JP2010035101A - Access control apparatus, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily and surely prevent unauthorized access in a remote access environment. <P>SOLUTION: An access control apparatus 10 connected to an intra-base LAN 20 and a wide-area network 30 is made to carry out following processing. First of all, in a case where call incoming from the wide-area network 30 is a call connection request relating to a voice speech, the access control apparatus 10 is made to carry out processing for refusing the call incoming by storing a calling source identifier uniquely indicating the calling source of the request. In a case where call incoming from the wide-area network 30 is a request of access to the intra-base LAN 20, the access control apparatus 10 is made to carry out processing for authenticating the transmission source of the access request with the stored calling source identifier as authentication information. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to access control when accessing a device connected to a LAN (Local Area Network) installed in a base via a wide area network such as an ISDN network.

In recent years, companies have been trying to improve management efficiency by connecting a database server storing various information such as customer information and accounting information and a computer device used by each employee to a LAN to establish an in-house information system. Generally done. Some in-house information systems of this type are connected to a wide area network such as an ISDN network via an access control device. In the in-house information system connected to the wide area network in this way, each employee can access each device in the system from the destination or the like via the wide area network (hereinafter referred to as remote access). Here, the access control device is a computer that stores authentication information such as a user ID and a password for a user who permits remote access, and prevents unauthorized access by authenticating the access source using the authentication information. It is an apparatus (for example, refer nonpatent literature 1).
[online], Yamaha Corporation, [Search July 7, 2008], Internet <URL: http: //www.rtpro.yamaha.co.jp/RT/docs/example/dialup.html#2>

However, it is very troublesome to register the authentication information in advance in the access control apparatus for all users who may allow remote access. Further, if the authentication information registered in this way leaks outside the company, unauthorized access to the in-house information system is permitted. In other words, the conventional access control technique has a problem that preparation work for realizing access control takes a lot of time, but it cannot be said that unauthorized access can be surely prevented.
The present invention has been made in view of the above problems, and an object of the present invention is to provide a technique that can easily and reliably prevent unauthorized access in a remote access environment.

  In order to solve the above-described problems, the present invention is a communication network that supports storage means and voice communication and data communication, and has a function of notifying a transmission source identifier uniquely indicating a transmission source to the transmission destination. Communication means connected to a first communication network and a second communication network different from the first communication network, and an incoming call from the first communication network is a call call requesting the start of a voice call In some cases, the originator identifier notified from the first communication network along with the call origination is written in the storage means, while the incoming call from the first communication network is connected to the second communication network. Control means for authenticating the transmission source of the access request using the transmission source identifier stored in the storage means as authentication information. Access control device characterized by And computer apparatus for providing a program for causing to function as each means.

  According to such an access control apparatus and program, the originator identifier notified from the first communication network when a call is received is stored as authentication information, and the authentication information thus stored is used to store the second identifier. Authentication is performed as to whether or not data communication with a device in the communication network is permitted. For this reason, it is possible to prevent unauthorized access without preliminarily performing operations such as storing authentication information for all users who may allow remote access in the access control device. Also, it is generally difficult to misrepresent the sender identifier notified from the first communication network. For this reason, unless a communication device (for example, a mobile phone) used for registration of a sender identifier is lost or stolen, it is impossible for another person to register the sender identifier in the access control device. Yes, unauthorized access by others can be surely prevented.

  By the way, in conventional user authentication using a user ID / password, it is recommended to periodically change them in order to deal with unauthorized access due to leakage or theft of the user ID / password. For this reason, also in the present invention, it is preferable to delete the sender identifier stored in the storage means of the access control device at a predetermined timing. Specifically, the sender identifier may be deleted from the storage means when the sender of the access request is authenticated using the sender identifier stored in the storage means. The time counting may be started from the time when the sender identifier is written, and the sender identifier may be deleted from the storage means when a predetermined timeout time has elapsed.

  In a more preferred aspect, the control means of the access control device writes the caller identifier into the storage means only when the call origination corresponds to a predetermined call pattern. According to such an aspect, by keeping the call pattern secret from outsiders, it is possible to prevent unauthorized registration of a sender identifier by outsiders, and to prevent unauthorized access via a wide area network. It becomes possible to improve the property.

