JP2010128734A - Apparatus and method for access management, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve a problem of being unable to decide whether or not a Web page accessed from a user terminal is appropriate according to a time zone, in the conventional access management apparatus. <P>SOLUTION: An access management apparatus includes: an access information acquisition unit 102 for acquiring user identification information, access page information relating to the accessed Web page and access time information relating to the time when being accessed; an access decision unit 104 for acquiring the inappropriate page condition information corresponding to the time zone designation information that designates a time zone including time indicated by the access time information, from an inappropriate page condition information storage unit 103 having stored inappropriate page condition information, indicative of a condition of a Web page inappropriate to be accessed, in correspondence with time zone designation information having two designated time zones or more, and for deciding whether the access page information satisfies the condition indicated by the inappropriate page condition information; and an output unit 105 for outputting inappropriate page access information, according to the above decision result. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an access management device and the like for managing access to a WEB page or the like.

Conventionally, there has been known an access log collection system that collects an access log about an access made to an external WEB server from a user terminal in an organization such as a company via a network such as the Internet (for example, , See Patent Document 1).
JP 2003-140990 A (first page, FIG. 1 etc.)

  However, the conventional technology has a problem that it is very difficult to easily analyze whether or not the access to the WEB page from the user terminal is appropriate. In particular, it is not possible to determine whether or not the access from the user terminal is appropriate in consideration of the time zone when the access is performed. For example, in a company or the like, there are cases where WEB pages that are determined to be appropriate for user access are different during working hours and outside working hours. However, in the conventional technology, it has not been possible to determine whether or not the WEB page accessed from the user terminal is appropriate according to the time zone.

  The access management device of the present invention accesses a WEB page using a transmission / reception information acquisition unit that acquires information related to information transmitted and received between a user terminal and a server device, and information acquired by the transmission / reception information acquisition unit. An access information acquisition unit that acquires user identification information of a user, access page information that is information about a WEB page that the user is accessing, and access time information that is information about the time of access; It is information indicating time zone designation information that is information for designating two or more time zones, and information associated with each time zone designation information, and information indicating conditions of a WEB page that is inappropriately accessed by the user. An inappropriate page condition information storage unit that can store two or more inappropriate page condition information, and a time indicated by the access time information The inappropriate page condition information associated with the time zone designation information that designates the included time zone is acquired, and the access page information corresponding to the access time information is obtained by using the inappropriate page condition information. An access determination unit that determines whether or not the condition indicated by the information is satisfied, and a user indicated by the user identification information associated with the access page information used for the determination according to the determination result of the access determination unit, An access management device includes an output unit that outputs inappropriate page access information, which is information indicating that inappropriate access has been performed.

  With this configuration, it is possible to easily grasp whether or not access to a WEB page that is inappropriately accessed from the user terminal, which is specified for each time zone, has been performed.

  The access management device of the present invention is a time setting information storage unit in which time setting information that is information for setting a start time and an end time of a time zone indicated by the time zone designation information can be stored in the access management device. The access determination unit detects the time setting information indicating a time zone including a time indicated by the access time information, detects time zone designation information corresponding to the detected time setting information, The inappropriate page condition information associated with the time zone designation information is acquired, and using the inappropriate page condition information, the access page information corresponding to the access time information indicates the condition indicated by the inappropriate page condition information. It is an access management device that determines whether or not the condition is satisfied.

  With this configuration, it is possible to easily grasp whether or not an access to a WEB page that is inappropriately accessed from the user terminal is set for each time zone. Thereby, for example, it is possible to grasp whether or not browsing of a WEB page designated as inappropriate browsing in each time zone has been performed.

  In the access management device of the present invention, in the access management device, the inappropriate page condition information storage unit includes a working time zone that is a working time zone and a non-working time zone that is a non-working time zone. At least two time zone designation information for designating a zone can be stored, and the access determination unit determines that the time zone indicated by the access time information is the working time indicated by the time zone designation information. It is determined whether it is one of non-working time zone or non-working time zone, and when the time zone including the time indicated by the access time information is the working time zone, the time zone designation for designating the working time zone Appropriate page condition information associated with information is acquired, and when the time zone including the time indicated by the access time information is a non-working time zone, it corresponds to the time zone designation information for designating the non-working time zone The access management apparatus acquires acquired inappropriate page condition information and determines whether or not the access page information associated with the access time information satisfies a condition indicated by the acquired inappropriate page condition information .

  With this configuration, it is possible to easily grasp whether or not an access to a WEB page that is inappropriately accessed from the user terminal, which is set for each working time zone and non-working time zone, has been performed. As a result, for example, it is possible to grasp whether or not browsing of a WEB page designated as inappropriate for browsing during work hours has been performed.

  In the access management device of the present invention, in the access management device, attendance time information which is information for designating a start time and an end time of the working time zone and the non-working time zone of the user indicated by the time zone designation information Is further provided with an attendance time information storage section that can be stored in association with user identification information, and the access determination section indicates the access time information using the attendance time information of the user corresponding to the access time information. Detect time attendance information indicating a time zone including time, detect time zone designation information corresponding to the detected time duration information, obtain inappropriate page condition information associated with the time zone designation information, Using the inappropriate page condition information, whether or not the access page information corresponding to the access time information satisfies the condition indicated by the inappropriate page condition information That is an access management device.

  With this configuration, the time zone specified by the time zone specification information by adding or updating the start time and end time for the work time zone and non-work time zone stored in the attendance time information storage unit Can be changed dynamically. For example, the start time and end time of the time zone specified by the work time zone and the non-work time zone can be changed according to the year, month, day, and the work time zone dynamically In addition, the time zone indicated by the non-working time zone can be changed. Accordingly, it is possible to appropriately determine whether or not an inappropriate WEB page has been accessed in accordance with the change in attendance time.

  In the access management apparatus according to the present invention, in the access management apparatus, the inappropriate page condition information is information that specifies a WEB page that requires user authentication as a WEB page condition that is inappropriately accessed. It is page designation information, and the inappropriate page condition information storage unit stores the time zone designation information for designating working hours and the authentication page designation information which is the inappropriate page condition information in association with each other. The access determination unit, when the time zone designation information for designating a time zone including the time indicated by the access time information is time zone designation information for designating a work time zone, The WEB page indicated by the access page information corresponding to the access time information is obtained by using the authentication page designation information. It is determined whether the authentication is a WEB page necessary constant to, improper access is an access management unit for determining whether or not made.

  With this configuration, it is possible to grasp access to a page that requires authentication.

  The access management apparatus according to the present invention further includes an access information storage unit that can store the user identification information, the access page information, and the access time information in association with each other in the access management apparatus. The information acquisition unit accumulates the acquired user identification information, the access page information, and the access time information in the access information storage unit, and the access determination unit is stored in the access information storage unit. The access management device reads out the access page information and the access time information, and determines whether or not inappropriate access has been performed.

  With this configuration, it is possible to determine whether or not inappropriate access to the WEB page has been performed at a timing other than immediately after accessing the WEB page. This makes it possible to collectively determine access.

  In the access management device of the present invention, in the access management device, the inappropriate page condition information is keyword information that is a keyword indicating a keyword that can be included in an inappropriate WEB page, and the access determining unit If the WEB page indicated by the page information includes a character string that matches the keyword indicated by the keyword information, and the WEB page includes a character string that matches the keyword, the condition indicated by the inappropriate page condition information It is an access management device that determines that the above is satisfied.

  With this configuration, an access to a WEB page including a keyword can be detected as an access to an inappropriate page.

  In the access management apparatus of the present invention, in the access management apparatus, the access determination unit includes inappropriate page condition information associated with time zone designation information that designates a time zone including a time indicated by the access time information. And using the inappropriate page condition information, an inappropriate page determining means for determining whether the access page information corresponding to the access time information satisfies a condition indicated by the inappropriate page condition information; Inappropriate degree accumulating means for accumulating the inappropriate degree, which is information indicating the degree of inappropriateness of access, of the WEB page determined to satisfy the condition indicated by the appropriate page condition information for each user identification information, and the user identification Inappropriate degree judgment means for judging whether or not the degree of inappropriateness accumulated for each information exceeds a predetermined level, and the output unit includes When the inappropriate degree determination means determines that the cut degree exceeds a predetermined degree, an inappropriate access is performed by the user indicated by the user identification information associated with the inappropriate degree. This is an access management device that outputs inappropriate page access information indicating this.

  With this configuration, it is possible to grasp a user who has a high degree of access to an inappropriate page.

  In the access management apparatus of the present invention, in the access management apparatus, the inappropriate page condition information storage unit indicates a degree of inappropriateness of the WEB page including the keyword information and the keyword indicated by the keyword information. The degree of inappropriateness that is information can be stored in association with each other, and the access determination unit determines whether or not the keyword indicated by the keyword information is included in the WEB page indicated by the access page information When it is determined by the page determination unit and the inappropriate page determination unit that the keyword indicated by the keyword information is included in the WEB page indicated by the access page information, the inappropriate degree corresponding to the keyword information is determined by the user. Inappropriate degree accumulation means for accumulating for each identification information, and improper degree accumulated for each user identification information, And an inappropriate degree determining means for determining whether or not the specified degree is exceeded, and the output unit determines that the inappropriate degree exceeds a predetermined degree. In this case, the access management apparatus outputs inappropriate page access information indicating that inappropriate access has been performed by the user indicated by the user identification information associated with the inappropriate degree.

  With this configuration, for example, by setting a high inappropriate degree of keyword information that is considered to be included in a highly inappropriate page, the degree of access by a user who accesses a highly inappropriate page is increased. can do. Thereby, for example, it becomes possible to evaluate the inappropriate access of the user according to the inappropriateness of the accessed page.

  Further, the access management apparatus of the present invention specifies at least one notification destination of inappropriate degree range information and inappropriate page access information, which is information for specifying the inappropriate degree degree range in the access management apparatus. A notification information storage unit that can store notification destination information associated with information to be stored, and the output unit includes the inappropriateness degree range information including the inappropriateness degree accumulated by the inappropriateness degree accumulation unit. The access management apparatus acquires corresponding notification destination information and notifies the inappropriate page access information to a notification destination indicated by the acquired notification destination information.

  With this configuration, it is possible to notify information indicating a determination result indicating that inappropriate access has been performed to a notification destination according to the degree of access to an inappropriate page. As a result, for example, inappropriate access can be recognized by an appropriate manager according to the degree of inappropriate access.

  Further, the access management apparatus of the present invention is characterized in that, in the access management apparatus, the access determination unit receives determination timing specification information for specifying a timing for determining inappropriate access, and the determination A determination timing specification information storage unit for storing the determination timing specification information received by the timing specification information reception unit, wherein the access determination unit specifies the determination timing specification information stored by the determination timing specification information storage unit; It is an access management device that judges the inappropriate access at the timing.

  With this configuration, inappropriate access can be determined at a desired timing.

