KR100553273B1 - 엑스트라넷 액세스제어 장치 및 방법 - Google Patents
엑스트라넷 액세스제어 장치 및 방법 Download PDFInfo
- Publication number
- KR100553273B1 KR100553273B1 KR1020030080752A KR20030080752A KR100553273B1 KR 100553273 B1 KR100553273 B1 KR 100553273B1 KR 1020030080752 A KR1020030080752 A KR 1020030080752A KR 20030080752 A KR20030080752 A KR 20030080752A KR 100553273 B1 KR100553273 B1 KR 100553273B1
- Authority
- KR
- South Korea
- Prior art keywords
- user
- module
- server
- acl
- authority
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99939—Privileged access
Abstract
Description
Claims (4)
- 다수의 도메인웹서버와, 각 도메인웹서버로의 액세스 인증 및 권한관리를 담당하는 권한인증(이하, "AA(authentication and authorization)"라 함) 서버와, 권한정보를 저장하는 모듈과, 상기 AA서버 및 도메인웹서버와 연결되는 유저 웹브라우저로 구성되는 시스템에 있어서,상기 AA서버는 인증(authentication) 및 권한부여(authorization)를 담당하는 AA모듈과, AA서버와 각 도메인웹서버들의 액세스 제어목록(이하, "ACL(access control list cache)"이라 함) 캐시를 동기화하는 ACL캐시 제어모듈과, 유저에게 설정해 줄 AA쿠키를 암호화하는 암호화모듈과, 권한정보 저장모듈에 독립적인 시스템 운영을 제공하는 스키마프로바이더 및 유저프로바이더로 구성되고,상기 도메인웹서버는 ACL캐시를 이용하여 유저의 액세스 여부를 판별하는 AA모듈과, AA서버로부터 전달되어온 ACL캐시 모듈과, 암호화된 AA쿠키를 해독하는 복호화모듈과, 유저 웹브라우저로부터의 리소스요청을 처리하는 모듈로 구성되어,다수의 유저가 가입되어 있는 도메인웹서버에서 도메인별로 ACL 정보를 이용하여 권한 검사를 수행하면, 그 결과 도메인웹서버에서 암호화된 롤(이하, "Role"이라 함) 정보 쿠키를 출력하고, 이 쿠키 신호는 AA 서버에서 인증되고 권한이 부여되어 권한정보 저장 모듈에 Role, ACL 및 액세스 제어항목(ACE, access control entry) 정보가 저장되는 것을 특징으로 하는, 엑스트라넷 액세스제어 장치.
- 제1항과 같이 구성되는 장치에 의해 이루어지는 액세스제어 방법으로서,유저 웹브라우저에서 도메인웹서버에 접속하는 단계, 도메인웹서버의 AA모듈에서 인증확인을 해서 HTTP를 통해 다시 유저 웹브라우저로 보내는 단계, AA서버의 AA모듈에 인증요청을 하면, AA서버의 AA모듈은 스키마프로바이더에 인증조회를 하고 스키마프로바이더에서는 권한정보 저장모듈로부터 사이트조회를 하여 그 결과를 유저프로바이더로 전달하는 단계, 유저프로바이더에서는 권한정보 저장모듈에 유저 권한 조회를 하여 인증 및 권한 설정을 해서 유저 웹브라우저에 전송하는 단계를 포함하는 인증시의 권한설정 절차와,유저가 도메인웹서버에 액세스하면 도메인웹서버의 AA모듈에서는 권한검사를 하고 리소스요청 처리모듈은 권한조회 요청을 처리하고 그 결과를 유저 웹브라우저에 보내어 응답하는 단계를 포함하는 권한 조회 절차를 포함하는, 엑스트라넷 액세스제어 방법.
- 제2항에 있어서,유저웹브라우저에서 서비스가입 또는 탈퇴를 요청하면, 도메인웹서버(100)의 리소스요청 처리모듈에서는 AA서버의 AA모듈에 가입 또는 탈퇴요청을 하고, AA모듈은 유저 권한정보를 수정하여 유저프로바이더에 전송하고, 유저프로바이더는 수정된 정보를 권한정보 저장모듈에 보내어 유저정보를 업데이트하는 단계와, AA모듈은 유저정보가 변경되었음을 도메인웹서버의 리소스요청 처리모듈에 보고하여 유저에게 가입 또는 탈퇴가 완료되었음을 알리는 단계를 포함하는 유저 권한변경 절차를 추가로 포함하는, 엑스트라넷 액세스제어 방법.
