JP2000099477A - Method for managing access to object - Google Patents

Abstract

PROBLEM TO BE SOLVED: To safely protect objects existing on a network by providing the method with a step for connecting 1st authority information to an access identifier (ID) by an access management server and enciphering the connected information by applying a public key owned by the server itself to generate a 1st access key and other steps. SOLUTION: A proxy object 301 generates an access ID and authority information for the ID. Then the object 301 connects the authority information to the access ID and enciphers the connected information by a public key to generate an access key. An HTTP client 50C receives the access key by message exchange using a cipher such as a secure socket layer(SSL) to/from an HTTP server 300. The client 50C receiving the access key connects authority information prepared by itself to a random number generated by itself and enciphers the connected information by the public key to generate an access key.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an object access management system for safely protecting objects existing on a network in a distributed network system in which a plurality of computer systems are interconnected on the network. In particular, a capability (Capabi) describing the access authority of an object
(license) to the client, thereby permitting access to the object.

[0002] The present invention also relates to an object access management method capable of granting an access right to an object between clients on a network system. The present invention relates to an object access management method that can invalidate an object.

[0003]

2. Description of the Related Art Recent developments in the field of information processing and information communication have been remarkable. In this type of technical field, research and development related to interconnecting computer systems, that is, "computer networking", have been actively conducted. The main purpose of interconnecting the systems is to share computer resources by a plurality of users and to share and distribute information.

As a transmission medium for connecting the systems, that is, a “network”, a LAN (Local A) installed in a limited space such as a campus of a university or a business office is used.
area network) and a WAN (Wide Area Network) with a LAN connected by a dedicated line.
Public telephone line (PSTN), ISDN (Integ
rated Service Digital Net
work) and the Internet.

[0005] In general, a network system connects a specific computer on a network to a server (file or file).
Server, print server), and this is constructed as a client-server model in which other clients use each other. Also, on the network,
A distributed environment in which applications are distributed among the computers is realized.

[0006] There are countless objects on a network. For example, the server owns the service object, while the client manages the remote procedure call (Remote Procedure Cal).
1: RPC) or remote method invocation (Remo
te Method Invocation: RMI)
The service can be requested remotely using, for example,. Network is TCP / IP (Transmiss
ion Control Protocol / Inte
rnet Protocol (Internet Protocol) connection, the server is HTTP (Hyper Te)
If the server is an xt Transfer Protocol (HTTP) server, the entity of the service object owned by the HTTP server is an HTML (Hyper Text) for forming a home page in the HTTP client.
Markup Language) file.
The HTTP client is, for example, a URL (Unifor
m Resource Locator).

[0007] By the way, access to an object is generally realized by referring to an access identifier possessed by the object itself. The access identifier is, for example, the name of the object (object identifier)
Sometimes. For example, if the entity of the object is a file, the file name
File access can be achieved by presenting to the system. In a WWW space composed of HTTP servers and clients, URLs correspond to object identifiers. The access identifier is not limited to one-to-one for one object, and one object may prepare a plurality of access identifiers.

[0008] On the other hand, recently, research and development on a technique of restricting access to an object has been advanced. In particular, in a distributed network environment where objects are scattered on a network and a plurality of clients try to access, access control is a very important issue from the viewpoint of security.

One of the methods for restricting access to an object is “capability (Capa).
(Bilty) method. Capabilities are access rights to objects. For example, the capabilities include items such as an expiration date for which access is permitted, the number of permitted remaining accesses, and permitted operations (such as reading, writing, and execution). According to the capability scheme, the object is:
A different capability can be given to each of a plurality of access identifiers prepared for itself. For example, the number of valid accesses is set to 10 for a certain access identifier a1, while access to the other access identifier a2 is limited to three times. Alternatively, all operation rights such as read, write, execute, and delete can be given to the access identifier a1, but only reading can be permitted to the access identifier a2.

[0010] Capabilities have the role of a kind of key that allows access to objects. That is, clients that have capabilities are allowed access to the object. For example, in the case where the network is the Internet in which countless computer systems are connected by TCP / IP, the capability can be described in a URL character string.

By the way, a client user may want to share valuable resources or objects scattered on a network with other users.
For example, when client A (boss) is away from himself,
This is a case where it is desired to entrust the management of the object to the client B (subordinate). In this case, the client A can share one object by delegating the capability to another client B.

However, if the client gives the same capability to another person, the object may suffer an unexpected disadvantage. In the example above,
If client A delegates the same capabilities to client B, client B can continue to access the object after client A returns to work. Also, although it is sufficient for the client B to permit only the read operation of the object, if the client B inadvertently permits the write and execute operations as well as the client A, the object may be unexpectedly falsified.

[0013] In short, while the operation of the network system should allow the delegation of capabilities, the unlimited delegation of capabilities may threaten the security of networks and objects. At the time of delegation, it is necessary to weaken capabilities, for example, by applying a predetermined restriction to operation authority.

Further, in order to prevent unauthorized alteration of the capabilities, even the contents of the capabilities should be kept secret from the assignee of the capabilities. On a network, an access identifier for an object and its capabilities have strong characteristics as secret information in the first place.

Furthermore, a server managing access to an object needs to securely and reliably check a capability generated by a client.

[0016] The client that generated the capability may also need to invalidate the generated capability by detecting or foreseeing a predetermined situation such as an object being at risk.

For example, JP-A-5-81204 discloses that
An access control in a distributed computer system is disclosed. According to the publication, there is provided a method for controlling the proxy use of a privilege attribute certificate (PAC) corresponding to a capability, while using the PAC for many purposes. That is, when distributing a PAC, an initiator key granting attribute corresponding to the initiator entity is included in the PAC, and an encryption key having the initiator qualification attribute is distributed to the initiator entity cryptographically. It has become.

However, according to the method disclosed in Japanese Patent Application Laid-Open No. 5-81204, it is not possible to cope with variations in capabilities such as the expiration date and the number of accesses. In addition, PAs whose starting entity weakened their capabilities
There is no mention of how to create C freely.

Japanese Patent Application Laid-Open No. 9-319659 discloses a method of assigning different capabilities to each user in a non-distributed computer system. According to the publication, the entire computer function is subdivided into an event set having a capability set, and the capability is provided according to the specific job that the user intends to execute on the computer system. ing. However,
The invention according to Japanese Patent Application Laid-Open No. 9-319659 is not applied to a distributed environment in which capabilities cannot be secured safely. Further, the publication does not mention at all a method of safely performing capability inspection between objects.

Japanese Patent Application Laid-Open No. 9-251425 discloses security control of access to system resources in a distributed system. That is, the group identification indicator is stored and tied to the target object, and then using a membership check, the client requesting access to the target object is a group member that has access to the target. It is determined whether or not there is.

However, Japanese Patent Application Laid-Open No. 9-251425 does not disclose a method corresponding to a variation in capability such as a term of use or the number of accesses. Neither does it mention how a capability holder can create or disable new capabilities.

"Amoeba", which is well-known in the art as a distributed OS (Operating System), provides a transferable and difficult-to-counterfeit capability. This is realized by the following mechanism. (1) The client sends an object generation request to the server. (2) The server generates an object and assigns an object number and a random number. The random numbers are stored in an object table indexed by object number. (3) The server generates a capability including a check field obtained by encrypting the authority and the random number using the random number as a key. (4) Return the capability to the client. (5) The client issues an access request indicating the capability to the server. (6) The server extracts the object number and the check field from the capability, and decrypts the authority and the random number from the check field based on the random number stored in the object table. (7) Verify whether the random number obtained as a result of decryption matches the random number stored in the object table. (8) If the requested operation matches the authority described in the capability, the server executes the operation.

Amoebba further has the following mechanism for the capability holder to generate a new capability with reduced authority. (1) Client and server share N commutative one-way functions. (2) The client generates the second authority. (3) The client applies all the one-way functions associated with the numbers corresponding to the authority of the difference between the first authority and the second authority to generate the second check field. (4) The server receives the capability including the second authority and the second check field. (5) The server sequentially applies the one-way function according to the authority field, and executes the operation when it matches the check field presented by the client.

