WO2012160814A1 - 情報処理システム、アクセス権管理方法、情報処理装置およびその制御方法と制御プログラム - Google Patents
情報処理システム、アクセス権管理方法、情報処理装置およびその制御方法と制御プログラム Download PDFInfo
- Publication number
- WO2012160814A1 WO2012160814A1 PCT/JP2012/003347 JP2012003347W WO2012160814A1 WO 2012160814 A1 WO2012160814 A1 WO 2012160814A1 JP 2012003347 W JP2012003347 W JP 2012003347W WO 2012160814 A1 WO2012160814 A1 WO 2012160814A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- application
- information processing
- access right
- processing apparatus
- interface
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1016—IP multimedia subsystem [IMS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- the present invention relates to a technique for managing access rights from applications to a plurality of devices.
- Patent Document 1 describes a remote management method of a machine to be controlled by an authorized user using IMS (Internet protocol) Multimedia Subsystem (IMS) which is an existing standard as an interface. ing.
- IMS Internet protocol Multimedia Subsystem
- the user and the machine are each equipped with an IMS client, thereby realizing the interaction between the user and the machine.
- An object of the present invention is to provide a technique for solving the above-described problems.
- an apparatus provides: An information processing apparatus having an application interface and a device interface generated based on each application and associated with each other, An access right table for storing whether each application has an access right to a device connected to the information processing apparatus; Access control means for controlling access between the application interface and the device interface with reference to the access right table; It is characterized by providing.
- the method according to the present invention comprises: A method for controlling an information processing apparatus having an application interface and a device interface generated based on each application and associated with each other, Control access between the application interface and the device interface with reference to an access right table that stores whether each application has an access right to a device connected to the information processing apparatus. Including an access control step.
- a program according to the present invention provides: A control program for an information processing apparatus having an application interface and a device interface generated based on each application and associated with each other, Control access between the application interface and the device interface with reference to an access right table that stores whether each application has an access right to a device connected to the information processing apparatus.
- the access control step is executed by a computer.
- a system provides: An information processing system that manages access rights from applications to a plurality of devices, Multiple applications, An application interface and a device interface generated based on the plurality of devices and each application and associated with each other; An access right table that stores whether each of the applications has an access right to the plurality of devices; Access control means for controlling access between the application interface and the device interface with reference to the access right table is provided.
- the method according to the present invention comprises: In an information processing system having a plurality of applications and a plurality of devices, an access right management method for managing access rights from applications to the plurality of devices, Generating an application interface and a device interface associated with each other based on each application; An access control step of controlling access between the application interface and the device interface with reference to an access right table that stores whether each application has an access right to the plurality of devices When, It is characterized by including.
- access rights can be managed while handling a plurality of applications and a plurality of devices independently.
- the information processing apparatus 100 is an apparatus that includes application interfaces 111 and 112 and device interfaces 121 and 122 that are generated based on the applications 101 and 102 and are associated with each other.
- the information processing apparatus 100 includes an access right table 130 and an access control unit 140.
- the access right table 130 stores whether each of the applications 101 and 102 has an access right for the devices 103 to 105 connected to the information processing apparatus 100.
- the access control unit 140 refers to the access right table 130 and controls access between the application interfaces 111 and 112 and the device interfaces 121 and 122.
- FIG. 2A is a diagram for explaining an operation in the case of controlling the access right between the application and the device using the access right table 230-1 for access right management.
- FIG. 2B is a diagram for explaining an operation when the access right between the application and the device is controlled using the access right table 230-2.
- the device interfaces 221 to 223 read the device information from the devices 204 to 206, respectively.
- the application interfaces 211 to 213 acquire device information from the device interfaces 221 to 223 in response to requests from the applications 201 to 203.
- the access control unit 240 restricts device information that can be accessed by the application interfaces 211 to 213 based on the access right information in the access right table 230-1. That is, in FIG. 2A, as a result, devices that can be accessed by the application 201 are limited to the device 204, devices that can be accessed by the application 202 are limited to the devices 205 and 206, and devices that can be accessed by the application 203 are limited to the device 206. .
- the device interfaces 221 to 223 read the respective device information from the devices 204 to 206. Then, the application interfaces 211 to 213 acquire device information from the device interfaces 221 to 223 in response to requests from the applications 201 to 203. At this time, the access control unit 240 restricts device information that can be accessed by the application interfaces 211 to 213 based on the access right information in the access right table 230-2. That is, in FIG. 2B, as a result, the devices that the application 201 can access are limited to the device 204, the devices that the application 202 can access are limited to the devices 204 and 205, and the devices that the application 203 can access are limited to the devices 205 and 206. Is done.
- FIG. 3 is a diagram for explaining a functional configuration of the information processing system 2000.
- the information processing system 2000 includes an information processing apparatus 200, an application 201, and devices 204 and 205.
- the information processing apparatus 200 includes an application interface 211, an access right table 230, an access control unit 240, an interface / access right setting change unit 360, a device interface 221, and a device information database (hereinafter referred to as DB) 350. including.
