JP2005182291A - Management server system, access control method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a management server system or the like capable of flexibly and safely making a user utilize resource of a sever system. <P>SOLUTION: The management server system 2 receives login request from a terminal unit 1 connected through a network, performs user authentication by using a user ID and password received from the terminal unit 1, and permits the login request if the user is successfully authenticated. The management server system 2 also receives supply request of resources from the terminal unit 1, and determines whether or not the terminal unit 1 at a request side requesting the resource supply has logged-in to the management server system 2. When determining that the terminal unit 1 at the request side requesting the resource supply has logged-in, the management server system 2 proceeds to limit supply of resources shown by the supply request on the basis of determined results about whether or not a observer can monitor a using state of resources. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a system in which a terminal device connects to a server via a network and uses server resources.

  Conventionally, a remote access technology such as remote desktop connection has been realized as a terminal device that can connect to a server device via a network such as the Internet and use resources of the server device. In such a connection form, in order to protect the security of the system, user authentication information such as a user ID and a password is managed on the server side, and user authentication information input by a user is received and registered in advance. If it matches, the use permission is given.

For example, there is a system in which a user's portable terminal can access a server on an intranet from the outside via a remote access control server (see Patent Document 1).
JP 2002-342270 A (5th page, FIG. 2)

However, in recent years, there has been an increased risk of user IDs, passwords, and the like being stolen and used illegally, and the current situation is that the security of the system cannot be protected only by user authentication.
On the other hand, it is conceivable that the administrator maintains safety by constantly monitoring the usage status of each user. However, it is realistic that the administrator always logs in to the server device and performs monitoring. difficult. Therefore, in order to maintain system safety without assuming permanent monitoring, it is common to take strict security measures. In this case, the login procedure is complicated and use is difficult. In many cases, it is inconvenient for the user due to excessive restrictions.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide a management server or the like that allows a user to use resources of a server device more flexibly and safely.

In order to achieve the above object, a management server device according to the first aspect of the present invention provides:
A management server device having a function of using a resource indicated by a provision request in response to a provision request for a resource from a terminal device connected via a network;
Storage means for storing authentication information for authenticating the user;
Receiving means for receiving a login request from a terminal device;
An authentication unit that receives authentication information from a terminal device that is the transmission source of the login request, collates the received authentication information with the authentication information stored in the storage unit, and authenticates the login based on the collation result;
Means for receiving a resource provision request from a terminal device;
Means for determining whether or not the terminal device that is the transmission source of the resource provision request is logged in to the management server device;
A determination means for determining whether or not the monitor can monitor the resource usage;
When it is determined that the terminal device that is the transmission source of the resource providing request is logged in, a limiting unit that limits the provision of the resource indicated by the providing request based on the determination result by the determining unit;
It is characterized by providing.

  According to such a configuration, since it is possible to change the severity of the restriction of resource provision according to the determination result of whether or not it is a state in which the presence or absence of unauthorized use can be monitored, more flexibly and safely, The user can use the resources of the server device. This prevents unauthorized use that cannot be prevented by normal user authentication, such as unauthorized use by other users while a legitimate user is away from his / her seat, or unauthorized use due to password theft, etc. In addition, if necessary, it is possible to simplify the user authentication procedure or to provide various resources without limiting the resources to be provided.

The authentication means includes
A means for setting a login authentication condition based on a result of the determination by the determination means and the determination means;
May be further provided.
Thereby, security management can be performed more flexibly and reliably.

The authentication means includes
If the determination unit determines that the monitor is not in a state where the resource usage status can be monitored, the login of the user may be rejected.
Thereby, security can be maintained reliably.

A terminal information storage means for storing terminal identification information for identifying the terminal device may be further provided for the terminal device for which login to the management server device is permitted in advance.
The receiving means may further receive terminal identification information for identifying a terminal device,
The authentication means includes
It is determined that the received terminal identification information matches the terminal identification information stored in the terminal information storage unit, and the determination unit determines that the monitor can monitor the resource usage status. In such a case, the authentication may be OK without verifying the authentication information.
Thereby, more flexible security management can be performed.

Means for receiving a reservation request for reservation of use of resources from the terminal device;
Means for registering terminal identification information of the terminal in the terminal information storage means for the terminal device that is the transmission source of the reservation request;
May be further provided.

The determination unit may determine whether or not the monitor is logged in to the management server device, and may determine that the monitor is in a state in which the resource usage status can be monitored based on the determination result.
Thereby, security management can be performed more flexibly and reliably.

It may further comprise an address storage means in which the e-mail address of the monitor is stored,
The authentication means may further comprise means for transmitting an e-mail addressed to an e-mail address stored in the address storage means when it is determined that the monitor is not logged in to the management server device.
As a result, even if the administrator is not always logged in to the management server device, when there is a notification by e-mail or the like, the administrator can log in from a nearby terminal device to allow other users to log in and monitor the usage status. be able to.

For each user logged in to the management server device, means for transmitting information indicating the resource usage status to the monitor terminal device;
Means for receiving instruction data for instructing restriction of provision of resources to the user from the terminal device of the supervisor, and for restricting provision of resources to the user based on the instruction data;
May be further provided.

  The restriction means may further comprise means for determining the possibility of unauthorized use of the user based on the type of user and the type of resource indicated by the provision request.

  When it is determined that there is a possibility of unauthorized use for the user, the restriction unit may restrict the provision of resources to the user.

  The restricting unit may transmit a notification to the administrator when it is determined that the user may be illegally used.

