JP2000267996A - Information sharing system, device and method for controlling access to information and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent unauthorized access by detecting a fact that the unauthorized access is intended by a user in an information sharing system. SOLUTION: The information sharing system is constituted of an access control table 15 consisting of list information of the user whose access to the shared information in a disclosed DB 11 is required to be restricted and a threshold of access frequency, a monitoring part 16 to detect the access frequency from the user whose access is required to be restricted and to monitor whether the access from the user is made with wrong intention or not based on the access frequency and the threshold in the list information and drawing of the shared information by the unauthorized access is efficiently prevented by outputting a warning message by judging the access from a certain user as highly possible to be the unauthorized access when the access is so frequently made from the user as to reach the threshold.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

TECHNICAL FIELD The present invention relates to an information sharing system,
An access control apparatus and method for information and a recording medium are suitable for use in, for example, a system in which a plurality of users share information on a network.

[0002]

2. Description of the Related Art Generally, distribution of a certain product from production to sale includes various routes such as a raw material manufacturer, a storage company, a component manufacturer, and a consumer. For example, in logistics in the steel industry, as shown in FIG. 5, a blast furnace maker that manufactures steel sheets, a warehouse company such as a service center that stores steel sheets, a coil center that cuts steel sheets into coils, and parts are manufactured using coils. There are parts manufacturers, consumers who manufacture and sell products using various parts, and the like.

Conventionally, in such a distribution system,
Information on iron logistics was usually obtained only between companies that had direct transactions. For example, the blast furnace maker A has only information that the steel plate is stored at the service center D, and does not know what happened to the steel plate thereafter. Further, Company D has only information that it has received a steel sheet from Company A and delivered it to Company H or Company I, which is a coil center. In other words, information about inputs and outputs to a certain company was managed only by that company.

[0004] In such a system, it is difficult for a certain company alone to accurately grasp the inventory of the entire iron market, and thus inconveniences have occurred in various situations. For example, if a blast furnace maker is planning to make a production plan for next month, how much iron of a certain standard is now in the market inventory,
In other words, it is necessary to determine whether there is a surplus or a shortage, and to make an appropriate production plan accordingly.

[0005] Further, for example, when a customer intends to ship a new product with a certain delivery date, as a material necessary for manufacturing the product, a standard that already exists on the market in time for the delivery date is used as a material. In some cases, it may be necessary to examine and use iron. In the past, however, business personnel at a certain company went directly to each company, from blast furnace manufacturers to customers, to investigate market inventory, and personnel at each company listened to their business partners in turn by telephone, etc. It was necessary to perform work such as summarizing the contents that were collected at the end, which was very troublesome.

On the other hand, communication systems such as the Internet, for example, have been widely used with the recent improvements in CPU processing capacity, large-capacity and digitization of communication information in networks, and the development of information compression technology. Under such circumstances, a system has been proposed that enables information on logistics possessed by each company to be shared on the Internet for the purpose of eliminating the above-mentioned inconveniences and improving productivity and efficiency. ing. One example is a steel EC (Electronic Commerce) system.

FIG. 6 is a diagram showing a schematic configuration of the steel EC system. In addition, here, for convenience of drawing, A
Only the five companies E to E are connected to the Internet. However, when an information sharing system for logistics as shown in FIG. 5 is constructed, the companies F to P are also connected to the Internet. . Represents a search procedure.

[0008] In such a steel EC system,
It is necessary to disclose information on logistics owned by each company on the Internet. For this purpose, it is necessary for each participating company in the steel EC system to create logistics information to be disclosed regarding transactions relating to itself, and store them as databases (hereinafter, referred to as disclosure DBs) 11a to 11e.

[0009] In addition to the disclosure DBs 11a to 11e, each participating company has server machines 10a to 10e connected to the Internet. An agent server is running on each of the server machines 10a to 10e. This agent server has the disclosure DBs 11a to 11a
In addition to the process of publishing the distribution information in e on the Internet, a process for encrypting a search request between companies and communication of the search result via the Internet is performed.

On the other hand, as a user terminal, L
A plurality of client machines (such as personal computers) 1 to N connected by AN are used. Each of the client machines 1 to N is provided with a Web browser for inputting a search operation request from a user. The search operation request from the user is input via a Web browser running on the client. Passed to the agent server via the server. Each client machine 1-N
Also performs a process of displaying the final search result for the search job request on the display.

