JP2008034937A - Particular area network access control system and control method, and program thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To minimize a risk of information leakage or the like from the particular area, by allowing to utilize an application service of a LAN environment of a particular area with a physically lower security level only for an application time zone. <P>SOLUTION: A port of a switching hub 004 to which a LAN 000 installed in a particular area is connected is shut off from a network 000 in advance, when a time zone applied from a user comes, the port is opened in a way of being available, whether or not a network terminal 008 connected to the port is a legitimately applied network terminal is discriminated on the basis of a MAC address table in the switching hub 004 and an IP address corresponding to a MAC address of a backbone switching hub 002, and access control is carried out in a way being available only for the applied service. A management server 001, a reservation confirmation processing section 200, a check-in processing section 300, a check-out processing section 400, and a brake-off processing section 600 or the like are provided for the control. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a network control system, a network control method, and a network control program for confirming a connection state of a network in a specific area and permitting connection of only a specific network terminal in a time zone.

2. Description of the Related Art In recent years, the Internet and intranets, which are rapidly expanding, have been reduced in size, such as portable terminal (mobile) devices, in addition to OA devices such as computers and printers. For this reason, in addition to the usage pattern in which the connection position to the network is fixed as in the conventional desktop type terminal, the terminal connection position is easily changed, and the mobile terminal is used in the city. Increasing cases have been brought back to the office to connect to the network.
In a computer network premised on the use as described above, terminal management / authentication technology is required to prevent unauthorized use and unauthorized access of the network due to unauthorized terminal connection.

  For example, in the technique described in Japanese Patent Laid-Open No. 205-101957, if a MAC address is registered in an address registration unit, an IP address providing unit that provides an IP address corresponding to the MAC address to a PC (personal computer) is provided. When security is detected, when a PC using an IP address other than the provided IP address is detected, the connection of the PC to the network is blocked, and the PC that is not permitted to connect to the network is excluded from the network. Management systems and management methods have been proposed.

JP 2005-101957 A

The technique of Patent Document 1 aims to exclude from the LAN network terminals that are not permitted to connect from the entire LAN in order to ensure security.
However, a similar environment is prepared when the area where the LAN is laid is an area with a low security level (for example, a conference room or the like where a third party can easily enter a room). In some cases, the terminal can be connected.
In such a case, an unauthorized network terminal can be connected to the LAN by misrepresenting information, or a legitimate network terminal can be connected to the LAN by theft, etc., by an unauthorized third party. There is a possibility that information is leaked using the LAN environment.

(the purpose)
The object of the present invention is to solve the above-mentioned problems and to make it possible to use a service that has been applied for only in the applied time zone in a LAN environment in a specific area with a physically low security level, so that information from the specific area can be used. A specific area network access control system and control method capable of minimizing risks such as leakage, and a program thereof.

  The specific area network access control system of the present invention shuts off the port of the switching hub connected to the LAN laid in the specific area from the network in advance, and when the time zone requested by the user is reached, Open the port so that it is possible, and the network terminal connected to the port is a network terminal that has been properly applied, or from the MAC address table in the switch hub or the IP address corresponding to the MAC address of the core switching hub It is characterized by access control so that only the requested service can be used.

  Also, automatic control (standby) when the user temporarily stops / restarts the service and automatic control (blocking) when the network terminal is disconnected from the network are possible.

  According to the present invention, not only the entire LAN but a network area that can be used only in a time zone that has been applied for in advance for a specific area is allowed to connect only to a network terminal that has received a request in advance. Since the services that can be applied are limited to those that have been applied for, the risk of information leakage from a specific area can be minimized.

Embodiments of the present invention will be described below in detail with reference to the drawings.
FIG. 1 is a block diagram of a specific area network access control system according to an embodiment of the present invention.
The network 000 serving as an in-house network is connected to a switching hub backbone SW002 serving as a backbone, and a switching hub 003 and a switching hub 004 in a cascade with the switching hub backbone SW002 as a center. Connected to the network 000 are a server A005 and a server B006 for accessing from the network terminal 007 via the switching hub 003. In addition, there is a LAN cable laid in an area with a lower security level such as a conference room than the switching hub 004.

