JPH07244639A - Access right management device - Google Patents
Access right management deviceInfo
- Publication number
- JPH07244639A JPH07244639A JP6032713A JP3271394A JPH07244639A JP H07244639 A JPH07244639 A JP H07244639A JP 6032713 A JP6032713 A JP 6032713A JP 3271394 A JP3271394 A JP 3271394A JP H07244639 A JPH07244639 A JP H07244639A
- Authority
- JP
- Japan
- Prior art keywords
- access right
- user
- service
- access
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000012797 qualification Methods 0.000 claims abstract description 35
- 238000012545 processing Methods 0.000 claims description 9
- 230000008859 change Effects 0.000 abstract description 13
- 238000000034 method Methods 0.000 abstract description 12
- 230000008569 process Effects 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000004913 activation Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
Abstract
Description
【0001】[0001]
【産業上の利用分野】本発明は多数の利用者を対象に複
数の情報処理サービスを提供する情報システムに関す
る。特にその処理要求の妥当性を管理するアクセス権管
理装置に関する。BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an information system for providing a plurality of information processing services to a large number of users. In particular, it relates to an access right management device that manages the validity of the processing request.
【0002】多数の利用者を対象に複数の情報処理サー
ビスを提供する情報システムにおいては、サービスに対
する要求(アクセスの種類・アクセス権)の管理・規制
を行なっている。運用中に、利用者のアクセス権の変更
・追加、特に一時的な変更や、サービスの追加・変更、
特に一時的変更・試験的提供等の処理を行なうことが必
要であり、それをシステムの安全性を損なわずに、かつ
利用者の不便をきたさないように行なうことが要求され
ている。[0002] In an information system that provides a plurality of information processing services to a large number of users, requests (access types / access rights) for services are managed and regulated. During operation, change / addition of user's access right, especially temporary change, addition / change of service,
In particular, it is necessary to perform processing such as temporary change and trial provision, and it is required to do so without impairing system safety and inconvenience to users.
【0003】[0003]
【従来の技術】サービスには、例えば、電子伝票、会議
室予約、旅費精算等の全員がアクセスできるものや、人
事情報・評価のように特定の資格者のみアクセスできる
ものがある。2. Description of the Related Art Services include, for example, electronic slips, conference room reservations, travel expense adjustments, and other services that can be accessed by all, and personnel information / evaluation that can be accessed by only specific qualified personnel.
【0004】サービスに対する要求の管理・規制の方法
として、利用者個々に対して利用できるサービスとその
処理内容(参照・更新等)や期間等を定義しておく方法
が考えられるが、管理情報の量が膨大になるので、利用
者の資格によるグループ設定を行い、このグループに対
してアクセス権の内容を設定するやり方がある。グルー
プはサービス毎に設定することができ、さらに、一般利
用者、管理職、サービスの管理者あるいは処理の開発者
等により分けることができる。As a method of managing and regulating requests for services, it is conceivable to define a service that can be used for each user and its processing contents (reference, update, etc.) and period. Since the amount is huge, there is a method of setting the group according to the user's qualification and setting the content of the access right for this group. The group can be set for each service, and can be further divided into general users, managers, service managers, process developers, and the like.
【0005】予算申請を受け付けて登録するサービスの
ように、ある期間を設け、申請期限を過ぎてからの新規
申請や申請データの修正は特定者以外には禁止する場
合、従来の技術でも利用者の属するグループによるアク
セス権の管理は実現可能である。ところで、そのサービ
スの管理者が、申請データを処理(例えば集計)する際
に、申請データに誤りを発見し、その申請を行なった利
用者に再申請を指示する必要がある場合を考える。この
とき、申請期限は過ぎているので、他の利用者に対して
は受け付けないようにする必要がある。従来の技術で
は、このような場合、その特定の利用者をその属するグ
ループから一時的に外し、別のグループに(申請可能な
グループ)に入れることになるが、特定の利用者は一時
的に元のグループから外されるため、そのグループに許
されていた他のサービスへのアクセスが制限されたり、
逆に、本来制限されるはずのアクセスができてしまった
りする可能性ができる。When a certain period is set like a service for receiving and registering a budget application, and a new application or modification of application data after the application deadline is prohibited to anyone other than a specific person, the user can use the conventional technology. It is feasible to manage the access right by the group to which By the way, consider a case where an administrator of the service needs to find an error in the application data and process the application again when processing (eg, totaling) the application data. At this time, the application deadline has expired, so it is necessary to prevent other users from accepting it. In the conventional technique, in such a case, the specific user is temporarily removed from the group to which the specific user belongs, and is put in another group (applicable group), but the specific user is temporarily deleted. Because it is removed from the original group, access to other services permitted to that group is restricted,
On the contrary, there is a possibility that the access that should have been restricted can be made.
【0006】[0006]
【発明が解決しようとする課題】従って、このような副
作用を起こさないようにするには、この処理はかなり面
倒な管理を必要とするものとなる。すなわち、関連する
アクセス権情報を矛盾のないようにすべて修正し、さら
に一時的な処置が済んだ時点で早急にもとに戻す必要が
ある。Therefore, in order to prevent such side effects from occurring, this process requires considerably troublesome management. That is, it is necessary to correct all the related access right information so as to be consistent, and to return it to the original as soon as a temporary measure is completed.
【0007】本発明は、個々のアクセス権情報に優先度
表示を付けて複数のアクセス権情報を同時に存在させ、
優先度の高い情報によって実際のアクセス権を決定する
ことにより、一時的な変更を含めてアクセス権の変更を
柔軟にでき、かつ管理が容易なアクセス権管理装置を実
現することを目的としている。According to the present invention, priority information is added to each access right information so that a plurality of access right information are present at the same time.
By deciding the actual access right based on the high priority information, it is an object of the present invention to realize an access right management device which can flexibly change the access right including temporary changes and is easy to manage.
【0008】[0008]
【課題を解決するための手段】図1は本発明の原理構成
図である。複数の利用者に対し複数の処理サービスを提
供する情報システムにおける利用者のサービスへのアク
セス権を管理する装置であって、第1の発明は、利用者
資格ファイル41と、アクセス権ファイル42と、要求受付
手段1と、アクセス権決定手段2と、アクセス権保持手
段3と、サービス起動手段5とを有する。FIG. 1 is a block diagram showing the principle of the present invention. A device for managing access right to a user's service in an information system that provides a plurality of processing services to a plurality of users, and a first invention is a user qualification file 41 and an access right file 42. It has a request receiving means 1, an access right determining means 2, an access right holding means 3, and a service starting means 5.
【0009】利用者資格ファイル41は、利用者IDと、
その利用者のサービスへのアクセスに関する資格を表す
資格IDとを項目とするレコードを保持する。アクセス
権ファイル42は、サービスIDと、資格IDまたは利用
者IDと、アクセスの種類とその可否と、そのレコード
の優先度とを項目とするレコードを保持する。The user qualification file 41 includes a user ID and
It holds a record having a qualification ID representing the qualification for access to the service of the user. The access right file 42 holds a record in which the service ID, the qualification ID or the user ID, the type of access, its availability, and the priority of the record are items.
