JP2005234729A - Unauthorized access protection system and its method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To refuse an unauthorized access by judging in real time whether or not any person other than a user principal has illicitly logged in the significant file of a server or a client terminal by stealing the user ID and password of the principal, and illicitly accessed to the file by impersonating the principal. <P>SOLUTION: The personal schedule of a user is registered in a temporary registration file 102, and then registered as formal schedule information in a personal schedule information management file based on the fact that the personal schedule of the user is approved by another user. On the other hand, an access permission file is registered in a business-categorized file information management file 105 for each business, and an access permission policy is automatically generated by an access permission policy extraction and generation/export processing control part 106 by associating the name of the business, the name of the user and the allowable time of the file access from both the business-categorized file and the schedule information. When the file is accessed beyond an access time, the unauthorized access is found out, and the access to the file is defined. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an unauthorized access protection system that detects and suppresses access in real time against unauthorized access by an individual user ID or password impersonation in a closed network, specifically, an in-house network system environment. , Regarding the method.

  Conventionally, in the case of an internal unauthorized access prevention system such as an in-house company, as a person by comparing and checking that the access user information (user ID) accessed by the file is the same as the access-permitted user set in the access permission policy I was aware. Accordingly, most of illegal file accesses that pass through the firewall from the outside are detected as mismatched access user names.

  Furthermore, with respect to the file permitted by the policy for this user, a method of permitting access only by the process and access type permitted by the policy was used to detect and prevent internal unauthorized access. As described above, by restricting the use due to access process mismatch, access type mismatch, and the like, the unauthorized access from the outside is protected.

  In addition, as prevention of unauthorized access, Patent Document 1 discloses a method of using permission to an authentication server at login, and Patent Document 2 detects unauthorized access by registering personal schedule management and checking it. A method is disclosed.

JP-A-10-269184

Japanese Patent Laid-Open No. 11-282803

  Even in the conventional system, there are many cases where a person close to the inside of a company or a person who has illegally entered the office from outside can know the user ID and password of another person illegally. When a malicious person steals the user ID and password of the person and logs in as the person himself, the access user name at the time of file access is also the person himself. Therefore, in the conventional internal unauthorized access prevention system, it is not possible to detect unauthorized access user. In addition, when the user's PC itself is illegally used in the absence of the user, such as at midnight, it cannot be detected even if the access processes do not match because of the same program. For this reason, when logging in with the user's impersonation, there is a problem that access to all files permitted by this user is permitted, and unauthorized access cannot be detected and prevented.

  Also, in the case of a conventional internal unauthorized access prevention system, when this security system is introduced, the system administrator defines a file for which access is permitted for each user in advance, and operates in a state where the access permission range is fixed. Originally, for security reasons, the system administrator must review the access permission file for each user and change the definition to an appropriate setting whenever the business content for each user changes. In reality, once set, security information cannot be changed frequently. For this reason, even if the person himself / herself suddenly needs access for work due to a change in work, etc., the immediate access permission cannot be granted due to the circumstances of the system administrator, or conversely, the person does not need access permission for work. There was an operational problem that the management operation of the access permission policy could not be made flexibly, such as being still accessible. In order to solve this problem, it is possible to set the access permission policy so that not only the system administrator but also each PC user can freely change the setting according to his / her daily work contents. However, there is a risk that the setting of the access permission policy itself is illegally changed to access permission due to the above-mentioned unauthorized access by impersonation. In addition, if the person himself uses it maliciously, it becomes possible to illegally access an important file in the server, which is not an effective means for security.

  As a method of performing a post-inspection of unauthorized access by impersonation, there is also a method of acquiring traces of all personal accesses at the time of file access and finding traces used by other persons by checking the file access history appropriately. However, this cannot prevent unauthorized access in real time. In addition, the actual file access history is a large amount of information that is acquired, and not only spending a lot of time each time, but also if you do not know your own action time, it will cause a check omission. It is not an effective means.

  In particular, Patent Document 2 uses an individual schedule to prevent unauthorized access. However, if the individual is malicious, there is a problem that the unauthorized operation is permitted.

  In order to achieve some of the above-described problems and problems, the present invention provides means for linking a preset daily work schedule of an individual and an access permission policy. Specifically, during the day of the day and the time when the person performs the work, only the files that are necessary for the work are permitted, and access to all protected files that are not applicable is denied. Means were provided. In addition, even when the person himself / herself is not present due to a meeting, business trip, leaving office, etc., by registering in this schedule, even if access is from the same user name as the person himself / herself, a means of denying access in the same way Was established. Further, as a means for preventing unauthorized registration and falsification of the schedule information itself, a form that requires approval by a person other than the person in advance is adopted. For this reason, the person's schedule is temporarily registered until the other person's approval in the same group is approved. In this state, all access to the protected files of the person is denied and official approval is made for the first time when approval is obtained. A means was added to enable registration according to the set schedule. In addition, a means is provided for notifying the user that the approval request has been made and the approval has been made, and for knowing what action schedule each user has in a list. Furthermore, a means for monitoring each other's unauthorized access status on a group basis was provided. In addition, as a method of actually checking file access, target files that are allowed to be accessed are set in advance, and the target files are grouped in units of work, and the user's daily work, hourly action schedule and work Create a policy group with the necessary policy attributes from the name, etc., associate this policy group name with the target file that is permitted to be accessed on a business unit basis, automatically generate an access permission policy, and generate access information and target file information A means for comparing and managing the policy information is provided.

