JP2003132020A - Access control apparatus, authentication apparatus and apparatus related to them - Google Patents

Access control apparatus, authentication apparatus and apparatus related to them

Info

Publication number
JP2003132020A
JP2003132020A JP2001329307A JP2001329307A JP2003132020A JP 2003132020 A JP2003132020 A JP 2003132020A JP 2001329307 A JP2001329307 A JP 2001329307A JP 2001329307 A JP2001329307 A JP 2001329307A JP 2003132020 A JP2003132020 A JP 2003132020A
Authority
JP
Japan
Prior art keywords
access
access control
authentication
network
table
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2001329307A
Other languages
Japanese (ja)
Inventor
Hisahiro Kaneko
尚浩 金子
Original Assignee
Cyber Sign Japan Inc
日本サイバーサイン株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cyber Sign Japan Inc, 日本サイバーサイン株式会社 filed Critical Cyber Sign Japan Inc
Priority to JP2001329307A priority Critical patent/JP2003132020A/en
Publication of JP2003132020A publication Critical patent/JP2003132020A/en
Application status is Pending legal-status Critical

Links

Abstract

PROBLEM TO BE SOLVED: To provide an apparatus and a program, capable of dynamically changing access control rule. SOLUTION: When an external terminal 20 accessing to an WEB server 16, if access has not been permitted and the access is refused, the external terminal 20 transmits an authentication request to an authentication server 18, to obtain permission. The authentication server 18 authenticates, based on the signature data included in the authentication request, if the external terminal 20 is an authorized one, and requests to a firewall to set the access control rule to permit 'access controls to be executed', included in the authentication request. The firewall 10 sets the access control rule, based on the request. Accordingly, the access control rule corresponded to a current user can be set, so that a network can be used smoothly.

