JP2003198756A - Information processor with dial-up restricting function - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To increase security and to reduce management man-hour and expenditure, etc., by preventing illegal access which is of no concern to conducting a job. <P>SOLUTION: A terminal 1 includes a telephone number check part 1b, obtains a data stream transmitted from a Com port 1c when performing access to an access point by dial-up and compares a telephone number obtained from the data stream with the telephone number which is previously registered in a telephone number register book 1d. When the telephone number which is not registered in the register book is detected, an alarm message is displayed in the display part of the terminal equipment 1. At the same time the Com port is temporarily closed by a telephone number detecting program and the access is restricted. Besides it is reported that access is illegally performed to the server 2 of an operation manager by a mail, etc., via a modem. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention can prevent access to an access point unrelated to business execution from a terminal device such as a personal computer distributed for business.
In addition, the present invention relates to an information processing apparatus having a dial-up prevention function that can reduce the number of steps required for managing the usage status of terminals such as personal computers and the like, and can reduce costs and the like.

[0002]

2. Description of the Related Art Due to the spread of the Internet in recent years, the Internet has come to be used in various businesses. In companies such as service industry and insurance industry, personal computers and PDAs are distributed to each employee. The Internet is actively used to improve work efficiency. However, it is desirable for employees to use terminals such as personal computers distributed for business purposes and connect to access points unrelated to their business (hereinafter, such use is referred to as unauthorized access) for purposes other than the original business. Not that. Normally, when trying to connect to an access point from a terminal device such as a personal computer, it is not possible to check whether or not the access to the access point is proper.
For example, by checking a telephone number such as a statement of telephone charges, the illegal access by the employee is monitored and the access destination from the terminal is investigated.

[0003]

Conventionally, the above-mentioned unauthorized access or the like was investigated from the telephone number of the telephone bill as described above, but the processing is complicated, and the delay and omission of check are caused. There was a problem such as the occurrence. Also,
If the number of users of personal computers and the like is large, the amount of processing increases accordingly, and there is a problem in terms of cost. The present invention has been made in view of the above circumstances, and the present invention enables a calling side to warn a user or notify an operation manager of unauthorized access, thereby preventing unauthorized access. , The purpose is to strengthen security and reduce management man-hours and expenses.

[0004]

According to the present invention, before connecting to an access point unrelated to business execution, a warning is issued to the user and a notice is given to the operation manager to prevent unauthorized access. To prevent. That is, as shown in FIG. 1, when a dial-up call is made, the telephone number of the access point is acquired from the com port (Com port), and the telephone number of the acquired access point and the telephone number registered in advance in the telephone directory are registered. And match
When the acquired access point telephone number is different from the registered telephone number, a warning is issued to the user and the access is suppressed. When an unauthorized access is made, the user name and the access point telephone number are notified to the operation manager by e-mail. As described above, before connecting to an unauthorized access point, a warning is issued, the access is suppressed, and the operation administrator is notified, so unauthorized access can be prevented in advance. The operation manager can always monitor unauthorized access. Further, the present invention can be configured as follows. (1) In the above, when unauthorized access exceeds the specified number of times, dial-up access is locked to all access points or access points other than a specific access point. To do. (2) In the above (1), lock releasing means for releasing the lock is provided, and the lock releasing means is activated from the server of the operation manager to release the lock and restore the dial-up ready state. (3) In the above (1), lock releasing means for releasing the lock is provided, and the releasing means is activated by the password issued by the operation manager to release the lock and restore the dial-up ready state. As described above, when unauthorized access exceeds the specified number of times, it is possible to lock access to all access points or access points other than a specific access point by dialup It is possible to prevent illegal access more effectively. Also, a means for releasing the lock is provided,
By entering the password issued by the administrator or starting the above unlocking means from the server of the operation administrator to unlock, the user can unlock without permission and unauthorized access It can be prevented from doing. (4) A means for storing a dial-up history including an access point accessed and a date and time is provided, and the dial-up history is notified to the operation manager by mail together with the user name. (5) In the above (4), a measuring means for measuring the time during which each access point is accessed is provided, and the time measured by the measuring means is stored as a dial-up history. By notifying the operation manager of the dial-up history as described above, the operation manager can easily grasp the access status to the access point. (6) In the above, at the start of use, unless the operation manager inputs the password issued to the user based on the authentication of the user, the access by dial-up is kept disabled. (7) When an unauthorized access is made, the dial-up access is disabled and the access-disabled status is registered in the dial-up registry. As a result, even if the dial-up program is reinstalled, the access by the dial-up can be kept in an inaccessible state, and it is possible to prevent the user from arbitrarily releasing the lock.