- the application interface 211 includes a device information acquisition unit 310 and a device information processing unit 320, and the device interface 221 includes a device information collection unit 330 and a device information storage unit 340.
- the operator sets up the application interface 211, the device interface 221, and the access right table 230 in the information processing apparatus 200 via the interface / access right setting change unit 360.
- the device information collection unit 330 collects device information from the devices 204 and 205 and passes it to the device information storage unit 340.
- the device information storage unit 340 stores the device information collected by the device information collection unit 330 in the device information DB 350.
- the device information acquisition unit 310 acquires the device information restricted by the access control unit 240 based on the access right information set in the access right table 230 and passes it to the device information processing unit 320.
- the device information processing unit 320 processes device information in accordance with a request from the application 201 and passes it to the application 201.
- the processing content performed in the device information processing unit 320 is set in advance according to the application 201.
- FIG. 4 is a block diagram illustrating a hardware configuration of the information processing apparatus 200.
- the information processing apparatus 200 includes a CPU 410, a ROM 420, a communication control unit 430, a RAM 440, and a storage 450.
- the CPU 410 is a central processing unit and controls the entire information processing apparatus 200 by executing various programs.
- the ROM 420 is a read-only memory, and stores various parameters and the like in addition to a boot program to be executed first by the CPU 410.
- the communication control unit 430 controls communication with other terminals via the network.
- the RAM 440 is a random access memory and has various storage areas.
- the storage 450 stores programs in addition to data groups and databases.
- the information processing apparatus 200 further includes an input / output interface 460, and is connected to the operator operation unit 461 and the display unit 462 via the input / output interface 460.
- the RAM 440 has an area for storing access right information 441, an application interface 442, and a device interface 443 input in response to an operator's operation on the operator operation unit 461. These pieces of information are set up and stored in the storage 450 as an application interface group 210, a device interface group 220, and an access right table 230.
- the RAM 440 also has an area for temporarily storing the device information 444 collected from the devices, and the device information 444 is accumulated in the device information DB 350 of the storage 450.
- the RAM 440 further includes a storage area for storing device control information 445 for controlling the device, application reception information 446 received from the application, and application transmission information 447 to be transmitted to the application.
- the storage 450 stores an information processing program 451.
- the CPU 410 implements each functional configuration of FIG. 3 by reading and executing the information processing program 451, the various interface groups 210 and 220, and the like.
- FIG. 5 is a diagram illustrating an example of the access right table 230.
- the access right table 230 the access right between each application represented by the application IDs 521 to 523 and each device represented by the device IDs 511 to 514 is set.
- the application AP001 has an access right to the device DV001.
- the application AP001 has an access right to the device DV002
- the application AP002 has an access right to the device DV003 and the device DVnnn.
- the application APmmm has access rights to the devices DV002 and DV003.
- FIG. 6 is a flowchart for explaining the flow of processing of the information processing apparatus 200.
- the information processing apparatus 200 determines whether an instruction for setting up an interface is input in step S611, determines whether an instruction to start execution of the application 201 is received in step S621, and changes the access right in step S631. It is determined whether or not an instruction has been input.
- the order of determination is S611, S621, and S631, but this is an example, and these determinations can be in any order.
- the interface / access right setting changing unit 360 When the interface / access right setting changing unit 360 receives an instruction to set up the interface 201 from the operator, the interface / access right setting changing unit 360 proceeds from step S611 to step S613, and performs the setup process of the application interface 211. For example, the interface / access right setting changing unit 360 associates each application with the application interface 211 based on an operator input or predetermined information. In step S615, the interface / access right setting changing unit 360 performs setup processing for the device interface 221. For example, the interface / access right setting changing unit 360 associates each device connected to the information processing apparatus 200 with the device interface 221 based on an operator input or predetermined information. Further, the interface / access right setting changing unit 360 sets the access right table 230 in step S617. Here, as described above, the interface / access right setting changing unit 360 sets to which device the application 201 has an access right.
- step S623 when an application execution start instruction is received from the application 201, the process proceeds from step S621 to step S623, and the device information acquisition unit 310 receives a detailed instruction from the application 201 via the application interface 211.
- the access control unit 240 refers to the access right table 230 to identify a device to which the application 201 has an access right.
- the device information acquisition unit 310 acquires the device information collected by the device specified by the access control unit 240 via the device interface 221.
- step S627 the device information processing unit 320 processes device information corresponding to the request from the application 201.
- step S629 the information processing apparatus 200 transmits the processing result of the device information to the application 201 via the application interface 211.
- step S631 when the operator inputs an instruction to change the access right table 230, the process proceeds to step S633.
- the interface / access right setting changing unit 360 adds or deletes the application 201 to the access right table 230, adds or deletes a device from the access right table 230, or transfers the application 201 to each device. Change the access rights for.
- step S611, step S621, and step S631 the process proceeds to step S641, and the device information collection unit 330 collects device information via the device interface 221.
