WO2005006204A1 - データベースアクセス制御方法、データベースアクセス制御装置、代理処理サーバ装置、データベースアクセス制御のためのプログラム、および該プログラムを記録した記録媒体 - Google Patents
データベースアクセス制御方法、データベースアクセス制御装置、代理処理サーバ装置、データベースアクセス制御のためのプログラム、および該プログラムを記録した記録媒体 Download PDFInfo
- Publication number
- WO2005006204A1 WO2005006204A1 PCT/JP2004/009847 JP2004009847W WO2005006204A1 WO 2005006204 A1 WO2005006204 A1 WO 2005006204A1 JP 2004009847 W JP2004009847 W JP 2004009847W WO 2005006204 A1 WO2005006204 A1 WO 2005006204A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- database
- processing server
- user
- access
- access control
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99939—Privileged access
Definitions
- Database access control method database access control device, proxy processing server device, database access control program, and recording medium recording the program
- the present invention relates to a database access control technology, and more particularly, to a database access control technology for accessing a database in cooperation with a database access control device and a proxy processing server device as a user's proxy. About.
- a database stores data, and a plurality of users store data, so that which user can register, refer to, update, or delete which data is controlled by an access control mechanism of the database.
- registering, referencing, updating, and deleting data in the database will be collectively referred to as database access.
- access control is performed so that user B cannot access user A's data and user A cannot access user B's data.
- a database access control method conventionally, authentication information such as a pair of a user ID and a password that a user passes to a database is compared with authentication information registered in advance in a database access control mechanism.
- the access control list (Access Control List), which specifies which data can be accessed for the next identified user, specifies the user who is trying to access the data. If you decide to allow or disallow all types, there are methods.
- the above access control method is for the case where access to the database is limited to only the user who stores data in the database.
- a proxy agent proxy processing server
- a proxy agent proxy processing server
- a proxy agent provides a function of processing data
- the user has the proxy agent process the data stored in the database, and the user receives the processing result. Is the case.
- a point to be considered is that the proxy agent must access the database based on the access authority of the requester's user. It is. For example, when a user A requests a proxy agent to access a database, the proxy agent must be access-controlled so that only the data that user A is permitted to access can be accessed. Nanare. That is, despite the request of user A, the proxy agent must not access user B's data that is not authorized by user A and return that information to user A.
- the access of the proxy agent to the database based on the access authority of the requester's user is called the transfer of access authority from the user to the proxy agent.
- the simplest access control method that satisfies the above conditions is that the user passes his / her user ID / password and other authentication information to the proxy agent to access the database, and the proxy agent sends the authentication information to the proxy agent. There is a method of accessing the database using the authentication information and acquiring the data of the user.
- a digital certificate, a digital signature, and a digital signature are used to determine whether the user's delegation of access authority to a proxy agent is correct.
- Some methods use a dangling or a one-way function to confirm (for example, see Document 1: Japanese Patent Application Laid-Open No. 2001-101054 and Document 2: Japanese Patent Application Laid-Open No. 2002-163235).
- a proxy agent is an entity of a third party different from the user, and the user cannot always trust the proxy agent. Therefore, for example, user A
- the proxy agent stores the authentication information internally, and when the other user, User B, accesses it, retains the authentication information.
- the proxy agent may perform malicious processing, such as impersonating user A using the authentication information that was given, and allowing user B to access user A's data, which should not have been authorized.
- the present invention has been made to solve the above problems, and prevents a proxy agent (proxy processing server) from making unauthorized access to a database or a function equivalent to a database.
- the purpose is to provide a mechanism to do this.
- the database access control device transmits the address of the available proxy processing server device to the user device in response to a request from the user device.
- the user device makes a database access request by connecting to the proxy processing server device at the above address, and the proxy processing server device makes a database processing request to the database access control device according to the database access request from the user device.
- the database access control device executes processing on the database in response to a database processing request from the proxy processing server device, and transmits the processing result to the proxy processing server device.
- the proxy processing server device receives the processing result transmitted from the database access control device. , And transmits the processing result to the user device.
- the database access control device generates an access key based on the user ID of the user device, stores the access key in storage means of the database access control device, and stores the access key in the user device.
- the user device transmits an access key to the proxy processing server device when making a database access request to the proxy processing server device, and the proxy processing server device accesses the database device when making a database processing request to the database access control device.
