Security support apparatus and computer-readable recording medium recorded with program code to cause a computer to support security
First Claim
Patent Images
1. A method comprising:
- receiving, at a security server, an access control decision request as a request of a remote operation call from an external application through a network;
determining, at the security server, whether or not the external application of the access control decision request is a valid system, by obtaining from the access control decision request a session identification (ID) indicating that the external application has been authenticated as the valid system allowed by the security server to record a log in the security server and checking whether the session ID is registered in a session management table within the security server;
deciding based on the access control decision request to allow, or not to allow, access after the external application is determined to be the valid system; and
returning a decision result to allow, or not to allow, access as a response of the remote operation call to the external application through the network,wherein information is secured for the external application through the network.
1 Assignment
0 Petitions
Accused Products
Abstract
In a computer to support security of information, a user authentication request is received as a request of remote operation call through a network, a user using an external application program is authenticated based on the user authentication request. An authentication result capable of detecting a falsification is generated, and the authentication result is returned as a response of the remote operation call to a request originator through the network.
-
Citations
9 Claims
-
1. A method comprising:
-
receiving, at a security server, an access control decision request as a request of a remote operation call from an external application through a network; determining, at the security server, whether or not the external application of the access control decision request is a valid system, by obtaining from the access control decision request a session identification (ID) indicating that the external application has been authenticated as the valid system allowed by the security server to record a log in the security server and checking whether the session ID is registered in a session management table within the security server; deciding based on the access control decision request to allow, or not to allow, access after the external application is determined to be the valid system; and returning a decision result to allow, or not to allow, access as a response of the remote operation call to the external application through the network, wherein information is secured for the external application through the network. - View Dependent Claims (9)
-
-
2. An article of manufacture having one or more recordable media storing instructions thereon which, when executed by a security server, cause the security server to perform a method comprising:
-
receiving an access control decision request as a request of a remote operation call from an external application through a network; determining whether or not the external application of the access control decision request is a valid system, by obtaining from the access control decision request a session identification (ID) indicating that the external application has been authenticated as a valid system allowed by the security server to record a log in the security server and checking whether the session ID is registered in a session management table within the security server; deciding based on the access control decision request whether or not to access the external application after it is determined that the external application is the valid system; returning a decision result to allow, or not to allow, access as a response of the remote operation call through the network; and recording contents of the access control decision request, the decision result, and a log, wherein information is secured for the external application through the network. - View Dependent Claims (3, 4, 5)
-
-
6. An apparatus capable of executing computer-executable application program as a computer connectable to a network, wherein executing the application program causes the apparatus to perform a method comprising:
-
receiving authentication data including user identification information identifying a user and a user password from the user to authentication the user; conducting a first remote operation call to a security server to make a user authentication request using the authentication data received from the user through the network, the security server ensuring security of an application; obtaining an authentication result by receiving a response of the first remote operation call from the security server; receiving an access request for accessing an information resource being managed by the application program from the user; conducting a second remote operation call to the security server to make an access control decision request for deciding whether or not the access request is allowed, by using a session identification (ID) identifying the application which has been authenticated as a valid system by the security server allowed to record a log in the security server, the session ID obtained from the security server to request an access determination; obtaining an access control decision result by receiving a response of the second remote operation call from the security server; controlling an access to the information resource based on the access control decision result; and conducting a third remote operation call to the security server to make a request for recording a log concerning the access through the network, by using a second session ID identifying the application which has been authenticated as the valid system allowed by the security server to record the log in the security server, the second session ID obtained from the security server to request a log record. - View Dependent Claims (7)
-
-
8. A security server to connect to an external application and ensure the external application which provides a service to a client terminal, said security server comprising:
-
a first authentication processing unit configured to authenticate the external application by whether or not a user ID and a password of the external application, and a type indicating that the external application is a valid system allowed by the security server to record a log in the security server, are registered in a session management table in the security server; an authentication request acceptance processing unit configured to accept an access control decision request, which indicates an authentication request for the client, from the external application, after the external application is authenticated as the valid system allowed by the security server to record a log in the security server by the first authentication processing unit; a second authentication processing unit configured to determine whether an access from the client to the external application is allowed or not allowed, with respect to the access control determination request accepted by the authentication request acceptance processing unit; and a notification processing unit configured to notify the external application when the access from the client to the external application is allowed by the second authentication processing unit.
-
Specification