  The access management apparatus according to the present invention includes an inappropriate page designation receiving unit that receives inappropriate page designation information that is information for designating one or more WEB pages that are inappropriately accessed in the access management apparatus, and an inappropriate page. From the inappropriate page information acquisition unit that acquires the information of the WEB page specified by the inappropriate page specification information received by the specification reception unit, and the inappropriate page information that is the information of the WEB page acquired by the inappropriate page information acquisition unit The keyword that can be included in the inappropriate WEB page is acquired, and the keyword information, which is information indicating the keyword, is associated as the inappropriate page condition information with the time zone designation information designated in advance, and the inappropriate page condition The access management apparatus further includes a keyword acquisition unit that accumulates in the information storage unit.

  With this configuration, it is possible to acquire keyword information that is inappropriate page condition information for determining an inappropriately accessed WEB page from information on an inappropriately accessed WEB page. Thereby, for example, it becomes possible to automatically create a database of keyword information.

  In the access management apparatus of the present invention, in the access management apparatus, a specified keyword information receiving unit that receives specified keyword information that is information indicating a keyword indicating an inappropriately accessed WEB page; and the specified keyword information receiving unit includes: Using the received designated keyword information, obtain inappropriate page designation information that is information for designating an inappropriately accessed WEB page, and designate the obtained inappropriate page information as the inappropriate page condition information in advance. And an inappropriate page designation information acquisition unit that accumulates in the inappropriate page condition information storage unit in association with the designated time zone designation information.

  With this configuration, it is possible to acquire inappropriate page designation information, which is inappropriate page condition information for determining an inappropriately accessed WEB page, from information of designated keyword information indicating an inappropriately accessed WEB page. . Thereby, for example, inappropriate page designation information can be automatically made into a database.

  In the access management apparatus of the present invention, in the access management apparatus, the output unit includes: access source terminal information, access destination WEB page information, access start time information, or service provision contents received at the time of access. The access management apparatus outputs the inappropriate page access information further including at least one.

  With this configuration, information indicating a detailed breakdown of inappropriate access can be notified. As a result, for example, it is possible to consider measures to prevent inappropriate access.

  According to the access management apparatus and the like according to the present invention, it is possible to easily grasp the access status from the user terminal of an inappropriate WEB page specified for each time zone.

  Hereinafter, embodiments of an access management apparatus and the like will be described with reference to the drawings. In addition, since the component which attached | subjected the same code | symbol in embodiment performs the same operation | movement, description may be abbreviate | omitted again.

(Embodiment)
FIG. 1 is a block diagram of an information processing system in the present embodiment. The information processing system 10 includes an access management device 1, one or more server devices 3, and one or more user terminals 2.

  One or more server apparatuses 3 and one or more user terminals 2 are connected to each other via a communication line, a network, or the like so as to be able to transmit and receive information. The network is, for example, the Internet or a network such as a wireless or wired LAN. However, the connection method between each apparatus is not ask | required. The information transmission / reception means may be a communication means or a broadcasting means.

  The access management device 1 is arranged so that information transmitted and received between the user terminal 2 and the server device 3 via a network or the like can be acquired. For example, the access management device 1 is connected to a concentrator or relay device such as a router or a hub to which the user terminal 2 is connected, or a firewall device, etc., and information input / output to these devices is acquired, for example, You may make it receive. In addition, a so-called packet capture device (not shown) is provided in the network or communication line between the user terminal 2 and the server device 3, and the access management device 1 obtains and outputs packets and the like acquired by the packet capture device. You may enable it to receive. Further, the access management device 1 is interposed between the user terminal 2 and the communication line or network, and information transmitted from the user terminal 2 to the server device 3 is once input to the access management device 1 and input. The access management apparatus 1 may transmit the processed data to a communication line or a network. In this case, the information transmitted from the server device 3 is once received by the access management device 1, and the received information is transmitted to the user terminal 2. It goes without saying that a so-called intranet server or the like may be provided between one or more user terminals 2 and the network. Further, the network may include other devices such as a DNS server (not shown) in addition to the server device 3 that provides information such as contents such as various WEB pages.

  The user terminal 2 is an information processing terminal used by a user who is a member of one organization, for example. The information processing terminal is, for example, a device that can be connected to a network and can output information transmitted from the server device 3. The information processing terminal is, for example, a computer, a mobile phone, a PDA, or the like. One organization is, for example, a company or an organization. When the user terminal 2 is used, login is usually performed using user identification information or the like. The user terminal 2 is capable of executing software that can be browsed by accessing information that can be provided by the server device 3 such as a WEB browser, for example, a WEB page. The WEB page is, for example, information such as a document provided by a WWW (World Wide Web) system or the like. The WEB page includes, for example, layout information based on text data and HTML (HyperText Markup Language) data, images, sounds, and moving images embedded in the document. A group of one or more WEB pages is called a WEB site. When the user terminal 2 is connected to the server device 3 via the Internet, and the user gives an instruction to display predetermined information that can be provided by the predetermined server device 3 to, for example, a WEB browser of the user terminal 2, the user terminal 2 The terminal 2 transmits an instruction for requesting predetermined information to a predetermined server device 3 through a network such as the Internet. Then, in response to this request, predetermined information transmitted by the predetermined server device 3 is received and output (for example, displayed) to a WEB browser or the like. The user terminals 2 may be connected to each other by, for example, a local network. Since the configuration of the user terminal 2 is a known technique, a detailed description thereof is omitted.

  The server device 3 is a device that provides the user terminal 2 and the like with the functions and data that the device itself has. The server device 3 can be realized by a computer, for example. Specifically, the server device 3 is a WEB server. In addition, if it is a server which can transmit a WEB page, it will be considered here as a WEB server. The server device 3 stores, for example, information for outputting a WEB page composed of HTML data, images, etc., and the Internet or the like in response to a request for software executed on the user terminal 2 such as a WEB browser. Such information is transmitted to the user terminal 2 through the network. Since the configuration of the server device 3 is a known technique, a detailed description thereof is omitted.

  FIG. 2 is a block diagram of the access management apparatus 1 in the present embodiment.

  The access management apparatus 1 includes a transmission / reception information acquisition unit 101, an access information acquisition unit 102, an inappropriate page condition information storage unit 103, an access determination unit 104, an output unit 105, a time setting information storage unit 106, an attendance time information storage unit 107, Access information storage unit 108, determination timing specification information reception unit 109, determination timing specification information storage unit 110, determination timing specification information storage unit 111, notification information storage unit 112, inappropriate page specification reception unit 113, inappropriate page information acquisition unit 114, a keyword acquisition unit 115, a designated keyword information reception unit 116, and an inappropriate page designation information acquisition unit 117.

  The access determination unit 104 includes an inappropriate page determination unit 1041, an inappropriate degree storage unit 1042, an inappropriate degree determination unit 1043, and an inappropriate degree storage unit 1044.

  The transmission / reception information acquisition unit 101 acquires information related to information transmitted / received between one or more user terminals 2 and one or more server devices 3. The information related to information transmitted / received between the one or more user terminals 2 and the one or more server devices 3 may be, for example, the information itself transmitted / received, or what is called information indicating what information is transmitted / received. It may be history information or the like. For example, the transmission / reception information acquisition unit 101 acquires information that is packetized and transmitted / received between one or more user terminals 2 and one or more server devices 3. The transmission / reception information acquisition unit 101 is connected to, for example, a network or communication line in which one or more user terminals 2 and one or more server apparatuses 3 are connected, and the network or communication between the user terminals 2 and the server apparatus 3 is performed. Receives information transmitted and received via a line or the like. The history information described above includes, for example, information for identifying information on a transmitted / received WEB page such as a file name and a URL, information indicating the start and end times of transmission / reception of information, the user terminal 2 that performs transmission / reception, You may have the information which can identify the transmission / reception destination of the user terminal 2 or the server apparatus 3, such as the IP address and URL of the server apparatus 3. Further, it may be information indicating a connection status such as what connection or protocol is used for transmission and reception. Information such as the data size to be transmitted / received and the time of transmission / reception may also be used. The transmission / reception information acquisition unit 101 may be connected to a network or a communication line. The transmission / reception information acquisition unit 101 is connected to, for example, a relay device, a line concentrator, a branch device, a firewall device, or the like provided between one or more user terminals 2 and a communication line or the Internet. Information transmitted and received between the user terminal 2 and the server device 3 may be acquired. Further, it may be connected to the user terminal 2 through a local network, and may receive history information of information transmission / reception performed with the server device 3 transmitted by the user terminal 2. The processing, configuration, and the like for the transmission / reception information acquisition unit 101 to acquire information are known as techniques such as packet capturing, for example. The transmission / reception information acquisition unit 101 can be realized by, for example, a wired or wireless communication unit.

  The access information acquisition unit 102 uses the information acquired by the transmission / reception information acquisition unit 101 to use the user identification information of the user accessing the WEB page and the access page information that is information about the WEB page accessed by the user. And access time information that is information related to the access time. The access in the present embodiment refers to, for example, exchanging information such as information on the WEB page, reading, writing, and the like between the server device 3 in which the WEB page is stored and the user terminal 2. is there. Access to a WEB page may be considered as acquiring information on the WEB page or displaying the acquired information on a browser or the like. The user identification information is information such as a user name, nickname, login name, employee number, or ID number that can be identified by the user. The user identification information may be considered as identification information such as an IP address, a MAC address, and a device name of the user terminal 2 used by the user. The user accessing the WEB page is, for example, a user who uses the user terminal 2 that has transmitted a signal requesting the WEB page. A user accessing the WEB page may be considered as a user browsing the WEB page. In this embodiment, access to a WEB page or the like may be considered as browsing of the WEB page or the like. Normally, the WEB page request information, which is information for requesting a WEB page transmitted from the user terminal 2, includes identification information of the user terminal 2 that is the transmission source of the WEB page request information, such as an IP address and a MAC address. It is. The information on the WEB page transmitted from the server device 3 includes identification information of the user terminal 2 that is the transmission destination of the WEB page. Therefore, the access information acquisition unit 102 manages the identification information of the user terminal 2 in association with the user identification information of the user who uses the user terminal 2, so that the request information and the WEB page The identification information of the user terminal 2 is extracted from the information, and the user identification information corresponding to the identification information of the user terminal 2 is acquired by searching or the like, so that the request information of the user accessing the WEB page, that is, the WEB page is transmitted. It is possible to acquire user identification information that uses the user terminal 2 that has received the information or the user terminal 2 that has received the information on the WEB page. In addition, you may make it use the identification information of the user terminal 2 as user identification information as it is.

