JP2002108822A - Security control system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simplify access processing, to strengthen security and to prevent illegal access concerning access to a security guard system. SOLUTION: In a security control table 1010 in a security control means 101, information on an identification method using an individual ID and password when a user 11 access to respective WEB systems 13 to 15 by using a system access means 102 is stored in advance. The means 101 identifies the user by identification information inputted from the user 11 through an identification information input means 103. In response to the request of access to WEB systems 13, 14 or 15 by the user 11, who is permitted too access by the user identification, the means 101 issues the ID and password of the user with respect to the WEB system automatically to carryout access identification processing for the user 11 between with the WEB system.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an individual authentication process (ID (identification)) required for a user to access a security guard system.
And a security management method for managing security in authentication processing by inputting a password or the like.

[0002] The "security guard system" in the present invention refers to the following systems a to c. a. A security guarded system that exists on a network (such as the Internet and an intranet). b. A user can access via a network, and various access methods can be adopted. c. For example, a security-guarded WEB system, EDP (Electronic Data Pr)
conceivable systems, dedicated systems, communication means, and appliances.

[0003]

2. Description of the Related Art Usually, access to a security guard system (specifically, for example, a WE of a WEB system)
Access to page B)
And a password is required. That is, the user can access the security guard system to be accessed by inputting an ID and a password registered in advance to the security guard system to be accessed.

[0004] However, in order to access a plurality of security guard systems, the user must remember the ID and password registered in advance for each security guard system, and each time the user accesses the system, a predetermined ID and password are required. You need to enter a password. For this reason, the user needs to remember the individual ID and password, and a task of managing them is required.

[0005] Referring to FIG. 13, a conventional security management method is, for example, a P-type program operating under program control.
C (Personal Computer) 130,
Network 13 enabling communication between different systems
2 and a plurality of WEB systems (WEBs) that are constructed on another system (a system other than the system of the PC 130) and are security-guarded by an ID and a password.
System A, WEB system B, and WEB system C).

[0006] The PC 130 includes system access means (generally, software called a browser) 1301,
It is configured to include a screen 1302 for displaying information to the user 131 and a keyboard 1303 for the user 131 to make an input.

Each WEB system has individual information processing means (generally called a service) required by the user 131.
Is provided.

These means (components) are:
It operates as follows (see FIG. 14).

First, the user 131 accesses one of the WEB systems (referred to as WEB system A) connected to the network 132 via the system access means 1301 (step C1 in FIG. 14).

[0010] The WEB system A requests input of an ID and a password in order to authenticate the user 131 (step C2).

In response to this request, the user 131 sets the ID
And a password is transmitted (step C3).

As a result, the user 131 can access the WEB system A,
The service provided by the WEB system A can be used using the screen 1302 (step C4).

As described above, in the prior art, each user generally inputs an ID and a password corresponding to each user in order to access a security guard system (such as a WEB system). Here, the number of characters and usable characters of the ID and the password are different for each security guard system. Further, from the viewpoint of maintaining security, it is necessary to use a different ID and password for each security guard system. Further, with respect to one security guard system, it is desired that the password be changed every other month or the like in order to ensure security.

[0014]

The above-mentioned conventional security management method has the following problems.

First, since each user needs to set an ID and a password for each security guard system and remember the ID and password corresponding to each user, such storage and management are difficult. And the password may be forgotten.

Second, with the above first problem, it is necessary for the management side to respond to inquiries from users, and it is necessary to securely perform user (user) authentication in order to ensure security. There was a problem that there is. Conversely, if such user authentication is not performed, there is a risk that unauthorized access may occur due to leakage of the password.

Third, since it is necessary to change the password at a certain frequency in order to ensure security, there is a problem in that it is often necessary to change the password. Further, for such a user, such a change of the password takes time to memorize a new password set after the change, and there is a problem that the password may not be known.

In view of the above, an object of the present invention is to solve the above-mentioned problems and to provide individual IDs required to access a security guard system having various access methods existing on a network. It enables users to secure and access their security guard systems without having to manage individual IDs and passwords, and to enhance security. Another object of the present invention is to provide a security management method that can prevent unauthorized access due to password leakage.

A patent publication relating to the prior art for the present invention is disclosed in Japanese Patent Application Laid-Open No. 2000-2000, which is similar to the present invention in that the aim is to simplify and improve security.
Japanese Patent Application Laid-Open No. 105747 and JP-A-07-160638. However, the techniques described in these publications (“screen control method for single login method” and “information equipment terminal device”) are based on the premise that a portable medium exists for the former, and The configuration is essentially different from the present invention in that only the timely change of the password is considered.

