JP2006343886A - Network management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To manage an access of a user so that a network may be used in a designated specific division or section in a high-security level area. <P>SOLUTION: A door ID, which uniquely specifies a door, and a card ID are transmitted to an authentication server 40 when a user enters a high-security level area from a door which separates the high-security level area according to a result of authentication processing which is executed by an access management device 10<SB>n</SB>based on the card ID. The authentication server 40 executes authentication processing based on an account ID and a password to manage the access of the user in case that the door which is specified by the transmitted door ID is a door through which a user who is specified by the card ID is permitted to pass. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to entrance / exit management in an advanced security level area and information management in an advanced security level area, and more particularly, a network management system in which an entrance / exit management apparatus responsible for entrance / exit management and a network management apparatus responsible for information management are linked. About.

  In companies that frequently handle confidential information or specific departments within the company, leakage of confidential information can be prevented in advance by applying an entry / exit management system that manages entry / exit of workers who handle confidential information. I am doing so.

  Generally, an entrance / exit management system uses information that uniquely identifies a user, such as a user ID (IDentification) incorporated in an IC (Integrated Circuit) card given to the user, or biometric information (fingerprint, iris, voiceprint, etc.). Advanced authentication that handles confidential information by unlocking the locked door for entry / exit when personal authentication is performed by the host computer for entrance / exit management and it is authenticated that the user is a registered valid user. Management such as permitting entry into the security level area.

  By the way, the above-described confidential information is managed by a confidential information management system constructed on a network different from the entrance / exit management system, and from an information terminal device installed in an area where entrance / exit management is performed. It can be used according to access to the host computer for confidential information management. When accessing the host computer for managing confidential information, an authentication process similar to the personal authentication in the above-described entry / exit management system is required.

  Therefore, cooperation between such an entrance / exit management system and a confidential information management system is required, and authentication processing at the time of entering / exiting an area where confidential information is handled and at the start of use of the information terminal device after entering the room A method for associating with the authentication process of the above has been devised (see, for example, Patent Document 1 and Patent Document 2).

In addition, to deal with the problem caused by the time elapsed from entering the room to logging on to the information terminal device, which has not been taken into consideration in Patent Document 1 and Patent Document 2, dealing with forgetting to log off the information terminal device when leaving the room A technique for realizing it has also been devised (for example, see Patent Document 3).
JP 2000-259878 A JP 2002-41469 A JP 2004-302875 A

  By the way, recently, as represented by the legal system of the Personal Information Protection Law, interest in security is increasing more and more. In response to such a background, the entrance / exit management system is starting to cooperate with the above-described confidential information management system and the like, and its scale is becoming larger.

  Conventionally, it has been sufficient to enter / exit only from one specific entrance / exit door, but in recent years, a plurality of entrance / exit doors may be provided in accordance with a large-scale office or the like. Also, it is assumed that multiple departments coexist in one room. In such a case, it is not enough to manage each room. The question was whether to do it. However, the inventions disclosed in Patent Documents 1 to 3 described above have a problem in that access management cannot be performed separately for each of a plurality of sections.

  The present invention has been proposed to solve the above-described problems, and uses a network in a specified specific department or section in a high security level area separated by a plurality of entrance / exit doors. It is an object of the present invention to provide a network management system capable of managing user access so that

  The network management system of the present invention includes an entrance / exit management device that manages entrance / exit in an advanced security level area according to an authentication processing result based on first authenticated information that uniquely identifies a user, and the advanced security level A network management device that restricts access to a network constructed in a region according to an authentication processing result based on second authenticated information that uniquely identifies the user; In accordance with the authentication processing result based on the first authenticated information, the user can enter the advanced security level area through any of the plurality of entry / exit doors separating the advanced security level area. The entrance / exit door identification information for uniquely specifying the entrance / exit door and the first authenticated information are sent to the network The network management device has a transmission means for transmitting to the management device, and the network management device passes the entry / exit door specified by the transmitted entrance / exit door identification information through the user specified by the first authenticated information. The above-described problem is solved by having a control unit that controls to execute an authentication process based on the second authenticated information when the entry / exit door is permitted to do.

  In the network management system of the present invention, a user who has entered the advanced security level area passes through the entrance / exit door identification information transmitted from the entrance / exit management device according to the authentication processing result of the first authenticated information. Whether or not the door is permitted, and an authentication process to the network using the second authentication information is executed according to the determination result.

  As a result, the entry / exit management device and the network authentication system are provided for determining the validity of each user by defining the entry / exit door, which is the entrance of the advanced security level area, for each user, and then executing authentication processing to the network Can be firmly linked by a simple method, and users who access the network can be strictly managed within a high security level area.

  Therefore, in the network management system of the present invention, in a high security area separated by a plurality of entrance / exit doors, the network is accessed only from a specific department or section associated with the entrance / exit doors permitted in advance. Thus, it becomes possible to perform user access management.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

[First Embodiment]
First, the network management system shown as the first embodiment of the present invention will be described with reference to FIG. As shown in FIG. 1, the network management system enters and exits between a low security level area (low security level area) and a high security level area (high security level area) that handles, for example, confidential information. A plurality of entrance / exit management devices 10 _n (where n is a natural number) and a network authentication system 20 constructed in the high security level area.

The entrance / exit management device 10 _n authenticates only legitimate users registered in advance and permits entry into the above-mentioned area for all users who wish to enter the high security level area.

  On the other hand, when leaving the room, it is considered that the user in the above-mentioned area is a legitimate user who has been authenticated once. In addition, although it is optional, authentication processing may be performed for all users who wish to leave the high security level area, and the user may be allowed to leave the area.

  In order to enable such entry / exit, the low security level area and the high security level area are separated by a door provided with an electric lock that can be locked and unlocked by an electric action. It has been.

Specifically, the entrance / exit management device 10 _n is stored in a semiconductor memory of a non-contact IC card (Integrated Circuit) owned by the user by an entry card reader (not shown) provided outside the high security level area. By reading stored information and unlocking the locked electric lock when it is authenticated as a legitimate user based on the card ID, which is the information to be authenticated, of the read information, a high security level Allow entry into the area.