  The access page information may be information related to the accessed WEB page. The access page information is information that can identify the page being accessed, for example. The access page information may be, for example, information constituting the WEB page itself such as HTML information or image information, or the URL of the accessed WEB page and the address of the server device 3 that provides the accessed WEB page. Information to be displayed may be, for example, an IP address, information on a directory in which a WEB page is stored, a file name, or the like. Moreover, the information which designates the WEB site containing the accessed WEB page may be sufficient. Alternatively, it may be the title of the web page being accessed. The access information acquisition unit 102 may acquire the access page information from, for example, URL included in the WEB page request information transmitted from the user terminal, IP address information, information indicating a file name, You may acquire from the information of the WEB page which the server apparatus 3 transmits, information, such as an IP address which shows the transmission destination of the said WEB page.

  The access time information may be information related to the access time, and may be, for example, the start time or the end time of access, or information of the time when the user terminal 2 acquires the access page information. Also good. Further, for example, information on the time when the user terminal 2 transmits the WEB page request information may be used, or information on the time when the server device 3 transmits the information on the WEB page may be used. In this case, the access information acquisition unit 102 may extract time information such as a time stamp added to WEB page request information and WEB page information, for example. The access time information includes the time when the transmission / reception information acquisition unit 101 acquires the information of the WEB page transmitted / received between the user terminal 2 and the server device 3 and the WEB page request information, and the access information acquisition unit 102. May be information on the time when the user identification information or the access page information is acquired. In this case, the access information acquisition unit 102 can acquire time information from, for example, a clock unit such as a clock (not shown). Note that the time described here may be considered as a period or a time. The time information described here may include information such as date. The access information acquisition unit 102 may store the acquired user identification information, access page information, and access time information in association with each other in the access information storage unit 108 described later. This accumulation may be considered as temporary storage.

  The access information acquisition unit 102 can be usually realized by an MPU, a memory, or the like. The processing procedure of the access information acquisition unit 102 is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  The inappropriate page condition information storage unit 103 is time zone designation information that is information for designating two or more time zones, and information associated with each time zone designation information, and is inappropriately accessed by the user. Two or more inappropriate page condition information, which is information indicating the condition of a certain WEB page, can be stored. The time zone designation information and the inappropriate page condition information do not necessarily correspond one-to-one. The time zone designation information may be information that can identify the time zone, for example, identification information such as a time zone name. The time zone designation information may be information that can identify the time zone, information that can identify the date, etc., or information that can identify both. The time zone designation information is, for example, information having a name “working time zone” indicating a working time zone or information having a name “non-working time zone” indicating a non-working time zone. Further, it may be information of names such as “AM”, “PM”, and names such as “first time” and “second time”. The time zone designation information may or may not include time information for designating the start time and end time of the time zone. For example, the time zone designation information “working time” may include information of start time “9 o'clock” and time of end time “17:00”, and such time information may be associated with the time zone designation information. These may be stored and managed in a storage unit (not shown). Further, the time zone designation information may be configured by time information such as information combining the start time and the end time of the time zone, specifically “13:00 to 14:00” or the like. The time zone designation information is information that can indicate the start time and end time of the designated time zone, such as a combination of the start time and the duration of the time zone, or a combination of the end time and the duration of the time zone. May be. Information on the time for setting the time zone, for example, information on the time for setting the start time and end time of the time zone is referred to as time setting information here. Also, here, the user's working hours are called working hours, and the non-user's working hours are called non-working hours. In particular, time setting information corresponding to the working hours and non-working hours, for example, Information for setting the start time and end time of the working time zone and the non-working time zone is referred to herein as attendance time information. Note that the time zone designation information referred to here as working hours may be different in name and name as long as it is information that designates a time zone in which the employee is working. For example, working hours may be considered as working hours here. The attendance time information may be either time setting information for working hours or time setting information for non-working hours. This is because if any one of the time setting information is known, the time setting information of the remaining one time zone can be acquired. When the time zone designation information does not include time setting information, the time zone designation information and the information indicating the time of the time zone indicated by the time zone designation information should be managed using other management information that associates the time zone designation information. do it. For example, in this embodiment, it is assumed that the time setting information corresponding to the time zone designation information is stored in the time setting information storage unit 106 described later. Further, in this embodiment, it is assumed that attendance time information in the time setting information is stored in the attendance time information storage unit 107 described later. However, the attendance time information may be accumulated in the time setting information storage unit 106.

  Inappropriate page condition information is a condition of a page that is considered inappropriate for a user to access (for example, browsing) in a time period specified by the corresponding time period specifying information. The inappropriate page condition information may be any condition information as long as it is information indicating a condition for detecting a page that is considered to be inappropriately accessed by the user. The inappropriate page condition information may be any condition as long as an inappropriate web page can be detected as a result. For example, the inappropriate page condition information may be information on a condition for detecting an appropriate web page to be accessed.

  The inappropriate page condition information is, for example, keyword information indicating one or more keywords that can be included in an inappropriately accessed WEB page. Or the information of the keyword contained only in an appropriate WEB page may be sufficient.

  Inappropriate page condition information is an improper page designation that is information for designating the address of the server device 3 storing a page that is considered to be improperly accessed by the user or a WEB site. Information, for example, identification information of the server device 3 such as an IP address, a domain name, a URL, or the like may be used. Further, the inappropriate page designation information may be a file name such as an HTML file or image data that constitutes a page that is considered to be inappropriate to be accessed by the user.

  Inappropriate page condition information is information indicating the attributes of an improper page such as the type, file format, and data size of the data that constitutes a page that is considered inappropriate to be accessed by the user. It may be inappropriate page attribute information. For example, a condition for determining a WEB page in which data of a specific file format is used as an inappropriate page is used as inappropriate page condition information, and a WEB page in which data of a specific file format is arranged is detected as an inappropriate page. You may do it. For example, a WEB page on which image data is arranged may be detected using the condition “WEB page on which image data is arranged” as inappropriate page condition information. By using such inappropriate page condition information, an access determining unit 104 described later detects a page with inappropriate access.

  Further, the inappropriate page condition information may be authentication page designation information that is information for designating a WEB page that requires authentication by a user as a WEB page condition that is inappropriately accessed. The pages that require user authentication include, for example, a WEB page that requires input of a user ID, a password, etc., a page that requires a public key, a private key, etc. for access, and a WEB that transmits and receives encrypted information. It is a WEB page in the WEB site that can be accessed by the page or these inputs. The authentication page designation information may be any information as long as it is information indicating a condition for detecting that access to the authentication page has been performed. The authentication page designation information is, for example, information that designates a WEB page, which is a connection that requires authentication at the time of access, as detection conditions for inappropriate access or inappropriate browsing. Specific detection conditions for a WEB page that is inappropriately accessed include a condition that the WEB page is encrypted and communicated by SSL (Secure Sockets Layer) or the like, or the WEB page is “user ID” or “ It is a condition that a keyword such as “password” is included. In addition, specific detection of a condition that combines the presence of tags for forms such as IDs that are frequently used on authentication pages and the presence of keywords such as “user ID” and “password” It is good as a condition. By using such authentication page designation information, the access determination unit 104 described later detects a page that requires authentication as a page with inappropriate access. These specific detection conditions are stored in advance in a storage unit (not shown) in association with the authentication page designation information, for example.

  There is no limitation on the timing or means for storing inappropriate page condition information. For example, inappropriate page condition information may be stored in advance at the time of product shipment, or may be added, changed, or deleted as appropriate by a user or the like via a reception unit (not shown). In addition, the set of time slot | zone designation | designated information and inappropriate page condition information may be prepared for every group comprised by user identification information or user identification information. The inappropriate page condition information storage unit 103 is preferably a nonvolatile recording medium, but can also be realized by a volatile recording medium.

  The access determination unit 104 detects time zone designation information that designates a time zone including the time indicated by the access time information acquired by the access information acquisition unit 102. And the inappropriate page condition information matched with the detected time slot | zone designation | designated information is acquired. Then, using the acquired inappropriate page condition information, it is determined whether or not the access page information corresponding to the access time information satisfies the condition indicated by the inappropriate page condition information.

  For example, the access determination unit 104 detects time setting information indicating a time zone including a time indicated by each access time information, and detects time zone designation information corresponding to the detected time setting information. Specifically, the access determination unit 104 is stored in time setting information associated with the time zone designation information stored in the inappropriate page condition information storage unit 103 or in a time setting information storage unit 106 described later. The time setting information indicating the time zone including the time indicated by the access time information is detected from the set time setting information, and the time zone designation information corresponding to the detected time setting information is detected. Then, the inappropriate page condition information associated with the detected time zone designation information is acquired from the inappropriate page condition information storage unit 103. Then, access page information corresponding to each access time information acquired by the access information acquisition unit 102 is acquired. Then, it is determined whether each access page information satisfies a condition indicated by inappropriate page condition information corresponding to each access time information read from the inappropriate page condition information storage unit 103. That is, it is determined whether or not the WEB page is an inappropriate page.

  In addition, when the time zone specification information includes information indicating a working time zone or a non-working time zone in particular, the access determination unit 104 uses the time zone designation information to indicate that the time zone indicated by the access time information is a work hour. It is determined whether it is a time zone or a non-working time zone, and if the time zone including the time indicated by the access time information is a working time zone, the time zone designation information that specifies the working time zone If inappropriate page condition information associated with is acquired, and the time zone including the time indicated by the access time information is a non-working time zone, it is associated with the non-working time zone designation information. Get inappropriate page condition information. Then, it is determined whether or not the access page information associated with the access time information satisfies a condition indicated by the acquired inappropriate page condition information.

  For example, when the time zone designation information includes the time zone designation information indicating the working time zone and the non-working time zone, the access determination unit 104 selects the time zone including the time indicated by the access time information acquired by the access information acquisition unit 102. The attendance time information shown is detected, and the time zone designation information corresponding to the detected attendance time information is detected. Specifically, the access determination unit 104 is stored in the attendance time information associated with the time zone designation information stored in the inappropriate page condition information storage unit 103 or in the attendance time information storage unit 107 described later. The attendance time information indicating the time zone including the time indicated by the access time information is detected from the attendance time information, and the time zone designation information corresponding to the detected attendance time information is detected. Then, the inappropriate page condition information associated with the detected time zone designation information is acquired from the inappropriate page condition information storage unit 103. Then, it is determined whether or not the access page information associated with the access time information satisfies a condition indicated by the acquired inappropriate page condition information.

  In particular, when the attendance time information is stored in association with the user identification information, the access information is selected from the attendance time information corresponding to the user identification information corresponding to the access time information acquired by the access information acquisition unit 102. The attendance time information indicating the time zone indicated by the access time information acquired by the acquisition unit 102 is detected. Then, inappropriate page condition information associated with the detected attendance time information is acquired from the inappropriate page condition information storage unit 103. Note that the user corresponding to the access time information is associated with, for example, the user identification information of the user who performed the access for which the access time information is acquired or the user terminal that performed the access when acquiring the access time information. User identification information.