[0005]

DESCRIPTION OF THE PREFERRED EMBODIMENTS FIG. 1 is a diagram for explaining the outline of the present invention. In FIG. 1, reference numeral 1 is a terminal device such as a personal computer or PDA, and the terminal device 1 is connected to an Internet line via a modem 1a, and dial-up from a dial-up processing unit 10 allows access points such as a provider or an operation manager. The server 2 can be accessed. It is also possible to connect to the server 2 of the operation manager via a LAN card and a dedicated line such as a LAN. The terminal 1 is provided with a telephone number check unit 1b, and when the access point is accessed by dialing up, the Com port (hereinafter referred to as the Com port) 1c is opened immediately after the Com port 1c is opened.
Obtain the data string sent from the phone number directory 1d
Compare with the telephone number registered in advance. Then, when a telephone number that is not registered in the telephone number register is detected, a warning message that "access is impossible" is displayed on the display unit of the terminal device 1. At the same time, the Com port 1a is temporarily closed to prevent the access. Furthermore, the fact that there has been an unauthorized access to the server 2 of the operation manager is notified by e-mail or the like via the modem. As a result, it is possible to prevent unauthorized access to the terminal device 1 in advance.

The dial-up processing unit having the dial-up suppressing function provided in the terminal device 1 will be described below. Note that the processing described below can be realized by software, and programs and data for performing the following processing are stored in a hard disk or the like provided in the terminal device, and at the time of execution, the programs and the like are stored in a memory. The following processing is performed. FIG. 2 is a diagram showing the functional configuration of the dial-up processing unit according to the first embodiment of this invention.
In the figure, 10 is a dial-up processing unit of this embodiment, and 11 is a dial-up unit for accessing an access point of a provider or the like by dial-up in response to a request from an application or the like. The telephone number or the like transmitted from the dial-up unit is transmitted to the outside via the Com port 11a. 12 is a data acquisition unit,
The data string sent from the Com port 11a is acquired and sent to the telephone number check unit 13. The telephone number check unit 13 compares the telephone number acquired by the data acquisition unit 12 with the telephone number registered in the telephone number register 18 in advance. Then, if the telephone number called from the dial-up unit 11 is registered in the telephone number register 18, the calling is permitted. FIG. 3A shows an example of the telephone number register. As shown in the figure, in the telephone number register, access point names (AP
Name) and its telephone number are registered, and calling to the telephone number registered in this telephone number register is permitted. Further, the telephone number for accessing the server of the operation manager is also registered in this telephone number register. The telephone number register 18 is incorporated in advance in the dial-up processing unit of this embodiment, and is protected so that the user cannot change its contents.

The telephone number is the telephone number register 18
If it is not registered in the phone number check section 13
Notifies the transmission inhibiting unit 14 to that effect. Call suppression unit 14
When the telephone number check unit 13 gives the above notification, C
The access is suppressed by temporarily closing the om port 11a. In addition, a warning message "Inaccessible" is displayed to the user on the screen display portion 31a of the display device of the console device 31. Further, the mailer activation unit 15 activates the mailer 32 to notify the operation manager of the user name, the telephone number of the call destination, etc. by e-mail. On the other hand, the telephone number, the access point name, etc. acquired by the data acquisition unit 12 are the user name, the date, the
It is registered in the dial-up history book 17 together with the connection destination access point name. The usage time measuring unit 16 is
The time from the opening of the port 11a to the closing of the port 11a is measured, and the connection start time, end time, etc. are registered in the dial-up history list 17. FIG. 3B shows a configuration example of the dial-up history record. As shown in the figure, in the dial-up history record, the name of the user who has accessed the access point, the access point name (AP name), the start time, the end time, the use time, etc. are registered. The phone number, access point name, connection start time, connection end time, etc. registered in the dial-up history list 17 are mailer 32.
The operation manager is regularly notified by e-mail via. An authentication unit 19 authenticates the user with a password or the like input from the input unit 31b of the console device 31.