  The specific area network access control system according to the present invention is the management server 001 and performs access control to the network terminal 008 connected to the in-house network 000 from an area with a low security level such as a conference room. The management server 001 includes an input unit 100 that performs reservation input in advance, a reservation confirmation processing unit 200 that periodically confirms reservations, a check-in processing unit 300 that confirms whether the network terminal 008 is connected to the corresponding partition, Check whether the terminal connected in the check-out processing unit 400, the check-in processing unit 300, and the check-out processing unit 400 that confirms whether or not the network terminal 008 has been disconnected from the corresponding partition is authentic Terminal confirmation processing unit 500 and a break-off processing unit 600 in which the user arbitrarily changes the access control state.

In addition, a reservation DBa00 for storing the reservation status, a network device DBb00 that holds information on the configured network devices and access control commands, an area information DBc00 that holds area information for which access control is required, a network Each database of server information DBd00 holding server information that needs to be accessed from a terminal is provided.
As described above, the management servers 001 to 600 are each processing unit based on the specific area network access control program, which reads out the access control program from the memory under the control of one or more processors. Each process is performed by executing. For example, the reservation confirmation processing is performed by comparing with the reservation date and time registered by the arithmetic circuit in the processor, and the network terminal 008 in the specific area is compared with the address of the corresponding partition registered to the corresponding partition. The connection is confirmed, and if it does not match with the address, the disconnection from the corresponding section is confirmed.

FIG. 2 is a flowchart showing the processing operation of the input unit in FIG.
The operation purpose of the input unit 100 is that a user who uses the network terminal 008 inputs a prior application to use a partition with a low security level and access control. As a process for that, the following steps are executed.
First, the user inputs an IP address, a MAC address, and a usage service (server) as information on the usage location, usage date, usage start time, usage start time, usage end time, and network terminal to be used together with the input unit start (step 100). Perform (step 101). The input information is stored in the reservation DBa00 (step 102), and “0” is substituted to initialize the check-in flag of the input data (step 103).

FIG. 3 is a flowchart showing the processing operation of the reservation confirmation processing in FIG.
The operation purpose of the reservation confirmation processing unit 200 is to periodically determine whether or not it is a reserved time zone registered in the reservation DBa00. As a process for that, the following steps are executed.
The operation of the reservation confirmation processing unit 200 is executed periodically (for example, every minute). First, the system date is compared with the use date stored in the reservation DBa00 (step 201). If it is not the same day, the process is terminated. If it is the same day, the system time is compared with the use start time stored in the reservation DBa00 table (see FIG. 8) (step 202).

  If the system time has not reached the use start time, the process is terminated. If the system time has reached the use start time, the system time is further compared with the use end time stored in the reservation DBa00 table (step 203) to determine whether the system time is within the reserved use time. Make a decision. If the system time has passed the reservation end time, check-out processing is performed (step 207). If the reservation end time has not passed, the check-in flag stored in the reservation DBa00 table is determined. Perform (step 204). If the check-in flag is “0”, which is the initial value, the network terminal 008 has not been connected to the corresponding area after the usage time has elapsed, so the check-in process is performed (step 206). If the network terminal 008 is connected to the area, the check-in flag is “1” other than the initial value, and the check-out process is executed (step 207). Hereinafter, the check-in process (step 206) will be described with reference to FIG. 4, and the check-out process (step 207) will be described with reference to FIG.

FIG. 4 is a flowchart showing the processing operation of the check-in processing unit which is a subsystem of the reservation confirmation processing in FIG.
The operation purpose of the check-in processing unit 300 is to release a network in a specific area when the usage time is reached, determine whether or not the requested regular network terminal is connected, and connect the regular network terminal. In such a case, access control is performed so that only the server used from the network terminal can be accessed.
As a process for that, each step shown in FIG. 4 is performed.

Before that, a reservation DB table and an area information DB table, and a network device DB and a server information DB table will be described.
FIG. 8 is a diagram showing a table of the reservation DBa00 and item descriptions of the table.
This table includes the usage location (name of the low security area where the terminal is brought in (for example, the name of the conference room)), usage date, usage start time, usage end time, usage PC information IP address, usage PC information MAC address, usage. Each item includes a server (a server name used from a low security area) and a check-in flag (a flag for determining whether or not check-in processing has been completed).

FIG. 9 is a diagram illustrating a table of the area information DB and item descriptions of the table.
This table includes items of usage location, switching hub name, usage port number, access control name (name used during access control), and vlan number (vlan number used at usage location).

FIG. 10 is a diagram illustrating a network device DB table and item descriptions of the table.
This table includes a switching hub name, its IP address, an account for logging in to the switching hub, a login password, a port disconnection command, a port return command, an access control command (setting), an access control command (cancellation), and an fdb command. There are items of (connection port and MAC address correspondence table), arp command (MAC address and IP address correspondence table) and backbone device (IP address).