  The access determination unit 104 determines whether or not inappropriate access has been performed, for example, as follows. For example, if the inappropriate page condition information acquired by the access determination unit 104 is a keyword included in an inappropriate page, the WEB page indicated by the access page information includes a character string that matches the keyword indicated by the keyword information. Whether the page is a WEB page is determined by searching or the like. If the WEB page includes a character string that matches the keyword, it is determined that the condition indicated by the inappropriate page condition information is satisfied. That is, it is determined that access (or browsing) of a WEB page with inappropriate access has been performed. If the inappropriate page condition information is an inappropriate page URL, it is determined whether the URL of the web page indicated by the access page information is the URL indicated by the inappropriate page condition information. If the URL matches the URL indicated by the page condition information, it is determined that access (viewing) of an inappropriately accessed WEB page has been performed. The match here may be a complete match or a partial match. For example, in the case of a URL, if the domain names match, it may be considered a match.

  Further, when the inappropriate page condition information is authentication page designation information, the web page indicated by the access page information corresponding to the access time information needs to be authenticated by the authentication page designation information using the authentication page designation information. It may be determined whether or not the WEB page is a proper WEB page, and whether or not inappropriate access has been performed may be determined.

  For example, when the specific detection condition associated with the authentication page designation information is to detect an encrypted page, the connection between the user terminal 2 and the server device 3 is encrypted by SSL or the like. In the case of being performed, it may be determined that a page requiring authentication has been accessed. Specifically, in the case of encrypted communication using http, port number 443 (http protocol over TLS / SSL) is changed by changing from using port number 80 (8080) to communication using https when encrypted communication starts. Since it is used, it is determined whether the communication between the user terminal 2 and the server device 3 is unencrypted communication or encrypted communication by detecting the port number used for communication. Is possible.

  In addition, in a WEB page or WEB site that requires authentication such as login or sign-in, specifically, the input ID, password, and the like are inputted to the server device by a post method of the form, that is, “method =“ post ””. 3 is often transmitted. Therefore, the specific detection condition associated with the authentication page designation information is a condition such as “detect“ method = “post” ”from the access page information”, etc., and the access page information includes “method =” post ”. When “” is detected, it may be determined that a page requiring authentication has been accessed.

  In addition, when the inappropriate page condition information is information search page designation information that designates a WEB page to be searched, the WEB page indicated by the access page information corresponding to the access time information is searched using the search page designation information. It is also possible to determine whether or not an inappropriate access has been made by determining whether or not the WEB page is to be executed. For example, in a WEB page or a WEB site for performing a search, specifically, a search keyword is often transmitted to the server device 3 by a get method, that is, “method =“ get ””. Therefore, the specific detection condition associated with the search page designation information is set as a condition such as “detect“ method = “get” ”from the access page information”, and the access page information includes “method =” get ”. If "" is detected, it may be determined that the WEB page to be searched has been accessed. Note that the search page designation information may be information that designates a WEB page to be searched as a WEB page excluded from inappropriate pages.

As described above, detection of encrypted communication and determination of whether a page accessed by encrypted communication is a WEB page in a WEB site that is inappropriately designated for browsing, If the communication is determined to be encrypted and the communication is encrypted, the access destination by the encrypted communication is determined to be an inappropriate WEB page. The degree of determination as appropriate access may be different. Specifically, the inappropriateness value described later may be increased when the access destination by encrypted communication is an inappropriate WEB page. For example, as the inappropriate page condition information, information specifying that the communication is encrypted and the condition that the communication destination is a WEB page specified in advance is added, and these two conditions are met. In this case, the inappropriateness value may be set to a value higher than the inappropriateness value corresponding to the condition indicating that the communication has been performed simply by encryption. In this case, whether or not the designated WEB page has been accessed is obtained from the header information or the like included in the access page information by acquiring the address information or the like of the information transmission destination WEB page. It can be detected by determining whether the address information of the WEB page is the same as in the second specific example.

  Usually, encrypted communication is often used for the purpose of concealing an individual in order to identify the individual by authentication and to input / output information related to the individual via the WEB page. . In addition, pages that are inappropriate for browsing are often pages that are privately used by individuals and have little relation to business or the like. For this reason, it is considered that there is a higher possibility that the authentication process is performed when encrypted communication is performed on a page that is inappropriately viewed. For this reason, when it is detected that encrypted communication is simply being performed, the degree to which it is determined as inappropriate when encrypted communication is detected in a WEB page where browsing is inappropriate, that is, described later. By increasing the degree of inappropriateness, it is considered that browsing of the authentication page can be detected with high accuracy as a result. In addition, even if the communication is simply encrypted, the value indicating the degree of improperness so that it can be determined as inappropriate access because the administrator does not know what kind of communication is being performed at all. Is preferably given. For the same reason, a value indicating the degree of improperness is given to encrypted communication so that it can be determined that the access is inappropriate regardless of the time of the accessed time. It is preferable.

  Note that the timing at which the access determination unit 104 makes the above determination does not matter. In particular, when the access determination unit 104 reads out access page information and access time information stored in the access information storage unit 108 to determine whether or not inappropriate access has been performed, There is no limitation on the timing, trigger, or the like for determining whether or not it has been performed. For example, the access determination unit 104 may make a determination regularly or irregularly. Further, for example, judgment timing designation information accumulated by a judgment timing designation information accumulation unit 110 described later may be read, and inappropriate access judgment may be performed at the timing designated by the read judgment timing designation information.

  The access determination unit 104 can usually be realized by an MPU, a memory, or the like. The processing procedure of the access determination unit 104 is usually realized by software, and the software is recorded in a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  Note that whether or not an inappropriate WEB page has been accessed may be determined for each access to an inappropriate WEB page. Here, however, the access determination unit 104 determines that an inappropriate page has been accessed. Means 1041, inappropriate degree storage means 1042, and inappropriate degree judgment means 1043, and indicates the degree of inappropriateness for each user by using one or more results of accessing an inappropriate WEB page. A case will be described in which an inappropriate degree is calculated and it is determined whether or not an inappropriate WEB page has been accessed using the inappropriate degree.

  The inappropriate page determination unit 1041 acquires inappropriate page condition information associated with time zone designation information that designates a time zone including the time indicated by the access time information, and accesses the page using the inappropriate page condition information. It is determined whether or not the access page information corresponding to the time information satisfies the condition indicated by the inappropriate page condition information. For example, when the inappropriate page condition information is keyword information, the inappropriate page determination unit 1041 determines whether or not the keyword indicated by the keyword information is included in the WEB page indicated by the access page information. In this case, the process performed by the inappropriate page determination unit 1041 may be considered as a process of searching for a character string that matches the keyword indicated by the keyword information. Note that the process for acquiring inappropriate page condition information performed by the inappropriate page determination unit 1041 and the determination of whether the access page information satisfies the inappropriate page condition information are performed by the access determination unit 104 as described above. Since the process is similar to the process for obtaining inappropriate page condition information and the process for determining whether the access page information satisfies the inappropriate page condition information, the description thereof is omitted here. The inappropriate page determination unit 1041 can usually be realized by an MPU, a memory, or the like. The processing procedure of the inappropriate page determination unit 1041 is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  The inappropriateness accumulation unit 1042 indicates the inappropriateness level, which is information indicating the degree of inappropriateness of access, of the WEB page determined to be inappropriately accessed by the inappropriate page determination unit 1041. The information is stored in a storage unit (not shown) or the like for each user identification information corresponding to the user who has accessed. Here, the case where it accumulates in the inappropriate degree storage means 1044 is demonstrated as an example. Specifically, the inappropriate degree accumulation unit 1042 accumulates the inappropriate degree for each user identification information. Specifically, the user identification information corresponding to the user who accessed the WEB page is the user acquired by the access information acquisition unit 102 corresponding to the access page information used to determine whether or not the access determination unit 104 is inappropriate. Identification information. The inappropriateness is, for example, a score represented by a numerical value or the like. The value indicating the inappropriateness is, for example, a value that increases or decreases as the degree of inappropriateness of access increases. As described above, the inappropriate degree accumulated for each user identification information is referred to as a cumulative inappropriate degree here.

  Specifically, for example, a value indicating the inappropriate degree is assigned to the inappropriate page condition information in advance, and the inappropriate degree storage unit 1042 sets the condition indicated by the inappropriate page condition information for the accessed WEB page. When it is determined that the condition is satisfied, the inappropriateness level value associated with the inappropriate page condition information used for the determination is acquired, and is stored, that is, accumulated for each user identification information. When assigning a value indicating the degree of inappropriateness to inappropriate page condition information in advance, a value may be assigned such that the value becomes higher or lower as the condition of inappropriateness of access is higher. . Such an inappropriate degree value is stored in advance in the inappropriate page condition information storage unit 103 or the like in association with inappropriate page condition information, for example.

  For example, in the case where the inappropriate page condition information is an inappropriate WEB page URL, an inappropriate level value is assigned in advance to each URL of the inappropriate WEB page, that is, associated with the inappropriate page determination. When the means 1041 determines that the WEB page indicated by the access page information is the WEB page of the URL indicated by the inappropriate page condition information, the inappropriate degree assigned to the URL is stored for each user identification information. You may do it.

  Also, for example, when the inappropriate page condition information is keyword information indicating a keyword that can be included in an inappropriate WEB page, the inappropriate page determination unit 1041 determines that the WEB page indicated by the access page information has the keyword information. When it is determined that the keyword to be included is included, an inappropriate degree corresponding to the keyword information may be accumulated for each user identification information. Specifically, the degree of inappropriateness of the WEB page including the keyword indicated by each keyword information is assigned in advance for each keyword information, and the WEB page indicated by the access page information includes the keyword indicated by any of the keyword information. In this case, the inappropriateness assigned to the keyword information corresponding to the keyword included in this WEB page is accumulated, that is, accumulated for each user identification information. At this time, when a plurality of keywords are included in one WEB page, a value obtained by accumulating all the inappropriateness levels assigned to these keywords may be accumulated for each user identification information. Of these, the degree of inappropriateness assigned to the keyword with the highest degree of inappropriateness or the keyword with the highest number of appearances may be accumulated for each user identification information.

  Further, the inappropriateness level may not be assigned to the WEB page or the inappropriate page condition information, and the inappropriateness level may be increased by “1” when the inappropriate WEB page access is detected. The inappropriateness value accumulated and accumulated as described above indicates the degree of inappropriate access by the user, that is, the final inappropriateness of the user.

  In this embodiment, the inappropriate page condition information storage unit 103 associates keyword information with an inappropriate degree that is information indicating the degree of inappropriateness of a WEB page including the keyword indicated by the keyword information. When the WEB page indicated by the access page information is a WEB page including the keyword indicated by any of the keyword information, the inappropriateness assigned to the keyword information included in the WEB page is determined as follows: A case of accumulation by user identification information will be described as an example.