【0010】要求受付手段1は、利用者からの要求を受
付けて、接続要求をアクセス権決定手段2へ、サービス
要求をサービス起動手段5へ伝える。アクセス権決定手
段2は、利用者からの接続要求があると、利用者IDを
キーとして利用者資格ファイル41を検索してその利用者
IDの存在の確認と、対応する資格IDの取り出しとを
行い、資格IDおよび利用者IDをキーとしてアクセス
権ファイル42を検索して、同一のサービスについて複数
のレコードがある場合には、優先度の高いレコードのア
クセス権の指定により最終的なアクセスの可否を決定し
て、利用者IDごとに、サービスIDとアクセスの可否
とをアクセス権保持テーブルとしてアクセス権保持手段
3に保持する。The request accepting means 1 accepts a request from a user and sends a connection request to the access right determining means 2 and a service request to the service starting means 5. Upon receiving a connection request from the user, the access right determination means 2 searches the user qualification file 41 using the user ID as a key, confirms the existence of the user ID, and extracts the corresponding qualification ID. Then, the access right file 42 is searched by using the qualification ID and the user ID as keys, and when there are a plurality of records for the same service, the access right of the record with a high priority is designated to determine whether the final access is possible. Then, the service ID and access permission / prohibition are held in the access right holding means 3 as an access right holding table for each user ID.
【0011】サービス起動手段5は、受け付けた利用者
からのサービスへのアクセス要求があると、利用者ID
とサービスIDとアクセス種類とを受け取り、その内容
が、アクセス権保持テーブルの内容に合致する場合に指
定されたサービス提供手段を起動し、合致しなければ拒
絶する。When there is a request for access to the service from the accepted user, the service starting means 5 uses the user ID.
And the service ID and the access type are received, and if the contents match the contents of the access right holding table, the designated service providing means is activated, and if they do not match, the service is rejected.
【0012】第2の発明は、アクセス権ファイル42は、
サービスIDと、資格IDまたは利用者IDと、アクセ
スの種類とその可否と、そのレコードの優先度と、その
レコードの有効期間とを項目とするレコードを保持す
る。そして、アクセス権決定手段2は、アクセス権ファ
イル42のレコードにより最終的なアクセスの可否を決定
する場合に、有効期間外のレコードは無視する。In the second invention, the access right file 42 is
A record having the service ID, the qualification ID or the user ID, the type of access and its availability, the priority of the record, and the valid period of the record is held. Then, the access right deciding means 2 ignores the records outside the valid period when deciding the final access permission by the record of the access right file 42.
【0013】第3の発明は、管理者情報ファイル43とア
クセス権変更手段6とを設け、管理者情報ファイル43
は、アクセス権ファイル42の更新を行なう権限をもつ利
用者の利用者IDとサービスIDと優先度範囲とを項目
とするレコードを保持する。A third aspect of the present invention is provided with an administrator information file 43 and access right changing means 6, and the administrator information file 43 is provided.
Holds a record having a user ID, a service ID, and a priority range of a user who is authorized to update the access right file 42 as items.
【0014】アクセス権変更手段6は、要求受付手段1
からアクセス権ファイル42の内容の変更要求を受ける
と、管理者情報ファイル43を検索し、その利用者が設定
可能なサービスと優先度範囲をチェックし、それを許可
するか否かを決定する。The access right changing means 6 is a request receiving means 1
When a request for changing the contents of the access right file 42 is received from, the administrator information file 43 is searched, the service that the user can set and the priority range are checked, and it is determined whether to permit it.
【0015】[0015]
【作用】利用者が情報システムにログインしてきたと
き、要求受付手段1は接続要求として利用者ID(例え
ばU1)をアクセス権決定手段に渡す。アクセス権決定
手段2は、利用者IDをキーとして利用者資格ファイル
41を検索し、資格IDを得る。さらに、資格IDと、利
用者IDとをキーとしてアクセス権ファイル42を検索し
て、どちらかを含むレコードを抽出する。ここで、もし
同一サービスに対するレコードが複数ある場合は、優先
度の値が一番大きなレコードのアクセス可否項目をアク
セス権として採用する。このようにしてサービスIDと
アクセス権とを対応させたアクセス権保持テーブルを生
成してアクセス権保持手段3に保持する。この対応テー
ブルは利用者IDごとに区別しておく。利用者がログア
ウトした場合は、その利用者IDのアクセス権保持テー
ブルは削除することになる。When the user logs in to the information system, the request receiving means 1 passes the user ID (for example, U1) as a connection request to the access right determining means. The access right deciding means 2 uses the user ID as a key for the user qualification file.
Search for 41 and get the qualification ID. Further, the access right file 42 is searched using the qualification ID and the user ID as a key, and a record including either one is extracted. If there are a plurality of records for the same service, the access permission item of the record with the highest priority value is adopted as the access right. In this way, the access right holding table that associates the service ID with the access right is generated and held in the access right holding means 3. This correspondence table is distinguished for each user ID. When the user logs out, the access right holding table for that user ID is deleted.
【0016】利用者からのサービスS1へのアクセス要
求を受けて、要求受付手段1は利用者IDとサービスI
Dとをサービス起動手段5へ渡す。サービス起動手段5
は、アクセス権保持手段に保持されたアクセス権保持テ
ーブルを参照してアクセス可能と判断したらサービス提
供手段の所定のサービスを起動する。Upon receiving an access request to the service S1 from the user, the request receiving means 1 receives the user ID and the service I.
And D are passed to the service starting means 5. Service starting means 5
Refers to the access right holding table held in the access right holding means, and when it determines that the access is possible, starts a predetermined service of the service providing means.
【0017】このように構成することにより、アクセス
権ファイルには、同じサービスに対する同じ利用者の異
なるアクセス権を指定したレコードが複数存在すること
になるが、どちらの指定を採るかが優先度によって決定
され一意に定まる。従って、部分的に、または一時的に
アクセス権を変更する場合に、変更したい内容にした
(優先度の値は大きい)レコードを追加することができ
る。もとにもどす場合にはそれを削除するだけでよい。With this configuration, the access right file has a plurality of records in which different access rights of the same user to the same service are specified. Which specification is selected depends on the priority. Determined and uniquely determined. Therefore, when the access right is changed partially or temporarily, it is possible to add a record having the content to be changed (the priority value is large). To restore it, just delete it.
