JP2013045384A - Access control system and access control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an access control system and an access control program which can maintain security and also properly set an access right to saved contents.SOLUTION: An access control system comprises at least: a storage unit which stores a content; an access right setting support unit which determines whether a user notified of a storage destination of the content has an access right to the content, when the user does not have the access right, determines confidentiality of the content according to predetermined conditions, and when it is determined that the content is not highly confidential, sets the user with a temporary access right to the content; and a service unit which allows the user set with the access right or temporary access right to the content to browse the content.

Description

  The present invention relates to an access control system and an access control program, and more particularly to an access control system and an access control program for controlling access to stored content.

  From the viewpoint of security protection and mail server load reduction, instead of attaching content such as files to email, place content on a content management server such as SharePoint and send a URL (Uniform Resource Locator) indicating the storage location of the content to the email Increasingly, the method of notifying on the Internet is increasing.

  Regarding access to content stored in such a server, for example, in Patent Document 1 below, the document management system sets an access right for each document stored in the document management server and accesses the document. A document management program that functions as a restricted document management unit and a mail transmission / reception unit that performs mail delivery processing. The mail transmission / reception unit analyzes a received mail and stores a document stored in a document management server. If the document identifier indicating the storage location is included, when the document identifier is extracted from the mail by the mail analysis unit for extracting the document identifier and the mail analysis unit, the document identifier and the mail from which the mail is transmitted The address and the destination mail address are transmitted to the document management unit that controls the document management server indicated by the document identifier, and the access is made. Function as an access right setting requesting unit that requests to perform a right setting process, and the document management unit stores in advance the source mail address and destination mail address transmitted from the mail transmitting / receiving unit. A user ID conversion unit that converts the user ID into a user ID for access control in the document management server with reference to the conversion table, and a document indicated by the document identifier transmitted from the mail transmission / reception unit is converted into the user ID conversion procedure. A configuration that functions as an access right setting unit that sets an access right so that the owner of the converted user ID can access is disclosed.

  Japanese Patent Application Laid-Open No. 2004-151688 discloses a shared file access management method in a shared file access management system that manages access to a shared file, and shows a condition for granting access authority to the shared file accessed by the URL in the mail. The processing device stores the file access authority granting condition in the storage device, and when the mail is transferred, the processing device reads the shared file access authority granting condition of the shared file accessed by the URL in the mail from the storage device. A shared file access management method is disclosed in which when a destination corresponding to the read shared file access authority granting condition is a user corresponding to the read shared file access authority granting condition, the user is given access authority to the shared file.

  Patent Document 3 listed below discloses a data processing device having a user authentication function, which is an authentication means for authenticating a first user who has authority to use the data processing device, and the data to be given to a second user. A display means for displaying a setting screen for temporary use authority of the processing device; and a temporary setting of the data processing device within a range set by the first user authenticated by the authentication means via the setting screen. And a granting means for granting a specific usage right to the second user.

JP 2008-40830 A JP 2008-262293 A JP 2006-235757 A

  In this way, by notifying the URL indicating the storage location of content such as a file by e-mail, the user who has received the e-mail can access the URL and view the content, but the access right to the content is set. , Not all email recipients can view the content. Also, when there are users who cannot browse, there are various reasons why they cannot browse, so it is difficult for the sender / receiver of email to determine how to deal with the content so that it can be browsed. Each time an inquiry is made to the administrator, the burden on the mail sender / receiver and the administrator increases.

  To solve this problem, it is possible to set the content stored in the URL described in the e-mail so that all the e-mail recipients can read it unconditionally. When this occurs, there is a possibility that a third party may view the content, and thus there is a problem that security cannot be ensured.

  In addition, this problem is not limited to notifying the storage location of the content by e-mail, but for any situation in which the stored content is accessed, such as when the storage location of the content is posted on the Web screen. It occurs in the same way.

  The present invention has been made in view of the above problems, and a main object thereof is an access control system and access control capable of appropriately setting access rights to stored contents while ensuring security. To provide a program.