[0020]

According to the security management method of the present invention, when a user accesses a security guard system (such as a WEB system) via a network, the authentication information of the user (such as fingerprint information) is used. ), A system access means for accessing each security guard system via a network for a user, and a user access to each security guard system using the system access means. Information relating to an authentication method using individual IDs and passwords is registered in advance, performs user authentication based on authentication information input by a user via the authentication information input means, and accesses with the user authentication (self- That is, access to security management measures) Automatically issues the user ID and password to the security guard system in response to a user access request to the security guard system, and authenticates access to the security guard system for the user. Security management means for executing processing.

Here, the security management means includes user identification information, authentication information, security guard system identification information, access method, ID and password, as information relating to each user's access to each security guard system. A security management table holding a password update opportunity and a password updating method, an information registration unit for registering information in the security management table, and an access to each security guard system. A user authentication unit for performing user authentication of the user based on the authentication information and the authentication information of the user input from the user, and the security management table when the user accesses the security guard system. See An access authentication management means for automatically transmitting an ID and a password of the user to the security guard system and executing an access authentication process for the user with the security guard system; It is conceivable to include a password changing unit that automatically updates the password when the password is reached.

The above security management means can be provided on a PC used by a user, or can be constructed by a service provider on a network.

Further, the security management system of the present invention
In the security management method when the user accesses the security guard system via the network,
Assuming that there is authentication information input means for inputting user authentication information and system access means for accessing each security guard system via a network for the user, a PC or service provider is connected to the system access means. Individual ID when the user accesses each security guard system using
And information relating to an authentication method using a password is registered in advance, performs user authentication based on authentication information input by a user via the authentication information input means, and uses the access permitted by the user authentication. Automatically issues a user ID and password to the security guard system in response to a request for access to the security guard system by a user, and performs an access authentication process for the user with the security guard system. Can be realized as a recording medium on which a program for functioning as a security management unit for executing the program is recorded.

Further, according to the present invention, there is provided a first step in which a user inputs authentication information to the security management means based on an authentication information input request from the security management means, and the security management means comprises the first step. A second step of judging permission / denial of the user's access to the user by comparing the authentication information obtained in step 1 with authentication information of the user registered in advance; A third step of requesting input of an ID and a password based on an access request from a user who has been permitted to access the security management means in step 2, and the security management means responding to the request in the third step A fourth method for automatically transmitting a pre-registered ID and password to the security guard system. A step, a fifth step in which the security guard system determines the permission / denial of access to the fourth perform the ID and based on password authentication process obtained in Step the user's self,
A sixth step of automatically requesting the security guard system to change the password when the security management means determines that the password update timing has been reached, and performing a password change process on the security management means side; The security guard system performs a password change process on the security guard system side based on the password change request in the sixth step.
And a security management method having the following steps.

[0025]

Next, the present invention will be described in detail with reference to the drawings.

(1) First Embodiment FIG. 1 is a block diagram showing a configuration of a security management system according to a first embodiment of the present invention.

Referring to FIG. 1, the security management system according to the present embodiment includes a PC 10 operating under program control, a network 12 enabling communication between different systems, and another system (a system other than the system of the PC 10). ) WEB system 13, which is built on and is security guarded by ID and password,
14 and 15 are included. Note that the number 3 of the WEB system in FIG. 1 is merely an example.

The PC 10 has security management means 101
, System access means (generally, software called a browser) 102, authentication information input means 103 for inputting authentication information of the user 11 such as fingerprint information, and a screen 104 (output means) for displaying information to the user 11. Example)
And a keyboard 105 (an example of an input unit) for the user 11 to make an input.

The security management means 101 includes a security management table 1010 and a user authentication means 1011.
, An access authentication management unit 1012, a password change unit 1013, and an information registration unit 1014.

The WEB systems 13, 14, and 15 provide individual information processing means (generally referred to as services) required by the user 11.

FIG. 2 shows the security management table 101.
It is a figure which shows the specific example of the content of 0. The security management table 1010 includes, for each user including the user 11, user identification information, authentication information (such as fingerprint information),
Access information on the systems 13 to 15 is registered. The “access information about the WEB system” is information used when the user accesses the WEB system, and includes WEB system identification information, an access method, an ID and a password, a password update opportunity, and a password update method. It is composed of Note that the above information does not necessarily need to exist in a table format as in the present embodiment.

FIG. 3 is a flowchart showing processing of the security management system according to the present embodiment. This processing includes a security management unit access step 301, an authentication information input request step 302, and an authentication information input step 30.
3, an authentication information comparison step 304, an access permission step 305, and an access rejection step 306.

FIG. 4 is a flowchart showing processing of the security management system according to the present embodiment. This processing is
EB system access request step 401, ID / password input request step 402, ID / password transmission step 403, authentication processing step 404, access permission step 405, and access rejection step 4
06.

FIG. 5 is a flowchart showing the processing of the security management system according to the present embodiment. This processing includes a password update trigger arrival determination step 501, a password change request step 502, a password change processing step 503 on the security management unit side, and a password change processing step 504 on the WEB system side.