FIG. 11 is a diagram illustrating a table of the server information DB and item descriptions of the table.
In this table, there are items of a used server (a server name used from a low security area), an IP address (an IP address of a used server), and a service port (a used service port number).

In FIG. 4, first, the same record as the use place of the area information DBc00 (FIG. 9) is referred from the use place of the reservation DBa00 table (FIG. 8) (step 301), and the network device DB (FIG. The same record as the switching hub of 10) is referred to (step 302).
Next, the server information DBd00 (FIG. 11) refers to the record whose use server is the management server 001 (step 303). Log in to the switching hub used by the specific area that uses the network terminal from the IP address, account, and password of the network device DB (FIG. 10) from the referenced information (step 304).

Subsequently, in order to block access to all from the network terminal to be used, a command is generated from the access control command of the network device DBb00 table (FIG. 10) based on the user PC IP address of the reservation DBa00 (FIG. 8). (Step 305).
Further, in order to allow access only from the network terminal to be used to the management server 001, the access control name in the area information DBc00 table (FIG. 9), the IP address of the management server 001 in the server information DBd00 (FIG. 11), and the service port Based on the user PC address of the reservation DBa00 table (FIG. 8), a command is generated and issued from the access control command of the network device DBb00 (FIG. 10) (step 306).

  Next, a command is generated from the port restoration command of the network device DBb00 table (FIG. 10) based on the vlan number and the used port number of the area information DBc00 table (FIG. 9) in order to release the port of the specific area to be used. (Step 307). Since the network terminal applied for from the applied specific area can access the management server 001, the user logs out from the switching hub (step 308). Thereafter, a terminal confirmation process (step 309) is performed to confirm whether the network terminal is connected to the specific area or whether the connected network terminal is an authorized application. Details of the terminal confirmation process (step 309) will be described with reference to FIG.

  Based on the result of the terminal confirmation process (step 309), it is determined whether the terminal is a legitimate terminal (step 310). If the connected network terminal is an authorized regular network terminal, log in again to the switching hub used by the specific area that uses the network terminal from the IP address, account, and password of the network device DBb00 (FIG. 10). (Step 315). Subsequently, in order to permit access from the network terminal to be used to the applied usage server, the access control name in the area information DBc00 table (FIG. 9), the IP address of the usage server in the server information DBd00 (FIG. 11), and the service Based on the user PC IP address of the port and reservation DBa00 table (FIG. 8), a command is generated and issued from the access control command of the network device DBb00 table (FIG. 10) (step 316).

  On the other hand, if the connected network terminal is not a regular network terminal that has been applied for or has not been connected yet, the specific area that uses the network terminal again from the IP address, account, and password of the network device DBb00 (FIG. 10) Log in to the switching hub used by (step 311). Subsequently, in order to block the network used in the specific area, a command is issued from the port blocking command of the network device DBb00 table (FIG. 10) based on the vlan number and the used port number of the area information DBc00 table (FIG. 9). Generate and issue (step 312). Further, all the contents for which access control is performed are restored.

  Next, in order to cancel the setting that blocked access to all from the network terminal to be used, access to the network device DBb00 table (FIG. 10) based on the user PC IP address of the reservation DBa00 table (FIG. 8). A command is generated from the control release command and issued (step 313). Furthermore, in order to cancel the setting that allowed access only to the management server 001 from the network terminal to be used, the access control name in the area information DBc00 table (FIG. 9), the IP address of the management server in the server information DBd00 (FIG. 11) Based on the user PC IP address of the service port and reservation DBa00 table (FIG. 8), a command is generated and issued from the access control release command of the network device DBb00 table (FIG. 10) (step 314). Since the process of issuing the command is completed, logout is performed from the switching hub (step 317).

FIG. 5 is a flowchart showing the processing operation of the check-out processing unit which is a subsystem of the reservation confirmation processing unit in FIG.
The operation purpose of the check-out processing unit 400 is to cancel the port opening (blocking of the port) performed by the check-in processing unit 300 and to control access when the use end time for which the application for the network in the specific area is exceeded. Return to the normal state. Also, if the network terminal is disconnected from the network for a certain period, access to the server that was applied for and used is blocked, and if the network terminal is not connected to the network after a certain period of time, the use is terminated. The port blocking and access control performed by the check-in processing unit 300 are returned to the normal state. As a process for that, the following steps are executed.