  In order to achieve the above object, the access control system of the present invention determines whether or not a storage unit for storing content and a user notified of the storage destination of the content has an access right to the content, and the access If the user does not have the right, the confidentiality of the content is determined according to a predetermined condition, and if it is determined that the confidentiality is not high, an access right setting for setting a temporary access right for the content to the user It comprises at least a support unit and a service unit that enables browsing of the content for a user who is set with an access right or temporary access right to the content.

  The present invention also provides an access control program that operates on a server that stores / manages content or a server that manages access rights to the content, and the user who is notified of the storage location of the content is the server. It is determined whether or not the access right to the content is determined. If the access right is not determined, the confidentiality of the content is determined according to a predetermined condition. An access right setting support unit for setting a temporary access right for the content to the user, a service unit for enabling browsing of the content for a user set with an access right or temporary access right for the content, It is to function as.

  According to the access control system and the access control program of the present invention, it is possible to appropriately set the access right to the stored content while ensuring security.

  The reason is that when the user notified of the storage location of the content does not have access rights to the content, the content confidentiality (importance) is determined according to a predetermined condition, and the content confidentiality (importance) ) Is low, the user is registered in the temporary access list, and control for enabling browsing of the content is performed.

  Also, for the temporary access list, it is determined whether the access right is not set according to a predetermined condition, and if it is determined that the access right is not set, control is performed to request the administrator to set a permanent access right. Because.

It is a figure which shows typically the structure of the access control system which concerns on one Example of this invention. It is a block diagram which shows the structure of each apparatus of the access control system which concerns on one Example of this invention. It is a flowchart figure which shows operation | movement of the access right setting support management server which concerns on one Example of this invention. It is a flowchart figure which shows the operation | movement (access right setting support process) of the access right setting support management server which concerns on one Example of this invention. It is a table which shows an example of the temporary access list which concerns on one Example of this invention. It is a figure which shows an example of the mail client screen concerning one Example of this invention. It is a figure which shows an example of the access right setting support setting screen which concerns on one Example of this invention. It is a figure which shows the other example of the access right setting support setting screen which concerns on one Example of this invention.

  As shown in the background art, instead of directly transmitting content such as files, the content is stored in a content management server or the like, and the URL for accessing the content is notified by e-mail or the like. To reduce the load.

  However, with this method, even if the URL described in the email is accessed, not all recipients of the email can view the content. In addition, when content cannot be browsed, there are various causes (for example, omission of access right setting, content of organization / project that does not belong, limited access right set for the content, etc.) For this reason, it is difficult for the mail sender / receiver to determine what kind of countermeasure is appropriate. If the administrator is inquired each time, the burden on the mail sender / receiver or the administrator increases. In addition, if the content saved in the URL described in the email is set so that all recipients of the email can view it unconditionally, the content can be viewed by a third party who has no viewing authority due to an error in entering the email address. Security cannot be ensured.

  Therefore, in one embodiment of the present invention, when a content is stored in a content management server to which access is restricted, and the content management server manages an access history, when the content storage server is notified to the user, If you do not have access rights to the content, determine whether to set temporary access rights based on the confidentiality (importance) of the content and the content storage location, and set temporary access rights. If it is determined, the user is registered in the temporary access list so that the content can be browsed. In addition, based on the number of registered users for the same hierarchy for which viewing authority is set, it is determined whether or not the access right is not set. If it is determined that the access right is not set, the administrator is permanently notified. Request the setting of appropriate access rights.

  In order to describe the above-described embodiment of the present invention in more detail, an access control system and an access control program according to an embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a diagram schematically showing the configuration of the access control system of this embodiment, and FIG. 2 is a block diagram showing the configuration of each device. 3 and 4 are flowcharts showing the operation of the access right setting support management server, and FIG. 5 is a table showing an example of a temporary access list. FIG. 6 is a diagram illustrating an example of a mail client screen, and FIGS. 7 and 8 are diagrams illustrating an example of an access right setting support setting screen.

  As shown in FIG. 1, the access control system 10 of the present embodiment includes a content management server 20 such as SharePoint, an authentication server 30 such as AD (Active Directory) and LDAP (Lightweight Directory Access Protocol), and a mail server 40. The access right setting support management server 50 and a user computer device (client 60) are connected via a network 70 such as a LAN (Local Area Network) or a WAN (Wide Area Network). . Hereinafter, each device will be described.

