JP2001318895A - Database security managing method and its program recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enhance security at the time of distributing a database through a network, and to effectively prevent the database from being unauthorizedly distributed or used by checking not only the validity of the destination of distribution to which a request for distribution is issued but also the validity of the request issued within a designated time or from a designated place designated at the destination of distribution at the time of distributing the database through a network. SOLUTION: A server device 1 checks whether or not the destination of distribution to which a request for distribution is issued is the preliminarily decided normal destination of distribution, and checks whether or not the request is issued within a designated time zone or from a designated place which is preliminarily designated at the destination of distribution side. When the request is issued to the legal destination of distribution, and the request is issued within the legal time zone or from the legal place, the data base is distributed to terminal equipment 2 at the destination of distribution.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a security management method for a database distributed via a network and a program recording medium for the method.

[0002]

2. Description of the Related Art Conventionally, when an application software is installed in a computer via a portable storage medium (for example, a compact disk or a floppy (registered trademark) disk), a product number unique to the software is input. When obtaining application software from a server via a network, the user inputs his / her ID and password. In this case, the product number or I
Anyone can access the application software from any terminal as long as they know D and password,
Illegal copy duplication becomes possible. This is the same even when accessing a database that contains a lot of personal information and confidential information, and there is a risk that the database may be illegally leaked or used illegally.

[0003]

Therefore, the present applicant has
The application software and database used in the mobile terminal are stored in a storage medium, and the storage medium is checked to see if it is a legitimate mobile terminal. If the terminal is a legitimate mobile terminal, access to the storage medium is performed. Security management technology (Japanese Patent Application No. 11-121)
200) was proposed earlier. As a result, unauthorized copy duplication can be effectively prevented, and this is extremely effective for security management of application software and databases. By the way, when distributing a database, the database often contains a lot of personal information and confidential information, so it is necessary to be careful when handling the distribution, especially when distributing the database via a network Therefore, security management is an important issue so as not to distribute to unauthorized distribution destinations.

An object of the first invention is to distribute a database via a network, not only to check the validity of a distribution destination that has requested distribution, but also to specify a designated time zone or a designated time period specified in advance at the distribution destination. Checking the legitimacy of a request from a location enhances security when distributing a database over a network, and effectively prevents unauthorized disclosure and use of the database throughout the system. . A second object of the present invention is to make it possible to determine whether or not to access a database distributed to a terminal device under the supervision of a center, thereby making it possible for an unauthorized user to access the terminal in the entire system. Is to prevent it.

[0005] The means of the present invention are as follows. According to a first aspect of the present invention, there is provided a server for distributing a database. When distributing the database via a network, the server to which the distribution is requested is determined to be an authorized server. In addition to checking whether the request is a distribution destination and whether it is a request within a specified time slot specified in advance or a request from a specified location, the request is a valid distribution destination and The database is distributed to the distribution destination on condition that the request is within a designated time zone or a request from a designated location. Another object of the present invention is to provide a recording medium in which a program code for causing a computer to execute each of the above-described functions is recorded.
When distributing the database, the distributed database may be collected, the validity of the collected database may be checked, and the database may be distributed on condition that the database is valid. Therefore, according to the first aspect of the present invention, when distributing a database via a network, not only is the validity of the distribution destination requested to be distributed checked, but also a designated time zone or designated By checking the legitimacy of the request from the place, the security at the time of distributing the database via the network can be enhanced, and illegal outflow and unauthorized use of the database can be effectively prevented in the entire system.