For example, when a search job request is input from a client 1 of company A (), it is given to the server 10 a of company A to generate a search agent (), and a search request is issued to the Internet. (). This search request (search agent) is given to the server of the search request destination (there may be a plurality of companies) among the other companies B to E connected to the Internet. that time,
Along with the transmission of the search request, information on the company name of the company A which is the search request source is also given.

In the servers 10b to 10e of the companies B to E,
The logistics information that matches the search conditions included in the given search request is provided by each of the disclosure DBs 11b to 11 by the search function provided therein or by the presence of the search agent sent from the search request source.
e) and returns it to the server 10a of Company A via the Internet (). The server 10a of the company A integrates the search results sent from each company () and returns them to the client 1 as a search operation result ().

[0013] By constructing such a steel EC system, it is possible to share information regarding the distribution of steel materials possessed by various companies from blast furnace manufacturers to customers. As a result, information on logistics created and managed by other companies can be easily and instantly obtained via the Internet, and, for example, the inventory status of the entire market can be easily grasped.

[0014] It should be noted that even if the information on logistics possessed by each company is disclosed on the Internet, the information itself may contain know-how of each company and important confidential matters. Making information freely available to all participating companies is not a preferred form. For example, there is a demand for not showing information to a competitor of the same blast furnace maker because of a competitive relationship, or not to show information to a company without direct business.

Moreover, such a request is not to prevent all information in the disclosure DB owned by a certain company from being shown to another company, but to show information related to a specific transaction. It is more detailed and complicated. In order to realize this, it is necessary to provide a mechanism for restricting access to each item in the database. In the conventional steel EC system, such data access restriction is performed by the method described below.

FIG. 7 is a conceptual diagram showing the configuration of a disclosure DB provided by each company in the conventional steel EC system. The disclosure DB is configured by a relational database in a table format, and one record stores distribution information on one transaction. further,
Each record is provided with a column for describing a company for which the contents of the record may be disclosed, and the contents of each record are disclosed only to the companies described in this column. Was.

For example, as shown in FIG. 7, if a company A, a company B, and a company D are described in an access permission company column of a certain record, the logistics information in the record is A, B,
Only the search request from Company D is sent to the request source via the Internet. In other words, the server of each company extracts only the records in which the search request source company name is described in the access permitted company column from the records matching the search condition from the disclosure DB connected thereto. By performing the process of returning to the request source, access restriction to the database in units of records has been realized.

[0018]

However, even if various information sharing systems such as a conventional steel EC system are provided with a mechanism for restricting access to a database to a predetermined company as described above. In some cases, a company that is originally denied access tries to access the database several times, for example, to find out the know-how of other companies in the same industry. As a result, there is a problem that the access restriction is broken and information in the database may be illegally extracted.

The present invention has been made in order to solve such a problem, and in a system for sharing information among a plurality of users, a system in which a user in the system tries to gain unauthorized access. An object of the present invention is to make it possible to detect an unauthorized access by effectively detecting it.

[0020]

An information sharing system according to the present invention is a system for sharing information stored in a first storage means by a plurality of users existing on a network. Second storage means for storing list information comprising a user who should restrict access to shared information and a threshold value of the number of times of access, and sharing in the first storage means from the user whose access should be restricted. Monitoring means for detecting the number of times of access to the information and monitoring whether or not the access from the user is an unauthorized intentional one based on the number of times of access and the threshold value in the list information; It is characterized by having.

Here, the first storage means may be a database storage means provided for each of a plurality of users existing on the network. Further, the second storage means and the monitoring means may be provided in a server owned by the plurality of users connected to a network, respectively, or may be connected to a network separately from the plurality of users. The server may be provided in a server.

Another aspect of the present invention is characterized in that a list creating means for creating list information to be stored in the second storage means is provided. Here, the list creation means can set a different threshold value for each user whose access is to be restricted.

In another aspect of the present invention, the monitoring means determines that the number of accesses to the shared information in the first storage means from the user whose access is to be restricted has reached a threshold value in the list information. In this case, a warning message is output. In addition, there is provided an access unit for accessing the shared information in the first storage unit in accordance with the given search request, and the monitoring unit is configured to access the shared information in the first storage unit from a user whose access is to be restricted. If the number of times of access has reached the threshold value in the list information, a warning message may be output without supplying the search request to the access means. On the other hand, if the number of accesses to the shared information in the first storage unit from the user whose access is to be restricted has not reached the threshold value in the list information, the search request is supplied to the access unit. You may do it.