  According to the present invention, files that are managed on the network system, that is, access control policy information that protects information from unauthorized access, each user applies for a business schedule according to the business hours, and the files that are required according to the business hours. Since the information can be updated so that only access is possible, information on the system can be prevented from being accessed in an unauthorized time zone.

  In addition, the approval of the approver is required for the application of the business schedule, so that outside users can be prevented from registering the business schedule illegally. If unauthorized access occurs, access is made in real time. It is possible to immediately detect unauthorized access information and notify each user from playing.

Embodiments of the present invention will be described below with reference to the drawings.
FIG. 1 is a configuration example of an unauthorized access protection system according to the present invention and shows a server processing apparatus. A plurality of client processing apparatuses shown in FIG. 2 are connected via a communication network such as a LAN centering on the server processing apparatus. The server processing apparatus includes a CPU, a memory, a storage unit (including a magnetic disk, an optical disk, and the like), an input unit (keyboard, mouse), a display unit, and the like as hardware configurations. The software configuration includes an OS (Operating System), application programs that operate on the OS, and various data. The same applies to the client processing apparatus. In this specification, each software and program is expressed as a control unit and a processing unit, and these control units perform their functions in cooperation with the above hardware configuration. Includes both hard. Moreover, since the function name which is the feature of the function is used as it is as the name for these control units, files, etc., the name itself becomes longer. Therefore, although the name is omitted as appropriate, the function itself does not change.

  A TCP / IP (Transmission Control Protocol / INTERNET Protocol) communication control program 100 is general-purpose LAN driver software for TCP / IP communication control operating on an OS operating on a server processing apparatus. This software transmits / receives data to / from the client side according to a predetermined communication procedure and protocol (protocol). Web software cooperates with the communication control unit 100. The Web software has a personal schedule registration / display processing control unit 101. The processing control unit 101 is Web application control software for registering or displaying schedule information for personal work from a client processing device through Web connection.

  The storage unit stores a plurality of files for each type. Among them, the data personal schedule information pre-approval temporary registration file 102 is a database file used for temporary registration of personal schedule information. Specifically, the temporary registration file 102 is a schedule application from the approver executed on the Web after applying for registration of the personal schedule information on the schedule registration application screen on the Web by the user using the client terminal before starting the work of the day. Until that time, the temporary registration data is stored. On the other hand, the personal schedule information management file 103 is officially registered in the server as personal schedule information from the temporary registration file 102 after the approval application request destination user (approver) approves the personal schedule information of the approval application request source user (requester). This is a database file for managing the reflected personal schedule information.

  The business-specific file information setting processing unit 104 is for the server administrator to classify and define files that can be used for each business on a GUI (Graphical User Interface) basis. In particular, the application processing unit has a function of registering in the business-specific file information management file 105 in the server. The business file 105 is a database file that defines and manages the business unit use file information set by the setting unit 104 as the business-specific identification ID and the absolute file name information in the server / client belonging to the business ID (see FIG. 8).

  After the personal schedule information is registered and reflected in the personal file 103 from the temporary registration file 102, the access permission policy extraction / generation / export processing control unit 106 extracts information registered in the personal file 103 and the business file 105. Then, the access permission policy file 107 is automatically created and stored under a specific directory in the storage unit (disk) of the server processing apparatus. An access permission policy file that is automatically created almost simultaneously with the storage is transferred to a specific directory in the storage unit (disk) of each client processing device through the communication control program 100 and stored in a processing control unit having an export function. is there. Also simply referred to as policy control unit 106.

The access permission policy 107 is a policy file having a target file for controlling access to various files in the storage unit (disk) of the server processing apparatus and access permission attribute information of the access control target file.
The I / O manager 108 is driver software that executes an access process on a file on the OS in accordance with a file access request from an arbitrary application.

  The file access monitoring control unit 109 is a control unit that hooks a file access (for example, picks up an arbitrary message from a certain message) when the file access is executed by the I / O manager 108. Then, the file access check processing control unit 110 determines whether the file access information hooked by the monitoring control unit 109 is a business file 115 subject to access protection of the policy 107. In the case of a business file subject to access protection, it is compared with the access permission attribute of the policy group associated with this file to determine whether it is legitimate access, and if it matches the access permission attribute, an access permission response is sent as normal access. Return to / O manager 108. On the other hand, if the access permission attribute does not match, an access denial response is returned to the I / O manager 108 as unauthorized access, the unauthorized access information is notified to the unauthorized access detection information client notification / reception control unit 112, and the unauthorized access log 111 It is a control part which records.

  The unauthorized access log 111 is a log in which the contents are written when the check control unit 110 detects unauthorized access. When the unauthorized access detection information client notification / reception control unit 112 detects unauthorized access by the check control unit 110, the communication control program 100 sends the unauthorized access detection information to the client processing apparatus registered in the personal / group PC information management file 113. Send a message through Further, when an unauthorized access occurs in the client processing device, the notification is received through the communication control program 100 and notified to the unauthorized access detection information display processing control unit 114.

  The personal / group PC information management file 113 is a database for managing IP address information and group information of management clients of users who use this system. When the check control unit 110 detects that there has been unauthorized access, the unauthorized access detection information display processing control unit 114 receives the unauthorized access information from the check control unit 110 and displays it in the personal schedule information on the server Web. Do. The access protection target business file 115 is a business file defined as an access protection target by the policy 107.

