Access control system, access control method, device, access control server, access-control-server registration server, data processing apparatus, and program storage medium
First Claim
1. An access control system for use in a data transfer system which transfers data by means of public-key cryptosystem based on a public key certificate issued to an authentication object by a public key issuer authority, the access control system comprising:
- a service provider which is an authentication object and which provides services;
a service receiving device which also is an authentication object and which receives services provided by the service provider; and
an access control server which issues to the service receiving device an access permission which identifies a service provider an access to which by the service receiving device is permitted;
wherein the service provider performs, based on the access permission, a decision as to whether an access request by the service receiving device is to be permitted.
1 Assignment
0 Petitions
Accused Products
Abstract
An access control system, which eliminates the necessity for access controls to be performed by individual service providers, has an access control server which is used commonly by a plurality of service providers and devices. The access control server issues access permissions in accordance with predetermined format and procedure. Access control is executed in accordance with the access permission, so that each service provider and each device can easily execute the access control without building up their own access control procedures. A user device which receives the services from various service providers is not required to execute different access control sequences for different service providers, and can execute the access control in accordance with a predetermined sequence. Thus, the user device need not store and administrate different format data and access programs for different service providers.
57 Citations
42 Claims
-
1. An access control system for use in a data transfer system which transfers data by means of public-key cryptosystem based on a public key certificate issued to an authentication object by a public key issuer authority, the access control system comprising:
-
a service provider which is an authentication object and which provides services;
a service receiving device which also is an authentication object and which receives services provided by the service provider; and
an access control server which issues to the service receiving device an access permission which identifies a service provider an access to which by the service receiving device is permitted;
wherein the service provider performs, based on the access permission, a decision as to whether an access request by the service receiving device is to be permitted. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An access control method for use in a data transfer system which transfers data by means of public-key cryptosystem based on a public key certificate issued to an authentication object by a public key issuer authority, the access control method comprising the steps of:
-
receiving, at a service provider, an access permission from a service receiving device, the access permission having been issued by a service control server; and
executing, based on the access permission, a determination as to whether access requested by the service receiving device is to be permitted. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A device having a data processing function, comprising:
-
communication processing means for executing data transfer processing;
cryptographic processing means for executing cryptographic processing on data; and
data storage means;
wherein the data storage means stores an access permission containing service provider identification data which identifies the service provider an access to which by a device ha been permitted;
the cryptographic processing means executes an electronic signature on the access permission; and
a processing for sending the access permission with the electronic signature is executed via the communication processing means. - View Dependent Claims (27, 28, 29)
-
-
30. An access control server which executes a processing for issuing an access permission which indicates that a device is permitted to access a service provider, the access control server comprising:
-
communication processing means for executing data transfer processing; and
cryptographic processing means for executing cryptographic processing of data;
wherein the access control server is configured to execute;
a processing for receiving, through a service provider, an access permission issuance request given by a device which requests an access to the service provider;
and a processing for issuing an access permission which contains, at least, data concerning whether the device is permitted to access the service provider and an electronic signature executed by the access control server. - View Dependent Claims (31, 32, 33, 34)
-
-
35. An access-control-server registration server which executes a processing for sending a request to an access control server requesting issuance of an access permission, the access control server being responsible for executing a processing for issuing an access permission indicating that a device is permitted to access a service provider, comprising:
-
communication processing means for executing data transfer processing; and
cryptographic processing means for executing cryptographic processing of data;
wherein the access-control-server registration server receives, through a service provider, an access permission issuance request given by a device which requests an access to the service provider;
and wherein the access-control-server registration server further executes, upon receipt of the access permission issuance request, a processing for executing an electronic signature and then executes a processing for requesting the access control server to issue the access permission. - View Dependent Claims (36, 37)
-
-
38. A data processing apparatus serving as a service provider which accepts accesses from a plurality of devices and which provides services in response to the accesses, the data processing apparatus comprising:
-
communication processing means for executing a data transfer processing; and
cryptographic processing means for executing a cryptographic processing on data;
wherein the data processing apparatus is configured to execute;
a processing for receiving, from the device, an access permission accommodating a service provider identification data that identifies the service provider to which the device has been permitted to make an access; and
a processing for determining, based on the data contained in the received access permission, whether the device is to be permitted to make an access. - View Dependent Claims (39, 40, 41)
-
-
42. A program storage medium which provides a computer program that runs on a computer system to implement an access control processing in a data transfer system which transfers data by means of public-key cryptosystem based on a public key certificate issued to an authentication object by a public key issuer authority, the computer program comprising the steps of:
-
receiving, at a service provider, an access permission from a service receiving device, the access permission having been issued by a service control server; and
executing, based on the access permission, a determination as to whether access requested by the service receiving device is to be permitted.
-
Specification