According to another aspect of the present invention, there is provided an access control apparatus for restricting access to information in a first storage unit accessible to a plurality of users. Second storage means for storing list information comprising a user to be restricted in access to information and a threshold value of the number of times of access; and a user from the user to be restricted in access to shared information in the first storage means. Monitoring means for detecting the number of accesses and monitoring whether or not the access from the user is an unauthorized access based on the number of accesses and the threshold value in the list information; It is characterized by.

According to another aspect of the present invention, there is provided a list creating means for creating list information to be stored in the second storage means. For example, a different threshold value can be set for each user whose access is to be restricted. It is characterized by being. Also,
In another aspect of the present invention, the monitoring unit is configured to issue a warning when the number of accesses to the shared information in the first storage unit from the user whose access is to be restricted reaches a threshold value in the list information. It is characterized by outputting a message.

The access control method for information according to the present invention is the access control method for restricting access to information in the first storage means accessible to a plurality of users. Creating and storing list information including a user whose access to information is to be restricted and a threshold value of the number of accesses; and accessing the shared information in the first storage means from the user whose access is to be restricted. Detecting the number of times, based on the number of times of access and the threshold value in the list information, monitoring whether the access from the user is an access with an unauthorized intention. I do.

In another aspect of the present invention, in the monitoring step, the number of accesses to the shared information in the first storage means from the user whose access is to be restricted has reached a threshold value in the list information. If it is determined that a warning message is output, a warning message is output.

Further, the computer-readable recording medium of the present invention stores a list information comprising a user who should restrict access to the shared information in the first storage means and a threshold value of the number of accesses. The storage means detects the number of accesses to the shared information in the first storage means from the user to whom the access is to be restricted, and, based on the number of accesses and the threshold value in the list information, A program for causing a computer to function as monitoring means for monitoring whether or not the access is an unauthorized access.

According to another aspect of the present invention, there is provided a procedure for creating and storing list information including a user to be restricted from accessing the shared information in the first storage means and a threshold value of the number of accesses, The number of accesses to the shared information in the first storage means from the user whose access is to be restricted, and based on the number of accesses and the threshold value in the list information, the intention of the user to make an illegal A step of monitoring whether or not the access has a password, and a step of determining whether the number of accesses to the shared information in the first storage means from the user whose access is to be restricted reaches a threshold value in the list information. A program for causing a computer to execute a procedure for outputting a warning message is recorded.

[0030]

(First Embodiment) A first embodiment of the present invention will be described below with reference to the drawings. FIG.
FIG. 2 is a functional block diagram showing elemental features of an information access control device according to the present invention. The access control device shown in FIG. 1 can be applied to an information sharing system. The information sharing system can be applied in any field as long as it is a system for sharing predetermined information between a plurality of users on a network, and a steel EC system will be described below as one example. Will be described.

In the first embodiment, the overall configuration of the steel EC system and the internal configuration of the disclosure DB used therein are as follows:
It may be the same as that shown in FIG. 6 and FIG. However, the access control device for information provided in the server machines 10a to 10e of each company has each functional configuration as shown in FIG. 1 and is different from the conventional device in this point.

In FIG. 1, the disclosure DB 11 organizes and stores information on logistics created by each company at the time of a transaction or the like, and each disclosure DB 11a to 1 shown in FIG.
1e. As shown in FIG. 7, the disclosure DB 11 is configured by a relational database in a table format, and one record stores logistics information on one transaction. Further, each record in the disclosure DB 11 is provided with an access permitted company column for describing a company that may disclose the contents of the record.

The disclosure DB 11 is created by a business person in charge of each company by inputting logistics information relating to transactions, the name of a company to which access is permitted, and the like to the DB creation unit 13. The DB creator 13 includes, for example, input devices such as a keyboard and a mouse, and a display device for displaying a data input screen and the like. Here, an example has been shown in which the disclosure DB 11 is created by directly operating the terminal of the server. However, the business clerk inputs necessary information from a client machine to be used and creates it in the server via an in-house LAN. You may make it give to the part 13.