Further, in the case where authentication is performed even when leaving the high security level area, the entrance / exit management device 10 _n reads the above-described information on the IC card with a non-illustrated leaving card reader provided in the high security level area. When the user is authenticated as a legitimate user, the user can leave the high security level area by unlocking the locked electric lock.

When the unlocked electric lock is unlocked by such an authentication process, the entrance / exit management device 10 _n can identify the IC card among the information stored in the IC card owned by the user. The card ID that is the authentication information and the unique door ID that uniquely identifies the unlocked door are transmitted to the authentication server 40 provided in the network authentication system 20 described later.

The network authentication system 20 is constructed in the high security level area and permits the connection from the terminal device 30 _n to the network 21 according to the authentication process by the authentication device 50 _n and the authentication server 40. That is, the authentication device 50 _n and the authentication server 40 of the network authentication system 20 function as a network management device that manages the network 21.

  The network 21 constructed in the high security level area not only means that it is composed of only one network, but also consists of a plurality of networks, or is divided into a plurality of sections within the same network. In some cases, it is configured.

  As the network authentication system 20, for example, a technology for authenticating a user connected to a LAN (Local Area Network) switch or a wireless LAN access point established by IEEE (American Institute of Electrical and Electronics Engineers) 802.1X is applied. Can do. For the sake of explanation, the description of the embodiment of the present invention is based on IEEE802.1X, but the present invention is not limited to this, and a network authentication technique other than IEEE802.1X is applied. But it can be effective enough.

The terminal device 30 _n is a so-called PC (Personal Computer) that can be used by a user who has entered the high security level area, and exchanges information with the authentication device 50 _n and the authentication server 40 to request connection to the network 21. I have authentication client software to do

The authentication server 40 includes a user information storage unit 41, and a connection determination unit 42 performs authentication processing of the terminal device 30 _n via the authentication device 50 _n, whether to connect to the network 21 in response to the authentication processing result To be notified.

Further, the authentication server 40 distinguishes between a user who enters the advanced security level area managed by the entry / exit management device 10 _n and a user who enters the advanced security level area and requests connection from the terminal device 30 _n to the network 21. Centralized management without any problems.

  The user information storage unit 41 is a card ID of an IC card held by a user registered in advance, an account ID that is authentication information for uniquely identifying the user on the network 21, and a password corresponding to the account ID, And the door ID etc. which specify uniquely the door which a user is permitted to enter / exit are hold | maintained as user information. The user information may include a user who can use the IC card and a user group indicating a group to which the user belongs. Further, in the initial state in which user authentication by the authentication server 40 is not performed, all user information entries registered in the user information storage unit 41 are invalid.

The connection determination unit 42 refers to the user information storage unit 41 in response to an authentication request made from the terminal device 30 _n and determines whether or not the target user can be connected.

The authentication device 50 _n is connected to the plurality of terminal devices 30 _n by wire or wireless, and functions as a relay device that relays authentication processing between the authentication server 40 and the terminal device 30 _n . The authentication device 50 _n is, for example, a wireless LAN access point or LAN switch compatible with IEEE802.1X, and is connected to the authentication server 40 for each port by an authentication process using EAP (Extensible Authentication Protocol). The device 30 _n is connected to or disconnected from the network 21.

(First embodiment: entrance processing operation)
Next, the room entry processing operation of the network management system shown as the first embodiment will be described using the timing chart shown in FIG.

It is assumed that the user enters the room from the door managed by a certain room entry / exit management device 10 _a (1 ≦ a ≦ n) from the low security level area to the high security level area where the network 21 is constructed. Then, in the high-security level region, it is assumed that the connection request to the network 21 via any terminal device 30 _a, which is connected to the authentication device 50 _a.

First, the user holds the IC card entering the card reader for the entry and exit management apparatus 10 _a. In response to this, entry and exit management device 10 _a reads the information stored in the semiconductor memory of the IC card, to unlock the electric lock of a locked door to authenticate the card ID.

The entry control device 10 _a transmits the card ID read from the IC card, and a door ID uniquely specifying the door to unlock the electric lock to the authentication server 40 (step S1).

The authentication server 40 uses the card ID transmitted from the entry and exit management device 10 _a, it refers to the user information storage unit 41, identifies the user that is associated with the card ID. Then, the authentication server 40, also using the door ID transmitted from the entry and exit management device 10 _a, in order to refer to the user information storage unit 41, the identified user to access the network 21, high security level region It is confirmed whether or not the door passes through when entering the room (step S2).

  The authentication server 40 validates the entry of the user information in the invalid user information storage unit 41 when the door through which the user has passed is a valid door to enter the high security level area. (Step S3), and if the user has not entered the room through a legitimate door, the user information entry is left invalid (Step S4).

In response to this, the user who has entered the high security level region, from the terminal device 30 _a, via the authentication device 50 _a, according to the procedure of IEEE802.1X, attempts to connect to the network 21 by sending the authentication information .

  In the following description, among EAPs that can be used in IEEE802.1X, EAP-MD5 (EAP-Message Digest alogorithm5) mainly used in Ethernet (registered trademark), PEAP (Protected-EAP) mainly used in wireless LAN, etc. Assume an authentication method using EAP, which requires input of a user ID (account ID) and a password for authentication processing.

In the initial state, since the line between the terminal device 30 _n and the network 21 is disconnected by the authentication device 50 _a , the terminal device 30 _a can only communicate with the authentication device 50 _a .

First, the user, in order to connect to the network 21, and transmitted from the terminal device 30 _a enter the account ID and password to the authentication device 50 _a. The account ID and password transmitted to the authentication device _50a are transmitted to the authentication server 40 (step S5).

  The connection determination unit 42 performs collation processing with information stored in the user information storage unit 41 using the transmitted account ID as a key. First, the connection determination unit 42 determines whether the target user entry stored in the user information storage unit 41 is valid (step S6). If the entry is not valid, it is not allowed.

