WO2008034841A2 - Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques - Google Patents
Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques Download PDFInfo
- Publication number
- WO2008034841A2 WO2008034841A2 PCT/EP2007/059885 EP2007059885W WO2008034841A2 WO 2008034841 A2 WO2008034841 A2 WO 2008034841A2 EP 2007059885 W EP2007059885 W EP 2007059885W WO 2008034841 A2 WO2008034841 A2 WO 2008034841A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- management unit
- user
- content
- access
- authorization
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Definitions
- the present invention relates to a method for access control of digital contents of a provider at the request of a user of a computer network, which checks the authorization of the user for the requested digital content based on his user identification data, and in the case of the proven authorization the requested digital content transmitted , according to the preamble of claim 1.
- the invention further relates to an access control system for digital data of a provider and request of a user of a computer network, which checks the authorization of the user for the requested digital content based on his user identification data, and in the case of the proven authorization, the requested digital content to the User submitted according to the preamble of claim 2.
- Methods and access control systems of this type are used in numerous Internet applications and mobile applications in which a user wants to use his stationary or mobile computer to retrieve digital content from a provider over a computer network.
- digital content can be any form of information, such as text, image, video or audio files.
- Digital content of this kind is also referred to as "content.”
- the retrieval of these digital contents will, however, usually be subject to conditions that determine the access authorization of the respective user, for example a previous payment for the digital content to be retrieved.
- control files located in the respective directories for the digital content, the so-called “content directories”.
- This access protection may be directory-based, but in this case no different access permissions can be granted for different users.
- the access protection can also be file-based, but in this case, a high administrative effort to accomplish. Even with combinations of these two access control systems creates high administration costs. Access protection via control files therefore causes a high administrative effort and offers no possibility for highly dynamic assignment of access authorizations.
- the digital content is mostly in storage units that are integrated into the computer network, such as web space at web server, or at least links ("left") are set there
- the enormous administrative effort and the number of possible control files security vulnerabilities occur, so that the user can gain unauthorized access to the digital content through the computer network. It is therefore the object of the invention to avoid these disadvantages and to provide a method for access control of digital content and a corresponding access control system, in which the access control is easier to administer, and which is also responsible for an often changing change of
- the invention is intended to make unauthorized access to the digital contents via the computer network more difficult.
- Claim 1 relates to a method for access control of digital contents of a provider at the request of a user of a computer network, which checks the authorization of the user for the requested digital content on the basis of its user identification data, and in the case of the proven authorization, the requested digital content transmitted.
- an access management unit is determined on the basis of the user identification data and the authorization data stored in a first storage unit the authorization of the user for each provided with a unique identifier, digital content and a content management unit, and in a second step the content management unit retrieves on the basis of this determined authorization of the user and the identifier of the digital contents stored in a second storage unit, digital content and the access management unit provides.
- an access control system for a provider's digital data and a request of a user of a computer network which checks the authorization of the user for the requested digital content on the basis of its user identification data, and in the case of Proven authority to deliver the requested digital content to the user.
- the digital contents are each provided with a unique identifier for identifying the respective digital content
- an access management unit connected to the computer network and a first memory unit connected to the access management unit are provided, wherein in the first Storage unit, the respective digital content identifier and the authorization data for the users are stored, and the access management unit based on the user identification data and the authorization data determines the entitlement of the digital content user, and connected to the access management unit content management unit and one with the
- Content Management Unit are provided, wherein in the second storage unit, the digital contents are stored, and the content management unit retrieves based on the authorization determined by the access management unit, the digital content and the access management unit provides.
- Access control unit for the authorization check and a content management unit for managing the digital content and for the actual data retrieval.
- This also provides the possibility of providing two separate storage units, wherein a first storage unit stores the respective digital content identifier and the authorization data for the users, and a second storage unit stores the digital content itself.
- the second storage unit is merely connected to the content management unit but with the Access Management Unit, so it is not directly accessible through the computer network. Unauthorized access to digital content is therefore made more difficult.
- Fig. 1 is a schematic representation of an access control system according to the invention.
- the access control system comprises an access management unit 2 which is connected to an input and output unit 1.
- the input and output unit 1 is, for example, an Internet page that can be called up by a user and via which it requests for specific, digital contents C, which in the following are referred to as the content C in the more common English expression be able to ask.