The search unit 12 searches the disclosure DB 11 for a match with the search condition in accordance with the input search request and outputs it. This search request is issued from a client machine of another company and sent from a server of the other company via the Internet. At the time of the search, the information of the company name of the search request source that satisfies the search conditions and is sent together with the search request is disclosed in the disclosure DB 11.
And picks up only the records described in the access permission company column in the list and outputs them as search results. The search unit 12 can be configured as a software module (agent) that can determine and execute what to process by itself.

Further, the table creating unit 14 stores the access control table 15, ie, the disclosure DB 1 provided by each company.
1 and a threshold value of the number of times the partner company has not accessed the logistics information within a predetermined period of time and regards it as an unauthorized access. This creates a list consisting of The table creation unit 14 also includes an input device such as a keyboard and a mouse, and a display device that displays a data input screen and the like.

FIG. 2 is a conceptual diagram showing a configuration example of the access control table 15. The access control table 15 shown in FIG. 2 shows an example of the table contents of the company A shown in FIG. 5, for example. As shown in FIG. 2, the access control table 15 includes the names of companies that do not want to disclose their logistics information, such as competitors participating in the steel EC system, and that the access from the companies has an unauthorized intention. It is composed of a combination of a threshold value which is a reference when it is regarded as an access, and a value of the current access count counted by a counter 16a in the monitoring unit 16 described later.

For example, in the top row, if Company B, a competitor of Company A, is the access request source, if it has accessed 10 times within a predetermined period, it is an access with an unauthorized intention. It is assumed that it is regarded as. further,
It also shows that Company B has now accessed Company A three times. Further, the second line from the top indicates that, when Company C is the access request source, if it is accessed even once within a predetermined period, it is regarded as an access with an improper intention.

The monitoring unit 16 includes a counter 16a and a determination unit 16b therein. The monitoring target company described in the list of the access control table 15 (described in the access source company name column in FIG. 2). Monitor the number of accesses made within a given period of time by the company). Then, when the access is performed the number of times (the number of times described in the threshold value column of FIG. 2) determined for each company, a process such as outputting a predetermined warning is performed.

That is, every time a search request is given via the Internet from a company included in the list to be monitored (the company name information of the search request source is also given at that time), the counter 16a counts the number of the search request source. The number of times of access from the company is counted up one by one. This count value is given to the access control table 15 and stored in the access count value column shown in FIG. This count value is reset to “0” when a predetermined period has elapsed since the start of the count operation.

The determination unit 16b compares the current access count stored in the access count value column of FIG. 2 with the access count threshold value described in the threshold value column. It is determined whether or not the number of times of access has reached a predetermined threshold. If the present access count counted by the counter 16a is configured to be directly supplied to the determination unit 16b, it is not always necessary to provide a column of the current access count value in the access control table 15; The determination is made by comparing the current access count given from 16a with the threshold value in the access control table 15.

As a result of the determination by the determination unit 16b, if the current number of accesses has not reached the threshold value, a search request given via the Internet is output to the search unit 12. The search unit 12 executes the above-described search processing according to the given search request, and outputs the search result. That is, the search condition is satisfied and the disclosure DB 11
Only records that are permitted to be accessed by the search requesting company according to the description of the access permitted company column are picked up and output. At this time, if the company name in the monitoring target list is not described in the access permitted company column of the specific record, as long as the access restriction is not broken, even if the search processing is performed, the specific record is not monitored. Will not be disclosed.

On the other hand, when the current number of accesses reaches a predetermined threshold, the monitoring unit 16 performs processing such as outputting a predetermined warning message. This warning message may be sent to the client machine used by the data manager of the company that monitors as described above (the company that has accessed it) via the in-house LAN, The search request may be sent directly to the partner company via the Internet. The content of the message can be freely determined depending on the application.

When outputting the warning message in this manner, the access to the disclosure DB 11 may be denied by not outputting the search request given from the outside to the search unit 12. Note that the search unit 12, DB creation unit 13, table creation unit 1 shown in FIG.
4. The access control table 15 and the monitoring unit 16 are, for example, server machines 10a to 10e of each company shown in FIG.
Each is provided within.

FIG. 3 is a flowchart showing an example of the flow of the monitoring processing of the number of accesses performed by the monitoring unit 16. In FIG. 3, in the server that has received the search request via the Internet, the monitoring unit 16 acquires the information of the company name of the search request source sent together with the search request (step S1). The monitoring unit 16 determines whether the acquired search requesting company is included in the monitoring target list of the access control table 15 as illustrated in FIG. 2 (step S2).

If the search requesting company is included in the monitoring target list, the value of the access counter 16a corresponding to the access source is incremented by one (step S3), and the count value obtained by that is incremented by one. Judging unit 1 for judging whether or not the threshold value of the number of accesses corresponding to the access source has been reached
The determination is made in step 6b (step S4).

Here, if the current access count has reached the threshold value, a predetermined warning message is output (step S5). If not, the given search request is output to the search unit 12 (step S5). Step S6). In this example, when a warning message is output, a search request given from the outside is not output to the search unit 12, and access to the disclosure DB 11 is denied.

Thereafter, it is determined whether a predetermined time has elapsed from the starting point of the count operation of the counter 16a (step S7). If not, the process returns to step S1 without changing the value of the counter 16a. Waits for a search request. On the other hand, if the predetermined period has elapsed, the value of the counter 16a is reset to "0" (step S8), and the process returns to step S1 to wait for the next search request.

As described above, according to the present embodiment, when it is detected that a company whose access to the record in the disclosure DB 11 has been rejected has been accessed many times within a certain period of time, , A warning message may be output indicating that the access is likely to be an unauthorized access. This allows the administrator or the like who has received the warning message to take appropriate measures for the accessing company, thereby effectively preventing the distribution information from being extracted due to unauthorized access.

In the present embodiment, monitoring can be ranked by setting different threshold values for each access source company to be monitored, and the degree of access restriction can be adjusted according to the rank. You can make a difference. In this case, by setting the threshold value to “1” as in the case of the company C in FIG. 2, a warning can be immediately issued when access is performed even once. At this time, if you do not output the search request,
Regarding an access request from Company C to Company A, access to Company A's disclosure DB 11 itself can be prohibited.

(Second Embodiment) Next, a second embodiment of the present invention will be described. FIG. 4 is a diagram showing a schematic configuration of a steel EC system according to the second embodiment.
In FIG. 4, the same blocks as those shown in FIG. 6 are denoted by the same reference numerals. In the steel EC system shown in FIG. 4, server machines 20a to 20
In addition to e, an authentication server 30 that does not belong to any company is provided and connected to the Internet.

The server machines 20a to 20e of each company are:
Only the search unit 12 and the DB creation unit 13 are provided among the functional configuration blocks shown in FIG. The authentication server 30 includes the table creation unit 14, the access control table 33 instead of the access control table 15, and the monitoring unit 16. In this case, the access control table 33 provided in the authentication server 30 includes a list of access source companies to be monitored and threshold values sent from the server machines 20a to 20e of each company to the table creation unit 14 via the Internet. And so on.

That is, the creation of the access control table 33 is performed by the business person in charge of each company by the disclosure DB 11.
Apart from the creation of a to 11e, this is performed by giving the list of monitoring targets at any time to the table creation unit 14 via the Internet. The table creation unit 14 interprets what list has been sent from which company and constructs the access control table 33. The access control table 33 created in the present embodiment is similar to the access control table 33 shown in FIG.
Is further provided with a column for the name of an access destination company in the access control table 15 shown in FIG.

In the example shown in FIG. 4, the authentication server 30
The monitoring unit 16 provided in the server acquires the company name of the search request source and the company name of the search request destination sent together with the search request, and the access threshold corresponding to the combination indicates that the current access count is Enforce access restrictions by monitoring whether they have been reached.

The operation at the time of searching in the steel EC system shown in FIG. 4 will be described below. For example, when a search job request is input from a certain client 1 in company A (), it is given to the server machine 20 a of company A to generate a search agent (), and a search request is issued to the Internet (). ). In this search request, the company name of the company A that is the search request source and the company name of the search request destination (there may be a plurality of companies) among the other companies B to E connected to the Internet are given. I have. This search request (search agent) is first given to the authentication server 30 ().

In the authentication server 30, the monitoring unit 16 provided therein refers to the access control table 33 so that the current access from the search request source company A to the search request destination company is included in the monitoring target list. It is checked whether the access has been made, and if so, it is checked how many times the current access is within a predetermined period. Further, it is determined whether or not the current access count has reached a predetermined threshold value for the combination of the search request source and the request destination.