  The inappropriateness accumulating means 1042 can usually be realized by an MPU, a memory, or the like. The processing procedure of the inappropriateness accumulating means 1042 is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  The inappropriate degree determination unit 1043 determines whether or not the inappropriate degree accumulated for each user identification information, here, the cumulative inappropriate degree has exceeded a predetermined level. The determination as to whether or not the degree specified in advance has been exceeded is made based on, for example, whether or not the value indicating the degree specified in advance exceeds the value of the cumulative inappropriateness. The value indicating the degree designated in advance is stored in advance in a storage unit (not shown) such as a storage medium, for example. A value indicating the degree designated in advance may be considered as a threshold value. For example, when the inappropriate degree is indicated by a value, the inappropriate degree determining unit 1043 compares the value of the cumulative inappropriate degree with a value indicating the degree designated in advance by the user or the like, and the cumulative inappropriate degree is a threshold value. Judge whether or not Then, the determination result is output. The inappropriateness determination means 1043 can usually be realized by an MPU, a memory, or the like. The processing procedure of the inappropriateness determination means 1043 is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  The inappropriateness storage unit 1044 stores the inappropriateness value in association with the user identification information. The accumulated inappropriate degree may be a cumulative inappropriate degree value. The inappropriateness storage unit 1044 can be realized by, for example, a volatile storage medium or a nonvolatile storage medium.

  The output unit 105 is information indicating that inappropriate access has been performed by the user indicated by the user identification information associated with the access page information used for the determination according to the determination result of the access determination unit 104 Output inappropriate page access information. “According to the determination result” may be considered to directly correspond to the determination result of whether or not the condition indicated by the inappropriate page condition information by the access determination unit 104 is satisfied, or may correspond indirectly. You may think that. For example, when the access determination unit 104 determines that the condition indicated by the inappropriate page condition information is satisfied, an inappropriate access is made by the user indicated by the user identification information associated with the access page information used for the determination. Inappropriate page access information, which is information indicating what has been done, is output. For example, when the access determination unit 104 determines whether or not inappropriate access has been performed using the determination result of whether or not the condition indicated by the inappropriate page condition information is satisfied, the access determination If the determination result of the section 104 is a determination result indicating that an inappropriate access has been performed, inappropriate access is performed by the user indicated by the user identification information associated with the access page information used for the determination. Inappropriate page access information, which is information indicating that has been performed, may be output. Specifically, the access determination unit 104 sets the inappropriateness level when the inappropriateness level determination unit 1043 determines that the inappropriateness level stored for each user identification information exceeds a predetermined level. Inappropriate page access information that is information indicating that inappropriate access has been performed by the user indicated by the associated user identification information may be output. Specifically, the inappropriate degree here is the cumulative inappropriate degree described above.

  As a result, the inappropriate page access information may be any information as long as it can indicate that inappropriate access has been performed. For example, user identification information such as a user name determined to have performed inappropriate access may be simply output as inappropriate page access information. A message indicating that an inappropriate page has been accessed may be included. Further, information indicating a WEB page to be inappropriately accessed, for example, information indicating a URL, title, contents, data size, etc. of the WEB page, date and time when inappropriate access was performed, and the like may be included. Moreover, you may make it include the information of the inappropriate degree mentioned above. Further, inappropriate page condition information used when it is determined that access is inappropriate may be included. In addition, the output unit 105 displays terminal information, which is information of the user terminal 2 that is the access source to the WEB page at the time of access, information on the WEB page of the access destination, information on the access start time, or service provision contents received at the time of access Inappropriate page access information including at least one of the above may be output. The service provision content is, for example, a function of software provided from the server device 3 or a server that provides an application via a network. The information on the service provision content is included, for example, by determining whether or not the name of the service designated in advance is included in the data of the WEB page indicated by the access page information stored in the access information storage unit 108. In this case, it may be determined that a service corresponding to the name is provided. Further, the service provision content may be determined based on port information such as a used port number through which information is transmitted and received, a protocol such as http or ftp used. The terminal information is, for example, the IP address, MAC address, or device name of the user terminal 2. The terminal information may be considered as identification information of the user terminal 2. Such information may be acquired from, for example, access page information acquired by the access information acquisition unit 102 stored in the access information storage unit 108 or the like. In addition, information necessary as inappropriate page access information may be acquired in advance by the access information acquisition unit 102 and accumulated in the access information storage unit 108 when the WEB page is accessed.

  The timing at which the output unit 105 performs output does not matter. For example, the output may be output when the access determination unit 104 makes a determination. When the output unit 105 notifies, for example, transmission of inappropriate page access information to an external device via a network or the like, information indicating a notification destination corresponding to the inappropriate degree accumulated by the inappropriate degree accumulating unit 1042 May be acquired, and inappropriate page access information may be notified to the notification destination indicated by the acquired notification destination information. In this way, inappropriate page access information can be notified to an appropriate notification destination corresponding to the degree of inappropriateness. Note that the notification destination information is, for example, address information that is information specifying a destination, such as an IP address, a MAC address, or a mail address, of another device that is a notification destination.

  In this embodiment, as an example, in the notification information storage unit 112, which will be described later, one or more notification destinations of inappropriate degree range information, which is information for specifying a range of the degree of inappropriate degree, and inappropriate page access information Is stored in advance, and the output unit 105 corresponds to the inappropriateness range information including the inappropriateness accumulated by the inappropriateness accumulating means 1042. A case will be described in which notification destination information is acquired and inappropriate page access information is notified to the notification destination indicated by the acquired notification destination information.

  Inappropriateness degree range information specifies the upper and lower limits as a result, such as information specifying the upper and lower limits of improperness, or a combination of the upper limit (or lower limit) and information indicating the range of values. It is possible information. Note that the inappropriateness range information may be only one value. The inappropriate degree range information including the inappropriate degree is inappropriate degree range information indicating a range of values including a value indicated by the inappropriate degree.

  The output described here refers to display on a display, projection using a projector, printing on a printer, sound output, transmission to an external device, storage on a recording medium, and output to other processing devices or other programs. It is a concept including delivery of processing results. The transmission to the external device may be e-mail, for example. The output unit 105 may or may not include an output device such as a display or a printer. The output unit 105 can be implemented by output device driver software, or output device driver software and an output device.

  The time setting information storage unit 106 can store one or more pieces of time setting information associated with the time zone designation information. For example, the corresponding time zone designation information and time setting information are stored as one record item. If there are only two types of time zone designation information, only the time setting information corresponding to one of the time zone designation information may be stored in the time setting information storage unit 106. In this case, it is possible to determine that the time zone other than the time zone set by the time setting information is a time zone corresponding to the remaining time zone designation information. By managing the time setting information and the time zone designation information individually as described above, the time setting information can be dynamically changed without changing the time zone designation information. The time setting information storage unit 106 is preferably a non-volatile recording medium, but can also be realized by a volatile recording medium.

  The attendance time information storage unit 107 stores one or more attendance time information associated with the time zone designation information indicating the work time zone and the non-working time zone. In particular, the attendance time information may be stored in association with the user identification information as described above. For example, corresponding time zone designation information and attendance time information are stored as items of one record. If there is only time zone specification information corresponding to working hours and non-working hours, only time information corresponding to either working hours or non-working hours is stored in the attendance time information storage unit 107. You may be made to do. In this case, it is possible to determine that the time zone other than the time zone set by the attendance time information is a time zone corresponding to the remaining time zone designation information. The attendance time information storage unit 107 may be linked to a database or the like for managing attendance information of employees or members of the company or organization. Or when the database which manages time information is updated, the update part etc. which are not illustrated may update time information stored in the time information storage part 107 with the updated information. In addition, the attendance time information storage unit 107 includes a time recorder (not shown) that records, for example, user entry / exit times and office hours using a time card, a card having an IC card and an RFID tag, a magnetic tape, and the like. It is connected to an entry / exit recording device (not shown) that records user entry / exit times, office hours, etc. using a type of card, etc., and these devices start the work hours obtained for each user The attendance time information such as time and end time may be accumulated in the attendance time information storage unit 107. By doing in this way, attendance time information can be changed dynamically. The attendance time information storage unit 107 is preferably a non-volatile recording medium, but can also be realized by a volatile recording medium. The attendance time information storage unit 107 may be integrated with the time setting information storage unit 106.

  The access information storage unit 108 stores user identification information, access page information, and access time information acquired by the access information acquisition unit 102. For example, user identification information, access page information, and access time information acquired in accessing one WEB page are stored in association with each other. The access information storage unit 108 is preferably a non-volatile recording medium, but can also be realized by a volatile recording medium.

  The determination timing specification information receiving unit 109 receives determination timing specification information that is information for specifying the timing at which the access determination unit 104 determines whether or not an inappropriate page has been accessed. The judgment timing designation information is information for designating a date and time for making a judgment, such as a date, a date and time, or a day of the week. For example, information specifying “17:00 every Friday” or the like. Further, the determination timing designation information may be information that designates a cycle for performing the determination, such as a 12-hour interval or a 2-day interval. In these cases, the judgment timing designation information may be considered as information for designating a schedule for making a judgment. Further, the determination timing designation information may be a trigger for making a determination. For example, it may be specified that the determination is made with the access management device 1 being activated as a trigger. The reception described here is, for example, reception from an input unit, reception of an input signal transmitted from another device, reading of information from a recording medium, or the like. The judgment timing designation information can be input using a numeric keypad, a keyboard, a mouse, a menu screen, etc. Can be realized.

  The judgment timing designation information accumulating unit 110 accumulates the judgment timing designation information received by the judgment timing designation information receiving unit 109 in a storage medium (not shown). Here, as an example, the information is stored in the determination timing designation information storage unit 111. The determination timing designation information accumulating unit 110 can be usually realized by an MPU, a memory or the like. The processing procedure of the determination timing designation information storage unit 110 is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  The judgment timing designation information storage unit 111 can store judgment timing designation information. The determination timing designation information storage unit 111 is realized by, for example, a volatile recording medium or a non-volatile recording medium.

  The notification information storage unit 112 corresponds to the above-described improperness degree range information, which is information specifying the degree of inappropriateness degree, and information specifying one or more notification destinations of inappropriate page access information. The attached notification destination information is stored. The inappropriateness range information may be considered as information for setting the inappropriateness level, for example. Further, the notification destination information may be information specifying a notification destination corresponding to the level of inappropriateness indicated by the inappropriateness range information. The notification information storage unit 112 is preferably a non-volatile recording medium, but can also be realized by a volatile recording medium.