Means for causing the determination by the determination means to be executed at the timing of receiving the resource provision request and at least one predetermined time interval;
Determination result storage means for storing the determination result of the determination executed at the timing;
Means for logging off the user when the monitoring result is changed from a state in which the monitoring state of the resource can be monitored to a state in which it cannot be monitored with reference to the determination result stored in the determination result storage unit;
May be provided.
As a result, security can be maintained even when the administrator logs off and no monitoring is performed.

Means for causing the determination by the determination means to be executed at the timing of receiving the resource provision request and at least one predetermined time interval;
Determination result storage means for storing the determination result of the determination executed at the timing;
Means for restricting the provision of resources, when the determination results stored by the determination result storage means are changed from a state in which the monitor can monitor the resource usage state to a state in which it cannot be monitored;
May be provided.
Thereby, when the administrator logs off and monitoring is not performed, security can be maintained without logging off the user.

A restriction level means for storing a restriction level related to restriction of resource provision and a monitoring level related to monitoring of resource usage by the user,
Means for storing the limitation content of the resource provision for each limitation level,
The restriction unit may identify a restriction level corresponding to a currently set monitoring level and restrict the provision of resources according to the restriction content corresponding to the restriction level.
Thereby, a more flexible use restriction can be performed.

It may further comprise means for storing trust level information for classifying the terminal device that has accessed the management server device into a plurality of trust levels,
In the restriction level storage means, the combination of the monitoring level and the trust level and the restriction level may be stored in association with each other,
The restriction unit may specify a restriction level corresponding to a combination of the currently set monitoring level and the trust level of the terminal device, and restrict the provision of resources according to the restriction content corresponding to the restriction level.
This makes it possible to perform more flexible usage restrictions.

An access management method according to the second aspect of the present invention is:
An access management method using a computer that uses a resource indicated by a provision request in response to a provision request for a resource from a terminal device connected via a network,
Receiving a login request from a terminal device via a network;
An authentication step of receiving authentication information from the terminal device that is the transmission source of the login request, verifying the received authentication information and pre-registered authentication information, and permitting login based on the verification result;
Receiving a resource provision request from a terminal device via the network;
Determining whether a user of the terminal device is logged in to the server device;
A determination step of determining whether or not the monitor is logged in to the server device, and determining whether or not the resource usage status can be monitored based on the determination result;
When it is determined that the terminal device is logged in, based on a determination result by the determination step, limiting the provision of resources indicated by the provision request;
It is characterized by providing.

A program according to the third aspect of the present invention is:
On the computer,
Receiving a login request from a terminal device via a network;
An authentication step of receiving authentication information from the terminal device that is the transmission source of the login request, collating the received authentication information with pre-registered authentication information, and permitting login based on the collation result;
Receiving a resource provision request from a terminal device via the network;
Determining whether a user of the terminal device is logged in to the server device;
A determination step of determining whether or not the monitor is logged in to the server device, and determining whether or not the resource usage status can be monitored based on the determination result;
When it is determined that the terminal device is logged in, based on a determination result by the determination step, limiting the provision of the resource indicated by the provision request;
Is executed.

  According to the present invention, it is possible to allow a user to use resources of a server device more flexibly and safely.

  Hereinafter, an access management system according to an embodiment of the present invention will be described with reference to the drawings.

(Embodiment 1)
FIG. 1 shows a configuration example of an access management system according to the first embodiment of the present invention. As shown in the figure, this access management system includes a plurality of terminal devices 1 and a management server device 2, which can be connected via a network 10 (including various networks such as the Internet and a LAN). It is configured.

  As shown in FIG. 2, for example, the terminal device 1 includes a computer including a control unit 11, a storage unit 12, a display unit 13, an input unit 14, a communication unit 15, and the like.

  The control unit 11 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like, reads an operation program stored in advance in the storage unit, and logs in to the management server device 2. Processing for transmitting a request, processing for transmitting a resource provision request to the management server device 2, processing for transmitting a logout request, and the like are performed. In addition, the control unit 11 of the terminal device 1 operated by the monitor further performs processing for monitoring the resource usage status of the management server device 2 and the like. The process for monitoring the resource usage status is, for example, a process of requesting information on the logged-in user or the terminal device 1 and receiving and displaying the information from the management server device 2, and a resource usage content by each user. Processing for requesting log data, receiving it from the management server device 2 and displaying it, accepting input specifying a user, terminal device 1, resource, etc. subject to use restriction, and using the input data together with a use restriction instruction The process etc. which transmit to the management server apparatus 2 are included.

The storage unit 12 is composed of, for example, a hard disk device. The storage unit 12 stores an operation program to be executed by the control unit 11 and various data necessary for processing. The storage unit 12 stores the terminal name, IP address, and the like of the terminal device 1, and these pieces of information are added to various requests from the terminal device 1 to the management server device 2 and transmitted.
The display unit 13 includes a display device such as a CRT or a liquid crystal display, and outputs various screens according to instructions from the control unit 11.
The input unit 14 includes an input device such as a keyboard and a pointing device, and transmits input data to the control unit 11.
The communication unit 15 controls data communication with other computers via the network 10, for example.

  As shown in FIG. 3, for example, the management server device 2 includes a computer including a control unit 21, a storage unit 22, a display unit 23, an input unit 24, a communication unit 25, and the like. The management server device 2 is connected to devices such as a printer and a scanner.