FIG. 2 shows the client processing apparatus side that is electrically connected to the server. Since each of the functions controlled by the server is reflected on the client (and vice versa), it basically has the same functions as those described for each of the server configurations described above.
The TCP / IP communication control program 200 is driver software for connecting to a server, and the web processing browser software 201 is application software for communicating with server-side web software. The access permission policy 202 is a policy file having access permission attribute information of an access control target file with respect to the access protection target business file 208 in the disk of the client processing apparatus.

  The access permission policy import processing control unit 203 is a control unit for importing the policy 107 exported from the server processing device into the policy 202 in order to validate the policy 107 on the client processing device. This is to prevent inconsistency between the policy on the server side and the client side.

  The I / O manager 204 is driver software that executes access processing on a file on the OS in accordance with a file access request from an arbitrary application. The file access monitoring control unit 205 is a control unit that hooks information when file access is executed by the I / O manager 204. The file access check processing control unit 206 determines whether the file access information hooked by the monitoring control unit 205 is an access protection target business file 208 set by the policy 202. In the case of a business file subject to access protection, it is compared with the setting contents of the policy 202 to determine whether it is a legitimate access. If it matches the access permission attribute, an access permission response is returned to the I / O manager 204 as normal access. If the access permission attribute does not match, the access rejection response is returned to the I / O manager 204 as unauthorized access, the unauthorized access information is notified to the unauthorized access detection information server notification / reception control unit 207, and the unauthorized access log 209 is displayed. A control unit for recording.

  The unauthorized access detection information server notification / reception control unit 207 notifies the unauthorized access detection information notified from the file access check processing control unit 206 to the server processing device through the communication control program 200, and the server processing device and other client processing devices. When there is an unauthorized access detection notification, the control unit receives the notification information, and the unauthorized access detection information received here is displayed on the display unit (display) of the client processing device by a pop-up text window or the like. The The access protection target business file 208 is a business file defined as an access protection target by the policy 202.

  A table 300 in FIG. 3 shows table information registered and managed in the personal / group PC information management file 113. The user name and user ID of each group and the IP address information of the client processing device used by this user are registered in a table in advance by the server administrator when this system is constructed.

  A user name 301 is a name of a user who handles the client processing apparatus, and a user ID 302 is a user identification ID assigned to the user name 301 in a one-to-one correspondence. An IP address 303 is an IP address owned by each client processing apparatus handled by each user.

  One of the purposes of use of this table is that, when unauthorized access is detected, the notification / reception control unit 112 extracts the unauthorized access detection user ID from the unauthorized access detection information notified from the check control unit 110, and this detected user All relevant user IDs in the table of the same group name to which the ID belongs are searched, and unauthorized access detection information is notified to the IP address of the client processing device used by all the target user IDs searched. Used to do.

  For example, when unauthorized access occurs for the user “Tanaka” (user ID: SG0001), unauthorized access detection information is notified to the IP addresses of all client processing devices in the table of group A to which the user Tanaka belongs. (Refer to Step 26 / Step 30 in FIG. 13). As a result, a notification message 1600 (see FIG. 16) of unauthorized access detection that occurred in the user Tanaka is displayed on the display unit of the client processing device used by all users belonging to the user group A, and all the members belonging to the user Tanaka belong to the group. Can know the unauthorized access occurrence information in real time.

  The second purpose of use of this table is that of the client processing device used by the target user ID of the user selected as the approver of this business schedule during the individual business schedule registration application processing in FIG. Notify the business schedule approval registration request message to the IP address. After the approval registration of the business schedule approver, the business schedule approval end message is used to notify the IP address of the client processing device used by the user who requested the business schedule registration application.

  For example, when the user “Tanaka” applies for registration by selecting “Hayashi” in the approver input area on the work schedule registration application screen of FIG. 4, the IP address of the user ID corresponding to the user “Hayashi” in this table The business schedule approval registration request message is notified to. On the client terminal of the user “Hayashi” who received this notification, for example, “(!) Work schedule application registration request received (User: tanaka, Access terminal: SG0001)”. A notification message is displayed (step 5 in FIG. 12). As a result, the approver “Hayashi” sees this message, knows that there has been a business schedule approval registration application, and can confirm the contents in real time and perform the approval process. In addition, after the user “Hayashi” approves the business schedule registration application, the business schedule approval message is notified to the IP address of the user ID corresponding to the user “Tanaka” in this table. On the client terminal of the user “Tanaka” who has received this notification, a business schedule approval end notification message, for example, “(!) Approved business schedule application registration (User: Hayashi, Access terminal: SG0005)” is displayed. (Step 11 in FIG. 12). From now on, the user “Tanaka” can see the message and know that the business schedule approval registration application has been approved, and can immediately start the business. The approval is also displayed to users other than “Tanaka” (IP address 303 of group A).

  FIG. 4 shows an example of a GUI on the Web screen for applying for a new registration / change registration for each person's business schedule (step 4 in FIG. 12). This function itself corresponds to the personal schedule registration / display processing control unit 101 of the Web software in the server processing apparatus.

  The business schedule application registration screen 400 is displayed on the Web processing browser software 201 of the client processing apparatus after accessing the URL for the business schedule application registration Web of the server processing apparatus from the Web processing browser software 201 in the client processing apparatus. It is a screen. Each individual uses his / her PC on the day before or on the day before his / her sunrise time, scheduled time to leave, work start time, work end time, work work name, work work content, and approval requester. You can apply for registration from the Web screen.