- the database access control device checks whether or not the same access key as the access key received from the proxy processing server device exists in the storage unit, and determines whether or not the user corresponding to the access key exists only when the access key exists. Ensure that access to data in the database is performed within the limits allowed for the ID.
- the database access control device determines whether the user device is in a state of being connected to the proxy processing server device, and the user device performs the proxy process. Access to data in the database is executed only when the server is connected to the server.
- the database processing request is a request for processing such as data registration, change, deletion, or search with respect to the database.
- the proxy processing server device to which the proxy processing permission has not been given cannot execute the database access processing, and the proxy processing server device to which the proxy processing permission has been given also requests the proxy processing server device. It is not possible to execute data registration, change, deletion, search, etc. on the database beyond the ID authority.
- the proxy processing server device independently executing a database search process without receiving a search proxy process request from the user device. For this reason, the user of the proxy processing server device uses a process for performing a database search without worrying about an improper act and a proxy processing server device for processing the search result. It becomes possible. This allows the user to use the proxy processing server device that performs various useful processes prepared by a third party.
- FIG. 1 is a configuration diagram of an entire system to which the present invention is applied.
- FIG. 2 is a diagram showing an example of data stored in a database.
- FIG. 3 is a processing sequence diagram of one embodiment of the present invention.
- FIG. 4 is a cooperation diagram between respective devices according to an embodiment of the present invention.
- FIG. 1 shows a configuration diagram of an entire system to which the present invention is applied.
- 100 is a database access control device
- 200 is a database shared by a plurality of users
- 300 is a proxy processing server device
- 400 is a user device of each user
- 500 is a network such as the Internet.
- the database access control device 100 includes an intermediary processing unit 101 having an intermediary function between the user device 400 and the proxy processing server device 300, and an access processing unit 102 having an access function to data stored in the database 200.
- the database 200 stores information about the user, such as a user ID and authentication information, which have been preliminarily registered, information on the proxy processing server 300, and storage for the system to provide. Holds product data. Further, although omitted in FIG. 1, the database 200 has a built-in access control mechanism. The connection between the database access control device 100 and the database 200 may be made directly or via a network or may be shifted.
- the database access control device 100, the proxy processing server device 300, and the user device 400 are connected via a network 500.
- the substance of the database access control device 100 and the proxy processing server device 300 is a computer, and each process is executed by a program under an environment of hardware resources such as a CPU and a memory.
- the database access control device 100 and the proxy processing server device 300 operate in cooperation with each other as a proxy of the user, thereby accessing the database 200 and performing desired processing on the read stored data. Then, the result is transmitted to the user device 400 of the user.
- FIG. 2 shows an example of data stored in the database 200.
- the database 200 includes a user data section 210, a user system data section 220, and a stored data section 230.
- the user data section 210 stores information on registered users. For each user, the user ID 211, authentication information 212, user authority information 213, session information 214, proxy server list 215, and proxy processing server Save ID216.
- the user system data section 220 holds system information on behalf of the user, and here holds the ID (proxy processing server ID) 221 of the proxy processing server 300 and its URL (proxy processing server URL) 222.
- the storage data section 230 holds data 231 and its viewable authority information 232.
- FIG. 3 shows an example of an overall processing sequence according to the present embodiment.
- Fig. 4 shows a link diagram between the devices.
- HTTP is used as a protocol for connecting the user device 400, the database access control device 100, and the proxy processing server device 300
- the user logs in to the database access control device 100 from the user device 400 using the user ID 211 previously stored in the user data section 210 of the database 200 (step 1).
- the mediation processing unit 101 of the database access control device 100 performs the authentication process using the authentication information 212 for each user ID 211 similarly stored in the user data unit 210 of the database 200.
- the mediation processing unit 101 of the database access control device 100 confirms that the user attempting to log in is an authorized user registered in advance, and transmits the authentication result to the user device 400 (step 2). .
- the user device 400 transmits a command requesting a list of the proxy processing server devices 300 available to the user to the database access control device 100 (Step 3).
- the intermediary processing unit 101 of the database access control device 100 receives the list 215 of the proxy processing server devices 300 that can be used by the user from the user data unit 210 of the database 200, and transmits the list 215 to the user device 400 (step 4). ).