[Content Management Server]
The content management server 20 includes a control unit 21, a storage unit 22, a communication unit 23, a display unit 24, an operation unit 25, and the like.

  The control unit 21 includes a CPU (Central Processing Unit) and the like. The storage unit 22 includes a memory such as a read only memory (ROM) and a random access memory (RAM), a hard disk drive (HDD), and the like, and includes a data storage unit 22a and a program storage unit 22b. The data storage unit 22a includes a content storage unit that stores content such as a file to be browsed, a content management data data storage unit that stores content management data, and the like. The program storage unit 22b includes a content management function for managing content, a web server function for providing a web service to the access right setting support management server 50 and the client 60, a content management web service function for providing a content management web service to the client 60, and the like. Stores a program that implements The program stored in the ROM or HDD is expanded in the RAM and executed by the CPU.

  The communication unit 23 includes a NIC (Network Interface Card), a modem, and the like, and enables communication with each device on the network. The display unit 24 includes an LCD (Liquid Crystal Display) or the like, and displays various screens related to content management. The operation unit 25 includes a keyboard and a mouse, and enables various operations related to content management.

[Authentication Server]
The authentication server 30 includes a control unit 31, a storage unit 32, a communication unit 33, a display unit 34, an operation unit 35, and the like.

  The control unit 31 includes a CPU. The storage unit 32 includes a memory such as a ROM and a RAM, an HDD, and the like, and includes a data storage unit 32a and a program storage unit 32b. The data storage unit 32a includes an authentication information data storage unit that stores authentication information data and the like for specifying a user who executes a task and its boss. The program storage unit 32b stores a program for realizing an authentication function, an authentication function API (Application Program Interface), and the like. Then, the program stored in the ROM or HDD is expanded in the RAM and executed by the CPU.

  The communication unit 33 includes a NIC, a modem, and the like, and enables communication with each device on the network. The display unit 34 includes an LCD or the like, and displays various screens related to authentication. The operation unit 35 includes a keyboard and a mouse, and enables various operations related to authentication.

[Mail server]
The mail server 40 includes a control unit 41, a storage unit 42, a communication unit 43, a display unit 44, an operation unit 45, and the like.

  The control unit 41 is configured by a CPU or the like. The storage unit 42 includes a memory such as a ROM and a RAM, an HDD, and the like, and includes a data storage unit 42a and a program storage unit 42b. The data storage unit 42 a includes a mail server data storage unit that stores data handled by the mail server 40. The program storage unit 42b stores a program that realizes a mail server function such as POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol), and IMAP (Internet Message Access Protocol). Then, the program stored in the ROM or HDD is expanded in the RAM and executed by the CPU.

  The communication unit 43 includes a NIC, a modem, and the like, and enables communication with each device on the network. The display unit 44 is configured by an LCD or the like, and displays various screens related to mail transmission / reception. The operation unit 43 includes a keyboard, a mouse, and the like, and enables various operations related to mail transmission / reception.

[Access right setting support management server]
The access right setting support management server 50 includes a control unit 51, a storage unit 52, a communication unit 53, a display unit 54, an operation unit 55, and the like.

  The control unit 51 is configured by a CPU or the like. The storage unit 52 includes a memory such as a ROM and a RAM, an HDD, and the like, and includes a data storage unit 52a and a program storage unit 52b. The data storage unit 52a includes an access right setting support management data storage unit that stores management data for supporting access right setting, a temporary access list data storage unit that registers users who are permitted access temporarily, and the like. . The program storage unit 32b has a web server function for providing a web service to the client 60 and an access right setting support web service function for providing a web service for supporting setting of the access right, and an access right that enables setting of the access right. Stores programs that implement the setting support setting function. Then, a program stored in the ROM or HDD (in particular, an access control program for causing the control unit 51 to execute the access right setting support web service function or the access right setting support setting function) is expanded in the RAM and executed by the CPU.

  The communication unit 53 includes a NIC, a modem, and the like, and enables communication with each device on the network. The display unit 54 is configured by an LCD or the like, and displays various screens related to setting of access rights (access right setting support setting screen described later) and the like. The operation unit 55 includes a keyboard, a mouse, and the like, and enables various operations related to access right setting.