【0018】第2の発明では、アクセス権を指定したレ
コードの有効期間を項目の1つにして指定してあるの
で、その期間外であれば、そのレコードは無いのと同じ
であり、前もって追加しておいたり、削除を延ばしたり
しても問題がなく、アクセス権管理が容易になる。In the second aspect of the invention, since the validity period of the record for which the access right is designated is designated as one of the items, it is the same as the absence of the record outside the period, and it is added in advance. There is no problem even if you keep it or delay deletion, and access right management becomes easy.
【0019】第3の発明では、アクセス権ファイル42の
内容更新を要求された場合には、更新要求者の利用者I
Dをキーとして管理者情報43を検索し、該当する項目が
存在しなければ、更新要求を拒絶し、存在するならば変
更対象のサービスIDと設定可能な優先度の範囲を限度
としてアクセス権の更新を許可する。従って、アクセス
権の変更を適正に行なうことができる。In the third aspect of the invention, when the content update of the access right file 42 is requested, the user I of the update requester is requested.
The administrator information 43 is searched using D as a key, and if the corresponding item does not exist, the update request is rejected, and if it exists, the service ID of the change target and the range of priority that can be set Allow updates. Therefore, the access right can be changed appropriately.
【0020】[0020]
【実施例】以下、図面を参照して本発明の実施例を説明
する。図2は本発明の一実施例の構成図である。図1と
同一の機能のものは、同一の符号を付して示す。Embodiments of the present invention will be described below with reference to the drawings. FIG. 2 is a block diagram of an embodiment of the present invention. The same functions as those in FIG. 1 are designated by the same reference numerals.
【0021】図2において、利用者用の端末装置91は回
線90を通じて情報システム92に接続されている。情報シ
ステム92は、メモリ81、プロセサ82、ファイル装置83、
通信制御装置84よりなる。メモリ81には、全体を制御す
るオペレーティングシステム70と、利用者から要求され
たサービスを実行するサービスプログラム7と、図1の
原理構成図に示したアクセス権管理のための手段を実現
したプログラムとがある。アクセス権管理のための手段
を実現したプログラムは、端末装置91から入力されたコ
マンドを受け付けたり、サービスの実行結果を端末装置
91に表示する制御を行なう要求受付部1と、利用者毎の
アクセス権を決定するアクセス権決定部2と、アクセス
権のチェックを行なってサービスプログラムを起動する
サービス起動部5と、アクセス権を変更するためのアク
セス権変更部6とよりなる。In FIG. 2, a user terminal device 91 is connected to an information system 92 through a line 90. The information system 92 includes a memory 81, a processor 82, a file device 83,
The communication control device 84 is included. In the memory 81, an operating system 70 that controls the whole, a service program 7 that executes a service requested by a user, and a program that realizes the means for access right management shown in the principle configuration diagram of FIG. There is. The program that realizes the means for managing the access right accepts a command input from the terminal device 91 and outputs the execution result of the service to the terminal device.
The request receiving unit 1 for performing control displayed on 91, the access right determining unit 2 for determining the access right for each user, the service starting unit 5 for checking the access right and starting the service program, and the access right It comprises an access right changing unit 6 for changing.
【0022】利用者の情報を格納した利用者資格ファイ
ル41と、各サービスのアクセス権情報を格納したアクセ
ス権ファイル42と、アクセス権情報を管理する管理者の
情報を格納した管理者情報ファイル43とはファイル装置
83に保持され、利用者毎のアクセス権の内容を保持する
アクセス権保持部3はメモリ81またはファイル装置に保
持される。これらのファイルやテーブルの操作、端末装
置91とのやり取り等はオペレーティングシステム70を通
して行なうが、自明のこととして以下の説明では省略す
る。A user qualification file 41 storing user information, an access right file 42 storing access right information of each service, and an administrator information file 43 storing information of an administrator who manages the access right information. Is a file device
The access right holding unit 3 held in 83 and holding the contents of the access right for each user is held in the memory 81 or the file device. Operations of these files and tables, exchanges with the terminal device 91, and the like are performed through the operating system 70, but it is self-evident and omitted in the following description.
【0023】図3は本実施例のファイル構成図である。
図3(1)は利用者資格ファイル41の構成を示す。各利
用者には、利用者ID、パスワード、所属グループが定
義してある。FIG. 3 is a file configuration diagram of this embodiment.
FIG. 3A shows the structure of the user qualification file 41. A user ID, a password, and a belonging group are defined for each user.
【0024】図3(2)は、アクセス権ファイル42の構
成を示す。アクセス権情報はそれぞれ、対象となるサー
ビス、グループ、処理(参照、更新毎の可否)、期間、
優先度の各項目で構成されている。項目の値が‘ ALL '
の場合は、その項目についてはすべてが対象となること
を示す。また、グループの項目には、グループID(資
格ID)の他に、利用者IDを設定することもできる。
期間の項目は、そのアクセス権情報レコードが適用され
る期間を示している。優先度の項目は、同一サービス、
同一利用者に対してレコードが複数あるとき数値が大き
いレコードが優先して使用されることを示す。FIG. 3B shows the structure of the access right file 42. The access right information includes the target service, group, process (reference and availability for each update), period,
It consists of priority items. Item value is 'ALL'
In the case of, it means that all items are targeted. In addition to the group ID (qualification ID), a user ID can be set in the group item.
The period item indicates the period to which the access right information record is applied. The items of priority are the same service,
When there are multiple records for the same user, it indicates that the record with the larger numerical value is used with priority.
【0025】図3(3)は、管理者情報ファイル43の構
成を示す。管理者情報ファイル43は、管理対象となるサ
ービスのIDと、管理者の利用者IDと設定可能な優先
度の範囲を示す値が定義してある。FIG. 3C shows the structure of the administrator information file 43. The administrator information file 43 defines an ID of a service to be managed, a user ID of the administrator, and a value indicating a settable priority range.
【0026】情報システムのサービスの例として、本実
施例では電子伝票S1、会議室予約S2、旅費精算S3
等が提供されている。上記サービスを提供するため、サ
ービスプログラム7は、各サービスを実現するプログラ
ムモジュール(S1,S2,S3,・・・)から成り、
各サービスはサービス起動部5によって対応するプログ
ラムモジュールが起動されることによって行なわれる。As an example of the service of the information system, in this embodiment, the electronic slip S1, the conference room reservation S2, the travel expense settlement S3.
Etc. are provided. In order to provide the above services, the service program 7 is composed of program modules (S1, S2, S3, ...) Which realize each service,
Each service is performed by activating the corresponding program module by the service activation unit 5.