  The improper page designation receiving unit 113 accepts improper page designation information that is information for designating one or more WEB pages that are inappropriately accessed. As a result, the inappropriate page designation information may be information that can designate one or more WEB pages that are inappropriately accessed. For example, a WEB site or server device that includes one or more WEB pages that are inappropriately accessed. Information that can specify 3 may be used. The inappropriate page designation information is, for example, an address such as a URL or an IP address indicating the location of one or more WEB pages that are inappropriately accessed, a WEB site having a WEB page, the server device 3 that provides the WEB page, and the like. Information. The inappropriate page designation receiving unit 113 may accept inappropriate page designation information by any route or means. For example, the inappropriate page designation receiving unit 113 may receive inappropriate page designation information input by a user or the like. When the access determination unit 104 determines that the WEB page indicated by the access page information does not satisfy the inappropriate page condition information, the WEB page designation information of the WEB page indicated by the access page information is obtained from the access determination unit 104 or the like. You may make it accept. The reception described here is, for example, reception from an input unit, reception of an input signal transmitted from another device, reading of information from a recording medium, or the like. The input means for the inappropriate page designation information may be anything such as a numeric keypad, keyboard, mouse or menu screen. It can be realized by a device driver for input means such as a numeric keypad and a keyboard, control software for a menu screen, and the like.

  The inappropriate page information acquisition unit 114 acquires information on the WEB page specified by the inappropriate page specification information received by the inappropriate page specification reception unit 113. For example, the inappropriate page information acquisition unit 114 acquires address information or the like indicating the location of a URL or the like of an inappropriate page specified by the inappropriate page specification information, and sends it to the server device 3 corresponding to the address information. Thus, an instruction for requesting a WEB page with inappropriate access specified by the inappropriate page specification information is transmitted, and information constituting the WEB page transmitted by the server apparatus 3 is acquired in accordance with the instruction. The information on the WEB page that is inappropriately acquired by the inappropriate page information acquisition unit 114 is accumulated in, for example, a storage unit (not shown) by the inappropriate page information acquisition unit 114. The inappropriate page information acquisition unit 114 can be usually realized by an MPU, a memory, or the like. The processing procedure of the inappropriate page information acquisition unit 114 is usually realized by software, and the software is recorded in a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit). The inappropriate page information acquisition unit 114 may include transmission / reception means for acquiring information on the WEB page via the Internet or the like, or a transmission / reception unit (not shown) when acquiring the information on the WEB page. Etc. may be used.

  The keyword acquisition unit 115 acquires a keyword that an inappropriate WEB page can include in the WEB page from the inappropriate page information that is information of the WEB page acquired by the inappropriate page information acquisition unit 114, and indicates the keyword The keyword information, which is information, is stored in the inappropriate page condition information storage unit 103 in association with time zone designation information designated in advance. In addition, the time zone designation information designated in advance may be designated in advance, for example, as “working hours”, or when the inappropriate page designation receiving unit 113 accepts inappropriate page designation information. May be accepted. In this case, the keyword information acquired according to the inappropriate page designation information may be accumulated in association with the time zone designation information received when the inappropriate page designation information is received. For example, the keyword acquisition unit 115 acquires keyword information by performing natural language processing on the text constituting the WEB page acquired by the inappropriate page information acquisition unit 114. For example, the part of speech or the utilization form is determined by morphological analysis for the words constituting the text of the WEB page acquired by the inappropriate page information acquisition unit 114. Then, a phrase whose part of speech is a noun or a verb is detected, and a phrase having a high appearance frequency in the WEB page, for example, a phrase having an appearance frequency equal to or higher than a threshold is indicated as an inappropriate page. Get as a keyword. Moreover, you may acquire the phrase of the noun which appears in common in the some WEB page designated beforehand as a keyword which shows an inappropriate page. Alternatively, a phrase whose part of speech is a noun among words or phrases that constitute an element to which a predetermined tag such as the <H1> tag in the information of the WEB page acquired by the inappropriate page information acquisition unit 114 is given. , May be acquired as a keyword. The keyword and the keyword information may be the same information. In addition, a keyword used for an appropriate page is prepared in advance in a storage unit (not shown), and the predetermined part-of-speech phrase detected from the text constituting the WEB page acquired by the inappropriate page information acquisition unit 114 A phrase that excludes a keyword used for an appropriate page may be acquired as a keyword indicating an inappropriate page. Note that an inappropriate WEB page keyword may be acquired from the source code of an inappropriate WEB page. For example, information indicating a specific tag may be acquired as keyword information.

  A technique for specifying a word part of speech, a basic form of a verb, and a utilization form is known as a technique such as morphological analysis. As a morphological analysis system, in the case of Japanese, for example, “ChaSen” (http://chasen.naist.jp) developed at Nara Institute of Science and Technology is known. In the case of English, examples of software that gives parts of speech to English words include “TnT” (http://www.coli.uni-saarland.de/˜thorsen/tnt/) and “Brill Tagger” ( http://www.cs.jhu.edu/˜brill/) and the like are known. See, for example, the following document for the Brill technique. “Literature: Eric Brill,“ Transformation-Based Error-Driving Learning and Natural Language Processing: A Case Study in Part-of-Speech Tagging, Computational Ls. ” 21, no. 4, p. 543-565, 1995 ".

  The designated keyword information accepting unit 116 accepts designated keyword information that is information indicating a keyword indicating an inappropriately accessed WEB page. The keyword described here is a keyword that can be included in a page with inappropriate access. This designated keyword information may be considered to be the same as or different from the keyword information that is the inappropriate page condition information described above. However, it is preferable that the designated keyword information is keyword information that can search for the location of a WEB page that is inappropriately accessed, specifically, address information, a file name, and the like, using a so-called search engine or the like. The process and timing of receiving the keyword by the designated keyword information receiving unit 116 does not matter. The designated keyword information received by the designated keyword information receiving unit 116 is accumulated in, for example, a storage unit configured by a storage medium (not shown) or the like. The designated keyword information may be a keyword of a character string included in the source code of the WEB page. The designated keyword information accepting unit 116 may accept the designated keyword information by any route or means. For example, the designated keyword information accepting unit 116 may accept designated keyword information input by a user or the like. Further, the keyword information acquired by the keyword acquisition unit 115 may be received as designated keyword information. The reception described here is, for example, reception from an input unit, reception of an input signal transmitted from another device, reading of information from a recording medium, or the like. The input means for the designated keyword information may be anything such as a numeric keypad, a keyboard, a mouse, or a menu screen. The designated keyword information receiving unit 116 can be realized by a device driver of an input unit such as a numeric keypad or a keyboard, control software for a menu screen, or the like.

  The inappropriate page designation information acquisition unit 117 uses the designated keyword information received by the designated keyword information reception unit 116 to acquire inappropriate page designation information that is information for designating an inappropriately accessed WEB page. The inappropriate page designation information is stored in the inappropriate page condition information storage unit 103 as inappropriate page condition information in association with pre-designated time zone designation information. The inappropriate page designation information acquired by the inappropriate page designation information acquisition unit 117 may be considered as the same information as the inappropriate page designation information received by the inappropriate page designation receiving unit 113. The inappropriate page designation information acquired by the inappropriate page designation information acquisition unit 117 may be particularly called acquisition inappropriate page designation information. Specifically, the inappropriate page designation information acquisition unit 117 inputs the designation keyword information received by the designation keyword information reception unit 116 to a search engine or the like, and searches the WEB page to obtain the designation keyword information. The URL of the appropriate WEB page, the title of the WEB page, and the like are acquired as inappropriate page designation information. At this time, for example, only information up to a predetermined hierarchy delimited by “/” (slash) of the URL may be acquired as inappropriate page designation information. For example, when the acquired URL is “http: // domain name / jp / index.html”, only “http: // domain name /” may be acquired as inappropriate page designation information. Further, it may be obtained by excluding character strings common to URLs such as “http: //”. Then, the acquired inappropriate page designation information is stored in the inappropriate page condition information storage unit 103 in association with time zone designation information designated in advance. The time zone designation information designated in advance may be designated in advance, for example, “working hours zone”, or the like, and the designated keyword information receiving unit 116 accepts it in association with the designated keyword information. Also good. In this case, the inappropriate page designation information received in association with the designated keyword information may be accumulated in association with the time zone designation information associated with the designation keyword information. Moreover, the time zone designation information designated in advance may be appropriately received from a reception unit (not shown) or the like and stored in a storage unit (not shown). The inappropriate page designation information acquisition unit 117 can usually be realized by an MPU, a memory, or the like. The processing procedure of the inappropriate page designation information acquisition unit 117 is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit). The inappropriate page designation information acquisition unit 117 may include a transmission / reception means for acquiring inappropriate page designation information via the Internet or the like. You may make it utilize the transmission / reception part etc. which do not.

  Next, the operation of the access management apparatus will be described using the flowchart of FIG.

  (Step S <b> 301) The transmission / reception information acquisition unit 101 determines whether information related to information transmitted / received between the user terminal 2 and the server device 3 has been acquired. If acquired, the process proceeds to step S302. If not acquired, the process proceeds to step S308.

  (Step S302) The access information acquisition unit 102 acquires access page information, user identification information, and access time information from the information acquired in Step S301. The acquired information is stored in the access information storage unit 108 in association with access page information, user identification information, and access time information.

  (Step S <b> 303) The access determination unit 104 determines whether or not an inappropriate page access specified by the determination timing specification information stored in advance in the determination timing specification information storage unit 111 has been performed. It is determined whether it is time to perform. The current time information is acquired from, for example, a clock (not shown). When it is time to make a determination, the process proceeds to step S304, and when it is not time, the process returns to step S301.

  (Step S304) The access management device 1 performs an access determination process. Details of this process will be described later.

  (Step S305) The output unit 105 determines whether or not a determination result indicating that inappropriate access has been performed is obtained in step S304. If the determination result is obtained, the process proceeds to step S306. If not, the process returns to step S301.

  (Step S306) The output unit 105 determines whether or not the access determination unit 104 has performed inappropriate access for each piece of user identification information that has been determined to have been accessed inappropriately in Step S304. Acquire the cumulative inappropriateness used in the event. Then, using the acquired cumulative inappropriate degree as a search key, information indicating a notification destination of page access information corresponding to the cumulative inappropriate degree is acquired from the notification information storage unit 112.

  (Step S307) The output unit 105 receives information indicating that the user indicated by each user identification information has made an inappropriate access to the notification destination indicated by the notification destination information for each user identification information acquired in Step S306. Output, for example send. When information indicating that inappropriate access has been performed for a plurality of users is output to the same notification destination, the information may be output as a single piece of information. Then, the process returns to step S301.

  (Step S308) The inappropriate page designation receiving unit 113 receives inappropriate page designation information for designating a page that is inappropriately accessed.

  (Step S309) The inappropriate page information acquisition unit 114 acquires information on the WEB page corresponding to the inappropriate page designation information received in Step S308 via a network or the like. For example, a signal requesting transmission of WEB page information is transmitted to the destination server apparatus 3 designated by the inappropriate page designation information. And the information of the WEB page transmitted in response to this request is received.

  (Step S310) The keyword acquisition unit 115 acquires keyword information indicating an inappropriately accessed page from the information on the WEB page acquired in Step S309. For example, keyword information is acquired using natural language processing or the like.

