Access authorization system, access control server, and business process execution system

An access control and business process technology, applied in transmission systems, digital transmission systems, instruments, etc., can solve the problems of longer user waiting time, higher processing load, longer time, etc., and achieve the effect of reducing waiting time

Inactive Publication Date: 2009-04-15
HITACHI LTD
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0011] However, in Non-Patent Document 1, since the SAML authority performs permission judgment collectively, when a plurality of users request service provision in a short period of time, there is a possibility that the processing load required by the SAML authority becomes high, and each permission judgment requires longer time
If the time required for permission judgment becomes longer, the user's waiting time until the start of provision of each service becomes longer, and the user's convenience is impaired.
[0012] In addition, in the BPEL described in Non-Patent Document 2, if the permission judgment of each service is performed after calling each service in a series of business processes, the user may have to wait for a long time until the provision of each service is started.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access authorization system, access control server, and business process execution system
  • Access authorization system, access control server, and business process execution system
  • Access authorization system, access control server, and business process execution system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0100] First, a first embodiment of the present invention will be described.

[0101] figure 1 is a system configuration diagram illustrating the configuration of the access permission system 10 in the first embodiment. The access permission system 10 includes an access control server (ACS) 100, a policy management server (PMS) 200, a communication management server (CMS) 300, an authorization server (AuS) 400, a user terminal (US) 500, and a plurality of service providing servers (SP )600. ACS100 , PMS200 , CMS300 , AuS400 , US500 , and SP600 communicate with each other via network 11 .

[0102] figure 1 In the access permission system 10 shown, when a user uses a service via US500, ACS100, which is a third party organization, cooperates with PMS200 and AuS400 to judge whether the user is permitted to use the service, and based on the result, CMS300 performs access control.

[0103] Next, functions possessed by each constituent element of the access permission system 10 i...

Embodiment 2

[0196] Next, a second embodiment of the present invention will be described.

[0197] Figure 15 It is a system configuration diagram illustrating the configuration of the access permission system 10 in the second embodiment. The access permission system 10 includes an access control server (ACS) 100, a policy management server (PMS) 200, a communication management server (CMS) 300, an authorization server (AuS) 400, a user terminal (US) 500, and a plurality of service providing servers (SP )600. In addition to the aspects described below, the Figure 15 neutralize figure 1 Structures appended with the same reference numbers are the same as figure 1 have the same structure or have the same function, so the description is omitted.

[0198] When the SIP client 603 of the SP600 receives a permission information transmission notification including the user ID, service ID and permission information from the ACS100, it registers the received information in the communication man...

Embodiment 3

[0237] Next, a third embodiment of the present invention will be described. The business process execution system 40 of this embodiment realizes one service by linking a plurality of Web services that implement access control through SAML according to a service script.

[0238] Figure 21 It is a system configuration diagram illustrating the configuration of the business process execution system 40 in the third embodiment. The business process execution system 40 includes a policy management server (PMS) 200, an authorization server (AuS) 400, a user terminal (US) 500, a plurality of service providing servers (SP) 600, a service execution server (SES) 700, and an attribute management server ( AS) 800.

[0239] Figure 21 The illustrated business process execution system 40, when a user uses a service script provided by SES 700 via US 500, makes a permission judgment in which SES 700 cooperates with AuS 400 to determine whether the user is permitted to provide each Web servi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An access authorization system is provided, which can reduce the user wait time until the provision of a user-requested service. The access authorization system of the present invention specifies the next service to be provided to a UT (a client-side communication device) after the service currently being provided to the UT, and then executes process to make an authorization decision in advance regarding the next service with respect to the user of the UT, before the UT requests the next service.

Description

technical field [0001] The present invention relates to a technique for performing a permission judgment for a user using the communication device to determine whether to allow the provision of the service based on a service request from the client-side communication device. Background technique [0002] In the current Internet environment, various services based on e-commerce transaction services are available. Some of these services include services that require input of personal information such as names and addresses, and services that require money transfers. Among these services, a security mechanism for preventing false identity verification and ensuring protection of private matters is required. In particular, in order to achieve secure communication, measures such as user authentication, determination (permission) of whether or not to use services for each user, access control for each user, and data encryption are important. [0003] However, the more services re...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56G09C1/00G06F21/31G06F21/41
Inventor 矢户晃史锻忠司山本暖入部真一林直树
Owner HITACHI LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap