JP5649525B2 - ID management system - Google Patents

Description

  The present invention relates to an ID management technique used in a personal computer (hereinafter referred to as “PC”), and more particularly to an ID management system for a local ID.

  In general, when using a PC, it is necessary to log in (or log on) by specifying (inputting) an ID and a password that uniquely identify the user. By managing IDs, it is possible to monitor and suppress unauthorized use of PCs (for example, use of PCs for purposes other than the original business in companies and the like). Further, there are many cases in which an in-house database is accessed using a PC at a remote location (for example, a business trip destination), and an ID and a password are also used in this case. Since remote authentication performed between PCs connected to public lines such as the Internet requires stronger security (such as measures for preventing unauthorized access), various methods have been proposed so far (for example, patents). References 1, 2).

JP-A-8-227397 JP 2007-226827 A

  The technologies described in Patent Documents 1 and 2 are intended to enhance security against unauthorized access from the outside such as the Internet, but on the other hand, prevent a PC from being used outside the business in a company. Countermeasures are also considered important. For that purpose, it is considered important to centrally manage IDs and passwords necessary when using a PC. However, for example, in Windows (registered trademark), there is a local ID that can be registered in the OS (Operating System) of each PC, and for this local ID, “administrator” having administrator authority of the PC is standard. In addition, the PC user can create and manage a local ID. Therefore, in the environment as described above (environment in which local IDs can be created on each PC), it is difficult to manage and manage the local IDs of PCs purchased in each department in the company by the management department. There was a problem. As a result, when a local ID created on a PC has been used, there is a problem that it is difficult to suppress unauthorized use of the PC.

  The present invention has been made in view of the above, and an object of the present invention is to obtain an ID management system capable of centrally managing local IDs required when using a PC in a company or the like.

  In order to solve the above-described problems and achieve the object, the present invention is an ID management system including a local PC and a local ID management device that issues a local ID required when using the local PC. The local ID management device includes a database in which information used for determining whether or not to issue a local ID is registered, and an ID issuance application from a user who desires to use a local PC. The application reason is analyzed to extract a word that can be a search keyword, and the database is searched using the extracted word. As a result, a score indicating the degree of coincidence with the application reason is predetermined. An ID issuing means for issuing a local ID and a password when the threshold is exceeded, and a log issued by the ID issuing means. Setting means for setting a local ID and password to a local PC to be used by the user, and the local PC having the local ID and password set by the setting means has the same local ID and It is characterized by accepting only a use start operation with a password input.

  According to the present invention, there is an effect that it is possible to realize an ID management system capable of centrally managing local IDs and suppressing unintended use of a local PC.

FIG. 1 is a diagram showing a configuration example of an ID management system according to the present invention. FIG. 2 is a flowchart illustrating an operation example of the ID management system. FIG. 3 is a diagram illustrating a configuration example of a database provided in the ID management system.

  Embodiments of an ID management system according to the present invention will be described below in detail with reference to the drawings. Note that the present invention is not limited to the embodiments.

Embodiment.
FIG. 1 is a diagram showing a configuration example of an ID management system according to the present invention. As shown in the figure, the ID management system according to the present invention includes a local ID management device 1, a user PC 2, and an administrator PC 3. For simplicity, the number of user PCs 2 is one, but two or more may be used.

  The local ID management device 1 includes an approval function unit 11, a mail transmission unit 12, information storage units 13 and 14, a password generation unit 15, an ID / password setting unit 16, and a database 17, and includes a local ID necessary for using a PC. When an issuance application is received from a user, it is determined whether or not the application is accepted, and a local ID and the like are generated when the application is accepted. The user PC 2 includes a local ID storage unit 21 and a security policy storage unit 22 and is a PC that can be used when the same local ID as the local ID issued by the local ID management device 1 is input. The administrator PC 3 is a PC used by the system administrator, and is used for various types of management including registration of information in the database 17, update, deletion, and confirmation of registered information.

