Access control system, communication terminal, server, and access control method

摘要

Terminal certification means of a communication terminal manages a content and certification information on the content in association with each other. Upon access to a server associated with the execution of the content, request means sends the server a request including certification information associated with the content. In response to the request from the communication terminal, the server uses server certification means to certify the request. Access control means performs access control based on policy information stored in policy information storage means.

主权项

1. An access control system, comprising:
a communication terminal connected to a server through a communication network, wherein: the communication terminal comprises: a certificate storage section which stores an electronic certificate that is identical with an electronic certificate managed in the server; and an additional certificate storage section which stores separate from the certificate storage section, an electronic certificate added by the communication terminal; and a terminal certification unit which executes a certification process on a content using an electronic certificate added to the content and managing, in association with each other, the content certified in the certification process and certification information on the content as information based on the electronic certificate to indicate that the content is certified in the certification process; and a verification unit, upon accessing the server, which verifies whether the electronic certificate used in the certification process for the content matches the electronic certificate stored in either one of the certificate storage section and the additional certificate storage section; and a request unit which, when the verification unit determines that the electronic certificate used in the certification process matches the predetermined electronic certificate stored in the certificate storage section or the additional certificate storage section, sends the server a request including the certification information on the content and requested content information indicative of a process requested of the server, and the server comprises: a policy information storage unit which prestores policy information indicating whether to execute the process according to the request based on the certification information and the requested content information included in the request sent from the communication terminal; a server certification unit which performs certification again by certifying the request based on the certification information included in the request sent from the communication terminal; an access control unit which, when the server certification unit certifies the request, decides on whether to execute the process indicated by the requested content information based on the policy information stored in the policy information storage unit, and the certification information and the requested content information included in the request; and a process execution unit executes the process when the access control unit decides to execute the process indicated by the requested content information, and wherein when the electronic certificate indicated by the certification information included in the request matches an electronic certificate prestored in storage unit, the server certification unit certifies the request.