- 제2항에 있어서,도메인웹서버의 AA모듈이 AA서버의 ACL캐시 제어모듈에 캐시요청을 하면, ACL캐시 제어모듈은 권한정보 저장모듈로부터 ACL캐시를 조회하여 다시 도메인웹서버의 AA모듈로 전달하는 ACL 초기화 단계와,관리자가 AA서버의 ACL캐시 제어모듈로 하여금 권한변경을 명령하면, ACL캐시 제어모듈은 정보권한 저장모듈에 ACL변경을 요청하고 도메인웹서버의 ACL캐시에 캐시동기화를 명령하는 ACL 동기화 단계가 추가로 포함되는, 엑스트라넷 액세스제어 방법.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020030080752A KR100553273B1 (ko) | 2003-11-14 | 2003-11-14 | 엑스트라넷 액세스제어 장치 및 방법 |
CNA2004800333095A CN1926801A (zh) | 2003-11-14 | 2004-11-08 | 外联网访问管理装置和方法 |
US10/578,634 US7451149B2 (en) | 2003-11-14 | 2004-11-08 | Extranet access management apparatus and method |
PCT/KR2004/002874 WO2005048526A1 (en) | 2003-11-14 | 2004-11-08 | Extranet access management apparatus and method |
JP2006539375A JP2007511831A (ja) | 2003-11-14 | 2004-11-08 | エクストラネットアクセスの制御装置及び方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020030080752A KR100553273B1 (ko) | 2003-11-14 | 2003-11-14 | 엑스트라넷 액세스제어 장치 및 방법 |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20050046481A KR20050046481A (ko) | 2005-05-18 |
KR100553273B1 true KR100553273B1 (ko) | 2006-02-22 |
Family
ID=34587908
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020030080752A KR100553273B1 (ko) | 2003-11-14 | 2003-11-14 | 엑스트라넷 액세스제어 장치 및 방법 |
Country Status (5)
Country | Link |
---|---|
US (1) | US7451149B2 (ko) |
JP (1) | JP2007511831A (ko) |
KR (1) | KR100553273B1 (ko) |
CN (1) | CN1926801A (ko) |
WO (1) | WO2005048526A1 (ko) |
Families Citing this family (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7461262B1 (en) * | 2002-03-19 | 2008-12-02 | Cisco Technology, Inc. | Methods and apparatus for providing security in a caching device |
US20070208946A1 (en) * | 2004-07-06 | 2007-09-06 | Oracle International Corporation | High performance secure caching in the mid-tier |
US7370050B2 (en) * | 2005-02-28 | 2008-05-06 | Microsoft Corporation | Discoverability and enumeration mechanisms in a hierarchically secure storage system |
KR100664943B1 (ko) * | 2005-08-10 | 2007-01-04 | 삼성전자주식회사 | 모드 기반 접근 제어 방법 및 장치 |
JP4863253B2 (ja) * | 2005-09-27 | 2012-01-25 | 学校法人東京農業大学 | 統合ユーザ管理システム |
KR100785782B1 (ko) * | 2005-11-17 | 2007-12-18 | 한국전자통신연구원 | 권한위임 시스템 및 방법 |
US8024794B1 (en) * | 2005-11-30 | 2011-09-20 | Amdocs Software Systems Limited | Dynamic role based authorization system and method |
US20070226251A1 (en) * | 2006-03-24 | 2007-09-27 | Rocket Software, Inc. | Method of augmenting and controlling utility program execution for a relational database management system |
US7895639B2 (en) * | 2006-05-04 | 2011-02-22 | Citrix Online, Llc | Methods and systems for specifying and enforcing access control in a distributed system |
US8819806B2 (en) * | 2006-10-20 | 2014-08-26 | Verizon Patent And Licensing Inc. | Integrated data access |
DE102006055684B4 (de) * | 2006-11-23 | 2021-03-11 | Nokia Siemens Networks Gmbh & Co. Kg | Verfahren zur Bearbeitung einer Netzwerkdienstanforderung sowie Netzwerkelement mit Mittel zur Bearbeitung der Anforderung |
US8650297B2 (en) * | 2007-03-14 | 2014-02-11 | Cisco Technology, Inc. | Unified user interface for network management systems |
US8584196B2 (en) * | 2008-05-05 | 2013-11-12 | Oracle International Corporation | Technique for efficiently evaluating a security policy |
US8806201B2 (en) * | 2008-07-24 | 2014-08-12 | Zscaler, Inc. | HTTP authentication and authorization management |
US9003186B2 (en) * | 2008-07-24 | 2015-04-07 | Zscaler, Inc. | HTTP authentication and authorization management |