【0027】以下に、本実施例の動作について説明す
る。まず利用者(ID:U1)は、端末装置91を操作し
て、接続要求をする。具体的には、端末装置91から利用
者IDとパスワードを入力する。すると要求受付部1
は、入力された利用者のIDとパスワードの組を渡して
アクセス権決定部2を起動する。アクセス権決定部2は
利用者資格ファイル41から抽出した情報と照合して、も
し、照合の結果が一致すれば接続要求を受理し、そうで
なければ拒絶する。この段階はいわゆるログイン処理で
ある。接続要求が受理された利用者については、以下の
手順でアクセス権の調査が行なわれ、その結果がアクセ
ス権保持テーブルとしてアクセス権保持部3に書き込ま
れ、その利用者が情報システム92との接続を開放(ログ
アウト)するまで保持される。そして、利用者からのサ
ービスへのアクセス要求があるたびに、サービス起動部
5は、このアクセス権保持テーブルの内容をチェック
し、利用者が所望するサービスと処理に関するアクセス
権が‘可’であれば、対応するプログラムモジュールを
起動し、‘否’であれば利用できない旨のメッセージを
端末装置91に送る処理を行なう。The operation of this embodiment will be described below. First, the user (ID: U1) operates the terminal device 91 to make a connection request. Specifically, the user ID and password are input from the terminal device 91. Then the request reception unit 1
Activates the access right determination unit 2 by passing the input user ID and password set. The access right deciding unit 2 collates with the information extracted from the user qualification file 41, and if the collation results match, accepts the connection request, and otherwise rejects it. This stage is the so-called login process. For the user who has received the connection request, the access right is investigated by the following procedure, and the result is written in the access right holding unit 3 as the access right holding table, and the user is connected to the information system 92. Is held until is released (logout). Then, every time there is a request from the user to access the service, the service activation unit 5 checks the contents of this access right holding table, and if the access right regarding the service and processing desired by the user is'OK '. For example, the corresponding program module is started up, and if the result is'No ', a process of sending a message indicating that it cannot be used to the terminal device 91 is performed.
【0028】アクセス権保持部3への利用者のアクセス
権の格納の手順を、図3、図4を参照しながら以下に説
明する。アクセス権決定部3は、要求受付部1からの要
求を受けてまず利用者資格ファイル41から利用者U1が
所属するグループ(資格ID)を抽出する(この例では
G1とG3に属している)。The procedure for storing the user's access right in the access right holding unit 3 will be described below with reference to FIGS. 3 and 4. Upon receiving the request from the request receiving unit 1, the access right determination unit 3 first extracts the group (qualification ID) to which the user U1 belongs from the user qualification file 41 (in this example, belongs to G1 and G3). .
【0029】次に、情報システムで提供されている各サ
ービスについて以下の処理を行なう。サービスS1に対
するアクセス権を求めるために、先ずアクセス権ファイ
ル42から、サービスの値が‘ ALL 'または‘S1’であ
り、かつグループの値が‘ ALL 'または利用者U1が所
属するグループ(G1,G3)または利用者のID(こ
の場合U1)と一致するレコードで、期間の指定があれ
ばその期間内であるものを抽出し、優先度の値が最大で
あるレコードの値を各処理(更新、参照)ごとに求め、
アクセス権保持部3に格納する。この操作をすべてのサ
ービスについて繰り返す。Next, the following processing is performed for each service provided by the information system. In order to obtain the access right to the service S1, first, from the access right file 42, the service value is "ALL" or "S1" and the group value is "ALL" or the group (G1, to which the user U1 belongs). G3) or the record that matches the user's ID (U1 in this case), if a period is specified, the record within that period is extracted, and the value of the record with the highest priority value is processed (updated). , Refer) for each
It is stored in the access right holding unit 3. Repeat this operation for all services.
【0030】図4(1)は、アクセス権ファイル42に、
図3(2)のa〜cのレコードが登録され有効である場
合(すなわちレコードdがない場合または指定期間外)
に、アクセス権保持部3に格納される利用者ID=U1
の利用者に関する情報すなわちアクセス権保持テーブル
の内容の例である。In FIG. 4A, the access right file 42 contains
When the records a to c in FIG. 3B are registered and valid (that is, when the record d does not exist or outside the specified period)
And the user ID stored in the access right holding unit 3 = U1
2 is an example of the information about the user, that is, the content of the access right holding table.
【0031】図4(2)は、アクセス権ファイル42に図
3(2)のa〜dのレコードが登録され有効である場合
(すなわちレコードdがあり指定期間内の場合)に、ア
クセス権保持部3に格納される利用者ID=U1の利用
者に関する情報すなわちアクセス権保持テーブルの内容
の例である。FIG. 4B shows that the access right is retained when the records a to d in FIG. 3B are registered in the access right file 42 and are valid (that is, when the record d exists and is within the specified period). It is an example of the information about the user of user ID = U1 stored in the unit 3, that is, the content of the access right holding table.
【0032】このアクセス権ファイルのレコードdは、
従来技術の項で述べた電子伝票の誤りを訂正するような
場合に、利用者U1のみ更新できるように一時的に追加
した項目であり、利用者U1が更新を完了したらこの項
目を削除することにより、本来のアクセス権設定状態に
戻すことができる。なお、削除しなくても指定期間外に
なれば自動的に無効になる。The record d of this access right file is
It is an item added temporarily so that only the user U1 can update it when correcting the error in the electronic slip described in the section of the prior art, and this item should be deleted when the user U1 completes the update. Thus, the original access right setting state can be restored. Even if you do not delete it, it will be automatically invalidated after the specified period.
【0033】なお、図3(2)のアクセス権ファイルの
内容を説明する。レコードaは、すべてのサービスをす
べての利用者に開放することを意味する。このレコード
だけであれば、なんの制約もなくアクセスできる。レコ
ードbが追加されると、サービスS1についてはグルー
プG1とG2に属する利用者にのみ更新アクセスが期間
を限って許されなくなる。レコードcが追加されると、
指定された期間の間は、それまで全員がアクセスできた
サービスS3がアクセスできなくなる。これは例えば、
サービスS3の内容の変更のため一時的にサービスを中
止する場合である。レコードdが追加された場合は、先
に説明した通りである。The contents of the access right file of FIG. 3B will be described. Record a means open all services to all users. You can access this record without any restrictions. When the record b is added, the update access for the service S1 is not permitted only for the users belonging to the groups G1 and G2 for a limited period. When record c is added,
During the designated period, the service S3 that has been accessible by all until then cannot be accessed. This is for example
This is a case where the service is temporarily stopped due to a change in the content of the service S3. When the record d is added, it is as described above.
【0034】一方、利用者が端末装置91からアクセス権
ファイル42の更新を要求した場合、要求受付部1はアク
セス権変更部6を起動する。アクセス権変更部6は、管
理者情報ファイル43に、更新を要求している利用者ID
と更新を要求しているサービスIDの組が登録されてい
れば、そこに登録されている優先度の範囲でそのサービ
スについてのアクセス権管理情報のレコードをアクセス
権ファイル42に追加・削除・更新を許可する。これによ
り、アクセス権の変更がみだりに行なわれたり、誤って
他のサービスに影響するようなことを防ぐことができ
る。On the other hand, when the user requests the update of the access right file 42 from the terminal device 91, the request receiving unit 1 activates the access right changing unit 6. The access right changing unit 6 has the user ID requesting the update in the administrator information file 43.
And a set of service IDs requested to be updated are registered, a record of access right management information about the service is added / deleted / updated to / from the access right file 42 within the priority range registered therein. Allow As a result, it is possible to prevent the access right from being changed unduly and from accidentally affecting other services.
【0035】[0035]
【発明の効果】以上説明したように、情報システムの運
用中にアクセス権の変更を柔軟にでき、かつ管理が容易
なアクセス権管理装置を実現することができる。システ
ムの安全性を損なわずに、かつ利用者の不便をきたさな
いように、利用者のアクセス権の変更・追加、特に一時
的な変更や、サービスの追加・変更、特に一時的変更・
試験的提供等の処理を行なうことができる。As described above, it is possible to realize an access right management device which can flexibly change the access right during the operation of the information system and is easy to manage. Change / addition of user's access right, especially temporary change, addition / change of service, especially temporary change / without compromising system security and inconvenience of user
Processing such as trial provision can be performed.
【図1】 本発明の原理構成図FIG. 1 is a block diagram of the principle of the present invention.
【図2】 本発明の実施例の構成図FIG. 2 is a configuration diagram of an embodiment of the present invention.
【図3】 実施例のファイル構成図FIG. 3 is a file configuration diagram of an embodiment
【図4】 アクセス権保持テーブルの内容の例[Fig. 4] Example of contents of access right holding table
1 要求受付手段(要求受付部) 2 アクセス権決定手段(アクセス権決定部) 3 アクセス権保持手段(アクセス権保持部) 41 利用者資格ファイル 42 アクセス権ファイル 43 管理者情報ファイル 5 サービス起動手段(サービス起動部) 6 アクセス権変更手段(アクセス権変更部) 7 サービス提供手段(サービスプログラム) 70 オペレーティングシステム 81 メモリ 82 プロセサ 83 ファイル装置 84 通信制御装置 90 ネットワーク 91 端末装置 92 情報システム 1 request receiving means (request receiving section) 2 access right determining means (access right determining section) 3 access right holding means (access right holding section) 41 user qualification file 42 access right file 43 administrator information file 5 service starting means ( Service starting part) 6 Access right changing means (access right changing part) 7 Service providing means (service program) 70 Operating system 81 Memory 82 Processor 83 File device 84 Communication control device 90 Network 91 Terminal device 92 Information system
Claims (3)
を提供する情報システムにおける利用者のサービスへの
アクセス権を管理する装置であって、 利用者資格ファイル(41)と、アクセス権ファイル(4
2)と、要求受付手段(1)と、アクセス権決定手段
(2)と、アクセス権保持手段(3)と、サービス起動
手段(5)とを有し、 利用者資格ファイル(41)は、利用者IDと、その利用
者のサービスへのアクセスに関する資格を表す資格ID
とを項目とするレコードを保持し、 アクセス権ファイル(42)は、サービスIDと、資格I
Dまたは利用者IDと、アクセスの種類とその可否と、
そのレコードの優先度とを項目とするレコードを保持
し、 要求受付手段(1)は、利用者からの要求を受付けて、
接続要求をアクセス権決定手段(2)へ、サービス要求
をサービス起動手段(5)へ伝え、 アクセス権決定手段(2)は、利用者からの接続要求が
あると、利用者IDをキーとして利用者資格ファイル
(41)を検索してその利用者IDの存在の確認と、対応
する資格IDの取り出しとを行い、資格IDおよび利用
者IDをキーとしてアクセス権ファイル(42)を検索し
て、同一のサービスについて複数のレコードがある場合
には、優先度の高いレコードのアクセス権の指定により
最終的なアクセスの可否を決定して、利用者IDごとに
サービスIDとアクセスの可否とをアクセス権保持手段
(3)に保持し、 サービス起動手段(5)は、受け付けた利用者からのサ
ービスへのアクセス要求があると、利用者IDとサービ
スIDとアクセス種類とを受け取り、その内容が、アク
セス権保持手段の内容に合致する場合に指定されたサー
ビス提供手段を起動し、合致しなければ拒絶するように
構成したアクセス権管理装置。1. An apparatus for managing access right to a user's service in an information system for providing a plurality of processing services to a plurality of users, comprising a user qualification file (41) and an access right file ( Four
2), request receiving means (1), access right determining means (2), access right holding means (3) and service starting means (5), and the user qualification file (41) is A user ID and a qualification ID that represents the qualification for that user's access to the service
A record having items and is stored, and the access right file (42) has a service ID and a qualification I.
D or user ID, type of access and its availability,
A record having the priority of the record as an item is held, and the request receiving means (1) receives a request from the user,
The connection request is transmitted to the access right determining means (2) and the service request is transmitted to the service starting means (5), and the access right determining means (2) uses the user ID as a key when there is a connection request from the user. The user qualification file (41) is searched to confirm the existence of the user ID and the corresponding qualification ID is retrieved, and the access right file (42) is searched using the qualification ID and the user ID as keys, If there are multiple records for the same service, the final access permission is determined by specifying the access right of the record with the highest priority, and the service ID and the access permission are determined for each user ID. The service holding means (3) holds it, and the service starting means (5) receives the access request for the service from the user, and the user ID, the service ID, and the access type. Receipt, its contents, and starts the service providing device specified if it meets the contents of the access right holding means, the access right management device configured to reject if met.
IDと、資格IDまたは利用者IDと、アクセスの種類
とその可否と、そのレコードの優先度と、そのレコード
の有効期間とを項目とするレコードを保持し、アクセス
権決定手段(2)は、アクセス権ファイル(42)のレコ
ードにより最終的なアクセスの可否を決定する場合に、
有効期間外のレコードは無視することを特徴とする請求
項1に記載のアクセス権管理装置。2. The access right file (42) includes a service ID, a qualification ID or a user ID, an access type and its availability, a priority of the record, and a validity period of the record. When the record is held and the access right decision means (2) decides the final access permission by the record of the access right file (42),
The access right management device according to claim 1, wherein records outside the valid period are ignored.