However, although Amoebha defines a method for describing whether or not N rights are permitted using N commutative one-way functions, there are many variations in rights such as usage rights and the number of times. No consideration is given to points corresponding to. Regarding the disabling of capabilities, a method of disabling all capabilities for a certain object by changing the random number held by the server is specified, but a method for disabling a specific capability is specified. Did not mention. For example, there is no provision for invalidating only capabilities created by a holder of a capability or capabilities derived from it.

In Amoebba, the object number itself for accessing the object is not protected at all.

Also, Bjorn published on the Web
N. Freeman-Benson's paper "Usin
g the Web to Private Info
rmation -or- A Short Paper
r About Password Protecti
on With Client Client Modific
ation "(URL is" http: //www1.c
ern. ch / www94 / PrelimProcs.
html ") discloses the handling of confidential URLs (that is, capabilities). The method described in this paper follows the following procedure. (1) The server uses a password / password composed of a set of a login name and a password. (2) The client sends a message composed of a set of a login name and a password to the server (3) The server searches the password list Then, if a set of the login name and the password transmitted from the client is found, the character string obtained by encrypting the login name and the password with the encryption key is included in the URL as an access key and transmitted to the client. (4) The client Requests access to the server using the received URL. Extract the access key from the RL, and decrypted using the encryption key, obtain the original login name and password set of. And, this is the password
Check if it is on the list. (6) If registered, the server permits access to the corresponding object.

[0027] The article also mentions that the client can change the password to invalidate the URL.

However, this paper does not disclose generating a plurality of valid and different URLs (that is, capabilities) for a certain object. Also, not the password holder but the URL
Neither does the holder of the (i.e., capabilities) invalidate the URL.

[0029]

SUMMARY OF THE INVENTION An object of the present invention is to provide a distributed network system in which a plurality of computer systems are interconnected on a network, so that objects existing on the network can be protected safely. Another object of the present invention is to provide an excellent object access management method.

A further object of the present invention is to provide a capability (Capabil) describing the access authority of an object.
It is an object of the present invention to provide an excellent access management scheme of a type in which access to an object is permitted by distributing the client to the client.

A further object of the present invention is to provide an excellent object access management method in which a client having a capability can freely generate a capability whose authority has been changed and delegate it safely to another client. It is in.

A further object of the present invention is to allow a client possessing a capability to freely generate a capability whose authority has been changed, and a server managing an object to securely check the generated capability.
It is to provide an excellent object access control method.

A further object of the present invention is to provide an object access management method in which a client having a capability can freely generate a capability whose authority has been changed, and can reliably invalidate the generated capability. It is in.

[0034]

SUMMARY OF THE INVENTION The present invention has been made in consideration of the above problems, and has a first aspect in which one or more object servers for providing objects and one or more object servers for requesting objects are provided. An object client on a distributed network system in which an object client and an access management server for managing access to an object are connected via a network, wherein (a) the access management server comprises: An access identifier a for accessing the object A, and first authority information P ₁ for the access identifier a
Generating (b) the access management server,
The first authority information P ₁ and the access identifier a are concatenated, encrypted by applying the public key pkey of the public key cryptosystem owned by the first authority information P _1, and the first access key akey ₁ = pkey
Generating (P ₁ , a); (c) distributing the first access key akey ₁ to the object client; and (d) generating the (N−1) th access key akey _N−1 . Object client has
Generates authority information P _N of the N, linked and authority information P _N of the N and an access key akey _N-1 of the N-1, and encrypted by applying the public key pkey, the N Generating an access key akey _N = pkey (P _N , akey _N−1 ) (where N is a positive integer and the 0th access key is an access identifier a), (e) 3.) The object client determines that the Nth access key ak
and the step of requesting access to the object A by presenting the ey _N, (f) access management server, decrypts the access key akey _N of the N by using a secret key skey of public-key encryption system with its own Obtaining the _N- th authority information P _N and the (N−1) -th access key akey _N−1 and checking them; (g) the access management server
A step of permitting access to the object A in response to the success of the test in the step (f).

According to a second aspect of the present invention, there is provided a distributed network system in which one or more object servers for providing objects and one or more object clients for requesting objects are connected via a network. , An access management server for managing access to an object, comprising: (a) means for holding a public key pkey and a secret key skey of a public key cryptosystem; and (b) access for accessing an object A. Means for generating an identifier a, first authority information P ₁ for the access identifier a, and (c) first authority information P ₁
And the access identifier a are concatenated, encrypted by applying the public key pkey, and the first access key akey ₁ = pk
ey (P ₁ , a); (d) means for distributing the first access key akey ₁ to the object client; and (e) Nth access key akey.
Means for receiving an access request to the object A presenting _N (however, the N-th access key akey _N is
Nth authority information P _N and N−1 access key ake
y _N−1 , which is an access key pkey (P _N , akey _N−1 ) generated by applying the public key pkey, where N is a positive integer and the 0th access key Is an access identifier a. ), (F) The N-th access key akey _N is decrypted using the secret key skey, and the N-th authority information P _N and the (N−1) -th access key akey are decrypted.
_N-1 and means for examining them, and (g) means for permitting access to object A in response to a successful test in said means (f). Access management server.

Here, the means (f) may recursively execute the decryption process using the secret key skey until the first access identifier a appears.

Further, the means (f) includes a secret key skey
Authority information P sequentially obtained by decryption processing using
The contexts of ₁ , P ₂ ,..., P _N−1 , P _N may also be checked.

Further, the access management server further stores an invalid access key table holding an invalidated access key and an Mth access key akey _M requested to be invalidated by the object client. Means for registering in a key table, wherein the means (f) comprises an access which is revoked during the recursive decryption processing of the _N- th access key akey _N-1 using the secret key skey. If the key akey _M is obtained, the check may be failed and access to the object A may be denied.

A third aspect of the present invention is a distributed network system in which one or more object servers for providing objects and an access management server for managing access to the objects are connected via a network.
A client that requests access to an object in the system (provided that the access management server holds a public key pkey and a secret key skey of a public key cryptosystem), and (a) an access identifier a First
Means for receiving a first N-1 of the access key akey _N-1 for an object A that has been authorized information P ₁ of the means for generating the authorization information P _N of (b) a N,
(C) Concatenate the _N- th authority information P _N and the (N−1) -th access key akey _N−1 , apply the public key pkey, encrypt the key, and encrypt the _N -th access key akey _N = pkey.
_{(P N, akey N-1} ) means for generating a, (d) using the access key akey _N of the N requests access to an object A, an access key akey _N of the N other objects・ Delegation to client or Nth
Means for requesting revocation of the access key akey _N of the object client.

According to a fourth aspect of the present invention, there are provided at least one object server for providing an object, at least one object client for requesting an object, and an access management server for managing access to an object. Is an object access management method on a distributed network system connected via a network, wherein (a) the access management server comprises:
Access identifier a for accessing object A
Generating the _first authority information P1 for the access identifier a; and (b) the access management server
A one-way function f is applied to the authority information P ₁ and the access identifier a of the first access key akey ₁ = f
Generating (P ₁ , a); (c) distributing the first access key akey ₁ to the object client; and (d) generating the (N−1) th access key akey _N−1 . Object client has
The N-th authority information P _N is generated, and the N-th authority information P _N and the N-th
Applying the one _- way function f to the access key akey _{N−1 of} −1, the Nth access key akey _N = f
(P _N , akey _{N -1} ) and (where N
Is a positive integer, and the 0th access key is an access identifier a. ), (E) object clients, and access key akey _N of the N, each authority information P _1, P _2, ..., presents a P _N-1, P _N, object A
And requesting access to, (f) the access management server, the authority information P _1, P ₂ and received access identifier a of the object A, ..., unidirectional against P _N-1, P N Generating the _Nth access key akey _N again by sequentially applying the function f, and comparing it with the received Nth access key akey _N to check;
(G) allowing the access management server to access the object A in response to the success of the check in (f).