  In another preferred aspect, the control means of the access control device generates a password every time a call is received, and associates the password with a sender identifier indicating the sender of the call. In addition to writing to the storage means, the password is returned to the transmission source of the call and when the access request is received, the sender identifier and password stored in the storage means are used as authentication information. It is characterized by authenticating the source of the access request. According to such an aspect, it is possible to further improve the certainty of preventing unauthorized access.

Hereinafter, the best mode for carrying out the present invention will be described.
(A: Configuration)
FIG. 1 is a diagram illustrating a configuration example of a communication system 1 including an access control apparatus 10 according to an embodiment of the present invention. As shown in FIG. 1, in addition to the access control device 10, the communication system 1 includes a local LAN 20, a wide area network 30, a remote access terminal 40, a gateway device (hereinafter “GW”) 50, a mobile telephone network 60, and a mobile phone. A telephone 70 is included.

  The base LAN 20 is, for example, Ethernet (registered trademark), and is laid in a base such as a company branch. Although detailed illustration is omitted in FIG. 1, the local LAN 20 includes a plurality of devices (for example, a database server storing various information such as customer information and accounting information) The terminal device to be used) is connected. As shown in FIG. 1, the intra-site LAN 20 is connected to the wide area network 30 via the access control device 10, and accesses the devices connected to the intra-site LAN 20 from the outside of the base via the wide area network 30. can do.

  The wide area network 30 of FIG. 1 is, for example, an ISDN telephone network, and mediates voice calls and data communications performed between terminals connected to the local network. Further, the wide area network 30 has a function of notifying a transmission destination identifier (for example, a telephone number) uniquely indicating the transmission source when mediating a voice call or data communication. As shown in FIG. 1, a remote access terminal 40 that performs data communication with each computer device in the local area LAN 20 is connected to the wide area network 30 via the access control device 10, and a mobile telephone network 60 is connected via a GW 50. Is connected. The GW 50 is a relay device that relays data communication while performing mutual conversion between a communication protocol in the wide area network 30 and a communication protocol in the mobile telephone network. The cellular phone 70 shown in FIG. 1 is accommodated in the mobile telephone network 60 and is used for voice communication with other cellular phones accommodated in the mobile telephone network 60 and telephones connected to the wide area network 30. is there.

The access control device 10 in FIG. 1 is connected to a device connected to the second communication network (local LAN 20) via the first communication network (wide area network 30), as in Non-Patent Document 1. This is to prevent unauthorized access. However, this access control device 10 is characterized in that it can prevent unauthorized access without registering authentication information for all users who may allow remote access in advance. is there. Although the access control device 10 is not provided with a voice call function, a communication address (that is, a call destination identifier when a call is made to the access control device 10 via the wide area network 30 (that is, a call address) , Telephone number) is assigned in advance, and this callee identifier is known only to employees working at the base. This call destination identifier is used when accessing the access control apparatus 10 via the wide area network 30.
Hereinafter, the access control apparatus 10 that clearly shows the features of the present invention will be mainly described.

FIG. 2 is a diagram illustrating a configuration example of the access control apparatus 10.
As shown in FIG. 2, the access control device 10 includes a control unit 110, a communication unit 120, a storage unit 130, and a bus 140 that mediates data exchange between these components.
The control unit 110 is, for example, a CPU (Central Processing Unit). The control unit 110 plays the role of the control center of the access control device 10 by executing the control program 132 a stored in the storage unit 130. The processing executed by the control unit 110 according to the control program 132a will be clarified later.

  As shown in FIG. 2, the communication unit 120 includes a first communication interface (hereinafter, “I / F”) unit 120a and a second communication I / F unit 120b. The first communication I / F unit 120a and the second communication I / F unit 120b are, for example, NICs (Network Interface Cards), and are connected to different communication networks. Specifically, the first communication I / F unit 120 a is connected to the wide area network 30, and the second communication I / F unit 120 b is connected to the local LAN 20. The first communication I / F unit 120a and the second communication I / F unit 120b provide the data received from the communication network that is the connection destination to the control unit 110, and connect the data output from the control unit 110 to the above-described connection. Output to the destination network.