- the user device 400 displays the received proxy processing server list on the screen.
- the user apparatus 400 transmits the result to the database access control apparatus 100 ( Step 5).
- the user device 400 also transmits information necessary for processing (database access and the like) in the proxy processing server 300 based on the input from the user.
- the mediation processing unit 101 of the database access control device 100 Upon receiving the information of the selected proxy processing server device 300, the mediation processing unit 101 of the database access control device 100 receives the information of the selected proxy processing server device 300, and The list 215 of the processing server device 300 is searched to confirm that the user is permitted to use the selected proxy processing server device 300. After that, the mediation processing unit 101 generates a random number (session information) based on the user ID, generates a cookie (access key) from the generated session information, and transmits this to the user device 400 of the user.
- a random number session information
- the mediation processing unit 101 generates a cookie (access key) from the generated session information, and transmits this to the user device 400 of the user.
- the URL 222 of the selected proxy processing server device 300 is acquired from the user system data section 220 of the database 200, and the URL 222 is transmitted to the user device 400, so that the HTTP redirect response For the user device 400, the proxy processing server device 300 Instruct direct connection (step 7). Further, the mediation processing unit 101 records the generated session information 214 and the ID number 216 of the proxy processing server device 300 to be connected to in the user data unit 210 of the database 200.
- the user device 400 transmits the value of the Cookie received from the database access control device 100 to the proxy processing server device 300 when performing a redirect connection to the proxy processing server device 300 (step 8).
- the proxy processing server device 300 extracts the value of the Cookie included in the connection request command, which is an HTTP request from the user device 400. Then, the proxy processing server device 300 uses the value of the Cookie, the value specifying the table of the stored data necessary for the process specified by the user, and the value used for the search as arguments of the HTTP request as arguments of the HTTP request.
- An HTTP request (database search request) is transmitted to the database access control device 100 (step 9). Also, the ID of the proxy processing server device 300 is transmitted to the database access control device 100 together with the database search request.
- the mediation processing unit 101 of the database access control device 100 Upon receiving the HTTP request (database search request) from the proxy processing server device 300, the mediation processing unit 101 of the database access control device 100 first extracts an argument set in the request. Then, session information is extracted from the value of the Cookie in the argument, the session information is compared with the session information 214 of the user data section 210 of the database 200, and an HTTP request is issued to the proxy processing server 300.
- the user ID of the user device 400 (user identification). If the user ID exists, the ID number of the proxy processing server device 300 received from the proxy processing server device 300 is obtained, and the connection number corresponding to the corresponding user ID in the user data section 210 of the database 200 is displayed.
- the ID number 216 of the proxy processing server device 300 is compared with the above ID number, and it is checked whether they match (confirmation of the proxy processing server). If they match, it is checked whether or not the ID of the proxy processing server device 300 exists in the user system data section 220 (proxy check of the proxy processing server). Further, the proxy processing server device is provided to the user having the user ID.
- a process of confirming whether or not there is a use permission of 300 using the proxy processing server list 215 may be performed.
- the mediation processing unit 101 of the database access control device 100 responds to the proxy processing server device 300 with an error and does not execute the subsequent processing.
- the mediation processing section 101 Passes the remaining argument information included in the HTTP request to the access processing unit 102 in order to access the stored data unit 230 of the database 200.
- the access processing unit 102 of the database access control device 100 searches the stored data 230 of the database 200 according to the argument passed from the mediation processing unit 101. At this time, if the viewing authority information 232 for each user ID is set in the stored data 230, the user authority information 213 set for the user ID in the user data section 210 of the database 200 and the stored data 230 The search can be executed only when the browsable authority information 232 matches, (user authority check).
- the result searched by the access processing unit 102 is passed to the mediation processing unit 101, and the mediation processing unit 101 sends the result to the proxy processing server 300 in the form of an HTTP response to the HTTP request from the proxy processing server 300. Submit (step 10).
- the HTTP request and response between the proxy processing server 300 and the database access control device 100 are executed a plurality of times for the number of stored data searches required for the processing of the proxy processing server 300. It is also possible.
- the proxy processing server device 300 performs necessary data processing (data mining processing, proxy processing, etc.) on accumulated data contained in the HTTP response received from the mediation processing unit 101 of the database access control device 100.
