JP2023114917A - Access authority control device, access authority control method, and program - Google Patents

Abstract

To provide a file access authority control device and method, and a program that can effectively prevent unauthorized access to a file caused by a delay in invalidation of an authentication card.SOLUTION: An access authority control server 200 is to perform access authority validation communication with a management server that manages access authority to a file using an IC card, and the access authority control server comprises: a file access authority storage unit 202 that stores user information and card state information specifying the IC card; a control unit 204 that, when receiving a request for authenticating the IC card, if the card state information is set to be effective, performs the access authority validation communication with the management server; and a card invalidation processing unit 203 that, when receiving a card invalidation signal S1 from the other system SYS, invalidates the card state information. When the control unit 204 receives the card invalidation signal and subsequently receives the authentication request using the IC card, it refers to the card state information used for the authentication request and notifies the authentication request of an invalidation result.SELECTED DRAWING: Figure 2

Description

The present invention relates to technology for controlling user access rights to files.

A file, which is a collection of data with a certain purpose, is stored in a storage medium. In order to restrict users who can access this file, it is common to set access authority to the storage medium. For example, authentication is performed using the user's account identification information, and file access is permitted only when the authentication is successful. Many techniques have been proposed for enhancing security in such access control.

For example, the access control method disclosed in Patent Document 1 cooperates with an entrance/exit management system for a room where a terminal is installed, and determines whether or not access to a file is permitted by combining a user ID and password, a permitted time period, and a terminal ID. ing.

The authentication method disclosed in Patent Document 2 performs authentication by associating a user ID and a card ID, furthermore, associates a plurality of IC cards with a user, and manages authority for each card to strengthen security. there is In addition, by temporarily invalidating the use of the lost IC card, it is possible to prevent spoofing and the like when the IC card is lost.

JP-A-2000-259567 JP 2015-176238 A

However, the access control disclosed in Patent Literature 1 cannot effectively prevent spoofing access when an authentication card such as an IC card is lost or stolen because it is linked with room entry/exit management.

In addition, in the authentication method disclosed in Patent Document 2, login authentication using an IC card is performed by an authentication control server or an external authentication server. Is required. For this reason, the lost authentication card is left in a valid state until it is revoked, increasing the risk of unauthorized access. Furthermore, since it is necessary to pass the authentication request to the authentication server at the time of login to start the authentication process, it is not possible to quickly reject the fraudulently used authentication card.

Accordingly, an object of the present invention is to solve the above problems, and to provide a file access authority control method apparatus, an access authority control method, and a program that can effectively prevent unauthorized access to a file caused by a delay in invalidation of an authentication card. .

An access authority control device according to a first aspect of the present invention is connected to a management device that manages access authority to a file, and validates the access authority to the file for the management device using an authentication card containing user information. an access authority control device for performing access authority validation communication, comprising a storage unit for storing user information specifying each authentication card and card status information indicating whether the authentication card is valid or invalid; and authentication of the authentication card. When the request is received, the control unit performs the access authorization validation communication to the management device when the card status information of the authentication card is set to be valid, and the card invalidation of the one authentication card from the other system. a card invalidation processing unit that invalidates the card status information corresponding to the one authentication card in the storage unit when a signal is received, wherein the control unit receives the card invalidation signal. After that, upon receiving an authentication request using the one authentication card, the card state information corresponding to the one authentication card used in the authentication request in the storage unit is referred to, and the authentication request is invalidated. It is characterized by notifying the result.

An access authority control method according to a second aspect of the present invention is an access authority control method that performs access authority validation communication with a management device that manages access authority to a file using an authentication card containing user information. user information specifying each authentication card and card status information indicating whether the authentication card is valid or invalid are stored in a storage unit, and when the control unit receives an authentication request for the authentication card, the authentication card is authenticated. When the card status information is set to valid, the access authority validation communication to the management device is performed, and when the card invalidation processing unit receives the card invalidation signal of one authentication card from the other system, The card status information corresponding to the one authentication card in the storage unit is set to be invalid, and the control unit further receives an authentication request using the one authentication card after receiving the card invalidation signal. Then, the card status information corresponding to the one authentication card used for the authentication request in the storage unit is referred to, and a result of invalidation for the authentication request is notified.