[client]
The client 60 includes a control unit 61, a storage unit 62, a communication unit 63, a display unit 64, an operation unit 65, and the like.

  The control unit 61 is configured by a CPU or the like. The storage unit 62 includes a memory such as a ROM or a RAM, an HDD, and the like, and includes a data storage unit 62a and a program storage unit 62b. The data storage unit 62a includes a mail client data storage unit that stores data handled as a mail client, an access right setting support add-on data storage unit that stores add-on data that supports setting of an access right, and the like. The program storage unit 62b stores a program for realizing a mail client function, an access right setting support add-on function (web service calling function), and the like. The program stored in the ROM or HDD is expanded in the RAM and executed by the CPU.

  The communication unit 63 includes a NIC, a modem, and the like, and enables communication with each device on the network. The display unit 64 is composed of an LCD or the like, and displays various screens (mail client screens to be described later) and the like. The operation unit 65 includes a keyboard, a mouse, and the like, and enables various operations such as reception of mail and browsing of content.

  1 and 2 are examples of the present embodiment, and can be changed as appropriate. For example, in FIG. 1, the access right setting support management server 50 is individually provided in the access control system 10, but the access right setting support management server 50 may be configured as a part of the content management server 20. In this embodiment, an add-on function of the client 60 and an access right setting support management application of the access right setting support management server 50 (access control program for realizing an access right setting support Web service function and an access right setting support setting function). The configuration of other devices (content management server, authentication server 30, mail server 50) is not particularly limited.

  Next, the operation of the access control system 10 configured as described above will be described. In the following description, it is assumed that the data storage unit 22a of the content management server 20 stores in advance information that identifies a user who can view the content. Further, it is assumed that information for associating a mail address with a user ID is stored in advance in the data storage unit 32a of the authentication server 30.

[Operation when sending email]
When the mail client function of the mail sender client 60 transmits a mail describing a URL indicating the storage location of the content, the access right setting support add-on function of the client 60 is a Web provided by the access right setting support management server 50. The service is called and the destination mail address list and the URL list are passed to the access right setting support management server 50. Then, the access right setting support management server 50 performs access right setting control.

  The access right setting control of the access right setting support management server 50 will be described below with reference to the flowchart of FIG.

  First, the access right setting support Web service function determines whether an email address remains in the destination email address list (S101). If an email address remains in the destination email address list, the URL remains in the URL list. (S102). At the first time, since there is a mail address in the destination mail address list, one mail address is taken out. In the first time, since there is a URL in the URL list, one URL is extracted.

  Next, the access right setting support Web service function inquires the authentication server 30 and acquires the user ID corresponding to the extracted mail address (S103). Next, the access right setting support Web service function inquires of the content management server 20 and checks whether or not the acquired user ID is a user ID capable of browsing the content stored in the URL (S104).

  If it is a browseable user ID (Yes in S105), there is no problem of not being able to access the URL, so the process returns to S102 to determine whether the URL remains in the URL list. If the URL remains in the URL list, the processes of S103 to S105 are repeated. If the URL does not remain in the URL list, the process returns to S101 to determine whether the mail address remains in the destination mail address list. If a mail address remains in the destination mail address list, the processes of S102 to S105 are repeated, and if no mail address remains in the destination mail address list, the process ends.

  On the other hand, if the user ID is not viewable (No in S105), there is a problem that the URL cannot be accessed. Therefore, the access right setting support setting function performs access right setting support processing (S106), and then returns to S102. Repeat the same process.

  Next, the access right setting support process will be described with reference to the flowchart of FIG.

  First, the access right setting support setting function inquires the content management server 20 and acquires a group or a user who can view the content stored in the URL (S201). Next, the access right setting support setting function inquires the authentication server 30 and acquires the number of users belonging to the group (S202). Then, the access right setting support setting function determines whether or not the confidentiality (importance) of the content stored in the URL is high based on the acquired number of users (S203). Note that the criterion for determining whether the confidentiality (importance) is high is not limited to the number of users, and can be set on the access right setting support setting screen shown in FIGS.

