Supercharge Your Innovation With Domain-Expert AI Agents!

Access control list conversion system, and method and program therefor

一种访问控制表、访问控制的技术,应用在存储器系统、仪器、计算等方向,能够解决损害可维护性等问题

Inactive Publication Date: 2012-02-08
NEC CORP
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] It is necessary to make an access control table with the same access control content for each access control mechanism according to the interpretation characteristics of the access control mechanism, which impairs maintainability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control list conversion system, and method and program therefor
  • Access control list conversion system, and method and program therefor
  • Access control list conversion system, and method and program therefor

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0047] figure 1 is a block diagram showing an example of the structure of the access control list generation / conversion system according to the first embodiment of the invention.

[0048] refer to figure 1 , the first embodiment of the invention includes an ACL conversion unit 101 and a resource database 102 .

[0049] The resource database 102 systematically stores all the latest information (from high-level concepts to low-level concepts) of resources to be controlled by access control lists (ACLs).

[0050] In the invention, the access control list is configured to include one or more access control rules, each access control rule being a set of: the access target resource to be accessed, the access actor user to access the access target resource, and the defined It specifies whether to allow or prohibit the access actor user's access to the access target resource. "Access actor user" is, for example, information capable of specifying a user (such as "Yamada") who access...

no. 2 example

[0074] Next, an access control list differential allocation system according to another embodiment of the invention will be described in detail with reference to the drawings.

[0075] In this embodiment, an access control list (ACL) is widely managed, the access control list is updated for an updated policy, and the difference before and after the update of the access control list is distributed to each control target machine.

[0076] refer to image 3 , this embodiment includes an integrated access control server 100 and a control target machine 200. image 3 is a block diagram showing an example of the structure of the access control list differential allocation system according to the second embodiment of the invention.

[0077] The integrated access control server 100 includes a policy database 106 , a resource database 102 , an ACL database 107 , an ACL generating unit 103 , an ACL converting unit 101 , a difference extracting unit 104 , and an allocating unit 105 . P...

no. 3 example

[0086] Next, an access control list consistency ensuring differential allocation system according to another embodiment of the invention will be described in detail with reference to the drawings.

[0087] In this embodiment, an example of ensuring consistency in distribution of differences between access control lists is described. Figure 4 is a block diagram showing a structural example of an access control list differential assignment consistency ensuring system according to the third embodiment of the invention.

[0088] refer to Figure 4 , in this embodiment, the integrated access control server 100' also includes a signature unit 108 and a control target machine 200', compared with the second embodiment, it also includes a signature verification unit 204.

[0089] In the integrated access control server 100', the difference information extracted by the difference extraction unit 104 is supplied to the signature unit 108. The signature unit 108 adds the private key di...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Provided are a first rule judgment unit (12) to judge whether an access control rule is a permission rule or a prohibition rule; a temporary storage unit (15) to store an access control rule which has been judged as a permission rule; a second rule judgment unit (13) to judge whether or not the user of the prohibition rule is the same as the user of the permission rule, and whether or not the access target resource of the prohibition rule contains the access target resource of the permission rule; a resource DB to accumulate resource information which is the systematic and latest entire information of the access target resource; and a resource development unit to exclude the access target resource of the permission rule from the access target resource of the access control rule which has been judged that the user of the access control rule is the same as the user of the permission rule, and that the access target resource thereof contains the access target resource of the permission rule, with reference to the resource information.

Description

technical field [0001] The present invention relates to an access control list conversion system, an access control list conversion method, and an access control list conversion program that generate no restriction on the order of description. Background technique [0002] Regarding the distribution of policies expressed as access control lists, it is becoming more and more common for an integrated access control server to perform access control on multiple control target machines. [0003] Therefore, when the policy is changed, the access control list needs to be corrected, so there is a need to improve the maintainability of the access control list. [0004] In general, an access control list is configured to include one or more access control rules, each access control rule including a set of: the access target resource to be accessed, the access actor user to access the access target resource, and the allowed Or prohibit the access right of the access actor user to acce...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/24G06F12/00G06F21/60G06F21/62
CPCG06F21/604G06F21/6218G06F2221/2141G06F21/62G06F21/60
Inventor 石川尊之
Owner NEC CORP
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com