  (Step S311) The keyword acquisition unit 115 stores the keyword information acquired in Step S310 in the inappropriate page condition information storage unit 103 in association with the time zone specification information specified in advance. The accumulation here may be an update or an additional write. In step S308, the time zone designation information may be received together with the inappropriate page designation information, and the time zone designation information and the keyword information acquired by the keyword acquisition unit 115 may be stored in association with each other. Then, the process returns to step S301.

  (Step S312) The designated keyword information accepting unit 116 determines whether designated keyword information has been accepted. If the designated keyword information is accepted, the process proceeds to step S313, and if not, the process proceeds to step S315.

  (Step S313) The inappropriate page designation information acquisition unit 117 acquires inappropriate page designation information corresponding to the designated keyword information received in Step S312. For example, a search is performed by inputting a keyword indicated by designated keyword information into a so-called search engine designated in advance, and a URL or the like obtained from the search result is acquired as inappropriate page designation information.

  (Step S314) The inappropriate page designation information acquisition unit 117 stores the inappropriate page designation information acquired in Step S313 in the inappropriate page condition information storage unit 103 in association with the time zone designation information designated in advance. . The accumulation here may be an update or an additional write. In step S312, the time zone designation information is received together with the designated keyword information, and the time zone designation information and the inappropriate page designation information acquired by the inappropriate page designation information acquisition unit 117 are stored in association with each other. Anyway. Then, the process returns to step S301.

  (Step S315) The judgment timing designation information accepting unit 109 judges whether judgment timing designation information has been accepted. If accepted, the process proceeds to step S316. If not accepted, the process returns to step S301.

  (Step S316) The judgment timing specification information storage unit 110 stores the judgment timing specification information received in step S315 in the judgment timing specification information storage unit 110. If already stored, it may be added or overwritten. Then, the process returns to step S301.

  In the flowchart of FIG. 3, the process ends when the power is turned off or the process is terminated.

  Next, the details of the access determination process described in step S304 of FIG. 3 will be described using the flowchart of FIG. Here, as an example, a case will be described in which inappropriate page condition information corresponding to time zone designation information indicating a working time zone and a non-working time zone is stored in advance in the inappropriate page condition information storage unit 103. .

  (Step S401) The access determination unit 104 substitutes 1 for a counter n.

  (Step S402) The access determination unit 104 reads n-th access information stored in association with the access information storage unit 108, that is, n-th access page information, user identification information, and access time information. The read information is temporarily stored in a memory (not shown).

  (Step S <b> 403) The inappropriate page determination unit 1041 of the access determination unit 104 includes a time indicated by the n-th access time information from one or more time information stored in the time information storage unit 107. The attendance time information indicating the belt is detected. In particular, the attendance time information indicating the time zone including the time indicated by the nth access time information is selected from the attendance time information corresponding to the nth user identification information stored in the attendance time information storage unit 107. To detect.

  (Step S404) The inappropriate page determination unit 1041 reads the time zone designation information corresponding to the attendance time information read in Step S403 from the attendance time information storage unit 107.

  (Step S405) The inappropriate page determination unit 1041 reads one or more inappropriate page condition information corresponding to the time zone designation information read in Step S404 from the inappropriate page condition information storage unit 103, and the nth access page. It is determined whether the WEB page indicated by the information satisfies the condition indicated by the inappropriate page condition information. If the condition is satisfied, the process proceeds to step S406. If the condition is not satisfied, the process proceeds to step S407. Note that the inappropriate page condition information may be information indicating a WEB page to which access is appropriate. In this case, if the condition indicated by the inappropriate page condition information is not satisfied, the process proceeds to step S407 and the condition is not satisfied. In such a case, the process may proceed to step S406.

  (Step S406) The inappropriate degree storage unit 1042 stores the inappropriate degree in the inappropriate degree storage unit 1044 in association with the nth user identification information. For example, a new inappropriate degree is added to the already stored inappropriate degree. When the inappropriateness value is associated with, for example, inappropriate page condition information, the inappropriateness storage unit 1042 acquires and stores the inappropriateness associated with the inappropriate page condition information. May be. In addition, when a plurality of inappropriate page condition information is prepared, all the inappropriateness levels corresponding to the inappropriate page condition information satisfying the condition may be accumulated, or only a part of the inappropriate page condition information may be stored. Only the largest one or one having a high priority specified in advance may be accumulated. For example, when one or more inappropriate page condition information is keyword information, and an inappropriateness level is assigned to each keyword information, a page indicated by access page information includes a keyword indicated by two or more keyword information If it is determined, it may be possible to accumulate all of the inappropriateness assigned to each keyword information, or only a part of them, for example, only those with the largest value or those with a high priority specified in advance. , And may be stored in association with the nth user identification information.

  (Step S407) The access determination unit 104 increments the value of the counter n by 1.

  (Step S <b> 408) The access determination unit 104 determines whether or not the nth access information is stored in the access information storage unit 108. If it is stored, the process returns to step S402, and if it is not stored, the process proceeds to step S409.

  (Step S409) The access determination unit 104 assigns 1 to the counter m.

  (Step S410) The inappropriate degree determination unit 1043 reads the cumulative inappropriate degree of the mth user from the inappropriate degree storage unit 1044. If one or more inappropriate degrees are not accumulated but are simply accumulated, these inappropriate degrees are accumulated.

  (Step S411) The inappropriate degree determination unit 1043 determines whether or not the cumulative inappropriate degree is larger than a predetermined value designated in advance. If so, the process proceeds to step S412, and if not, the process proceeds to step S413.

  (Step S412) The inappropriate degree determination means 1043 obtains a determination result indicating that inappropriate access is performed by the m-th user.

  (Step S413) The access determination unit 104 determines whether or not the inappropriate degree storage unit 1044 stores a cumulative inappropriate degree corresponding to the mth user identification information. If there is, the process returns to step S410, and if not, the determination result acquired in step S412 is returned to the upper process.

  In the flowchart of FIG. 4, the attendance time information indicating the time zone including the time indicated by the nth access time information is detected from the attendance time information stored in the attendance time information storage unit 107 in step S403 and the like. Explained when to do. However, when the inappropriate page condition information is not particularly associated with the working time zone and the non-working time zone, the nth access time information is obtained from the time setting information stored in the time setting information storage unit 106. The time setting information indicating the time zone including the time indicated by may be detected. In this case, inappropriate page condition information corresponding to this time setting information may be acquired.

  In the flowchart of FIG. 4, the process ends when the power is turned off or the process ends.

  Hereinafter, a specific operation of the access management apparatus according to the present embodiment will be described. FIG. 1 is a conceptual diagram of an information processing system provided with the access management device 1. Here, as an example, it is assumed that the user terminal 2 and the access management apparatus 1 are connected via a local network, and that the local net is connected to the Internet via a router or the like (not shown). Further, in this specific example, the time setting information storage unit 106 is omitted in order to describe the case where attendance time information is used as the time setting information.

(Specific example 1) When inappropriate page condition information is keyword information First, the case where inappropriate page condition information is keyword information is demonstrated. FIG. 5 shows inappropriate page condition information stored in advance in the inappropriate page condition information storage unit 103 and managing inappropriate page condition information and time zone designation information associated with the inappropriate page condition information. It is a management table. The inappropriate page condition information management table has items of “time zone”, “keyword”, and “degree of inappropriateness”. “Time zone” is time zone designation information. Here, time zone designation information for designating two time zones of “working time zone” and “non-working time zone” is used as an item value. “Keyword” is inappropriate page condition information. Here, it is assumed that the keyword is a keyword indicated by the keyword information, specifically, a character string. “Inappropriateness” is a value of the inappropriateness. The inappropriateness value is set in advance by an administrator or the like so that the weight is increased when the inappropriateness of the page including the keyword is considered high. It is assumed that “time zone”, “keyword”, and “degree of inappropriateness” of the same record are associated with each other.

  FIG. 6 is a time attendance management table for managing time attendance information stored in the time attendance information storage unit 107 and time zone designation information associated with the attendance time information. In this attendance time management table, it is assumed that only attendance time information corresponding to the time zone designation information indicating “working hours” is managed, and the remaining unmanaged time zones are “non-working hours”. It is assumed that the attendance time information corresponding to the time zone designation information indicating “band” is designated in advance. The attendance time management table has items of “IP address”, “year / month / day”, “start time”, and “end time”. “IP address” is the IP address of the user terminal 2. Here, this IP address is considered as user identification information. “Year / Month / Day” is the year / month / day that is the target of the work hours indicated by the record of the attendance time information, “Start Time” is the start time of the work hours, and “End Time” is the work hours End time.

  As for the “IP address”, “year / month / day”, and “start time” information stored in the attendance time management table, for example, the user logs in to the user terminal 2 and inputs information indicating the start of the work time. Acquired and accumulated at the time. The “end time” is acquired and stored when the user inputs to the user terminal 2 to indicate the end of working hours. Here, in a state where the user has logged in to the user terminal 2, the time when the start of work is not input and the time after the time when the end of work is input are assumed to be non-working hours.

  First, a user logs in to the user terminal 2 whose IP address is “192.168.1.23”, starts up a WEB browser, and at 9:15 on October 1, 2008, “http: // Assume that the URL “/www.abcde.com/index.html” is input to the address input field of the WEB browser, and an instruction to display information on the WEB page indicated by the URL is given to the WEB browser. The user terminal 2 transmits the IP address of its own device and the URL “http://www.abcde.com/index.html” to, for example, a DNS server (not shown) and the like of the server device 3 corresponding to the URL. Obtain an IP address. Then, an instruction for requesting information on the WEB page “index.html” is transmitted to the acquired IP address. When transmitting information requesting information on the WEB page, the IP address of the own apparatus is also added and transmitted. Here, when the IP address “192.168.1.23” of the user terminal 2 is transferred from a local network in the organization to a global network such as the Internet, the IP address “192.168.1.23” is converted into a global network address by address conversion. Suppose that it is transmitted to the server device 3. When the server apparatus 3 corresponding to the WEB site “http://www.abcde.com/” receives an instruction to request information on the WEB page, the information on the WEB page corresponding to “index.html”, for example, The HTML file “index.html” and the image data referred to in the HTML file are read from a storage medium (not shown) and transmitted to the user terminal 2 that is the transmission source of the instruction for requesting the WEB page. At this time, the global IP address of the transmission source added to the request instruction of the WEB page is designated as the transmission destination and transmitted to the user terminal 2 of the transmission source via the network. This global IP address is converted to the original IP address “192.168.1.23” when the information on the WEB page is transferred to a local network in the company. The user terminal 2 which is “192.168.1.23” receives the information of the WEB page transmitted from the server device 3 and displays the WEB page with the WEB browser.

  Here, the transmission / reception information acquisition unit 101 of the access management apparatus 1 includes the information on the WEB page transmitted from the server apparatus 3 and the local IP address “192.168.1. 23 "etc. are received via a hub, a router, etc., for example.