According to a fifth aspect of the present invention, there is provided a distributed network system in which one or more object servers for providing objects and one or more object clients for requesting objects are connected via a network. , An access management server for managing access to an object, comprising: (a) means for providing a one-way function f; (b) an access identifier a for accessing the object A; Means for generating _first authority information P ₁ for
(C) Applying a one-way function f to the first authority information P ₁ and the access identifier a to obtain a first access key ak
means for generating ey ₁ = f (P ₁ , a); (d) means for distributing the first access key akey ₁ to the object client; and (e) Nth access key ak.
ey _N and the authority information P _1, P _2, ..., means for receiving a request for access to P _N-1, the object A which presents the P _N (where access key akey _N N-th, N-th Access key f (P _N , akey _N−1 ) generated by applying the one _- way function f to the authority information P _N of the _N and the (N−1) th access key akey _N−1 . , N are positive integers, and the 0th access key is an access identifier a.), (F) The access identifier a of the object A and the received authority information P ₁ , P _{2 ,. 1} and P _N , by sequentially applying a one-way function f to the N th access
Generate the key akey _N, means for comparing to inspect the first N of the access key akey _N received thereto,
(G) a means for permitting access to the object A in response to the success of the check in the means (f).

Here, the means (f) may also check the context of the received authority information P ₁ , P ₂ ,..., P _N−1 , P _N.

Further, the access management server further stores an invalid access key table holding an invalidated access key and an Mth access key akey _M requested to be invalidated by the object client. Means for registering in a key table, the means (f) being adapted to sequentially apply the one-way function f to generate an _N-th access key akey _N and invalidate the access key akey _{N If M} is obtained, the examination may be failed and access to the object A may be denied.

According to a sixth aspect of the present invention, there is provided a distributed network in which at least one object server for providing an object and an access management server for managing access to the object are connected via a network.
In the system, a client that requests access to an object (provided that the access management server provides a one-way function f), and (a) an access identifier a and first authority information P ₁ -Th access key ake for object A given
means for receiving y _N-1 and each piece of authority information P ₁ , P ₂ ,..., P _N-1 ; (b) means for generating _N-th authority information P _N ;
(C) A one _- way function is applied to the N-th authority information P _N and the (N−1) -th access key akey _N−1 to obtain the _N- th access key akey _N = f (P _N , akey _N-1 ), and (d) an Nth access key akey.
Each authority information P _1, P ₂ to _N, ..., P _N-1 served with, and request access to the object A, the N-th of the access-key a
Delegate key _N to another object client,
Or means for requesting revocation of the N-th access key akey _N.

According to a seventh aspect of the present invention, there are provided at least one object server for providing an object, at least one object client for requesting an object, and an access management server for managing access to a certain object. Is an object access management method on a distributed network system connected via a network, wherein (a) the access management server comprises:
Access identifier a for accessing object A
Generating the _first authority information P1 for the access identifier a; and (b) the access management server
By applying a commutative one-way function f to the authority information P ₁ and the access identifier a of the first access key akey
₁ = f (P ₁ , a); (c) the first access key akey ₁ is distributed to the object client; and (d) the (N−1) th access key akey _N. object clients with _-1, generates authority information P _N of the N, a commutative against authority information P _N and the access key akey _N-1 of the N-1 of the N-way function f to apply the Nth access key ak
generating ey _N = f (P _N , akey _N−1 ) (where N is a positive integer and the 0th access key is an access identifier a), (e) object client Requesting access to the object A by presenting an _N- th access key akey _N and each piece of authority information P ₁ , P ₂ ,..., P _N−1 , P _N ; The management server applies a commutative one-way function f to the access identifier a of the object A and the received authority information P ₁ , P ₂ ,..., P _N−1 , P _{N in} an arbitrary order. Generating an _N-th access key akey _N again, and comparing it with the received N-th access key akey _N for checking; and (g) the access management server performs the check in (f) above. In response to the success of And a step of permitting access to the object.

According to an eighth aspect of the present invention, there is provided a distributed network system in which one or more object servers for providing objects and one or more object clients for requesting objects are connected via a network. An access management server for managing access to an object, comprising: (a) means for providing a commutative one-way function f; (b) an access identifier a for accessing the object A; means for generating a first authorization information P ₁ for the access identifier a, by applying the commutative one-way function f with respect to (c) first authority information P ₁ and the access identifier a, the first Means for generating an access key akey ₁ = f (P ₁ , a);
(D) means for distributing the first access key akey ₁ to an object client, (e) access key akey _N and the authority information of the _{N P 1, P 2, ...} , P N-1,
Means for receiving an access request to the object A presenting P _N (however, the N-th access key akey
_N is the N-th authority information P _N and the (N−1) -th access key a
key _N-1 is generated by applying a commutative one-way function f with respect to the access key _{f (P N, akey N-} 1) is that the, N is a positive integer, the 0 Is an access identifier a. ), (F) the access identifier a of the object A and the received authority information P ₁ , P ₂ ,.
The _N-th access key akey _N is newly generated by applying a commutative one-way function f to P _N-1 and P _{N in} an arbitrary order, and the N-th access key akey _N is received. akey
Means for comparing with _N, and (g) the means (f)
Means for permitting access to the object A in response to the success of the test in (1).

Here, the means (f) may also check the context of the received authority information P ₁ , P ₂ ,..., P _N−1 , P _N.

The access management server further stores an invalid access key table holding an invalidated access key and an Mth access key akey _M requested to be invalidated by the object client. Means for registering in a key table, said means (f) applying a commutative one-way function f in an arbitrary order and invalidating the Nth access key akey _N in the middle of generation Obtained access key akey _M ,
The inspection may be failed and access to the object A may be denied.

According to a ninth aspect of the present invention, there is provided a distributed network in which one or more object servers for providing objects and an access management server for managing access to the objects are connected via a network.
In the system, a client requesting access to an object (provided that the access management server provides a commutative one-way function f),
(A) access identifier a and the first authorization information P ₁ (N-1) th access key akey _N-1 for an object A that received the respective authorization information _{P 1, P 2, ...,} P N-1 means for receiving, (b) means for generating authorization information P _N of the N, (c) access rights information P _N and the N-1 first N
Applying a commutative one-way function to the key akey _N−1 , the Nth access key akey _N = f (P _N , ake
y _N-1 ), and (d) request access to the object A by attaching each authority information P ₁ , P ₂ ,..., P _N-1 to the Nth access key akey _N. Delegating the _Nth access key akey _N to another object client, or requesting the _Nth access key akey _N to be invalidated. .

[0050]

According to the object access management system of the present invention, secret information such as an access identifier and capabilities is transmitted over a network in a form encrypted by an encryption key or a one-way function. Therefore,
The access key for accessing the object is decrypted and the possibility of unauthorized use is extremely low.

Further, since the newly generated authority information is connected to the access key and encrypted to derive a new access key, the variation of the authority information can be increased. .

Further, since the holder of the capability that has generated the authority information can generate a new access key by linking the authority information whose capability has been further weakened, the access authority can be safely transferred. it can.
The holder of the capability will also be authorized to revoke the derived access key.

Still other objects, features and advantages of the present invention are:
It will become apparent from the following more detailed description based on the embodiments of the present invention and the accompanying drawings.

[0054]

BEST MODE FOR CARRYING OUT THE INVENTION First Embodiment The present invention is for controlling access to an object. In particular, it is for controlling access to objects existing on a network on a network system in which a plurality of computer systems are connected via the network.

The network referred to here is mainly a distributed network in which applications are distributed and processed in each computer system. Further, each computer system connected to the network includes an object server (hereinafter, simply referred to as “server”) that owns the object, and an object client (hereinafter, simply “client”) that requests access to the object. To do).

There is also an access management server on the network for managing access to objects (that is, object security management).
The access management server may have its own functions, or may delegate access management to another computer system on the network.

The access management server generates one or more access identifiers for an object in order to manage access to the object. Presenting the access identifier allows access to the object.

The access identifier is usually generated according to a predetermined regularity. For example, if a serial number is included in the identifier, another access identifier can be easily guessed, and the security of the object is compromised. For this reason, the access management server does not distribute the access identifier itself to the client, but instead distributes an access key obtained by performing some processing (for example, encryption) on the original access identifier. Presenting the access key instead of the access identifier also permits access to the object.

Also, it is necessary to restrict the access authority to the object from the viewpoint of security. The access authority includes, for example, the number of permitted accesses (remaining number of accesses), the expiration date of the access, and operations (read, write, delete, execute, etc.) on the permitted objects. In the art, access authority information is also referred to as “capability”.

When generating an access identifier, the access management server also defines the capability given to the access identifier. Also, a plurality of access identifiers can be generated for one object.
The access management server stores each access identifier and its capability in association with a corresponding object. Further, an access key derived from the access identifier may be stored. Further, the access management server includes a public key pkey and a private key s of a public key cryptosystem.
key.