  First, the system time is compared with the use end time stored in the reservation DBa00 table (FIG. 8) (step 401). If the system time is not yet the end-of-use time, a terminal confirmation process that confirms whether a network terminal is connected to a specific area or whether the connected network terminal is an authorized application Is performed (step 402). Details of the terminal confirmation process will be described with reference to FIG.

Next, it is determined whether or not the network terminal is connected to the specific area (step 403), and when the network terminal is not connected, the processing to be executed is varied depending on the disconnected time. In this embodiment, if the disconnection time exceeds 3 minutes, access to the requested server is stopped, and it is determined that the use has ended after 5 minutes (step 404). You can set it with. If it exceeds 3 minutes, perform the next step.
Log in to the switching hub used by the specific area using the network terminal from the IP address, account, and password of the network device DBb00 (FIG. 10) (step 405). In order to block the access from the network terminal to be used to the applied usage server, the access control name in the area information DBc00 table (FIG. 9), the IP address of the usage server in the server information DBd00 (FIG. 11), the service port, and the reservation Based on the user PC IP address of the DBa00 table (FIG. 8), a command is generated from the access control release command of the network device DBb00 table (FIG. 10) and issued (step 406). Since the process for issuing the command is completed, the user logs out from the switching hub (step 407).

If it exceeds 5 minutes, the next step is executed.
Log in to the switching hub used by the specific area using the network terminal from the IP address, account, and password in the network device DBb00 table (FIG. 10) (step 415). In order to block the network used in a specific area, a command is generated from the port blocking command of the network device DBb00 table (FIG. 10) based on the vlan number of the area information DBc00 (FIG. 9) and the used port number. Is issued (step 416). An access control release command for the network device DBb00 table (FIG. 10) based on the user PC IP address of the reservation DBa00 table (FIG. 8) in order to release the setting that has blocked access to all from the network terminal to be used. A command is generated from and issued (step 417).

  Furthermore, in order to cancel the setting that allowed access only to the management server 001 from the network terminal to be used, the access control name in the area information DBc00 table (FIG. 9), the IP address of the management server in the server information DBd00 (FIG. 11) Based on the user PC IP address of the service port and reservation DBa00 table (FIG. 8), a command is generated from the access control release command of the network device DBb00 table (FIG. 10) and is issued (step 418). . Since the process of issuing the command is completed, logout is performed from the switching hub (step 419). Finally, the corresponding reservation record is deleted from the reservation DBa00 (step 420).

  If it is determined in step 403 that a network terminal is connected, it is determined whether or not the terminal is a network terminal that has been properly applied (step 409). Next, a determination is made as to whether or not the connected network terminal is the requested regular one (step 410). If it is regular, it is determined whether or not the switching time is between 4 and 5 minutes (step 410). If it is 4 to 5 minutes, the access from the network terminal used in step 406 to the server to be used is blocked, and the next step is executed to perform access control so that communication to the server can be performed again. To do.

  Log in to the switching hub used by the specific area that uses the network terminal from the IP address, account, and password of the network device DBb00 (FIG. 10) (step 411). Subsequently, in order to permit access from the network terminal to be used to the applied usage server, the access control name in the area information DBc00 table (FIG. 9), the IP address of the usage server in the server information DBd00 (FIG. 11), and the service Based on the user PC IP address of the port and reservation DBa00 table (FIG. 8), a command is generated from the access control command of the network device DBb00 table (FIG. 10) and issued (step 412). Since the process of issuing the command is completed, logout is performed from the switching hub (step 413). Then, since the regular network terminal is normally connected, a process of returning the disconnection time to the initial value “0” is performed (step 414).

In step 410, if the system time exceeds the requested usage time, or if the network terminal connected in step 409 is not a legitimate terminal, it is necessary to forcibly terminate the use in these cases. So there is a next step.
Log in to the switching hub used by the specific area that uses the network terminal from the IP address, account, and password of the network device DBb00 (FIG. 10) (step 421). In order to block the network used in the specific area, a command is generated from the port blocking command of the network device DBb00 table (FIG. 10) based on the vlan number of the area information DBc00 table (FIG. 9) and the used port number. This is issued (step 422).

  An access control release command for the network device DBb00 table (FIG. 10) based on the user PC IP address of the reservation DBa00 table (FIG. 8) in order to release the setting that has blocked access to all from the network terminal to be used. A command is generated from and issued (step 423). Furthermore, in order to cancel the setting that allowed access only to the management server 001 from the network terminal to be used, the access control name in the area information DBc00 table (FIG. 9), the IP address of the management server in the server information DBd00 (FIG. 11) Based on the user PC IP address of the service port and reservation DBa00 table (FIG. 8), a command is generated from the access control release command of the network device DBb00 table (FIG. 10) and issued (step 424). .