A program according to a third aspect of the present invention is connected to a management apparatus that manages access authority to a file, and access authority to validate access authority to the file for the management apparatus using an authentication card containing user information. A program that causes a computer to function as an access authority control device that performs validation communication, the program storing user information specifying each authentication card and card status information indicating whether the authentication card is valid or invalid in a storage unit; a function of performing the access authorization validation communication to the management device when the card status information of the authentication card is set to valid upon receiving the authentication request of the authentication card; a function of setting the card status information corresponding to the one authentication card in the storage unit to invalid when a card invalidation signal is received; and a function of invalidating the one authentication card after receiving the card invalidation signal a function of referring to the card status information corresponding to the one authentication card used in the authentication request in the storage unit when receiving the authentication request used in the authentication request, and notifying that the authentication request is invalid. It is characterized by being realized by the computer.

In this way, when a card invalidation signal for one authentication card is received from another system, by setting the card status information corresponding to the one authentication card to invalid, an authentication request using the one authentication card is accepted. When there is, it is possible to immediately notify the invalid result of the authentication request without notifying the management device. As a result, it is possible to effectively prevent unauthorized access to a file due to delay in invalidation of one authentication card.

According to one aspect of the present invention, the card invalidation signal can be a signal that is transmitted when the other system detects that the one authentication card has expired or has been used illegally. As a result, it is possible to invalidate the authentication card without waiting for the operation of the system administrator of the management device, and to prevent the authentication card from being left in a valid state.

As described above, according to the present invention, it is possible to effectively prevent unauthorized access to files caused by a delay in invalidation of an authentication card.

FIG. 1 is a block diagram showing a schematic configuration of a file access authority control system using an access authority control server according to one embodiment of the present invention. FIG. 2 is a block diagram showing the configuration of the access authority control server according to this embodiment. 3 is a block diagram showing a configuration example of a management server in FIG. 1. FIG. FIG. 4 is a flow chart showing IC card invalidation operation of the access authority control server according to the present embodiment. FIG. 5 is a flow chart showing the authentication operation of the access authority control server according to this embodiment. FIG. 6 is a sequence diagram showing the operation of the file access authority control system according to this embodiment.

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments and examples of the present invention will be described in detail with reference to the drawings. However, the components described in the following embodiments and examples are merely examples, and are not intended to limit the technical scope of the present invention to them.

1. System configuration As shown in FIG. 1, a user possesses an IC card 101 such as an employee ID card, and user authentication is performed using the card information registered in the IC card 101. access to the room, use of terminals, access to files, etc. shall be managed. Note that the authentication card for authenticating the user in this embodiment is generally an IC card, but is not limited to this. Any portable authentication means storing data for certifying the identity of the user may be used, and an authentication card of another type, such as a magnetic information storage card, may be used.

An access authority control system according to an embodiment of the present invention includes a card reader 102 as input means for inputting user information, a management server 103 as a management device for managing access authority, and a file 104 for which access authority is to be obtained. , an access terminal 105 for a user to access the file 104, an access authority control server 200 as an access authority control device, and another system SYS that outputs a card invalidation signal S1 for invalidating the IC card 101. Become.

The card reader 102 has a function of reading card information from the IC card 101 and a function of communicating with the access authority control server 200 . The card reader 102 may be a single card reader installed at the entrance of a building or an office, or may be a card reader application installed in a mobile communication terminal such as a mobile phone owned by the user or an access terminal 105 to be described later. There may be. The card reader 102 is connected to the access authority control server 200 through a communication network, and user authentication communication is performed as described later.

Management server 103 can communicate with access authority control server 200 and access terminal 105 through a communication network. The management server 103 has a function of processing a file access request from the access terminal 105 and deciding whether or not each user is permitted to access the file 104 in cooperation with the access authority control server 200 as will be described later.