1.1 Operation on Access Management Server The access management server first generates an access identifier a for permitting access to a certain object A.

The access management server generates the _first authority information P ₁ for the access identifier a. The access management server stores the access identifier a in the first authority information P
Store in association with ₁ .

Next, the access management server concatenates (for example, bit concatenates) the access identifier a and the first authority information P ₁ , encrypts them by applying the public key pkey,
Generate a _first access key pkey (P ₁ , a). Further, the access / management server sets the access key p
The key (P ₁ , a) is stored in association with the object A. First authorization information P _1, since it is encrypted with the public key pkey, can not be other than the access management server decrypts.

1.2 Operation at Client Generated First Access akey ₁ = pkey
It is assumed that (P ₁ , a) has been delegated to a certain client via, for example, a network. Since the first access key is encrypted with the public key pkey of the access management server, the client using this key cannot, in principle, read the contents of the authority information P1 given to itself.

The client that has received the access key also obtains the server's public key pkey in preparation for making a change to the access key later.

1.3 Generation of New Access Key The client accesses another client
Sometimes you want to delegate a key. For example, a client A may pass an access key when he / she wants to delegate management of an object to another client B in his absence.

However, if an access key having the same authority information as that of the user is passed to the client B,
You may suffer unexpected disadvantages. For example, if the access key is passed with the same expiration date, client B can continue to access the object after returning. Also, although it is sufficient for the client B to permit only the read operation of the object, if the client B permits the write and execute operations as well as the client A, the security of the object may be threatened. That is, the client A does not always have to grant the same authority as the client A, and sometimes needs to weaken the authority. For example, the expiration date of the access key is restricted, or the operation authority is limited to reading and writing and execution are prohibited.

In such a case, the client itself creates a capability that may be given to another client. This keep the second authority information P _2. Then, the client accesses the first access key pkey (P ₁ ,
a) and connecting the second authorization information P ₂ (e.g., bits consolidated)
Then, a second access key pkey (P ₂ , pkey (P ₁ , a)) is generated by applying the public key pkey.

The second access key is a public key pkey
In because it is encrypted, and the client itself that created the second authority information P2, other than the server with a secret key skey can not decipher the contents of the authority information P ₂ included in the second access key. For example, a client was handed the second access key also, basically, can not confirm the authority information P _2, which was given to him.

In the following, an access key derived Nth from the access identifier a is referred to as an “Nth access key”.
Key "akey _N " and the Nth access key
The authority information given to the key akey _N is referred to as _N-th authority information P _N (where N is an integer equal to or greater than 0, and the 0-th access key is an access identifier a). The following relationship is established between the Nth access key and the (N-1) th access key.

[0071]

(Equation 1)

1.4 Access to Object The client having the Nth access key akey _N requests the access management server that manages the object A to access the object A using this access key. be able to. The access request is sent in the form of a request message containing the access key.

On the other hand, the access management server must verify whether the access key akeyN is valid.

When the access management server receives the request message, the access key akey contained therein is received.
_Take out _N. Then, the access key is restored using the private key skey of the public key cryptosystem owned by the server itself. The above equation is akey _N = pkey (P _N , akey _N-1 )
Therefore, the Nth authority information PN and the (N-1) th access key akey _N-1
Is obtained.

When the obtained access key akey _N-1 matches the stored access identifier a, the access management server ends the restoration processing. If they do not match, another restoration process using the secret key skey is attempted. Such a restoration process is recursively tried until the access key akey _N-1 is successfully compared with the access identifier a.

As a result of the recursive restoration processing, the access management server also obtains a series of authority information P _N , P _N−1 ,..., P ₂ , P ₁ . The access management server may verify the context of this series of authority information. The access management server can specify, for example, that each client that creates an access key is permitted to create authority information only in the direction of weakening authority. Weaker authority means, for example, reducing the number of accesses, shortening the expiration date, or restricting operations. Alternatively, the context may be defined, for example, such that permission enhancement is permitted only for the number of accesses.

As a result of verifying the context of a series of authority information, if the context violates a predetermined rule, the access management server can also consider the access key akey _N in the request message to be invalid.

The access management server determines that the access key akey _N in the request message is valid only when the collation of the access key with the access identifier of the object A and the successful verification of the context of the authority information are successful. Then, access to the corresponding object A is permitted.

1.5 Revocation of Access Key The access management server may be provided with a mechanism for revoking an access key once recognized as valid. This mechanism is realized by providing an invalid access key table for registering a revoked access key.

The client can access and
Send an invalidation request message including the key. When the access management server receives the invalidation request message,
The access key may be taken out and added to the invalid access key table.

When receiving the access request message to the object A, the access management server extracts the access key and recursively restores the access key using the secret key skey (described above). If an access key identical to the access key registered in the invalid access key table appears during the recursive restoration process, the request message is determined to be invalid, and Deny access.

2. Second Embodiment In the first embodiment, in order to generate an access key, a public key and a public key of a public key cryptosystem of the access management server are used. In the second embodiment, a one-way function having two arguments is used instead of the encryption key.
The "one-way function" here is a function for which it is extremely difficult to find an inverse function, and has an effect of making it impossible to estimate the value of an argument before applying the function.
Access management server and client have two arguments (x, y)
Share the one-way function f (x, y).

2.1 Operation on Access Management Server The access management server first generates an access identifier a for permitting access to a certain object A.

The access management server generates the _first authority information P ₁ for the access identifier “a”. The access management server stores the access identifier in association with the authority information. The first and the authority information P _1, is that the rights That capability is given to those presented access identifier a (described above).

Next, the access management server generates a _first access key f (P ₁ , a) by applying the one-way function f to the access identifier a and the first authority information P ₁ . The access management server has a first access key f
(P ₁ , a) is stored in association with the object A.

2.2 Operation on Client The generated first access key f (P ₁ , a) is transmitted to a client permitted to access the object A, for example, via a network. A client having a valid access key f (P ₁ , a) is permitted to access the object A by presenting it.

The client that has received the access key also acquires a one-way function used by the access management server in preparation for making a later change to the access key authority information.

2.3 Generation of New Access Key The client accesses another client
You may want to delegate a key (see above).

In such a case, the client itself creates a capability that can be given to another client. This keep the second authority information P _2. Then, the client further applies a one-way function f to the first access key f (P ₁ , a) and the second authority information P ₂ to obtain the second access key f (P ₂ , F (P ₁ ,
a)).

The parameter value of the one-way function f cannot be decrypted by the access management server. Therefore, so as the second access key and attach the second authorization information P ₂ delegating second access key.

In the following, an access key derived Nth from the access identifier a is referred to as an “Nth access key”.
Key "akey _N " and the Nth access key
The authority information given to the key akey _N is referred to as _N-th authority information P _N (where N is an integer equal to or greater than 0, and the 0-th access key is an access identifier a). The following relationship is established between the Nth access key and the (N-1) th access key.

[0092]

(Equation 2)

Once the one-way function f is applied, the authority information P _N cannot be decrypted. Therefore, the client that has created the access key distributes the access key f (P _N , akey _N−1 ) with the authority information P _N. As a result, in the message for transmitting the Nth access key, all the authority information P ₁ , P ₂ ,..., P _N−1 , P _N included in the access key are enclosed.

2.4 Access to Object The client having the Nth access key akey _N requests the access management server that manages the object A to access the object A using the access key. be able to.

However, the access management server cannot decrypt the _N-th access key akey _N to which the one-way function f has been applied. For this reason, the client transmits in the form of a request message along with all the authority information P ₁ , P ₂ ,..., P _N−1 , P _N attached when receiving the access key akey _N. .

On the other hand, the access management server verifies whether the access key akey _N is valid.

When the access management server receives the request message, the access key akey contained therein is received.
_N and all authority information P ₁ , P ₂ ,..., P _N−1 , P _N are extracted. Then, using the one-way function f, the first access key akey ₁ (= f (P ₁ , a)) and the second access key akey ₂ (= f (P ₂ , f (P ₁ , a))),
..., Nth access key akey _N (= f (P _N , ak
ey _N-1 )) are sequentially generated.

[0098] Then, the access management server, determines that the N-th of the access key akey _N generated himself, if consistent with the access key akey _N, which has been included in the request message, the collation of the access key was successful I do.