  In the local ID management device 1, the approval function unit 11 acquires a local ID issuance application from a user and accepts the acquired local ID issuance application (whether to approve and issue a local ID or the like). ).

  The e-mail transmission unit 12 transmits an e-mail describing the determination result (approval approval / disapproval) in the approval function unit 11 to the local ID issuance applicant (PC user).

  The information storage unit 13 stores the determination result in the approval function unit 11 as an approval history. That is, all past determination results are stored together with the information of each applicant.

  The information storage unit 14 stores a local ID, and when the approval function unit 11 accepts an application for issuing a local ID, and a password is generated by the password generation unit 15 accordingly, the generated password is stored as the generated password. One of the existing local IDs is stored in association with each other. The local ID associated with the password is notified to the user PC 2 via the ID / password setting unit 16 as a local ID to be used by the applicant, and is also notified to the applicant. For example, the notification to the applicant is displayed on a display unit (display screen) (not shown). If the e-mail can be confirmed on a PC other than the PC for which the application for use has been made (the PC to be used with the issued local ID) or a mobile phone, it may be notified by e-mail. When notifying by e-mail, the local ID management device 1 obtains address information in advance by, for example, inputting an e-mail address of a notification destination at the time of application.

  The password generation unit 15 generates a password that is input together with the local ID when logging in (or logging on) the user PC 2 when the approval function unit 11 accepts an application for issuing a local ID and issues a local ID. Issue. The issued password may be a one-time password to improve security.

  The ID / password setting unit 16 notifies the user PC of the local ID and password to be used by the user PC 2 when the approval function unit 11 accepts an application for issuing a local ID and issues a local ID.

  The database 17 holds information used in the approval determination operation by the approval function unit 11. Although details of the information to be held will be described later, it is assumed that the information is registered in advance by the administrator via the administrator PC 3. Further, the database 17 is updated whenever an additional necessity arises due to a new situation / technical confirmation using the administrator PC 3.

  In the user PC 2, the local ID storage unit 21 stores the local ID and password notified from the local ID management device 1. It is assumed that the user PC 2 does not have a function of generating a local ID, and all the local IDs and passwords stored in the local ID storage unit 21 are issued / notified by the local ID management device 1. To do.

  The security policy storage unit 22 stores information on the usage period of the local ID stored in the local ID storage unit 21. The usage period may be notified from the local ID management device 1 together with the local ID and password, or may be set in advance by a system administrator. When the administrator sets in advance, the usage period is set by the elapsed time after the local ID is stored in the local ID storage unit 21. That is, the local ID is treated as valid until a predetermined time has elapsed since the local ID was stored, and the local ID is invalidated after a certain time has elapsed. After the local ID becomes invalid, the invalid local ID and password may be deleted from the local ID storage unit 21.

  Next, according to the flowchart shown in FIG. 2, the operation of the ID management system, specifically, a local ID issuance application for PC use was made by a person who wishes to use the user PC 2 (user who desires use). The operation in this case will be described.

  When the local ID management device 1 receives the use application (local ID issuance application), the approval function unit 11 evaluates the validity of the application content (steps S1 and S2).

  In the use application in step S1, at least the applicant's information and the reason for using the PC (hereinafter referred to as “application reason”) are entered. In addition, the usage period may be entered together. The applicant information is, for example, an employee number within a company.

  In step S2, the approval function unit 11 determines whether or not to approve by comparing the information registered in the database 17 (see FIG. 3) with the application reason acquired in step S1. Specifically, the word (keyword) included in the application reason is extracted, and the database 17 is searched using the extracted keyword, so that the information registered in the database 17 matches the application reason. A point (score) indicating the degree is calculated.

