+

WO2008034841A2 - Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques - Google Patents

Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques Download PDF

Info

Publication number
WO2008034841A2
WO2008034841A2 PCT/EP2007/059885 EP2007059885W WO2008034841A2 WO 2008034841 A2 WO2008034841 A2 WO 2008034841A2 EP 2007059885 W EP2007059885 W EP 2007059885W WO 2008034841 A2 WO2008034841 A2 WO 2008034841A2
Authority
WO
WIPO (PCT)
Prior art keywords
management unit
user
content
access
authorization
Prior art date
Application number
PCT/EP2007/059885
Other languages
German (de)
English (en)
Other versions
WO2008034841A3 (fr
Inventor
Jürgen Jank
Gernot Moshammer
Heinz Reisinger
Original Assignee
SIEMENS AKTIENGESELLSCHAFT öSTERREICH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SIEMENS AKTIENGESELLSCHAFT öSTERREICH filed Critical SIEMENS AKTIENGESELLSCHAFT öSTERREICH
Publication of WO2008034841A2 publication Critical patent/WO2008034841A2/fr
Publication of WO2008034841A3 publication Critical patent/WO2008034841A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • the present invention relates to a method for access control of digital contents of a provider at the request of a user of a computer network, which checks the authorization of the user for the requested digital content based on his user identification data, and in the case of the proven authorization the requested digital content transmitted , according to the preamble of claim 1.
  • the invention further relates to an access control system for digital data of a provider and request of a user of a computer network, which checks the authorization of the user for the requested digital content based on his user identification data, and in the case of the proven authorization, the requested digital content to the User submitted according to the preamble of claim 2.
  • Methods and access control systems of this type are used in numerous Internet applications and mobile applications in which a user wants to use his stationary or mobile computer to retrieve digital content from a provider over a computer network.
  • digital content can be any form of information, such as text, image, video or audio files.
  • Digital content of this kind is also referred to as "content.”
  • the retrieval of these digital contents will, however, usually be subject to conditions that determine the access authorization of the respective user, for example a previous payment for the digital content to be retrieved.
  • control files located in the respective directories for the digital content, the so-called “content directories”.
  • This access protection may be directory-based, but in this case no different access permissions can be granted for different users.
  • the access protection can also be file-based, but in this case, a high administrative effort to accomplish. Even with combinations of these two access control systems creates high administration costs. Access protection via control files therefore causes a high administrative effort and offers no possibility for highly dynamic assignment of access authorizations.
  • the digital content is mostly in storage units that are integrated into the computer network, such as web space at web server, or at least links ("left") are set there
  • the enormous administrative effort and the number of possible control files security vulnerabilities occur, so that the user can gain unauthorized access to the digital content through the computer network. It is therefore the object of the invention to avoid these disadvantages and to provide a method for access control of digital content and a corresponding access control system, in which the access control is easier to administer, and which is also responsible for an often changing change of
  • the invention is intended to make unauthorized access to the digital contents via the computer network more difficult.
  • Claim 1 relates to a method for access control of digital contents of a provider at the request of a user of a computer network, which checks the authorization of the user for the requested digital content on the basis of its user identification data, and in the case of the proven authorization, the requested digital content transmitted.
  • an access management unit is determined on the basis of the user identification data and the authorization data stored in a first storage unit the authorization of the user for each provided with a unique identifier, digital content and a content management unit, and in a second step the content management unit retrieves on the basis of this determined authorization of the user and the identifier of the digital contents stored in a second storage unit, digital content and the access management unit provides.
  • an access control system for a provider's digital data and a request of a user of a computer network which checks the authorization of the user for the requested digital content on the basis of its user identification data, and in the case of Proven authority to deliver the requested digital content to the user.
  • the digital contents are each provided with a unique identifier for identifying the respective digital content
  • an access management unit connected to the computer network and a first memory unit connected to the access management unit are provided, wherein in the first Storage unit, the respective digital content identifier and the authorization data for the users are stored, and the access management unit based on the user identification data and the authorization data determines the entitlement of the digital content user, and connected to the access management unit content management unit and one with the
  • Content Management Unit are provided, wherein in the second storage unit, the digital contents are stored, and the content management unit retrieves based on the authorization determined by the access management unit, the digital content and the access management unit provides.
  • Access control unit for the authorization check and a content management unit for managing the digital content and for the actual data retrieval.
  • This also provides the possibility of providing two separate storage units, wherein a first storage unit stores the respective digital content identifier and the authorization data for the users, and a second storage unit stores the digital content itself.