Description

DETAILED DESCRIPTION OF THE INVENTION [0001] BACKGROUND OF THE INVENTION 1. Field of the Invention
Apparatus that can dynamically change access control and its apparatus
It relates to a program for configuring the device. [0002] 2. Description of the Related Art Each host (terminal or server) on a network
Server, client, router, etc.
For example, in the Internet,
An address called an IP address is used. Ne
Each host on the network uses this IP address
The communication destination is specified. However, each host on the network is free
It does not mean that other hosts can be accessed. Generally,
Due to security issues or administrative concerns, some hosts
Access to the host is restricted, or
Outgoing calls are often restricted. In order to perform such control, a fire
Devices called walls, routers, and bridges are used
And to control access for each host
There is also a program called personal firewall
Are known. [0005] SUMMARY OF THE INVENTION
-Various types of access using walls, routers, and bridges
Control was being executed, but this control rule
In many cases. For example, IP ad
Address 100.100.100.0 to IP address 10
0.100.200. Access to XXX allowed
(XXX is an arbitrary number). However, in recent years, dial-in
The same IP address as represented by Internet access
Is not always used by the same person (or device)
The situation is becoming more common. Such an IP address
Under dynamically assigned situations, IP addresses
Only fixed access control rules using
It is also assumed that there is a case where it is not possible to cope with the usage form of. For example, a certain IP address is today a section manager
, But the director may use it tomorrow.
No. In this case, the access rights of the section manager and the section manager are different
The same fixed access today and tomorrow
Control rules make it difficult to deal with the actual situation. [0008] The present invention has been made in view of such problems.
Device that can dynamically change access control rules.
To provide devices and programs. [0009] [MEANS FOR SOLVING THE PROBLEMS]
The present invention provides a first network and a second network.
An access control device for controlling access between
Access control table that stores access control rules
From the first network to the second network.
Access request, the requested access is
Searching means for searching from the access control table,
The search means determines whether the access is the access control table
Access is denied to the above-mentioned source if it cannot be found
Rejecting means for transmitting a message,
If found from the access control table,
Access control rules stored in the access control table
Access control means for executing access based on
Authentication server that passes the Iometrics authentication result to a third party
If an access control rule setting request is
In this case, the contents of the access control table are changed, added, or
Includes access control rule management means to be deleted
An access control device characterized by the following. With such a configuration, the access control
Rules can be changed dynamically. [0011] The present invention also provides a network and the network.
Control access to hosts connected to the network
Access control rules are stored in the access control device
Access control table and the network
If there is an access request to the host,
Search for the access from the access control table
Search means, and the search means
If the call cannot be found from the
Rejection means for transmitting an access rejection to the original, and the search means
Finds the source from the access control table
The access control table stored in the access control table.
Access to execute access based on access control rules
Control means and the biometrics authentication result to a third party
The authentication server sends an access control rule setting request
If received, the contents of the access control table
Access control rule management means to change, add or delete
And an access control device characterized by including: With such a configuration, the personal fa
Dynamic access control rules for firewalls
It can be changed. [0013] The present invention also relates to a biome of a person to be authenticated.
An authentication table in which trick data is stored in advance,
Desired access content and biometric data to be executed
When receiving an authentication request including
Retrieval means for retrieving check data from the authentication table
The search means converts the biometric data to the
If found in the authentication table,
An access system that allows the desired access content to be included
Rely on an external access control device to set
Requesting means for requesting authentication.
is there. With such a configuration, the biometric
Authentication results using external data
You. [0015] The present invention also provides a communication system in which a predetermined
When trying to access a host, the access is denied.
If not, send an authentication request to a predetermined authentication device
Authentication request means, wherein the authentication request indicates itself.
Identifier and desired access to be performed
And biometric data, which is data indicating self
And a network access characterized by including
Device. With such a configuration, access is denied.
When it is done, an authentication request can be issued automatically. [0017] The means described below are the means associated with the device.
A dan is expressed as a program, and its essence is
The characteristic features and operations are the same as those of the above-mentioned device.
You. That is, the present invention provides a first network
And access for controlling access between the second networks
Equipped with an access control table in which control rules are stored
A computer is connected to the first network and the second network.
An access control device for controlling access between networks
In the program for operating
Computer from the first network to the second network.
Request for access to the
For searching for a resource from the access control table
The access in the search procedure.
If the call cannot be found from the
Denial procedure for sending an access denial to the original, and said search procedure
In the access control table.
In the event that it is sent, it is stored in the access control table.
Access based on the access control rules