FIG. 6 is a flowchart showing processing of the security management system according to the present embodiment. This processing includes a security management unit access step 601, an information input step 602, and a security management table information registration step 603.

FIGS. 7 and 8 are diagrams for explaining a specific operation of the security management system according to the present embodiment.

Next, the overall operation of the security management system according to the present embodiment configured as described above will be described in detail with reference to FIGS.

In the following description, transmission and reception between the PC 10 and the WEB systems 13 to 15 via the network 12 are often performed by the network 1
2 is not mentioned.

First, the user 11 enters the web system 13
The operation at the time of the authentication process of the user 11 before accessing to .about.15 will be described (see FIG. 3).

First, the user 11 makes the WEB system 1
Before accessing each of 3, 14, and 15,
The security management unit 101 on the PC 10 is accessed (Step 301 in FIG. 3).

At this time, the user authentication means 1011 in the security management means 101 requests the user 11 to input authentication information (here, fingerprint information) (step 30).
2).

The user 11 responds to this request,
The fingerprint information is input to the security management means 101 via the authentication information input means 103 on the address 0 (step 303).

The user authentication means 1011 in the security management means 101 receives the fingerprint information obtained from the user 11 in step 303 and the fingerprint information registered in advance in the security management table 1010 (registered as that of the user 11). Then, it is determined whether they match (step 304).

If the security management means 101 determines in step 304 that "both fingerprint information matches", the security management means 10 by the user 11
1 is permitted (step 305). In addition,
If the fingerprint information does not match, the access is rejected (step 306).

Secondly, an operation when the user 11 accesses an arbitrary WEB system 13, 14, or 15 will be described (see FIG. 4).

After the authentication process shown in FIG. 3, the user 11 enters a certain web system (here, the web system 1) through the system access means 102 on the PC 10.
3) (step 401 in FIG. 4).

In response to this access request, WEB system 13 authenticates user 11 to determine whether user 11 has the right to access WEB system 13.
Is required to enter an ID and a password (step 402).

The access authentication management means 1012 in the security management means 101 operating on the PC 10 responds to this "request for input of ID and password to the user 11" in advance by the security management table 1010.
Automatically transmits the ID and password of the user 11 registered to the WEB system 13 (step 403).

On the other hand, the WEB system 13 performs authentication processing of the user 11 using the “ID and password” (whether the password is appropriate as the password of the user 11 identified by the ID). (Step 404), and when it is determined that the password is appropriate, the self (WE
The user 11 is permitted to access the B system 13) (step 405). Thereby, the user 11 can access the WEB system 13 without inputting the ID and the password by himself / herself. Then, the user 11 can use the service provided by the WEB system 13 using the keyboard 105 and the screen 104. If it is determined in the authentication processing in step 404 that “the password is not appropriate”, the WEB system 13 denies the user 11 access to itself (step 406).

Third, the operation at the time of the password change process will be described (see FIG. 5).

Security management means 101 on PC 10
The password changing unit 1013 in the <1> refers to the security management table 1010 to determine whether or not the access to each of the WEB systems 13 to 15 of the users including the user 11 has reached the timing of updating the password. (Step 501 in FIG. 5).

Here, as a mode of the determination of “whether or not the password update timing has been reached”, specifically, the following a
Alternatively, the embodiment shown in b can be considered. a. If the period specified in advance has elapsed, it is determined that the opportunity to update the password has been reached. b. The user 11 performs the WEB for the number of times specified in advance.
When the system 13, 14, or 15 is accessed, it is determined that the opportunity to update the password has been reached.

In step 501, the password changing unit 1013 reads “a certain user (here, the user 11).
Web system (here, the web system 13
), The password update request is automatically made to the WEB system 13 (step 502), and the security management means is determined. 101
Side performs a password change process (such as automatically changing the password of the user 11 in the security management table 1010 for the WEB system 13) (step 50).
3).

In response to the change request in step 502, the WEB system 13 performs a password change process on the WEB system 13 side, and notifies the security management unit 101 that the change process has been performed (step 504).

It is to be noted that the password can be changed for each WEB.
This is performed in accordance with a password change method specified in advance for the systems 13 to 15 (a password change method set in the security management table 1010).

As described above, the password is updated every time a certain opportunity is reached, so that unauthorized access due to password leakage can be prevented.

Fourth, security management table 101
The operation at the time of registering information for 0 will be described (FIG.
reference).

When registering the ID and password of a new WEB system (here, for example, the WEB system 15 corresponds to the “new WEB system”), the user 11 needs to manage the security on the PC 10. Means 101 (step 60 in FIG. 6).
1), the new web system (web system 1)
5) Input an access method, an ID and a password (step 602).