- the device information storage unit 340 stores the device information collected by the device information collection unit 330 in the device information DB 350.
- FIG. 6 shows only data and programs essential for the present embodiment, and general-purpose data and programs such as OS are not shown.
- the access right can be handled while handling the plurality of applications and the plurality of devices independently. Can be managed.
- FIG. 7A is a diagram for explaining the operation of the information processing system 7000 according to the present embodiment.
- the information processing system 7000 is different from the second embodiment in that the information processing apparatus 700 includes a processing unit 710.
- the processing unit 710 processes the device information transferred from the device interface 221 and restricted in transfer according to the setting of the access right table 230 by the access control unit 240. Then, the processing unit 710 passes the processed device information to the application interface 211.
- Other configurations and operations of the application 201, the devices 204 and 205, and the information processing apparatus 700 are the same as those in the second embodiment, and thus the same reference numerals are given and description thereof is omitted.
- the information processing system 7000 includes a program generation device 720 that generates an application interface 211, a device interface 221, and a processing unit 710.
- the program generation device 720 includes a file reading unit 730, an SQL generation unit 750, and a WSDL generation unit 740.
- the file reading unit 730 reads an XML file 760 described in XML (Extensible Markup Language).
- the SQL generation unit 750 describes the processing by the device interface 221 or the processing processing unit 710 including a database structure by SQL (Structured English Query Language) based on the description of the XML file 760.
- the WSDL generation unit 740 describes an application interface (API) 211 based on WSDL (Web Services Description Language) based on the description of the XML file 760. Note that this application interface (API) 211 is made public and supports the creation of the application 201.
- API application interface
- the XML file 760 includes a data model 761 that defines device information stored in the device information DB 350 and a processing model 762 that defines processing of the processing unit 710 that processes the device information. Furthermore, other models described by XML may be included.
- an XML file 760 described in XML is input, the device interface 221 or processing unit 710 described in SQL is generated, and the application interface 211 described in WSDL is generated.
- the language of the input file or the language of the generation program is not limited to this embodiment.
- XML having a simple data model definition is selected as input, the description language SQL is selected as the database structure, and the web service description language WSDL is selected as the application interface 211.
- a generated language for realizing each functional component may be determined, and at the same time, an appropriate input language may be selected.
- FIG. 7B is a diagram for explaining an example of interface / database generation in the information processing system 7000 according to the present embodiment.
- the input XML example shows the data model 761.
- the model name of this data model 761 is “ABC weather sensor”, an integer “ID” and a character string “Serial No” are associated with an integer “temperature” and an integer “humidity”. Including.
- the SQL description 750a-1 is generated by the SQL generation unit 750 from the data model 761 described in XML. With the SQL description 750a-1, an empty table 351 is generated in the device information DB 350. Then, a table 352 in which temperature and humidity are accumulated by collecting device information from the devices is obtained.
- the WSDL description 740a is generated by the WSDL generation unit 740 from the data model 761 described in XML.
- an input message from the application 201 and an output message to the application 201 are defined as the application interface 211.
- the program generation apparatus 720 generates and sets up the application interface 211 and the device interface 221 of the information processing apparatus 700.
- SOAP Simple Object Access Protocol
- FIG. 7C is a view for explaining an example of device information processing processing unit generation in the information processing system 7000 according to the present embodiment.
- FIG. 7C is executed in addition to the processing of FIG. 7B.
- the input XML example shows a machining model 762.
- the machining model 762 has a model name of “XYZ weather sensor” and is associated with an integer “ID” and a character string “Serial No”, an integer “highest temperature” and an integer “lowest temperature”. Etc.
- the SQL description 750a-2 is generated by the SQL generation unit 750 from the machining model 762 described in XML.
- a process comprising a function 711 for reading the temperature from the table 352 of the device information DB 350 to find the maximum temperature / minimum temperature, and an empty table 712 having an area for storing the maximum temperature and the minimum temperature.
- a processing unit 710 is generated. Then, temperature and humidity are accumulated by collecting device information from the device.
- the program generation apparatus 720 generates and sets up the application interface 211 and the device interface 221 of the information processing apparatus 700, and also generates and sets up the processing unit 710.
- FIG. 8 is a diagram illustrating an application example of the information processing apparatus 200 according to the present embodiment.
- FIG. 8 shows an example in which the information of the company A device 804 is occupied by the company A application 801 and the information of the company B device 805 is occupied by the company B application 802.
- the access right to each device included in the application is set based on information indicating whether each device connected to the information processing apparatus 200 receives the service of the application.
- Information indicating whether each device receives the service of the application may be set in advance in the information processing apparatus 200, for example, or may be added to registration information of the application.
- the M2M-PF that is the information processing apparatus 200 has an access right table 230-81, and shows a state in which the A company application 801 occupies the A company device 804 and the B company application 802 occupies the B company device 805. .
- FIG. 8 shows a state in which the Z company application 803 that does not own the device has entered.
- the Z company application 803 has access rights to both the A company device 804 and the B company device 805.
