1. Technical Field
The present invention relates to technology for changing computer network services depending on the user.
2. Description of Related Art
Conventionally in client (user)-server network computing systems, to determine user access for services administered by a server, the system that FIG. 11 illustrates has been largely used. The system depicted in FIG. 11 includes a server and a group of users using services provided by the server. As shown in FIG. 11, each server has a user database DB, an Access Control List database ACLDB, authorization means, and access determination means. Users are registered in the user database, and are assigned user IDs on the server as unique names. Access control lists, which correspond user IDs or user ID sets with access privileges for services, are stored in the ACLDB for each of the services. The authorization means verifies that a user is a legitimate registered user. The access determination means determines what sort of access privileges for services an authorized user holds. Access privileges for user utilization of services are determined in this system as follows.
(1) First, the system requests user identification, using a password or like authorization information and the user database, and authorizing a user by utilizing the authorization means.
(2) The system then determines access privileges using the access determination means. Searching the service ACLs, a record containing the user""s ID is found and the access privilege written in the record decides the user""s access.
Typically, however, a single user will use several servers among a plurality of servers administered by the same organization, complicating the method of determining access privileges outlined above. Furthermore, when changes in user, access privileges or services arise, the user DB and ACLDB on the server concerned have to be updated. The work of thus updating and meanwhile maintaining consistency in the several databases is not only time-consuming and costly, but is liable to give rise to errors.
Herein, applications such as the xe2x80x9cKerberosxe2x80x9d security system for client/server computing, provided on access administration servers exclusively for authorization and access administration, have been advocated. The access administration server executes operations to determine user authorization and an abstract access level, i.e., access privilege, and then issues access data certifying the access status the administration server has determined. The application server does not conduct individual authorizations, but determines access privileges using access data. FIG. 12 illustrates the concept of a system wherein this sort of method is utilized. The system shown by FIG. 12 is composed of an access administration server, an application server group that provides services, and a user group. A user who is to use a service must obtain access privilege data from the access administration server, and submit the data to the application server that provides the service.
The access administration server includes a user database, authorization means, and first issuing means. User names, and access designators that express users"" access on the application servers, are described by the user database. Access designators, one type of which are user IDs, abstractly describe user access. The authorization means confirms that a user is a properly registered user. The first issuing means issues access data.
The application server includes an ACL database, access data verification means, and access privilege determination means. In the ACL database are the afore-mentioned ACLs for every service. The access data verification means verifies whether access data is proper, and whether a user is a legitimate holder of the access data. The access privilege determination means determines actual access privileges.
When a user is going to use a service, the system shown in FIG. 12 determines access privileges by the procedures below.
(1) The user initially accesses the access administration server and obtains access data. The process therein is as below.
Utilizing the authorization means, the administration server authorizes a user using authorization information such as a password. The user then submits access data request. Utilizing the first issuing means, the administration server searches the user database seeking the user""s access privilege designator in a designated application server and issues to the user access data containing the access privilege data sought.
The issued access data contains information for preventing illegitimate service use.
(2) The user then submits the access data to the application server. Utilizing the access data verification means, the application server verifies the legitimacy of the access data. The application server then verifies that the user is a legitimate holder of the access data using information in the access data.
(3) Once the access data is verified as being legitimate, the application server determines access privilege using the access privilege determination means as follows. Initially, the ACL is searched with the access privilege designator in the access data. The access denoted by the ACL record found is the user""s access.
By using this method, users may be added or deleted, and user access altered, just by updating the access administration server database, which makes updating less trouble and errors less likely to occur.
Nevertheless, with conventional methods, all users have to be registered, even with methods by which access privileges are determined using an access administration server. Therefore, when there are many users, the burden of updating the databases is the burden of the small number of administrators who administrate the access administration servers. Consequently, problems as below occur.
Users using a server once or short-term only users, and users for whom access changes frequently, for example, bring about frequent updating of the user database, placing a large burden on the administrators and moreover readily inviting administrative errors.
On the other hand, administrators have been inclined to impose application procedures on the users in order to facilitate administration. This makes necessary procedures consequently bothersome from the user""s point of view, and moreover makes it take a lot of time to obtain access.
Further, even wherein a service is put under its own administration, to give access to the service, users must be registered in the user database on the administration server by applying to the server administrator. Naturally, the administrator cannot register users without accessing the administration server. Therefore, for self-administrating services to grant access requires a means of accessing the administration server either directly or remotely, and a lot of time and effort.
Further still, depending on the type of service, users who have been given access privileges sometimes want to give the access privileges to a third party whom the users permit. Herein, with conventional methods, this requires the time and effort of accepting an application from a user and transmitting the application to the administration server administrator to have the third party registered.