Thus, the security management means 101
The information registering means 1014 registers an access method to the web system 15 and an ID and a password in the security management table 1010 (step 603).

Also, a certain WEB system (W
The user 11 also accesses the security management unit 101 on the PC 10 when setting the opportunity for updating the password for the EB system 15 (step 60).
1) Input a password update opportunity and a password update method (step 602).

Thus, the security management means 101
The information registration unit 1014 registers the password update opportunity and the password update method for the web system 15 in the security management table 1010 (step 603).

FIGS. 7 and 8 show that, as mentioned above,
FIG. 6 is a diagram showing a specific operation of the security management method according to the present embodiment.

First, FIG. 7 shows the security management means 1
01 is performed (steps A1 to A3), the user 11
To receive the service by accessing (Step A
4 to A7), and when the password of the WEB system 13 is changed (steps A8 to A9).

Here, the processing in step A1 in FIG. 7 corresponds to the processing in step 301 in FIG.
The processing of Step 2 corresponds to the processing of Step 302, and Step A
The process of Step 3 corresponds to the process of Step 303. Then, the security management unit 101 performs a comparison determination of the authentication processing in step 304, and in step 305, the user 1
1 is permitted to access itself (security management means 101).

The processing in step A4 in FIG. 7 corresponds to the processing in step 401 in FIG.
Corresponds to the processing in step 402, and the processing in step A6
Corresponds to the processing of step 403 (the WEB system 13 performs the authentication processing of step 404 using the ID and password obtained in step A6), and the processing of step A7 corresponds to the processing of step 405.

Further, step A8 in FIG.
The process corresponds to the process of step 502 when “YES” is determined in step 501 in the middle (at this time, the process of step 503 is also performed by the security management unit 101), and the process of step A9 ends the process of step 504. This corresponds to the notification processing of having performed the notification.

Second, FIG. 8 shows that the user 11 has already
When accessing another WEB system 14 to access the service after accessing the B system 13 (steps A10 to A13), the security management table 1
010 when information is registered (steps A14 to A1)
5) shows each operation.

Here, the processing in step A10 in FIG. 8 corresponds to the processing in step 401 in FIG. 4, the processing in step A11 corresponds to the processing in step 402, and the processing in step A12 corresponds to the processing in step 403. (WE
The B system 14 performs the authentication processing of step 404 using the ID and password obtained in step A6), and the processing of step A13 corresponds to the processing of step 405.

The processing of steps A14 and A15 in FIG. 8 is performed in steps 601 to 6 in FIG.
03, an access process, an input process, and a registration process.

As described above, the user 11 himself / herself does not input the ID and the password, but simply accesses the security management means 101, and the respective WEB systems 13 to 15 which are security-guarded by the ID and the password. Easily (Each WEB system 13-15
(Without having to remember each ID and password). Further, the password is automatically updated to an arbitrary password each time a certain opportunity is reached, so that unauthorized access due to password leakage can be prevented.

(2) Second Embodiment FIG. 9 is a block diagram showing a configuration of a security management system according to a second embodiment of the present invention.

Referring to FIG. 9, the security management system according to the present embodiment includes a PC 90 operating under program control, a network 92 enabling communication between different systems, and another system (a system other than the system of PC 90). ) WEB system 93, which is built on and is security guarded by ID and password,
94 and 95, and a service provider 96 that provides services via a network 92. The number of WEB systems in FIG.
This is just an example.

The PC 90 includes system access means (software generally called a browser) 902, authentication information input means 903 for inputting authentication information of the user 91 such as fingerprint information, and a screen for displaying information to the user 91. 90
4 (an example of an output unit) and a keyboard 905 (an example of an input unit) for the user 91 to make an input.

The service provider 96 has a security management means 101 built on a system provided by itself.
have.

The security management means 101 includes a security management table 1010 and a user authentication means 1011.
, An access authentication management unit 1012, a password change unit 1013, and an information registration unit 1014.

The web systems 93, 94, and 95 provide individual information processing means (generally called services) required by the user 91.

FIG. 10 is a diagram for explaining a specific operation of the security management system according to the present embodiment.

FIG. 2 shows a security management table 10 in the security management system according to the present embodiment.
10 is also a diagram showing a specific example of the contents of FIG. However, this security management table 1010 includes the network 9
2 can be registered for all users.

FIGS. 3 to 6 are also flow charts showing processing of the security management system according to the present embodiment.

The operation of the security management system according to the present embodiment is basically the same as the operation of the security management system according to the first embodiment. However, instead of accessing the security management unit 101 on the PC 10 in FIG. 1, the user 91 (the user 11 in the first embodiment) provides a service via the system access unit 902 and the network 92 in the PC 90. Security management means 10 built on provider 96
1 (the communication from the security management means 101 to the user 11 is also performed via the network 92 and the system access means 902).