- the access right table 230-82 indicates that the new company Z application 803 has obtained access rights to the company A device 804 and the company B device 805.
- This access right may be set when, for example, the owner of the company A device 804 and the company B device 805 contracts or registers for the service of the company Z application 803.
- the information processing apparatus 200 allows the company A device 804 and the company B device 805 to provide services from the company Z application 803, for example, by an input from an operator.
- the Z company application 803 can create an access right table 230-82 in which both the A company device 804 and the B company device 805 have access rights. it can.
- the information processing apparatus 200 Information indicating that only the company 804 and the company B device 805 receive service from the company Z application 803 is added to the registration information of the company Z application 803 in advance.
- the access right table 230-82 indicating that the Z company application 803 has no access right for the C company device can be created.
- information indicating whether the new device receives a service from an existing application can be added to the registration information of the new device.
- information indicating the access right in the existing application and the new device can be added to the access right table 230-82.
- the present embodiment it is possible to provide a service to a device and collect information from the device by connecting to the M2M-PF without owning the device. Even when only a new device is added, it is possible to receive service provision from an existing application.
- FIG. 9 is a diagram illustrating an application example of the information processing apparatus 200 according to the present embodiment.
- FIG. 9 shows an example in which only the devices X911 to Z913 are connected to the M2M-PF, which is the information processing apparatus 200, and no application is connected.
- the access right to each device included in the application is based on information indicating whether each device connected to the information processing apparatus 200 sets the access right unconditionally for the application. Is set.
- the M2M-PF that is the information processing apparatus 200 has the access right table 230-91, but shows a state where only the device X911 to the device Z913 are connected.
- the access right table 230-92 indicates that the new company A application 921 has obtained access rights to all devices.
- This access right can be set when, for example, any of the devices X911 to Z913 does not have a specific private owner and is public or anyone can use.
- the information processing apparatus 200 stores, in advance, information indicating whether or not to set an access right unconditionally for each newly entered application by each device, so that the newly entered application
- the access right table 230-92 indicating the access right can be created.
- any of the device X911, the device Y912, and the device Z913 can be used by anyone. Therefore, the information processing apparatus 200 holds information indicating that an access right is unconditionally set for an application in which these devices have newly entered.
- an access right table 230-92 having access rights to the device X911, the device Y912, and the device Z913 can be created.
- the present invention may be applied to a system composed of a plurality of devices, or may be applied to a single device. Furthermore, the present invention can also be applied to a case where a control program that realizes the functions of the embodiments is supplied directly or remotely to a system or apparatus. Therefore, in order to realize the functions of the present invention with a computer, a control program installed in the computer, a medium storing the control program, and a WWW (World Wide Web) server that downloads the control program are also included in the scope of the present invention. include.