A file 104 is a collection of data with a certain purpose, stored in any storage medium accessible from the access terminal 105 . In addition, in some of the data of the file 104, one of a plurality of definitions related to file access authority stored in the access authority control server 200 and the management server 103, which will be described later, is combined with a user ID, which will be described later. A rule ID used to identify the definition is embedded. The access authority control server 200 stores card information used for user authentication, card status associated with the card information, user ID, user name, rule ID, file access authority, and the authority last executed for the management server 103. A final command representing the content of the enable/disable communication is set. A plurality of user IDs may be associated with one rule ID. However, one set of file access authority is associated with one combination of rule ID and user ID. File 104 is, for example, a database that is to be kept confidential for a company and is accessible through access terminal 105 only to authenticated users with valid access rights.

The access terminal 105 is a communication terminal capable of communicating with the management server 103 and the file 104 through a communication network, such as a desktop/mobile computer, a mobile communication terminal such as a smart phone, or the like. Application software for using the data of the file 104 is installed in the access terminal 105 in advance. Also, the user ID of the user who holds the license for using the application software is stored in the access terminal 105 in advance. A user ID is, for example, a user's e-mail address. The access terminal 105 may have the function of identifying the current user by the IC card 101, or may be a computer or a mobile communication terminal in which the application of the card reader 102 is installed as described above.

The access authority control server 200 has a function of validating a user's access authority through communication with the management server 103, and a function of invalidating the user's IC card 101 at the timing of receiving the card invalidation signal S1 from the other system SYS. and Although details will be described later, when the access authority control server 200 receives an authentication request from the card reader 102 by the invalidated IC card 101, it executes authority activation communication with the management server 103 for granting access authority. Then, the invalidation notification is transmitted to the card reader 102 and the processing is terminated.

When an event to invalidate the IC card 101 occurs, the other system SYS transmits a card invalidation signal S1 including card information to the access authority control server 200 without depending on the operation of the system administrator. . The event to be invalidated is invalidation or unauthorized use of the IC card 101, or the like. For example, when the IC card 101 expires after the expiration date, when the IC card 101 is found to be used illegally, or when an IC card owned by a retired user is used by mistake or intentionally. .

The other system SYS may use an external system, or it may be a personnel system equipped with an issuance management function for an IC card, which is an employee ID card, or an office entrance/exit permit, which is an entrance gate to the office. It may be an entrance/exit management system equipped with an IC card issue management function that is used as a key to unlock the electric lock of the entrance door of the office, office, etc., or for logging in to the personal computer in the office. It may be a network management system equipped with an issue management function for an IC card used as a personal authentication card, or a computer logged in using an IC card such as an employee ID card to detect suspicious operations being performed. It may be an in-house or external monitoring system. Alternatively, the system may be an in-house monitoring system that detects that an employee who has already retired from the system has logged in to a computer using an IC card.

2. Access Authority Control and Card Invalidation Processing As illustrated in FIG. 2, the access authority control server 200 has a communication unit 201 and can communicate with the card reader 102, management server 103, and other system SYS. The access authority control server 200 further includes a file access authority storage section 202 for storing information described below, a card invalidation processing section 203 for invalidating the corresponding card status according to the received card invalidation signal S1, and an access authority control and a control unit 204 for performing functions described later.

The file access authority storage unit 202 stores, as user information, card information, which is information about the IC card 101, the card status indicating whether the IC card 101 is valid or invalid, and a user ID, which is user identification information. (here, an example of an e-mail address is shown), a user name, a rule ID, a file access authority granted to the user, and a final message representing the content of the authority validation/invalidation communication last executed to the management server 103 . Directives and are registered.

For example, the card information "C001" includes "valid" as the card status, "AA@xxx.jp" as the user ID, "AA" as the user name, "R01" as the rule ID, and "R01" as the file access authority. "Read: Permitted, Write: Impossible" is linked and stored, and the "final command" for the file access right is "valid". (corresponding to the authorization validation communication of the invention) was performed last. In the drawing, "read" is indicated by "R", and "write" is indicated by "W".