  And the approval function part 11 judges whether local ID issue application is received (whether it approves) based on the said calculated point (step S3). In this step S3, if the score is higher than a certain reference value (threshold value), the application is accepted (approved). As shown in FIG. 3, “keywords that can be approved”, “keywords to be denied”, “corresponding PC operations”, and “weighting points” are registered in the database. The approval function unit 11 confirms whether or not each of the keywords extracted from the application reason corresponds to “a keyword that can be approved” or “a keyword that should be rejected”, and further considers the “weighting point” and responds to the reason for the application. Aggregate points. Note that the “corresponding PC operation” may not be registered in the database 17 (it is not used in the determination operation).

  If the approval function unit 11 determines in step S3 that it does not accept the local ID issuance application (step S3: denial), the approval function unit 11 notifies the mail transmission unit 12 that the application has been rejected (denied). An email indicating that the application is rejected (denied) is transmitted to the applicant (step S4), and the process is terminated. If it is determined in step S3 that an application for issuing a local ID is accepted (step S3: approval), the e-mail transmission unit 12 is notified that the application has been accepted, and the e-mail transmission unit 12 has accepted the application (approval). Is sent to the applicant (step S5).

  If the local ID issuance application is approved, the password generation unit 15 then generates a password issued to the applicant (step S6). The generated password is transferred to the information storage unit 14 and stored in association with one of the unissued local IDs among the local IDs stored in the information storage unit 14. The password newly generated by the password generation unit 15 is passed to the ID / password setting unit 16 via the approval function unit 11 together with the associated local ID.

  The ID / password setting unit 16 that has received the local ID and password sets the received information (local ID, password) in the local ID storage unit 21 of the user PC 2 (step S7).

  By the above procedure, the local ID and password newly issued upon receiving the local ID issuance application are set in the user PC 2. The user PC 2 permits login (logon) when a login (logon) operation is performed using the local ID stored in the local ID storage unit 21 and the password associated therewith. Note that the user PC 2 uses the information stored in the security policy storage unit 22 (operations) even when an operation using the local ID stored in the local ID storage unit 21 and the corresponding password is performed. Login (logon) is not permitted when the operation is performed outside the usage period indicated by the information associated with the local ID and password used for.

  As described above, in the ID management system of the present embodiment, the local ID management device 1 is a database in which information for analyzing the reason for application included in the local ID issuance application and quantifying its validity is registered. When a local ID issuance application is received, a word included in the application reason is extracted as a keyword, a database search is performed using the extracted keyword, and the resulting score is greater than a threshold value. When it is high, a local ID and password are issued. The user PC 2 accepts only a use start operation (login or logon) involving the input of the local ID and password issued by the local ID management device 1. Thereby, an ID management system capable of centralized management of local IDs can be realized. Further, since the user PC 2 does not have a local ID generation function, an ID management system capable of suppressing the use of the local PC for other purposes can be realized.

  As described above, the ID management system according to the present invention is useful when it is desired to perform unified management of local IDs.

1 Local ID management device 2 User PC
3 Administrator PC
DESCRIPTION OF SYMBOLS 11 Approval function part 12 Mail transmission part 13,14 Information storage part 15 Password generation part 16 ID and password setting part 17 Database 21 Local ID storage part 22 Security policy storage part

Claims (2)

An ID management system comprising a local PC and a local ID management device that issues a local ID required when using the local PC,
The local ID management device
A database in which information used for determining whether or not to issue a local ID is registered;
When there is an ID issuance application from a user who wishes to use a local PC, the application reason included in the ID issuance application is analyzed to extract a word that can be a search keyword, and further, using the extracted word ID issuing means for searching the database and issuing a local ID and a password when a score indicating a degree of coincidence with an application reason obtained as a result exceeds a predetermined threshold;
Setting means for setting the local ID and password issued by the ID issuing means to the local PC scheduled to be used by the user;
With
The ID management system, wherein the local PC in which the local ID and password are set by the setting means accepts only the use start operation with the input of the same local ID and password as those set.   The ID management system according to claim 1, wherein the ID issuing means issues a one-time password as the password.

Images