Hereinafter, a specific operation of the security management system according to the present embodiment will be described with reference to FIG.

Here, FIG. 10 shows a case where user authentication of the user 91 is performed by the security management means 101 (steps B1 to B3), and a case where the user 91 accesses the WEB system 93 to receive the service (steps B1 to B3). Steps B4 to B7), when the password of the WEB system 93 is changed (steps B8 to B9), and when information is registered in the security management table 1010 (steps B10 to B11).

First, the user 91 enters the WEB system 9
Before accessing each of 3,94, and 95,
The security management unit 101 on the service provider 96 is accessed via the system access unit 902 in the PC 90 and the network 92 (step B1 in FIG. 10).

At this time, the security management means 101
Requests input of fingerprint information from user 91 (step B
2).

The user 91 enters the authentication information input means 903,
System access means 902 and network 92
The fingerprint information is input via the terminal (step B3).

The security management means 101 obtains fingerprint information of the user 91 via the network 92, compares the fingerprint information with fingerprint information registered in advance in the security management table 1010, and obtains both fingerprint information. It is determined whether or not matches. If the two pieces of fingerprint information match, the user 91 is permitted to access the security management unit 101 (see step B4).

Next, the user 91 accesses the WE via the system access means 902, the network 92, and the security management means 101 on the service provider 96.
An access request is made to the B system 93 (step B4).

In response to this request, the WEB system 93
Requests the user 91 to enter an ID and a password (step B5).

In response to the input request of the ID and the password, the security management means 101 on the service provider 96 transmits the WEB system 9 of the user 91 registered in the security management table 1010 in advance.
The ID and the password for 3 are automatically transmitted to the WEB system 93 (step B6).

On the other hand, the WEB system 93 performs an authentication process regarding the access of the user 91 to itself,
If it is determined that “the password is appropriate as the password of the user 91 identified by the ID”, the user 91 (self-web system 93)
Allow access for Thus, the user 91 can use the service provided by the WEB system 93 using the screen 904 and the keyboard 905 (step B7).

[0091] When a predetermined period elapses or when the user 91 accesses the WEB system 93 a predetermined number of times, the service provider 96 is accessed.
The above security management means 101 automatically
A request to change the password for the user 91 is made to the system 93 (step B8).

Note that the password can be changed by individual
This is performed according to a password change method (a password change method set in the security management table 1010) specified in advance for the systems 93 to 95 (here, the WEB system 93). Thereby, the WEB system 93 responds to the change of the password (step B).
9).

As described above, an arbitrary password is updated each time a certain opportunity is reached, so that unauthorized access due to password leakage can be prevented.

Further, the security management table 101
Regarding registration of information to 0, the following processes a and b are performed.

A. I of the new WEB system (here, for example, WEB system 95 is applicable)
When registering D and the password, the user 91
The user accesses the security management unit 101 built on the system provided by the service provider 96 via the system access unit 902 in the PC 90 and the network 92, and inputs an access method to the WEB system 95 and an ID and a password. Thereby, the security management unit 101 registers the access method to the web system 95 and the ID and the password in the security management table 1010 (step B10).

B. Also, when automatically setting a password update opportunity, the user 91 accesses the security management unit 101 constructed on the service provider 96 via the system access unit 902 in the PC 90 and the network 92, Enter the password update opportunity and password update method. As a result, the security management unit 101 sets the security management table 10
10, the password update opportunity and the password update method are registered (step B11).

(3) Third Embodiment Next, a security management method according to a third embodiment of the present invention will be described.

In the security management method according to the present embodiment, a first step in which a user inputs authentication information to the security management means based on an authentication information input request from the security management means, A second step of comparing the authentication information obtained in the first step with authentication information of the user registered in advance to determine permission / denial of access of the user to the user; A third step in which the guard system requests input of an ID and a password based on an access request from a user who is permitted to access the security management means in the second step, and responds to the request in the third step. Security management means automatically registers the ID and password registered in advance A fourth step of transmitting to the system, and a fifth step in which the security guard system performs an authentication process based on the ID and the password obtained in the fourth step, and determines whether the user is permitted or denied access to the user. Step 6: when the security management means determines that the opportunity to update the password has been reached, automatically requests the security guard system to change the password and performs a password change process on the security management means side. And a seventh step in which the security guard system performs a password change process on the security guard system side based on the password change request in the sixth step.

Here, FIGS. 3 to 5 described above correspond to the flowchart showing the processing procedure of the security management method according to the third embodiment of the present invention.

In this case, the first step described above corresponds to FIG.
The second step corresponds to steps 304 to 306, the third step corresponds to steps 401 to 402 in FIG. 4, and the fourth step corresponds to step 403. , The fifth step corresponds to steps 404 to 406, the sixth step corresponds to steps 501 to 503 in FIG. 5, and the seventh step corresponds to step 504.