When the entry is valid, the connection determination unit 42 confirms whether the transmitted password matches the password of the target user stored in the user information storage unit 41. When the password can be confirmed, the connection determination unit 42 permits connection to the network 21 and transmits _a permission notice to the authentication device 50a (step S7). If the password is not confirmed, it is not allowed.

The authentication device 50 _a, in response to receiving a permission notification transmitted from the authentication server 40, the line is opened with the terminal device 30 _a and the network 21 (step S8). Thus, the user, via a terminal device 30 _a, it is possible to access to the network 21, can communicate with other terminal devices on the network 21.

As described above, the network management system permits the user who has entered the advanced security level area to pass using the door ID transmitted from the entry / exit management device 10 _n according to the card ID authentication processing result. It is determined whether or not the door has been opened, and authentication processing for the network 21 can be executed according to the determination result.

In this way, the network management system shown as the first embodiment of the present invention determines the user's legitimacy by defining up to the door that is the entrance to the high security level area, and then enters the network 21. to execute the authentication process, it is possible to firmly cooperate and entry control device 10 _n and the network authentication system 20 in a very simple method, management of users accessing the network at the high security level area Can be done strictly.

  Therefore, in a high security area separated by a plurality of entrance / exit doors, user access management is performed so that access to the network can be made only from specific departments or sections associated with entrance / exit doors permitted in advance. It can be carried out.

[Second Embodiment]
Subsequently, a network management system shown as a second embodiment of the present invention will be described with reference to FIG. As shown in FIG. 3, the network management system shown as the second embodiment is newly added to the authentication server 40 of the network management system shown as the first embodiment in FIG. The authentication information storage unit 44 and the log information storage unit 45 are provided.

  Therefore, in the network management system shown as the second embodiment shown in FIG. 3, only the parts different from the network management system shown as the first embodiment shown in FIG. Omitted.

  The presence / absence information storage unit 43 stores presence / absence information indicating the occupancy status in the high security level area in association with the card ID.

  The authentication information storage unit 44 stores authentication information indicating the authentication status of the user in the network 21. For example, by using it together with the information recorded in the presence / absence information storage unit 43, the user currently using the network 21 is present in the high security level area, and the user If necessary, it can be confirmed as necessary that it has already been authenticated.

  The log information storage unit 45 records the events that have occurred so far along with the time information so that it can be referred to whenever a problem occurs or when disclosure of information is requested. The log information storage unit 45 may be provided in the authentication server 40 of the network management apparatus shown as the first embodiment shown in FIG.

(Second embodiment: room entry processing operation)
Next, the room entry processing operation of the network management system shown as the second embodiment will be described using the timing chart shown in FIG.

As in the first embodiment described above, the user manages from the low security level area to the high security level area where the network 21 is constructed by the entrance / exit management device 10 _a (1 ≦ a ≦ n). Suppose you enter the room through the door. Then, in the high-security level region, it is assumed that the connection request to the network 21 via any terminal device 30 _a, which is connected to the authentication device 50 _a.

First, the user holds the IC card entering the card reader for the entry and exit management apparatus 10 _a. In response to this, entry and exit management device 10 _a reads the information stored in the semiconductor memory of the IC card, to unlock the electric lock of a locked door to authenticate the card ID.

The entry control device 10 _a transmits the card ID read from the IC card, and a door ID uniquely specifying the door to unlock the electric lock to the authentication server 40 (step S11).

Authentication server 40, the key card ID transmitted from the entry and exit management device 10 _a, with reference to the standing-absence information storage unit 43, whether the target user has not occupancy advanced security level region far Whether or not is confirmed (step S12).

  If the presence / absence information storage unit 43 stores information that the user has been in the high security level area until then, the information is contradictory to the fact that the user has entered this room. A response such as notification is made (step S13).

As a result of referring to the presence / absence information storage unit 43, the authentication server 40 can confirm that the user has not existed in the high security level area until then, the user is stored in the presence / absence information storage unit 43. simultaneously writes the occupancy information indicating that it is the occupancy in the region, using a card ID transmitted from the entry and exit management device 10 _a, it refers to the user information storage unit 41, associated with the card ID Identify who is.

Then, the authentication server 40, also using the door ID transmitted from the entry and exit management device 10 _a, in order to refer to the user information storage unit 41, the identified user to access the network 21, high security level region It is confirmed whether or not the door passes through when entering the room (step S14).

  The authentication server 40 validates the entry of the user information in the invalid user information storage unit 41 when the door through which the user has passed is a valid door to enter the high security level area. (Step S15), and the user information entry is left invalid (step S16) when the user has not entered the room through a legitimate door.

In response to this, the user who has entered the high security level region, from the terminal device 30 _a, via the authentication device 50 _a, according to the procedure of IEEE802.1X, attempts to connect to the network 21 by sending the authentication information .

  In the following description, among EAPs that can be used in IEEE802.1X, EAP-MD5 (EAP-Message Digest alogorithm5) mainly used in Ethernet (registered trademark), PEAP (Protected-EAP) mainly used in wireless LAN, etc. Assume an authentication method using EAP, which requires input of a user ID (account ID) and a password for authentication processing.

In the initial state, the line between the terminal device 30 _a and the network 21, because it is disconnected by the authentication device 50 _a, the terminal device 30 _a can not be performed only communicate with the authentication device 50 _a.

First, the user, in order to connect to the network 21, and transmitted from the terminal device 30 _a enter the account ID and password to the authentication device 50 _a. The account ID and password transmitted to the authentication device _50a are transmitted to the authentication server 40 (step S17).

  The connection determination unit 42 performs collation processing with information stored in the user information storage unit 41 using the transmitted account ID as a key. First, the connection determination unit 42 determines whether the target user entry stored in the user information storage unit 41 is valid (step S18). If the entry is not valid, it is not allowed.

  When the entry is valid, the connection determination unit 42 checks whether or not the transmitted password matches the password of the target user stored in the user information storage unit 41 (step S19).