  The information applied for registration here is temporarily stored in the management database in the temporary registration file 102 before personal schedule information approval (step 11 in FIG. 12) until the approval process in FIG. 5 ends (step 11 in FIG. 12). Provisional update). This is because the access control operation is performed with the personal schedule information before the change until the personal schedule information is approved. As a result, even if a malicious outsider logs in to impersonate this user and tries to access the user's business file in an intentional manner, he / she is not authorized. If not, schedule registration / change cannot be performed and unauthorized access can be prevented. In addition, the registration contents of the personal schedule information can be confirmed on the Web screen in the client processing apparatus, and the approval of the personal schedule information is made so that the display contents of this screen are always guaranteed information that has been approved. Until the process ends, the personal schedule information database (personal file 103) is not updated. For this reason, the personal schedule information before approval is stored in the temporary registration file 102 before personal schedule information approval.

  The exit notification button 401 in the screen of FIG. 4 is pressed when the person leaves the office to prohibit all access to the protected business file 115/208 from the current time on that day to the next morning work time. After the leave notification button is selected, access to all business files subject to access protection from the user ID of the selected user is illegally accessed as access denied until the next business schedule registration is approved. Is suppressed. The “access control” shown in the selection menu on the right side of FIG. 4 indicates whether each business, meeting, business trip, etc. is permitted or prohibited to access the business file of the person in that time zone. For example, business A allows access to all related files of business A during that time period, but when a meeting, a business trip, etc. are scheduled, the user cannot use the client processing device. Prohibit all access to the person's business files during that time period. When applying for approval in FIG. 4, the user name is input by specifying “Suzuki”, “Sato”, etc. in the selection menu.

  FIG. 5 is an example of a GUI on the Web screen for approving (step 5 in FIG. 12) information (business schedule of other users in the user group) registered on the business schedule application registration screen in FIG. This function itself also corresponds to the personal schedule registration / display processing control unit 101. The business schedule approval registration screen 500 is displayed on the Web processing browser software 201 of the client processing device after accessing the URL of the business schedule approval registration Web of the server processing device from the Web processing browser software 201 in the client processing device. It is a Web screen. Approver, in this example, “Hayashi” confirms the display of the work schedule information submitted for registration on the work schedule application registration screen related to “Tanaka” of the applicant, and the selection menu “Approve”, “Reject”, “Hold”, etc. Perform approval process by input. If approved, the data is updated from the temporary registration file 102 to the personal file 103.

  FIG. 6 is a display example of a Web screen that displays a list of work schedule information of all users belonging to the same group A. This display control also corresponds to the personal schedule registration / display processing control unit 101. The business schedule information display screen 600 allows all users belonging to the same group to mutually confirm the business schedule information of all of them on the Web screen of each personal use client processing apparatus. In FIG. 4, the data of the personal schedule information management file 103 applied by each user “Tanaka”, “Suzuki”, etc. and approved by the approver “Hayashi” is displayed. If unauthorized access occurs, as shown in Fig. 15, everyone can know which user occurred at which time zone on this screen, so there is no unauthorized user on the spot. Even in this case, it is possible for other users to quickly cope with the display content.

  FIG. 7 is a business schedule information data table 700 for all users. After the information applied for registration on the business schedule application registration screen 400 in FIG. 4 is approved on the business schedule approval registration screen 500, the personal schedule information management file 103 is displayed. The contents of the actual data table stored in the database (step 7 in FIG. 12). Of course, this data content also corresponds to the list display content of FIG.

  The user ID 701 is set by extracting the user identification ID corresponding to this user from the table of FIG. The attendance status 702 is set with status flag data indicating the attendance status of the user (working or leaving office). For this flag, a flag indicating that the employee is working is set between the work time and the scheduled departure time. During work, the access to the business file set in the work schedule is enabled, and the leave button 401 in FIG. 4 is pressed. After that, a flag indicating leaving the company is set in this table. By referring to this information and deleting all the setting information of the user ID of the corresponding user in the access permission policy 107/202, the access protection target from this user is deleted. All access to business files is denied.

  The working time 703 is set with the data of the time to enter the office and the time to leave the office entered on the work schedule application registration screen 400. As the access permission time 704, the business start time and business end time data input on the business schedule application registration screen 400 and the identification ID data of the business to be executed during this time zone are set. This access-permitted time data is set in one record for the number of time zones / business names for which registration has been applied on the business schedule application registration screen 400, and the end of the registered data is detected at the end of one record in this table. NULL is set as a stopper indicating the end of.

  As described above, the business schedule information data table 700 for all users is registered in the same table format in the temporary registration file 102 before approval of personal schedule information when a registration application is made on the business schedule application registration screen 400. After being approved on the business schedule approval registration screen 500, the data in the table of the temporary registration file 102 before personal schedule information approval is copied into the database table of the personal schedule information management file 103, and the table data is updated. The registration data in the business schedule information data table 700 for all users is used as data for displaying the business schedule information display screen 600 and for automatically creating the access permission policy 107/202.

  The business file registration information table 800 in FIG. 8 is an example of the contents of the data table stored in the business file information management file 105 in FIG. The business-specific file registration information 800 is a table in which file path name information of files / directories used in each business is classified and registered in units of business-specific records, and uses the GUI tool of the business-specific file information setting processing unit 104. Registered in advance by the system administrator.