The access management server may verify the context (described above) for a series of authority information included in the request message.

The access management server sets the access key a
The access key ak in the request message is only obtained when the check of the key _N and the context verification of the authority information are successful.
ey _N is determined to be valid. Then, access to the corresponding object is granted.

2.5 Revocation of Access Key The access management server may be provided with a mechanism for revoking an access key once recognized as valid. This mechanism is realized by providing an invalid access key table for registering a revoked access key.

The client can access and
Send an invalidation request message including the key. When the access management server receives the invalidation request message,
The access key may be taken out and added to the invalid access key table.

When the access management server receives the access request message for the object A, the access key, akey _N, and all authority information P ₁ , P ₂ ,..., P _N−1 ,
Take out _PN . Then, using the one-way function f, the first access key akey ₁ (= f (P ₁ , a)) and the second access key akey ₂ (= f (P ₂ , f (P ₁ ,
a))),..., the N-th access key akeyN (= f
(P _N , akey _N−1 )) are sequentially generated (described above).

During the access key generation process,
When an access key registered in the invalid access key table appears, the request message is determined to be invalid, and access to the corresponding object A is rejected.

3. Third Embodiment In the second embodiment, a one-way function having two arguments is used to generate an access key. In the third embodiment, it is assumed that this one-way function is commutative. The commutative one-way function is a one-way function that satisfies the following equation.

[0106]

(Equation 3)

It is assumed that the access management server and the client share a commutative one-way function f (x, y).

3.1 Operation on Access Management Server The access management server first generates an access identifier a for permitting access to a certain object A.

Further, the access management server generates the _first authority information P ₁ for the access identifier “a”. The access management server stores the access identifier in association with the authority information. The first and the authority information P _1, is that the rights That capability is given to those presented access identifier a (described above).

Next, the access management server sets a one-way function f commutable to the access identifier a and the first authority information P _1.
To generate a _first access key f (P ₁ , a). The access management server stores the first access key f (P ₁ , a) in association with the object A.

3.2 Operation on Client The generated first access key f (P ₁ , a) is transmitted to a client permitted to access the object, for example, via a network. Legitimate access
The client having the key f (P ₁ , a) is permitted to access the object A by presenting it.

The client that has received the access key also obtains a commutative one-way function f used by the access management server in preparation for making a later change to the access key authority information. .

3.3 Generation of New Access Key The client accesses another client and
You may want to delegate a key (see above).

In such a case, the client itself creates a capability that can be given to another client. This keep the second authority information P _2. Then, the client further applies a commutative one-way function f to the first access key f (P ₁ , a) and the second authority information P ₂ to obtain the second access key f (P ₂ , f
(P ₁ , a)) is generated.

The parameter values of the commutative one-way function f are
The access management server cannot be decrypted. Therefore, so as the second access key and attach the second authorization information P ₂ delegating second access key.

In the following, an access key derived Nth from the access identifier a is referred to as an “Nth access key”.
Key "akey _N " and the Nth access key
The authority information given to the key akey _N is referred to as _N-th authority information P _N (where N is an integer equal to or greater than 0, and the 0-th access key is an access identifier a). The following relationship is established between the Nth access key and the (N-1) th access key.

[0117]

(Equation 4)

Once the commutative one-way function f is applied,
The authority information P _N becomes indecipherable. For this reason, the client that created the access key transmits the authority information P _N
And distribute the access key f (P _N , akey _N−1 ). As a result, in the message for transmitting the Nth access key, all the authority information P ₁ , P ₂ ,..., P _N−1 , P _N included in the access key are enclosed.

3.4 Access to Object The client having the Nth access key akey _N requests the access management server that manages the object A to access the object A using this access key. be able to.

However, the access management server performs the Nth access key akey _N to which the commutative one-way function f is applied.
Can't decipher For this reason, the client transmits in the form of a request message along with all the authority information P ₁ , P ₂ ,..., P _N−1 , P _N attached when receiving the access key akey _N. .

On the other hand, the access management server verifies whether the access key akey _N is valid.

When the access management server receives the request message, the access key akey contained therein is received.
_N and all authority information P ₁ , P ₂ ,..., P _N−1 , P _N are extracted. Then, each access key is generated by itself using the commutative one-way function f. Where the commutative one-way function f
Does not need to maintain order, so that each access key can be generated in any order.

[0123] Then, the access management server, determines that the N-th of the access key akey _N generated himself, if consistent with the access key akey _N, which has been included in the request message, the collation of the access key was successful I do.

The access management server may verify the context (described above) for a series of authority information included in the request message.

The access management server sets the access key a
The access key ak in the request message is only obtained when the check of the key _N and the context verification of the authority information are successful.
ey _N is determined to be valid. Then, access to the corresponding object A is permitted.

In the third embodiment, the first and the second
A mechanism for revoking an access key may be provided as in the embodiment. However, since it can be realized by substantially the same mechanism as the second embodiment, it will not be described here.

[0127]

Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 schematically shows a configuration of a network system 100 provided for implementing the present invention.
As shown in FIG.
A plurality of computer systems 50A, 50B,... Are connected on a network 10 as a data transmission medium.

The network 10 is a LAN (Loc) installed in a limited space such as a university or company premises.
al Area Network). Or,
A LAN (Wi-Fi) in which LANs are interconnected by a dedicated line
de Area Network) or a public switched telephone network (PSTN: Public Switched Tel)
ephone Network), ISDN (Inte
graded Service Digital Ne
work), or the Internet, which is a large collection of these networks. Network 10
Is mainly for each connected computer system 5
0A, 50B,... Are distributed networks that perform distributed processing of applications.

Each computer system 50A, 50
B, ... are LAN adapters, modems, TAs (Termi
nal adapter (DCA)
Data Circuit Terminating
(Equipment) to the network 10. Each computer system 50A, 50
B,... Are divided into an object server that owns the object and an object client that requests access to the object. Although it may be a dedicated machine designed specifically for the function of the server or the client, it may be a general-purpose machine that generally operates by introducing a server or client application. Each of the computer systems 50A, 50B,...
smission Control Protocol /
Internet Protocol) connection.

The object servers 50A, 50B
Own multiple objects. An example of an object is an HTML (Hype) for forming a homepage.
rtext Markup Language) file. The HTML file is HTTP (Hyper
Since it can be transmitted on the network 10 according to a text transfer protocol (text transfer protocol), it is referred to as an “HTTP object” below. One object client 50
C, 50D and 50E are URL (Uniform Re
The location of an HTTP object can be specified in the form of a source locator.

Further, on the network, HTT
There is also an access management server for managing access management to P objects (ie, object security). While another computer system on the network 10 can act as the access management server, the object server itself can have the access management function. In each embodiment described later, the “proxy object” in the object server is H
Assume that access control to the TTP object is performed.

FIG. 2 schematically shows the configuration of the HTTP object server 50A. It should be understood that the other object server 50B (not shown) has a similar configuration. As shown in the figure, the object server 50A includes N HTTP objects 321 to 32.
N, a proxy object 301 that manages access to each HTTP object. The URL of the object server 50A is SSL (Secur
It is expressed as “https: // www300 /” according to the HTTP protocol using eSocket Layer. (In the following embodiments, SSL is used to securely transfer secret information such as capabilities via a network. However, in general, other communication systems that perform encryption, or do not perform encryption Even if a communication method is used, the effects of the present invention can be achieved.)

[0134] The proxy object 301
Generate a reference to the TP object, that is, an access identifier. Two or more access identifiers may be generated for one HTTP object. Each access identifier for the same HTTP object includes:
An access right, that is, a capability is individually given. The proxy object 301 generates an access right holding unit for each access identifier in order to manage individual access rights.

In the example shown in FIG. 2, at least two access identifiers have been generated for a certain HTTP object 391, and the proxy object 301 has access authority holding units 311 and 31M for each access identifier. Has been generated.

The access authority holding unit 311 includes an access identifier holding unit 321 and a capability list holding unit 3
31, an invalid list holding unit 341, and a reference holding unit 351. Other access authority holding unit 31
It is to be understood that M ... has substantially the same configuration as the access authority holding unit 311.

The access identifier holding unit 311 is a unit for storing a given access identifier. The reference holding unit 351 stores the HTT corresponding to the access identifier.
A unit that stores a pointer to the P object 391.