If the password can be confirmed, the connection determination unit 42 permits connection to the network 21 and transmits _a permission notice to the authentication device 50a (step S20). At this time, the authentication server 40 writes in the authentication information storage unit 44 that the accessing user has been authenticated. If the password is not confirmed, it is not permitted.

The authentication device 50 _a, in response to receiving a permission notification transmitted from the authentication server 40, the line is opened with the terminal device 30 _a and the network 21 (step S21). As a result, the user can access the network 21 via the terminal device 30 _a and can communicate with the terminal devices on the network 21.

  Thus, in the network management system shown as the second embodiment, the presence / absence information storage unit 43 and the authentication information storage unit 44 are added to the network management system shown as the first embodiment. When the information stored in the absence information storage unit 43 and the information stored in the authentication information storage unit 44 are inconsistent, for example, despite being absent in the high security level area, When authentication is performed and access to the network 21 is possible, it is possible to notify the system administrator to that effect and take action to immediately disconnect the connection to the network 21.

  Therefore, even when an intruder who has illegally entered the high security level area tries to access the network 21, it is possible to easily detect a contradiction by referring to the presence / absence information storage unit 43 and the authentication information storage unit 44. Higher security can be ensured.

[Third Embodiment]
Next, a network management system shown as the third embodiment of the present invention will be described with reference to FIG. As shown in FIG. 5, the network management system shown as the third embodiment is newly provided with a location information storage unit 46 in the authentication server 40 of the network management system shown as the second embodiment in FIG. It becomes the composition.

  Therefore, in the network management system shown as the third embodiment shown in FIG. 5, only the parts different from the network management system shown as the second embodiment shown in FIG. 3 are described, and the overlapping parts are described. I will omit it.

Location information storing unit 46, a unique location information assigned to the authentication equipment terminal 50 _n (for example, the applicable. IP address) and, via the authentication equipment terminal 50 _n to which the positional information ID is assigned Are stored in association with the account ID of the user who is permitted to connect.

  The network 21 constructed in the high security level area not only means that it is composed of only one network as described above, but also comprises a plurality of networks or a plurality of networks within the same network. In some cases, it may be divided into sections. In such a case, the high security level area is usually divided and whether or not it can be used is determined for each user.

  However, in a conventional network management system, when all networks are managed by the same authentication server, it is assumed that access is made from a terminal device provided in a partition that is not permitted for use by the user. Will also be authenticated, allowing access to unauthorized network networks.

Therefore, an authentication device that connects the network network and the terminal device 30 _n to the location information storage unit 46 in advance in a partition in the high security level area in which a network network that can be used by the user is constructed. By prescribing with position information of 50 _n , it is possible to further restrict access.

In the second embodiment described above, when the user inputs an account ID and password to the terminal device 30 _{n in} order to connect to the network 21, the information stored in the user information storage unit 41 as it is Moved to the verification process.

In the network management system shown as the third embodiment, the authentication server 40 refers to the location information storage unit 46 and registers the target user in the location information storage unit 46 before executing this verification process. It is confirmed whether it is via the authentication device 50 _n according to the information.

(Third embodiment: entrance processing operation)
Next, the room entry processing operation of the network management system shown as the third embodiment will be described using the timing chart shown in FIG.

  In the timing chart shown in FIG. 6, only the processing operations of step S18a and step S18b are added between step S17 and step S18 of the timing chart shown in FIG. 4, so only this step S18a and step S18b are added. Explain. In the following description, a unique location information ID assigned to the authentication device 50a is assumed to be an IP address.

After step S17, the connection determining unit 42 of the authentication server 40, in response to receiving the account ID and password are sent are re carried on IP packets going through the authentication device 50 _a from the terminal device 30 _a, the IP address of the authentication device 50 _a, which is the transmission source from this IP packet is extracted as the position information ID.

  Then, the connection determination unit 42 refers to the location information storage unit 46, and whether the account ID of the user requesting connection is included in the account ID registered in association with the extracted location information ID. Check if.

Thus, by determining whether the account ID of the user who is requesting connection is included in the account ID registered in association with the extracted position information ID, the user can authenticate determining whether has been a connection request via the device 50 _a (step S18a).

  That is, if the account ID of the user requesting connection is included in the account ID registered in association with the extracted location information ID, the user is permitted within the high security level area. Assuming that a connection is requested from a predetermined location, the process proceeds to step S18.

  Conversely, if the account ID registered in association with the extracted location information ID does not include the account ID of the user requesting connection, a connection request is issued from a location that is not permitted by the user. The connection process is interrupted at that time (step S18b).

As described above, the network management system shown as the third embodiment performs the authentication process of the network 21 depending on whether the network 21 is accessed via the authorized authentication device 50 _n permitted for each user. By restricting, unauthorized access from an area that is not permitted in the high security level area can be prevented, and further security can be improved.

In this embodiment, at the location information of the authentication device 50 _n, but has identified access position on the user's network, the present invention is not limited to this, on the user's network Any information may be used as the position information as long as the access position can be specified.

[Fourth Embodiment]
In the network management systems shown as the first to third embodiments described above, the processing until the user enters the room from the low security level area to the high security level area and the connection to the network 21 is permitted. The process was explained.

  Next, consider a case where a legitimate user who is permitted to connect to the network 21 leaves the high security level area to the low security level area.

For example, at this time, if the user leaves the high security level area to the low security level area without disconnecting the connection between the terminal device 30 _n and the network 21 via the authentication apparatus 50 _n , There is a possibility that a user who illegally enters the high security level area by some method may illegally access the network 21 via the terminal device 30 _n that is still connected to the network 21 without performing an authentication process. .

  Therefore, in the network management system shown in FIG. 7 as the fourth embodiment of the present invention, the user enters the advanced security level area and is lowered from the advanced security level area by the authorized user who is permitted to connect to the network 21. A process of automatically canceling the use permission for the network 21 when leaving the security level area will be described.

As shown in FIG. 7, the network management system shown as the fourth embodiment adds a timer unit 51 _n to each authentication device 50 _n of the network management system shown as the third embodiment in FIG. It has become the composition.