- the respective user is uniquely identified by means of user identification data N 1 .
- the user identification data N 1 is about its user name and password.
- the output of the requested content C also takes place via these input and output units 1, which thus represents the interface between the provider of content C and the user.
- the input and output unit 1 can be about a stationary computer of the user, or even a mobile terminal of any kind, which is integrated into the computer network.
- the access management unit 2 will generally be a web server, whereby the term application server is also used.
- the access management unit 2 accesses a first storage unit 3, in which the respective identifier K for the requested content C and the authorization data for the respective user are stored.
- the authorization data is thus the information as to whether a specific user is authorized to access a specific content C. This authorization data can easily be changed without having to change the identifier K of the content C.
- the access management unit 2 manages in an application-specific database the changing access authorizations of the users for a specific Content C.
- the unique identifiers K for the content C are used for this purpose.
- the access management unit 2 subsequently checks the access authorization of the user for the requested content C, and retrieves the corresponding identifier K from the storage unit 3.
- the access management unit 2 is further connected to the content management unit 4, which in turn accesses the file system 5, as well as the second storage unit 6.
- the content C is stored under a file name D.
- the file system 5 is a database that contains this association between the identifier K of content C and the file name D.
- Content Management Unit 4 is responsible for creating files D known to the system, and thus for arranging and retrieving Content C.
- Content management units 4 of this type are also known as “content management systems.” For each item of content C, an entry is created in the database containing a unique identifier K for that item of content C, and the corresponding location of file D in FIG File system 5. Any access to content C is only possible via the functions provided by the content management unit 4.
- the dashed line of FIG. 1 indicates that the content management unit 4, the file system 5 and the storage unit 6 are no longer directly accessible via the computer network.
- the content C is thus no longer located e.g. in the web spaces of the web server. Instead, the content C is stored in directories that can not be reached from the Internet, for example on their own machines, or even on their own hard disks.
- the user is first authenticated with the aid of the user identification data N, such as his username and password. If the authentication is successful, the memory of the storage unit 3, the access permissions of the User read and checked whether for the desired content C with the identifier K these are present. If this check is successful, the content management unit 4 reads the desired content C using the identifier K and returns it to the access management unit 2 or the input and output unit 1.
- the user identification data N such as his username and password. If the authentication is successful, the memory of the storage unit 3, the access permissions of the User read and checked whether for the desired content C with the identifier K these are present. If this check is successful, the content management unit 4 reads the desired content C using the identifier K and returns it to the access management unit 2 or the input and output unit 1.
- the invention thus provides a method for access control of digital content and a corresponding access control system, in which the access control is easier to administer, and which is also suitable for a frequently changing change of the access authorizations. Furthermore, the invention makes it difficult to gain unauthorized access to the digital content via the computer network.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé de contrôle d'accès et un système de contrôle d'accès à des contenus numériques (C) d'un offreur sur demande d'un utilisateur d'un réseau informatique, ce contrôle permettant de vérifier l'autorisation de l'utilisateur pour les contenus numériques (C) demandés au moyen de ses données d'identification d'utilisateur (N) et, si l'autorisation est prouvée, de transmettre les contenus numériques (C) demandés. Selon l'invention, dans une première étape, une unité de gestion d'accès (2) détermine, sur la base des données d'identification d'utilisateur (N) et des données d'autorisation enregistrées dans une première unité mémoire (3), l'autorisation de l'utilisateur pour les contenus numériques (C) dotés chacun d'une caractéristique (K) claire et la transmet à une unité de gestion de contenus (4), puis, dans une deuxième étape, l'unité de gestion de contenus (4), sur la base de cette autorisation donnée à l'utilisateur et de la caractéristique (K) des contenus numériques (C), consulte les contenus numériques (C) enregistrés dans une deuxième unité mémoire (6) et les met à disposition de l'unité de gestion d'accès (2).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ATA1572/2006 | 2006-09-20 | ||
