Access control apparatus, access control method, access control program, recording medium, access control data, and relation description data

US 7,716,490 B2
Filed: 04/28/2006
Issued: 05/11/2010
Est. Priority Date: 05/17/2005
Status: Expired due to Fees

First Claim

Patent Images

1. An access control apparatus that controls access to a predetermined resource, comprising:

user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access;

indirect access control information defining an access right to the predetermined resource based on the predetermined relationship;

an indirect access right determining unit that detects the further user with which the user has the predetermined relationship based on the user relationship definition information, and determines an access right of the user based on the predetermined relationship with the detected further user and the indirect access control information,direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis; and

a direct access right determining unit that determines the access right of the user based on the direct access control information,wherein the indirect access right determining unit determines the access right of the user based on an access right of the further user which further user access right is determined based on the direct access control information,wherein, if a determination result by the direct access right determining unit is negative, the indirect access right determining unit determines the access right of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control apparatus is disclosed that controls access to a predetermined resource. The access control apparatus includes entity relationship definition information defining a predetermined relationship of a first entity attempting to access the predetermined resource with a second entity, indirect access control information defining an access right to the predetermined resource based on the predetermined relationship, and an indirect access right determining unit that detects the second entity with which the first entity has the predetermined relationship based on the entity relationship definition information, and determines an access right of the first entity based on the predetermined relationship with the detected second entity and the indirect access control information.

25 Citations

View as Search Results

16 Claims

1. An access control apparatus that controls access to a predetermined resource, comprising:
- user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access;
  
  indirect access control information defining an access right to the predetermined resource based on the predetermined relationship;
  
  an indirect access right determining unit that detects the further user with which the user has the predetermined relationship based on the user relationship definition information, and determines an access right of the user based on the predetermined relationship with the detected further user and the indirect access control information,direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis; and
  
  a direct access right determining unit that determines the access right of the user based on the direct access control information,wherein the indirect access right determining unit determines the access right of the user based on an access right of the further user which further user access right is determined based on the direct access control information,wherein, if a determination result by the direct access right determining unit is negative, the indirect access right determining unit determines the access right of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The access control apparatus as claimed in claim 1, wherein the indirect access right determining unit grants the user the access right that is granted to the further user based on the direct access control information.
  - 3. The access control apparatus as claimed in claim 2, wherein, if the indirect access control information defines that the same access right as the access right granted to the further user is granted to the user based on the predetermined relationship of the user with the further user, the indirect access right determining unit grants the user the access right that is granted to the further user based on the direct access control information.
  - 4. The access control apparatus as claimed in claim 1, wherein the indirect access right determining unit recognizes the access right granted to the further user based on the direct access control information by querying the direct access right determining unit for the access right granted to the further user.
  - 5. The access control apparatus as claimed in claim 1, wherein the user relationship definition information defines the relationship between the user and the further user based on a structure of an organization to which the user and further user belong.
  - 6. The access control apparatus as claimed in claim 5, wherein the relationship between the user and the further user may include at least one of a relationship between a boss and a subordinate thereof, a relationship between a secretary and a boss thereof, and a relationship between a deputy and a person for whom the deputy acts.
  - 7. The access control apparatus as claimed in claim 1, wherein the user relationship definition information defines the relationship between the user and the further user based on positions of seats allocated to the user and further user.
  - 8. The access control apparatus as claimed in claim 7, wherein the relationship between the user and the further user is a relationship based on whether the seats are arranged in the same segment.
  - 9. The access control apparatus as claimed in claim 1, further comprising:
    - an electronic data attribute management unit that, in response to a request for saving an identification information item of an encrypted electronic data item and a decryption key for the electronic data item, manages the identification information item of the electronic data item and the decryption key;
      
      wherein, in response to an access request to the electronic data item, the access request containing the identification information item of the electronic data item, an identification information item of the user, and an access type, the indirect access right determining unit determines whether an access right specified by the access type is granted, and the decryption key is returned if the access right specified by the access type is granted.

10. An access control method for use in an access control apparatus that controls access to a predetermined resource, comprising:
- a further user detecting step of detecting, based on entity user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access, the further user with which the user has the predetermined relationship, and storing a result of the detecting in a computer memory;
  
  an indirect access right determining step of determining an access right of the user based on the predetermined relationship with the further user detected in the further user detecting step and indirect access control information defining an access right to the predetermined resource based on the predetermined relationship, and storing a result of the detecting in the computer memory;
  
  a direct access right determining step of determining the access right of the user based on the direct access control information; and
  
  accessing the predetermined resource in accordance with a result of the direct access right determining step,wherein, in the indirect access right determining step, the access right of the user is determined based on an access right of the further user which further user access right is determined based on direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis, andwherein, if a determination result in the direct access right determining step is negative, the access right of the user is determined in the indirect access right determining step.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The access control method as claimed in claim 10, wherein, in the indirect access right determining step, the access right that is granted to the further user based on the direct access control information is granted to the user.
  - 12. The access control method as claimed in claim 11, wherein, if the indirect access control information defines that the same access right as the access right granted to the further user is granted to the user based on the predetermined relationship of the user with the further user, the access right that is granted to the further user based on the direct access control information is granted to the user in the indirect access right determining step.
  - 13. The access control method as claimed in claim 10, wherein the access right granted to the further user based on the direct access control information is recognized in the indirect access right determining step by querying for the access right granted to the further user.
  - 14. The access control method as claimed in claim 10, wherein the user relationship definition information defines the relationship between the user and the further user based on a structure of an organization to which the user and further user belong.
  - 15. The access control method as claimed in claim 14, wherein the relationship between the user and the further user may include at least one of a relationship between a boss and a subordinate thereof, a relationship between a secretary and a boss thereof, and a relationship between a deputy and a person for whom the deputy acts.

16. A tangible computer readable medium having stored thereon an access control program that causes a computer to control access to a predetermined resource, the program causing the computer to execute:
- a further user detecting step of detecting, based on user relationship definition information defining a predetermined relationship of a user attempting to access the predetermined resource with a further user which is different from the user attempting to access, the further user with which the user has the predetermined relationship;
  
  an indirect access right determining step of determining an access right of the user based on the predetermined relationship with the further user detected in the further user detecting step and indirect access control information defining an access right to the predetermined resource based on the predetermined relationship; and
  
  a direct access right determining step of determining the access right of the user based on the direct access control information,wherein, in the indirect access right determining step, the access right of the user is determined based on an access right of the further user which further user access right is determined based on direct access control information defining the access right to the predetermined resource on a per user basis or on a per user category basis, andwherein, if a determination result in the direct access right determining step is negative, the access right of the user is determined in the indirect access right determining step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Kanai, Yoichi
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US11/413,211
Publication Number

US 20060265599A1
Time in Patent Office

1,474 Days
Field of Search

None
US Class Current

713/182
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Access control apparatus, access control method, access control program, recording medium, access control data, and relation description data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Access control apparatus, access control method, access control program, recording medium, access control data, and relation description data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links