Abstract
Description
各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェースとデバイス・インタフェースとを有する情報処理装置であって、
前記各アプリケーションが、当該情報処理装置に接続されたデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルと、
前記アクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御手段と、
を備えることを特徴とする。
各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェースとデバイス・インタフェースとを有する情報処理装置の制御方法であって、
前記各アプリケーションが当該情報処理装置に接続されたデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御ステップを含むことを特徴とする。
各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェースとデバイス・インタフェースとを有する情報処理装置の制御プログラムであって、
前記各アプリケーションが当該情報処理装置に接続されたデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御ステップをコンピュータに実行させることを特徴とする。
複数のデバイスに対するアプリケーションからのアクセス権を管理する情報処理システムであって、
複数のアプリケーションと、
前記複数のデバイスと
各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェース及びデバイス・インタフェースと、
前記各アプリケーションが、前記複数のデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルと、
前記アクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御手段とを備えることを特徴とする。
複数のアプリケーションと複数のデバイスとを有する情報処理システムにおいて、前記複数のデバイスに対するアプリケーションからのアクセス権を管理するアクセス権管理方法であって、
各アプリケーションに基づいて、互いに関連付けられたアプリケーション・インタフェース及びデバイス・インタフェースを生成する生成ステップと、
前記各アプリケーションが、前記複数のデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御ステップと、
を含むことを特徴とする。
本発明の第1実施形態としての情報処理装置100について、図1を用いて説明する。情報処理装置100は、各アプリケーション101、102に基づいて生成され、互いに関連付けられたアプリケーション・インタフェース111、112とデバイス・インタフェース121、122とを有する装置である。
《情報処理システムの動作》
次に本発明の第2実施形態に係る情報処理システム2000の動作について、図2A、図2Bを用いて説明する。図2Aは、アクセス権管理のためのアクセス権テーブル230-1を用いて、アプリケーションとデバイスとの間のアクセス権を制御する場合の動作を説明するための図である。図2Bは、アクセス権テーブル230-2を用いて、アプリケーションとデバイスとの間のアクセス権を制御する場合の動作を説明するための図である。
図3は、情報処理システム2000の機能構成を説明するための図である。情報処理システム2000は、情報処理装置200とアプリケーション201とデバイス204、205を含む。
図4は、情報処理装置200のハードウェア構成を示すブロック図である。図4において、情報処理装置200は、CPU410、ROM420、通信制御部430、RAM440、およびストレージ450を備えている。
図5は、アクセス権テーブル230の一例を示す図である。このアクセス権テーブル230により、アプリケーションID521~523で表わされた各アプリケーションと、デバイスID511~514で表わされた各デバイスとの間のアクセス権が設定される。例えば、デバイスDV001とアプリケーションAP001との対応関係を示すセルには、○が示されているので、アプリケーションAP001はデバイスDV001に対してアクセス権を有していることが分かる。同様に、このアクセス権テーブル230によれば、アプリケーションAP001はデバイスDV002に対してもアクセス権を有し、アプリケーションAP002はデバイスDV003とデバイスDVnnnに対してアクセス権を有することが分かる。さらに、アプリケーションAPmmmはデバイスDV002とデバイスDV003に対してアクセス権を有していることが分かる。
図6は、情報処理装置200の処理の流れを説明するためのフローチャートである。
《情報処理システムの動作》
次に本発明の第3実施形態に係る情報処理システム7000について、図7Aを用いて説明する。図7Aは、本実施形態に係る情報処理システム7000の動作を説明するための図である。
図7Bは、本実施形態に係る情報処理システム7000におけるインタフェース/データベース生成例を説明するための図である。
図7Cは、本実施形態に係る情報処理システム7000におけるデバイス情報の加工処理部生成例を説明するための図である。図7Cは、図7Bの処理に追加して実行される。
次に本発明の第4実施形態に係る情報処理システム800の動作について、図8を用いて説明する。図8は、本実施形態に係る情報処理装置200の適用例を示す図である。例えば、図8は、A社デバイス804の情報がA社アプリ801に占有され、B社デバイス805の情報がB社アプリ802に占有されている場合の例である。
次に本発明の第5実施形態に係る情報処理システム900の動作について、図9を用いて説明する。図9は、本実施形態に係る情報処理装置200の適用例を示す図である。例えば、図9は、デバイスX911~デバイスZ913のみが情報処理装置200であるM2M-PFに接続され、アプリケーションは接続されてない場合の例である。
以上、本発明の実施形態について詳述したが、それぞれの実施形態に含まれる別々の特徴を如何様に組み合わせたシステムまたは装置も、本発明の範疇に含まれる。
Claims (12)
- 各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェースとデバイス・インタフェースとを有する情報処理装置であって、
前記各アプリケーションが、当該情報処理装置に接続されたデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルと、
前記アクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御手段と、
を備えることを特徴とする情報処理装置。 - 新たなアプリケーションを追加する場合に、前記新たなアプリケーションに対応して新たなアプリケーション・インタフェースと新たなデバイス・インタフェースとを関連付けて生成する生成手段と、
前記新たなアプリケーション・インタフェースと前記新たなデバイス・インタフェースとを当該情報処理装置に追加するアプリケーション追加手段とをさらに備え、
前記アプリケーション追加手段は、前記新たなアプリケーションが、当該情報処理装置に接続されたデバイスに対してアクセス権を有するか否かのデータを前記アクセス権テーブルに追加することを特徴とする請求項1に記載の情報処理装置。 - 新たなデバイスを追加する場合、前記新たなデバイスに対して前記各アプリケーションがアクセス権を有するか否かのデータを前記アクセス権テーブルに追加するデバイス追加手段をさらに備えることを特徴とする請求項1または2に記載の情報処理装置。
- 前記アプリケーションの前記デバイスへのアクセス権を変更する場合は、当該アクセス権の変更に従って、前記アプリケーションがアクセス権を有するか否かを示す前記アクセス権テーブルのデータを変更するアクセス権変更手段をさらに備えることを特徴とする請求項1乃至3のいずれか1項に記載の情報処理装置。
- 前記デバイス・インタフェースは、前記デバイスから収集されたデータをデータベースに蓄積する蓄積手段を含むことを特徴とする請求項1乃至4のいずれか1項に記載の情報処理装置。