If the current access count has reached the threshold value, the search request given by the company A is not sent from the authentication server 30 to the search request destination company.
A warning message is output to the Internet () and returned directly to the search requesting company A's server 20 a (). Note that the warning message in this case is, for example, a fixed phrase prepared in advance in the authentication server 30,
For example, it is composed of a recommendation sentence for calling attention because there is a possibility of unauthorized access.

On the other hand, if the current number of accesses has not reached the threshold value, the search request given by the company A is sent to the search request destination company via the Internet (). The server 20b of the company B to the company E as the search request destination
20e to 20e, the logistics information matching the conditions of the given search request is stored in the search unit 12 provided therein or by the presence of the search agent sent from the search requesting company A. Disclosure DB11
It is taken out from b-11e and returned to the server 20a of company A via the Internet ().

When a search request is issued from a search requesting company A to a plurality of companies, a plurality of search results are returned in response to the search requests.
0a integrates search results sent from the server of each search request destination company via the Internet (),
It is returned to the client machine 1 as a search operation result ().

As described above, according to the second embodiment,
When a company whose access is restricted accesses the disclosure DB of a certain company many times, the authentication server 30 independent of each company sends a warning message directly to the accessing company. It is possible to reduce the task of responding to unauthorized access at the previous company. In addition, since a warning message in a fixed form is automatically sent from the authentication server 30 independent of each company, it is assumed that the warning message is sent even though frequent access is not an unauthorized one. Also, there is no corner between the search request source and the request destination company.

In the first and second embodiments described above,
Although the case where the functional configuration shown in FIG. 1 is applied to a steel EC system as shown in FIG. 6 or FIG. 4 has been described as an example,
The information sharing system to be applied is not limited to this. Further, it is not always necessary to apply the functional configuration of FIG. 1 to an information sharing system on a network, and it is also possible to apply the functional configuration of FIG. is there.

For example, the steel EC system is disclosed in Disclosure D
An information sharing system which restricts access on a record-by-record basis according to the description of the access permitted company column in B, but does not necessarily need to be performed on a record-by-record basis; It is also possible to apply to. Furthermore, by applying the present invention to a system in which no access restriction is originally provided, it is possible to newly implement access restriction.

In the above embodiment, the Internet is used as an example of a network. However, the present invention is not limited to this, and is applicable to all types of networks such as an intranet within a company and an extranet only between specific companies. It is possible to

Further, instead of having the disclosure DB 11 dispersedly by each company, for example, the authentication server 30 shown in FIG. 4 or the like is used to manage the disclosure DB 11 collectively in a database server separate from each company. May be. Also,
In the above embodiment, a search is described as an example of access to the disclosure DB 11, but the mode of access is not limited to this.

Further, in the access control table 15 shown in FIG. 2, the threshold value is specified one by one for each company, but the access restriction can be controlled not only on a company basis but also on a group basis. The access control table 15 may be configured. For example, the threshold information may be defined in units of a group company including a parent company, a subsidiary company, an affiliated company, a same company, and the like.

In the first and second embodiments, the monitoring is performed simply based on which company is accessing the data. However, the access request source does not access the data under any search condition. The monitoring may be performed more finely including whether the monitoring is performed. In this case, in the access control table, various or the same thresholds are set as thresholds for one access requesting company in accordance with different search conditions. In this way, monitoring for unauthorized access can be realized not on a database basis but on a record basis.

In the first and second embodiments, even when the access request source is included in the monitoring target list, if the current access count is less than the threshold value, a search request is given to search. The processing is executed, and in the search processing, the access is restricted on a record basis according to the description contents of the access permitted company column in the disclosure DB 11. On the other hand, if the access request source is in the monitoring target list, the disclosure DB 11
Alternatively, a warning message may be output according to the current number of accesses.

In the first and second embodiments, a predetermined warning message is output as a response when the current number of accesses reaches the threshold value. It is not limited. In the second embodiment, the value of the counter 16a is reset at predetermined intervals to output a warning message according to how many times access has been made within a certain period. Instead of resetting the value of 16a, a warning message may be output according to the total number of accesses.