  As illustrated in FIG. 2, the storage unit 130 includes a volatile storage unit 131 and a nonvolatile storage unit 132. The volatile storage unit 131 is used by the control unit 110 as a work area when executing various programs. The volatile storage unit 131 stores an authentication information table 131a. In the authentication information table 131a, authentication information (data corresponding to a user ID in the conventional access control technology) about a user who is permitted to remotely access various devices in the local LAN 20 via the access control device 10 is stored. Is stored. In this embodiment, the authentication information table 131a is stored in the volatile storage unit 131, but may be stored in the nonvolatile storage unit 132.

  On the other hand, the nonvolatile storage unit 132 is, for example, a ROM (Read Only Memory) or a hard disk. The nonvolatile storage unit 132 stores in advance a control program 132a that causes the control unit 110 to execute an access control process and a timeout monitoring process that significantly show the features of the access control device according to the present invention. Details of the access control process and the timeout monitoring process will be described below with reference to the drawings.

  FIG. 3 is a flowchart showing the flow of access control processing executed by the control unit 110 in accordance with the control program 132a. As shown in FIG. 3, the control unit 110 waits for an incoming call from the first communication network (wide area network 30) (step SA010), and until there is an incoming call (that is, the determination result of step SA010 is “No”). Step SA010 is repeatedly executed. Then, when the determination result in step SA010 is “Yes”, the control unit 110 executes the processes after step SA020.

  In step SA020, processing for determining whether or not the incoming call from the wide area network 30 is due to a call origination is performed based on the content of the incoming call (that is, the content of the communication message received from the wide area network 30). As described above, since there are voice communication and data communication in the communication mode via the wide area network 30, the determination result in step SA020 is “Yes” when the call is based on a call origination. In the case of an access request for requesting the start of data communication, the determination result in step SA020 is “No”.

  When the determination result in step SA020 is “Yes”, the control unit 110 uses the caller identifier (that is, the caller's telephone number) notified from the wide area network 30 together with the call origination as the access control device 10. A process of registering as authentication information when determining whether or not remote access is possible (ie, a process of writing in the authentication information table 131a) is executed (step SA030). Next, the control unit 110 starts time counting from the time when the registration is performed as a starting point, and starts execution of the timeout monitoring process (step S040). This timeout monitoring process will be described in detail later. Then, control unit 110 notifies call rejection to the call originator (step SA050). Here, the reason why the incoming call is rejected from the call originator is that the access control device 10 does not support voice calls. Since the incoming call is rejected as described above, a call charge is not charged for a call for registering authentication information.

  Thereafter, the control unit 110 determines whether or not an instruction to end the execution of the control program 132a is given via an operation unit (not shown) (step SA070). If the determination result is “Yes”, the control program The execution of 132a is terminated. On the other hand, when the determination result in step SA070 is “No”, the control unit 110 repeatedly executes the processes after step SA010.

  On the other hand, if the determination result in step SA020 is “No”, the control unit 110 uses the authentication information stored in the authentication information table 131a (in this embodiment, the transmission source identifier written in step SA030). Then, the authentication process (step SA060) for the access request transmission source is executed. The authentication process executed in step SA060 is not particularly different from that in the conventional access control apparatus (see Non-Patent Document 1), and the outline thereof is as follows. The control unit 110 determines whether the authentication information transmitted from the access request transmission source matches any of the authentication information stored in the authentication information table 131a. In the case where they do not match, the start of data communication is rejected. Here, the transmission mode of the authentication information from the transmission source of the access request may be a mode transmitted with the access request, and the control unit 110 that has received the access request authenticates the transmission source. A mode in which transmission of information is requested and the transmission source of the access request returns authentication information in response to the request may be employed.