  The control unit 21 includes a CPU, a ROM, a RAM, and the like, and controls the management server device 2 as a whole. The control unit 21 reads out an operation program or the like stored in advance in the storage unit 22 and executes various processes described later. The processing executed by the control unit 21 includes a login acceptance process that accepts a login request from the terminal apparatus 1, a resource provision process that accepts a resource provision request from the terminal apparatus 1, a logout acceptance process that accepts a logout from the terminal apparatus 1, and the like. including.

  In the login acceptance process, when receiving a login request from the terminal device 1, the control unit 21 performs user authentication using the user ID and password received from the terminal device 1 and the user management table in the storage unit 22. If there is, it is determined whether or not the administrator is logged in with reference to the login management table in the storage unit 22. If the administrator is logged in, the login is permitted and the login request source user ID, The terminal ID and the like of the terminal device 1 are registered in the login management table. If the administrator is not logged in, login is not permitted.

  In the resource providing process, when receiving a resource providing request from the terminal device 1, the control unit 21 determines whether the source user has already logged in by referring to the login management table in the storage unit 22, and logs in If the administrator is logged in, the administrator is logged in. If the administrator is logged in, the requested resource is processed and the administrator is not logged in. In other words, the provision of resources is limited based on the safety of each resource. In this resource limitation, for example, the control unit 21 refers to the resource management table in the storage unit 22 to check the safety of the requested resource, and provides the resource set to be safe. Do not provide resources that are set to be dangerous. Note that the data format of the resource provision request is arbitrary, and it is sufficient that the information specifying the resource requested by the user is included. For example, it may include information for specifying a resource such as a resource name and a command for using the resource, or a command for instructing execution of a specific resource.

  In the logout acceptance process, when receiving a logout request from the terminal device 1, the control unit 21 deletes data registered for the logout request source from the login management table. Further, the control unit 21 determines whether the logout request is a request from the administrator's terminal device 1, and if the logout request is a request from the administrator's terminal device 1, all the terminal devices that are currently logged in 1 is notified that resources are limited.

  The storage unit 22 is composed of, for example, a hard disk device. The storage unit 22 stores an operation program to be executed by the control unit 21 and various data necessary for processing. Further, the storage unit 22 stores various applications and various data provided in response to a resource provision request from the terminal device 1. The storage unit 22 stores a user management table, a login management table, a terminal management table, a resource management table, and the like.

In the user management table, for example, as shown in FIG. 4, user management information including data such as a user ID, a password, a user type, and an e-mail address is registered for a user (including an administrator).
In the terminal management table, for example, as shown in FIG. 5, terminal management information composed of data such as a terminal name, an IP address, and a permission registration type regarding the terminal device 1 that is permitted to log in to the management server device 2 in advance. Is registered.
In the login management table, for example, as shown in FIG. 6, login information including user ID, terminal name, IP address, and other data related to the user permitted to log in by the management server device 2 and the terminal device 1 is registered. Has been.
In the resource management table, for example, as shown in FIG. 7, resource information in which data indicating safety (for example, “safety”, “danger”, etc.) is set for each resource that can be provided by the management server device 2 is stored. It is registered.

The display unit 23 includes a display device such as a CRT or a liquid crystal display, and outputs various screens according to instructions from the control unit 21.
The input unit 24 includes an input device such as a keyboard and a pointing device, for example, and transmits the input data to the control unit 21.
For example, the communication unit 25 controls data communication with other computers via the network 10.

Next, each process executed by the management server device 2 in the access management system according to the first embodiment will be described.
First, a login acceptance process for accepting a login request from the terminal device 1 will be described with reference to FIG.

  When the control unit 21 of the management server device 2 receives the login request, the IP address, the terminal name, and the like from the terminal device 1 (step S1), whether the received IP address is registered in the terminal management table of the storage unit 22, that is, Then, it is determined whether or not the terminal device 1 is registered with login permission in advance (step S2). In the case of the terminal device 1 in which the IP address is not registered, the user ID and password input by the user are received from the terminal device 1 by transmitting the user ID and password input screen data to the terminal device 1 and received. The password corresponding to the user ID is read from the user management table of the storage unit 22, and user authentication is performed to collate the read password with the received password (step S3).

  When the collated passwords match, the control unit 21 determines that the authentication is OK, that is, a regular registered user (step S4: YES), and the terminal device 1 that is the login request source is the administrator's terminal. It is determined whether or not there is (step S5). Specifically, for example, when the received IP address matches the administrator's IP address registered in the user management table of the storage unit 22, the login request source terminal device 1 is the administrator's terminal device. 1 is determined.

If it is determined in step S5 that the login request source terminal device 1 is not the administrator's terminal, it is determined whether or not the administrator has already logged in to the management server device 2 (step S6). Specifically, for example, the administrator's user ID is read from the user management table of the storage unit 22, and it is determined whether or not the administrator's user ID is registered in the login management table.
In step S6, if it is determined that the administrator's terminal device 1 is already logged in (for example, if the administrator's user ID is registered in the login management table), the requested login is permitted. The received user ID, terminal name, IP address and other data received from the requesting terminal device 1 are registered (stored) in the login management table of the storage unit 22 as login information (step S7).

  Further, if the collated password does not match in step S4, and if it is determined in step S6 that the administrator has not logged in to the management server apparatus 2, notification data indicating that login is not permitted is sent to the request source. To the terminal device 1 (step S8).

  If the IP address received together with the login request is registered in the terminal management table of the storage unit 22 in step S2, the process related to user authentication in steps S3 and S4 is omitted and step S5 is executed.