An object of the present invention is to address the afore-noted problems by simplifying access administration to relieve the burden on administrators and at the same time curtail the time and effort users need to obtain access privileges.
In view of the above problems, an access administration method according to claim 1 is a method for administering user categories for a service. The service has different service contents corresponding to different user categories. The method is to be conducted by a party who provides at least one service content of the service. The method comprises steps of providing access data containing information pertaining to an access for accessing the service; issuing the access data to parties who use the service; receiving access data from one of the parties; sending an acknowledgement to the party; and providing a service content that corresponds to the access data to the user when the user requests the service.
A service provider who provides a service on his/her own, such as a creator of a so-called Web Page, issues access data to users who wish to access the service. An access privilege designator to access the service is written on the access data. The service provider herein means an owner of the service, instead of a server that administers the service provided. The users request an access to the service by sending access data. If the access data sent by the user tuns out to be legitimate, then a service content corresponding to the access written in the access data is provided. For example, when the service is about providing Web Pages and the access is xe2x80x9cfriendxe2x80x9d, a Web Page designated to xe2x80x9cfriendsxe2x80x9d will be provided. If the service is about providing financial information and the access is xe2x80x9creferralxe2x80x9d, then financial information service is provided for free for a short period of time.
An access administration system according to claim 2 is adapted to be used in conjunction with a service provision device for providing the service to terminals on a computer network. The access administration system administers user categories of a service, where the service having different service contents corresponding to different user categories. The access administration system comprises publisher storing means, verifying means, access determining means, first issuing means, and license submission means.
The publisher storing means stores predetermined publisher information pertaining to publishers, the publishers being authorized to issue access data for at least one of the service contents. The verifying means verifies the legitimacy of the access data based on the access data received and the publisher information, upon receiving the access data. The access determining means determines an access based on the access data received and a result of the verification of the access data, and reports the determined access to the service provision device. The first issuing means is adapted to be disposed in a terminal of a publisher. The first issuing means generates access data and issues the access data so as to be utilized by a terminal of the publisher. The license submission means submits access data to the access data verifying means when the service from the service provision device is requested.
A publisher I who owns the service and is authorized to issue access data issues access data using the first issuing means to a user who wishes to use the service owned by the publisher I. The way the access data is delivered to the user is not limited to a specific way, and can be through a floppy disk with the access data written thereon or through transmission via a computer network. The user to whom the access data is granted sends the access data to the verification means by use of the license submission means. The verification means verifies the legitimacy of the access data by checking whether the content of the access data has been modified, whether the publisher is legitimate, and whether the user is legitimate. If the access data turns out to be legitimate, then the access determining means sends the access determined from the access data to the service provision device such as a Web server.
An access administration system according to claim 3 is the access administration system as set forth in claim 2, and further includes second issuing means. The second issuing means is adapted to be disposed in a terminal which can utilize the access data, generates a predetermined supplemental data, appends the supplemental data to the access data, and issues the access data with the supplemental data appended thereto so as to be utilized by the terminal. The verifying means in the access administration system verifies the legitimacy of the access data with the supplemental data appended thereto.
When a supplemental data is included in the access data, the verifying means verifies the legitimacy of the supplemental data by checking the legitimacy of the grantor and the receiver of the supplemental data and also by checking whether the supplemental data has been modified.
An access administration system according to claim 4 is the access administration system as set forth in claim 2, and further includes invalid data storing means for storing information pertaining to access data invalidated by a publisher, and invalidation reporting means for reporting the access data to invalidate to the invalid data storing means.
To invalidate access data that has been already issued, an identification information of the access data and the publisher identification information have only to be reported to the invalid data storing means by use of the invalidation reporting means. The verifying means access data stored in the invalid data storing means as illegitimate.
An access administration system according to claim 5 is the access administration system as set forth in claim 2, and further includes confidence storing means and confidence registering means. The verifying means access administration system verifies the legitimacy of the access data based on the confidence information set for the user contained in the access data. The confidence storing means stores confidence information set by a publisher for a user with reference to the publisher and the user. The confidence registering means registers the confidence information set for the user to the confidence storing means.
For instance, confidence information is a decimal smaller than 1 and is stored with reference to the user, categorized by publisher in the confidence storing server. As an example, in a situation where confidence information stored in the confidence storing means are 0.9 for publisher I with regard to user A, and 0.8 with regard to user B, whereas no confidence information is registered with regard to C, If access data is granted to user C via users A and B, the confidence at user C is 0.9xc3x970.8xc3x971 =0.72. The legitimacy of the access data is verified by comparing the confidence information with an appropriate standard value. If, on the other hand, the access data is granted directly to user D without going through users A and B, and if the confidence information with regard to user D is not registered in the confidence storing means, then the confidence information for user D is set as 1, and also confidence at user D is 1.