  • the second storage unit is merely connected to the content management unit but with the Access Management Unit, so it is not directly accessible through the computer network. Unauthorized access to digital content is therefore made more difficult.
  • Fig. 1 is a schematic representation of an access control system according to the invention.
  • the access control system comprises an access management unit 2 which is connected to an input and output unit 1.
  • the input and output unit 1 is, for example, an Internet page that can be called up by a user and via which it requests for specific, digital contents C, which in the following are referred to as the content C in the more common English expression be able to ask.
  • the respective user is uniquely identified by means of user identification data N 1 .
  • the user identification data N 1 is about its user name and password.
  • the output of the requested content C also takes place via these input and output units 1, which thus represents the interface between the provider of content C and the user.
  • the input and output unit 1 can be about a stationary computer of the user, or even a mobile terminal of any kind, which is integrated into the computer network.
  • the access management unit 2 will generally be a web server, whereby the term application server is also used.
  • the access management unit 2 accesses a first storage unit 3, in which the respective identifier K for the requested content C and the authorization data for the respective user are stored.
  • the authorization data is thus the information as to whether a specific user is authorized to access a specific content C. This authorization data can easily be changed without having to change the identifier K of the content C.
  • the access management unit 2 manages in an application-specific database the changing access authorizations of the users for a specific Content C.
  • the unique identifiers K for the content C are used for this purpose.
  • the access management unit 2 subsequently checks the access authorization of the user for the requested content C, and retrieves the corresponding identifier K from the storage unit 3.
  • the access management unit 2 is further connected to the content management unit 4, which in turn accesses the file system 5, as well as the second storage unit 6.
  • the content C is stored under a file name D.
  • the file system 5 is a database that contains this association between the identifier K of content C and the file name D.
  • Content Management Unit 4 is responsible for creating files D known to the system, and thus for arranging and retrieving Content C.
  • Content management units 4 of this type are also known as “content management systems.” For each item of content C, an entry is created in the database containing a unique identifier K for that item of content C, and the corresponding location of file D in FIG File system 5. Any access to content C is only possible via the functions provided by the content management unit 4.
  • the dashed line of FIG. 1 indicates that the content management unit 4, the file system 5 and the storage unit 6 are no longer directly accessible via the computer network.
  • the content C is thus no longer located e.g. in the web spaces of the web server. Instead, the content C is stored in directories that can not be reached from the Internet, for example on their own machines, or even on their own hard disks.
  • the user is first authenticated with the aid of the user identification data N, such as his username and password. If the authentication is successful, the memory of the storage unit 3, the access permissions of the User read and checked whether for the desired content C with the identifier K these are present. If this check is successful, the content management unit 4 reads the desired content C using the identifier K and returns it to the access management unit 2 or the input and output unit 1.
  • the user identification data N such as his username and password. If the authentication is successful, the memory of the storage unit 3, the access permissions of the User read and checked whether for the desired content C with the identifier K these are present. If this check is successful, the content management unit 4 reads the desired content C using the identifier K and returns it to the access management unit 2 or the input and output unit 1.
  • the invention thus provides a method for access control of digital content and a corresponding access control system, in which the access control is easier to administer, and which is also suitable for a frequently changing change of the access authorizations. Furthermore, the invention makes it difficult to gain unauthorized access to the digital content via the computer network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de contrôle d'accès et un système de contrôle d'accès à des contenus numériques (C) d'un offreur sur demande d'un utilisateur d'un réseau informatique, ce contrôle permettant de vérifier l'autorisation de l'utilisateur pour les contenus numériques (C) demandés au moyen de ses données d'identification d'utilisateur (N) et, si l'autorisation est prouvée, de transmettre les contenus numériques (C) demandés. Selon l'invention, dans une première étape, une unité de gestion d'accès (2) détermine, sur la base des données d'identification d'utilisateur (N) et des données d'autorisation enregistrées dans une première unité mémoire (3), l'autorisation de l'utilisateur pour les contenus numériques (C) dotés chacun d'une caractéristique (K) claire et la transmet à une unité de gestion de contenus (4), puis, dans une deuxième étape, l'unité de gestion de contenus (4), sur la base de cette autorisation donnée à l'utilisateur et de la caractéristique (K) des contenus numériques (C), consulte les contenus numériques (C) enregistrés dans une deuxième unité mémoire (6) et les met à disposition de l'unité de gestion d'accès (2).
PCT/EP2007/059885 2006-09-20 2007-09-19 Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques WO2008034841A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ATA1572/2006 2006-09-20
AT15722006 2006-09-20