- the processing server device 300 itself performs processing in combination with related data stored in the database, and transmits the result to the user device 400 in the form of an HTTP response (step 11).
- one of the lists of the proxy processing server devices 300 received by the user device 400 from the database access control device 100 is selected, and the selection result is Sent to base access control device 100.
- the mediation processing unit 101 of the database access control device 100 records the ID number of the selected proxy processing server device 300 as the ID number 216 of the currently connected proxy processing server device 300 in the user data unit 210 of the database 200. I do.
- the list display of the proxy processing server device 300 is executed again, or another service provided by the database access control device 100 is performed.
- the ID number (216) of the proxy processing server device 300 stored in the user data section 210 of the database 200 is deleted or rewritten. Also, different values are generated for the session information each time the user ID is queried.
- the proxy processing server device 300 stores the value of the cookie from the user device 400 to which the proxy processing server device 300 is connected once, and independently performs database access control without receiving a request from the user device 400. Even if an attempt is made to connect to the device 100, the mediation processing unit 101 of the database access control device 100 cannot identify the user based on the session information included in the value of the cookie. Do not execute the specified search process. Further, when the proxy processing server device 300 independently connects to the database access control device 100 without receiving a request from the user device 400, the ID of the proxy processing server device 300 is stored in the user data section 210 of the database 200. Because the number is not recorded as the ID number 216 of the connected proxy processing server device 300, the mediation processing unit 101 of the database access control device 100 executes the search process requested by the proxy processing server device 300. Don't do it.
- the user device 400 directly specifies a URL other than the proxy processing server device 300 displayed in the list received from the database access control device 100, and uses a cookie created for another proxy processing server device. Even if an attempt is made to make a connection, the ID of the proxy processing server is not recorded in the user data section of the database access control device 100 as the connected proxy processing server 216, so the mediation processing of the database access control device 100 is not performed.
- the unit 101 does not execute the search processing requested by the proxy processing server device 300. Thus, it is possible to prohibit the user device 400 from using a proxy processing server device other than the proxy processing server device 300 displayed in the list. Note that part or all of the processing functions of the database access control device 100 shown in FIG.
- a program for realizing the processing function in a computer a program for causing a computer to execute the processing procedure is stored in a recording medium readable by the computer, for example, FD, MO, ROM. It can be recorded on a memory card, CD, DVD, removable disk, etc., stored and provided, and the program can be distributed through a network such as the Internet. is there.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2005511550A JP4186987B2 (ja) | 2003-07-11 | 2004-07-09 | データベースアクセス制御方法、データベースアクセス制御装置、データベースアクセス制御のためのプログラム、および該プログラムを記録した記録媒体 |