Access control procedures and biometric authentication results
From the authentication server passed to the user
When a request is sent, the access control table
Access control rules to change, add or delete
Access control characterized by executing a management procedure
It is a program. Further, the present invention provides a network,
Control access to hosts connected to the network
Access control table in which access control rules are stored
A computer equipped with the network and the network.
Control access to the host connected to the network
Program to operate as an access control device
To the computer from the network
When there is a request to access the host, the requested
Search for access from the access control table
The access in the search procedure.
Access control table is not found.
A rejection procedure for sending an access rejection to the source,
In order from the access control table
If found, it is stored in the access control table.
Access based on specified access control rules.
Access control procedures and biometrics authentication results
Setting access control rules from the authentication server passed to the three parties
When a request is sent, the access control table
Access control rules that change, add, or delete the contents of files
Management procedure and access control characterized by executing
Your program. The present invention also relates to a biome of a person to be authenticated.
There is an authentication table in which trick data is stored in advance.
Computer that operates as an authentication device
In the ram, the computer wishes to execute
Authentication request including access details and biometric data
When receiving the biometric data
A search procedure for searching from an authentication table, and the search procedure
The biometric data in the authentication table
If found in the certification request, the
Access control rules that allow desired access
Request to external access control device to set
And an authentication program characterized by causing the user to execute the procedure.
It is. [0021] DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Preferred embodiments of the present invention will be described below.
Will be described with reference to the drawings. [0022]Embodiment 1 (Firewall) FIG. 1 shows a fire according to a preferred embodiment of the present invention.
A network configuration diagram including the wall 10 is shown.
You. As shown in FIG.
10 is the Internet 12 and the local network
14. This local network 14
Is connected to the WEB server 16 and the authentication server 18
I have. In addition, an external terminal 20 is connected to the Internet 12.
Connected. This firewall 10 is defined in the claims.
It corresponds to an example of the “access control device” in the box. Also,
The certification server 18 is an example of an “authentication device” in the claims.
Hit. The external terminal 20 is connected to the “net
Work access device ". From the external terminal 20 on the Internet 12 side
Sees the addresses in the local network 14 directly
Instead, a representative I for the local network 14
One P address is assigned. Be this representative
The IP address is directly
IP address. From the external terminal 20 to the local network 1
4 to access the WEB server 16 of FIG.
Typical IP address (IP address of firewall 10)
Address) and the port number to use
For example, 80 is specified. This port number
In the firewall 10, the external terminal 20
Knowing that they want to use the service,
Sends the access from the web server 16
You. Here, the port of the web service
I used 80 as the number, but other port numbers
good. By specifying the port number in this way,
Identifying each host in the local network 14
You. [0028]Configuration of Firewall 10 A configuration block diagram of the firewall 10 is shown in FIG.
Have been. As shown in this figure, firewall 1
0 is an access from the external terminal 20 of the Internet 12.
Access request and access control for the requested access
Search to search from access control rules in table 26
If the search result is not found as a result of the search,
And denial means 24 for denying access to
You. Also, the firewall 10 is a search method.
Stage 22 passes the requested access to an access control table.
Access to the requested access
Access control means 28 for executing the access control
Manages the access control rules that are the contents of the cable 26
Access control rule management means 30. The feature of this embodiment is that
Access control rules in the access control table 26
They are added, changed, and deleted. In this regard,
Details will be described later. [0031] Access control rules are generally accepted.
Access control table.
A table 26 is a table in which a plurality of access control rules are collected. A theory representing the contents of the access control table 26
An illustration is shown in FIG. As shown in this figure,
Access control table 26 (that is,
Access control rules that describe the
It is composed of information of the originator and information of the destination.
Source information is the source IP address and port number
And the destination information is the IP address and destination of the destination.
And port number. In this table, X is a so-called Y
This is a symbol that represents all numbers. Ma
In the table, an example where a specific number is described
But in a certain range, for example 100.100.10
Like 0.100 to 100.100.100.300
It may be indicated by a range. Firewall 10
Deny access for combinations not shown in the table of FIG.
I do. It should be noted that the search method in the firewall 10
Step 22, access denial means 24, access control means 2
8. The access control rule management means 30 includes a program
It consists of a processor that executes the program.
Is preferred. In addition, the access control table 26
It is preferably constructed on a disk or the like. This
A processor is an example of a “computer” in the claims
Equivalent to. [0034]Configuration of authentication server 18 A configuration block diagram of the authentication server 18 is shown in FIG.
You. The authentication server 18 according to the present embodiment
A server that performs personal authentication using trick data.
Using signature data as biometric data
But other biometric data, such as fingerprint data
Data or a retinal pattern. As shown in FIG. 4, the authentication server 18
Authentication table 40 in which name data is registered in advance,