The card information "C002" includes "valid" as the card status, "BB@xxx.jp" as the user ID, "BB" as the user name, "R01" as the rule ID, and "R01" as the file access authority. Since "Read: Enabled, Write: Enabled" is linked and stored, and the final command for the file access permission is "valid", the permission activation command for activating the file access permission is executed last. I know it was broken.

Further, in the card information "C003", the card status is "invalid", the user ID is "CC@yyy.jp", the user name is "CC", the rule ID is "R02", and the file access authority is "Reading: Enabled, Writing: Enabled" are linked and stored, and since the final command is "Invalid", the card corresponding to the card information "C003" is invalidated, and It can be seen that the authority invalidation command for invalidating the file access authority was last executed.

Note that the functional configuration shown in FIG. 2 is an example, and the access authority control server 200 has a storage unit and a processing unit (processor). The functions of the conversion processing unit 203 and the control unit 204 can also be realized.

As illustrated in FIG. 3 , the management server 103 has a communication unit 103 a and can communicate with the access authority control server 200 and the access terminal 105 . The control unit 103b updates the contents of the file access authority rule storage unit 103c based on the authority activation command received by the communication unit 103a from the access authority control server 200. FIG.

Further, when the communication unit 103a receives a file access permission request from the access terminal 105, the control unit 103b permits file access or Send any notification of no access rights to the access terminal 105 .

When the file access authority rule storage unit 103c receives the authority activation command from the access authority control server 200, the file access authority rule storage unit 103c sends the authority activation command to the file access authority rule storage unit 103c corresponding to the rule ID included in the authority activation command. store the file access permissions and user IDs contained in the .

For example, rule ID "R01", user ID "AA@xxx.jp", and file access authority "read: permitted, write: prohibited" are stored in association with each other. Also, rule ID "R01", user ID "BB@xxx.jp", and file access authority "read: permitted, write: permitted" are associated and stored. These are stored upon receipt of an authority activation command corresponding to the fact that the final command is stored as "valid" in the file access authority storage unit 202 of the access authority control server 200. FIG.

The operation of the access authority control server 200 will be described below with reference to FIGS. 4 and 5. FIG.

In FIG. 4, the control unit 204 determines whether or not the card invalidation signal S1 has been received from the other system SYS (step 301), and if not (NO in step 301), the process ends. When the card invalidation signal S1 specifying the IC card 101 to be invalidated is received (YES in step 301), the control unit 204 searches the file access authority storage unit 202 for the corresponding card information (step 302). If the card information of the corresponding IC card 101 has already been registered in the file access authority storage unit 202 (YES in step 303), the card invalidation processing unit 203 changes the card status of the IC card 101 to "invalid". to invalidate (step 304). If the card information of the corresponding IC card 101 is not registered in the file access authority storage unit 202 (NO in step 303), the process is terminated.

As described above, the card status indicating invalidity of the corresponding IC card 101 is registered in the file access authority storage unit 202 according to the card invalidation signal S1 received from the other system SYS. As will be described below, the control unit 204 can immediately reject the authentication request from the IC card 101 simply by referring to the card status column of the file access authority storage unit 202 . In this case, there is no need to transmit an authentication request to the management server 103 and perform authority validation communication.

In FIG. 5, control unit 204 confirms receipt of an authentication request for IC card 101 from card reader 102 (step 401). If not received (NO in step 401), the process ends. On the other hand, when an authentication request is received (YES in step 401), control unit 204 searches file access authority storage unit 202 according to the card information of IC card 101 included in the authentication request (step 402). If there is corresponding card information (YES in step 402), the card status field is referred to confirm whether the IC card 101 is invalid (step 403), and if not invalid (NO in step 403). ), and transmits an authority validation request to the management server 103 (step 404).