  Therefore, in the network management system shown as the fourth embodiment shown in FIG. 7, only the parts different from the network management system shown as the third embodiment shown in FIG. 5 will be described, and the overlapping parts will be described. Omitted.

Timer unit 51 _n provided in the authentication equipment terminal 50 _n is an advanced user who has entered the security level region is authenticated via a terminal device 30 _n, in response to the terminal device 30 _n and the network 21 are connected timed To start. The authentication device 50 _n transmits authentication target information (for example, an account ID, a password, etc.) to the terminal device 30 _n again when the time counted by the timer unit 51 _n has elapsed. Request to do.

That is, the authentication equipment terminal 50 _n periodically requests transmission of the authentication information for each predetermined time to the terminal device 30 _n, it is confirmed whether the user actually in front of the terminal device 30 _n .

When the authenticated information is transmitted again through the terminal device 30 _n and authenticated by the authentication server 40, the user connected to the network 21 through the terminal device 30 _n is determined to be a valid user. Therefore, the connection to the network 21 is continued.

Conversely, if the authentication target information is not transmitted via the terminal device 30 _n even after a predetermined time has passed, or if the transmitted authentication target information cannot be authenticated by the authentication server 40, The connection between the terminal device 30 _n and the network 21 is disconnected _assuming that there is no authorized user in the security level area.

(Fourth embodiment: automatic disconnection processing operation)
Next, the automatic connection disconnection processing operation of the network management system shown as the fourth embodiment will be described using the timing chart shown in FIG.

For example, the network management system, the user has entered as the timing chart shown in FIG. 6 described above to advanced security level region, when the terminal device 30 _a and the network 21 via the authentication device 50 _a is connected To do.

Timer unit 51 _a of the authentication device 50 _a opens the line to the terminal device 30 _a and the network 21, and starts counting in response to the connection between the terminal device 30 _a and a network 21, to a predetermined time has elapsed (Step S31).

The authentication device 50 _a, in response to the time measured by the timer section 51 _a has passed a predetermined time, the prover information transmission request to transmit the authentication information to the terminal device 30 _a (step S32) .

The timer portion 51 _a of the authentication device 50 _a starts measuring in response to the sending of the authentication information transmission request (step S33).

The authentication device 50 _a, while the time counted by the timer unit 51 _a is up to lapse of a predetermined time from the terminal device 30 _a, if the authentication information is not transmitted, in front of the terminal device 30 _a is It is determined that there is no authorized user, and the connection between the terminal device _30a and the network 21 is disconnected (step S34). Then, the authentication server 40 deletes the occupancy information in the presence / absence information storage unit 43 and deletes the information indicating that authentication has been received in the authentication information storage unit 44.

If the user exists in front of the terminal device 30 _a, the user, in response to the authentication information transmitting request transmitted by the authentication device 50 _a, enter the account ID and password as the authentication information from the terminal device 30 _a certification and transmits to the device 50 _a. The account ID and password transmitted to the authentication device _50a are transmitted to the authentication server 40 (step S35).

  The connection determination unit 42 performs collation processing with information stored in the user information storage unit 41 using the transmitted account ID as a key. First, the connection determination unit 42 determines whether the target user entry stored in the user information storage unit 41 is valid (step S36). If the entry is not valid, it is not allowed.

When the entry is valid, the connection determination unit 42 checks whether or not the transmitted password matches the password of the target user stored in the user information storage unit 41 (step S37). If the password is confirmed, the connection determination unit 42 permits connection to the network 21 and transmits _a re-permission notice to the authentication device 50a (step S38). Thereby, the connection between the terminal device _30a and the network 21 is continued.

On the other hand, if the password is not confirmed disallowed, disconnection request to the authentication device 50 _a is transmitted, the connection with the terminal device 30 _a and the network 21 is disconnected. Then, the authentication server 40 deletes the occupancy information in the presence / absence information storage unit 43 and deletes the information indicating that authentication has been received in the authentication information storage unit 44.

  As described above, the network management system shown as the fourth embodiment of the present invention was made after the exit when the authorized user who was permitted to use the network 21 had left the advanced security level area. This is based on the fact that a response cannot be made to the authentication information transmission request, and if there is no response, the connection with the network 21 is disconnected, and therefore unauthorized access to the network 21 by an unauthorized user is made. It can be avoided.

[Fifth Embodiment]
The network management system shown as the fifth embodiment in FIG. 9 is realized by the network management system shown as the fourth embodiment described above, and is a high security level area by an authorized user permitted to connect to the network 21. This is another configuration for realizing a process of automatically revoking the use permission for the network 21 when leaving the room to the low security level area.

As shown in FIG. 9, the network management system shown as the fifth embodiment _replaces the timer unit 51 _n of the authentication device 50 _n of the network management system shown as the fourth embodiment in FIG. (Simple Network Management Protocol) An agent unit 52 _n is added, and a timer unit 47 and an SNMP manager unit 48 are added to the authentication server 40.

  Therefore, in the network management system shown as the fifth embodiment shown in FIG. 9, only the parts different from the network management system shown as the fourth embodiment shown in FIG. 7 are described, and the overlapping parts are described. Omitted.

The SNMP manager unit 48 given to the authentication server 40 and the SNMP agent unit 52 _n given to the authentication device 50 _n are management protocols in a TCP / IP network environment standardized by IETF (Internet Engineering Task Force). It is provided to manage the authentication device 50 _n with the authentication server 40 by exchanging management information with a certain SNMP.

That is, in the network management system shown as the fifth embodiment, the timer unit 47 provided in the authentication server 40 measures the elapsed time after connection to the network 21 instead of the timer unit 51 _n described above. Then, in response to the elapse of a predetermined time, the SNMP manager unit 48 transmits predetermined management information to the SNMP agent unit 52 _n to control the authentication device 50 _n, and sends an authentication information transmission request to the terminal device 30 _n. Or sending a request to disconnect the connection between the terminal device 30 _n and the network 21.