- 前記情報処理装置の管理のためにデータを入力する入力手段をさらに備え、
前記アプリケーションおよび前記デバイスの登録と前記アクセス権テーブルのデータの設定とは、前記入力手段を介して行なわれることを特徴とする請求項1乃至5のいずれか1項に記載の情報処理装置。 - 前記アプリケーションの前記デバイスへのアクセス権は、前記情報処理装置に接続されている各デバイスが前記アプリケーションのサービスを受けるか否かを示す情報に基づいて設定されることを特徴とする請求項1乃至6のいずれか1項に記載の情報処理装置。
- 前記アプリケーションの前記デバイスへのアクセス権は、前記デバイスが前記アプリケーションに対して無条件でアクセス権を設定するか否かの情報に基づいて設定されることを特徴とする請求項1乃至6のいずれか1項に記載の情報処理装置。
- 各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェースとデバイス・インタフェースとを有する情報処理装置の制御方法であって、
前記各アプリケーションが、当該情報処理装置に接続されたデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御ステップを含むことを特徴とする情報処理装置の制御方法。 - 各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェースとデバイス・インタフェースとを有する情報処理装置の制御プログラムであって、
前記各アプリケーションが、当該情報処理装置に接続されたデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御ステップをコンピュータに実行させることを特徴とする制御プログラム。 - 複数のデバイスに対するアプリケーションからのアクセス権を管理する情報処理システムであって、
複数のアプリケーションと、
前記複数のデバイスと
各アプリケーションに基づいて生成され、互いに関連付けられたアプリケーション・インタフェース及びデバイス・インタフェースと、
前記各アプリケーションが、前記複数のデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルと、
前記アクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御手段とを備えることを特徴とする情報処理システム。 - 複数のアプリケーションと複数のデバイスとを有する情報処理システムにおいて、前記複数のデバイスに対するアプリケーションからのアクセス権を管理するアクセス権管理方法であって、
各アプリケーションに基づいて、互いに関連付けられたアプリケーション・インタフェース及びデバイス・インタフェースを生成する生成ステップと、
前記各アプリケーションが、前記複数のデバイスに対してアクセス権を有するか否かを記憶するアクセス権テーブルを参照して、前記アプリケーション・インタフェースと前記デバイス・インタフェースとの間のアクセスを制御するアクセス制御ステップと、
を含むことを特徴とするアクセス権管理方法。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR112013030089A BR112013030089A2 (pt) | 2011-05-24 | 2012-05-22 | sistema de processamento de informação, método de controle de direito de acesso, aparelho de processamento de informação e método de controle e programa de controle destes |
US14/118,881 US20140096237A1 (en) | 2011-05-24 | 2012-05-22 | Information processing system, access right management method, information processing apparatus and control method and control program therefor |
EP12789815.3A EP2717187A4 (en) | 2011-05-24 | 2012-05-22 | INFORMATION PROCESSING SYSTEM, ACCESS RIGHTS MANAGEMENT METHOD, INFORMATION PROCESSING DEVICE, AND CONTROL METHOD AND CONTROL PROGRAM THEREOF |
JP2013516213A JP5807677B2 (ja) | 2011-05-24 | 2012-05-22 | 情報処理システム、アクセス権管理方法、情報処理装置およびその制御方法と制御プログラム |
CN201280025132.9A CN103548321A (zh) | 2011-05-24 | 2012-05-22 | 信息处理系统、访问权限管理方法、信息处理设备及其控制方法和控制程序 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011-116369 | 2011-05-24 | ||
JP2011116369 | 2011-05-24 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2012160814A1 true WO2012160814A1 (ja) | 2012-11-29 |
Family
ID=47216905
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2012/003347 WO2012160814A1 (ja) | 2011-05-24 | 2012-05-22 | 情報処理システム、アクセス権管理方法、情報処理装置およびその制御方法と制御プログラム |
Country Status (6)
Country | Link |
---|---|
US (1) | US20140096237A1 (ja) |
EP (1) | EP2717187A4 (ja) |
JP (2) | JP5807677B2 (ja) |
CN (1) | CN103548321A (ja) |
BR (1) | BR112013030089A2 (ja) |
WO (1) | WO2012160814A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5737392B2 (ja) * | 2011-05-24 | 2015-06-17 | 日本電気株式会社 | 情報処理システム、データ管理方法、情報処理装置およびその制御方法と制御プログラム |
JP6140874B1 (ja) * | 2016-10-03 | 2017-05-31 | Kddi株式会社 | 制御装置、制御方法、及びコンピュータプログラム |
JP2018060509A (ja) * | 2017-04-28 | 2018-04-12 | Kddi株式会社 | 制御装置、制御方法、及びコンピュータプログラム |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9384357B2 (en) | 2014-10-01 | 2016-07-05 | Quixey, Inc. | Providing application privacy information |
WO2016138652A1 (zh) * | 2015-03-04 | 2016-09-09 | 华为技术有限公司 | 一种获取成员资源数据的方法及对应装置、设备 |
CN105404827B (zh) * | 2015-12-24 | 2018-11-06 | 北京奇虎科技有限公司 | 控制应用程序之间通信的方法、装置及系统 |
US11182086B2 (en) * | 2019-07-19 | 2021-11-23 | Cignet Technology, Inc. | Method and system for application-based management of user data storage rights |
WO2023087278A1 (zh) * | 2021-11-19 | 2023-05-25 | 国云科技股份有限公司 | 一种云平台权限设置方法、装置、终端设备及存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004227127A (ja) * | 2003-01-21 | 2004-08-12 | Hitachi Ltd | 複数の環境情報を持つプログラムおよびこのプログラムを持つ情報処理装置 |