The operation of the security management method according to this embodiment is the same as that of the operation (process) shown in FIGS. 3 to 5 described in the description of the security management method according to the first embodiment. It will be similar.

Here, as the network system to which the security management method of the present invention is applied, “the security management means 101 exists on the PC 10” as shown in FIG. 1 or FIG. As shown, “the security management unit 101 is constructed on the service provider 96” may be used.

(4) Fourth Embodiment FIG. 11 is a block diagram showing a configuration of a security management system according to a fourth embodiment of the present invention.

Referring to FIG. 11, the security management method according to the fourth embodiment of the present invention is different from the security management method according to the first embodiment shown in FIG.
Recording medium 1 recording security management processing program
100 is different. This recording medium 110
0 may be a magnetic disk, a semiconductor memory, or another recording medium.

The security management processing program is read from the recording medium 1100 into the PC 10, and
Operations of the security management unit 101 (the security management table 1010, the user authentication unit 1011, the access authentication management unit 1012, and the password change unit 101
3, and information registration means 1014). Operation of the security management means 101 on the PC 10 under the control of the security management processing program (security management table 1010, user authentication means 1011, access authentication management means 1012, password change means 101
3, and the operation of the information registration unit 1014) are completely the same as the operation of the security management unit 101 in the first embodiment, and therefore detailed description thereof will be omitted.

(5) Fifth Embodiment FIG. 12 is a block diagram showing a configuration of a security management system according to a fifth embodiment of the present invention.

Referring to FIG. 12, the security management system according to the fifth embodiment of the present invention is different from the security management system according to the second embodiment shown in FIG.
Recording medium 1 recording security management processing program
200 is different. This recording medium 120
0 may be a magnetic disk, a semiconductor memory, or another recording medium.

The security management processing program is read from the recording medium 1200 by the service provider 96, and controls the operation of the service provider 96 by the security management means 101 (the security management table 1010,
User authentication means 1011, access authentication management means 101
2, control as a password changing means 1013 and an information registering means 1014). The operation of the security management unit 101 on the service provider 96 under the control of the security management processing program (the operation of the security management table 1010, the user authentication unit 1011, the access authentication management unit 1012, the password change unit 1013, and the information registration unit 1014) Since the operation is exactly the same as that of the security management unit 101 in the second embodiment, a detailed description thereof will be omitted.

(6) Modifications of the First to Fifth Embodiments The following a to
Modifications (including expansions) such as those shown in Fig. d are conceivable (a combination of the respective modifications is also possible).

A. In the first to fifth embodiments,
User authentication means 101 in security management means 101
As a method by which the user 1 authenticates the user 11 or 91, a fingerprint recognition method (a method in which fingerprint information is used as authentication information) has been adopted. However, the method of user authentication is
Instead of using only fingerprint authentication, IC (Integra
It is also possible to use another authentication method such as authentication using an attached circuit (card), or a method in which the other authentication method is combined with a fingerprint authentication method.

B. In the first to fifth embodiments,
The access authentication management unit 1012 in the security management unit 101 is used to perform access authentication using the ID and the password (the WEB system 13 to 15 or 93 to 9).
5 has been performed to determine whether the user 11 or 91 has permitted or rejected access. However, as an access authentication method, not only an authentication method using an ID and a password but also another authentication method can be adopted. For example, a method of sending IC card information to the WEB system for authentication, a method of sending fingerprint information or the like directly to the WEB system for authentication, and the like can be considered. In this case, the access authentication method is registered in the security management unit 101 in advance, and automatic authentication is performed. Also, even in the case of the authentication method using the callback method, if the procedure is registered in advance, the security management method of the present invention automatically performs the authentication procedure, so that the user does not need to be aware of each authentication method. If the authentication to the security management method of the present invention is confirmed, unique access to each WEB system becomes possible.

C. In the first to fifth embodiments,
The case where the security guard system is only the WEB system has been described. However, not only the WEB system but also other general security guard systems, for example,
For the security-guarded EDP system, dedicated system, communication means, and even electric appliances, access authentication can be automatically performed by registering the access method and the like in the security management means 101 in the same manner.

D. In the first to fifth embodiments,
It has been described about automating the procedure of accessing the WEB system 13-53 or 93-95. However, the procedure is not limited to the procedure for accessing the security guard system such as the WEB system, but may be additionally performed for other procedures such as the procedure for registering or canceling the mail delivery to the mail delivery system (in addition to the selection conditions for the mail delivery system). ID for setting, mail delivery address change, mail procedure
And password change, and setting of mail delivery period / time) can be registered in the security management means 101 in advance, so that management operations such as registration and deletion of mail delivery can be automatically performed by a simple operation. Can be performed.

[0114]

As described above, according to the security management system of the present invention, the following effects are produced.