  As described above, according to the access control apparatus 10 according to the present embodiment, when remote access is made to each device in the local area LAN 20 via the access control apparatus 10, the access control apparatus is prior to the remote access. It is necessary to make a call to 10 address. For this reason, it is necessary to make a call to the access control device 10 in advance and inform only the employee of the telephone number that is the destination of the call and keep it secret to outsiders. Thus, unauthorized remote access by those outsiders can be prevented. As described above, according to the access control apparatus 10 according to the present embodiment, authentication for all users who may perform remote access via the access control apparatus 10 to various devices connected to the local LAN 20. Even if information is not registered in the access control apparatus 10 in advance, unauthorized access can be prevented.

  Next, the timeout monitoring process executed in step SA040 of the access control process will be described with reference to FIG. FIG. 4 is a flowchart showing the flow of timeout monitoring processing executed by the control unit 110 according to the control program 132a. As shown in FIG. 4, the control unit 110 first determines whether or not a predetermined time has elapsed since the process of step SA020 (source identifier registration) was performed in the access control process described above (step SB010) While the determination result is “No”, the process of step SB010 is repeatedly executed. When the determination result in step SB010 is “Yes”, the control unit 110 deletes the sender identifier from the authentication information table 131a (step SB020), and ends this timeout monitoring process.

When the sender identifier is deleted from the authentication information table 131a, the authentication is rejected even if user authentication is attempted using the sender identifier as authentication information until the sender identifier is registered again. . That is, the transmission source identifier registered in step SA040 of the access control process serves as a one-time account that is valid for a predetermined time from the time when the registration is made. As described above, the sender identifier registered in step SA040 of the access control process plays the role of a one-time account in the conventional user authentication using the user ID / password as the authentication information. This is to cope with unauthorized access due to leakage or theft of such authentication information, as is recommended to update.
The above is the configuration of the access control apparatus 10.

(B: Operation)
Next, operations executed by the access control apparatus 10 will be described with reference to FIG. A user who intends to use the remote access terminal 40 to perform data communication with a device connected to the local LAN 20 first operates the cellular phone 70 to specify the telephone number assigned to the access control device 10 as the destination. Input as a telephone number and attempt to make a call to the access control apparatus 10. Such call origination is routed by the mobile telephone network 60, the GW 50, and the wide area network 30, and arrives at the access control apparatus 10. As shown in FIG. 5, the control unit 110 of the access control device 10 determines that the incoming call is a call outgoing call based on the incoming call content (FIG. 3: step SA020: Yes), and the wide area network 30. The sender identifier notified by the calling number notification function is written into the authentication information table 131a, the execution of the timeout monitoring process (see FIG. 4) is started, and the incoming call is rejected (FIG. 3: steps SA030 to SA050). Execute. In addition, in the mobile phone 70, the setting is made so that the sender identifier is not notified, and when the sender identifier is not notified for this setting, only the process of rejecting the incoming call is executed in the control unit 110. You can make it.

  On the other hand, the user can grasp that the registration of the authentication information is completed by the notification of the incoming call rejection. In this way, the user who knows that the registration of authentication information has been completed inputs the source identifier to the remote access terminal 40, and connects the source identifier to the intra-site LAN 20 as authentication information such as a user ID. Attempts to start data communication with the connected device (that is, remote access via the access control device 10). Here, various modes are conceivable as a mode for inputting the above-mentioned source identifier to the remote access terminal 40. Specifically, the operation unit (not shown) of the remote access terminal 40 is operated to key-in the sender identifier, and the sender identifier such as a mobile phone SIM card, SD card, or RFID tag is written. A mode in which the recorded recording medium is attached to the remote access terminal 40 and input via the recording medium, a mode in which communication is performed via a communication cable such as a USB cable, or wireless communication such as IrDA is used.

  The access request transmitted from the remote access terminal 40 as described above is routed by the wide area network 30 and arrives at the access control apparatus 10. The control unit 110 of the access control device 10 determines from the content of the incoming call that the incoming call is an access request related to data communication (FIG. 3: Step SA020: No), and executes an authentication process. As shown in FIG. 5, when the access request is made before a predetermined time T has elapsed since the registration of the sender identifier, the sender identifier is stored in the authentication information table 131a. Therefore, the access request is permitted. When the remote access terminal 40 receives an access permission notification indicating that remote access is permitted from the access control device 10, it establishes a communication session with a data communication partner device (device connected to the local LAN 20). Then, data communication is started through this communication session.