Next, the operation for enabling the dial-up after mounting the dial-up processing unit of this embodiment and the processing at the time of dial-up will be described. When the dial-up processing unit is installed in a terminal device such as a personal computer, the connection function to the access point is disabled except for sending an e-mail to the operation manager. When the user first uses the dial-up function, the display device 31a of the console device 31 displays a message requesting the input of the mail account assigned to each individual and the transmission of an electronic mail to the operation manager. When the user inputs an email account and sends an e-mail to the operation administrator with the user name, user affiliation, etc., the operation administrator will check the mail account, email user name, affiliation Based on the above, the authenticity of the user is confirmed, and the password is notified to the user by e-mail. When the user inputs this password, the authentication unit 19 validates the connection to the access point by the dial-up processing unit.

FIG. 4 is a flow chart showing the processing at the time of dial-up in this embodiment, and the processing at the time of dial-up will be described below with reference to FIG. When the dial-up unit 11 accesses the access point, the data acquisition unit 12 acquires a telephone number or the like from the data string transmitted from the Com port 11a (step S1). The telephone number check unit 13 compares the acquired telephone number with the telephone number registered in the telephone number register 18 (step S2) and determines whether the telephone numbers match (step S3). When the called telephone number is the number registered in the telephone number register 18, the access to the access point of the called telephone number is permitted (step S4). The usage time measuring unit 16 measures the connection time to the access point, registers the connection date and time, the connection time, the access point telephone number, the access point name, etc. in the dial-up history list 17 (step S5), and ends the processing. To do. When the called telephone number is not the number registered in the telephone number register 18, the access is suppressed by forcibly closing the Com port 11a (step S6). Further, a display indicating that access is not possible is displayed on the display unit 31a of the console device 31 (step S7). Further, the user name, the telephone number to be accessed, etc. are notified to the operation manager by e-mail (step S8).

As described above, according to the present embodiment, when the called telephone number is not the number registered in the telephone number register 18, the calling can be suppressed, so that unauthorized access is prevented. Can be prevented. When an unauthorized access is made, the operation administrator is notified by e-mail of the user name, the telephone number of the caller, etc., so the operation administrator can always monitor the unauthorized access. Is. Further, since the dial-up history is periodically notified to the operation manager by e-mail, the operation manager can easily grasp the usage status of the terminal device and the like.

Next, a second embodiment of the present invention will be described. FIG. 5 is a diagram showing a functional configuration of the present embodiment, and this embodiment is provided with a function of locking access by dial-up to an inaccessible state when unauthorized access is made a plurality of times. The functional configuration of the dial-up processing unit of the present embodiment is the same as that shown in FIG. 2 except that the modem lock unit 20, the fraud count storage unit 21, the invalidation threshold storage unit 22, and the lock for unlocking the modem are unlocked. The release unit 23 is provided, and the other functional configurations are the same as those shown in FIG. In the figure, as described above, when the access point is accessed, the data acquisition unit 12 acquires the data string sent from the Com port and sends it to the telephone number check unit 13. When the telephone number called from the dialup unit 11 is registered in the telephone number register 18, the telephone number check unit 13
The call is permitted as described above.