[0006] The invention of claim 3 (second invention)
A terminal device for accessing a database distributed from a server via a network, wherein at the time of access to the database, an access notification is sent to the server indicating that access has been made, and the distribution is performed in response to an acknowledgment from the server. Access to the distributed database is permitted, and access to the distributed database is prohibited by a negative response from the server. Another object of the present invention is to provide a recording medium in which a program code for causing a computer to execute each of the above-described functions is recorded.
Note that, in the case of a negative response from the server, the distributed database may be destroyed. In this case, the server that distributes the database to the terminal device, when determining whether the database can be accessed for the terminal device based on the access notification, determines a use time period of the database that is specified in advance. The access may be determined depending on whether or not the current time belongs to the use time zone, and the affirmative response or the negative response may be transmitted according to the determination. Further, the server may totalize the access status of each terminal device based on a database access notification from the terminal device. Therefore, according to the third aspect of the present invention, when accessing the database distributed to the terminal device side, it is possible to determine whether or not the access is possible under the monitoring of the center side, and the access by the unauthorized user at the terminal is performed by the system. It can be effectively prevented as a whole.

[0007]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to FIGS. FIG. 1 is a block diagram showing the overall configuration of the database security management system in this embodiment. This database security management system constitutes a network system for wide area communication in which a server device 1 on the center side and a plurality of terminal devices 2 are connected via a network. When a database distribution request is issued from a terminal, In response to the request, the server device 1 distributes a database to the terminal device 2 that made the request, and stores and manages the distribution status of the database. The server 1 collects the distributed database from the distribution destination.

The server 1 has a database (D
B) A distribution table 3, a DB file group 4, and a collection file 5 are provided. When any database in the DB file group 4 is distributed to the terminal device 2, which database is distributed to which distribution destination. The distribution status in which the information is associated is written in the DB distribution table 3, and the distributed database is collected from the distribution destination and stored in the collection file 5. At that time, the server device 1
To determine the validity of its collection database,
The authenticity and falsification are checked, and the latest database is distributed to the terminal device 2 on condition that the collection database is legitimate.

The DB distribution table 3 stores and manages the above-mentioned distribution status and the like. The server apparatus 1 distributes a “user name”, a “terminal ID” and a “terminal ID” as shown in FIG. , “DB number”, “distribution time zone”,
One record of data including items of “distribution place”, “use time zone”, “use place”, and “use count” is generated and written in the DB distribution table 3. "User Name"
The “terminal ID” is identification information unique to the terminal, and the “DB number” is the name of a database distributed to the user. “Distribution time zone” and “distribution place” are arbitrarily specified in advance by the terminal user side, and indicate a time zone in which the user is extremely likely to be at the terminal installation location and the installation location, and indicate the designated time. If it is a band / place, the database can be distributed when the user is present, and as a security measure when distributing the database, “distribution time zone”, “distribution” in the DB distribution table 3 according to the user's designation The location is set and registered.

The “use time zone” and “use place” are arbitrarily specified in advance by the terminal user side, and indicate the use time zone and use place when the distributed database is accessed and used on the terminal device 2 side. Is shown. In this embodiment, in order to restrict access to the database to a predetermined time zone and place without permitting unlimited use at any time and anywhere, “use time zone” is stored in the DB distribution table 3 according to the user's designation. ”And“ Use place ”are set and registered. The “number of times of use” is the number of times of access for each database that is counted up each time the user accesses the database, and the user use status is totalized and managed for each database. This “number of uses” is used, for example, to freely display a list or to monitor whether the value has exceeded a certain value, but how to use it is arbitrary.

FIG. 3 is a block diagram showing the overall configuration of the server device 1 and the terminal device 2. Note that the server device 1,
Since the terminal device 2 basically includes the same components,
Hereinafter, only the server device 1 will be described, and the description of the configuration of the terminal device 2 will be omitted.
The CPU 11 is a central processing unit that controls the overall operation of the server device 1 according to an operating system and various application software in the storage device 12. The storage device 12 stores a database, character fonts, and the like in addition to an operating system and various application software, and has a recording medium 13 composed of a magnetic, optical, semiconductor memory, or the like, and a drive system therefor. The recording medium 13 is a fixed medium such as a hard disk or a portable medium such as a CD-ROM, a floppy desk, a RAM card, and a magnetic card which can be detachably mounted. The programs and data in the recording medium 13 are stored in a RAM under the control of the CPU 1 as necessary.
(Eg, static RAM) 14,
The data in the RAM 14 is saved on the recording medium 13.
Further, the recording medium may be provided on an external device such as a server, and the CPU 11 can directly access and use the program / data in the recording medium via a transmission medium.