(Fifth embodiment: automatic disconnection processing operation)
Next, the automatic connection disconnection processing operation of the network management system shown as the fifth embodiment will be described using the timing chart shown in FIG.

For example, the network management system, the user has entered as the timing chart shown in FIG. 6 described above to advanced security level region, when the terminal device 30 _a and the network 21 via the authentication device 50 _a is connected To do.

Timer unit 47 of the authentication server 40 waits until opening the circuit between the terminal apparatus 30 _a and the network 21, and starts counting in response to the connection between the terminal device 30 _a and a network 21, to a predetermined time has elapsed A state is entered (step S41).

The SNMP manager unit 48 of the authentication server 40 makes _a re-authentication request to the SNMP agent unit 52 _n of the authentication device 50 _a in response to the elapse of a predetermined time measured by the timer unit 47, and the terminal device 30. _a and the network 21 are temporarily disconnected (step S42).

In response to this, the authentication device 50 _a transmits the authentication information transmission request to the terminal device 30 _a (step S43).

  Then, the authentication server 40 deletes the occupancy information in the presence / absence information storage unit 43 and deletes the information indicating that authentication has been received in the authentication information storage unit 44.

If the user exists in front of the terminal device 30 _a, the user, in response to the authentication information transmitting request transmitted by the authentication device 50 _a, enter the account ID and password as the authentication information from the terminal device 30 _a certification and transmits to the device 50 _a. The account ID and password transmitted to the authentication device _50a are transmitted to the authentication server 40 (step S44).

  The connection determination unit 42 performs collation processing with information stored in the user information storage unit 41 using the transmitted account ID as a key. First, the connection determination unit 42 determines whether the target user entry stored in the user information storage unit 41 is valid (step S45). If the entry is not valid, it is not allowed.

When the entry is valid, the connection determination unit 42 checks whether or not the transmitted password matches the password of the target user stored in the user information storage unit 41 (step S46). If the password can be confirmed, the connection determination unit 42 permits connection to the network 21 and transmits _a re-permission notice to the authentication device 50a (step S47). Thereby, the connection between the terminal device _30a and the network 21 is continued.

  On the other hand, if the password is not confirmed, it is not permitted and the network 21 is disconnected. Then, the authentication server 40 deletes the occupancy information in the presence / absence information storage unit 43 and deletes the information indicating that authentication has been received in the authentication information storage unit 44.

  In this way, even in the network management system shown as the fifth embodiment, the authorized user who is once permitted to use the network 21 is allowed to use the high security level as in the network management system shown as the fourth embodiment. If you leave the area, use the fact that you cannot respond to the authentication information transmission request made after leaving the room, and if there is no response, disconnect from the network 21 Unauthorized access to the network 21 by a simple user can be avoided.

  In the network management systems shown as the fourth and fifth embodiments, a request for periodic re-authentication processing is made as to whether or not a user who has been authenticated for connection to the network 21 is in the advanced security level area. The network 21 is disconnected when the confirmation is not obtained.

The authentication server 40 acquires room entry information when entering the advanced security level area in order to centrally manage users accessing the network 21 from the terminal device 30 _n in the advanced security level area. In addition, by adopting a configuration like the network management system shown as the fifth embodiment, when leaving the room, it is possible to automatically leave the user from the high security level area without obtaining the leaving information and performing the leaving process. Can be detected.

[Sixth Embodiment]
The network management system shown as the sixth embodiment acquires the exit information and executes the exit processing in the same way as when entering the room when leaving the high security level area, and connects the network 21 and the terminal device 30 _n. Execute the leaving process to cut off.

  When such a leaving process is executed, a user who is authenticated to connect to the network 21 is in the advanced security level area as in the network management system shown in the fourth and fifth embodiments described above. Unlike the case where the network 21 is disconnected when the confirmation is not made, it is not necessary to perform periodic communication. Wasteful consumption can be suppressed.

  The configuration of the network management system shown as the sixth embodiment is the same as the configuration of the network management system shown as the fifth embodiment shown in FIG.

(Sixth embodiment: exit processing operation)
Subsequently, the exit processing operation of the network management system shown as the sixth embodiment will be described using the timing chart shown in FIG.

For example, the network management system, the user has entered as the timing chart shown in FIG. 6 described above to advanced security level region, when the terminal device 30 _a and the network 21 via the authentication device 50 _a is connected To do.

First, the user holds the IC card to exit the card reader for the entry and exit management apparatus 10 _a. In response to this, entry and exit management device 10 _a reads the information stored in the semiconductor memory of the IC card, to unlock the electric lock of a locked door to authenticate the card ID.

The entry control device 10 _a transmits the card ID read from the IC card, and a door ID uniquely specifying the door to unlock the electric lock to the authentication server 40 (step S51).

Authentication server 40, the key card ID transmitted from the entry and exit management device 10 _a, with reference to the standing-absence information storage unit 43, whether the target user has occupancy advanced security level region far Is confirmed (step S52).

  At the same time, the authentication server 40 also refers to the authentication information storage unit 44 and confirms whether the target user has been authenticated (step S53).

  Further, the authentication server 40 refers to the user information storage unit 41 and confirms from the received card ID and door ID whether the user is leaving the door that is determined to leave the high security level area (step S54). ).

As a result of the confirmation from step S52 to step S54, the authentication server 40 has obtained that the target user has been presently in the room, has been authenticated, and has left the appropriate door. If it is confirmed that the user has left the high security level area, a disconnection preparation process is performed between the terminal device _30a and the network 21 (step S55). Specifically, the authentication server 40 deletes the occupancy information of the target user from the presence / absence information storage unit 43 and stores information indicating that the target user has been authenticated from the authentication information storage unit 44. delete.

  On the other hand, there is no information in the presence / absence information storage unit 43 that the user has been in the high security level area until now, or there is no information in the authentication information storage unit 44 indicating that the user has been authenticated. If there is a contradiction such as, or if the user has not left the predetermined exit door, the non-permission process is notified, for example, to system management (step S56).