Next, a resource providing process for receiving a resource providing request from the terminal device 1 will be described with reference to FIG.
First, when the control unit 21 of the management server device 2 receives a resource provision request and data such as a user ID and an IP address of the terminal device 1 from the terminal device 1 (step S10), the control unit 21 checks the source terminal device 1 and the user. Is performed (step S11). Specifically, for example, it is confirmed that the received IP address is registered in the terminal management table of the storage unit 22 and that the received user ID is registered in the user management table of the storage unit 22.
Next, the control unit 21 determines whether the requesting terminal device 1 is a terminal that has already logged in to the management server device 2 (step S12). Specifically, for example, it is determined whether or not the received IP address is registered in the login management table of the storage unit 22.
If it is determined that the terminal device 1 is logged in to the management server device 2, it is determined whether the user of the terminal device 1 is an administrator (step S13). Specifically, for example, the user ID corresponding to the received IP address is read from the login management table, and it is determined whether or not the user ID matches the administrator user ID registered in the user management table. If they match, it is determined that the user of the terminal device 1 is an administrator.

  When it is determined in step S13 that the user of the terminal device 1 is not an administrator, the control unit 21 determines whether or not the administrator has already logged in to the management server device 2 (step S14). Specifically, for example, the administrator's user ID is read from the user management table of the storage unit 22, and it is determined whether or not the administrator's user ID is registered in the login management table.

  In step S14, when it is determined that the administrator terminal device 1 has already logged in (for example, when the administrator user ID is registered in the login management table), the control unit 21 is requested. The process for providing the acquired resource is performed (step S15). Specifically, when the received resource provision request indicates, for example, “execution of application A1”, the application A1 is executed and the execution screen data and the like are transmitted to the requesting terminal device 1.

If it is determined in step S14 that the administrator terminal device 1 is not logged in, the control unit 21 determines whether or not the requested resource is safe (step S16). Specifically, when safety data corresponding to the resource indicated by the received resource provision request is retrieved from the resource management table, it is determined whether the setting value is “safe”, and “safe” is set. Determines that the requested resource is safe.
If it is determined in step S16 that the resource is safe, a process for providing the requested resource is performed (step S15), and if the resource is not determined to be safe. Transmits notification data indicating that the resource cannot be provided to the terminal device 1 (step S17).

  If it is determined in step S13 that the user of the requesting terminal device 1 is an administrator, the control unit 21 determines whether the received request is a resource usage status confirmation request (for example, the received request). Is a command for confirming the usage status, etc.) (step S18). In the case of a resource usage status confirmation request, various types of data indicating the resource usage status by other users are transmitted to the requesting terminal device 1, and the provision of resources to other users is restricted. When instruction data to be received is received, a process for restricting the use of other users is performed according to the received instruction data (step S19). Note that the data indicating the usage status of the user includes, for example, information indicating the terminal and the user who are logged in, a log indicating the content of resource usage by each user, and the like. Further, in the process of restricting the use of the designated user, for example, when instruction data for restricting the use of a specific user is received, the control unit 21 refers to the login management table and the user's An IP address or the like of the terminal device 1 may be acquired, and communication with the terminal device 1 with the IP address may be forcibly terminated.

  If it is determined in step S12 that the requesting terminal device 1 is not logged in to the management server device 2, notification data indicating that login is necessary is transmitted to the requesting terminal device 1 ( Step S20).

  Next, logout acceptance processing for accepting a logout request from the terminal device 1 will be described with reference to FIG.

  When the control unit 21 of the management server device 2 receives a logout request and data such as an IP address and a terminal name from the terminal device 1 (step S21), the control unit 21 determines whether the terminal device 1 that is the logout request source is the administrator's terminal. (Step S22). Specifically, for example, when the received IP address matches the administrator's IP address registered in the user management table of the storage unit 22, the logout request source terminal device 1 is the administrator's terminal device. 1 is determined.

  If it is determined in step S22 that the log-out request source terminal device 1 is an administrator's terminal, notification data indicating that resource use is restricted to all the terminal devices 1 that are currently logged in. Transmit (step S23). Specifically, the IP address of the terminal device 1 registered in the login management table is extracted, and the notification data is transmitted to the IP address. Then, the log-out request source terminal device 1 is logged out, and the log-in information of the terminal device 1 is deleted from the log-in management table (step S24).

  If it is determined in step S22 that the terminal device 1 that issued the logout request is not an administrator's terminal, the flow skips step S23 and proceeds to step SS24.

  In the logout acceptance process, when the administrator logs out, a notification that the use of resources is restricted is sent to each logged-in user. However, the present invention is not limited to this. For example, you may make it log off forcibly by complete | finishing communication with the terminal device 1 of the user who is logging in.

(Embodiment 2)
In the first embodiment, when the management server device 2 receives a login request from a user other than the administrator, the management server device 2 transmits a notification to the terminal device 1 that the login is impossible unless the administrator is logged in. However, in the second embodiment, a notification that login is not possible is transmitted and the specification of the desired use time is accepted and registered. If the administrator logs in again after confirming the login status of the administrator at the specified time, The registration source user is notified that login is possible. The access management system according to the second embodiment will be described below with a focus on feature points.

  Similar to the system configuration of the first embodiment shown in FIG. 1, the access management system according to the second embodiment includes a terminal device 1 and a management server device 2, which are connected via a network 10. Is done. The configurations of the terminal device 1 and the management server device 2 in the second embodiment are the same as the configurations of the terminal device 1 and the management server device 2 of the first embodiment shown in FIGS. 2 and 3, respectively.