In the access identifier, authority for the corresponding HTTP object is specified. The authority referred to here is an operation authority (for example, read only, read / write permission, and execution permission) for the HTTP object, an access expiration date, a valid access count, and the like. These pieces of authority information are called “capabilities”. Capabilities are originally provided by the proxy object 301, but are provided with an access key-assigned HTT as described later.
Created sequentially by P clients. The capability list holding unit 331 is a unit that stores the current authority content of each capability derived from one access identifier.

The client that has generated (or received) the access key is allowed to invalidate the access key. The invalid list holding unit 341 includes:
This unit stores an invalidated access key derived from one access identifier.

The access authority holding units 311,..., 31 M generated in the proxy object 301 constitute one access authority set 302.

In this embodiment, the access protection for the HTTP object is realized by expressing the capability using the URL and converting the URL into a format that is difficult to guess using the encryption. Hereinafter, each embodiment will be described.

1. First Embodiment In the first embodiment, a public key pkey and a private key skey of a public key cryptosystem held by the proxy object 301 are used to protect the security of authority information relating to each access identifier.

The proxy object 301 generates the access identifier a and the authority information P1 corresponding to the access identifier a. Further, the proxy object 301 stores the authority information P ₁
And the access identifier are concatenated and encrypted with the public key pkey, so that the access key akey ₁ = pkey
y (P ₁ .a).

The HTTP client 50C sends the HTTP
SSL (Secure Soc) with the server 300
The access key akey ₁ is received by exchanging messages using cryptography such as “ket Layer”.

HT receiving access key akey ₁
The TP client 50C creates the authority information created by itself.
GET, 2, Apr: 24: 10: 00: 48: 199
8: GMT, Apr: 24: 10: 05: 48: 199
8: GMT ”and the random number Rnd1 generated by itself, and by encrypting this with the public key pkey,
An access key akey ₂ shown in the following expression [Equation 5] is generated. However, the authority content may include an upper limit of a usable storage capacity and an upper limit of a processor occupation time in addition to an executable method. Also, any other expression format may be used to describe the authority information.

[0146]

(Equation 5)

[0147] access key akey ₂ is, for objects that are tied to the akey _1, at the time of the world 199
10:00:48 on April 24 of 8th to 10:05:48
It includes authority information indicating that the GET method can be executed twice in seconds.

Next, the HTTP client 50C
The access key akey ₂ is used to generate the URL shown in the following expression [Equation 6].

[0149]

(Equation 6)

Then, the HTTP client 50C
This URL is transmitted to another HTTP client 50D.

The HTTP client 50D transmits the UR
L on the network 10 (in this example, the proxy object 30
1 is connected to the HTTP server 300 operating with the SSL, and transmits a message represented by the following equation (7).

[0152]

(Equation 7)

[0153] HTTP server 300, upon receiving this message, and methods GET from the message, the string corresponding to the access key akey _{2 2} "akey
1, GET, 2, Apr: 24: 10: 00: 48: 1
998: GMT, Apr: 24: 10: 05: 48: 1
998: GMT, Rnd1 "is extracted and input to the proxy object 301.

The proxy object 301 decrypts the secret key skey by applying its own secret key, and finds that the capability given to the access key akey ₂ is “a
For the object associated with key ₁ , 10:10:48 on April 24, 1998, universal time
It is the right to execute the GET method twice at 5:48:48 ".

Also, the proxy object 301 is
Get the current time in universal time. For example, if the current time is 19
If the time is 10:01:48 on April 24, 1998, the capability list holding unit 331 stores the capability represented by the following expression (8) and stores the capability in the HTTP object 391 linked to the access key. Then, a message GET is transmitted.

[0156]

(Equation 8)

Here, the HTTP client 50
Consider the operation when D sends the same message as shown in [Equation 7] to the HTTP server 300.

[0158] HTTP server 300, upon receiving the message, and methods GET from the message, the string corresponding to the access key akey ₂ "akey1, G
ET, 2, Apr: 24: 10: 00: 48: 199
8: GMT, Apr: 24: 10: 05: 48: 199
8: GMT, Rnd1 ”is extracted and input to the proxy object 301.

The proxy object 301 searches for an access key registered in the access authority set 302 and determines whether or not the same key as the access key akey ₂ has already been registered. Then, the capability list holding unit 331 derives that the current content of the capability corresponding to the access key akey ₂ is as shown in the following [Equation 9].

[0160]

(Equation 9)

The proxy object 301 obtains the current time in universal time. For example, if the current time is 10:03:48 on April 24, 1998, after changing the contents of the entry in the capability list holding unit 331 as follows, the message GET is sent to the HTTP object 391. Send The content of the capability change performed here is to reduce the remaining number of times by one.

[0162]

(Equation 10)

Thereafter, the proxy object 301
Deletes the entry in the capability list holding unit 331 when the current time in universal time has passed 10:05:48 (the capability corresponding to the entry expires even if it is not deleted).

[0164] 2. Second Embodiment In the second embodiment, a one-way function f held by the proxy object 301 is used to secure the security of the authority information on each access identifier. The "one-way function" is a function for which it is extremely difficult to find an inverse function, and has an effect of making it impossible to estimate the value of an argument before applying the function. The one-way function used in this embodiment may be commutative.

The proxy object 301 is an HTT
For one reference of P object 391,
An access identifier a is generated, and this is referred to as an access identifier 32
Save with 1.

Next, the proxy object 301 generates a capability identifier Rnd0 and stores it in the capability list holding unit 331.

Further, capability object 3
01 applies the one-way function f to the right information right1 describing the contents of the right that permits the HTTP client to access (operate) the HTTP object and the capability identifier Rnd0, and is expressed by the following equation [Equation 11]. Such capability cap1 is generated. cap1
Is represented as a set of two bit strings.

[0168]

[Equation 11]

The first term of the above two-item set functions as a check field for preventing unauthorized alteration of the authority information, and the second item describes the authority change history in a list. .

The authority information right1 included in the above expression is:
April 24, 1998, 00:00:00 to April 2, universal time
It indicates that the GET method is allowed to be executed five times during 00:00:05 on the 5th, and the following [Equation 1]
2].

[0171]

(Equation 12)

However, the authority content right1 may include an upper limit of usable storage capacity and an upper limit of processor occupation time in addition to the executable method.
Also, any other expression format may be used to describe the authority information.

Next, the proxy object 301
Generates a URL character string shown in the following [Equation 13] including a server name, an access identifier, and a capability,
The message is transmitted to the TTP client 50C.

[0174]

(Equation 13)

The HTTP client 50 C
By message exchange with the server 300 using encryption,
Receive a URL that includes capability cap1.

In the following, the HTTP client 50C
However, an operation of weakening the authority acquired from the HTTP server 300 and delegating the authority to another HTTP 50D will be described.

The HTTP client 50C generates a new right2 shown in the following [Equation 14] and a capability identifier Rnd2.

[0178]

[Equation 14]

The authority information right2 described above describes the authority to execute the GET message twice from 10: 0: 48 to 10:05:48 on April 24, 1998 in universal time. are doing. The HTTP client 50C uses the one-way function f as a bit string representing a binomial set, and the capability ca as represented by the following expression [Equation 15].
Generate p2.

[0180]

(Equation 15)

Next, the HTTP client 50C
Based on cap2, a UR as shown in [Equation 16] below is used.
An L character string is generated and transmitted to another HTTP client 50D.

[0182]

(Equation 16)

[0183] The HTTP client 50D is
According to the URL received from the client 50C, a connection is established with the HTTP server 300 operating on the host represented by www300 on the network using SSL, and a message represented by the following [Equation 17] is transmitted.

[0184]

[Equation 17]

Upon receiving the message, the HTTP server 300 extracts a GET method, an access identifier a, and a capability cap2 from the message (the capability cap2 is formed by a character string shown in [Equation 15]). ). Then, the HTTP server 30
0 sets these parameters to proxy object 3
Enter 01.

The proxy object 301 searches for the input access identifier a in the access authority set 302, and the capability identifier Rnd0 held by the capability list holding unit 331 in the corresponding access authority holding unit 311. To get.

Next, the proxy object 301
Executes the following << Processing Procedure 1 >>.

[0188]

(Equation 18)

However, as the one-way function f, a one-way function having commutability as in the following equation can be used.