An access administration system according to claim 6 is the access administration system as set forth in claim 2, wherein the access data includes information pertaining to expiration date on which the access data expires, and the verifying means further verifies the legitimacy of the access data based on the date on which the service is requested in comparison with the expiration date.
The publisher can set a time period within which a user can use the access data granted, by writing the expiration date thereon.
An access administration system according to claim 7 is the access administration system as set forth in claim 3, wherein the access data further includes a maximum number of parties which can utilize the access data, and the verifying means verifies the legitimacy of the access data based on the number of supplemental data added in comparison with the maximum number of parties which can utilize the access data.
The publisher who grants access data to a user can limit the number the user grants the access data to other users. If the number of supplemental data added exceeds the maximum number of parties which can utilize the access data, then the verifying means finds the access data illegitimate.
An access administration system according to claim 8 is the access administration system as set forth in claim 2, wherein the predetermined publisher information includes publisher identification information for identifying the publisher of the access data, and verification information for verifying the legitimacy of the access data.
The publisher identification information identifies the publisher uniquely. Examples of the publisher identification information include publisher ID and electronic certificates. Examples of the verification information include public keys that correspond to private keys of the publisher of the access data. If the public key is used as verification information of access data, the access data should include a digital signature of the publisher, and the digital signature should be based on a public key encryption system.
An access administration system according to claim 9 is the access administration system as set forth in claim 2, wherein the predetermined access data includes data identification information for identifying the access data, publisher identification information for identifying the publisher, service content specification information for specifying the service content to which the publisher grants access data, an access privilege designator being granted, user verification information for verifying the legitimacy of a party to whom the access data is granted, publisher verification information for verifying the legitimacy of the publisher, and content verification information for verifying the legitimacy of the content of the access data.
Examples of the data identification information include sequential numbers assigned to the incense data issued. Examples of the publisher identification information include publisher ID and electronic certificates. Examples of the service content specification information include, similarly to the above description, URLs of Web Pages provided by a Web server, and channel names provided in chat services. The publisher can set the access as any name, including xe2x80x9cfriendxe2x80x9d, xe2x80x9cwork-related.xe2x80x9d Examples of the user verification information include public keys of the user. The legitimacy of a user is verified using a pubic key by sending a random data to the user and obtaining the random data encrypted with a private key of the user. Upon decrypting the encrypted data, if the decrypted data is identical to the original data, then the legitimacy of the user is verified. Examples of the publisher verification information similarly include, similarly to the above description, the publisher ID and digital signature of the publishers. Examples of the content verification information include digital signature of the publisher applied to the data identification information, the publisher identification information, the service content specification information the user name, and the user verification information.
An access administration system according to claim 10 is the access administration system as set forth in claim 2, wherein the access data includes publisher identification information for identifying the publisher of the access data, and a public key that corresponds to a private key of the publisher according to a public key encryption system, or encryption information for obtaining said public key; and the access data includes data identification information for identifying the access data, the publisher identification information, service content specification information for specifying the service content to which the publisher grants access data, an access privilege designator being granted, a public key that corresponds to a private key of the access data according to the public key encryption system, or encryption information for obtaining said public key, and a digital signature of the publisher that corresponds to the encryption information according to the public key encryption system.
The legitimacy of the publisher and the content of the access data is verified using the public key of the publisher obtained from the publisher information, and the digital signature of the publisher contained in the access data. The legitimacy of the user is verified using the public key of the user obtained from the access data, similarly to the description above.
An access administration system according to claim 11 is the access administration system as set forth in claim 3, wherein the supplemental data includes grantor verification information for verifying the legitimacy of a party who grants the access data, and receiver verification information for verifying the legitimacy of a party to whom the access data is granted.
Examples of information to verify the legitimacy of the grantor include a digital signature of the grantor according to a public key encryption system. Examples of information to verify the legitimacy of the receiver include a public to key that corresponds to a private key of the receiver. For instance, in a situation where access data granted from publisher I to user A is further granted to user B, the legitimacy of the grantor is verified by verifying the digital signature of the user A in the supplemental data using the public key of the user A, which has been contained in the access data even before the supplemental data is added. The legitimacy of the user B is verified by first sending a random data to the user B, obtaining data which is the random data encrypted with the private key of the user B, decrypting the encrypted data with the public key of the user A in the supplemental data, and comparing the decrypted data with the original random data.
An access administration system according to claim 12 is the access administration system as set forth in claim 11, wherein the grantor verification information is a digital signature of the party who grants the access data according to a public encryption key system, and the receiver verification information is a public key that corresponds to a private key of the party who grants the access data with the supplemental data appended thereto.