The CPU 11 can also take in some or all of the data stored in the recording medium 13 from another device via a transmission medium, and newly register or additionally register the data in the recording medium 13. That is, the transmission control unit 15 receives programs / data transmitted from other devices constituting the computer communication system via a wired transmission line such as a communication line or a cable or a wireless transmission line such as radio waves, microwaves or infrared rays. Then, it can be installed in the recording medium 13. In addition, program /
The data may be stored and managed on the external device side such as a server, and the CPU 11 can directly access and use the program / data on the external device side via a transmission medium. On the other hand, the CPU 11 has its input / output peripheral devices such as a transmission control unit 15, an input unit 16, and a display unit 1.
7 are connected via a bus line, and the CPU 11 controls their operations according to an input / output program. The transmission control unit 15 is, for example, a communication interface including a communication modem, an infrared module, an antenna, and the like. The input unit 6 is an operation unit that constitutes a pointing device such as a keyboard, a touch panel, a mouse, or a touch input pen, and inputs character string data and various commands.

Next, the operation of the server device 1 and the terminal device 2 in this embodiment will be described with reference to the flowcharts shown in FIGS. Here, programs for realizing the functions described in these flowcharts are stored in the form of readable program codes on the recording medium 13, and the CPU 11 sequentially executes operations according to the program codes. I do. CPU1
1 can also sequentially execute the operation according to the above-mentioned program code transmitted via the transmission medium.
That is, an operation unique to this embodiment can be executed using a program / data externally supplied via a transmission medium in addition to a recording medium.

FIG. 4 is a flowchart showing the operation of the server device 1 when distributing a database. The operation is started when a database distribution request is received from the terminal device 2. In this case, the terminal device 2 transmits a distribution request signal together with a terminal ID which is identification information unique to itself. In the DB distribution table 3, “user name”, “terminal ID”, and “DB number” are set and registered, and any “distribution time zone”, “distribution place”, “use” It is assumed that “time zone” and “use place” are set and registered. First, when receiving the "terminal ID" from the request source (step A1), the server device 1 searches the DB distribution table 3 based on the "terminal ID" (step A2) and checks whether the ID exists. (Step A3).

As a result, if the ID is not set and registered, an NG response (negative response) is made (step A1).
6) If it is a request from a legitimate terminal whose ID is set and registered (step A3), it is determined whether a “distribution time zone” corresponding to the ID is set and registered in the DB distribution table 3 (step A3). Step A4). Here, if "distribution time zone" is not registered, the process proceeds to step A6.
If "distribution time zone" is registered, a registration time zone check process is performed (step A5). That is, the current system time is compared with the registration time zone to determine whether the current time belongs to the “distribution time zone”. A response is made, and if it is within the registration time zone, the process proceeds to step A6.

The above-mentioned step A6 determines whether the "distribution place" corresponding to the ID is registered in the DB distribution table 3. If the "distribution place" is registered, the requesting terminal is determined. Is checked, and a requested location check is performed to compare the location transmitted in response thereto with the registered location (step A7). As a result, if the location is not a registered location (step A7)
8) The process proceeds to step A16, where an NG response is made. Now
When the distribution request from the user is a request within the registration time zone or a request from the registration place, the database distribution processing is performed under certain conditions (steps A9 to A1).
5).

That is, as a condition for starting the database distribution process, the server device 1 issues a database collection request to the requesting terminal device 2 (step A9).
In response to this, it is determined whether the database has been transmitted from the terminal device (step A10). As a result, if the database has not been transmitted, an NG response is made (step A16). If the database has been transmitted, the database is received and stored in the collection file 5 (step A11). Then, the validity of the collection database is checked (step A12). That is, the collection database is checked for authenticity and tampering, and provided that the collection database is valid (step A).
13), the latest database corresponding to the “DB number” is read (step A14) and distributed to the terminal device 2 (step A15). If the collection database is not valid, an NG response is made (step A16). . In addition,
When the NG response is transmitted in step A16, the NG flag corresponding to the database is set on the terminal device 2 side to indicate that the database was not normally distributed.