[0190]

[Equation 19]

By using the commutative one-way function f and executing the following <Processing Procedure 2> ignoring the order of the change history, the same processing result as in <Processing Procedure 1> can be obtained. can get.

[0192]

(Equation 20)

The use of the commutative one-way function f means that it is not necessary to hold the order of the histories as a method of holding the list indicating the change history, which is the second term of the capability. For example, the list can be divided and held for each operation permitted by the authority, or the list can be held with the authority corresponding to a specific bit field, regardless of the order of the history.

As a result of executing the <procedure 2>, the proxy object 301 determines that the content of the capability included in the message is “with respect to the object linked to cap1 on April 24, 1998 in universal time.
Between 10:00:48 and 10: 5: 48 on the day, GE
The right to execute two T methods is determined. "

Further, the proxy object 301
Searches the capability list holding unit 331 using the capability identifiers Rnd1 and Rnd2 as keys. Since the corresponding entry is not in the list, the current time in universal time is obtained, and since the current time is on April 24, 1998 at 10:01:48, ie, within the expiration date of the given capability, the capability list is obtained. Holder 33
Save the following entries in 1.

[0196]

(Equation 21)

Then, the proxy object 301
Sends a message GET to the corresponding HTTP object 391 and
Is transmitted to the requesting HTTP client.

Here, if the HTTP client 50D is H
The operation when the same message as that shown in [Equation 17] is transmitted to the TTP server 300 will be described.

The proxy object 301 verifies the authority information in the message in accordance with << Processing Procedure 1 >> or << Processing Procedure 2 >>, and then acquires the capability identifier Rnd1 included in the received capability cap2.
Then, the capability list holding unit 331 is searched using the key and Rnd2 as keys, and the following history is extracted from the corresponding entry.

[0200]

(Equation 22)

Then, the proxy object 301
Sends the message GET to the corresponding HTTP object 391 after changing the contents of the history of the entry as follows. The content of the capability change performed here is to reduce the remaining number of times by one.

[0202]

(Equation 23)

Thereafter, the proxy object 301
Deletes the entry corresponding to the identifier Rnd2 in the capability list holding unit 331 at 10:05:48 UTC (the capability corresponding to the entry expires even if it is not deleted).

Next, the capability c provided by the HTTP client 50C to another HTTP client 50D
The process of invalidating ap2 will be described.

In this case, the HTTP client 50C
Is the access identifier a, the capability cap1 shown in [Equation 11], and the capability identifier Rn included in the capability given to the HTTP client 50D.
Based on d2, a message represented by the following expression [Formula 24] is generated and transmitted to the HTTP server 300.

[0206]

(Equation 24)

[0207] This message includes a content requesting the access right holding unit 321 having the access identifier a to invalidate the capability cap2 derived from the capability cap1.

In contrast, the proxy object 30
1 can execute “Processing Procedure 3” as described below to verify whether the capability cap2 is derived from the capability cap1.

[0209]

(Equation 25)

[0210] When the second capability cap2 included in the invalidation request is a derivative of the first capability cap1, the proxy object 301 stores the capability cap2 in the invalidation list holding unit 341 of the access identifier included in the request. Register additionally.

It should be noted that, among the invalidated capabilities, those which become invalid due to the expiration date of the authority in the first place may be removed from the invalidation list.

[Supplement] The present invention has been described in detail with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiment without departing from the spirit of the present invention. That is, the present invention has been disclosed by way of example, and should not be construed as limiting. In order to determine the gist of the present invention, the claims described at the beginning should be considered.

[0213]

As described above in detail, according to the present invention,
In a distributed network system in which a plurality of computer systems are interconnected on a network,
It is possible to provide an excellent object access management method capable of safely protecting objects existing on a network.

Further, according to the present invention, a capability (Capability) describing the access authority of an object is described.
An excellent access management scheme of a type that permits access to an object by distributing the client to the client can be provided.

Further, according to the present invention, there is provided an excellent object access management system in which a client having a capability can freely generate a capability whose authority has been changed and can safely transfer the capability to another client. be able to.

Further, according to the present invention, a client having a capability can freely generate a capability whose authority has been changed, and a server which manages an object can securely check the generated capability.
An excellent object access management method can be provided.

Further, according to the present invention, there is provided an excellent object access management method in which a client having a capability can freely generate a capability whose authority has been changed, and can reliably invalidate the generated capability. Can be provided.

[Brief description of the drawings]

FIG. 1 is a diagram schematically showing a configuration of a network system 100 provided for implementing the present invention.

FIG. 2 is a diagram schematically showing a configuration of an object server 50A.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 10 ... Network 50 ... Computer system 100 ... Network system 300 ... HTTP server 301 ... Proxy object 302 ... Access right set 311, 31M ... Access right holding | maintenance part 321, 32M ... Access identifier holding | maintenance part 331, 33M ... Capability list Holding units 341, 34M: invalid list holding units 351, 35M: reference holding units 391, 39M: HTTP objects

Claims (16)