The legitimacy of the grantor and the receiver of the supplemental data is verified similarly to the inventions in claims 9 and 10.
An access determination module according to claim 13 is adapted to be used in conjunction with a service provision device which provides the service to terminals on a computer network. The access determination module determines user categories of a service, where the service has different service contents corresponding to different user categories. The access determination module comprises publisher storing means, verifying means, and access determining means. The publisher storing means stores predetermined publisher information pertaining to publishers, the publishers being authorized to issue access data for accessing one of the service content. The verifying means verifies the legitimacy of the access data based on the access data received and the publisher information, upon receiving the access data. The access determining means determines an access based on the access data received and a result of the verification of the access data, and reports the determined access to the service provision device.
When a user to whom access data is granted by a publisher of a service sends the access data to the service provision device, the verifying means verifies the legitimacy of the access data by checking whether the content of the access data is modified, whether the publisher is legitimate, and whether the user is legitimate. If the access data turns out to be legitimate, the access determining means reports the access determined from the access data to the service provision device such as a Web server.
Access data issuing device according to claim 14 is adapted to receive information for generating access data that defines an access for accessing a service that is offered on a computer network, thereby generating access data based on the received information and issuing the access data so as to be utilized on the computer network. The access data issuing device comprises data identification information for identifying each access data, publisher identification information for identifying the publisher, service content specification information for specifying a service content to which the publisher grants access data, an access privilege designator being granted, user verification information for verifying the legitimacy of a party to whom the access data is granted, publisher verification information for verifying the legitimacy of the publisher, and content verification information for verifying the legitimacy of the content of the access data.
The access data issuing device receives predetermined information such as a public key of a user to whom access data is granted, thereby issuing access data. The access data can be issued in various ways, including by use of recording media or through a computer network.
A supplemental data issuing device according to claim 15 is adapted to receive access data that defines an access for accessing a service that is offered on a computer network, and information for generating a predetermined supplemental data. The supplemental data issuing device then generates a supplemental data based on the information, and issues a new access data from the access data received with a supplemental data appended thereto so as to be utilized by a terminal. The supplemental data issuing device comprises grantor verification information for verifying the legitimacy of the party who grants the access data and the supplemental data, and receiver verification information for verifying the legitimacy of the party to whom the license and the supplemental data are granted.
In other words, the supplemental data issuing device issues a new access data wherein a supplemental data is appended to an original access data, based on information such as a public key of the receiver and the original access data.
A computer-readable storage device according to claim 16 has an access determining program. The access determining program is adapted to determine an access for accessing a service where the service has different service contents corresponding to different user categories. The access determining device is adapted to be used in conjunction with a service provision device which provides the service to terminals on a computer network. The access determining program executes steps comprising of following A through C.
A: Predetermined publisher information pertaining to publishers is stored, the publishers being authorized to issue a predetermined access data for at least one of the service contents;
B: The legitimacy of access data is verified upon receiving the access data, based on the access data received and the publisher information.
C: An access is determined based on the access data received and result of the verification, and reported to the service provision device.
The computer-readable storage device operates in the same manner as in the invention according to claim 13.
A computer-readable storage device according to claim 17 has access data issuing program. The access data issuing program is adapted to execute steps including following A through C.
A: Pertinent information is received for generating access data that defines an access for accessing a service that is offered on a computer network.
B: Access data is generated based on the received information.
C: The access data is issued so as to be utilized on the computer network.
The access data includes data identification information for identifying the access data, publisher identification information for identifying the publisher, service content specification information for specifying a service content to which the publisher grants license; an access privilege designator being granted, user verification information for verifying the legitimacy of a party to whom the access data is granted, publisher verification information for verifying the legitimacy of the publisher, and content verification information for verifying the legitimacy of the content of the access data.
The computer-readable storage device operates in the same manner as in the invention according to claim 14.
A computer-readable storage device according to claim 18 has data adding program. The data adding program is adapted to execute steps including following A through C.
A: access data that defines an access for accessing a service that is offered on a computer network, and information are received for generating a predetermined supplemental data.
B: A supplemental data is generated based on the information.
C: A new access data is issued from the access data received and the supplemental data appended thereto so as to be utilized on a computer network.
The supplemental data includes grantor verification information for verifying the legitimacy of the party who grants the access data and the supplemental data, and receiver verification information for verifying the legitimacy of the party to whom the license and the supplemental data are granted.
The computer-readable storage device operates in the same manner as in the invention according to claim 15.
According to the present invention, the owner of the service grants access data to users who access the service, whereby a burden of administering the provision of the service is alleviated. It is also easier for users to use the service since procedures required to subscribe to the service is made easier.
The foregoing and other objects, features, aspects and advantages of the present invention will become more apparent from the following detailed description in conjunction with the accompanying drawings.