  Next, it is determined whether or not the switching time is 4 minutes or more (step 425). If the switching time has exceeded 4 minutes, access from the network terminal used in step 406 to the applied server is blocked, but in other cases, it has not been blocked yet. Based on the access control name in the area information DBc00 table (FIG. 9), the IP address of the use server in the server information DBd00 (FIG. 11), and the user port IP address in the service port and reservation DBa00 table (FIG. 8) A command is generated from the access control release command in the device DBb00 table (FIG. 10) and issued (step 426). Since the process for issuing the command is completed, the user logs out from the switching hub (step 427). Finally, the corresponding reservation record is deleted from the reservation DBa00 (step 428).

FIG. 6 is a flowchart showing the processing operation of the terminal confirmation processing unit in FIG.
The operation purpose of the terminal confirmation processing unit 500 is to determine which port of the switching hub connected to the specific area the MAC address of the network terminal applied in advance, and the IP address of the core switching hub When the IP address of the MAC address connected from the MAC address correspondence table is a pre-applied IP address, the network terminal is connected or the applied regular network terminal is connected Judgment is made. As a process for that, the following steps are executed.

  First, the same record as the use place of the area information DBc00 (FIG. 9) is referred from the use place of the reservation DBa00 table (FIG. 8) (step 501), and the network device DBb00 (FIG. 10) is switched from the switching hub of the referenced record. The same record as the hub is referred to (step 502). Based on the referenced information, login is performed to the switching hub used by the specific area using the network terminal from the IP address, account, and password of the network device DBb00 (FIG. 10) (step 503). Subsequently, in order to obtain information on which port of the switching hub the applied network terminal is connected to, the network device DBb00 table (FIG. 10) based on the user PC IP address of the reservation DBa00 table (FIG. 8). A command is generated from the fdb command and is issued (step 504). Information on which port of the switching hub the MAC address of the applied network terminal is connected is obtained from the output result (step 505), and logout is performed from the switching hub (step 506).

Next, in step 505, it is determined whether or not information has been obtained (step 507).
If the information cannot be obtained, the applied network terminal is not connected to the network, and NG information is given to the connection confirmation (step 517), and NG information is given to the regular terminal. When the output result is obtained, the obtained port number is compared with the use port number of the area information DBc00 (FIG. 9) (step 508), and if they are the same, OK information is given to the connection confirmation ( Step 509). Then, the network device DBb00 (FIG. 10) logs in to the switching hub serving as the backbone device from the IP address, account, and password (step 511).

  Subsequently, in order to obtain information on the IP address actually used from the MAC address of the applied network terminal, an arp command is generated based on the user PC IP address in the reservation DBa00 table (FIG. 8). Is issued (step 512). Information on the IP address used by the MAC address of the applied network terminal is obtained from the output result (step 513), and logout is performed from the switching hub (step 514). Next, the IP address obtained in step 513 is compared with the IP address used in the reservation DBa00 table (FIG. 8) (step 515). If they are the same, the requested regular network terminal is connected. Therefore, OK information is given to the legitimate terminal (step 516). If they are different, it is judged that the information of the network terminal is spoofed, and NG information is given to the legitimate terminal (step 518).

FIG. 7 is a flowchart showing the processing operation of the break-off processing unit in FIG.
The purpose of the operation of the break-off processing unit 600 is that if the user leaves the network terminal on the spot for some reason from the network terminal used in the specific area, the user can apply for it arbitrarily. Block access to the used server. As a process for that, the following steps are executed.
First, when leaving a seat, the user determines and selects to start the break-off process (step 605). Thereby, login is performed to the switching hub used by the specific area using the network terminal from the IP address, account, and password of the network device DBb00 (FIG. 10) (step 606). In order to block the access from the network terminal to be used to the applied usage server, the access control name in the area information DBc00 table (FIG. 9), the IP address of the usage server in the server information DBd00 (FIG. 11), the service port, and the reservation Based on the user PC IP address of the DBa00 table (FIG. 8), an access control release command for the network device DBb00 table (FIG. 10) is generated and issued (step 607).