Publications (2)

Publication Number Publication Date
WO2008034841A2 true WO2008034841A2 (fr) 2008-03-27
WO2008034841A3 WO2008034841A3 (fr) 2008-05-15

Family

ID=38862728

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/059885 WO2008034841A2 (fr) 2006-09-20 2007-09-19 Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques

Country Status (1)

Country Link
WO (1) WO2008034841A2 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013152986A1 (fr) * 2012-04-11 2013-10-17 Deutsche Post Ag Génération sécurisée d'un compte utilisateur dans un serveur de services

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5696898A (en) * 1995-06-06 1997-12-09 Lucent Technologies Inc. System and method for database access control
AU6378996A (en) * 1995-06-09 1997-01-09 Boshell & Knox Personal satellite link with user identifier
GB9920644D0 (en) * 1999-09-02 1999-11-03 Medical Data Service Gmbh Novel method
DE19953699A1 (de) * 1999-09-03 2001-05-31 Ifu Diagnostic Systems Gmbh Chipkarte zum Zugriff auf Dateien

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013152986A1 (fr) * 2012-04-11 2013-10-17 Deutsche Post Ag Génération sécurisée d'un compte utilisateur dans un serveur de services

Also Published As

Publication number Publication date
WO2008034841A3 (fr) 2008-05-15

Similar Documents

Publication Publication Date Title
EP2843585B1 (fr) Procédé et système de mise à disposition de données rendues anonymes issues d'une base de données
DE112020000538B4 (de) Feinkörnige zugriffskontrolle auf token-grundlage
DE60130377T2 (de) Verfahren zur steuerung des zugriffs auf digitalen inhalt und streaming-medien
DE112020000134T5 (de) Sicherer, mehrstufiger zugriff auf verschleierte daten für analysen
DE112010003464T5 (de) Modifikation von Zugangskontrolllisten
EP2263189B1 (fr) Procédé et dispositif de déchiffrement, dans un contrôle d'accès à une banque de données fondé sur le chiffrement
EP2235598B1 (fr) Appareil de terrain et son procédé de fonctionnement
WO2011061061A1 (fr) Procédé et dispositif pour l'accès à des fichiers d'un serveur de fichiers sécurisé
DE10311327A1 (de) Nutzer-Objekte zur Authentifizierung der Nutzung medizinischer Daten
EP1528450A1 (fr) Méthode d'identification, d'authentification et d'autorisation d'accès à des données sécurisées par un utilisateur
WO2008034841A2 (fr) Procédé de contrôle d'accès et système de contrôle d'accès à des contenus numériques
EP3062255A1 (fr) Homologation de produits logiciels
EP1010052A1 (fr) Procede de commande de distribution et d'utilisation de produits logiciels dans le cas d'ordinateurs relies au reseau
EP1701281A1 (fr) Procédé et système destinés à la connexion à un service
EP3355141B1 (fr) Système d'opérateur pour un système de contrôle de processus
DE60315900T2 (de) Benutzerzugriff auf unternehmenseinheitendefinitionsregister
EP2491513A1 (fr) Procédé et système de fourniture d'objets de données à protection erdm
DE202021100647U1 (de) Personendatenanonymisierungssystem (PDAS) mit kundenspezifischem Token
DE102023109178B3 (de) System und Verfahren zur Speicherung von Daten, insbesondere von personenbezogenen Daten
WO2011147693A1 (fr) Procédé permettant de fournir des objets de données protégés par edrm (enterprise digital rights management = gestion des droits numériques en entreprise)
EP2169588A1 (fr) Procédé destiné à la garantie de la sécurité
WO2024184150A1 (fr) Système de gestion d'identité et d'accès mis en œuvre par ordinateur, procédé, programme informatique et support d'enregistrement
WO2024213312A1 (fr) Procédé, instance de contrôle et produit-programme informatique pour contrôler l'accès à des données structurées ou à des fonctions d'un agencement d'automatisation industrielle
WO2008119787A1 (fr) Procédé pour fournir des services et/ou des applications à base informatique, dispositif de traitement de données et programme de commande
DE102023106510A1 (de) Verfahren zum Durchsuchen von sensiblen Dokumenten und System hierzu

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07820329

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07820329

Country of ref document: EP

Kind code of ref document: A2

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载