EP04747315.2A EP1645971B8 (en) | 2003-07-11 | 2004-07-09 | Database access control method, database access control apparatus, proxy process server apparatus, program for database access control and recording medium recording the program |
US10/522,552 US7454421B2 (en) | 2003-07-11 | 2004-07-09 | Database access control method, database access controller, agent processing server, database access control program, and medium recording the program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-273602 | 2003-07-11 | ||
JP2003273602 | 2003-07-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005006204A1 true WO2005006204A1 (ja) | 2005-01-20 |
Family
ID=34056027
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/009847 WO2005006204A1 (ja) | 2003-07-11 | 2004-07-09 | データベースアクセス制御方法、データベースアクセス制御装置、代理処理サーバ装置、データベースアクセス制御のためのプログラム、および該プログラムを記録した記録媒体 |
Country Status (5)
Country | Link |
---|---|
US (1) | US7454421B2 (ja) |
EP (1) | EP1645971B8 (ja) |
JP (1) | JP4186987B2 (ja) |
CN (1) | CN100511203C (ja) |
WO (1) | WO2005006204A1 (ja) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007172588A (ja) * | 2005-11-22 | 2007-07-05 | Ricoh Co Ltd | 認証チケット処理装置 |
WO2009084601A1 (ja) * | 2007-12-27 | 2009-07-09 | Nec Corporation | アクセス権限管理システム、アクセス権限管理方法及びアクセス権限管理用プログラム |
JP2010122798A (ja) * | 2008-11-18 | 2010-06-03 | Yahoo Japan Corp | エージェントアクセス管理システム |
JP2013084145A (ja) * | 2011-10-11 | 2013-05-09 | Yahoo Japan Corp | 情報管理装置、システム及び方法 |
JP7338043B2 (ja) | 2019-08-30 | 2023-09-04 | 株式会社センストーン | 認証用仮想コードを用いたユーザ認証方法及びそのためのシステム |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005060203A1 (en) * | 2003-12-10 | 2005-06-30 | International Business Machines Corporation | Method of redirecting client requests to web services |
JP3982520B2 (ja) * | 2004-06-02 | 2007-09-26 | コニカミノルタビジネステクノロジーズ株式会社 | アクセス管理システムおよび方法、画像形成装置、およびコンピュータプログラム |
US20090094671A1 (en) * | 2004-08-13 | 2009-04-09 | Sipera Systems, Inc. | System, Method and Apparatus for Providing Security in an IP-Based End User Device |
US8862718B2 (en) | 2006-07-12 | 2014-10-14 | Avaya Inc. | System, method and apparatus for troubleshooting an IP network |
US7890634B2 (en) * | 2005-03-18 | 2011-02-15 | Microsoft Corporation | Scalable session management |
CN1997005B (zh) * | 2006-01-06 | 2010-11-10 | 鸿富锦精密工业(深圳)有限公司 | 网络通信数据管控系统及方法 |
US20090240700A1 (en) * | 2006-03-08 | 2009-09-24 | Akihito Hayashi | Distributed file management system |
CN101421702B (zh) * | 2006-04-26 | 2012-05-30 | 日本电信电话株式会社 | 负荷控制装置及其方法 |
US7587418B2 (en) * | 2006-06-05 | 2009-09-08 | International Business Machines Corporation | System and method for effecting information governance |
WO2008008856A2 (en) * | 2006-07-12 | 2008-01-17 | Sipera Systems, Inc. | System, method and apparatus for securely exchanging security keys and monitoring links in an ip communications network |
US20080216153A1 (en) * | 2007-03-02 | 2008-09-04 | Aaltonen Janne L | Systems and methods for facilitating authentication of network devices |
CN101459506B (zh) * | 2007-12-14 | 2011-09-14 | 华为技术有限公司 | 密钥协商方法、用于密钥协商的系统、客户端及服务器 |
JP4978537B2 (ja) * | 2008-03-31 | 2012-07-18 | 富士通株式会社 | アクセス要求転送システム、アクセス要求転送方法およびアクセス要求転送プログラム |
JP2009289040A (ja) * | 2008-05-29 | 2009-12-10 | Seiko Epson Corp | Id発行システムおよびこれに用いられるid発行サーバ |
US8631134B2 (en) * | 2008-07-30 | 2014-01-14 | Visa U.S.A. Inc. | Network architecture for secure data communications |