FIG. 5 is a flowchart showing the operation of the terminal device 2 at the time of accessing the database. The operation is started each time a user makes an access request. First,
The terminal device 2 stores and manages various databases distributed from the center (server device 1) side. When an access to any one of the databases is requested, the terminal device 2 determines that the database has been accessed. Notification of the DB access and its own terminal ID
Is transmitted to the center side (step B1). Then, it waits for a response from the center, and if there is a response, N
Check if G response or OK response (step B
2). Now, if the response is OK (step B3), access to the specified database is permitted, and the process proceeds to the access process. If the response is NG (step B3).
3) After the database is forcibly erased (step B4), NG display is performed (step B5).

FIG. 6 is a flowchart showing the operation of the server device 1 which is started when a DB access notification is transmitted from the terminal device 2. First, when a DB access notification is received (step C1), the DB distribution table 3 is searched based on the terminal ID (step C2),
It is checked whether the corresponding “terminal ID” is present in the DB distribution table 3 (step C3). If there is no “terminal ID”, an NG response is made to the terminal (step C10). If the notification is from, check whether the NG flag is set corresponding to the database (step C4). The NG flag corresponding to the database indicates that the database has not been normally distributed as described above. If the NG flag is set, the process proceeds to step C10, and an NG response is made.
If the flag has not been set, the process proceeds to the check of the notification location (step C5).

That is, the terminal device of the access notification source is inquired of its location, and the location transmitted in response to the inquiry and the “use location” corresponding to the terminal ID acquired from the DB distribution table 3 are determined. A request place check for comparison is performed, and as a result, if the place is not a registered place (step C6), an NG response is made (step C1).
0), if used at a registered location, DB distribution table 3
A use time zone check is performed to compare the "use time zone" corresponding to the terminal ID acquired from the above with the current time zone (step C7). Here, if the use is outside the registration time zone, the process proceeds to step C10, and an NG response is performed. If the use is during the registration time zone, an OK response is performed (step C8).
“1” is added to the “number of uses” corresponding to the terminal ID in the DB distribution table 3 and the value is counted up (step C9).

As described above, in this embodiment, when distributing a database via a network, it is checked whether the distribution destination requested for distribution is a predetermined authorized distribution destination, Checks whether the request is within the specified time zone specified in advance by the distribution destination or from the specified location, and the request is a valid distribution destination and the request or specified location within the valid specified time zone The database is distributed to the distribution destination on the condition that it is a request from the company. Therefore, the security when distributing the database via the network is increased, and the illegal leakage and unauthorized use of the database are effective throughout the system. Can be prevented. In this case, when distributing the database, the collected database is collected, the validity of the collected database is checked, and the database is distributed under the condition that the database is valid, so the collected database is forged. If it has been tampered with, the next database distribution can be prohibited, and distribution to unauthorized users can be effectively prevented in the entire system.

Further, on the terminal device 2 side, when accessing the distribution database, an access notification is sent to the server. As a result, access to the database is permitted by an affirmative response from the server, and access to the database is permitted by a negative response. Is prohibited, it is possible to determine whether or not the access is possible under the monitoring of the center, and it is possible to effectively prevent access by an unauthorized user at the terminal. That is, the access state is automatically notified to the center and the availability of the access is checked in a state where the user is unaware, so that unauthorized access can be prevented.

In this case, since the distributed database is destroyed by the negative response from the server device, more effective security management can be performed. At that time, when determining whether or not the database for the terminal device is available based on the access notification, the server device refers to a use time zone of the database specified in advance and determines whether the current time belongs to the use time zone. Acknowledgment and a negative acknowledgment are transmitted, so that access to the database can be permitted only for access requests within the designated time zone. Further, since the server device totalizes the database access status in each terminal device based on the database access notification transmitted from the terminal device, the database access can be kept under the monitoring of the center side. It is possible to freely call up the total result at any time.