  The control unit 11 of the terminal device 1 in the second embodiment performs various processes similar to those in the first embodiment by reading and executing an operation program or the like stored in advance in the storage unit 12.

  The control unit 21 of the management server device 2 according to the second embodiment reads an operation program or the like stored in advance in the storage unit 22, and receives a login request from the terminal device 1, in accordance with registered schedule information. If the user is ready to log in at the time specified by the user, the scheduling process for notifying the user, the resource providing process for accepting the resource providing request from the terminal device 1, and the terminal device 1 Execute logout acceptance processing that accepts logout.

In the login acceptance process, when receiving a login request from the terminal device 1, the control unit 21 performs user authentication using the user ID and password received from the terminal device 1 and the user management table in the storage unit 22. If there is, it is determined whether or not the administrator is logged in with reference to the login management table in the storage unit 22. If the administrator is logged in, the login is permitted and the login request source user ID, The terminal ID and the like of the terminal device 1 are registered in the login management table. When the administrator is not logged in, the administrator notifies the terminal device 1 that login is not permitted. When the user has a desired usage time, he / she inputs information and stores the information in the storage unit 22. Register in the schedule management table.
In the schedule processing, the control unit 21 refers to the schedule management table in the storage unit 22 in response to a timer interrupt generated every predetermined time using an internal timer, and schedule information that the current time has reached the desired use time If there is, the administrator determines whether the administrator is logged in. If the administrator is logged in, the terminal device 1 is notified that the login is currently possible. Send.
Note that the resource providing process and the logout acceptance process are the same as in the first embodiment.

  In addition, the storage unit 22 of the management server device 2 in the second embodiment further stores a schedule management table in addition to the tables in the first embodiment. In the schedule management table, for example, schedule information including data such as a user ID, a terminal name, an IP address, a desired use time (use start time, use end time, etc.) as shown in FIG. 11 is registered.

Next, login acceptance processing executed by the management server device 2 in the second embodiment will be described with reference to FIG.
When the control unit 21 of the management server device 2 receives the login request, the IP address, the terminal name, etc. from the terminal device 1 (step S31), it determines whether the requesting terminal device 1 is a terminal device for which login permission has been made in advance. It discriminate | determines (step S32). Specifically, it is determined whether the received IP address or the like is registered in the terminal management table of the storage unit 22, and if it is registered, it is determined that the terminal has been previously permitted to log in.

  In step S32, when the IP address or the like is not registered in the terminal management table, the control unit 21 transmits the user ID and password input screen data to the terminal device 1 to input the user input by the user. The ID and password are received from the terminal device 1, the password corresponding to the received user ID is read from the user management table of the storage unit 22, and user authentication for collating the read password with the received password is performed (step S <b> 33). ).

  Then, when the collated passwords match, the control unit 21 determines that the authentication is OK, that is, a regular registered user (step S34: YES), and the terminal device 1 that is the login request source is the administrator's terminal. It is determined whether or not there is (step S35). Specifically, for example, when the received IP address matches the administrator's IP address registered in the user management table of the storage unit 22, the login request source terminal device 1 is the administrator's terminal device. 1 is determined.

If it is determined in step S35 that the terminal device 1 that is the login request source is not the administrator's terminal, it is determined whether or not the administrator has already logged in to the management server device 2 (step S36). Specifically, for example, the administrator's user ID is read from the user management table of the storage unit 22, and it is determined whether or not the administrator's user ID is registered in the login management table.
If it is determined in step S36 that the administrator's terminal device 1 has already been logged in, the requested login is permitted, and the received user ID, terminal name, IP address from the requesting terminal device 1 Are registered (stored) in the login management table of the storage unit 22 as login information (step S37).

If it is determined in step S36 that the administrator's terminal device 1 is not logged in, the control unit 21 transmits notification data to the terminal device 1 indicating that login is not currently possible, and requests for use. Input data about whether or not time is specified is received from the terminal device 1 (step S38). Specifically, for example, while displaying a message indicating that login is currently impossible, whether or not to specify a desired use time, and when specifying a desired use time (use start time, use end time, etc.), user Screen data for allowing the user to input an ID or the like is transmitted to the terminal device 1, and input data for the screen data is received from the terminal device 1.
Then, based on the received data, it is determined whether or not a desired use time has been designated (step S39). Specifically, for example, it is determined whether or not input data for designating a desired use time has been received from the terminal device 1.
If the use desired time is not specified, the process is terminated. If the use desired time is specified, the received use desired time, user ID, terminal name, IP Schedule information composed of addresses and the like is generated and registered in the schedule management table of the storage unit 22 (step S40). Then, the e-mail address corresponding to the received user ID is read from the user management table of the storage unit 22, and an e-mail including information such as the registered desired use time is transmitted to the e-mail address (step S41).

  In step S34, if the collated password does not match, notification data indicating that login is not permitted is transmitted to the requesting terminal device 1 (step S42).

If the IP address received together with the login request is registered in the terminal management table of the storage unit 22 in step S32, the process related to user authentication in steps S33 and S34 is omitted, and step S35 is executed.
If it is determined in step S35 that the login request source terminal device 1 is the administrator's terminal, step S37 is executed.