  When a predetermined time T elapses after the registration of the sender identifier, the access control apparatus 10 deletes the sender identifier from the authentication information table 131a by the timeout monitoring process (FIG. 4: step SB20). For this reason, even if the user who registered the source identifier tries to perform remote access by operating the remote access terminal 40 after a predetermined time T has elapsed since registration of the source identifier, the access request Will be rejected (see FIG. 5).

  Thus, according to the present embodiment, when remote access is made to the local LAN 20 via the access control device 10, it is necessary to make a call to the access control device 10, and , Only inform employees of the phone number that is the destination of the call and keep it secret for outsiders, so that authentication information for all users who may allow remote access is pre- Unauthorized access can be prevented without preparations such as storing in the access control device 10. In addition, since the sender identifier notified from the wide area network 30 is used as authentication information, it is difficult to spoof the sender identifier. For this reason, as long as the mobile phone 70 is not lost or stolen, it is possible to reliably prevent unauthorized access due to the spoofing of the sender identifier.

(C: deformation)
As mentioned above, although embodiment of this invention was described, it is needless to say that the modification described below may be added to this embodiment.
(1) In the above-described embodiment, the control unit 110 of the access control device 10 performs the time-out monitoring process for deleting the source identifier when a predetermined time has elapsed since the registration of the source identifier in the authentication information table 131a. However, such a timeout monitoring process is not always essential. For example, after completion of the authentication process using the sender identifier, the sender identifier may be deleted immediately. Moreover, the aspect which does not delete the transmission origin identifier written in the authentication information table 131a may be sufficient. In the above-described embodiment, the case where the first communication network (wide area network 30) is the ISDN telephone network has been described. However, the transmission source corresponds to voice communication and data communication and uniquely indicates the transmission source. Any communication network may be used as long as it has a function of notifying the transmission destination of the identifier. Furthermore, in the above embodiment, a telephone number is used as a sender identifier. However, an identifier (for example, automatically assigned in a communication network) that uniquely indicates the sender and cannot be modified or the like. Needless to say, it is not limited to a telephone number.

(2) In the above-described embodiment, the sender identifier notified from the wide area network 30 is used as the authentication information. However, when the incoming call is received, a password is generated, and the password and the sender identifier are It may be used as authentication information. As a method for generating a password, for example, a pseudo random number generation calculation with a predetermined number of digits is performed using data indicating the arrival time of a call as a seed, and a numeric character string representing the pseudo random number as the calculation result is used as the password. The method used can be considered. As a method for notifying the call originator of the password generated in this way, a communication session is established with the call originator, and the voice reading the password is transmitted to the originator. After that, the communication session may be disconnected. According to such an embodiment, while the communication session is established, the call charge is charged, but by authenticating the access request using the source identifier and the password, unauthorized access prevention can be performed. Certainty can be improved. In an aspect in which a communication session is established with a call originator, an arbitrary number of digits (for example, four digits) used as option information of a caller identifier is set on the push button on the mobile phone side. The option information may be transmitted to the access control device 10 by pressing and used as a password for authentication of the access request, or as a password for causing the access control device 10 to execute a process of storing a sender identifier. It may be used.

  Further, in the above-described embodiment, the telephone number for making a call to the access control device 10 is notified only to the employees of the branch where the in-site LAN 20 is laid, and via the access control device 10. In order to remotely access the intra-site LAN 20, it is necessary to notify only the employee that it is necessary to make a call to the telephone number in advance. Registration was avoided and unauthorized remote access to the local LAN 20 was prevented. However, in order to prevent unauthorized registration of a sender identifier more reliably, the sender identifier is stored in the access control device 10 only when a call is made with a predetermined call pattern, The calling pattern may be kept secret from outsiders. According to such an aspect, although it is necessary when performing remote access via the access control device 10, since the information that is kept secret from outsiders increases, the sender identifier by the outsider is increased. It is possible to more reliably prevent unauthorized registration. Here, as the predetermined calling pattern, for example, after a predetermined number of calls (for example, three times), the calling side is terminated from the calling side (that is, after confirming the predetermined number of ringing sounds, the mobile phone A call pattern that performs a call end operation on the side), a call pattern that continuously calls a predetermined number of times (for example, three times) at a predetermined time interval (for example, an equal interval every 20 seconds, etc.) It is done.

