Handling a query from a requestor by a digital assistant where results include a data portion restricted for the requestor
US-12182205-B2 · Dec 31, 2024 · US
Access control system and access control method
US10318745B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10318745-B2 |
| Application number | US-201615505949-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 6, 2016 |
| Priority date | Mar 25, 2015 |
| Publication date | Jun 11, 2019 |
| Grant date | Jun 11, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
To provide a system for simplifying setting of access control for a file system and a firewall, it is provided an access control system, which is formed by a computer including a processor configured to execute a process, and a memory configured to store a program for executing the process, the access control system comprising: a launcher, which is a process configured to activate the process; an ACL file in which specifics for controlling an I/O request issued by the process are defined; a process search module configured to trace a parent of the process to determine whether or not the process is an activated process that has originated from the launcher; and an access control module configured to control an I/O request issued by the activated process that has originated from the launcher in accordance with the specifics defined in the ACL file.
First claim
Opening claim text (preview).
What is claimed is: 1. An access control system, which is formed by a computer including a processor configured to execute a process, and a memory configured to store a program for executing the process, the access control system comprising: a launcher which is configured to activate the process; an ACL file in which specifics for controlling an I/O request issued by the process are defined; a process search module configured to: acquire identification information on the process that has issued the I/O request, determine that the process that has issued the I/O request is an activated process that has originated from the launcher in a case where identification information on a caller process that has activated the process is the same as identification information on the launcher, and trace a parent of the process that has issued the I/O request and determine that the process that has issued the I/O request is the activated process that has originated from the launcher in a case where identification information on the parent process is the same as the identification information on the launcher; and an access control module configured to control the I/O request issued by the activated process that has originated from the launcher in accordance with the specifics defined in the ACL file, wherein the process is capable of being activated from the launcher when access control is to be applied to the process, and the process is capable of being originated from other than the launcher when access control is not to be applied to the process. 2. The access control system according to claim 1 , wherein the access control module is configured to: determine a type of the I/O request; determine specifics for controlling I/O depending on an access destination of the I/O request by referring to the ACL file in a case where the type of the I/O request is a file I/O request; and determine specifics for controlling I/O depending on a communication source of the I/O request and a communication destination of the I/O request by referring to the ACL file in a case where the type of the I/O request is a network I/O request. 3. An access control method, which is executed by a computer including a processor configured to execute a process, and a memory configured to store a program for executing the process, the computer including: a launcher which is configured to activate the process with the processor; a process search module configured to trace a parent of the process with the processor; and an access control module configured to control an I/O request with the processor, the computer being configured to store an ACL file in which specifics for controlling the I/O request are defined, the process capable of being activated from the launcher when access control is to be applied to the process, and the process capable of being originated from other than the launcher when access control is not to be applied to the process, the access control method comprising steps of: acquiring, by the process search module, identification information on the process that has issued an I/O request; determining, by the process search module, that the process that has issued the I/O request is an activated process that has originated from the launcher in a case where identification information on a caller process that has activated the process is the same as identification information on the launcher; tracing, by the process search module, a parent of the process that has issued the I/O request and determining that the process that has issued the I/O request is the activated process that has originated from the launcher in a case where identification information on the parent process is the same as the identification information on the launcher; and controlling, by the access control module, the I/O request issued by the activated process that has originated from the launcher in accordance with the specifics defined in the ACL file. 4. The access control method according to claim 3 , further comprising: determining, by the access control module, a type of the I/O request; determining, by the access control module, specifics for controlling I/O depending on an access destination of the I/O request by referring to the ACL file in a case where the type of the I/O request is a file I/O request; and determining, by the access control module, specifics for controlling I/O depending on a communication source of the I/O request and a communication destination of the I/O request by referring to the ACL file in a case where the type of the I/O request is a network I/O request.
Assignees
Inventors
Classifications
Tools and structures for managing or administering access control systems · CPC title
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
for I/O devices · CPC title
Access control lists [ACL] · CPC title
- G06F21/62Primary
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10318745B2 cover?
- To provide a system for simplifying setting of access control for a file system and a firewall, it is provided an access control system, which is formed by a computer including a processor configured to execute a process, and a memory configured to store a program for executing the process, the access control system comprising: a launcher, which is a process configured to activate the process; …
- Who is the assignee on this patent?
- Hitachi Solutions Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/62. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 11 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).