Incidentally, as described above, the entry and exit management device 10 _a is the card ID is unlocked immediately locked the door electric lock Once authenticated, confirmed the door ID in the authentication server 40 in step S54 Depending on the result, it can also be decided whether to unlock the locked electric lock. For example, when the user does not leave the appropriate door, the user can be prompted to leave the permitted door without unlocking the locked electric lock.

Subsequently, the process proceeds to a process of disconnecting the connected terminal device 30 _a and the network 21.

SNMP manager 48 of the authentication server 40, in response to network disconnection preparation is made, the re-authentication request to the SNMP agent section 52 _a of the authentication device 50 _a, temporarily and the terminal device 30 _a and the network 21 (Step S57).

In response to this, the authentication device 50 _a, the transmission to be authentication information transmission request to the terminal device 30 _a (step S58).

In addition, the timer unit 47 of the authentication server 40 starts timing in response to the SNMP manager unit 48 transmitting _a re-authentication request to the SNMP agent unit 52a, and enters _a standby state until a predetermined time elapses (step S59). ). At this time, since there is no user in the high security level area, the authenticated information is not transmitted again. Therefore, the terminal device _30a and the network 21 are completely disconnected.

Also, the disconnection process between the connected terminal device _30a and the network 21 can be performed as shown in the timing chart of FIG.

As shown in FIG. 12, when preparations for disconnecting the network are made in step S55 in response to confirmation that the user has left the high security level area, the SNMP manager unit 48 of the authentication server 40 causes the authentication device 50 _{a to} to SNMP agent section 52 _a directly to the disconnection request (step S61). In response to this disconnection request, the authentication device 50 _a disconnects the connection between the terminal device 30 _a and the network 21.

From SNMP manager unit 48, a disconnect request to the SNMP agent unit 52 _a may transmit the time side dish from leaving the user is confirmed, it may be transmitted after a certain time.

As shown in FIG. 12, the SNMP agent unit 52 _a from the SNMP manager unit 48, directly, by a disconnect request, in leaving the process already, situations where the user has become absent at the high security level region Unnecessary communication can be reduced.

By the way, depending on the terminal device 30 _n, by performing processing such as “log off”, the terminal device 30 _n itself has a function of temporarily canceling the usage status of the authorized user while the terminal device 30 _n itself is turned on. There may be. When the terminal device 30 _n having such a function “logs off”, the use permission for the network 21 with respect to the authorized user once used is canceled. Therefore, when “logging on” from the terminal device 30 _n again, it is necessary to perform authentication processing for receiving permission to use the network 21 again.

  For this reason, periodic re-authentication is not performed as in the network management systems shown as the fourth and fifth embodiments, and the leaving process is not performed as in the network management system shown as the sixth embodiment. In both cases, the use permission of the network 21 can be canceled at an appropriate timing.

[Seventh Embodiment]
The network management system shown as the seventh embodiment acquires the leaving information and disconnects the network 21 and the terminal device 30 _n as in the network management systems shown as the fourth and fifth embodiments. In the case where the leaving process is not executed, it is possible to detect the leaving of the user who has been authenticated by the network 21 by the regular procedure from the high security level area.

In the network management system shown as the seventh embodiment, since the special and leaving process is not executed, the user can connect the terminal device 30 _n and the network 21 via the authentication device 50 _n without disconnecting the high security level region. If the user exits to the low security level area, the network 21 is illegally accessed by the unauthorized user through the terminal device 30 _n that remains connected to the network 21 without undergoing authentication processing. there is a possibility.

  Therefore, in the network management system shown as the seventh embodiment, in response to a user who has left the high security level area connected to the network 21 entering a different high security level area, the network 21 A process of detecting exit from the constructed high security level area and disconnecting the connected network 21 is executed.

  The configuration of the network management system shown as the seventh embodiment is the same as that of the network management system shown as the fifth embodiment shown in FIG.

(Seventh embodiment: exit detection processing)
Subsequently, the exit detection processing of the network management system shown as the seventh embodiment will be described using the timing chart shown in FIG.

For example, the network management system, as in the timing chart shown in FIG. 6 described above, the user who enter the high security level area through the door A, the terminal device 30 _a and the network 21 via the authentication device 50 _a And are connected.

  At this time, the presence / absence information storage unit 43 is written with the presence information of the target user, and the authentication information storage unit 44 is written with information indicating that the target user has been authenticated. .

Here, it is assumed that the user leaves the door A while leaving the connection between the terminal device 30 _n and the network 21 from the high security level area. In the present embodiment, since the exit process at the time of leaving is not executed, the terminal device _30a and the network 21 remain connected.

The user, and has entered into high security level area across the door B being the entry management by a different entry and exit management apparatus 10 _b and the high security level area had to earlier.

As shown in FIG. 13, the user holds the IC card entering the card reader for the entry and exit management apparatus 10 _b. In response to this, entry and exit management device 10 _b reads the information stored in the semiconductor memory of the IC card, to unlock the electric lock of a locked door B to authenticate the card ID.

The entry control device 10 _b transmits the card ID read from the IC card, and a door ID uniquely identifying the door B was unlocking the electric lock to the authentication server 40 (step S81).

The authentication server 40 that received the information refers to the standing-absence information storage unit 43, now, the user passes through the door B entry and exit management apparatus 10 _b has entered into high security level area managed inherently it detects that the supposed users have occupancy advanced security level area managed by the entry and exit management apparatus 10 _a.

In response to this, the authentication server 40 deletes the occupancy information of the target user from the presence / absence information storage unit 43, and stores information indicating that the target user has been authenticated from the authentication information storage unit 44. It deletes and the cutting preparation process of the terminal device _30a and the network 21 is performed (step S82).

Authentication SNMP manager 48 of the server 40, directly to SNMP agent section 52 _a of the authentication device 50 _a, a disconnection request (step S83). In response to this disconnection request, the authentication device 50 _a disconnects the connection between the terminal device 30 _a and the network 21.