Searching the authentication table 40 upon request from the department
Means 42. In addition, the authentication server 18
Access control devices such as firewall 10
Request to adjust (add, change, delete, etc.)
Request means 44. With such a configuration,
User who is authenticated by the signature data
Access control rules that allow access
Is set on the wall 10. Note that the search means 42 and the request means 44
From the program and the processor that executes this program
It is desirable to configure. The authentication table 40 is
It is desirable to build on a hard disk or the like. [0037]Configuration of external terminal 20 A configuration block diagram of the external terminal 20 is shown in FIG.
As shown in this figure, the external terminal 20 is a web server 1
6 for browsing web pages to browse web pages
Means 46 and an external authentication service if access is denied.
Requesting means 48 for requesting the server 18 to perform authentication.
ing. The web browsing means 46 is a so-called browser
Program (and the processor that runs it)
It is desirable to use the configuration of (a). Using this program
To display the web page provided by web server 16
It is displayed on the ray 49. The authentication request means 48 is also a program
And a processor that executes it
New Therefore, typically, this external terminal 20 is
Computer with programs such as
Is realized by Of course, PDA (Personal Digital)
 Assistant), mobile phone, etc., connected to the Internet 12
Such a device may be used as long as the device can be used. [0039]motion Hereinafter, the flow of the access process according to the present embodiment will be described.
This will be described based on a flowchart. FIG. 6 and FIG.
A flowchart showing the operation is shown. First, in step S6-1, the external
Terminal 20 accesses WEB server 16
And This access is made by the web browsing means 46.
Be executed. In step S6-2, the access
The firewall request is received by the firewall 10 and
This access is an access control table
Search is performed in the file. This search is
This is executed by the search means 22. Search for originator and originator
The destination IP address and port number are
By checking whether it is listed in
Is executed. If listed, it means that access
Means that it is permitted, and proceeds to step S6-3
Will migrate. On the other hand, if it is not listed,
The process shifts to S6-4. In step S6-3, the access is
Since access is permitted, access is allowed as it is. sand
That is, the external terminal is connected to the WEB server 16 (port number: 80).
The transmission data from the terminal 20 is transferred. In step S6-4, permission is granted
Access is denied because it is determined that the access is from an unauthorized user
To the external terminal 20. This deny action is
This is executed by the rejecting means 24. In step S6-5, the access is
Authentication server for rejected external terminal 20 to obtain permission
A request for authentication is sent to 18. The authentication requesting means 48
Perform the work. What is characteristic in this embodiment is that
During this authentication request, the user ID of the external terminal 20 and the use
And signature data of the other party. further,
In the authentication request, include the details of the access you want to perform
Can be. This ID corresponds to “identification” in the claims.
"Child". Also, the signature data is
It is an example of "biometric data". Also run
The content of the access you want
Content ”. The content of the access you want to perform
Is your IP address, port number, and access
The IP address and port number of the other party are included. Also,
Want to start access during the content of access you want to execute
The time and the time to end may be included. The contents of the access to be executed (desired access
Content) is a combination with the server-side policy.
Access rules are applied to firewall 10
You. The server side means the authentication server 18 (authentication device).
), Firewall 10 (access control device)
Say something. However, the authentication server 18 has a policy.
One would be common. For example, the external terminal 20 (class
Iant) from the account of employee A to the PC of officer B
Even if you request access permission to
Access to the employee's PC is not permitted unless the officer himself authenticates.
If your policy is set to not allow
Not allowed. Extremely speaking, the external terminal 20 (client
Authentication server 18 (authentication) even if no request is issued from the
Fire) according to the policy set on the
-Apply rules to wall 10 (access control device)
Is also preferred. The port number of the authentication server 18 is, for example,
Is set to 9999, so that anyone can access
The port is set as In step S6-6, the authentication server
18 receives the authentication request and executes an authentication operation. Ingredient
To be specific, the authentication server has 18 search means 42,
The requested signature data is retrieved from the authentication table 40. So
Thereafter, the processing shifts to step S7-1 in FIG. In step S7-1, the authentication request
The signature data is recognized by the same person as the signature data.
Signature data is found in the authentication table 40
If so, the process moves to step S7-2,
Adjustment of access control rules is performed. On the other hand,
Signature data recognized as signature data by the authentication table
If not, the process proceeds to step S7-4.
Transition. In step S7-2, the authentication is being requested.
Allow "access content you want to execute" included in
Set access control rules on firewall 10
A request is made to do so. This request is made by request means 44
Runs. In step S7-3, the request
Based on the access control rules
Is registered in the access control table 26. As described above, according to the present embodiment, the dynamic
Access control rules in the access control table 26
Adjusted. In other words, a single IP address can be
Even when sharing, access to the current user
Control rules can be set to ensure a smooth network
Available. After the access control rules are changed,
Access to the web server 16 from the
Allowed. Specifically, step S6- in FIG.
1. The processing of the flow of S6-2 and S6-3 is executed. In step S7-4, the authentication is rejected.
(Failure) is transmitted to the external terminal 20. As described above, according to the present embodiment, the bi-directional
