Access control system, access control method, electronic device and control program

US 8,434,127 B2
Filed: 02/08/2008
Issued: 04/30/2013
Est. Priority Date: 02/08/2007
Status: Active Grant

First Claim

Patent Images

1. An access control system, comprising:

an electronic device; and

an access control unit which controls an access between devices mounted on said electronic device;

wherein said access control unit which applies unique secret information set for each said device as a right to access said device on a basis of each task operable on said electronic device and determines whether to allow an access to said device or not according to whether an access requesting task which requests an access to said device has secret information of said device,wherein said access control unithas an access control table in which existence/non-existence of said secret information of said device is set on a basis of said each task, anddetermines whether to allow an access to said device based on said access control table,wherein said access control table includesan access right setting table indicative of allowance/non-allowance of an access to said device, anda change authorization table indicative of allowance/non-allowance of setting change of said access right setting table according to said secret information, and said access control unithas an access right setting table changing unit configured to set, based on an access right setting request from a device having said access requesting task to which said secret information is applied and said change authorization table, a right to access an access target device to be accessed at a task corresponding to the access right setting request to change said access right setting table, andallows a device at which an access right is set to make an access based on said access right setting table as of after change,wherein said access control unit further comprises;

a pseudo secret information generating unit configured to generate, by using random numbers, pseudo secret information from said secret information applied to said access requesting task,a change authorization table changing unit configured to change, in said change authorization table, said secret information of said access target device corresponding to said secret information into said pseudo secret information generated, anda pseudo secret information notifying unit configured to notify said access requesting task of said pseudo secret information generated,wherein said access control unit uses said pseudo secret information in place of said secret information.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is the access control system for controlling an access on a task basis without modifying a device side to be accessed and without applying a task ID at each access to a device.

The access filter system for controlling an access between devices mounted on an electronic device, which comprises the access control unit for applying a unique device key set for each device as a right to access the device on a basis of a task operable on the electronic device and determining whether to allow an access to the device according to whether an access request task which requests an access to the device has the device key.

Citations

38 Claims

1. An access control system, comprising:
- an electronic device; and
  
  an access control unit which controls an access between devices mounted on said electronic device;
  
  wherein said access control unit which applies unique secret information set for each said device as a right to access said device on a basis of each task operable on said electronic device and determines whether to allow an access to said device or not according to whether an access requesting task which requests an access to said device has secret information of said device,wherein said access control unithas an access control table in which existence/non-existence of said secret information of said device is set on a basis of said each task, anddetermines whether to allow an access to said device based on said access control table,wherein said access control table includesan access right setting table indicative of allowance/non-allowance of an access to said device, anda change authorization table indicative of allowance/non-allowance of setting change of said access right setting table according to said secret information, and said access control unithas an access right setting table changing unit configured to set, based on an access right setting request from a device having said access requesting task to which said secret information is applied and said change authorization table, a right to access an access target device to be accessed at a task corresponding to the access right setting request to change said access right setting table, andallows a device at which an access right is set to make an access based on said access right setting table as of after change,wherein said access control unit further comprises;
  
  a pseudo secret information generating unit configured to generate, by using random numbers, pseudo secret information from said secret information applied to said access requesting task,a change authorization table changing unit configured to change, in said change authorization table, said secret information of said access target device corresponding to said secret information into said pseudo secret information generated, anda pseudo secret information notifying unit configured to notify said access requesting task of said pseudo secret information generated,wherein said access control unit uses said pseudo secret information in place of said secret information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The access control system according to claim 1, wherein said access right setting table changing unit, when said access requesting task to which said secret information is applied requests setting of an access right to other task, enables both said tasks to share an access right by applying said secret information to other task in question.
  - 3. The access control system according to claim 2, wherein said access right setting table changing unit detects switching of a task and sets a device having a task as of before switching to be inhibited from accessing every device.
  - 4. The access control system according to claim 1, wherein said access right setting table changing unit:
    - has an access right setting information preserving unit configured to temporarily preserve setting information of an access right on said access right setting table which information is set at said access target device corresponding to said secret information applied to said access requesting task, andafter the completion of predetermined processing by a task in a device at which a right to access the access target device is newly set by said access right setting table changing unit, re-sets said access right setting information preserved at the access target device.
  - 5. The access control system according to claim 1, wherein based on an access right setting request from said access requesting task to which said secret information is applied, said access right setting table changing unit newly sets an access right at a device which is incapable of autonomously obtaining an access right.
  - 6. The access control system according to claim 1, whereinsaid secret information includesfirst secret information indicative of setting information change authorization of an access right related to corresponding said access target device on said change authorization table, as well as being indicative of authorization to update said secret information into another new valid secret information, andsecond secret information indicative of setting information change authorization of an access right related to corresponding said access target device on said change authorization table, andsaid access requesting task to which said first secret information is applied or said access control unit notifies said second secret information to other task to which the access requesting task requests to set an access right.
  - 7. The access control system according to claim 1, wherein said access control unit allows a request for changing said access right setting table from a predetermined task without fail.
  - 8. The access control system according to claim 1, wherein said access control unit allows a request for accessing an access target device to be accessed from a predetermined task without fail.
  - 9. The access control system according to claim 8, wherein said access right setting table has a right to access said access target device set with respect to a predetermined task without fail.
  - 10. The access control system according to claim 7, wherein said predetermined task is a task determined based on a condition including at least one of processing load, stability and security level.
  - 11. The access control system according to claim 1, wherein said access control unit is formed of a hardware circuit.
  - 12. The access control system according to claim 1, wherein said access control unit is provided on a communication path between specific devices.