The access control apparatus for information according to the present embodiment described above is constituted by a CPU of a computer, an MPU, a RAM, a ROM, or the like, and a program stored in the RAM or the ROM operates. Can be realized by Therefore, the present invention can be realized by recording a program that causes a computer to perform the above function on a recording medium such as a CD-ROM, and reading the program into the computer.
As a recording medium, in addition to a CD-ROM, a floppy (registered trademark) disk, a hard disk, a magnetic tape,
A magneto-optical disk, a nonvolatile memory card, or the like can be used.

The functions of the above-described embodiments are realized when the computer executes the supplied program, and the program is executed by an OS (operating system) or other application software running on the computer. When the functions of the above-described embodiment are realized in cooperation with the computer, or when all or a part of the processing of the supplied program is performed by a function expansion board or a function expansion unit of a computer, the functions of the above-described embodiment are realized. Such a program is also included in the embodiment of the present invention.

[0070]

According to the present invention, as described above, list information including a user who should restrict access to shared information and a threshold value of the number of times of access is created and stored. Then, the number of accesses to the shared information from the user whose access is to be restricted is detected, and whether or not the access has an unauthorized intention is monitored based on the number of accesses and the threshold value in the list information. Therefore, when it is detected that the user who has been denied access to the shared information has been repeatedly accessed, it is determined that the access is likely to be an unauthorized access, and a warning message is output, for example. You can do so. This allows
When the administrator or the like who receives the warning message takes appropriate measures for the user of the access source, it is possible to effectively prevent extraction of the shared information due to unauthorized access.

According to another feature of the present invention, when creating list information to be stored in the second storage means, a different threshold value can be set for each user whose access is to be restricted. , The monitoring is ranked for each user to be monitored, and the degree of access restriction can be made different depending on the rank.

[Brief description of the drawings]

FIG. 1 is a functional block diagram showing elemental features of an information access control apparatus according to the present invention.

FIG. 2 is a conceptual diagram illustrating a configuration example of an access control table according to the embodiment.

FIG. 3 is a flowchart illustrating an example of a flow of a monitoring process of the number of accesses performed by a monitoring unit according to the embodiment.

FIG. 4 is a diagram showing an overall configuration of a steel EC system according to a second embodiment in which the functional configuration shown in FIG. 1 is implemented.

FIG. 5 is a diagram showing an example of physical distribution in the steel industry.

FIG. 6 is a diagram showing an overall configuration of a steel EC system according to the first embodiment in which the functional configuration shown in FIG. 1 is implemented.

FIG. 7 is a conceptual diagram showing a configuration example of a disclosure DB provided by each company in the steel EC system.

[Explanation of symbols]

 10a-10e Server machine 11 Disclosure DB 11a-11e Disclosure DB 12 Search unit 13 DB creation unit 14 Table creation unit 15 Access control table 16 Monitoring unit 16a Counter 16b Judging unit 20a-20e Server machine 30 Authentication server 33 Access control table

Claims (23)

