US 11,818,132 B2
Authorized access list generation method and information security system using same
Mao-Hung Cheng, New Taipei (TW); Yu-Jui Cheng, New Taipei (TW); Shih-Chan Huang, New Taipei (TW); Tong-Bo Su, New Taipei (TW); and Shih-Ming Hu, New Taipei (TW)
Assigned to QNAP SYSTEMS, INC., New Taipei (TW)
Filed by QNAP SYSTEMS, INC., New Taipei (TW)
Filed on Jan. 4, 2021, as Appl. No. 17/140,929.
Claims priority of application No. 109135765 (TW), filed on Oct. 15, 2020.
Prior Publication US 2022/0124095 A1, Apr. 21, 2022
Int. Cl. G06F 7/04 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/101 (2013.01) [H04L 63/083 (2013.01); H04L 63/0876 (2013.01)] 6 Claims
OG exemplary drawing
 
1. An authorized access list generation method for controlling at least one network service request of at least one user device having an internet protocol (IP) address in a network service system, the network service system having an authentication and authorization server and at least one network service providing device, the method including:
registering, by the at least one network service providing device registering for an authorized access list notification service with the authentication and authorization server to obtain a current content of an authorized access list provided by the authentication and authorization server, the authorized access list including at least one authorization related record of at least one said user device to be allowed access, and each said authorization related record including a user identification (ID), an authorized device ID, a network service providing device ID, and an updatable IP address;
logging into the authentication and authorization server, by a legitimate user device of the at least one user device logging into the authentication and authorization server by outputting one said user ID to the authentication and authorization server, and directly sending an access request to a target device of the at least one network service providing device after logging into the authentication and authorization server, and continuing to provide a currently used IP address and a device ID to the authentication and authorization server to update the updatable IP address and the authorized device ID in a corresponding said authorization related record, the authorization and authentication server automatically updating the authorization related record for the at least one registered network service providing device, enabling the legitimate user device to access the network service providing device even after the legitimate user device switches to a different IP address, and continuously tracking IP addresses used by the legitimate user devices to adaptively update the content of the authorized access list; and
comparing, by the target device comparing the updatable IP address, stored in each said authorization related record of one said authorized access list provided by the authentication and authorization server, with the currently used IP address of one said user device sending an access request to the target device, and rejecting the access request if each said comparison operation produces a not-matched result.