If the telephone number called by the dial-up unit 11 is not registered in the telephone number register 18, the telephone number check unit 13 determines that the call inhibition unit 14 and the fraud count storage unit 21 are not accessed. Notify that there was. Upon receiving this notification, the call origination suppression unit 14 suppresses access by temporarily closing the Com port 11a. In addition, a warning message to the effect that "access is not possible" is displayed to the user on the screen display unit 31 of the display device of the terminal, and the mailer activation unit 15 activates the mailer 32 to notify the operation manager of the electronic mail. User name by email,
Notify the telephone number of the call destination. The fraud count storage unit 21 stores "0" as an initial value, and when the telephone number check unit notifies that there is a fraudulent access as described above, the fraud count storage unit 21 determines that the fraud count is Count up only one. The invalidation threshold value storage unit 22 stores the invalidation threshold value shown in FIG.
The modem lock unit 20 compares the fraud count stored in the fraud count storage unit 21 with the invalidation threshold value. If the fraud count is smaller than the invalidation threshold value, the modem lock unit 20 does not lock the modem. . In this state, the user can access the access points registered in the telephone number register 18. Further, the telephone number, access point name, etc. acquired by the data acquisition unit 12 are registered in the dial-up history list 17 together with the user name, date and time, and connection destination access point name, as described above. Also,
The usage time measuring unit 16 measures the time from the opening of the Com port 11a to the closing of the Com port 11a, and registers the connection start time, the end time, etc. in the dial-up history list 17. The telephone number, access point name, connection start time, connection end time, etc. registered in the dial-up history list 17 are periodically notified to the operation manager by e-mail via the mailer 32.

Here, when a call (unauthorized access) to a telephone number that is not registered in the telephone number register is made again, the telephone number check unit indicates in the unauthorized number storage unit 21 that there is an unauthorized access. Notify the fraud count storage unit 21
Increments the fraud count by one. Each time the unauthorized access is performed, the number of frauds in the fraud count storage unit 21 is incremented by one, and when the count value in the fraud count storage unit 21 reaches the number stored in the invalidation threshold storage unit 22. The fraud count storage unit 21 notifies the modem lock unit 20 that the fraud count has exceeded the invalidation threshold value. As a result, the modem lock unit 20 locks the dial-up access to an impossible state except for the above-mentioned operation manager's access to the server. Specifically, for example, the access can be locked in an inaccessible state as follows. (1) Delete the other telephone numbers from the telephone number register 18 except the telephone number for the operation manager. (2) Forcibly close the Com port 11a, and then
Prevent access to the access point. (3) Keep the modem error signal ON so that the modem does not operate. (4) Change the program name in the dialup section to make it impossible to connect to the access point. In the cases of (2) to (4) above, when the operation manager is accessed, it is possible to access the operation manager by opening the Com port or turning off the error signal of the modem. Keep it in a state. In order to unlock the lock, the user must unlock the lock by obtaining a password or the like from the operation manager and activating the unlock unit 23, as described later.

When the unauthorized access is made, the fact that the unauthorized access has been made is registered in the registry of the dialup processing section. As a result, even if the program for dial-up processing is reinstalled thereafter, it will not function properly. In addition, a warning message to the effect that the dial-up function has been disabled is displayed to the user on the screen display section 31a of the console device 31, and the mailer activation section 15 activates the mailer 32 for operation. Notify the administrator by e-mail that the user name, the telephone number of the call destination, and that the dial-up function has been disabled.

Next, the operation for enabling the dial-up after mounting the dial-up processing unit of this embodiment and the processing at the time of dial-up will be described. The operation for enabling dial-up after mounting the dial-up processing unit of this embodiment is the same as that of the first embodiment. As described above, the dial-up processing unit is mounted on a terminal device such as a personal computer. At that time, the connection function to the access point is disabled except for the transmission of the e-mail addressed to the operation manager. Then, as described above, when the user inputs the password acquired from the operation manager, the authentication unit 19 validates the connection to the access point by the dial-up processing unit.

Next, the processing in the dial-up processing section of this embodiment will be described with reference to the flowchart of FIG. When the dial-up unit 11 accesses the access point, the data acquisition unit 12 displays
The data string transmitted from the port 11a acquires a telephone number or the like (step S1). The telephone number check unit 13
The acquired telephone number is compared with the telephone number registered in the telephone number register 18 (step S2), and it is determined whether the telephone numbers match (step S3). When the called telephone number is the number registered in the telephone number register 18, the access to the access point of the called telephone number is permitted (step S4). Usage time measuring unit 16
Measures the connection time to the access point, registers the connection date and time, the connection time, the access point telephone number, the access point name, etc. in the dial-up history list 17 (step S5), and ends the processing. If the called telephone number is not the number registered in the telephone number register 18, the fraud count storage unit 21 adds 1 to the fraud count C (step S6). The initial value of C is set to 0 when the dial-up processing unit is first activated. Then, the access is suppressed by temporarily closing the Com port 11a (step S7). In addition, a display indicating that access is not possible is displayed on the display unit of the terminal device (step S8). Further, the user name, the telephone number to be accessed, etc. are notified to the operation manager by e-mail (step S9). Further, it is checked whether or not the number of times of fraud C has reached the threshold value stored in the invalidation threshold value storage unit 22 (step S10), and if not, the process is terminated. When the fraud count C reaches the above-mentioned threshold value, as described above, the access to the access point is locked by dial-up (step S11), and it is confirmed that the registry of the dial-up processing unit has been fraudulently accessed. Register (step S12).