  Since the process for issuing the command is completed, the user logs out from the switching hub (step 608). When returning from the absence and accessing the applied server again, the user selects to end the break-off process (step 601). Thereby, login is performed to the switching hub used by the specific area using the network terminal from the IP address, account, and password of the network device DBb00 (FIG. 10) (step 602). In order to enable access from the network terminal to be used to the applied usage server, the access control name in the area information DBc00 table (FIG. 9), the IP address of the usage server in the server information DBd00 (FIG. 11), and the service port, Based on the user PC IP address in the reservation DBa00 table (FIG. 8), a command is generated from the access control command in the network device DBb00 table (FIG. 10) and issued (step 603). Since the process for issuing the command is completed, the user logs out from the switching hub (step 604).

It is a block diagram of a specific area network access control system according to an embodiment of the present invention. It is a flowchart which shows the processing operation example of the input part in FIG. It is a flowchart which shows the processing operation example of the reservation confirmation process part in FIG. It is a flowchart which shows the processing operation example of the check-in process part in FIG. It is a flowchart which shows the processing operation example of the checkout process part in FIG. It is a flowchart which shows the process operation example of the terminal confirmation process part in FIG. It is a flowchart which shows the process operation example of the break-off process part in FIG. It is a figure which shows the structural example of the reservation DB table in FIG. It is a figure which shows the table structural example of area information DB in FIG. It is a figure which shows the table structural example of network device DB in FIG. It is a figure which shows the table structural example of server information DB in FIG.

Explanation of symbols

000 Internal network 001 Management server 002 Core switching hub 003 Switching hub 004 Switching hub 005 Server A
006 Server B
007 Network terminal 008 Network terminal (low security area)
a00 Reservation DB
b00 Network equipment DB
c00 Area information DB
d00 Server information DB
DESCRIPTION OF SYMBOLS 100 Input part 200 Reservation confirmation process part 300 Check-in process part 400 Check-out process part 500 Terminal confirmation process part 600 Break-off process part

Claims (5)

In a specific area network access control method for permitting connection only by a time zone of a network terminal in a specific area by controlling the processor,
The processor blocks the connection of the network terminal in the specific area by setting the port of the switching hub in the specific area in advance.
When the requested usage time is reached, it is determined whether the requested regular network terminal is connected to the switching hub, and whether the regular network terminal is connected by periodically opening the port. Check
The specific area network access control method, wherein the processor performs access control by the switching hub so that only the applied service is used when a regular network terminal is connected. In the specific area network access control method according to claim 1,
The processor performs access control at a switching hub when the use of a service applied from a connected network terminal is arbitrarily stopped or restarted by the user from the network terminal. Specific area network access control method. In the specific area network access control method according to claim 1,
When the network terminal connected to the specific area is disconnected from the network, the processor performs access control at the switching hub so that the requested service becomes unavailable after a predetermined time t1. Further, the specific area network access control method characterized in that, when a predetermined time t2 elapses, it is determined that the use is finished and the port of the switching hub is shut off. In a specific area network access control system that permits connection by a time zone only for network terminals in a specific area under the control of the processor,
Reservation confirmation processing means for initializing a check-in flag of input data by comparing the use date and use time input from the network terminal with the use date and use time registered in the reservation DB; ,
Block the switching hub port in a specific area in advance, and when the requested usage time is reached, open the port to check whether the requested regular network terminal is connected, and check the regular network Check-in processing means for performing access control at the switching hub so that only the applied service can be used when the terminal is connected;
When the network terminal is disconnected from the network, when a predetermined time elapses, the requested service is disabled, and when the predetermined time elapses, it is determined that the use is finished, and the port is Checkout processing means to block;
A specific area comprising: a break-off processing means for performing access control at the switching hub when the use of the service applied from the network terminal is arbitrarily stopped or restarted by the control from the network terminal. Network access control system. A program for controlling access to a specific area network that permits connection by a time zone only to network terminals in a specific area,
A procedure for specifying the check-in flag of the input data by comparing the processor with the usage date and usage time input from the network terminal and the usage date and usage time registered in the reservation DB. Procedure for blocking the port of the switching hub in the area in advance, when the requested usage time is reached, procedure for opening the port and confirming whether or not the requested regular network terminal is connected, regular network terminal If the network terminal is disconnected from the network, when the predetermined time elapses, the requested service is deleted. When the procedure for making it unusable, and when a predetermined time has passed, it is determined that the use has ended, A procedure for shutting down the network, and when the use of the service applied from the network terminal is arbitrarily stopped or resumed by the control from the network terminal, the procedure for performing the access control at the switching hub Specific area network access control program.

Images