US8656462B2 (en) * | 2008-07-24 | 2014-02-18 | Zscaler, Inc. | HTTP authentication and authorization management |
US9379895B2 (en) * | 2008-07-24 | 2016-06-28 | Zscaler, Inc. | HTTP authentication and authorization management |
JP5549596B2 (ja) * | 2008-11-14 | 2014-07-16 | 日本電気株式会社 | 情報処理システムと方法並びにプログラム |
CN101453388B (zh) * | 2008-12-30 | 2011-02-09 | 公安部第三研究所 | 互联网上网服务营业场端运行安全保障的检验方法 |
US8396949B2 (en) * | 2010-06-03 | 2013-03-12 | Microsoft Corporation | Metadata driven automatic deployment of distributed server systems |
US8601549B2 (en) * | 2010-06-29 | 2013-12-03 | Mckesson Financial Holdings | Controlling access to a resource using an attribute based access control list |
JP5623271B2 (ja) | 2010-12-27 | 2014-11-12 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | 情報処理装置、権限管理方法、プログラムおよび記録媒体 |
US8516607B2 (en) * | 2011-05-23 | 2013-08-20 | Qualcomm Incorporated | Facilitating data access control in peer-to-peer overlay networks |
CN103297438B (zh) * | 2013-06-20 | 2016-05-11 | 上海辰锐信息科技公司 | 一种用于移动终端安全机制的缓存访问控制方法 |
WO2015122009A1 (ja) * | 2014-02-17 | 2015-08-20 | 富士通株式会社 | サービス提供方法、サービス要求方法、情報処理装置、及び、クライアント装置 |
US10515219B2 (en) | 2014-07-18 | 2019-12-24 | Micro Focus Llc | Determining terms for security test |
CN104639371A (zh) * | 2015-02-02 | 2015-05-20 | 北京极科极客科技有限公司 | 一种远程控制路由器的方法 |
US9912704B2 (en) * | 2015-06-09 | 2018-03-06 | Intel Corporation | System, apparatus and method for access control list processing in a constrained environment |
CN109347840B (zh) * | 2015-11-30 | 2021-09-24 | 北京奇艺世纪科技有限公司 | 一种业务方访问规则的配置的方法和装置 |
US10389837B2 (en) * | 2016-06-17 | 2019-08-20 | International Business Machines Corporation | Multi-tier dynamic data caching |
US11929992B2 (en) | 2021-03-31 | 2024-03-12 | Sophos Limited | Encrypted cache protection |
WO2022208045A1 (en) * | 2021-03-31 | 2022-10-06 | Sophos Limited | Encrypted cache protection |
US11757642B1 (en) * | 2022-07-18 | 2023-09-12 | Spideroak, Inc. | Systems and methods for decentralized synchronization and braided conflict resolution |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH05289924A (ja) * | 1992-04-09 | 1993-11-05 | Oki Electric Ind Co Ltd | データベース管理システム |
JPH11355266A (ja) * | 1998-06-05 | 1999-12-24 | Nec Corp | ユーザ認証装置およびユーザ認証方法 |
US6453353B1 (en) * | 1998-07-10 | 2002-09-17 | Entrust, Inc. | Role-based navigation of information resources |
US6490624B1 (en) * | 1998-07-10 | 2002-12-03 | Entrust, Inc. | Session management in a stateless network system |
US6182142B1 (en) * | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
JP2000322353A (ja) * | 1999-05-13 | 2000-11-24 | Nippon Telegr & Teleph Corp <Ntt> | 情報提供装置、情報提供サービス認証方法及び情報提供サービス認証プログラムを記録した記録媒体 |
GB9913165D0 (en) * | 1999-06-08 | 1999-08-04 | Secr Defence | Access control in a web environment |
US6584505B1 (en) * | 1999-07-08 | 2003-06-24 | Microsoft Corporation | Authenticating access to a network server without communicating login information through the network server |
US6519647B1 (en) * | 1999-07-23 | 2003-02-11 | Microsoft Corporation | Methods and apparatus for synchronizing access control in a web server |
US6609128B1 (en) * | 1999-07-30 | 2003-08-19 | Accenture Llp | Codes table framework design in an E-commerce architecture |
US6728884B1 (en) * | 1999-10-01 | 2004-04-27 | Entrust, Inc. | Integrating heterogeneous authentication and authorization mechanisms into an application access control system |
US7802174B2 (en) * | 2000-12-22 | 2010-09-21 | Oracle International Corporation | Domain based workflows |
JP4559648B2 (ja) | 2001-03-21 | 2010-10-13 | トヨタ自動車株式会社 | 認証システム、および認証サーバ |