When the number of unauthorized accesses exceeds the invalidation threshold value and the dial-up connection is locked as described above, this lock can be released by activating the lock releasing unit 16. FIG. 7 is a flowchart showing a processing procedure of the lock release. When the unauthorized access is performed a plurality of times and the access point is locked by the dial-up so that the access cannot be performed, the user or the like accesses the server of the operation manager and requests the unlock (step S1). The operation manager issues a password for unlocking, when the accessed one has the authority to unlock (step S).
2). The user or the like acquires the password through the Internet or the like (step S3) and inputs the acquired password. The authentication unit 19 shown in FIG. 5 confirms this password, and when a proper password is input, activates the lock release unit 23 to release the lock. As a result, it becomes possible to access the access point by dialing up again. The unlocking may be performed by activating the unlocking unit 23 from the server of the operation manager via the LAN or the like, for example.

As described above, in the present embodiment, when the called telephone number is not the number registered in the telephone number register 18, the calling can be suppressed and unauthorized access can be prevented. can do. In particular, when the unauthorized access is performed a plurality of times, the access to the access point by dial-up is locked in an impossible state, so that the unauthorized access can be prevented more effectively. In addition, the fact that the access point was locked in an inaccessible state was registered in the registry, and even if the dial-up process was reinstalled, the dial-up function did not work properly. Can be blocked. Further, as in the first embodiment, when an unauthorized access is made, the operation manager is notified of the user name, the telephone number of the call destination, etc. by an e-mail. It is possible to constantly monitor access. Further, since the dial-up history is periodically notified to the operation manager by e-mail, the operation manager can easily grasp the usage status of each terminal device. In the first and second embodiments, the case where the operation manager's server is accessed via the Internet has been described. However, the operation manager's server is accessed via, for example, a LAN. May be.

[0019]

As described above, according to the present invention, when the called telephone number is not the number registered in the telephone number register, the user is warned and the calling is suppressed. Since this is done, it is possible to prevent unauthorized access in advance. Further, since the operation manager is notified when the unauthorized access is made, the operation manager can constantly monitor the unauthorized access. Furthermore, the telephone number, access point name, connection start time, end time, etc. are registered in the dial-up history list, and the operation manager is notified by e-mail on a regular basis. It is possible to easily understand the access status and the like. Therefore, it is possible to enhance security and reduce management man-hours and expenses. Especially in recent years, in the service industry and insurance industry, for personal use
PCs are distributed and connected to related access points as a part of business, but by using the present invention in such cases, it is possible to automatically acquire usage history and reduce operating costs. .

[Brief description of drawings]

FIG. 1 is a diagram illustrating an outline of the present invention.

FIG. 2 is a diagram showing a functional configuration of a dialup processing unit according to the first embodiment of this invention.

FIG. 3 is a diagram showing a configuration example of a telephone number register, a dial-up history list, and an invalidation threshold value storage unit.

FIG. 4 is a flowchart showing a process at dial-up in the first embodiment.

FIG. 5 is a diagram showing a functional configuration of a dialup processing unit according to a second embodiment of the present invention.

FIG. 6 is a flowchart showing a process at dialup in the second embodiment.

FIG. 7 is a flowchart showing a processing procedure for unlocking.