JP5418681B2 (ja) * | 2010-08-06 | 2014-02-19 | 富士通株式会社 | 仲介処理方法、仲介装置及びシステム |
JP5617709B2 (ja) * | 2011-03-16 | 2014-11-05 | 富士通株式会社 | プログラム、制御装置および方法 |
EP2523139A1 (en) * | 2011-05-10 | 2012-11-14 | Nagravision S.A. | Method for handling privacy data |
JP5917635B2 (ja) * | 2014-02-05 | 2016-05-18 | 富士フイルム株式会社 | コンテンツ管理システム、管理コンテンツ生成方法、管理コンテンツ再生方法、プログラムおよび記録媒体 |
CN104166812B (zh) * | 2014-06-25 | 2017-05-24 | 中国航天科工集团第二研究院七〇六所 | 一种基于独立授权的数据库安全访问控制方法 |
JP2016085641A (ja) * | 2014-10-27 | 2016-05-19 | キヤノン株式会社 | 権限移譲システム、権限移譲システムにて実行される方法、およびそのプログラム |
CN104537313B (zh) * | 2014-12-04 | 2017-08-08 | 阔地教育科技有限公司 | 一种数据保护方法、终端和服务器 |
CN104462586A (zh) * | 2014-12-29 | 2015-03-25 | 芜湖乐锐思信息咨询有限公司 | 一种大数据管理系统 |
JP6690346B2 (ja) * | 2016-03-25 | 2020-04-28 | 日本電気株式会社 | セキュリティリスク管理システム、サーバ、制御方法、プログラム |
US10733179B2 (en) * | 2018-04-04 | 2020-08-04 | Schlage Lock Company Llc | Access control with multiple security ecosystems |
CN109120722B (zh) * | 2018-10-24 | 2021-12-07 | 北京计算机技术及应用研究所 | 一种基于反向代理模式的访问控制方法 |
CN112149142A (zh) * | 2019-06-29 | 2020-12-29 | 华为技术有限公司 | 数据库访问方法和装置、计算设备和计算机程序产品 |
CN110457944B (zh) * | 2019-08-02 | 2023-08-25 | 爱友智信息科技(苏州)有限公司 | 一种数据分享方法及系统 |
US20230141952A1 (en) * | 2020-11-09 | 2023-05-11 | Medical Data Networks, LLC | System and method for third-party password-less access to a secure database |
CN112632625A (zh) * | 2020-12-31 | 2021-04-09 | 深圳昂楷科技有限公司 | 数据库安全网关系统、数据处理方法、电子设备 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08235116A (ja) * | 1994-12-15 | 1996-09-13 | Internatl Business Mach Corp <Ibm> | 分散型計算環境から外部資源への安全保護アクセスを提供する機構 |
JP2000330957A (ja) * | 1999-03-31 | 2000-11-30 | Internatl Business Mach Corp <Ibm> | 負荷平衡のための仮想urlの使用 |
Family Cites Families (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5696898A (en) | 1995-06-06 | 1997-12-09 | Lucent Technologies Inc. | System and method for database access control |
US5657390A (en) * | 1995-08-25 | 1997-08-12 | Netscape Communications Corporation | Secure socket layer application program apparatus and method |
JP3354433B2 (ja) | 1997-04-25 | 2002-12-09 | 株式会社日立製作所 | ネットワーク通信システム |
US6052785A (en) * | 1997-11-21 | 2000-04-18 | International Business Machines Corporation | Multiple remote data access security mechanism for multitiered internet computer networks |
US6393472B1 (en) | 1997-12-10 | 2002-05-21 | At&T Corp. | Automatic aggregation of network management information in spatial, temporal and functional forms |
JPH11212911A (ja) | 1998-01-28 | 1999-08-06 | Mitsubishi Electric Corp | 分散サービス連携装置 |
US6199113B1 (en) * | 1998-04-15 | 2001-03-06 | Sun Microsystems, Inc. | Apparatus and method for providing trusted network security |
US20020099691A1 (en) | 1998-06-24 | 2002-07-25 | Michael Dean Lore | Method and apparatus for aggregation of data in a database management system |
US6536998B2 (en) | 1998-09-08 | 2003-03-25 | Makino, Inc. | Selectively biased tool and methods of using the same |
JP2000181980A (ja) | 1998-12-15 | 2000-06-30 | Toshiba Corp | クライアント/サーバシステム、このシステムにおける連携方法および情報記憶媒体 |
US6081900A (en) * | 1999-03-16 | 2000-06-27 | Novell, Inc. | Secure intranet access |
US6385604B1 (en) | 1999-08-04 | 2002-05-07 | Hyperroll, Israel Limited | Relational database management system having integrated non-relational multi-dimensional data store of aggregated data elements |
JP4359974B2 (ja) | 1999-09-29 | 2009-11-11 | 富士ゼロックス株式会社 | アクセス権限委譲方法 |
US6698021B1 (en) * | 1999-10-12 | 2004-02-24 | Vigilos, Inc. | System and method for remote control of surveillance devices |