JP2008543137A (ja) | 2005-05-23 | 2008-11-27 | シーメンス ソシエタ ペル アツィオーニ | 機械を、ipマルチメディアサブシステムのipリンクを介して遠隔管理するための方法およびシステム、ims |
JP2008305336A (ja) * | 2007-06-11 | 2008-12-18 | Nippon Telegr & Teleph Corp <Ntt> | アクセス許可設定方法、アクセス許可設定装置およびアクセス許可設定プログラム |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19937529A1 (de) * | 1999-08-09 | 2001-03-01 | Giesecke & Devrient Gmbh | Tragbarer Datenträger und Verfahren zur Nutzung in einer Mehrzahl von Anwendungen |
NZ531131A (en) * | 2001-08-13 | 2005-12-23 | Qualcomm Inc | Using permissions to allocate device resources to an application |
JP4277952B2 (ja) * | 2002-11-15 | 2009-06-10 | パナソニック株式会社 | 競合調停装置、競合調停方法および競合調停プログラム |
US7543331B2 (en) * | 2003-12-22 | 2009-06-02 | Sun Microsystems, Inc. | Framework for providing a configurable firewall for computing systems |
JP2005352908A (ja) * | 2004-06-11 | 2005-12-22 | Ntt Docomo Inc | 移動通信端末及びデータアクセス制御方法 |
JP4185895B2 (ja) * | 2004-07-28 | 2008-11-26 | キヤノン株式会社 | 画像処理装置、画像処理装置の制御方法、および画像処理装置の制御プログラム |
US7535880B1 (en) * | 2005-01-13 | 2009-05-19 | 2Wire, Inc. | Method and apparatus for controlling wireless access to a network |
US7853961B2 (en) * | 2005-02-28 | 2010-12-14 | Microsoft Corporation | Platform for data services across disparate application frameworks |
WO2006114878A1 (ja) * | 2005-04-21 | 2006-11-02 | Mitsubishi Electric Corporation | コンピュータ及びコンピュータリソースへのアクセス制御方法及びアクセス制御プログラム |
US7770174B1 (en) * | 2005-06-13 | 2010-08-03 | Sprint Spectrum L.P. | Client-based resource manager with network-based rights acquisition |
JP2007041883A (ja) * | 2005-08-03 | 2007-02-15 | Toshiba Corp | 業務主導セキュリティー制御システムおよび業務主導セキュリティー制御方法 |
US7657662B2 (en) * | 2005-08-31 | 2010-02-02 | International Business Machines Corporation | Processing user space operations directly between an application instance and an I/O adapter |
JP4661574B2 (ja) * | 2005-12-14 | 2011-03-30 | セイコーエプソン株式会社 | 組込機器、電子機器、組込機器の制御方法、制御プログラムおよび記録媒体 |
JP2007282181A (ja) * | 2006-03-14 | 2007-10-25 | Ricoh Co Ltd | 画像処理装置、画像処理方法、およびプログラム |
JP4407662B2 (ja) * | 2006-04-05 | 2010-02-03 | ソニー株式会社 | 情報処理装置及びアプリケーション調停方法 |
JP2008219419A (ja) * | 2007-03-02 | 2008-09-18 | Nec Corp | アクセス制御設定支援システム |
US20090191846A1 (en) * | 2008-01-25 | 2009-07-30 | Guangming Shi | Biometric smart card for mobile devices |
US20100031324A1 (en) * | 2008-03-07 | 2010-02-04 | Strich Ronald F | Apparatus and method for dynamic licensing access to wireless network information |
US8473898B2 (en) * | 2008-07-08 | 2013-06-25 | Synapsense Corporation | Apparatus and method for building integrated distributed applications for use with a mesh network |
US8533844B2 (en) * | 2008-10-21 | 2013-09-10 | Lookout, Inc. | System and method for security data collection and analysis |
JP5338484B2 (ja) * | 2009-06-02 | 2013-11-13 | 株式会社リコー | 情報処理装置、データ送信方法、プログラム、記憶媒体 |
JP5449905B2 (ja) * | 2009-07-29 | 2014-03-19 | フェリカネットワークス株式会社 | 情報処理装置、プログラム、および情報処理システム |
CN102238573A (zh) * | 2010-04-30 | 2011-11-09 | 中兴通讯股份有限公司 | 一种m2m业务的架构及实现m2m业务的方法 |
US8620998B2 (en) * | 2010-09-11 | 2013-12-31 | Steelcloud, Inc. | Mobile application deployment for distributed computing environments |
-
2012
- 2012-05-22 BR BR112013030089A patent/BR112013030089A2/pt not_active IP Right Cessation
- 2012-05-22 EP EP12789815.3A patent/EP2717187A4/en not_active Withdrawn
- 2012-05-22 JP JP2013516213A patent/JP5807677B2/ja active Active
- 2012-05-22 US US14/118,881 patent/US20140096237A1/en not_active Abandoned
- 2012-05-22 CN CN201280025132.9A patent/CN103548321A/zh active Pending
- 2012-05-22 WO PCT/JP2012/003347 patent/WO2012160814A1/ja active Application Filing
-
2015
- 2015-09-10 JP JP2015178452A patent/JP6252570B2/ja active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004227127A (ja) * | 2003-01-21 | 2004-08-12 | Hitachi Ltd | 複数の環境情報を持つプログラムおよびこのプログラムを持つ情報処理装置 |