変更手段(6)とを設け、 管理者情報ファイル(43)には、アクセス権ファイル
(42)の更新を行なう権限をもつ利用者の利用者IDと
サービスIDと優先度範囲とを項目とするレコードを保
持し、 アクセス権変更手段(6)は、要求受付手段(1)から
アクセス権ファイル(42)の内容の変更要求を受ける
と、管理者情報ファイル(43)を検索し、その利用者が
設定可能なサービスと優先度範囲をチェックし、それを
許可するか否かを決定することを特徴とする請求項1ま
たは請求項2に記載のアクセス権管理装置。3. An administrator information file (43) and an access right changing means (6) are provided, and the administrator information file (43) includes a user who has the authority to update the access right file (42). When the access right changing unit (6) receives a request for changing the contents of the access right file (42) from the request receiving unit (1), it holds records having items of user ID, service ID, and priority range. The administrator information file (43) is searched, the service and priority range that the user can set are checked, and it is determined whether or not to permit it. Access right management device described in.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP6032713A JPH07244639A (en) | 1994-03-03 | 1994-03-03 | Access right management device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP6032713A JPH07244639A (en) | 1994-03-03 | 1994-03-03 | Access right management device |
Publications (1)
Publication Number | Publication Date |
---|---|
JPH07244639A true JPH07244639A (en) | 1995-09-19 |
Family
ID=12366485
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP6032713A Withdrawn JPH07244639A (en) | 1994-03-03 | 1994-03-03 | Access right management device |
Country Status (1)
Country | Link |
---|---|
JP (1) | JPH07244639A (en) |
Cited By (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1031639A (en) * | 1996-07-16 | 1998-02-03 | Nippon Telegr & Teleph Corp <Ntt> | Method and device for managing client state |
US6859533B1 (en) | 1999-04-06 | 2005-02-22 | Contentguard Holdings, Inc. | System and method for transferring the right to decode messages in a symmetric encoding scheme |
US6865551B1 (en) | 1994-11-23 | 2005-03-08 | Contentguard Holdings, Inc. | Removable content repositories |
US6876984B2 (en) | 2001-05-31 | 2005-04-05 | Contentguard Holdings, Inc. | Method and apparatus for establishing usage rights for digital content to be created in the future |
US6885748B1 (en) | 1999-10-23 | 2005-04-26 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6895392B2 (en) | 1994-11-23 | 2005-05-17 | Contentguard Holdings, Inc. | Usage rights grammar and digital works having usage rights created with the grammar |
US6895503B2 (en) | 2001-05-31 | 2005-05-17 | Contentguard Holdings, Inc. | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights |
US6912294B2 (en) | 2000-12-29 | 2005-06-28 | Contentguard Holdings, Inc. | Multi-stage watermarking process and system |
US6920436B2 (en) | 1994-11-23 | 2005-07-19 | Contentguard Holdings, Inc. | Digital work structure |
US6931545B1 (en) | 2000-08-28 | 2005-08-16 | Contentguard Holdings, Inc. | Systems and methods for integrity certification and verification of content consumption environments |
US6937726B1 (en) | 1999-04-06 | 2005-08-30 | Contentguard Holdings, Inc. | System and method for protecting data files by periodically refreshing a decryption key |
US6938021B2 (en) | 1997-11-06 | 2005-08-30 | Intertrust Technologies Corporation | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US6973445B2 (en) | 2001-05-31 | 2005-12-06 | Contentguard Holdings, Inc. | Demarcated digital content and method for creating and processing demarcated digital works |
US7028009B2 (en) | 2001-01-17 | 2006-04-11 | Contentguardiholdings, Inc. | Method and apparatus for distributing enforceable property rights |
US7031471B2 (en) | 1997-02-28 | 2006-04-18 | Contentguard Holdings, Inc. | System for controlling the distribution and use of rendered digital works through watermarking |
US7051212B2 (en) | 1995-02-13 | 2006-05-23 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7062500B1 (en) | 1997-02-25 | 2006-06-13 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
US7068787B1 (en) | 1998-10-23 | 2006-06-27 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US7069451B1 (en) | 1995-02-13 | 2006-06-27 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7073199B1 (en) | 2000-08-28 | 2006-07-04 | Contentguard Holdings, Inc. | Document distribution management method and apparatus using a standard rendering engine and a method and apparatus for controlling a standard rendering engine |
US7085741B2 (en) | 2001-01-17 | 2006-08-01 | Contentguard Holdings, Inc. | Method and apparatus for managing digital content usage rights |
US7095854B1 (en) | 1995-02-13 | 2006-08-22 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7117180B1 (en) | 1994-11-23 | 2006-10-03 | Contentguard Holdings, Inc. | System for controlling the use of digital works using removable content repositories |
US7120802B2 (en) | 1996-08-12 | 2006-10-10 | Intertrust Technologies Corp. | Systems and methods for using cryptography to protect secure computing environments |
US7124302B2 (en) | 1995-02-13 | 2006-10-17 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7133845B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | System and methods for secure transaction management and electronic rights protection |
US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
US7143290B1 (en) | 1995-02-13 | 2006-11-28 | Intertrust Technologies Corporation | Trusted and secure techniques, systems and methods for item delivery and execution |
US7152046B2 (en) | 2001-05-31 | 2006-12-19 | Contentguard Holdings, Inc. | Method and apparatus for tracking status of resource in a system for managing use of the resources |
US7165174B1 (en) | 1995-02-13 | 2007-01-16 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management |
US7206765B2 (en) | 2001-01-17 | 2007-04-17 | Contentguard Holdings, Inc. | System and method for supplying and managing usage rights based on rules |
US7206941B2 (en) | 2000-08-28 | 2007-04-17 | Contentguard Holdings, Inc. | Method and apparatus for validating security components through a request for content |
US7222104B2 (en) | 2001-05-31 | 2007-05-22 | Contentguard Holdings, Inc. | Method and apparatus for transferring usage rights and digital work having transferrable usage rights |
US7233948B1 (en) | 1998-03-16 | 2007-06-19 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US7243236B1 (en) | 1999-07-29 | 2007-07-10 | Intertrust Technologies Corp. | Systems and methods for using cryptography to protect secure and insecure computing environments |
US7286665B1 (en) | 1999-04-06 | 2007-10-23 | Contentguard Holdings, Inc. | System and method for transferring the right to decode messages |
US7343324B2 (en) | 2000-11-03 | 2008-03-11 | Contentguard Holdings Inc. | Method, system, and computer readable medium for automatically publishing content |
US7356688B1 (en) | 1999-04-06 | 2008-04-08 | Contentguard Holdings, Inc. | System and method for document distribution |
US8578475B2 (en) | 2006-10-17 | 2013-11-05 | Sharp Kabushiki Kaisha | Image forming apparatus, user authentication system, control program and computer-readable storage medium for operating image forming apparatus |
WO2013183150A1 (en) * | 2012-06-07 | 2013-12-12 | 株式会社 東芝 | Security adapter program and device |
US8892473B2 (en) | 2001-05-31 | 2014-11-18 | Contentguard Holdings, Inc. | Method and system for subscription digital rights management |