[Claims] 1. A system for allowing a plurality of users existing on a network to share information stored in a first storage means, wherein a user who should restrict access to shared information in the first storage means is provided. Second storage means for storing list information comprising a threshold value of the number of accesses; detecting the number of accesses to the shared information in the first storage means from the user whose access is to be restricted; An information sharing system, comprising: a monitoring unit that monitors whether an access from a user is an unauthorized access based on a threshold value in the list information. 2. The information sharing system according to claim 1, wherein the first storage unit is a database storage unit provided for each of a plurality of users existing on the network. 3. The information sharing system according to claim 1, wherein said second storage means and said monitoring means are respectively provided in servers of said plurality of users connected on a network. . 4. The information sharing system according to claim 1, wherein said second storage means and said monitoring means are provided in a server connected to a network separately from said plurality of users. . 5. The information sharing system according to claim 1, further comprising a list creation unit for creating list information to be stored in said second storage unit. 6. The information sharing system according to claim 5, wherein said list creating means can set a different threshold value for each user whose access is to be restricted. 7. The monitoring means outputs a warning message when the number of accesses to the shared information in the first storage means from a user whose access is to be restricted reaches a threshold value in the list information. 2. The method according to claim 1, wherein
An information sharing system according to any one of claims 1 to 6. 8. An access means for accessing shared information in the first storage means in accordance with a given search request, wherein the monitoring means receives a request from a user to restrict the access in the first storage means. 7. The method according to claim 1, wherein when the number of accesses to the shared information reaches a threshold value in the list information, a warning message is output without supplying the search request to the access unit. The information sharing system according to claim 1. 9. The search means, wherein the number of accesses to the shared information in the first storage means from a user whose access is to be restricted has not reached the threshold value in the list information. The information sharing system according to claim 8, wherein a request is supplied to the access unit. 10. An access control apparatus for restricting access to information in a first storage means accessible to a plurality of users, wherein a user to be restricted from accessing the shared information in the first storage means and an access A second storage unit for storing list information comprising a threshold value of the number of times, a number of accesses to the shared information in the first storage unit from the user whose access is to be restricted, and An access control apparatus for information, comprising: monitoring means for monitoring whether or not an access from a user is an unauthorized access based on a threshold value in the list information. 11. The information access control device according to claim 10, further comprising a list creation unit that creates list information to be stored in the second storage unit. 12. The information access control apparatus according to claim 11, wherein said list creation means can set a different threshold value for each user whose access is to be restricted. 13. The monitoring means outputs a warning message when the number of accesses to the shared information in the first storage means from a user whose access should be restricted reaches a threshold value in the list information. The access control apparatus for information according to any one of claims 10 to 12, wherein: 14. The method according to claim 1, further comprising:
Access means for accessing the shared information in the storage means, wherein the monitoring means determines whether or not the number of times of access to the shared information in the first storage means by a user whose access is to be restricted is a threshold in the list information. 14. The apparatus according to claim 10, wherein when the value reaches the value, a warning message is output without supplying the search request to the access unit.
An access control device for the information described in the section. 15. The search means, if the number of accesses to the shared information in the first storage means from a user whose access is to be restricted has not reached the threshold value in the list information, 15. The apparatus according to claim 14, wherein a request is supplied to the access unit. 16. An access control method for restricting access to information in a first storage means accessible to a plurality of users, wherein a user to be restricted from accessing the shared information in the first storage means and an access. Creating and storing list information comprising a threshold value of the number of times; detecting the number of times of access to the shared information in the first storage means from the user whose access is to be restricted; Monitoring whether the access from the user is an unauthorized access based on a threshold value in the list information. 17. In the monitoring step, when it is determined that the number of accesses to the shared information in the first storage unit from the user whose access is to be restricted has reached a threshold value in the list information, 17. The method according to claim 16, wherein a warning message is output. 18. The method according to claim 1, further comprising:
The method further comprises the step of accessing the shared information in the storage means after the monitoring step. In the monitoring step, the number of accesses to the shared information in the first storage means from the user whose access is to be restricted is reduced by the number of times. 18. A warning message is output when the threshold value in the list information is reached, without supplying the search request to the access unit.
Access control method for the information described in. 19. In the monitoring step, if the number of accesses to the shared information in the first storage means from the user whose access is to be restricted has not reached the threshold value in the list information, the search is performed. The method according to claim 18, wherein a request is supplied to the access means. 20. A second storage means for storing list information comprising a user who should restrict access to the shared information in the first storage means and a threshold value of the number of times of access, and a user who should restrict the access. From the number of accesses to the shared information in the first storage means, and based on the number of accesses and the threshold value in the list information, the access from the user is an unauthorized access. A computer-readable recording medium on which a program for causing a computer to function as monitoring means for monitoring whether or not there is a computer is recorded. 21. A computer according to claim 20, wherein a program for causing a computer to further function as a list creating means for creating list information to be stored in said second storage means is recorded. A readable recording medium. 22. A function as a means for outputting a warning message when the number of accesses to the shared information in the first storage means from a user whose access is to be restricted reaches a threshold value in the list information. 22. The computer-readable recording medium according to claim 20, wherein a program for causing a computer to further realize the above is recorded. 23. A procedure for creating and storing list information including a user who should restrict access to the shared information in the first storage means and a threshold value of the number of times of access; The number of accesses to the shared information in the first storage unit is detected, and the access from the user is an unauthorized access based on the number of accesses and the threshold value in the list information. And a step of outputting a warning message when the number of accesses to the shared information in the first storage means from the user whose access is to be restricted reaches a threshold value in the list information. And a computer-readable recording medium having recorded thereon a program for causing a computer to execute the following.