JP2008543137A (ja) | 2005-05-23 | 2008-11-27 | シーメンス ソシエタ ペル アツィオーニ | 機械を、ipマルチメディアサブシステムのipリンクを介して遠隔管理するための方法およびシステム、ims |
JP2008305336A (ja) * | 2007-06-11 | 2008-12-18 | Nippon Telegr & Teleph Corp <Ntt> | アクセス許可設定方法、アクセス許可設定装置およびアクセス許可設定プログラム |
Non-Patent Citations (2)
Title |
---|
KOJI KATA ET AL.: "Carrier Cloud o Shien suru M2M Service Platform", NEC TECHNICAL JOURNAL, vol. 63, no. 2, April 2010 (2010-04-01), pages 101 - 105, XP055138558, Retrieved from the Internet <URL:http://www.nec.co.jp/techrep/ja/ journal/g10/n02/100221.pdf> [retrieved on 20120621] * |
See also references of EP2717187A4 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5737392B2 (ja) * | 2011-05-24 | 2015-06-17 | 日本電気株式会社 | 情報処理システム、データ管理方法、情報処理装置およびその制御方法と制御プログラム |
JP6140874B1 (ja) * | 2016-10-03 | 2017-05-31 | Kddi株式会社 | 制御装置、制御方法、及びコンピュータプログラム |
JP2018060295A (ja) * | 2016-10-03 | 2018-04-12 | Kddi株式会社 | 制御装置、制御方法、及びコンピュータプログラム |
JP2018060509A (ja) * | 2017-04-28 | 2018-04-12 | Kddi株式会社 | 制御装置、制御方法、及びコンピュータプログラム |
Also Published As
Publication number | Publication date |
---|---|
JP6252570B2 (ja) | 2017-12-27 |
BR112013030089A2 (pt) | 2016-09-20 |
JPWO2012160814A1 (ja) | 2014-07-31 |
CN103548321A (zh) | 2014-01-29 |
JP2016027483A (ja) | 2016-02-18 |
EP2717187A4 (en) | 2014-11-05 |
JP5807677B2 (ja) | 2015-11-10 |
EP2717187A1 (en) | 2014-04-09 |
US20140096237A1 (en) | 2014-04-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6252570B2 (ja) | 情報処理システム、アクセス制御方法、情報処理装置およびその制御方法と制御プログラム | |
KR101107319B1 (ko) | 오픈 api 기반 웹포털 서비스 제공 방법 및 시스템 | |
US20090235167A1 (en) | Method and system for context aware collaborative tagging | |
CN1692354B (zh) | 信息管理系统、信息处理设备以及信息处理方法 | |
Schmid et al. | An architecture for interoperable IoT Ecosystems | |
CN103957270A (zh) | 一种云原子单元投递与部署的方法及装置 | |
US20130091416A1 (en) | Method for establishing a relationship between semantic data and the running of a widget | |
CN106230889B (zh) | 移动应用业务组件资源管理方法及系统 | |
Schroth et al. | Brave new web: Emerging design principles and technologies as enablers of a global soa | |
US9350738B2 (en) | Template representation of security resources | |
US11831485B2 (en) | Providing selective peer-to-peer monitoring using MBeans | |
Chen et al. | Grid computing enhances standards-compatible geospatial catalogue service | |
Xu et al. | Gatorshare: a file system framework for high-throughput data management | |
Bakalova et al. | WebSphere dynamic cache: improving J2EE application performance | |
CN115002072A (zh) | 一种基于jmx的获取数据方法、装置及介质 | |
CN113822557A (zh) | 数据融合管理系统、装置、电子设备及介质 | |
Han et al. | Cloud-based active content collaboration platform using multimedia processing | |
Li et al. | Deploying mobile agents in distributed data mining | |
Kindermann | Climate Data Analysis and Grid Infrastructures: Experiences and Perspectives | |
KR102016810B1 (ko) | 사물을 제어하는 다수 IoT 플랫폼을 생성하는 액추에이터 컴포지션 시스템 | |
Kiviluoma | Integrating Industrial Process Data to Azure Using OPC UA and Azure IoT Edge: Process Data Integrator | |
CN115705435A (zh) | 云服务的数据处理的方法、装置、设备及介质 | |
Yu et al. | Research of a massive distributed remote sensing data resource sharing method under grid environment | |
Meng et al. | On Heterogeneous Database Integration Under the Scope of Web Service and Java | |
Watson III et al. | Storage Manager and File Transfer Web Services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12789815 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013516213 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14118881 Country of ref document: US |
|
REEP | Request for entry into the european phase |
Ref document number: 2012789815 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112013030089 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 112013030089 Country of ref document: BR Kind code of ref document: A2 Effective date: 20131122 |