Authenticates the user with metric data (signature data)
And dynamically change access control rules based on this.
Has been implemented. [0056]Adjusting access control rules Dynamically adjusted (changed, added, deleted) as described above
The access control rule is set when a predetermined period has elapsed, or
Undo if access has not been in effect for a certain period of time
Is desirable. This allows for temporary access control
Can be adjusted. [0057]Embodiment 2A (router device) In the first embodiment, the “access control device” in the claims
The firewall 10 has been described as an example of
You can also use a router instead of a firewall
preferable. The access control rules in this case include the route
Routing rules can be included. Ma
The router is only installed between the two networks
Rather than being able to connect to multiple networks
This routing rule is also generally used for multiple networks.
These are rules regarding routing between networks. As described above, according to the router device, the IP address
Of biometric data
Access control rules including dynamic rules
Can be changed. It should be noted that “access control” in the claims
What are rules about access?
Rules are fine. For example, global IP address
Rules that translate between addresses and local addresses
No. [0060]Embodiment 2B (Bridge) Also, instead of the firewall 10, a bridge
It is also preferable to use a device called a so-called device. This bridge
Is known as a device that connects networks,
The rule indicating this connection status is the access control rule.
You. This bridge is also called "access control device"
Corresponds to an example. The rule indicating this connection status is used by the user
Can be dynamically changed by metric data
Noh. [0062]Third Embodiment (Integration of Authentication Server) In the first embodiment, the firewall 10 is regarded as a firewall.
Certificate server 18 is configured separately, but must be integrated
Is also preferred. In this case, the
The certificate server 18 is incorporated. In order to realize such a mode, a file
Execute the operation of the authentication server 18 during the firewall 10
Program on the hard disk etc.
It is preferable to construct the authentication table 40 at the beginning. In the case of this integral construction,
This corresponds to an example of “network equipment”,
The functions corresponding to the wall 10 are described in the claims.
Access control unit ”, the functions corresponding to the authentication server 18
Corresponds to the “authentication unit” in the claims.
You. [0065]Embodiment 4 (Host-based firewall)
E) In the above example, firewall 1 between networks
0, but one local terminal 50 and the
Firewall provided between the Internet 12
Should have the behavior of dynamically changing access control rules.
Are also preferred. In connection with such one local terminal 50,
To control access to protect external terminals.
In this patent specification, the host-based firewall
This is called a rule 52. A host-based firewall such as this
FIG. 8 shows a network configuration diagram centering on the network 52.
ing. As shown in this figure, the local terminal 50
Internet through the strike-based firewall 52
This is a configuration for connecting to the unit 12. This local terminal 50
Above, the HTTP program is running and the local
The terminal 50 executes the operation of the web server 16.
Then, from the external terminal 20, the host base fire
Web server 16 (local terminal)
End 50). The structure of the host base firewall 52
The configuration is almost the same as the firewall 10 shown in FIG.
It is. The difference is in access control between networks.
But not between the network and the local terminal
Control point and access control rule management means
The request is for the Internet instead of the local network
This is the point coming from the 12th side. The other points are the same as the configuration of FIG.
It is like. The operation in the present embodiment is also described above.
The operation is the same as that shown in FIGS. According to the present embodiment, local terminal 50
Of host-based firewall 52 that protects
Access control rules are one of the biometric data
Can be changed dynamically through authentication with signature data
Wear. Therefore, multiple people share the same IP address
Even when using, the local terminal 50 is effective
Can be protected. The host base firewall
File 52 is also an example of the “access control device” in the claims.
Equivalent to. [0071]Embodiment 5 (integration with terminal) In the fourth embodiment, formally, the host
S firewall 52 was constructed. But this
Connect the host-based firewall 52 to the local terminal 5
Alternatively, it may be realized by a program that runs on 0. [0072]Embodiment 6A (Integration with Authentication Server) In the fourth embodiment, the host-based firewall is used.
Although the rule 52 and the authentication server 16 are configured separately,
It is also preferable to configure. In this case, Fire War
In this embodiment, the authentication server 18 is incorporated in the file 10. In order to realize such an embodiment, a host
The authentication server 16 is installed in the base firewall 52.
Embedded programs that perform the operations of
It is preferable to build the authentication table 40 on a disk or the like.
No. Such a configuration is described in the “Net
Work device ". [0075]Embodiment 6B (with a terminal and an authentication server)
Integrated) Note that, as in Embodiment 6A, the host-based fire
When the wall 52 and the authentication server 18 are integrally configured
Also run these programs on the local terminal 50
May be realized. That is, in the local terminal 50, the host
A program for executing the operation of the base firewall 52
As well as access on a hard disk etc.
That is, the control table 26 is constructed. Furthermore, low
A terminal for executing the operation of the authentication server 18 in the local terminal 50.
Embedded program and certified on hard disk etc.
The table 40 is constructed. With this configuration
Therefore, using a program running on the local terminal 50
Host-based firewall 52 and authentication server
The bar 18 can be realized. [0077] As described above, according to the present invention, the battery
Access control based on authentication with iometric data
Since rules can be changed dynamically, addresses
It is possible to promptly deal with a change of a user who uses the service.

BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a network configuration diagram including a firewall according to a preferred embodiment 1 of the present invention. FIG. 2 is a configuration block diagram of a firewall. FIG. 3 is an explanatory diagram showing the contents of an access control table. FIG. 4 is a configuration block diagram of an authentication server. FIG. 5 is a configuration block diagram of an external terminal. FIG. 6 is a flowchart illustrating a flow of an access process according to the embodiment. FIG. 7 is a flowchart illustrating a flow of an access process according to the embodiment. FIG. 8 is a network configuration diagram centered on a host-based firewall. DESCRIPTION OF SYMBOLS 10 Firewall 12 Internet 14 Local network 16 WEB server 18 Authentication server 20 External terminal 22 Search means 24 Access rejection means 26 Access control table 28 Access control means 30 Access control rule management means 40 Authentication table 42 Search means 44 Requesting means 46 Web browsing means 48 Authentication requesting means 49 Display 50 Local terminal 52 Host-based firewall

Claims (1)

  1. Claims: 1. An access control apparatus for controlling access between a first network and a second network, comprising: an access control table storing access control rules; A search unit for searching the access control table for the requested access when there is an access request to the source, and accessing the transmission source when the search unit cannot find the access from the access control table. Rejection means for transmitting rejection; access control means for executing access based on an access control rule stored in the access control table when the search means finds the source from the access control table; Authentication server that passes metrics authentication results to a third party An access control rule management unit that changes, adds, or deletes the contents of the access control table when a setting request for an access control rule is transmitted. 2. An access control device for controlling access between a network and a host connected to the network, wherein: an access control table storing access control rules; and an access request from the network to the host. In the case, a search unit for searching for the requested access from the access control table, and a rejection unit for transmitting an access rejection to the transmission source when the search unit cannot find the access from the access control table. An access control unit for executing an access based on an access control rule stored in the access control table when the search unit finds the transmission source from the access control table; Access from the authentication server passed to When the setting request rule has been transmitted, the change contents of the access control table, the access control apparatus characterized by comprising an access control rule management unit configured to add or remove. 3. When receiving an authentication request including biometric data of a person to be authenticated in advance and an access request to be executed and biometric data, the biometric data is authenticated. A search unit that searches from a table, and an access control rule that permits a desired access content included in the authentication request when the search unit finds the biometric data from the authentication table. Requesting means for requesting an external access control device; and an authentication device. 4. An authentication requesting means for transmitting an authentication request to a predetermined authentication device when an attempt is made to access a predetermined host on a network and the access is denied, wherein the authentication request includes A network access device including an identifier indicating the self, a desired access content to be executed by the user, and biometric data as data indicating the self. 5. A computer comprising an access control table storing access control rules for controlling access between a first network and a second network, wherein the computer controls access between the first network and the second network. A program for causing the computer to operate as an access control device, wherein when the computer receives an access request from the first network to the second network, a search procedure for searching for the requested access from the access control table; If the access is not found from the access control table in the search procedure, a rejection procedure for transmitting an access rejection to the source, and if the source is found from the access control table in the search procedure, The access control table An access control procedure for executing an access based on the access control rule stored in the access control rule; and when the access control rule setting request is transmitted from an authentication server that passes a biometric authentication result to a third party, the access control is performed. An access control rule management procedure for changing, adding or deleting the contents of a table; and 6. A computer comprising an access control table storing an access control rule for controlling access between a network and a host connected to the network, the computer comprising the network and the host connected to the network. A program that operates as an access control device that controls access to the computer, wherein when the computer receives an access request from the network to the host, a search procedure for searching for the requested access from the access control table; A rejection step of transmitting an access rejection to the source if the access is not found from the access control table in the search procedure; and if the source is found from the access control table in the search procedure, Access An access control procedure for executing an access based on the access control rule stored in the control table, and an access control rule setting request transmitted from an authentication server that passes a biometric authentication result to a third party. An access control rule management procedure for changing, adding, or deleting the contents of an access control table; and 7. A program for operating a computer provided with an authentication table in which biometric data of a person to be authenticated is stored in advance as an authentication device, wherein the computer obtains desired access content to be executed and biometric data. A search procedure for retrieving the biometric data from the authentication table when receiving the authentication request including the biometric data, the biometric data is included in the authentication request when the biometric data is found in the authentication table in the search procedure. A request procedure for requesting an external access control device to set an access control rule that permits desired access content; and an authentication program for executing the following.
JP2001329307A 2001-10-26 2001-10-26 Access control apparatus, authentication apparatus and apparatus related to them Pending JP2003132020A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2001329307A JP2003132020A (en) 2001-10-26 2001-10-26 Access control apparatus, authentication apparatus and apparatus related to them

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2001329307A JP2003132020A (en) 2001-10-26 2001-10-26 Access control apparatus, authentication apparatus and apparatus related to them

Publications (1)

Publication Number Publication Date
JP2003132020A true JP2003132020A (en) 2003-05-09

Family

ID=19145231

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2001329307A Pending JP2003132020A (en) 2001-10-26 2001-10-26 Access control apparatus, authentication apparatus and apparatus related to them