Although the database security management system in the above-described embodiment has been described as being applied to a wide area communication system, it is needless to say that the database security management system can also be applied to a local area network system.
Further, the terminal device is not limited to the desktop type, and may be a portable terminal. In this case, the condition is that the server device and the terminal device are connected by a wireless communication network. Further, if other techniques such as database encryption, authentication of an accessor, management for each access mode, and the like are used in combination as database security management, it becomes more reliable. Furthermore, a plurality of databases that are organically related may not be treated as the same level, and security management may be performed separately for a public database and a private database.

[0025]

According to the first aspect of the present invention, when distributing a database via a network, not only is the validity of the distribution destination requested to be distributed checked, but also the specified time zone specified in advance by the distribution destination. Alternatively, by checking the validity of a request from a designated place, security at the time of distributing a database via a network can be enhanced, and illegal outflow and unauthorized use of the database can be effectively prevented in the entire system. According to the second invention, when using the access to the database distributed to the terminal device, it is possible to determine whether or not the access is possible under the supervision of the center, so that the access by the unauthorized user at the terminal is effected in the entire system. Can be prevented.

[Brief description of the drawings]

FIG. 1 is a block diagram showing the overall configuration of a database security management system.

FIG. 2 is a diagram showing a configuration of a DB distribution table 3.

FIG. 3 is a block diagram showing the overall configuration of the server device 1.

FIG. 4 is a flowchart showing an operation of the server device 1 when distributing a database.

FIG. 5 is a flowchart showing an operation of the terminal device 2 which is started each time a user makes an access request when accessing a database.

FIG. 6 is a flowchart illustrating an operation of the server device 1 that is started to be executed when a DB access notification is transmitted from the terminal device 2.

[Explanation of symbols]

 Reference Signs List 1 server device 2 terminal device 3 DB distribution table 4 DB file group 5 collection file 11 CPU 12 storage device 13 recording medium 15 transmission control unit 16 input unit

Claims (8)

[Claims] 1. A server for distributing a database, wherein when distributing the database via a network, it is checked whether the distribution destination requested for distribution is a predetermined authorized distribution destination and Check whether the request is within the specified time zone specified in advance or from the specified location.If the request is a valid distribution destination and the request or specified location is within the valid specified time zone A database security management method characterized in that a database is distributed to the distribution destination on condition that the request is issued. 2. The method according to claim 2, wherein when distributing the database, the distributed database is collected, the validity of the collected database is checked, and the database is distributed on condition that the database is valid. 2. The database security management method according to claim 1, wherein 3. A terminal device for accessing a database distributed from a server via a network, wherein at the time of access to the database, an access notification indicating that access has been made is sent to the server. A database security management method, wherein an access to the distributed database is permitted with an affirmative response, and access to the distributed database is prohibited with a negative response from the server. 4. The database security management method according to claim 3, wherein a negative response from the server destroys the distributed database. 5. A server for distributing a database to the terminal device, wherein when deciding whether or not to access the database to the terminal device based on the access notification, use of the database specified in advance is performed. Referring to a time zone, determining whether access is possible according to whether the current time belongs to the use time zone, and transmitting the affirmative response or the negative response according to the content of the determination. The database security management method according to claim 3. 6. The database security management method according to claim 5, wherein said server counts the access status of each terminal device based on a database access notification from said terminal device. 7. A recording medium having a program code readable by a computer, wherein when distributing a database via a network, it is determined whether a distribution destination requested to be distributed is a predetermined authorized distribution destination. A computer-readable program code that allows the user to check whether the request is made within a specified time slot specified in advance on the distribution side or from a specified location, and that the request is a valid distribution destination. And a computer-readable program code for distributing a database to the distribution destination on condition that the request is within a valid designated time zone or a request from a designated location. 8. A recording medium having a program code readable by a computer, the program code being readable by a computer for making a server give an access notification indicating that there is access when accessing a database; And a computer-readable program code for permitting access to the distributed database with a positive response from the server and prohibiting access to the distributed database with a negative response from the server.