On the other hand, if the IC card 101 is invalid (YES in step 403), the control unit 204 notifies the card reader 102 of the invalidation result (step 405), and terminates the process. If the card information of the IC card 101 is not registered in the file access authority storage unit 202 (NO in step 402), the control unit 204 notifies the card reader 102 of authentication failure (step 406), and terminates the process. do.

After step 404, the control unit 204 waits to receive an access authority activation success notification from the management server 103 (NO in step 407). When received (YES in step 407), a notification of successful authentication is transmitted to card reader 102 (step 408).

3. System Operation As exemplified in FIG. 6, a sequence 500 when the IC card is valid and authentication succeeds and file access is performed, and a sequence 600 when the card is invalidated will be described separately.

In sequence 500, when card reader 102 reads card information from user's IC card 101, it sends an authentication request to access authority control server 200 (step 501). Upon receiving the authentication request, the access authority control server 200 searches the file access authority storage unit 202 according to the card information, and if the IC card 101 is not invalid, the user ID and file access authority linked to the card information are stored. An access authorization validation request containing information is sent to the management server 103 (step 502). Upon receiving the access authority validation request, the management server 103 stores the user ID and file access authority information included in the access authority validation request, and validates the file access authority of the user ID.

After activating the access authority, the management server 103 returns an access authority activation success notification to the access authority control server 200 (step 503). When the access authority control server 200 receives the access authority validation success notification, it sets the final command of the corresponding user information in the file access authority storage unit 202 to "valid" and transmits an authentication success notification to the card reader 102 (step 504). . Upon receiving the authentication success notification, the card reader 102 may allow the user to enter the room by, for example, unlocking the door or opening the gate. At that time, the authenticated information can also be recorded in the IC card 101 of the user.

Next, when the user accesses the file 104 with the application software installed in the access terminal 105, the application software reads the rule ID from the file 104 (step 505), and uses the rule ID and the application software stored in the access terminal. A file access permission request including a user ID linked to the use license is transmitted to the management server 103 (step 506).

When the management server 103 receives a file access permission request from the access terminal 105, the management server 103, based on the user ID and the rule ID included in the file access permission request, selects access permissions stored in the file access permission rule storage unit 103c. , extracts the access authority that matches both the user ID and the rule ID, and notifies the access terminal 105 of file access permission based on the access authority (step 507).

As a result, the user can use the application software of the access terminal 105 to access the file 104 and use it for browsing, editing, etc. (step 508). When the access authority is stored in the file access authority rule storage unit 103c of the management server 103 by the same procedure, other users access the file 104 through other access terminals and use the content for viewing, editing, etc. be able to.

In sequence 600, when the access authority control server 200 receives the card invalidation signal S1 from the other system SYS (YES in step 601), the corresponding card status in the file access authority storage unit 202 is changed to "invalid" and invalidated. (step 602). After that, the access authority control server 200 transmits an access authority invalidation request to the management server 103 (step 603).

Upon receiving the access authority invalidation request, the management server 103 matches the user ID and file access authority information contained in the access authority invalidation request from among the stored user ID and file access authority information. Disable by erasing the one that does After invalidating the access authority, the management server 103 transmits an access authority invalidation success notification to the access authority control server 200 (step 604).

In this state, when the access authority control server 200 receives an authentication request for the IC card 101 from the card reader 102 (step 605), the access authority control server 200 searches the file access authority storage unit 202 according to the card information included in the authentication request. . If the card status corresponding to the card information is "invalid", the invalid result is immediately notified in response to the authentication request from the IC card 101, and the process is terminated (step 606). Therefore, the access authority control server 200 can reject the authentication request from the revoked IC card 101 without transmitting the authentication request to the management server 103 and performing authority validation communication. As a result, the user who attempts to request access using the invalidly registered IC card 101 is denied the authentication itself, and cannot enter the system at the entrance stage of the card reader 102. Therefore, the file 104 cannot be accessed. Can not.