Next, the schedule process executed by the management server device 2 in the second embodiment will be described with reference to FIG.
The control unit 21 of the management server device 2 is registered with schedule information having the current time as a desired use time in response to a timer interrupt generated every predetermined time (for example, every 10 minutes). It is determined whether it is present (step S51). Specifically, for example, by referring to the schedule management table, it is determined whether there is schedule information in which the current time acquired from the internal timer has reached the registered use time (use start time). If there is corresponding schedule information, it is determined whether or not the administrator is logged in (step S52). If not logged in, the process is terminated as is. Terminal management information is generated for the terminal device 1 indicated by the schedule information and registered in the terminal management table (step S53). At this time, the setting value of the data item of the permission registration type in the terminal management information is set to “temporary permission”.
Next, the control unit 21 transmits notification data indicating that login is currently possible to the terminal device 1 indicated by the schedule information (step S54).

  If it is determined in step S51 that there is no corresponding schedule information, the current time and the desired use time (use end time) are compared to determine whether there is schedule information for which the desired use time has elapsed. (Step S55). If there is corresponding schedule information, the terminal management information of the terminal device 1 indicated by the schedule information is searched for and deleted from the terminal management table based on the terminal name or the like, and the schedule information is deleted from the schedule management table. (Step S56).

  As described above, according to the present invention, it is possible to change the severity of restriction of resource provision according to the determination result of whether or not unauthorized use can be monitored. In addition, the resources of the server device can be used by the user safely. This prevents unauthorized use that cannot be prevented by normal user authentication, such as unauthorized use by other users while a legitimate user is away from his / her seat, or unauthorized use due to password theft, etc. In addition, if necessary, it is possible to simplify the user authentication procedure or to provide various resources without limiting the resources to be provided.

The present invention can be variously modified and applied.
For example, in the login acceptance process, when the management server device 2 determines that the administrator has not logged in to the management server device 2, an email is sent to notify that a login request has been made, and is stored in the user management table. You may make it transmit to the mail address of the registered administrator.
Further, in the resource providing process, when the management server device 2 determines that the administrator has not logged in to the management server device 2, it generates an e-mail notifying that a resource providing request has been made, and the user management table You may make it transmit to the e-mail address of the administrator registered in.

  Further, in the above embodiment, it is determined whether or not the administrator is logged in by determining whether or not the administrator information is registered in the login management table, and the login permission is determined based on the determination result. Resource provision permission, etc., for example, to determine whether the administrator's terminal information is registered in the login management table, to determine whether the administrator's terminal is logged in, Based on the determination result, login permission, resource provision permission, or the like may be performed.

  Further, the monitoring state of unauthorized use of user resources may be managed at a plurality of monitoring levels. For example, as shown in FIG. 14, monitoring level information indicating the condition of each monitoring level is stored in the storage unit 22 of the management server device 2, and the control unit 21 determines the monitoring level at that time at a predetermined timing. The setting may be stored in the storage unit 22. For example, the monitoring level information in FIG. 14 will be described as an example. The control unit 21 refers to the monitoring level 1 condition set in the monitoring level information, and confirms that the condition is satisfied (for example, “monitorer logs in” Etc.)). If the condition of monitoring level 1 is satisfied, the current monitoring level is determined as “1” and stored in the storage unit 22. If the condition for monitoring level 1 is not satisfied, the next condition for monitoring level 2 is referred to, and whether the condition is satisfied (for example, “monitoring person's emergency contact information (email address etc.) is registered. It has been determined, etc.). If the condition of the monitoring level 2 is satisfied, the current monitoring level is determined as “2” and stored in the storage unit 22. If the condition of monitoring level 2 is not satisfied, the next monitoring level 3 condition is referred to to determine whether the condition is satisfied. If applicable, the current monitoring level is set to “3”. Determine and store in the storage unit 22. In this example, when it does not correspond to the monitoring level 1 and the monitoring level 2, it is determined as the monitoring level 3.

Further, the restriction state of resource provision to the user may be managed using a plurality of restriction levels. For example, restriction level information indicating restriction contents (conditions) of each restriction level as illustrated in FIG. 15 may be stored in the storage unit 22 of the management server device 2. As shown in the figure, the restriction level information may include a restriction content related to login and a restriction content related to resource provision. For example, the restriction level information in FIG. 15 will be described as an example. When the restriction level is set to “1”, the control unit 21 permits login when a login request is received, and provides resources. If a request is received, provide that resource. When the restriction level is set to “2”, login is permitted when a login request is received, and only safe resources are provided when a resource provision request is received. When the restriction level is set to “3”, login is not permitted when a login request is received, and resources are not provided when a resource provision request is received.
Further, for example, a monitoring management table in which the restriction level and the monitoring level are associated with each other is stored in the storage unit 22, and the control unit 21 monitors and manages the restriction level corresponding to the monitoring level set in the storage unit 22. The resource provision may be restricted according to the restriction content corresponding to the read restriction level by reading from the table and referring to the restriction level information.