The first effect is that each W that is security-guarded by access authentication information such as an ID and a password (hereinafter, described as “ID and password”).
There is no need for the user to remember and manage different IDs and passwords for each EB system. This also reduces the burden on the administrator for ensuring security (the burden of responding to inquiries from users, etc.).

The reason why such an effect occurs is that each I
D and the password are registered in advance in the security management unit, and the security management unit automatically transmits the ID and the password in response to a request from the security guard system (a request for transmitting an ID and a password for access authentication). It is.

The second effect is that the burden of changing the password is not imposed on the user, and unauthorized access due to password leakage can be prevented.

The reason why such an effect occurs is that, when a certain update trigger is reached (for example, when a predetermined period elapses or the Web system is accessed a predetermined number of times), security management means Automatically changes the password.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a security management system according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a specific example of the contents of a security management table in FIGS. 1 and 9;

FIG. 3 is a flowchart showing processing of the security management method shown in FIGS. 1 and 9, and is also a flowchart showing a processing procedure of a security management method according to a third embodiment of the present invention.

FIG. 4 is a flowchart showing processing of the security management method shown in FIGS. 1 and 9, and is also a flowchart showing a processing procedure of a security management method according to the third embodiment of the present invention.

FIG. 5 is a flowchart showing processing of the security management method shown in FIGS. 1 and 9, and is also a flowchart showing a processing procedure of a security management method according to the third embodiment of the present invention.

FIG. 6 is a flowchart showing processing of the security management method shown in FIGS. 1 and 9;

FIG. 7 is a diagram for explaining a specific operation of the security management method shown in FIG. 1;

FIG. 8 is a diagram for explaining a specific operation of the security management method shown in FIG. 1;

FIG. 9 is a block diagram illustrating a configuration of a security management method according to a second embodiment of the present invention.

FIG. 10 is a diagram for explaining a specific operation of the security management method shown in FIG. 9;

FIG. 11 is a block diagram illustrating a configuration of a security management system according to a fourth embodiment of the present invention.

FIG. 12 is a block diagram showing a configuration of a security management system according to a fifth embodiment of the present invention.

FIG. 13 is a block diagram showing a configuration of an example of a conventional security management method.

14 is a diagram for explaining a specific operation of the security management method shown in FIG.

[Explanation of symbols]

10, 90 PC 11, 91 User 12, 92 Network 13 to 15, 93 to 95 WEB system 96 Service provider 101 Security management means 102, 902 System access means 103, 903 Authentication information input means 104, 904 Screen 105, 905 Keyboard 301 Security management means access step 302 Authentication information input request step 303 Authentication information input step 304 Authentication information comparison step 305 Access permission step 306 Access rejection step 401 Web system access request step 402 ID / password input request step 403 ID / password transmission step 404 Authentication processing step 405 Access permission step 406 Access rejection step 501 Password update trigger arrival judgment Step 502 Password change request step 503 Security management means password change processing step 504 WEB system password change processing step 601 Security management means access step 602 Information input step 603 Security management table information registration step 1010 Security management table 1011 User authentication means 1012 Access authentication management means 1013 Password change means 1014 Information registration means 1100, 1200 Recording medium

Claims (19)