  In this way, the network management system shown as the seventh embodiment is based on the entry information acquired when the user enters another high security level area, even if the exit process is not executed. The absence of can be detected. Therefore, even when the user leaves the high security level area without executing the disconnection process with the network 21, it is avoided to keep the network 21 connected, and thus unauthorized access by an unauthorized user is prevented. can do.

In the first to seventh embodiment of the present invention, the user uses the card ID stored in the IC card owned itself as the authentication information by performing authentication processing of entry and exit management apparatus 10 _n However, the present invention is not limited to this, and it is only necessary for the user to be uniquely specified in the entrance / exit management device 10 _n . For example, biometric information such as fingerprint information and iris information is used as authentication information, the biometric authentication process the authentication process in the entry and exit management device 10 _n may be performed by running.

Also, when accessing the network 21 from the terminal device 30 _n , the biometric authentication process using this biometric information may be executed.

  The above-described embodiment is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made depending on the design and the like as long as the technical idea according to the present invention is not deviated from this embodiment. Of course, it is possible to change.

It is a figure for demonstrating the structure of the network management system shown as a 1st Embodiment of this invention. It is a timing chart for demonstrating the room entry processing operation of the network management system shown as said 1st Embodiment. It is a figure for demonstrating the structure of the network management system shown as the 2nd Embodiment of this invention. It is a timing chart for demonstrating the room entry processing operation of the network management system shown as said 2nd Embodiment. It is a figure for demonstrating the structure of the network management system shown as the 3rd Embodiment of this invention. It is a timing chart for demonstrating the room entry processing operation of the network management system shown as said 3rd Embodiment. It is a figure for demonstrating the structure of the network management system shown as the 4th Embodiment of this invention. It is a timing chart for demonstrating the network automatic disconnection process operation | movement of the network management system shown as the said 4th Embodiment. It is a figure for demonstrating the structure of the network management system shown as the 5th Embodiment of this invention. It is a timing chart for demonstrating the network automatic disconnection process operation | movement of the network management system shown as said 5th Embodiment. It is a timing chart for demonstrating the leaving processing operation | movement of the network management system shown as 6th Embodiment. It is a timing chart for demonstrating another leaving processing operation | movement of the network management system shown as said 6th Embodiment. It is a timing chart for demonstrating the leaving detection processing operation | movement of the network management system shown as 7th Embodiment.

Explanation of symbols

10 _n (n is a natural number) Entrance / exit management device 20 Network authentication system 21 Network 30 _n Terminal device 40 Authentication server 41 User information storage unit 42 Connection determination unit 43 Presence / absence information storage unit 44 Authentication information storage unit 46 Location information storage _50n authentication device

Claims (10)

An entrance / exit management device that manages entrance / exit in the high security level area according to the authentication processing result based on the first authenticated information that uniquely identifies the user,
A network management device that restricts access to a network constructed in the high security level area according to an authentication processing result based on second authenticated information that uniquely identifies the user;
The entry / exit management device is configured so that, depending on an authentication processing result based on the first authenticated information, the user can pass through any of the entry / exit doors among a plurality of entrance / exit doors separating the high security level area. And transmitting means for transmitting the entry / exit door identification information for uniquely specifying the entry / exit door and the first authenticated information to the network management device in response to entering the high security level area. ,
The network management device is an entrance / exit door that the user specified by the first authenticated information is allowed to pass through the entrance / exit door specified by the transmitted entrance / exit door identification information. In this case, the network management system further comprises control means for controlling to execute the authentication process based on the second authenticated information. The network management device includes presence / absence information storage means for storing presence / absence information indicating the occupancy status of the user in the high security level area;
Authentication information storage means for storing authentication information indicating the authentication status of the user in the network;
Based on the presence / absence information stored in the presence / absence information storage means and the authentication information stored in the authentication information storage means, the user enters or leaves the high security level area. The network management system according to claim 1, wherein: The network management device has position information acquisition means for acquiring position information for specifying an access position of a user on the network,
When the location information acquired by the location information acquisition unit is an access location on the network permitted by the user specified by the first authenticated information, the control unit of the network management device The network management system according to claim 1, wherein control is performed so as to execute an authentication process based on the second authentication target information. 4. The network management apparatus according to claim 1, wherein the network management device determines that the user has left the high security level area through an authentication process based on the first authenticated information. 5. The network management system described in the section. The network management device includes first input requesting means for requesting input of the second authentication information at regular intervals in response to confirmation that the user has entered the high security level area. And
The network management device determines that the user has left the high security level area when the second authenticated information input in response to the input request by the first input request unit is not authenticated. The network management system according to any one of claims 1 to 3, wherein: In the network management device, when the entry / exit door identification information transmitted by the transmission means is an entrance / exit door separating another high security level area different from the high security level area, the user The network management system according to any one of claims 1 to 3, wherein the network management system determines that the user has left the advanced security level. In response to the authentication process based on the first authenticated information, the transmission means of the room entry management device responds to the user leaving the high security level area through the entry / exit door. , Sending the entrance / exit door identification information for uniquely identifying the entrance / exit door and the first authenticated information to the network management device,
The control means of the network management device is permitted to allow the user specified by the first authenticated information to pass through the entrance / exit door specified by the entrance / exit door identification information transmitted by the transmission means. The network management system according to any one of claims 1 to 3, wherein the user is controlled to cancel the authentication of the user on the network when the door is an entrance / exit door. The control means of the network management device controls to revoke authentication of the user on the network in response to confirmation that the user has left the high security level area. The network management system according to any one of claims 4 to 6. The network management device includes a second input requesting unit that requests input of the second authentication information in response to confirmation that the user has left the high security level area.
The control means of the network management device authenticates the user on the network when the second authenticated information input in response to the input request by the second input request means is not authenticated. The network management system according to any one of claims 4 to 6, wherein the network management system is controlled to cancel. The control means of the network management device controls to cancel the authentication of the user on the network in response to a lapse of a certain period of time after the user is confirmed to leave the high security level area. The network management system according to any one of claims 4 to 6, wherein:

Images