4. Effect As described above, according to one embodiment of the present invention, when an IC card becomes unusable due to loss or theft of the IC card, or retirement of the user, etc., a system for monitoring the status of the card, etc., can be used. The IC card can be invalidated when a card invalidation notification is received from the system SYS. As a result, the invalidation delay time during which the IC card to be invalidated is left in a valid state can be shortened, and the risk of unauthorized access can be greatly reduced.

5. Other Embodiments In the embodiment illustrated in FIG. 1, the card reader 102, the management server 103, the access terminal 105, and the access authority control server 200 have separate device configurations, but the present invention is not limited to this. These may be installed in a single computer, or distributed to a plurality of devices and connected to a network.

In this embodiment, the user is authenticated by the IC card 101, but the present invention is not limited to this, and any mobile authentication means storing data for certifying the identity of the user may be used.

Further, the card invalidation signal S1 may be any signal indicating the occurrence of an event to invalidate the IC card. Events that should be invalidated include cases in which unauthorized use of IC cards is discovered, cases in which an IC card owned by a retired user is used, etc. An internal or external monitoring system capable of detecting these events is used. be done.

The present invention is applicable to general computer systems that set access rights and protect files.

101 IC card 102 Card reader 103 Management server 104 File 105 Access terminal 200 Access authority control server 201 Communication unit 202 File access authority storage unit 203 Card invalidation processing unit 204 Control unit SYS Other systems

Claims (5)

An access authority control device that is connected to a management device that manages access authority to a file and performs access authority validation communication that validates the access authority to the file for the management device using an authentication card containing user information. hand,
a storage unit for storing user information specifying each authentication card and card status information indicating whether the authentication card is valid or invalid;
a control unit that, upon receiving an authentication request for the authentication card, performs the access authorization validation communication to the management device when the card status information of the authentication card is set to be valid;
a card invalidation processing unit that invalidates the card status information corresponding to the one authentication card in the storage unit when a card invalidation signal for the one authentication card is received from another system;
The control unit
When an authentication request using the one authentication card is received after receiving the card invalidation signal, the card state information corresponding to the one authentication card used for the authentication request in the storage unit is referred to. An access authority control device, characterized in that it notifies an invalid result for the authentication request. 2. The access authority control apparatus according to claim 1, wherein said card invalidation signal is a signal transmitted by said other system when said one authentication card is invalidated or when an unauthorized use thereof is detected. An access authority control method for performing access authority validation communication with a management device that manages access authority to a file using an authentication card containing user information,
storing user information specifying each authentication card and card status information indicating whether the authentication card is valid or invalid in a storage unit;
When the control unit receives the authentication request of the authentication card, and the authentication card status information of the authentication card is set to be valid, the control unit performs the access authorization activation communication to the management device,
when a card invalidation processing unit receives a card invalidation signal for one authentication card from another system, sets the card status information corresponding to the one authentication card in the storage unit to invalid;
When the control unit further receives the authentication request using the one authentication card after receiving the card invalidation signal, the controller corresponding to the one authentication card used for the authentication request in the storage unit referring to the card state information and notifying an invalid result for the authentication request;
An access authority control method characterized by: 4. The access authority control method according to claim 3, wherein the card invalidation signal is a signal transmitted by the other system when the one authentication card is invalidated or an unauthorized use is detected. A computer as an access authority control device that is connected to a management device that manages access authority to a file and performs access authority validation communication that validates the access authority to the file for the management device using an authentication card containing user information A program that operates the
a function of storing user information specifying each authentication card and card status information indicating whether the authentication card is valid or invalid in a storage unit;
a function of performing the access authorization activation communication to the management device when the card status information of the authentication card is set to valid upon receiving the authentication request of the authentication card;
a function of setting the card status information corresponding to the one authentication card in the storage unit to invalid when a card invalidation signal of the one authentication card is received from another system;
When an authentication request using the one authentication card is received after receiving the card invalidation signal, the card state information corresponding to the one authentication card used for the authentication request in the storage unit is referred to. a function of notifying an invalid result for the authentication request by
A program characterized by causing the computer to implement