[Explanation of symbols]

Terminal equipment such as 1 PC or PDA 2 Operation manager's server 10 Dial-up processing section 11 Dial-up section 11a Com port 12 Data acquisition section 13 Telephone number check section 14 Call suppression section 15 Mailer activation part 16 Usage time measurement unit 17 Dial-up history book 18 telephone number register 19 Authentication Department 20 Modem lock part 21 Fraud memory section 22 Invalidation threshold storage unit 23 Unlocking unit 31 console device 31a screen display section 32 Mailer

Claims (10)

[Claims] 1. A method for acquiring a telephone number of an access point when dialing up a call, a means for collating the acquired access point's telephone number with a pre-registered telephone number, and the acquired access point's telephone. If the number is different from the registered telephone number, a warning means is issued to the user to suppress the access, and if the acquired access point's telephone number is different from the registered telephone number, the above An information processing apparatus having a dial-up suppressing function, comprising: a notification means for notifying an operation manager of a user name and a telephone number of the access point by e-mail. 2. A means for acquiring the telephone number of the access point, a means for matching the telephone number of the acquired access point with a previously registered telephone number, and a means for collating the telephone number registered in advance when dialing up. When the phone number is different from the registered phone number, a suppression means to warn the user and suppress the access, and the number of times the acquired access point's phone number is different from the registered phone number And a lock that locks access to all access points or access points other than a specific access point by dial-up when the number of counts exceeds the specified number. And the telephone number of the access point obtained above is different from the registered telephone number. That the case, the information processing apparatus having a dial-up suppression function, characterized in that the telephone number of the user name and the access point, and a notifying means for notifying in email operations manager. 3. A state in which a release means for releasing the lock by the lock means is provided, and when the access by dial-up becomes impossible, the lock by the lock means is released from the server of the operation manager to enable dial-up. An information processing apparatus having a dial-up suppressing function according to claim 2, wherein the information processing apparatus recovers the information. 4. The lock means is provided with a release means for releasing the lock by the lock means, and when the access by dial-up becomes impossible, the lock means is activated by a password issued by an operation manager. 3. The information processing apparatus having a dial-up suppressing function according to claim 2, wherein the lock by the key is released to restore the dial-up enabled state. 5. A means for storing a dial-up history consisting of an access point accessed, a date and time, etc., and a means for notifying the operation manager by e-mail of the dial-up history together with a user name. An information processing apparatus having a dial-up suppressing function according to any one of items 1, 2, 3, or 4. 6. The dial-up suppressing function according to claim 5, further comprising: a measuring unit that measures a time during which each access point is being accessed, and the time measured by the measuring unit is stored as a dial-up history. Information processing equipment. 7. A means for keeping access by dial-up disabled unless the operation manager inputs a password issued to the user based on the user's authentication at the start of use. Items 1, 2, 3,
An information processing device having the dial-up suppressing function according to claim 4, 5, or 6. 8. The lock means disables dial-up access, registers the inaccessible state in the dial-up registry, and even if the dial-up program is reinstalled, dial-up 4. A function for making access inaccessible is provided.
An information processing apparatus having the dial-up suppressing function according to claim 4, 5, or 6. 9. A dial-up suppressing program for controlling connection to an access point by dial-up, wherein the program obtains a telephone number of the access point when dial-up is called and a telephone number of the acquired access point. And a process of collating with a pre-registered telephone number and a process of issuing a warning to the user and suppressing the access when the obtained access point's telephone number is different from the registered telephone number, If the acquired access point's phone number is different from the registered phone number, the computer should be notified of the user name and the access point's phone number by email. A feature dial-up suppression program. 10. A dial-up deterrent program for controlling connection to an access point by dial-up, wherein the program acquires a telephone number of the access point when dial-up is called, and a telephone number of the acquired access point. And a process of collating with a pre-registered telephone number, and a process of issuing a warning to the user and suppressing the access when the obtained access point's telephone number is different from the registered telephone number, The process of counting the number of times the acquired access point's telephone number differs from the registered telephone number, and when the number of counts exceeds the specified number, access to all access points or specific access For access points other than points, dial-up access If the acquired access point's phone number is different from the registered phone number, email the above user name and access point's phone number to the operation administrator. A dial-up prevention program that causes a computer to execute a notification process.