AT15722006 | 2006-09-20 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008034841A2 true WO2008034841A2 (fr) | 2008-03-27 |
WO2008034841A3 WO2008034841A3 (fr) | 2008-05-15 |
Family
ID=38862728
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2007/059885 WO2008034841A2 (fr) | 2006-09-20 | 2007-09-19 | Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008034841A2 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013152986A1 (fr) * | 2012-04-11 | 2013-10-17 | Deutsche Post Ag | Génération sécurisée d'un compte utilisateur dans un serveur de services |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5696898A (en) * | 1995-06-06 | 1997-12-09 | Lucent Technologies Inc. | System and method for database access control |
AU6378996A (en) * | 1995-06-09 | 1997-01-09 | Boshell & Knox | Personal satellite link with user identifier |
GB9920644D0 (en) * | 1999-09-02 | 1999-11-03 | Medical Data Service Gmbh | Novel method |
DE19953699A1 (de) * | 1999-09-03 | 2001-05-31 | Ifu Diagnostic Systems Gmbh | Chipkarte zum Zugriff auf Dateien |
-
2007
- 2007-09-19 WO PCT/EP2007/059885 patent/WO2008034841A2/fr active Application Filing
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2013152986A1 (fr) * | 2012-04-11 | 2013-10-17 | Deutsche Post Ag | Génération sécurisée d'un compte utilisateur dans un serveur de services |
Also Published As
Publication number | Publication date |
---|---|
WO2008034841A3 (fr) | 2008-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2843585B1 (fr) | Procédé et système de mise à disposition de données rendues anonymes issues d'une base de données | |
DE112020000538B4 (de) | Feinkörnige zugriffskontrolle auf token-grundlage | |
DE60130377T2 (de) | Verfahren zur steuerung des zugriffs auf digitalen inhalt und streaming-medien | |
DE112020000134T5 (de) | Sicherer, mehrstufiger zugriff auf verschleierte daten für analysen | |
DE112010003464T5 (de) | Modifikation von Zugangskontrolllisten | |
EP2263189B1 (fr) | Procédé et dispositif de déchiffrement, dans un contrôle d'accès à une banque de données fondé sur le chiffrement | |
EP2235598B1 (fr) | Appareil de terrain et son procédé de fonctionnement | |
WO2011061061A1 (fr) | Procédé et dispositif pour l'accès à des fichiers d'un serveur de fichiers sécurisé | |
DE10311327A1 (de) | Nutzer-Objekte zur Authentifizierung der Nutzung medizinischer Daten | |
EP1528450A1 (fr) | Méthode d'identification, d'authentification et d'autorisation d'accès à des données sécurisées par un utilisateur | |
WO2008034841A2 (fr) | Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques | |
EP3062255A1 (fr) | Homologation de produits logiciels | |
EP1010052A1 (fr) | Procede de commande de distribution et d'utilisation de produits logiciels dans le cas d'ordinateurs relies au reseau | |
EP1701281A1 (fr) | Procédé et système destinés à la connexion à un service | |
EP3355141B1 (fr) | Système d'opérateur pour un système de contrôle de processus | |
DE60315900T2 (de) | Benutzerzugriff auf unternehmenseinheitendefinitionsregister | |
EP2491513A1 (fr) | Procédé et système de fourniture d'objets de données à protection erdm | |
DE202021100647U1 (de) | Personendatenanonymisierungssystem (PDAS) mit kundenspezifischem Token | |
DE102023109178B3 (de) | System und Verfahren zur Speicherung von Daten, insbesondere von personenbezogenen Daten | |
WO2011147693A1 (fr) | Procédé permettant de fournir des objets de données protégés par edrm (enterprise digital rights management = gestion des droits numériques en entreprise) | |
EP2169588A1 (fr) | Procédé destiné à la garantie de la sécurité | |
WO2024184150A1 (fr) | Système de gestion d'identité et d'accès mis en œuvre par ordinateur, procédé, programme informatique et support d'enregistrement | |
WO2024213312A1 (fr) | Procédé, instance de contrôle et produit-programme informatique pour contrôler l'accès à des données structurées ou à des fonctions d'un agencement d'automatisation industrielle | |
WO2008119787A1 (fr) | Procédé pour fournir des services et/ou des applications à base informatique, dispositif de traitement de données et programme de commande | |
DE102023106510A1 (de) | Verfahren zum Durchsuchen von sensiblen Dokumenten und System hierzu |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07820329 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07820329 Country of ref document: EP Kind code of ref document: A2 |