[Claims] 1. A distributed system in which one or more object servers for providing objects, one or more object clients for requesting objects, and an access management server for managing access to an object are connected via a network. An object access management method on a network system, comprising:
A step in which the access management server generates an access identifier a for accessing the object A and first authority information P ₁ for the access identifier a; (b) the access management server generates the first authority information P ₁ Concatenates the access identifier a and the public key pk of its own public key cryptosystem.
key and encrypt the first access key ake
generating y ₁ = pkey (P ₁ , a);
(C) a step of first access key akey ₁ is distributed to an object client, (d) the N-
Object with access key akey _N-1 of ₁
The client generates the N-th authority information P _N ,
Authority information P _N and the (N−1) th access key akey _N−1
And the public key pkey is applied for encryption, and the N-th access key akey _N = pkey (P _N , ake
y _N-1 ) (where N is a positive integer and the 0th access key is an access identifier a), and (e) the object client transmits the Nth access key. requesting access to the object A by presenting the akey _N , and (f) the access management server decrypts the N-th access key akey _N using its own public key cryptosystem secret key skey. hand,
Nth authority information P _N and N−1 access key ake
obtaining y _N-1 and checking them; and (g) allowing the access management server to access the object A in response to the success of the check in (f). An object access management method characterized by including: 2. A system for managing access to an object on a distributed network system in which one or more object servers for providing the object and one or more object clients for requesting the object are connected via a network. (A) means for holding a public key pkey and a secret key skey of a public key cryptosystem, and (b) an object A
, An access identifier a for accessing, and means for generating _first authority information P ₁ for the access identifier a;
(C) means for concatenating the first authority information P ₁ and the access identifier a, applying the public key pkey and encrypting the same, and generating a first access key akey ₁ = pkey (P ₁ , a) , (d) means for distributing the first access key akey ₁ to an object client, means for receiving a request for access to the object a which presents the access key akey _N of (e) a N (where, The N-th access key akey _N connects the N-th authority information P _N and the (N−1) -th access key akey _N−1 and generates a public key pkey.
An access key pkey (P _N ,
akey _N-1 ), where N is a positive integer and the 0th access key is an access identifier a. ),
(F) Nth access key a using secret key skey
means for decrypting the key _N to obtain the N-th authority information P _N and the (N-1) -th access key akey _N-1 ; and (g) checking the means (f) successfully. Means for permitting access to the object A in response to the request. 3. The access management server according to claim 2, wherein the means (f) recursively executes a decryption process using the secret key skey until the first access identifier a appears. . 4. The means (f) comprises: each of the authority information P ₁ ,
P _2, ..., the access management server according to claim 3, characterized in that also examining the context of P _N-1, P N. 5. An invalid access key table for holding an invalidated access key, and an M-th invalidated key table requested to be invalidated by an object client.
Means for registering the access key akeyM in the invalid access key table, wherein the means (f) recursively decrypts the _N- th access key akey _N-1 using the secret key skey. 5. The access management server according to claim 3, wherein if an invalidated access key akey _M is obtained during processing, the inspection is failed and access to the object A is rejected. 6. . 6. A request for access to an object on a distributed network system in which one or more object servers for providing the object and an access management server for managing access to the object are connected via a network. Client (where the access management server is the public key pk of the public key cryptosystem)
ey and a secret key skey), (a)
Access identifier a and the N-1 of the access key ak for the first object A that has been authorized information P ₁
ey _N-1 , (b) means for generating _N-th authority information P _N , (c) N-th authority information P _N and N-1
Concatenated with the access key akey _{N-1 of}
key and encrypt the Nth access key ak
means for generating ey _N = pkey (P _N , akey _N−1 ); and (d) requesting access to the object A using the _N-th access key akey _N ,
Means for delegating key akey _N to another object client or requesting revocation of _Nth access key akey _N. 7. A distributed system in which one or more object servers for providing objects, one or more object clients for requesting objects, and an access management server for managing access to an object are connected via a network. An object access management method on a network system, comprising:
A step in which the access management server generates an access identifier a for accessing the object A and first authority information P ₁ for the access identifier a; (b) the access management server generates the first authority information P ₁ Generating a _first access key akey ₁ = f (P ₁ , a) by applying a one-way function f to the access identifier a; and (c) generating the first access key akey ₁ a step to be distributed to an object client, (d) object client with access key akey _N-1 of the (N-1) generates a rights information P _N of the N, authorization information of the N P _N And the N-1th access key akey
Applying a one _- way function f to _N−1 to generate an _Nth access key akey _N = f (P _N , akey _N−1 ), where N is a positive integer. , The 0th access key is an access identifier a), and (e) the object client determines that the Nth access key ak
and ey _N, privileges information P _1, P _2, ..., presents a P _N-1, P N, and requesting access to the object A, the (f) access management server, access the object A Identifier a and each received authority information P ₁ , P ₂ ,.
_{The N-th} access key akey _N is newly generated by sequentially applying the one-way function f to _N−1 and P _N , and this is compared with the received _N-th access key akey _N. Inspecting; and (g) allowing the access management server to access the object A in response to the success of the inspection in (f). Method. 8. A system for managing access to an object on a distributed network system in which one or more object servers for providing the object and one or more object clients for requesting the object are connected via a network. Access management server for providing (a) a one-way function f;
(B) An access identifier a for accessing the object A, and first authority information P for the access identifier a
Means for generating a _1, (c) by applying a one-way function f with respect to the first authorization information P ₁ and the access identifier a, the first access key _{akey 1 = f (P 1,} a) (D) means for distributing the first access key akey ₁ to the object client; (e) Nth access key akey _N and each piece of authority information P ₁ , P ₂ ,...
Means for receiving an access request to the object A presenting P _N-1 and P _N (however, the Nth access key ake
y _N is an access key f (P _N , akey _N−) generated by applying a one _- way function f to the N-th authority information P _N and the (N−1) -th access key akey _N−1 . ₁ ), where N is a positive integer and the 0th access key is an access identifier a. ), (F) The access identifier a of the object A and the received authority information P ₁ , P ₂ ,.
_{The N-th} access key akey _N is newly generated by sequentially applying the one-way function f to _N−1 and P _N , and this is compared with the received _N-th access key akey _N. An access management server comprising: means for checking; and (g) means for permitting access to the object A in response to the success of the check in the means (f). 9. The means (f) receives the received authority information P
_1, P _2, ..., the access management server according to claim 8, characterized in that also examining the context of P _N-1, P N. 10. An invalid access key table holding an invalidated access key, and an M-th invalidated key table requested to be invalidated by an object client.
Means for registering the access key akey _M in the invalid access key table, wherein the means (f) sequentially applies the one-way function f to the Nth
10. The access according to claim 9, wherein if an invalidated access key akey _M is obtained during the generation of the access key akey _N , the check fails and access to the object A is rejected. 11. Management server. 11. A request for access to an object on a distributed network system in which one or more object servers for providing the object and an access management server for managing access to the object are connected via a network. Client (provided that the access management server provides the one-way function f), and (a) an N-th object A of the object A given the access identifier a and the first authority information P ₁
-1 access key akey _N-1 and each authority information P ₁ , P
_2, ..., P means for receiving the _N-1, (b) means for generating authorization information P _N of the N, (c) the N-th permission information P _N and the N
Applying a one _- way function to the access key akey _{N−1 of} −1, the Nth access key akey _N = f
_{(P N, akey N-1} ) means for generating a, (d) the authorization information P ₁ to the N of the access key akey _N, P _2, ...,
Request access to object A with P _N-1 , delegate _Nth access key akey _N to another object client, or request invalidation of _Nth access key akey _N Means for doing so. 12. A distributed system in which one or more object servers for providing objects, one or more object clients for requesting objects, and an access management server for managing access to an object are connected via a network. Object access management method on a mobile network system,
(A) an access management server generating an access identifier a for accessing the object A and first authority information P ₁ for the access identifier a;
(B) The access management server applies a commutative one-way function f to the first authority information P ₁ and the access identifier a to obtain a first access key akey ₁ = f (P ₁ , a ) And (c) a first access key ak
ey ₁ is distributed to object clients; and (d) N-1 th access key akey _N-1
Generates the N-th authority information P _N and generates a commutative one-way function f for the N-th authority information P _N and the (N−1) -th access key akey _N−1 . Applying the Nth access key akey _N = f (P _N , a
key _N-1 ) (where N is a positive integer, and the 0th access key is an access identifier a).
Access key akey _N and the respective authority information P ₁ , P ₂ ,
, P _N-1 , P _N , and requesting access to the object A; and (f) the access management server sets the access identifier a of the object A and the received authority information P ₁ , P _2. ,..., P _N−1 , P _N , by applying a commutative one-way function f in an arbitrary order to generate an _N-th access key akey _N again, a step of examining by comparing the access key akey _N, (g) access management server, in response to the test in the (f) is successful, the steps of allowing access to the object a, the An object access management method characterized by including: 13. A system for managing access to an object on a distributed network system in which one or more object servers for providing the object and one or more object clients for requesting the object are connected via a network. (A) means for providing a commutative one-way function f, (b) an access identifier a for accessing an object A, and first authority information for the access identifier a Means for generating P ₁ , and (c) first authority information P ₁
By applying a commutative one-way function f to the access identifier a and the first access key akey ₁ = f (P ₁ ,
means for generating a) and (d) a first access key a
and a means of distributing the key ₁ to the object client, (e) access key akey _N and each authority information P ₁ of the _{N, P 2, ..., P} N-1, object A presented the P _N
Means for receiving a request to access (provided that access key akey _N N-th, authorization information of the N P _N and the N-1
An access key f (P _N , P _N) generated by applying a commutative one-way function f to the access key a key _N−1 of
akey _N-1 ), where N is a positive integer and the 0th access key is an access identifier a. ),
(F) Applying a commutative one-way function f to the access identifier a of the object A and the received authority information P ₁ , P ₂ ,..., P _N−1 , P _{N in} an arbitrary order, Means for generating an _N-th access key akey _N again, comparing the generated access key akey _N with the received N-th access key akey _N, and (g) determining that the check in the means (f) is successful. Means for responding and permitting access to the object A. 14. The access according to claim 13, wherein said means (f) also checks the context of each of the received authority information P ₁ , P ₂ ,..., P _N−1 , P _N. Management server. 15. An invalid access key table holding an invalidated access key, and an M-th invalidated key requested to be invalidated by an object client.
Means for registering the access key akey _M in the invalid access key table, wherein the means (f) applies a commutative one-way function f in an arbitrary order to obtain the N-th access key. Upon obtaining a disabled access key akey _M in the course of generating key akey _N, access management server according to claim 13 which fail the test, to deny access to the object a, and wherein the. 16. A request for access to an object on a distributed network system in which one or more object servers for providing the object and an access management server for managing access to the object are connected via a network. Client (where the access management server has the commutative one-way function f
Shall provide), (a) access identifier a and the first authorization information P ₁ (N-1) th access key akey _N-1 for an object A that received the respective authorization information P _1, P _2, ..., means for receiving the P _N-1, (b) means for generating a first N of the authority information P _N, (c) the N-th permission information P _N and the N-1 of the access key akey Applying a commutative one-way function to _N−1 , the N-th access key a
means for generating key _N = f (P _N , key _N-1 );
(D) the authorization information P ₁ to the N of the access key akey _N, P _2, ..., along with the P _N-1, requesting access to an object A, other N-th access key akey _N Means for delegating to the object client or requesting revocation of the _Nth access key akey _N ;
An object client comprising: