Abstract: A data transfer tool is a data transfer support system that collectively acquires data that is managed in a plurality of tables that have been stored on a transfer source service DB, and works in cooperation with a data migration service for performing a transfer, wherein the data transfer support system includes a data storage unit that executes storage processing to sequentially store data that is sequentially output by the data migration service based on acquisition from the transfer source service DB on a transfer-use DB; a processing target data acquisition unit that acquires data from the transfer-use DB; a transfer processing unit that, in the case in which the data that has been acquired satisfies a condition, performs registration processing for transferring the data to a transfer destination cloud service DB; and a data re-registration unit that, in the case in which the data that has been acquired does not satisfy the condition, re-registers the data to the transfer-use DB.

Abstract: A management system for managing a data transmission destination comprises an accumulation unit configured to accumulate, when data transmission is performed, transmission information of the data transmission as collected data; a generation unit configured to generate training data including a pair of ground truth data containing transmission destination information, and input data containing an item other than the transmission destination information, from the collected data accumulated in the accumulation unit; a processing unit configured to generate, by machine learning, a learning model to be used to predict a transmission destination, by using the training data generated by the generation unit; and a providing unit configured to provide a prediction process using the learning model in response to a request.

Abstract: A service system includes a determining unit configured to determine an API-execution-count limiting value per virtual server on a basis of the number of the virtual servers on which a web service is implemented and an API-execution-count limiting value, and a controller configured to provide the web service or to process the call of the API as an error whether the number of times the API has been executed exceeds the API-execution-count limiting value.

Abstract: A management system for managing a data transmission destination comprises an accumulation unit configured to accumulate, when data transmission is performed, transmission information of the data transmission as collected data; a generation unit configured to generate training data including a pair of ground truth data containing transmission destination information, and input data containing an item other than the transmission destination information, from the collected data accumulated in the accumulation unit; a processing unit configured to generate, by machine learning, a learning model to be used to predict a transmission destination, by using the training data generated by the generation unit; and a providing unit configured to provide a prediction process using the learning model in response to a request.

Abstract: If a plurality of services in the same domain is provided as a plurality of subdomains when a cookie is used in web service, the cookie with a domain scope for a subdomain may not be shared by the services. Meanwhile, if the domain scope is equivalent to the overall domain, a cookie may be obtained for service unavailable for a user, which may disadvantageously reduce security. The authentication server receives access to the server from a terminal and confirms whether the terminal has an authorization to use the services provided by the subdomains in the same domain. If the terminal has the authorization, a cookie is issued with a scope of use for the subdomains to the terminal. If the terminal does not have the authorization, a cookie is issued with a scope of use for the subdomain of the authentication server to the terminal.

Abstract: A service system includes a determining unit configured to determine an API-execution-count limiting value per virtual server on a basis of the number of the virtual servers on which a web service is implemented and an API-execution-count limiting value, and a controller configured to provide the web service or to process the call of the API as an error whether the number of times the API has been executed exceeds the API-execution-count limiting value.

Abstract: There is a method of generating a token required to transfer an access authority to a cooperating system to a cooperation asking system. In this method, a refresh token is issued to update a token without confirmation to a user after a valid period of a token has expired. When information which is required to update a token is leaked, an unintended system updates a token, and the cooperating system is illicitly used. For this reason, a unit for invalidating the leaked refresh token is required. An access management service stores a refresh token issued at the time of first authorization processing linked to tokens re-issued when a series of token is issued using refresh tokens. Then, upon designation of the refresh token issued first, all refresh tokens linked to the refresh token issued first are invalidated.

Abstract: When authentication processing is performed without requesting a user to input authentication information and receiving the authentication information in response to authentication processing performed in another authentication server system having successfully been performed, a notification is not issued to a terminal to be operated by the user.

Abstract: An access management service system that manages use of a service provided by a resource service system, comprises: a holding unit which holds information of a user and information of a client system in a storage unit; a determination unit which, if an authorization request for use of the service is received from the client system due to an instruction from a user having authority to use the service, determines whether a group to which the user belongs and a group to which the client system belongs match based on the information held in the storage unit; and a presentation unit which, if the determination unit determines that the groups match, presents, to the user, a screen for instructing whether or not to permit delegation of the authority of the user to the client system.

Abstract: When authentication processing is performed without requesting a user to input authentication information and receiving the authentication information in response to authentication processing performed in another authentication server system having successfully been performed, a notification is not issued to a terminal to be operated by the user.

Abstract: In a multitenant service, security of the entire service is guaranteed by logically separating data for each tenant, and performing control to prevent access to data of another tenant. In an operation of the multitenant service, there are some special cases in which an access to data of another tenant becomes necessary. Further, processing executable across tenants needs to be subjected to restrictions on an executor of the processing and a processing target in addition to restrictions on a processing content. In data access control of the multitenant service, a control operation to determine whether processing is executable across tenants for each API and a control operation to determine whether processing is executable across tenants according to tenant categories of the executor and the processing target are performed.

Abstract: A print server comprises: unit configured to acquire an owner name of a user for specifying the user in an output apparatus, the owner name being set in advance in correspondence with user information of the user who issues the print instruction in the print server and being to be set in a print job to be processed by the output apparatus; and unit configured to, when the acquisition unit has acquired the owner name, generate a print job in which the acquired owner name is set as an owner name of the print job, and when the owner name has been neither set nor acquired, generate a print job in which a user name designated in the user information of the user in the print server is set as the owner name of the print job.

Abstract: An access management service system that manages use of a service provided by a resource service system, comprises: a holding unit which holds information of a user and information of a client system in a storage unit; a determination unit which, if an authorization request for use of the service is received from the client system due to an instruction from a user having authority to use the service, determines whether a group to which the user belongs and a group to which the client system belongs match based on the information held in the storage unit; and a presentation unit which, if the determination unit determines that the groups match, presents, to the user, a screen for instructing whether or not to permit delegation of the authority of the user to the client system.

Abstract: There is a method of generating a token required to transfer an access authority to a cooperating system to a cooperation asking system. In this method, a refresh token is issued to update a token without confirmation to a user after a valid period of a token has expired. When information which is required to update a token is leaked, an unintended system updates a token, and the cooperating system is illicitly used. For this reason, a unit for invalidating the leaked refresh token is required. An access management service stores a refresh token issued at the time of first authorization processing linked to tokens re-issued when a series of token is issued using refresh tokens. Then, upon designation of the refresh token issued first, all refresh tokens linked to the refresh token issued first are invalidated.

Abstract: In a multitenant service, security of the entire service is guaranteed by logically separating data for each tenant, and performing control to prevent access to data of another tenant. In an operation of the multitenant service, there are some special cases in which an access to data of another tenant becomes necessary. Further, processing executable across tenants needs to be subjected to restrictions on an executor of the processing and a processing target in addition to restrictions on a processing content. In data access control of the multitenant service, a control operation to determine whether processing is executable across tenants for each API and a control operation to determine whether processing is executable across tenants according to tenant categories of the executor and the processing target are performed.

Abstract: A print server comprises: unit configured to acquire an owner name of a user for specifying the user in an output apparatus, the owner name being set in advance in correspondence with user information of the user who issues the print instruction in the print server and being to be set in a print job to be processed by the output apparatus; and unit configured to, when the acquisition unit has acquired the owner name, generate a print job in which the acquired owner name is set as an owner name of the print job, and when the owner name has been neither set nor acquired, generate a print job in which a user name designated in the user information of the user in the print server is set as the owner name of the print job.