US20020029207A1 (en) | 2000-02-28 | 2002-03-07 | Hyperroll, Inc. | Data aggregation server for managing a multi-dimensional database and database management system having data aggregation server integrated therein |
JP2001265747A (ja) | 2000-03-16 | 2001-09-28 | Hitachi Ltd | 分散オブジェクト連携装置 |
JP2001273258A (ja) | 2000-03-23 | 2001-10-05 | Nippon Telegr & Teleph Corp <Ntt> | ユーザ認証システム |
US6725218B1 (en) * | 2000-04-28 | 2004-04-20 | Cisco Technology, Inc. | Computerized database system and method |
US6947992B1 (en) * | 2000-05-01 | 2005-09-20 | International Business Machines Corporation | Maintaining HTTP session affinity in a cluster environment |
AU2001287013A1 (en) | 2000-09-01 | 2002-03-13 | Kinexus Corporation | Method and system for financial data aggregation, analysis and reporting |
US7055028B2 (en) * | 2000-10-10 | 2006-05-30 | Juniper Networks, Inc. | HTTP multiplexor/demultiplexor system for use in secure transactions |
JP2002163235A (ja) | 2000-11-28 | 2002-06-07 | Mitsubishi Electric Corp | アクセス権限譲渡装置、共有リソース管理システム及びアクセス権限設定方法 |
JP3674772B2 (ja) | 2000-12-19 | 2005-07-20 | 日本電気株式会社 | 複数サーバ間ログイン連携システム、クライアント装置、ログイン管理装置、サーバ装置及び記憶媒体 |
JP2002244898A (ja) | 2001-02-19 | 2002-08-30 | Hitachi Ltd | データベース管理プログラム及びデータベースシステム |
US6606627B1 (en) * | 2001-05-08 | 2003-08-12 | Oracle Corporation | Techniques for managing resources for multiple exclusive groups |
CN1291337C (zh) | 2001-05-22 | 2006-12-20 | 鸿富锦精密工业(深圳)有限公司 | 线上资料撷取分析的代理服务系统及方法 |
US20020178366A1 (en) * | 2001-05-24 | 2002-11-28 | Amiran Ofir | Method for performing on behalf of a registered user an operation on data stored on a publicly accessible data access server |
US7149892B2 (en) * | 2001-07-06 | 2006-12-12 | Juniper Networks, Inc. | Secure sockets layer proxy architecture |
US7062547B2 (en) * | 2001-09-24 | 2006-06-13 | International Business Machines Corporation | Method and system for providing a central repository for client-specific accessibility |
EP1315064A1 (en) * | 2001-11-21 | 2003-05-28 | Sun Microsystems, Inc. | Single authentication for a plurality of services |
US7447731B2 (en) * | 2001-12-17 | 2008-11-04 | International Business Machines Corporation | Method and apparatus for distributed application execution |
US20030159066A1 (en) * | 2002-02-15 | 2003-08-21 | Kdms International Llc | Method and apparatus for network user location verification |
JP4112284B2 (ja) * | 2002-05-29 | 2008-07-02 | 富士通株式会社 | データベースアクセス制御方法およびデータベースアクセス制御プログラム |
US20040133416A1 (en) * | 2002-07-18 | 2004-07-08 | Norio Fukuoka | Information terminal device, method of acquiring information corresponding to language identification information from server and program thereof, network system, additional function purchasing progam, and program function adding method |
-
2004
- 2004-07-09 US US10/522,552 patent/US7454421B2/en active Active
- 2004-07-09 WO PCT/JP2004/009847 patent/WO2005006204A1/ja active Application Filing
- 2004-07-09 CN CNB2004800007310A patent/CN100511203C/zh active Active
- 2004-07-09 JP JP2005511550A patent/JP4186987B2/ja active Active
- 2004-07-09 EP EP04747315.2A patent/EP1645971B8/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH08235116A (ja) * | 1994-12-15 | 1996-09-13 | Internatl Business Mach Corp <Ibm> | 分散型計算環境から外部資源への安全保護アクセスを提供する機構 |
JP2000330957A (ja) * | 1999-03-31 | 2000-11-30 | Internatl Business Mach Corp <Ibm> | 負荷平衡のための仮想urlの使用 |
Non-Patent Citations (3)
Title |
---|
KURODA, J. ET AL.: "Mitsubishi EDI Package 'EDIFOAS/WEB'", MITSUBISHI DENKI GIHO, vol. 72, no. 2, 25 February 1998 (1998-02-25), pages 36 - 39, XP002984908 * |
SATO, Y.: "Tamokuteki Proxy Server Dele Gate no Kino Shosai", INTERFACE, vol. 21, no. 9, 1 September 1995 (1995-09-01), pages 130 - 146, XP002984909 * |
See also references of EP1645971A4 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007172588A (ja) * | 2005-11-22 | 2007-07-05 | Ricoh Co Ltd | 認証チケット処理装置 |
WO2009084601A1 (ja) * | 2007-12-27 | 2009-07-09 | Nec Corporation | アクセス権限管理システム、アクセス権限管理方法及びアクセス権限管理用プログラム |
US8544066B2 (en) | 2007-12-27 | 2013-09-24 | Nec Corporation | Access right management system, access right management method, and access right management program |
US8935747B2 (en) | 2007-12-27 | 2015-01-13 | Nec Corporation | Access right management system, access right management method, and access right management program |
JP2010122798A (ja) * | 2008-11-18 | 2010-06-03 | Yahoo Japan Corp | エージェントアクセス管理システム |
JP2013084145A (ja) * | 2011-10-11 | 2013-05-09 | Yahoo Japan Corp | 情報管理装置、システム及び方法 |
JP7338043B2 (ja) | 2019-08-30 | 2023-09-04 | 株式会社センストーン | 認証用仮想コードを用いたユーザ認証方法及びそのためのシステム |
Also Published As
Publication number | Publication date |
---|---|
US7454421B2 (en) | 2008-11-18 |
EP1645971A4 (en) | 2011-10-12 |
JPWO2005006204A1 (ja) | 2006-08-24 |
CN100511203C (zh) | 2009-07-08 |
EP1645971B1 (en) | 2015-08-19 |
EP1645971A1 (en) | 2006-04-12 |
US20060143189A1 (en) | 2006-06-29 |
JP4186987B2 (ja) | 2008-11-26 |
EP1645971B8 (en) | 2016-03-30 |
CN1701315A (zh) | 2005-11-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005006204A1 (ja) | データベースアクセス制御方法、データベースアクセス制御装置、代理処理サーバ装置、データベースアクセス制御のためのプログラム、および該プログラムを記録した記録媒体 | |
JP4197315B2 (ja) | コラボレーションサーバ、コラボレーションシステム、そのセッション管理方法及びプログラム | |
US8341249B2 (en) | Synchronizing configuration information among multiple clients | |
US8082316B2 (en) | Resolving conflicts while synchronizing configuration information among multiple clients | |
JP3569122B2 (ja) | セッション管理システム、サービス提供サーバ、セッション管理サーバ、セッション管理方法及び記録媒体 | |
US20030005333A1 (en) | System and method for access control | |
JP4579546B2 (ja) | 単一サインオンサービスにおけるユーザ識別子の取り扱い方法及び装置 | |
JP5614340B2 (ja) | システム、認証情報管理方法、およびプログラム | |
JP5357246B2 (ja) | 統合認証のためのシステム、方法およびプログラム製品 | |
JP6376869B2 (ja) | データ同期システム、その制御方法、認可サーバー、およびそのプログラム | |
JP2005516533A (ja) | パブリックキー暗号法を用いたインターネット上でのシングルサインオン | |
JP4280036B2 (ja) | アクセス権制御システム | |
JP3698851B2 (ja) | データベースのセキュリティ管理方法及びシステム | |
JP2003242119A (ja) | ユーザ認証サーバおよびその制御プログラム | |
JP2003323409A (ja) | シングルサインオンシステム、そのプログラム及びその方法 | |
JP2006119769A (ja) | コンテンツ提供システム | |
JP2001282667A (ja) | 認証サーバ・クライアントシステム | |
JP2001067319A (ja) | Wwwサーバを用いた検索システム | |
JPH056322A (ja) | 情報資源アクセス方式 | |
JP2000172645A (ja) | サーバコンピュータ及びサーバコンピュータにおける認証情報管理方法 | |
JP4071390B2 (ja) | 画像通信装置および通信中継装置 | |
JP2005293088A (ja) | 認証システム及び認証方法 | |
JP7021550B2 (ja) | アクセス管理装置、アクセス管理システム及びプログラム | |
JP4611036B2 (ja) | ユーザ管理装置、ユーザ管理方法、ユーザ管理プログラム、およびユーザ管理プログラムを記録したコンピュータ読取り可能な記録媒体 | |
JP3986636B2 (ja) | 認証管理システム及び認証サポートシステムならびに認証管理システムでの処理をコンピュータに行わせるためのプログラムを格納した記録媒体及び認証方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2005511550 Country of ref document: JP |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004747315 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20048007310 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
ENP | Entry into the national phase |
Ref document number: 2006143189 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10522552 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2004747315 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10522552 Country of ref document: US |