JP2016177632A (en) * | 2015-03-20 | 2016-10-06 | アイシン・エィ・ダブリュ株式会社 | Security management system, and security management method |
JP2019009559A (en) * | 2017-06-22 | 2019-01-17 | 株式会社デンソー | server |
-
1994
- 1994-03-03 JP JP6032713A patent/JPH07244639A/en not_active Withdrawn
Cited By (88)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7065505B2 (en) | 1994-11-23 | 2006-06-20 | Contentguard Holdings, Inc. | Method for metering and pricing of digital works |
US9953328B2 (en) | 1994-11-23 | 2018-04-24 | Contentguard Holdings, Inc. | Method and system for conducting transactions between repositories |
US6865551B1 (en) | 1994-11-23 | 2005-03-08 | Contentguard Holdings, Inc. | Removable content repositories |
US7523072B2 (en) | 1994-11-23 | 2009-04-21 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works |
US7389270B2 (en) | 1994-11-23 | 2008-06-17 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works |
US6895392B2 (en) | 1994-11-23 | 2005-05-17 | Contentguard Holdings, Inc. | Usage rights grammar and digital works having usage rights created with the grammar |
US7359881B2 (en) | 1994-11-23 | 2008-04-15 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works using secure components |
US6910022B2 (en) | 1994-11-23 | 2005-06-21 | Contentguard Holdings, Inc. | Usage rights grammar and digital works having usage rights created with the grammar |
US7269577B2 (en) | 1994-11-23 | 2007-09-11 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works using digital tickets |
US6920436B2 (en) | 1994-11-23 | 2005-07-19 | Contentguard Holdings, Inc. | Digital work structure |
US6925448B2 (en) | 1994-11-23 | 2005-08-02 | Contentguard Holdings, Inc. | Usage rights grammar and digital works having usage rights created with the grammar |
US6928419B2 (en) | 1994-11-23 | 2005-08-09 | Contentguard Holdings, Inc. | Method and apparatus for repackaging portions of digital works as new digital works |
US7269576B2 (en) | 1994-11-23 | 2007-09-11 | Contentguard Holdings, Inc. | Content rendering apparatus |
US6934693B2 (en) | 1994-11-23 | 2005-08-23 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works |
US7266529B2 (en) | 1994-11-23 | 2007-09-04 | Contentguard Holdings, Inc. | Method and apparatus for executing code in accordance with usage rights |
US7260556B2 (en) | 1994-11-23 | 2007-08-21 | Contentguard Holdings, Inc. | Content rendering device with usage rights |
US6944600B2 (en) | 1994-11-23 | 2005-09-13 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works using digital tickets |
US7225160B2 (en) | 1994-11-23 | 2007-05-29 | Contentguard Holdings, Inc. | Digital works having usage rights and method for creating the same |
US6957194B2 (en) | 1994-11-23 | 2005-10-18 | Contentguard Holdings, Inc. | Method for printing digital works |
US6957193B2 (en) | 1994-11-23 | 2005-10-18 | Contentguard Holdings, Inc. | Repository with security class and method for use thereof |
US6963859B2 (en) | 1994-11-23 | 2005-11-08 | Contentguard Holdings, Inc. | Content rendering repository |
US7209902B2 (en) | 1994-11-23 | 2007-04-24 | Contentguard Holdings, Inc. | Repository with security class and method for use thereof |
US7024392B2 (en) | 1994-11-23 | 2006-04-04 | Contentguard Holdings, Inc. | Method for controlling use of database content |
US7200574B2 (en) | 1994-11-23 | 2007-04-03 | Contentguard Holdings, Inc. | System for controlling the distribution and use digital works using digital tickets |
US7139736B2 (en) | 1994-11-23 | 2006-11-21 | Contentguard Holdings, Inc. | Content rendering repository |
US7043453B2 (en) | 1994-11-23 | 2006-05-09 | Contentguard Holdings, Inc. | Method and system for conducting transactions between repositories using a repository transaction protocol |
US7117180B1 (en) | 1994-11-23 | 2006-10-03 | Contentguard Holdings, Inc. | System for controlling the use of digital works using removable content repositories |
US7058606B2 (en) | 1994-11-23 | 2006-06-06 | Contentguard Holdings, Inc. | Method for loaning digital works |
US7113912B2 (en) | 1994-11-23 | 2006-09-26 | Contentguard Holdings, Inc. | Composite digital works having usage rights and method for creating the same |
US7133845B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | System and methods for secure transaction management and electronic rights protection |
US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
US7069451B1 (en) | 1995-02-13 | 2006-06-27 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7415617B2 (en) | 1995-02-13 | 2008-08-19 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce, electronic transactions, commerce process control and automation, distributed computing, and rights management |
US7076652B2 (en) | 1995-02-13 | 2006-07-11 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US7392395B2 (en) | 1995-02-13 | 2008-06-24 | Intertrust Technologies Corp. | Trusted and secure techniques, systems and methods for item delivery and execution |
US7165174B1 (en) | 1995-02-13 | 2007-01-16 | Intertrust Technologies Corp. | Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management |
US7095854B1 (en) | 1995-02-13 | 2006-08-22 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7100199B2 (en) | 1995-02-13 | 2006-08-29 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7281133B2 (en) | 1995-02-13 | 2007-10-09 | Intertrust Technologies Corp. | Trusted and secure techniques, systems and methods for item delivery and execution |
US7143290B1 (en) | 1995-02-13 | 2006-11-28 | Intertrust Technologies Corporation | Trusted and secure techniques, systems and methods for item delivery and execution |
US7051212B2 (en) | 1995-02-13 | 2006-05-23 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US7120800B2 (en) | 1995-02-13 | 2006-10-10 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
US7124302B2 (en) | 1995-02-13 | 2006-10-17 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
JPH1031639A (en) * | 1996-07-16 | 1998-02-03 | Nippon Telegr & Teleph Corp <Ntt> | Method and device for managing client state |
US7120802B2 (en) | 1996-08-12 | 2006-10-10 | Intertrust Technologies Corp. | Systems and methods for using cryptography to protect secure computing environments |
US7062500B1 (en) | 1997-02-25 | 2006-06-13 | Intertrust Technologies Corp. | Techniques for defining, using and manipulating rights management data structures |
US7031471B2 (en) | 1997-02-28 | 2006-04-18 | Contentguard Holdings, Inc. | System for controlling the distribution and use of rendered digital works through watermarking |
US7143066B2 (en) | 1997-11-06 | 2006-11-28 | Intertrust Technologies Corp. | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US7110983B2 (en) | 1997-11-06 | 2006-09-19 | Intertrust Technologies Corporation | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US6938021B2 (en) | 1997-11-06 | 2005-08-30 | Intertrust Technologies Corporation | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US7092914B1 (en) | 1997-11-06 | 2006-08-15 | Intertrust Technologies Corporation | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
US7233948B1 (en) | 1998-03-16 | 2007-06-19 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US7068787B1 (en) | 1998-10-23 | 2006-06-27 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US6859533B1 (en) | 1999-04-06 | 2005-02-22 | Contentguard Holdings, Inc. | System and method for transferring the right to decode messages in a symmetric encoding scheme |