  Further, for example, as shown in FIG. 16, the trust level information in which conditions for separating the terminal device 1 that has accessed the management server device 2 into a plurality of trust levels are set, and for example, as shown in FIG. The combination of the monitoring level and the credit level and the credit / monitoring management table registered in association with the limit level are stored in the storage unit 22 of the management server device 2, and the control unit 21 About the terminal device 1 that is the transmission source of the use provision request, the trust level is determined with reference to the trust level information, and the restriction level corresponding to the combination of the determined trust level and the monitoring level set in the storage unit 22 is determined. The resource provision may be restricted according to the restriction contents corresponding to the read restriction level by specifying the restriction level information. The determination of the trust level of the terminal device 1 that is the transmission source of the use provision request by the control unit 21 will be described using the credit level information of FIG. 16 as an example. For example, when a resource provision request is received from the terminal device 1, When the setting value of the permission registration type of the requesting terminal device 1 is “always permitted” and the user management information of the user of the terminal device 1 is registered in the user management table, the terminal device 1 If the trust level is determined as “1” and the trust level is not “1”, the setting value of the permission registration type of the requesting terminal device 1 in the terminal management table is “always permitted” and the terminal device 1 If the user information is not registered in the user management table, the trust level of the terminal device 1 is determined as “2”, and it corresponds to the trust levels 1 and 2 In the case where there is not, the setting value of the permission registration type of the requesting terminal device 1 in the terminal management table is other than “always permitted”, and the user management information of the user of the terminal device 1 is registered in the user management table. In this case, the trust level of the terminal device 1 is determined to be “3”, and when the trust level is not one of the trust levels 1 to 3, the setting value of the permission registration type of the requesting terminal device 1 in the terminal management table is “ If it is “temporary permission”, the trust level of the terminal device 1 is determined as “4”, and if it does not correspond to the trust levels 1 to 4, the trust level of the terminal device 1 is determined as “5”.

  Further, when the management server device 2 receives a resource provision request from the terminal device 1, the user is registered based on the user type registered in the user management table and the resource type requested from the terminal device 1. The possibility of unauthorized use may be determined. In this case, the storage unit 22 of the management server device 2 stores, for example, an illegal association in which a type table indicating the type of each resource, a combination of a user type and a resource type, and the possibility of unauthorized use are associated with each other. A usage determination table is further stored. The management server device 2 reads out the user type of the resource providing user from the user management table and reads out the type of resource indicated by the resource provision request from the type table. Then, the setting value (for example, “Yes” or “No”) regarding the possibility of unauthorized use corresponding to the combination of the read user type and the resource type is read, and the read setting value is “Yes”. In this case, it is determined that “there is a possibility of unauthorized use”, and when the read setting value is “none”, it is determined that “there is no possibility of unauthorized use”. And the management server apparatus 2 may perform the process which notifies an administrator of a determination result. For example, when the administrator is logged in, the determination result data may be transmitted to the administrator's terminal device 1, and when the administrator is not logged in, an e-mail indicating the determination result May be generated and sent to the email address of the administrator. The notification of the determination result may be performed only when it is determined that there is a possibility of unauthorized use. Further, when it is determined that there is a possibility of unauthorized use, the management server device 2 may automatically limit the resource provision to the user. The content of the restriction is arbitrary. For example, even if the administrator is logged in, the requested resource may not be provided. If the administrator is not logged in, the user may not be provided. May be forcibly logged off.

  In addition, the control unit 21 of the management server device 2 determines whether or not the monitor is in a state that can be monitored by executing a predetermined timing such as when a resource provision request is received or every predetermined time. The result is accumulated and stored in the storage unit 22, and the previous determination result is compared with the current determination result to determine whether or not the monitor has changed from a state where the resource usage can be monitored to a state where the resource usage cannot be monitored. In such a case, the user may be logged off or resource provision may be restricted.

Moreover, although the IP address of the terminal device 1 is registered in each table and used for identifying each terminal device 1, etc., for example, a MAC address may be used instead.
Further, the setting values of each table can be arbitrarily set by the administrator from the input unit 24 of the management server device 2. The management server device 2 updates the setting value stored in the storage unit 22 with the input value.

The system of the present invention can be realized using a normal computer system, not a dedicated system. For example, a program for executing the above operation is stored in a computer-readable recording medium (FD, CD-ROM, DVD, etc.) and distributed, and the program is installed in the computer to execute the above processing. The terminal device 1 and the management server device 2 may be configured. Alternatively, it may be stored in a disk device of a server device on a network such as the Internet and downloaded to a computer, for example.
In addition, when the OS realizes the above functions by sharing the OS or jointly of the OS and the application, only the part other than the OS may be stored and distributed in the medium, or may be downloaded to the computer. Good.

It is a figure which shows the structure of the access management system which concerns on the 1st Embodiment of this invention. It is a figure which shows the structure of a terminal device. It is a figure which shows the structure of a management server apparatus. It is a figure which shows an example of the data registered into a user management table. It is a figure which shows an example of the data registered into a terminal management table. It is a figure which shows an example of the data registered into a login management table. It is a figure which shows an example of the data registered into a resource management table. It is a flowchart for demonstrating login reception processing. It is a flowchart for demonstrating a resource provision process. It is a flowchart for demonstrating logout reception processing. It is a figure which shows an example of the data registered into a schedule management table. . It is a flowchart for demonstrating login reception processing. It is a figure for demonstrating a schedule process. It is a figure which shows an example of the data structure of monitoring level information. It is a figure which shows an example of the data structure of restriction | limiting level information. It is a figure which shows an example of the data structure of trust level information. It is a figure which shows an example of the data registered into a credit and monitoring management table.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Terminal device, 11 ... Control part, 12 ... Memory | storage part, 13 ... Display part, 14 ... Input part, 15 ... Communication part, 2 ... Management server apparatus, 21 ... Control unit, 22 ... Storage unit, 23 ... Display unit, 24 ... Input unit, 25 ... Communication unit, 10 ... Network

Claims (17)