US7225256B2 (en) * | 2001-11-30 | 2007-05-29 | Oracle International Corporation | Impersonation in an access system |
US9087319B2 (en) * | 2002-03-11 | 2015-07-21 | Oracle America, Inc. | System and method for designing, developing and implementing internet service provider architectures |
-
2003
- 2003-11-14 KR KR1020030080752A patent/KR100553273B1/ko active IP Right Grant
-
2004
- 2004-11-08 US US10/578,634 patent/US7451149B2/en not_active Expired - Fee Related
- 2004-11-08 JP JP2006539375A patent/JP2007511831A/ja active Pending
- 2004-11-08 WO PCT/KR2004/002874 patent/WO2005048526A1/en active Application Filing
- 2004-11-08 CN CNA2004800333095A patent/CN1926801A/zh active Pending
Also Published As
Publication number | Publication date |
---|---|
WO2005048526A1 (en) | 2005-05-26 |
US20070124482A1 (en) | 2007-05-31 |
WO2005048526A9 (en) | 2006-08-24 |
CN1926801A (zh) | 2007-03-07 |
KR20050046481A (ko) | 2005-05-18 |
JP2007511831A (ja) | 2007-05-10 |
US7451149B2 (en) | 2008-11-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100553273B1 (ko) | 엑스트라넷 액세스제어 장치 및 방법 | |
Shi et al. | A blockchain-empowered AAA scheme in the large-scale HetNet | |
US10303871B2 (en) | System and method for controlling state tokens | |
CN110351381B (zh) | 一种基于区块链的物联网可信分布式数据共享方法 | |
US11005812B2 (en) | Autonomous decentralization of centralized stateful security services with systematic tamper resistance | |
US6986047B2 (en) | Method and apparatus for serving content from a semi-trusted server | |
US7600230B2 (en) | System and method for managing security meta-data in a reverse proxy | |
CN102067557B (zh) | 使用本地托管高速缓存和密码散列函数来减少网络通信的方法和系统 | |
US20150317486A1 (en) | Computer relational database method and system having role based access control | |
US20060026286A1 (en) | System and method for managing user session meta-data in a reverse proxy | |
CN107483491A (zh) | 一种云环境下分布式存储的访问控制方法 | |
US8443430B2 (en) | Remote registration for enterprise applications | |
CN104615916B (zh) | 账号管理方法和装置、账号权限控制方法和装置 | |
KR20040019328A (ko) | 액세스 제어 시스템 | |
CN112035215A (zh) | 节点集群的节点自治方法、系统、装置及电子设备 | |
EP3510743A1 (en) | Interchangeable retrieval of sensitive content via private content distribution networks | |
CN112685790B (zh) | 一种区块链数据安全及隐私保护方法 | |
US20150215314A1 (en) | Methods for facilitating improved user authentication using persistent data and devices thereof | |
Yuan et al. | Enabling secure and efficient video delivery through encrypted in-network caching | |
CN102316122B (zh) | 基于协同方式的内网安全管理方法 | |
CN101800776B (zh) | Cdn与p2p的网络融合管控方法和系统 | |
US20120173615A1 (en) | Data broker method, apparatus and system | |
US11356448B1 (en) | Device and method for tracking unique device and user network access across multiple security appliances | |
CN108734023A (zh) | 一种密文数据库系统的访问与集成系统及方法 | |
CN114595053A (zh) | 一种面向mnss的安全动态资源管理系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20130415 Year of fee payment: 8 |
|
FPAY | Annual fee payment |
Payment date: 20140210 Year of fee payment: 9 |
|
FPAY | Annual fee payment |
Payment date: 20150210 Year of fee payment: 10 |
|
FPAY | Annual fee payment |
Payment date: 20160205 Year of fee payment: 11 |
|
FPAY | Annual fee payment |
Payment date: 20170410 Year of fee payment: 12 |
|
FPAY | Annual fee payment |
Payment date: 20180209 Year of fee payment: 13 |
|
FPAY | Annual fee payment |
Payment date: 20190211 Year of fee payment: 14 |
|
FPAY | Annual fee payment |
Payment date: 20200226 Year of fee payment: 15 |