[Claims] In a security management method when a user accesses a security guard system via a network, authentication information input means for inputting user authentication information, and each security guard for the user via the network. A system access means for accessing a system, and information on an authentication method using an individual ID and a password when a user accesses each security guard system using the system access means are registered in advance, and the authentication information Performs user authentication based on authentication information input from the user via the input means, and responds to the security guard system in response to an access request to the security guard system by a user who is permitted to access by the user authentication. User I
A security management means for automatically issuing D and a password to execute an access authentication process for the user with the security guard system. 2. Information relating to access to each security guard system by each user includes user identification information, authentication information, security guard system identification information,
A security management table holding an access method, an ID and a password, a password update opportunity, and a password update method, an information registration unit for registering information in the security management table, and prior to accessing each security guard system. A user authentication unit for performing user authentication of the user based on the authentication information in the security management table and the user authentication information input by the user, and the user accessing the security guard system At this time, referring to the security management table, the ID and password of the user are automatically transmitted to the security guard system, and an access authentication process for the user is executed with the security guard system. Access authentication management means, Claim characterized in that it has a security manager and a password changing unit for updating the password automatically when reaching the constant of trigger 1
The security management method described. 3. The security management method according to claim 2, further comprising a password changing unit that determines that “a certain opportunity has been reached” when a predetermined period specified in advance has elapsed. 4. The security management system according to claim 2, further comprising a password change unit that determines that “a certain opportunity has been reached” when a predetermined number of accesses are made in advance. 5. The security management method according to claim 1, wherein the security management means is provided in a PC used by a user. 6. The security management method according to claim 1, wherein the security management means is constructed in a service provider on a network. 7. The security guard method according to claim 1, wherein information other than the ID and the password is registered in the security management means as information for the security guard.
The security management method according to claim 2, claim 3, claim 4, claim 5, or claim 6. 8. The security guard processing according to claim 1, wherein a processing procedure other than the security guard procedure is registered in the security management means, so that the processing realized by the processing procedure can be handled similarly to the security guard processing. Claim 2, Claim 3, Claim 4, Claim 5,
A security management method according to claim 6 or claim 7. 9. The authentication information as claimed in claim 1, wherein the authentication information is fingerprint information. Security management method. 10. The security guard system is a web service.
A system according to claim 1, wherein the system is a system.
Claim 3, Claim 4, Claim 5, Claim 6, Claim 7,
The security management method according to claim 8 or claim 9. 11. A first step in which a user inputs authentication information to the security management means based on a request for inputting authentication information from the security management means, and the authentication obtained by the security management means in the first step. A second step of judging permission / refusal of the user's access to the user by comparing the information with authentication information of the user registered in advance; A third step of requesting input of an ID and a password based on an access request from a user permitted to access the security management means, and the security management means being registered in advance in response to the request of the third step. A fourth step of automatically transmitting the current ID and password to the security guard system; A fifth step in which the security guard system performs an authentication process based on the ID and the password obtained in the fourth step to determine whether the user is permitted or rejected access to the user; A sixth step of automatically requesting the security guard system to change the password when it is determined that the update trigger has been reached, and performing a password change process on the security management means side; And a seventh step of performing a password change process on the security guard system side based on the password change request in the sixth step. 12. The security management method according to claim 11, wherein the authentication information is fingerprint information. 13. The security guard system is a web
13. The security management method according to claim 11, wherein the security management method is a system. 14. In a security management method when a user accesses a security guard system via a network, authentication information input means for inputting user authentication information and each security guard system via the network for the user. Assuming that there is a system access means for accessing the PC, information on an authentication method using an individual ID and a password when a user accesses each security guard system using the system access means is stored in advance. Registered, performs user authentication based on authentication information input from the user via the authentication information input means, and responds to an access request to the security guard system by a user who is permitted to access by the user authentication. To the security guard system Recording medium for automatically issuing the user ID and password of the user and for functioning as security management means for executing access authentication processing for the user with the security guard system . 15. In a security management method when a user accesses a security guard system via a network, authentication information input means for inputting user authentication information and each security guard system via the network for the user. Assuming that there is a system access means for accessing the security guard system, information on an authentication method using an individual ID and password when a user accesses each security guard system using the system access means is provided on the assumption that there is a system access means for accessing the security guard system. It is registered in advance and performs user authentication based on authentication information input by the user via the authentication information input means, and receives an access request to the security guard system by a user who is permitted to access by the user authentication. Security The user's I
A recording medium on which a program for automatically issuing D and a password to function as security management means for executing an access authentication process for the user with the security guard system is recorded. 16. In a security management system when a user accesses a security guard system via a network, authentication information input means for inputting user authentication information and each security guard system via the network for the user. Assuming that there is a system access means for accessing the security guard system, the PC is used as information relating to each user's access to each security guard system, including user identification information, authentication information, security guard system identification information, access method, and ID.
And a password, a password update opportunity, a security management table holding a password update method, an information registration unit for registering information in the security management table, and a security management table in the security management table prior to access to each security guard system. User authentication means for performing user authentication of the user based on the authentication information of the user and the authentication information of the user input from the user, the security management table when the user accesses the security guard system. Access authentication management means for automatically transmitting the user's ID and password to the security guard system and executing access authentication processing for the user with the security guard system, and A certain moment has been reached A recording medium recording a program for functioning as a password changing means for automatically updating a password to focus. 17. A security management system when a user accesses a security guard system via a network. An authentication information input means for inputting authentication information of the user and each security guard system via the network for the user. Assuming that there is a system access means for accessing the security guard system, the service provider is referred to as user identification information,
Authentication information, security guard system identification information, access method, ID and password, password update opportunity, security management table holding password update method, information registration means for registering information in the security management table, security guards Prior to accessing the system, user authentication means for performing user authentication of the user based on the authentication information in the security management table and the authentication information of the user input from the user, When accessing the security guard system, referring to the security management table, the ID and password of the user are automatically transmitted to the security guard system so that the user can communicate with the security guard system for the user. Access authorization Recording medium for recording a program for functioning as a password changing means for updating the password automatically when it reaches the access authentication management means performs processing, as well as certain trigger. 18. The recording medium according to claim 14, wherein the authentication information is fingerprint information. 19. The security guard system is a web
14. A system according to claim 14, wherein the system is a system.
A recording medium according to claim 16, claim 17, claim 17, or claim 18.