13. An access control method of controlling an access between devices mounted on an electronic device, comprising:
- an access control step of applying unique secret information set for each said device as a right to access said device on a basis of each a task operable on said electronic device and determining whether to allow an access to said device or not according to whether an access requesting task which requests an access to said device has secret information of said device,wherein at said access control step,whether to allow an access to said device is determined based on an access control table in which existence/non-existence of said secret information of said device is set on a basis of said each task,wherein said access control table includesan access right setting table indicative of allowance/non-allowance of an access to said device, anda change authorization table indicative of allowance/non-allowance of setting change of said access right setting table according to said secret information, andsaid access control step includesan access right setting table changing step of setting, based on an access right setting request from a device having said access requesting task to which said secret information is applied and said change authorization table, a right to access an access target device to be accessed at a task corresponding to the access right setting request to change said access right setting table, and whereinan access to a device at which an access right is set is allowed based onsaid access right setting table as of after change,wherein said access control step further comprises;
  
  a pseudo secret information generating step of generating, by using random numbers, pseudo secret information from said secret information applied to said access requesting task,a change authorization table changing step of changing, in said change authorization table, said secret information of said access target device corresponding to said secret information into said pseudo secret information generated, anda pseudo secret information notifying step of notifying said access requesting task of said pseudo secret information generated,wherein said pseudo secret information is used in place of said secret information.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The access control method according to claim 13, wherein at said access right setting table changing step, when said access requesting task to which said secret information is applied requests setting of an access right to other task, said secret information is applied to other task in question.
  - 15. The access control method according to claim 14, wherein at said access right setting table changing step, switching of a task is detected to set a device having a task as of before switching to be inhibited from accessing every device.
  - 16. The access control method according to claim 13, wherein said access right setting table changing step includesan access right setting information preserving step of temporarily preserving setting information of an access right on said access right setting table which information is set at said access target device corresponding to said secret information applied to said access requesting task, and whereinafter the completion of predetermined processing by a task in a device at which a right to access the access target device is newly set at said access right setting table changing step, said access right setting information preserved is reset at the access target device.
  - 17. The access control method according to claim 13, wherein at said access right setting table changing step, based on an access right setting request from said access requesting task to which said secret information is applied, an access right is newly set at a device which is incapable of autonomously obtaining an access right.
  - 18. The access control method according to claim 13, wherein said secret information includes:
    - first secret information indicative of setting information change authorization of an access right related to corresponding said access target device on said change authorization table, as well as being indicative of authorization to update said secret information into another new valid secret information, andsecond secret information indicative of setting information change authorization of an access right related to corresponding said access target device on said change authorization table, andwherein at said access control step, said second secret information is notified to other task to which said access requesting task to which said first secret information is applied requests to set an access right.
  - 19. The access control method according to claim 13, wherein at said access control step, a request for changing said access right setting table from a predetermined task is allowed without fail.
  - 20. The access control method according to claim 13, wherein at said access control step, a request for accessing an access target device to be accessed from a predetermined task is allowed without fail.

21. An electronic device, comprising:
- an access control unit configured to control an access between devices,wherein said access control unit applies unique secret information set for each said device as a right to access said device on a basis of each task operable on said electronic device and determines whether to allow an access to said device or not according to whether an access requesting task which requests an access to said device has secret information of said device,wherein said access control unit has an access control table in which existence/non-existence of said secret information of said device is set on a basis of said each task, anddetermines whether to allow an access to said device based on said access control table,wherein said access control table includes an access right setting table indicative of allowance/non-allowance of an access to said device, anda change authorization table indicative of allowance/non-allowance of setting change of said access right setting table according to said secret information, andsaid access control unit comprises an access right setting table changing unit which sets, based on an access right setting request from a device having said access requesting task to which said secret information is applied and said change authorization table, a right to access an access target device to be accessed at a task corresponding to the access right setting request to change said access right setting table, andallows a device at which an access right is set to make an access based on said access right setting table as of after change,wherein said access control unit further comprises;
  