Country Status (1)

Country Link
JP (1) JP2003132020A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005101217A1 (en) * 2004-04-14 2005-10-27 Nippon Telegraph And Telephone Corporation Address conversion method, access control method, and device using these methods
JP2005348402A (en) * 2004-05-27 2005-12-15 Microsoft Corp Secure federation of data communication network
WO2007126835A2 (en) 2006-03-31 2007-11-08 Amazon Technologies, Inc. Managing communications between computing nodes
JP2018029234A (en) * 2016-08-15 2018-02-22 日本電信電話株式会社 Client terminal authentication system and client terminal authentication method

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005101217A1 (en) * 2004-04-14 2005-10-27 Nippon Telegraph And Telephone Corporation Address conversion method, access control method, and device using these methods
US8667170B2 (en) 2004-04-14 2014-03-04 Nippon Telegraph And Telephone Corporation Address conversion method, access control method, and device using these methods
JP2005348402A (en) * 2004-05-27 2005-12-15 Microsoft Corp Secure federation of data communication network
US8112796B2 (en) 2004-05-27 2012-02-07 Microsoft Corporation Secure federation of data communications networks
KR101120800B1 (en) 2004-05-27 2012-03-23 마이크로소프트 코포레이션 Secure federation of data communications networks
WO2007126835A2 (en) 2006-03-31 2007-11-08 Amazon Technologies, Inc. Managing communications between computing nodes
EP2008407A2 (en) * 2006-03-31 2008-12-31 Amazon Technologies, Inc. Managing communications between computing nodes
EP2008407A4 (en) * 2006-03-31 2015-03-25 Amazon Tech Inc Managing communications between computing nodes
US9426181B2 (en) 2006-03-31 2016-08-23 Amazon Technologies, Inc. Managing communications between computing nodes
US9794294B2 (en) 2006-03-31 2017-10-17 Amazon Technologies, Inc. Managing communications between computing nodes
US10367850B2 (en) 2006-03-31 2019-07-30 Amazon Technologies, Inc. Managing communications between computing nodes
JP2018029234A (en) * 2016-08-15 2018-02-22 日本電信電話株式会社 Client terminal authentication system and client terminal authentication method

Similar Documents

Publication Publication Date Title
US10523656B2 (en) Session migration between network policy servers
US9386040B2 (en) Policy-based service management system
US20190188993A1 (en) Integrated physical and logical security management via a portable device
US9344421B1 (en) User access authentication based on network access point
US8516569B2 (en) Uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement
US9942274B2 (en) Securing communication over a network using client integrity verification
US9906534B2 (en) Remote access to resources over a network
US8776208B2 (en) Incorporating network connection security levels into firewall rules
EP2643955B1 (en) Methods for authorizing access to protected content
JP6426189B2 (en) System and method for biometric protocol standard
US8073479B2 (en) System, method, and computer program product for service and application configuration in a network device
US8527629B2 (en) Method and apparatus for managing proxy and non-proxy requests in a telecommunications network
EP2345205B1 (en) Apparatus and method for mediating connections between policy source servers, corporate repositories, and mobile devices
JP4891299B2 (en) User authentication system and method using IP address
JP5052523B2 (en) Authenticating principals in a federation
KR100989487B1 (en) Method for authenticating a user to a service of a service provider
US7900240B2 (en) Multilayer access control security system
US9083750B2 (en) Method and system for authentication by defining a demanded level of security
US8719433B2 (en) Methods and apparatus for scalable secure remote desktop access
US8935398B2 (en) Access control in client-server systems
DE60102934T2 (en) Procedure and system for meeting-based authorization and access control for networked application objects
US7448067B2 (en) Method and apparatus for enforcing network security policies
US7546629B2 (en) System and methodology for security policy arbitration
US7581249B2 (en) Distributed intrusion response system
JP2016535880A (en) Multiple resource servers with a single flexible and pluggable OAuth server, OAuth protected REST OAuth permission management service, and OAuth service for mobile application single sign-on

Legal Events

Date Code Title Description
RD02 Notification of acceptance of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7422

Effective date: 20041021

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20041021

RD02 Notification of acceptance of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7422

Effective date: 20070713

A072 Dismissal of procedure

Free format text: JAPANESE INTERMEDIATE CODE: A073

Effective date: 20071225

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20080610

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20081021