  The business group ID 801 is a business identification ID corresponding to the business name to be implemented, and the business file ID information registered in the business schedule information data table 700 and the business file association information table 1100 in FIG. 11 registered in the access permission policy 107/202. It is used for the business identification ID. The access permission directory / file 802 is selected by the system administrator by the system administrator by selecting a file to be used as an access protection target for each file used in the server processing apparatus and the client processing apparatus for executing each job, and selecting it by the GUI tool. The full path file name is classified and registered for each business unit, and the full path file name data registered and classified for each business group ID is stored in the business-specific file registration information table 800. As shown in the figure, directories and files that are permitted to be accessed in each job are preset.

  FIG. 9 shows an example of the contents of registration data in the table of the business-specific access permission policy 900 set as the access permission policy 107/202. The business-specific access permission policy 900 is created by the access permission policy extraction / generation / export processing control unit 106 after the personal schedule information applied for registration on the business schedule application registration screen 400 is approved on the business schedule approval registration screen 500. This is access permission policy information extracted from the information management file 103 and automatically created (step 8 in FIG. 12).

  The business-specific access permission policy 900 is a policy group of access permission attributes for controlling access permission / rejection for each business file. When the I / O manager 108/204 accesses the access protection target business file 115/208, the file access check processing unit 110/206 uses the file access information hooked by the file access monitoring control unit 109/205 as the access permission policy. It is checked whether the file name associated with the 107/202 business file association information 1100 matches the file name. If there is a match, each policy information of the policy group name 901 in the business access permission policy 900 table corresponding to the policy group name registered in the table of the association policy group 1103 (FIG. 11) associated with this file name. Is used to check whether the access permission attribute 902/903 is set, and whether access is permitted / denied (step 23 and step 28 in FIG. 13).

  The policy group name 901 is the name of a policy group in which a plurality of one policy set with this access permission attribute is registered, and the plurality of access permission policy information set in this policy group is the business file association information in FIG. Used to link to and associate with an access granted directory / file 1102 in table 1100. “PG-9999” in the policy group name 901 in this example is a policy group in which only a policy in which the access permission policy attribute is set to NULL is registered, and this prohibits file access from all users. This is a policy group created by default. (By setting NULL to the access attribute of the policy, all access information is not applicable and unauthorized access is made.) The purpose of use of this policy group is that no business has registered in the business schedule registration application of FIG. If there is no access permitted user in the policy group as a result of deleting the policy setting information of the corresponding user in the policy group by pressing the leave button 401 in FIG. This is used to prohibit all access to the file subject to access protection.

  The user ID 902 is a user ID of a user who permits access to the business file associated with this policy in the business file association information table 1100, and business schedule information data of all users stored in the personal schedule information management file 103. Extracted from each user ID 701 in the table 700 and stored in the user ID 902 area of this policy table. At this time, a user ID for which the same business ID is set in the business schedule information data table 700 is extracted from one policy group table and registered in the user ID 902. The access permission time 903 is time data for setting a start time and an end time for permitting access to the business file associated with this policy, and all the users stored in the personal schedule information management file 103 have the access permission time 903. An access permission time 704 corresponding to each user ID 701 in the business schedule information data table 700 is extracted and stored in the area of the access permission time 903 of this business access permission policy table. For example, “Tanaka” of the user ID “SG0001” is permitted only access from 9:00 to 12:00 to the business A “G000A” in which the policy group “PG-000A” is set. It also indicates that access is prohibited.

  FIG. 10 is a content example of registration data of the business-specific access permission policy 900 before the user using the user ID “SG0001” leaves the business schedule or before the business schedule registration. When a user using the user ID “SG0001” leaves the company (selects the leave button 401 in FIG. 4), a policy in which “SG0001” is registered as an access-permitted user is searched by this user ID, and the target policy is this Delete from the table. As a result, the user ID “SG0001” does not have any access authority, and any access to the business file from the user ID “SG0001” is denied access.

  FIG. 11 shows an example of the contents of the table registration data of the business file association information 1100 set as the access permission policy 107/202. The business file association information 1100 is created after the personal schedule information applied for registration on the business schedule application registration screen 400 is approved on the business schedule approval registration screen 500 and the business-specific access permission policy 900 is automatically created. The access permission policy extraction generation / export processing control unit 106 extracts the business group ID 801 and the data of the access permission directory / file 802 from the business-specific file information management file 105 registered by the business-specific file information setting processing unit 104. Then, the policy group name 901 is extracted from the table of the above-mentioned business-specific access permission policy 900 which is set in the business group ID 1101 and the access permission directory / file 1102 and automatically created in the access permission policy 107. It is automatically created by setting association in 1103 (step 8 in FIG. 12).

  The business file association information 1100 is also a management table for linking the access protection target file 115/208 and the policy group of the business-specific policy group information 900 and setting association information. When the I / O manager 108/204 accesses the access protection target business file 115/208, the file access check processing unit 110/206 uses the file access information hooked by the file access monitoring control unit 109/205 as the access permission policy. This is used to check whether the file name associated with the business file association information 1100 of 107/202 matches (steps 23 and 24 in FIG. 13).

  The business group ID 1101 is set from each business group ID 801 of the business-specific file registration information table 800, and the access permission directory / file 1102 is an access permission directory / file corresponding to each business group ID 801 of the business-specific file registration information table 800. The contents are set from the file 802. The association policy group 1103 is a content set from the policy group name 901 of the policy group 900, and sets policy group association for all files / directories set in the business group ID of the business file association information 1100.