  a pseudo secret information generating unit configured to generate, by using random numbers, pseudo secret information from said secret information applied to said access requesting task,a change authorization table changing unit configured to change, in said change authorization table, said secret information of said access target device corresponding to said secret information into said pseudo secret information generated, anda pseudo secret information notifying unit configured to notify said access requesting task of said pseudo secret information generated,wherein said access control unit uses said pseudo secret information in place of said secret information.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The electronic device according to claim 21, wherein said access right setting table changing unit, when said access requesting task to which said secret information is applied requests setting of an access right to other task, enables both said tasks to share an access right by applying said secret information to other task in question.
  - 23. The electronic device according to claim 22, wherein said access right setting table changing unit detects switching of a task and sets a device having a task as of before switching to be inhibited from accessing every device.
  - 24. The electronic device according to claim 21, wherein said access right setting table changing unit:
    - has an access right setting information preserving unit configured to temporarily preserve setting information of an access right on said access right setting table which information is set at said access target device corresponding to said secret information applied to said access requesting task, andafter the completion of predetermined processing by a task in a device at which a right to access the access target device is newly set by said access right setting table changing unit, re-sets said access right setting information preserved at the access target device.
  - 25. The electronic device according to claim 21, wherein based on an access right setting request from said access requesting task to which said secret information is applied, said access right setting table changing unit newly sets an access right at a device which is incapable of autonomously obtaining an access right.
  - 26. The electronic device according to claim 21, wherein said secret information includes:
    - first secret information indicative of setting information change authorization of an access right related to corresponding said access target device on said change authorization table, as well as being indicative of authorization to update said secret information into another new valid secret information, andsecond secret information indicative of setting information change authorization of an access right related to corresponding said access target device on said change authorization table, andwherein said access requesting task to which said first secret information is applied or said access control unit notifies said second secret information to other task to which the access requesting task requests to set an access right.
  - 27. The electronic device according to claim 21, wherein said access control unit allows a request for changing said access right setting table from a predetermined task without fail.
  - 28. The electronic device according to claim 21, wherein said access control unit allows a request for accessing an access target device to be accessed from a predetermined task without fail.
  - 29. The electronic device according to claim 28, wherein said access right setting table has a right to access said access target device set with respect to a predetermined task without fail.
  - 30. The electronic device according to claim 27, wherein said predetermined task is a task determined based on a condition including at least one of processing load, stability and security level.
  - 31. The electronic device according to claim 21, wherein said access control unit is formed of a hardware circuit.
  - 32. The electronic device according to claim 21, wherein said access control unit is provided on a communication path between specific devices.

33. A non-transitory computer readable medium storing a control program for execution on a computer to control an access between devices mounted on an electronic device,wherein said control program causes said computer to execute an access control processing of applying unique secret information set for each said device as a right to access said device on a basis of a task operable on said electronic device anddetermining whether to allow an access to said device or not according to whether an access requesting task which requests an access to said device has secret information of said device,wherein said access control table in which existence/non-existence of said secret information of said device is set on a basis of each said task includesan access right setting table indicative of allowance/non-allowance of an access to said device, anda change authorization table indicative of allowance/non-allowance of setting change of said access right setting table according to said secret information, andsaid access control processing includesan access right setting table changing processing of setting, based on an access right setting request from a device having said access requesting task to which said secret information is applied and said change authorization table, a right to access an access target device to be accessed at a task corresponding to the access right setting request to change said access right setting table, andwherein an access to a device at which an access right is set is allowed based on said access right setting table as of after change,wherein said access control step further comprises:
- a pseudo secret information generating step of generating, by using random numbers, pseudo secret information from said secret information applied to said access requesting task,a change authorization table changing step of changing, in said change authorization table, said secret information of said access target device corresponding to said secret information into said pseudo secret information generated, anda pseudo secret information notifying step of notifying said access requesting task of said pseudo secret information generated,wherein said pseudo secret information is used in place of said secret information.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The non-transitory computer readable medium according to claim 33, wherein in said access right setting table changing processing, when said access requesting task to which said secret information is applied requests setting of an access right to other task, said secret information is applied to other task in question.
  - 35. The non-transitory computer readable medium according to claim 34, wherein at said access right setting table changing step, switching of a task is detected to set a device having a task as of before switching to be inhibited from accessing every device.
  - 36. The non-transitory computer readable medium according to claim 33, wherein said access right setting table changing step includes an access right setting information preserving step of temporarily preserving setting information of an access right on said access right setting table which information is set at said access target device corresponding to said secret information applied to said access requesting task, andwherein after the completion of predetermined processing by a task in a device at which a right to access the access target device is newly set at said access right setting table changing step, said access right setting information preserved is reset at the access target device.
  - 37. The non-transitory computer readable medium according to claim 33, wherein at said access control step, a request for changing said access right setting table from a predetermined task is allowed without fail.
  - 38. The non-transitory computer readable medium according to claim 33, wherein at said access control step, a request for accessing an access target device to be accessed from a predetermined task is allowed without fail.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cloud BYTE LLC
Original Assignee
NEC Corporation
Inventors
Sakai, Junji
Primary Examiner(s)
Mehedi, Morshed

Application Number

US12/448,729
Publication Number

US 20090300713A1
Time in Patent Office

1,908 Days
Field of Search

726 1- 2, 726/29
US Class Current

726/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 9/468 Specific access rights for ...

Access control system, access control method, electronic device and control program

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Access control system, access control method, electronic device and control program

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links