US7356688B1 (en) | 1999-04-06 | 2008-04-08 | Contentguard Holdings, Inc. | System and method for document distribution |
US7286665B1 (en) | 1999-04-06 | 2007-10-23 | Contentguard Holdings, Inc. | System and method for transferring the right to decode messages |
US6937726B1 (en) | 1999-04-06 | 2005-08-30 | Contentguard Holdings, Inc. | System and method for protecting data files by periodically refreshing a decryption key |
US7243236B1 (en) | 1999-07-29 | 2007-07-10 | Intertrust Technologies Corp. | Systems and methods for using cryptography to protect secure and insecure computing environments |
US6885748B1 (en) | 1999-10-23 | 2005-04-26 | Contentguard Holdings, Inc. | System and method for protection of digital works |
US7603319B2 (en) | 2000-08-28 | 2009-10-13 | Contentguard Holdings, Inc. | Method and apparatus for preserving customer identity in on-line transactions |
US7237125B2 (en) | 2000-08-28 | 2007-06-26 | Contentguard Holdings, Inc. | Method and apparatus for automatically deploying security components in a content distribution system |
US7206941B2 (en) | 2000-08-28 | 2007-04-17 | Contentguard Holdings, Inc. | Method and apparatus for validating security components through a request for content |
US7073199B1 (en) | 2000-08-28 | 2006-07-04 | Contentguard Holdings, Inc. | Document distribution management method and apparatus using a standard rendering engine and a method and apparatus for controlling a standard rendering engine |
US7269735B2 (en) | 2000-08-28 | 2007-09-11 | Contentgaurd Holdings, Inc. | Instance specific digital watermarks |
US6931545B1 (en) | 2000-08-28 | 2005-08-16 | Contentguard Holdings, Inc. | Systems and methods for integrity certification and verification of content consumption environments |
US7412605B2 (en) | 2000-08-28 | 2008-08-12 | Contentguard Holdings, Inc. | Method and apparatus for variable encryption of data |
US7343324B2 (en) | 2000-11-03 | 2008-03-11 | Contentguard Holdings Inc. | Method, system, and computer readable medium for automatically publishing content |
US6912294B2 (en) | 2000-12-29 | 2005-06-28 | Contentguard Holdings, Inc. | Multi-stage watermarking process and system |
US7609848B2 (en) | 2000-12-29 | 2009-10-27 | Contentguard Holdings, Inc. | Multi-stage watermarking process and system |
US7184571B2 (en) | 2000-12-29 | 2007-02-27 | Contentgaurd Holdings, Inc. | Multi-stage watermarking process and system |
US7028009B2 (en) | 2001-01-17 | 2006-04-11 | Contentguardiholdings, Inc. | Method and apparatus for distributing enforceable property rights |
US7206765B2 (en) | 2001-01-17 | 2007-04-17 | Contentguard Holdings, Inc. | System and method for supplying and managing usage rights based on rules |
US7085741B2 (en) | 2001-01-17 | 2006-08-01 | Contentguard Holdings, Inc. | Method and apparatus for managing digital content usage rights |
US7152046B2 (en) | 2001-05-31 | 2006-12-19 | Contentguard Holdings, Inc. | Method and apparatus for tracking status of resource in a system for managing use of the resources |
US8892473B2 (en) | 2001-05-31 | 2014-11-18 | Contentguard Holdings, Inc. | Method and system for subscription digital rights management |
US6876984B2 (en) | 2001-05-31 | 2005-04-05 | Contentguard Holdings, Inc. | Method and apparatus for establishing usage rights for digital content to be created in the future |
US6973445B2 (en) | 2001-05-31 | 2005-12-06 | Contentguard Holdings, Inc. | Demarcated digital content and method for creating and processing demarcated digital works |
US7222104B2 (en) | 2001-05-31 | 2007-05-22 | Contentguard Holdings, Inc. | Method and apparatus for transferring usage rights and digital work having transferrable usage rights |
US7162633B2 (en) | 2001-05-31 | 2007-01-09 | Contentguard Holdings, Inc. | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights |
US6895503B2 (en) | 2001-05-31 | 2005-05-17 | Contentguard Holdings, Inc. | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights |
US8869293B2 (en) | 2001-05-31 | 2014-10-21 | Contentguard Holdings, Inc. | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights |
US8862517B2 (en) | 2001-05-31 | 2014-10-14 | Contentguard Holdings, Inc. | Digital rights management of content when content is a future live event |
US8578475B2 (en) | 2006-10-17 | 2013-11-05 | Sharp Kabushiki Kaisha | Image forming apparatus, user authentication system, control program and computer-readable storage medium for operating image forming apparatus |
JP5398919B1 (en) * | 2012-06-07 | 2014-01-29 | 株式会社東芝 | Security adapter program and device |
WO2013183150A1 (en) * | 2012-06-07 | 2013-12-12 | 株式会社 東芝 | Security adapter program and device |
JP2016177632A (en) * | 2015-03-20 | 2016-10-06 | アイシン・エィ・ダブリュ株式会社 | Security management system, and security management method |
JP2019009559A (en) * | 2017-06-22 | 2019-01-17 | 株式会社デンソー | server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JPH07244639A (en) | Access right management device | |
US6928439B2 (en) | Computer system with access control mechanism | |
US8402514B1 (en) | Hierarchy-aware role-based access control | |
US6978381B1 (en) | Enhancement to a system for automated generation of file access control system commands | |
US7237119B2 (en) | Method, system and computer program for managing user authorization levels | |
US8566908B2 (en) | Database application security | |
JPH04310188A (en) | Library service method for document/image library | |
US20030135755A1 (en) | System and method for granting access to resources | |
JP2002099454A (en) | File control system and method | |
CN108156115B (en) | A kind of inter-sectional data sharing method | |
US7464400B2 (en) | Distributed environment controlled access facility | |
CN101763575A (en) | License management apparatus, license management method, and computer readable medium | |
JPH08314863A (en) | Security system in computer network | |
JPH06214863A (en) | Information resource managing device | |
US7647497B2 (en) | Method and program for user authentication in a network storage system | |
JP4037058B2 (en) | Electronic information exclusive control apparatus, exclusive control method, and computer-readable recording medium recording exclusive control program | |
JP2003256064A (en) | License management method, license management server, license acquisition client, license management program, and recording medium | |
JP2002202956A (en) | Security management system, security management method, and security management program | |
JP2000305834A (en) | Data access control device | |
JP2002109172A (en) | RECORDING MEDIUM WHICH RECORDED PROGRAM FOR AUTHENTICATION AUTHORIZATION | |
JPH07295876A (en) | Access right controlling device | |
JPH056322A (en) | Information resource accessing system | |
JP3274151B2 (en) | Distributed file system | |
JPH08123672A (en) | System that manages access to stored information | |
JPH0789351B2 (en) | Security management processing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A300 | Application deemed to be withdrawn because no request for examination was validly filed |
Free format text: JAPANESE INTERMEDIATE CODE: A300 Effective date: 20010508 |