  Further, the association between the access permission directory / file 1102 and the association policy group 1103 is made by assigning the policy group name of the policy group 901 created corresponding to each business ID set in the business schedule information data table 700 to this business. It associates with the access permission directory / file 1102 in the ID. If there is no business ID set in the business schedule information data table 700, the name of a default policy group (a policy group that prohibits all access, for example, “PG-9999”) is associated.

  As described above, the server processing apparatus (FIG. 1) and the client processing apparatus (FIG. 2), and the functions and controls constituting each of them are described in detail with reference to FIGS. Next, with regard to each of these controls, processing relating to application and processing for preventing fraud will be described.

  In FIG. 12, user A (for example, “Tanaka”) logs in to the client processing apparatus and applies for approval of business schedule registration to user B (“Hayashi”). Then, the user B approves this, and a series of processing sequences until the business schedule registration application content is stored in the business schedule database and reflected in the access permission policy.

  User A performs login processing to the client PC with his / her user ID “user A” and password “1234” and succeeds (step 1). User A performs log-in processing for using the schedule management Web software of the server PC using his / her user ID “***” and password “***” from the Web screen of the client PC (Step 2). Success (step 3). User A uses the GUI of the personal schedule registration / display processing control unit 101 of the Web software of the server processing apparatus from the Web screen on the client PC, that is, the above-described display screen of FIG. A schedule registration / change application is made (step 4). Information on the application for approval of registration / change of the business schedule of the person (user A) is stored in the personal schedule temporary update DB (temporary registration file 102 before personal schedule information approval). Then, the client notification control unit 112 notifies the approval request notification of the registration application information to the client PC of the approval request destination user B (step 5).

  The notification of the approval request from the server is displayed as a message on the client PC of user B by the server notification / reception control unit 207, and the user B displays the contents of the schedule of user A from the Web screen on the client PC via the Web software Using the GUI of the personal schedule registration / display processing control unit 101, confirmation and approval are performed (step 6). This screen has already been described with reference to FIG.

  When the work schedule of user A is approved, the information of the temporary registration file 102 before the personal schedule information that has been temporarily registered is formally reflected in the DB of the personal schedule information management file 103 (step 7). After the DB reflection in step 7, the access permission policy extraction generation / export processing control unit 106 uses the personal schedule information management file 103 and the business-specific file information management file 105 of the user A reflected in the DB to access the access permission policy. 107 is automatically generated (step 8). That is, it is the policy of FIGS.

  Next, the access permission policy 107 automatically generated by the access permission policy extraction generation / export processing control unit 106 is exported and transferred to the client PC, and the client PC transfers the received access permission policy to the access permission policy import processing control unit 203. Are imported and reflected in the access permission policy 202 (step 9). Furthermore, the automatically generated access control policy is reflected in the access permission policy 107 of the server side PC (step 10).

  After the processes in steps 9 and 10 are completed, the client notification control unit 112 notifies the user PCs of all users who belong to the same group as the user A and the user A that the business schedule of the user A has been registered / changed (step 11). ). That is, it notifies the user of the IP address registered in FIG.

  Upon receiving this notification, all users belonging to the same group as the user A and the user A receive the business schedule registered information of each individual including the user A registered in the DB of the personal schedule information management file 103 for each individual client. The screen of the personal schedule registration / display processing control unit 101 of the server processing apparatus Web software is displayed from the Web screen on the PC using the GUI (FIG. 6). Whether or not a suspicious business schedule registration unrelated to the business content of A has been registered) is verified by mutual confirmation (step 12). This makes it possible to perform mutual monitoring within the same group for unauthorized business schedule registration for the purpose of unauthorized access by impersonation by another person.

FIG. 13 shows that a malicious outside user registers a meeting or the like on his / her own schedule and is absent (when user A is not logged in to the client PC / server with his / her user ID). Intentionally stealing user A's user ID and password, illegally logging in to user A's client PC and server PC, impersonating user A, and illegally processing business files on client PC and server PC This is a series of processing sequences for preventing unauthorized access when accessing to. (On the other hand, if user A has already logged in to the client PC / server with his / her user ID and is using the PC during the time period when user A has registered his / her business according to his / her schedule, it will be via another client PC's network. (It is assumed that the unauthorized access to the client PC / server with the user ID of the user is rejected as a double login at the time of login and the login itself cannot be performed.)
If the outside user logs in to the client PC of user A using the user ID and password of user A, the login is successful (step 21). The outside user attempts an unauthorized access operation on the access protection target business file 208 on the user A's client PC (step 22). By this access operation, file access is started from the I / O manager 204. Access is hooked by the file access monitoring control unit 205 before this file access is executed. Then, this file access information is acquired. The obtained file access information is transferred from the file access monitoring control unit 205 to the file access check processing control unit 206. From the file accessed information, the file access check processing control unit 206 sets the full path name of the access file in the access permission directory / file 1102 in the table of the business file association information 1100 (see FIG. 11) of the access permission policy 202. Check whether it matches the registered data.

  At this time, if the file is not an access protection target business file (not applicable), file access is executed from the file access monitoring control unit 205. In the case of an access protection target business file (applicable), the access permission policy attribute 902/903 in the corresponding association policy group name 901 in the table of the business-specific access permission policy 900 associated with this access permission directory / file 1102 Is compared with the access attribute information actually accessed by the file to determine whether the access is normal or illegal.