A management server device having a function of using a resource indicated by a provision request in response to a provision request for a resource from a terminal device connected via a network;
Storage means for storing authentication information for authenticating the user;
Receiving means for receiving a login request from a terminal device;
An authentication unit that receives authentication information from a terminal device that is the transmission source of the login request, collates the received authentication information with the authentication information stored in the storage unit, and authenticates the login based on the collation result;
Means for receiving a resource provision request from a terminal device;
Means for determining whether or not the terminal device that is the transmission source of the resource provision request is logged in to the management server device;
A determination means for determining whether or not the monitor can monitor the resource usage;
When it is determined that the terminal device that is the transmission source of the resource providing request is logged in, a limiting unit that limits the provision of the resource indicated by the providing request based on the determination result by the determining unit;
A management server device comprising: The authentication means includes
A means for setting a login authentication condition based on a result of the determination by the determination means and the determination means;
The management server device according to claim 1, further comprising: The authentication means includes
When the determination means determines that the monitor is not in a state in which the resource usage status can be monitored, the login of the user is rejected.
The management server device according to claim 2. Terminal information storage means for storing terminal identification information for identifying the terminal device for the terminal device that is previously permitted to log in to the management server device;
The receiving means further receives terminal identification information for identifying a terminal device;
The authentication means includes
It is determined that the received terminal identification information matches the terminal identification information stored in the terminal information storage unit, and the determination unit determines that the monitor can monitor the resource usage status. In the case of authentication, the authentication information is not verified and the authentication is OK.
The management server device according to claim 2. Means for receiving a reservation request for reservation of use of resources from the terminal device;
Means for registering terminal identification information of the terminal in the terminal information storage means for the terminal device that is the transmission source of the reservation request;
The management server device according to claim 4, further comprising: The determination unit determines whether or not the monitor is logged in to the management server device, and determines based on the determination result that the monitor can monitor the resource usage status.
The management server device according to claim 1, wherein the management server device is a management server device. It further comprises an address storage means in which the e-mail address of the monitor is stored,
The authentication means further includes means for transmitting an e-mail addressed to an e-mail address stored in the address storage means when it is determined that the monitor is not logged in to the management server device.
The management server device according to claim 1, wherein: For each user logged in to the management server device, means for transmitting information indicating the resource usage status to the monitor terminal device;
Means for receiving instruction data for instructing restriction of provision of resources to the user from the terminal device of the supervisor, and for restricting provision of resources to the user based on the instruction data;
The management server device according to claim 1, further comprising: The restriction means further includes means for determining the possibility of unauthorized use of the user based on the type of user and the type of resource indicated by the provision request.
The management server device according to claim 1, wherein the management server device is a management server device. The limiting means limits the provision of resources to the user when it is determined that there is a possibility of unauthorized use for the user.
The management server device according to claim 9. The limiting means transmits a notification to the administrator when it is determined that there is a possibility of unauthorized use for the user.
The management server device according to claim 9 or 10, wherein: Means for executing determination by the determination means at the time of receiving the resource provision request and at least one timing for each predetermined time;
Determination result storage means for storing the determination result of the determination executed at the timing;
Means for logging off the user when the monitoring result is changed from a state in which the monitoring state of the resource can be monitored to a state in which it cannot be monitored with reference to the determination result stored in the determination result storage unit;
The management server device according to any one of claims 1 to 11, further comprising: Means for executing determination by the determination means at the time of receiving the resource provision request and at least one timing for each predetermined time;
Determination result storage means for storing the determination result of the determination executed at the timing;
Means for restricting the provision of resources, when the determination results stored by the determination result storage means are changed from a state in which the monitor can monitor the resource usage state to a state in which it cannot be monitored;
The management server device according to any one of claims 1 to 11, further comprising: A restriction level means for storing a restriction level related to restriction of resource provision and a monitoring level related to monitoring of resource usage by the user,
Means for storing the limitation contents of the resource provision for each restriction level,
The restriction means specifies a restriction level corresponding to a currently set monitoring level, and restricts the provision of resources according to the restriction content corresponding to the restriction level.
The management server device according to claim 1, wherein the management server device is a management server device. Further comprising means for storing trust level information for classifying the terminal device that has accessed the management server device into a plurality of trust levels;
In the restriction level storage means, the combination of the monitoring level and the trust level and the restriction level are stored in association with each other,
The restriction means specifies a restriction level corresponding to a combination of the currently set monitoring level and the trust level of the terminal device, and restricts the provision of resources according to the restriction content corresponding to the restriction level;
The management server device according to claim 14, wherein: An access management method using a computer that uses a resource indicated by a provision request in response to a provision request for a resource from a terminal device connected via a network,
Receiving a login request from a terminal device via a network;
An authentication step of receiving authentication information from the terminal device that is the transmission source of the login request, verifying the received authentication information and pre-registered authentication information, and permitting login based on the verification result;
Receiving a resource provision request from a terminal device via the network;
Determining whether a user of the terminal device is logged in to the server device;
A determination step of determining whether or not the monitor is logged in to the server device, and determining whether or not the resource usage status can be monitored based on the determination result;
When it is determined that the terminal device is logged in, based on a determination result by the determination step, limiting the provision of resources indicated by the provision request;
An access management method comprising: On the computer,
Receiving a login request from a terminal device via a network;
An authentication step of receiving authentication information from the terminal device that is the transmission source of the login request, collating the received authentication information with pre-registered authentication information, and permitting login based on the collation result;
Receiving a resource provision request from a terminal device via the network;
Determining whether a user of the terminal device is logged in to the server device;
A determination step of determining whether or not a monitor is logged in to the server device, and determining whether or not a resource usage state can be monitored based on the determination result;
When it is determined that the terminal device is logged in, based on the determination result of the determination step, the provision of the resource indicated by the provision request,
A program that executes

Images