  If it can be determined that the confidentiality (importance level) is not high, there is no problem even if access is permitted, so the access right setting support setting function adds the user ID of the user to the temporary access list (S208). FIG. 5 is an example of a temporary access list, in which a URL for storing content, a user ID for which an access right for the URL is set, and date / time information for which a viewing authority is set as required, and browsing The hierarchy in which authority is set and information indicating whether to set permanent access right are also described.

  If it can be determined that the confidentiality (importance) is high, access cannot be permitted unconditionally. Therefore, the access right setting support setting function inquires the content management server 20 and specifies the URL manager ( (S204), the administrator is requested to permit the temporary access right setting (S205). If the administrator's permission cannot be obtained (No in S206), the access right setting support setting function notifies the user specified by the user ID that the temporary access is impossible as necessary (S207). Exit.

  On the other hand, when the administrator's permission is obtained (Yes in S206), the access right setting support setting function adds the user ID to the temporary access list (S208). Next, the access right setting support setting function temporarily registers the number of registered users for the same hierarchy for which browsing authority is set (that is, for the hierarchy for which the browsing restriction to which the content belongs is set for the same user). It is determined whether the set number of access rights is equal to or greater than a certain number (S209). If multiple users are registered in a certain “hierarchy for which viewing authority is set” in the temporary access list, the access right setting is suspected, so permanent access to the administrator of that hierarchy Requests setting of rights (S210).

  As described above, when the user of the mail address described in the destination mail address list cannot access the URL of the URL list, it is determined whether the content stored in the URL or the confidentiality (importance) of the URL is high. However, when the confidentiality (importance) is not high, or when the permission of the URL administrator is obtained, the URL is appropriately accessed while ensuring security because the process of adding to the temporary access list is performed. Can be.

  Also, if the same level of the temporary access list is accessed many times, it is determined that the access right is not set correctly, and the administrator is requested to set a permanent access right. Can be updated.

[Action when receiving mail]
The mail client function of the mail recipient client 60 displays a mail client screen 80 as shown in FIG. When the mail recipient selects the URL in the mail text and selects “Open” on the submenu screen, the access right setting support add-on function calls the Web service of the access right setting support management server 50 to set the access right. An e-mail address and URL are passed to the support management server 50.

  The access right setting support Web service function of the access right setting support management server 50 makes an inquiry to the authentication server 30 and obtains a user ID from the mail address, and then makes an inquiry to the content management server 20 to obtain the acquired user ID as a URL. Whether the user ID can be viewed.

  If there is an access right (if it is a user ID that can browse URLs), do nothing, and if there is no access right (if it is not a user ID that can browse URLs), search the temporary access list and add it to the temporary access list If the user ID is registered, an access right is added. Then, the access right setting support add-on function of the mail client opens the content of the corresponding URL.

[Perform regularly]
When a user ID is registered in the temporary access list in the operation at the time of mail transmission, security may not be ensured if the user ID is registered. Therefore, the access right setting support setting function periodically checks the contents of the temporary access list, and deletes the access right for contents that have passed a predetermined browsing period.

  The basic operation of the access right setting control according to the present embodiment has been described above. However, the administrator can set the confidentiality determination condition in advance using the setting screen provided by the access right setting support setting function. it can.

  FIG. 7 shows an example of the access right setting support setting screen 81 provided by the access right setting support setting function. The access right setting support setting screen 81 includes a confidentiality determination condition setting field and an access right permanent determination. It consists of a condition setting field and a temporary access method setting field.

  The confidentiality determination condition setting column is a column that defines conditions for determining whether or not confidentiality (importance) is high, and checks an object to be determined as “highly confidential”. What can be selected here is mainly information relating to the confidentiality and access rights of the content and the location where the content is stored. Furthermore, among the items that are judged as “highly confidential”, the access rights are made permanent when it is judged in the flow of FIG. 4 that “the number of registrations in the same authority hierarchy in the temporary access list is a certain number or more”. Also check what you want. Anything that is not highly confidential (important) will be subject to permanent access rights.