  If the user ID of the access attribute information actually accessed by the file does not correspond to the user ID of the access permission policy attribute 902 in the association policy group 901, the file access monitoring control unit 205 to the I / O manager 204 is regarded as unauthorized access. By returning a response of access denial to, access to the file is denied (step 23). If the user ID is applicable, whether the time of the access attribute information that is actually accessed next is within the access permission time range of the user ID of the access permission policy attribute 902 in the association policy group 901. To check. If it is within the access permission time range, file access is executed from the file access monitoring control unit 205 as normal access. If it is outside the access permission time range, the file access is rejected by returning an access rejection response from the file access monitoring control unit 205 to the I / O manager 204 as unauthorized access (step 23).

  In this way, access to a business file that user A has not registered in the business schedule is denied, and the file registered in the business schedule must also match the time schedule of the business schedule in which the person himself / herself uses the business file. If the access is rejected, the unauthorized access detection information server notification / reception control unit notifies the unauthorized access detection information to the server PC (step 24). Further, a message indicating that unauthorized access has been detected by access from user A is sent to all client terminals of users in the same group as user A (step 25). Further, the unauthorized access information is recorded in the unauthorized access log 209 in the disk file on the user A's client PC (step 26).

  As another unauthorized access case, an outsider user attempts an unauthorized access operation to the server-side access protection target file 115 (step 27). As described above, the server PC denies access to a file not registered in the schedule, and denies access to a file registered in the schedule if the time zone does not exist (step 28). Also, unauthorized access information is recorded in the unauthorized access log 111 on the server PC (step 29). Further, a message to the effect that the unauthorized access is detected by the access from the user A is notified to the users in the same group as the user A (step 30). In the case of unauthorized access on the client PC, after step 25, and in the case of unauthorized access on the server PC, in step 30 and later, the user belonging to the same group as the user A sends this unauthorized access detection detailed information to his client terminal. It is possible to access the Web of the server PC from the Web screen and check the detailed contents of unauthorized access (step 31). An example of the screen is shown in FIG.

  FIG. 14 is a processing sequence diagram for prohibiting access to all access protection target business files when user A leaves the business schedule registration Web screen of the client PC, that is, when the user leaves the button 401 in FIG. It is.

  User A logs in to the server PC and requests to display the business schedule application registration screen of FIG. 4 (step 41). User A successfully logs in to the server PC, and the server PC displays a business schedule application registration screen on the client PC (step 42). User A selects the leave button 401 on the business schedule application registration screen and sends information to the server PC (step 43). The in-server Web software updates the attendance state 702 of the user A in the work schedule information data table 700 of the personal schedule information management file 103 based on the transmitted leaving information of the user A while leaving the office. Then, the access permission policy extraction / generation / export processing control unit 106 deletes all access permission policy attributes set for the user A in the policy group table 900 of the access permission policy 107. As a result, the policy group table is updated as shown in FIG. 10 (step 44). FIG. 10 shows a situation where the user ID “SG0001” has left the company.

  The updated policy information is exported to a file by the access permission policy extraction / generation / export processing control unit 106 and transferred to the client PC, and is exported to the access permission policy 202 by the access permission policy import processing control unit 203 on the client side. The created policy file is reflected (step 45). As a result, an access denial response is received for access to all business protection target files from user A after pressing the leave button.

  FIG. 15 is an example of a Web screen that publishes the work schedule information of all user groups in FIG. On the unauthorized access detection information display screen 1500, each user can check the business schedules of other users belonging to the same group in a list, and the user and time zone in which unauthorized access has occurred are displayed in different colors depending on the display part in the screen. It is a device that can be confirmed by changing it (eg red). In the figure, although the user “Sato” was absent at the meeting from 15:00 to 17:00, unauthorized access was illustrated.

  FIG. 16 is an example of the unauthorized access detection message of the user in the group displayed on each client PC screen in step 25 and step 30 of FIG. The unauthorized access detection message 1600 displays what unauthorized access was performed by which user and by which terminal.

  FIG. 17 shows unauthorized access information 1700 acquired in the unauthorized access log 111/209 of FIGS. The access date and time 1701 is the date and time when unauthorized access occurred, and the access file name 1702 is the name of the file that is the target of unauthorized access. The access execution program name 1703 is the name of the program that made unauthorized access to the file described in the access file name 1702. The access type 1704 indicates what access type attribute is the unauthorized access that has occurred to the file described in the access file name 1702. The access execution user name 1705 indicates which user has made unauthorized access to the access file name 1702, and the unauthorized access content 1706 indicates what the unauthorized access action performed on the access file name 1702 is. It represents what it is.

  As described above, the unauthorized access prevention system and method of the present invention are described in detail, and the outline is managed in advance in units of files and directories to be protected. On the other hand, each user sets the access time of each business according to his / her daily action schedule. The setting is provisional registration, and is officially registered by an approval process by an approver in the same group. Then, automatically create an access permission policy by associating the business name, user name, access time of the registered schedule with the protected files and directories managed for each business unit, and build the settings and management in the system. To do. As a result, even if a malicious person intrudes into the system by using a valid user name, password, etc., impersonation can be monitored and protected in real time by this access permission policy.

