Authentication apparatus, authentication method, and computer program product

US 8,056,120 B2
Filed: 06/06/2008
Issued: 11/08/2011
Est. Priority Date: 06/11/2007
Status: Expired due to Fees

First Claim

Patent Images

1. An authentication apparatus that performs an authentication of an access to a resource on a network and a connection to the network by a user, the authentication apparatus comprising:

a memory that stores therein a data file that contains first identification information for identifying one of the user and a client terminal used by the user;

a monitoring unit that monitors the client terminal, and when a predetermined access operation to access the resource from the client terminal is detected, acquires the first identification information from the memory;

a referring unit that acquires second identification indicating an entry status of the user to a physical facility;

a verifying unit that verifies whether the first identification information matches the second identification information, and when it is verified that the first identification information matches the second identification information, refers to a room-access management system that is connected to the network and manages the entry status of the user to the physical facility to check the entry status of the user to the physical facility; and

a determining unit that determines whether to allow the access operation based on a result from the verifying unit,wherein the determining unit determines to allow an access operation to an access-controlled resource when the result indicates that the user is located within the facility where the access-controlled resource is located.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A monitoring unit monitors a client terminal used by a user, and when there is a predetermined access operation to a resource from the client terminal, acquires identification information from the client terminal. A verifying unit verifies whether the identification information matches stored identification information. When it is verified that the identification information matches the stored identification information, a referring unit refers to an access management system to check an entry status of the user to a facility. A determining unit determines whether to allow the access operation based on a check result from the referring unit.

Citations

12 Claims

1. An authentication apparatus that performs an authentication of an access to a resource on a network and a connection to the network by a user, the authentication apparatus comprising:
- a memory that stores therein a data file that contains first identification information for identifying one of the user and a client terminal used by the user;
  
  a monitoring unit that monitors the client terminal, and when a predetermined access operation to access the resource from the client terminal is detected, acquires the first identification information from the memory;
  
  a referring unit that acquires second identification indicating an entry status of the user to a physical facility;
  
  a verifying unit that verifies whether the first identification information matches the second identification information, and when it is verified that the first identification information matches the second identification information, refers to a room-access management system that is connected to the network and manages the entry status of the user to the physical facility to check the entry status of the user to the physical facility; and
  
  a determining unit that determines whether to allow the access operation based on a result from the verifying unit,wherein the determining unit determines to allow an access operation to an access-controlled resource when the result indicates that the user is located within the facility where the access-controlled resource is located.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The authentication apparatus according to claim 1, wherein the client terminal is operated by the user for accessing the resource on the network,the data file further contains resource information on the access-controlled resource and first user information for identifying the user,when there is the access operation to the access-controlled resource from the client terminal, the monitoring unit requires the user to input second user information, and receives the second user information from the user as the second identification information,the verifying unit verifies whether the first user information matches the second user information, andthe determining unit determines whether to allow the access operation to the access-controlled resource based on the result from the verifying unit.
  - 3. The authentication apparatus according to claim 2, whereinthe data file further contains information on a permitted area in which an access to the access-controlled resources is allowed, andthe determining unit determines to allow the access operation to the access-controlled resource when the result says that the user is in the permitted area.
  - 4. The authentication apparatus according to claim 2, whereinthe data file further contains information on a denied area in which an access to the access-controlled resources is denied, andthe determining unit determines to deny the access operation to the access-controlled resource when the result says that the user is in the denied area.
  - 5. The authentication apparatus according to claim 2, further comprising:
    - a registering unit that registers the resource information and the first user information in the data file.
  - 6. The authentication apparatus according to claim 1, whereinthe client terminal is configured to be connected to the network via a wireless communication,the data file further contains first address information for identifying the client terminal and user information for identifying the user in an associated manner,the monitoring unit monitors a connection request to the network from the client terminal, and when there is a connection request to the network from the client terminal, extracts second address information of the client terminal from the connection request as the second identification information,the verifying unit verifies whether the first address information matches the second address information, andthe determining unit determines whether to accept the connection request to the network from the client terminal based on a result from the verifying unit.
  - 7. The authentication apparatus according to claim 6, whereinthe data file further contains information on a permitted area in which the connection request is accepted, andthe determining unit determines to accept the connection request when the result indicates that the user is located within the permitted area.
  - 8. The authentication apparatus according to claim 6, whereinthe data file further contains information on a denied area in which the connection request is denied, andthe determining unit determines to deny the connection request when the result indicates that the user is located within the denied area.
  - 9. The authentication apparatus according to claim 6, further comprising:
    - a measuring unit that measures a distance between the client terminal to the network, whereinthe data file further contains information on a permitted range in association with the user information, the permitted range indicating a range of a distance for determining whether the connection request is accepted,the determining unit determines whether the distance measured by the measuring unit is within the permitted range, and when the distance is out of the permitted range, determines to deny the connection request, andthe monitoring unit extracts the second address information as the second identification information from the connection request when the distance measured by the measuring unit is within the permitted range.
  - 10. The authentication apparatus according to claim 6, further comprising:
    - a registering unit that registers the first address information and the user information in the data file in an associated manner.

11. An authentication method, implemented on an authentication apparatus, of performing an authentication of an access to a resource on a network and a connection to the network by a user, the authentication method comprising:
- storing, in a memory of the authentication apparatus, a data file that contains first identification information for identifying one of the user and a client terminal used by the user;
  
  monitoring the client terminal, and when a predetermined access operation to access the resource from the client terminal is detected, acquiring the first identification information from the memory;
  
  acquiring second identification information indicating an entry status of the user to a physical facility;
  
  verifying whether the acquired first identification information matches the second identification information, and when it is verified that the acquired first identification information matches the second identification information, referring to a room-access management system that is connected to the network and manages the entry status of the user to the physical facility to check the entry status of the user to the physical facility; and
  
  determining whether to allow the access operation based on a result at the verifying,wherein the determining includes determining to allow an access operation to an access-controlled resource when the result indicates that the user is located within the facility where the access-controlled resource is located.

12. A non-transitory computer readable storage medium having stored thereon a computer program that includes instructions for performing an authentication of an access to a resource on a network and a connection to the network by a user which when executed on a computer causes the computer to execute a method comprising:
- storing a data file that contains first identification information for identifying one of the user and a client terminal used by the user;
  
  monitoring the client terminal, and when a predetermined access operation to access the resource from the client terminal is detected, acquiring the stored first identification information;
  
  acquiring second identification information indicating an entry status of the user to a physical facility;
  
  verifying whether the acquired first identification information matches the second identification information, and when it is verified that the acquired first identification information matches the second identification information, referring to a room-access management system that is connected to the network and manages the entry status of the user to the physical facility to check the entry status of the user to the physical facility; and
  
  determining whether to allow the access operation based on a result at the verifying,wherein the determining includes determining to allow an access operation to an access-controlled resource when the result indicates that the user is located within the facility where the access-controlled resource is located.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Kusakari, Shin
Primary Examiner(s)
POLTORAK, PIOTR

Application Number

US12/134,692
Publication Number

US 20080307514A1
Time in Patent Office

1,250 Days
Field of Search

726 2- 4, 726 16- 17
US Class Current

726/2
CPC Class Codes

G06F 21/31 User authentication

G07C 9/27 with central registration

Authentication apparatus, authentication method, and computer program product

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication apparatus, authentication method, and computer program product

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links