open access controller and the non-open access controller,wherein the common router carries out routing of access received from both the dedicated line and the public network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication device including an access authority data managing DB device for managing access authority data with which access authority for at least one of storage area defined logically or physically in a storage device and file data stored in the storage area is defined while at least one of a user making the access and a group to which the user concerned belongs is set as a unit, and a non-open WWW device for controlling an access to the storage device on the basis of the access authority data achieved from the access authority data managing DB device in accordance with an access from a terminal device.

13 Citations

View as Search Results

15 Claims

1. A communication device which accepts an access from a single or plural other communication devices through a network in accordance with the operation of plural users, comprising:
- storage unit;
  
  an open segment comprising an open access controller for access via a public network;
  
  a non-open segment comprising a non-open access controller for access via a dedicated line, the non-open access controller being separate from, and not directly connected to, the open access controller;
  
  a common router for managing access to the open segment and access to the non-open segment, the common router coupled to at least one of the single or plural other communication devices by a dedicated line and the common router coupled to at least another one of the single or plural other communication devices by a public network, and the common router routing the access received from the public network to the open segment, and routing the access received through the dedicated line to one of the open segment and the non-open segment;
  
  a managing unit for managing access authority data that defines access authority for at least one of a directory defined in a storage area of said storage unit and file data stored in the directory related to at least one of a user who makes the access or a group to which the user belongs; and
  
  an access control unit for inquiring to said managing unit in accordance with the access and controlling the access to said storage unit on the basis of the access authority data received from said managing unit in response to the inquiry concerning every user or group,wherein the managing unit and said storage unit are commonly used by both the open access controller and the non-open access controller,wherein the common router carries out routing of access received from both the dedicated line and the public network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The communication device as claimed in claim 1, wherein said access control unit receives an operation instruction relating to the directory or the file data from the single or plural other communication devices in association with the access, judges on the basis of the access authority data whether the operation instruction has authorization and carries out the processing corresponding to the operation instruction if the operation instruction is authorized.
  - 3. The communication device as claimed in claim 2, wherein the operation instruction is an instruction concerning at least one of search, name change, copy, movement, deletion and upload of the directory or file data.
  - 4. The communication device as claimed in claim 1, wherein the access authority data defines at least one of authority for receiving a display of the directory defined in said storage area, authority for changing the name of the directory concerned, authority for adding file data into the directory concerned, authority for altering file data stored in the directory concerned, authority for changing a comment of file data stored in the directory concerned and authority for changing access authority given to the directory concerned.
  - 5. The communication device as claimed in claim 1, wherein said storage unit stores comment data corresponding to the file data,said managing unit manages the access authority data which defines authority for performing at least one of change and addition of the comment data every at least one of the user and the group, andsaid access control unit controls at least one of the change and addition of the comment data on the basis of the access authority data for the user or group.
  - 6. The communication device as claimed in claim 1, wherein when receiving from the single or plural other communication devices an operation instruction indicating at least one of the change and addition of the access authority indicated by the access authority data, the access control unit judges whether the operation instruction has authorization, and instructs at least one of the change and addition of the access authority data corresponding to the operation instruction to said managing unit if the operation instruction is authorized.
  - 7. The communication device as claimed in claim 1, wherein said access control unit supplies the single or plural other communication devices with a display screen containing an image in which the directory is indicated in a tree structure, an image indicating access authority data received from said managing unit and an image indicating the directory thus indicated and the operation pertaining to the file data on the display screen.
  - 8. The communication device as claimed in claim 1, further comprising an authenticating unit for performing user authentication and permitting an access from the single or plural other communication devices to said access control unit under the condition that the authorization of the user concerned is accepted.
  - 9. The communication device as claimed in claim 8, wherein said storage unit, said managing unit, said access control unit and said authenticating unit are protected by firewall.

10. A communication method for receiving access from single or plural other communication devices to a storage unit through a network in accordance with an operation of plural users to perform prescribed processing, comprising:
- a step of managing access authority data in which access authority for at least one of a directory defined in a storage area of the storage unit and file data stored in a directory concerned is defined while at least one of a user making the access or a group to which the user belongs is set as a unit;
  
  a step of receiving access request from either a public network or a dedicated line through a router common to the public network and the dedicated line;
  
  a step of controlling access from the public network to an open access segment via an open access controller;
  
  a step of controlling access from the dedicated line to a non-open segment via a non-open access controller, the non-open access controller being separate from, and not directly connected to, the open access controller; and
  
  a step of controlling the access to the storage unit on the basis of the access authority data in accordance with the user or the group as a unit,wherein the access authority data and said storage unit are commonly used by both the open access controller and the non-open access controller,wherein the common router carries out routing of access received from both the dedicated line and the public network, the common router coupled to at least one of the single or plural other communication devices by a dedicated line and the common router coupled to at least another one of the single or plural other communication devices by a public network, and the common router routing the access received from the public network to the open segment, and routing the access received through the dedicated line to one of the open segment and the non-open segment.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The communication method as claimed in claim 10, further comprising:
    - a step of receiving an operation instruction relating to the directory or file data from the single or plural other communication devices in connection with the access;
      
      a step of judging authorization of the operation instruction on the basis of the access authority data; and
      
      a step of performing processing corresponding to the operation instruction when the authorization of the operation instruction acknowledged.
  - 12. The communication method as claimed in claim 11, wherein the operation instruction is an instruction for at least one of search, name change, copy, movement, deletion and upload of the directory or file data.
  - 13. The communication method as claimed in claim 10, wherein the access authority data defines at least one of authority for receiving a display of the directory, authority for changing the name of the directory, authority for adding file data in the directory, authority for changing file data stored in the directory, authority for changing a comment of file data stored in the directory, and authority for changing access authority given to the directory.
  - 14. The communication method as claimed in claim 10, wherein when an operation instruction indicating at least one of change and addition of the access authority indicated by the access authority data is received from the single or plural other communication devices, authorization of the operation instruction is judged, and if the authorization of the operation instruction is acknowledged, at least one of change and addition of the access authority data corresponding to the operation instruction is carried out.
  - 15. The communication method as claimed in claim 10, wherein the single or plural other communication devices is provided with a screen containing an image in which the directory is shown in a tree structure, an image indicating the access authority data received from the step of managing access authority data, and an image for indicating the operation relating to the indicated directory and file data on the screen.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Kotani, Hiroki, Kumagai, Naoko, Mimura, Atsuhiko
Primary Examiner(s)
Pich; Ponnoreay

Application Number

US10/317,969
Publication Number

US 20030135761A1
Time in Patent Office

2,483 Days
Field of Search

None
US Class Current

726/6
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/104 Grouping of entities

Device and method for controlling access to open and non-open network segments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Device and method for controlling access to open and non-open network segments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links