The figure which shows the internal module structure in a server processing apparatus. The figure which shows the internal module structure in a client processing apparatus. Personal / group information in the personal / group PC information management file 113. A business schedule application registration screen displayed by the personal schedule registration / display processing control unit 101. A business schedule approval registration screen displayed by the personal schedule registration / display processing control unit 101. A business schedule information display screen displayed by the personal schedule registration / display processing control unit 101. Personal work schedule registration information of all users registered in the temporary registration file 102 before personal schedule information approval and the personal schedule information management file 103. Business file registration information registered in the business file information management file 105. Business-specific policy group information generated by the access permission policy extraction generation / export processing control unit 106 with reference to the all-user work registration information 700. Policy group information for each business updated by the access permission policy extraction generation / export processing control unit 106 when the leave button is pressed on the business schedule application registration screen 400 displayed by the personal schedule registration / display processing control unit 101. Business file association information generated by referring to the business-specific file registration information 800 by the access permission policy extraction generation / export processing control unit 106. FIG. 4 is a processing sequence diagram from login to a client PC to application in a policy file after registration. FIG. 10 is a processing sequence diagram when an outsider user illegally accesses a file in the management system. FIG. 11 is a processing sequence diagram when the leave button is pressed on the business schedule application registration screen 400. An unauthorized access confirmation screen displayed by the unauthorized access detection information display processing control unit 114. Unauthorized access detection information In-group unauthorized access detection message notified to each client in the client notification / reception control unit 112. Unauthorized access log acquired in unauthorized access log 111/209.

Explanation of symbols

100, 200 ... TCP / IP communication control program (communication control unit),
101 ... Personal schedule registration / display processing control unit (schedule control unit), 102 ... Temporary registration file (provisional registration file) before personal schedule information approval, 103 ... Personal schedule information management file (personal file), 104 ... Business-specific file information Setting processing unit (business-specific setting unit), 105 ... business-specific file information management file (business-specific file), 106 ... access permission policy extraction generation / export processing control unit (policy control unit),
107, 202 ... access permission policy (policy),
108, 204 ... I / O manager (manager),
109, 205 ... file access monitoring control unit (monitoring control unit),
110, 206 ... file access check processing control unit (check control unit),
111, 209 ... Unauthorized access log (log),
112 ... Unauthorized access detection information client notification / reception control unit (notification / reception control unit), 207 ... Unauthorized access detection information server notification / reception control unit (notification / reception control unit),
113 ... Personal / group PC information management file (group file), 114 ... Unauthorized access detection information display processing control unit (display control unit),
115, 208 ... business files subject to access protection (protected files)

Claims (7)

An unauthorized access protection system in a network constructed by a plurality of client devices and server devices,
A schedule control unit for a user using the client device to control application of his / her schedule;
A temporary registration file for registering schedule information including a user ID and a business name applied by the schedule control unit and a time for using the business name;
A personal schedule information management file that reflects and stores the schedule information of the temporary registration file by the schedule control unit that controls the approval of the application of the user;
A business-specific file that pre-registers files or directories used by each business;
From the personal schedule information management file and the business-specific file, a user ID corresponding to a user who uses the client device and an access permission time of the file or directory are set as policy attributes, and a policy name corresponding to the policy attributes is set. And a policy control unit for automatically generating an access permission policy by associating the business name and the file or directory with a policy name. A group file for storing the IP address corresponding to the user name in a group unit;
2. A client notification control unit that notifies the client processing device corresponding to a plurality of IP addresses stored in the group file that a user has applied for a schedule or that the application has been approved. The unauthorized access protection system described. When an arbitrary file is accessed, a monitoring control unit that acquires the access information,
2. A check control unit that determines whether a file to be accessed is included in the access permission policy generated by the policy control unit based on monitoring from the monitoring control unit. Unauthorized access protection system.   The check control unit determines whether or not the business file is an access protection target business file set by the access permission policy, whether or not the user is an access-permitted user, and whether or not the access permission time is within a range. Unauthorized access protection system.   The monitoring control unit accesses the file when it is determined by the check control unit that it is a business file subject to access protection and when it is determined that it is not an access-permitted user or is outside the access permission time range of the corresponding access-permitted user. The unauthorized access protection system according to claim 4, wherein: A group file for storing the IP address corresponding to the user name in a group unit;
And a client notification control unit that notifies the client processing device corresponding to a plurality of IP addresses stored in the group file that access to the file is denied by the monitoring control unit. 5. The unauthorized access protection system according to 5. A method for preventing unauthorized access to a network constructed by a plurality of client PCs and servers, comprising the following steps.
A schedule step in which a user using the client PC applies for his own schedule;
A provisional registration step of provisionally registering schedule information including a user ID and a business name applied by the scheduling step and a time to use the business name;
An update step for officially updating the temporary registration schedule information based on the approval of the schedule information after the temporary registration step;
From the file or directory information used for each business and the schedule information updated in the updating step, the user name using the client PC, the access permission time of the file or directory, and the business name are associated with each other. A policy generation step for automatically generating a permission policy;
When an access request is received for an arbitrary file, the access permission policy generated in the policy generation step is compared with the file for which the access request has been made, and it is checked whether the file is a protected file associated with the access permission policy. If the file is a protected file associated with the access permission policy, it is checked whether the user is an access-permitted user. If the file is an access-permitted user, the user is checked whether the access is within the permitted time for the user. Check step and
A refusal step of refusing access to the file when it is determined by the checking step that the user is not an access-permitted user or outside the access permission time

Images