(3) In the above-described embodiment, a program (that is, a program for causing the control unit 110 to execute processing that significantly shows the features of the access control device according to the present invention (access control processing shown in FIG. 3 and timeout monitoring processing shown in FIG. 4) (that is, , The control program 132a) was previously written in the nonvolatile storage unit 132. However, this program may be distributed by being written on a computer-readable recording medium such as a CD-ROM (Compact Disk-Read Only Memory), or may be distributed by downloading via a telecommunication line such as the Internet. May be. The program distributed in this way may be stored in a general computer device such as a personal computer, and the above processes may be executed by operating the CPU according to the program. According to such an aspect, it becomes possible to cause a general computer device to function as the access control device according to the present invention.

It is a figure which shows the structural example of the communication system 1 containing the access control apparatus 10 which concerns on embodiment of this invention. 2 is a diagram illustrating a configuration example of the access control apparatus 10. FIG. It is a flowchart which shows the flow of the access control process which the control part 110 of the access control apparatus 10 performs according to the control program 132a. It is a flowchart which shows the flow of the time-out monitoring process which the same control part 110 performs according to the control program 132a. 3 is a diagram showing an example of a communication sequence in the communication system 1. FIG.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Communication system, 10 ... Access control apparatus, 20 ... Local area LAN, 30 ... Wide area network, 40 ... Remote access terminal, 50 ... GW, 60 ... Mobile telephone network, 70 ... Mobile phone, 110 ... Control part, 120a ... First communication I / F unit, 120b ... Second communication I / F unit, 130 ... Storage unit, 131 ... Volatile storage unit, 131a ... Authentication information table, 132 ... Non-volatile storage unit, 132a ... Control program, 140 ... bus.

Claims (6)

Storage means;
A communication network corresponding to voice communication and data communication, which is different from the first communication network having a function of notifying a transmission source identifier uniquely indicating a transmission source to the transmission destination A communication means connected to the second communication network;
When the incoming call from the first communication network is a call call requesting the start of a voice call, a caller identifier notified from the first communication network is written in the storage means together with the call call. On the other hand, when the incoming call from the first communication network is an access request for requesting the start of data communication with a device connected to the second communication network, the transmission source stored in the storage means Control means for authenticating the sender of the access request using the identifier as authentication information;
An access control device comprising: 2. The access control apparatus according to claim 1, wherein the control unit writes the caller identifier into the storage unit only when the call outgoing call corresponds to a predetermined outgoing call pattern. The control means includes
3. The sender identifier is deleted from the storage means when the sender of the access request is authenticated using the sender identifier stored in the storage means. The access control device described in 1. The control means includes
The time counting is started from the time when the sender identifier is written in the storage means, and the sender identifier is deleted from the storage means when a predetermined timeout time elapses. 3. The access control device according to 2. The control means includes
Each time a call is received, a password is generated, the password is written in the storage means in association with a sender identifier indicating the sender of the call, and the password is transmitted to the sender of the call. When an access request is sent back to request the start of data communication with a device connected to the second communication network, the sender identifier and password stored in the storage means are used as authentication information. The access control apparatus according to claim 1, wherein authentication of a transmission source of the access request is performed. Computer equipment,
A communication network corresponding to voice communication and data communication, which is different from the first communication network having a function of notifying a transmission source identifier uniquely indicating a transmission source to the transmission destination A communication means connected to the second communication network;
When the incoming call from the first communication network is a call call requesting the start of a voice call, a source identifier notified from the first communication network together with the call call is stored in the computer device. If the incoming call from the first communication network is an access request requesting the start of data communication with a device connected to the second communication network, the data is stored in the storage means. Control means for authenticating the sender of the access request using the sender identifier as authentication information;
A program characterized by functioning as

Images