  In the figure, “a watermark is attached to the document” is an example in which information of the document itself is used, and is stored as document attribute (property, column) information at the time of registration in the content management server 20. To do. “Column XX is ΔΔ” is an example of using attribute information of a document stored in the content management server 20, and is manually input at the time of document registration or information in the document is stored. Or set automatically. Further, since a company or the like can often form a hierarchical relationship such as a section of the company, the “security group” handles the users of the authentication server 30 or the like as a group.

  In the setting column of the determination condition for permanent access right, a value of “a certain number” is set when it is determined whether “the number of the same authority layer in the temporary access list is a certain number or more” in the flow of FIG. .

  In the temporary access method setting field, whether the original URL can be accessed in the temporary access, or the content with high confidentiality is copied and accessed in the temporary area, all regardless of the confidentiality Set whether to copy the contents to the temporary area for access.

  FIG. 7 shows the basic configuration of the access right setting support setting screen. As shown in FIG. 8, a column for setting an expiration date is provided in the confidentiality determination condition column of the access right setting support setting screen 82, and the confidentiality ( The expiration date of the access right can also be set according to the importance).

  As described above, the case where registration to the temporary access list is performed at the time of mail transmission has been described. However, the temporary access right may be set when the mail recipient opens the URL file in the mail text. Further, when a mail recipient opens a URL file in the body of the mail, information such as waiting for administrator's permission / NG of administrator's permission may be displayed, and such information is displayed. As a result, user convenience can be improved.

  In addition, this invention is not limited to the said Example, The structure and control can be changed suitably, unless it deviates from the meaning of this invention. For example, in the above embodiment, the case where the URL indicating the file storage location is notified by e-mail has been described as an example. However, for example, when the content storage location is posted on the Web screen, The same can be applied to any situation of access.

  The present invention can be used for a system and a program for controlling access to content stored in a content management server.

DESCRIPTION OF SYMBOLS 10 Access control system 20 Content management server 21 Control part 22 Storage part 23 Communication part 24 Display part 25 Operation part 30 Authentication server 31 Control part 32 Storage part 33 Communication part 34 Display part 35 Operation part 40 Mail server 41 Control part 42 Storage part 43 communication unit 44 display unit 45 operation unit 50 access right setting support management server 51 control unit 52 storage unit 53 communication unit 54 display unit 55 operation unit 60 client 61 control unit 62 storage unit 63 communication unit 64 display unit 65 operation unit 70 network 80 Mail client screen 81, 82 Access right setting support setting screen

Claims (6)

A storage unit for storing content;
It is determined whether the user notified of the storage location of the content has an access right to the content. If the user does not have the access right, the confidentiality of the content is determined according to a predetermined condition, and the confidentiality is determined. If it is determined that the property is not high, an access right setting support unit for setting a temporary access right for the content to the user;
A service unit that enables browsing of the content to a user who is set with an access right or temporary access right to the content,
An access control system characterized by that. When the access right setting support unit determines that the confidentiality of the content is high, the access right setting support unit inquires of the content administrator whether or not to set a temporary access right for the content of the user.
The access control system according to claim 1. The access right setting support unit determines whether or not the number of times the temporary access right is set for the user has reached a predetermined number with respect to a hierarchy in which a viewing restriction to which the content belongs is set. When the predetermined number is reached, the administrator of the content is requested to set a permanent access right for the content of the user.
The access control system according to claim 1 or 2, wherein An access control program that operates on a server that stores / manages content or a server that manages access rights to the content,
The server,
It is determined whether the user notified of the storage location of the content has an access right to the content. If the user does not have the access right, the confidentiality of the content is determined according to a predetermined condition, and the confidentiality is determined. If it is determined that the access is not high, an access right setting support unit for setting a temporary access right for the content to the user,
For a user who is set with an access right or temporary access right to the content, function as a service unit that enables browsing of the content,
An access control program characterized by that. When the access right setting support unit determines that the confidentiality of the content is high, the access right setting support unit inquires of the content administrator whether or not to set a temporary access right for the content of the user.
The access control program according to claim 4. The access right setting support unit determines whether or not the number of times the temporary access right is set for the user has reached a predetermined number with respect to a hierarchy in which a viewing restriction to which the content belongs is set. When the predetermined number is reached, the administrator of the content is requested to set a permanent access right for the content of the user.
The access control program according to claim 4 or 5, wherein

Images