  The access information acquisition unit 102 uses the information received by the transmission / reception information acquisition unit 101 to acquire access page information that is information related to the WEB page. Here, it is assumed that the access page information to be acquired is information of an HTML file. In addition, the access information acquisition unit 102 uses the information received by the transmission / reception information acquisition unit 101, and the IP address “192.168.1.23” of the user terminal 2 that is user identification information regarding the user who has accessed the WEB page. To get. In addition, access time information, which is information on the time at which the transmission / reception information acquisition unit 101 receives the information on the WEB page, is acquired from an internal clock (not shown) or the like. Assume that the access time information is, for example, “October 1, 2008 9:15”. Then, the acquired information is associated and stored in the access information storage unit 108.

  Similarly, the access management device 1 receives the information of the WEB page and the IP address of the user terminal 2 that are transmitted by the server device 3 in response to a request from the user terminal 2, and receives the user identification information, access page information, and Access time information is acquired and sequentially stored in the access information storage unit 108.

  FIG. 7 is an access information management table for managing user identification information, access page information, and access time information stored in the access information storage unit 108. The access information management table has items of “ID”, “user identification information”, “access page information”, and “access time information”. “ID” is identification information for managing records. “User identification information” is user identification information, and here is the IP address of the user terminal 2 as described above. “Access page information” is access page information, and here is assumed to be an HTML file of a WEB page. “Access time information” is access time information, and here is information on the time at which the transmission / reception information acquisition unit 101 received the information on the WEB page. “User identification information”, “access page information”, and “access time information” constituting one record are, for example, user identification information, access page information, and access time information acquired for one page access. .

  FIG. 8 is a judgment timing management table for managing judgment timing designation information that designates a timing for judging whether or not inappropriate access has been performed, which is stored in the judgment timing designation information storage unit 111. The determination timing management table has an item “timing” indicating the date and time when the determination is made. The item “timing” may be considered as information indicating a schedule. For example, if “timing” is “17:00 every Friday”, the timing for making a judgment is designated at 17:00 every Friday, and inappropriate access is performed when the date and time comes to this timing. Judgment processing of whether or not it has been received is started. The judgment timing designation information storage unit 111 may store default judgment timing designation information in advance at the time of factory shipment or the like.

  Here, if the access determination unit 104 determines that the current date and time is a date and time designated in advance by the determination timing specification information as shown in FIG. 8, the access determination unit 104 is inappropriate. Judgment processing of whether or not access has been made is started.

  First, the inappropriate page determination unit 1041 is “user identification information” of the first record stored in the access information storage unit 108 as shown in FIG. 7, that is, the record whose “ID” is “001”. “192.168.1.23” and access time information “October 1, 2008 09:15” are acquired.

  In the attendance time management table shown in FIG. 6, the “user ID” is “192.168.1.23” acquired by the inappropriate page determination unit 1041, and the date is an inappropriate page determination unit. The access time acquired by the inappropriate page determination unit 1041 between “start time” and “end time”, which is “October 1, 2008” which is the date of the access time information acquired by 1041 It is determined whether or not there is a record including “09:15” which is the time indicated by the information. Here, since the first record of the attendance time management table satisfies these conditions, the improper page determination unit 1041 stores the record whose “ID” stored in the access information storage unit 108 is “001”. The time zone including the time indicated by the access time information is determined as the work time zone, and the time zone designation information indicating that it is the work time zone is acquired.

  Then, in the inappropriate page condition information management table shown in FIG. 5, “keyword” that is the keyword information of the record whose “time zone” value is “working hour zone” is sequentially read. For example, first, the keyword “sports” is read out. 7 matches the keyword “sports” in the HTML file “access page information” included in the record “ID” “001” stored in the access information storage unit 108 shown in FIG. It is determined whether or not a character string to be included is included. If it is included, a page with inappropriate access has been accessed, and the inappropriateness accumulating means 1042 stores the record whose “keyword” is “sports” in the inappropriate page condition information management table shown in FIG. The value “1” of “degree of inappropriateness” is acquired. Then, the acquired inappropriate degree is associated with “192.168.1.23” that is “user ID” acquired from the record whose “ID” is “001” stored in the access information storage unit 108. And stored in the inappropriate degree storage means 1044. If not included, the inappropriateness level is not accumulated. Similarly, in the inappropriate page condition information management table shown in FIG. 5, the keywords sequentially read from the record whose “time zone” value is “working zone” are the records whose “ID” is “001”. It is sequentially determined whether or not it is included in the HTML file that is included in the “access page information”, and if included, the value of “inappropriateness” corresponding to the included keyword is acquired, and the user ID “192.168.” Is acquired. .1.23 "and accumulate.

  FIG. 9 is a diagram illustrating an example of an HTML file that is “access page information” of a record whose “ID” is “001” stored in the access information storage unit 108 illustrated in FIG. 7. For example, in FIG. 9, since the character string “sports” is included in the HTML file that is the source code of the WEB page, the inappropriate degree “1” corresponding to “sports” shown in FIG. 5 is accumulated. . Similarly, since the character string “entertainment” is included in the HTML file, the inappropriateness level “2” corresponding to “entertainment” shown in FIG. 5 is accumulated.

  Similar processing is repeated for other records in the access information management table. For example, for the record whose “ID” is “067”, the “user identification information” acquired by the inappropriate page determination unit 1041 is “192.168.1.23”, and the “access time information” is “2008”. October 2, 2009 09:03 ". In the attendance time management table shown in FIG. 6, the “user ID” is “192.168.1.23” acquired by the inappropriate page determination unit 1041, and the date is an inappropriate page determination unit. Because the “start time” is “9:10” and the “end time” is “19:30” of the record that is “October 2, 2008”, which is the date of access time information acquired by 1041. The access time information acquired by the inappropriate page determination unit 1041 is determined not to be between the start time and end time of this record. Therefore, the inappropriate page determination unit 1041 determines that the time zone including the time indicated by the access time information is a non-working time zone, and acquires time zone designation information indicating the non-working time zone.

  Then, in the inappropriate page condition information management table shown in FIG. 5, the “keyword” that is the keyword information of the record whose value of “time zone” is “non-working time zone” is sequentially read out, The value of “degree of inappropriateness” is acquired and stored in the degree of inappropriateness storage means 1044.

  In this case, in the inappropriate page condition information management table shown in FIG. 5, the record whose “time zone” value is “non-working time zone” has the “time zone” value described above as “working time”. Unlike records that are “time zones”, “keywords” such as “sports” and “entertainment” are not included. For this reason, even if these keywords are included in the HTML file shown in FIG. 9, the inappropriate degree is not accumulated. Further, in the HTML file shown in FIG. 9, among the records managed by the inappropriate page condition information management table shown in FIG. Since the character string that matches “stock” that is “keyword” is not included, the inappropriateness corresponding to this keyword is not accumulated. In other words, it is considered that the WEB page shown in FIG. 9 that is sourced from the HTML file is inappropriate for access during work hours, but is not inappropriate for access during non-work hours. .

  FIG. 10 is an inappropriateness management table for managing the inappropriateness value stored in the inappropriateness storage unit 1044 by the inappropriateness storage unit 1042. The inappropriate degree management table has items of “user identification information” and “inappropriate degree”. The “user identification information” corresponds to the “user identification information” shown in FIG. The “accumulated inappropriate degree” is a value of the stored inappropriate degree, and is calculated according to a new inappropriate degree value acquired by the inappropriate degree storing unit 1042 according to the determination result of the inappropriate page determining unit 1041. Is accumulated. The accumulation here is assumed to be addition, for example.

  Here, when it is determined whether or not the above-described inappropriate access has been made for all the records of the access information management table shown in FIG. For the indicated cumulative inappropriate degree management table, a record having a value of “cumulative inappropriate degree” exceeding a predetermined value is detected. For example, if the value designated in advance is 15, in the cumulative inappropriate degree management table shown in FIG. 10, “cumulative inappropriate” of the record whose “user identification information” is “192.168.1.24”. The value of “degree” is “20”, and is determined to exceed “15”. For this reason, the user identification information “192.168.1.24” is associated with the cumulative inappropriateness value “20”, and the user identification information of the user who has performed inappropriate access, and the cumulative failure thereof. It transmits to the output part 105 as appropriateness.

  The output unit 105 acquires notification destination information from the notification destination information stored in the notification information storage unit 112 using the cumulative inappropriate degree received from the inappropriate degree determination unit 1043.

  FIG. 11 is a diagram illustrating an example of notification destination information stored in the notification information storage unit 112. The notification destination information includes items of “inappropriate degree range” and “notification destination”. “Inappropriate degree range” is inappropriate degree range information indicating a range of inappropriate degree. “Notification destination” is information indicating a notification destination, and here is information indicating the name of the notification destination. The “manager” is a person in charge who manages and monitors WEB access by the user. “Director” is the user's department manager. In addition, here, it is assumed that a destination address corresponding to the name of the notification destination, for example, an e-mail address or the like is separately managed in a storage unit (not shown) in association with the name of the notification destination. . In particular, although the “director” that is the name of the notification destination is not shown in the figure, the user identification information of the user operating the user terminal is associated with the address of the department manager to which the user belongs, and the like. It is assumed that the address of the “department manager” corresponding to the user of the user identification information is acquired using the user identification information received from the inappropriateness determination means 1043 and stored in a storage unit or the like that is not managed. .

  For example, the output unit 105 detects, from the notification destination information illustrated in FIG. 11, a record in which the value range indicated by the “inappropriate degree range” includes the cumulative inappropriate degree “20” received from the inappropriate degree determining unit 1043. To do. Then, the “notification destination” information of the detected record is acquired. Here, since the cumulative inappropriate degree “20” is included in the range of “19-30” that is the “inappropriate degree range” of the second record from the top in FIG. 11, the “notification destination” of this record is The values “manager” and “manager” are acquired. Then, the output unit 105 acquires an e-mail address corresponding to the “manager” from a storage unit or the like (not shown). In addition, the output unit 105 acquires the e-mail address of the “department manager” corresponding to the user identification information “192.168.1.24” received from the inappropriate degree determination unit 1043 from a storage unit or the like (not shown). Then, the user corresponding to the user identification information “192.168.1.24” received from the inappropriateness determination unit 1043 makes inappropriate access to the acquired administrator and the email address of the general manager as the destination. Send information by email to show that Specifically, the user identification information is associated with information such as a user name and employee number and stored in advance in a storage unit (not shown), and the user received from the inappropriateness determination means 1043 based on this information. The user name and employee number corresponding to the identification information “192.168.1.24” are acquired. Here, the value of “access time information” corresponding to the user identification information is acquired from the access information management table shown in FIG. Inappropriate page access configured by inserting the acquired user name, employee number, etc., and "access time information" into a template of text that indicates that the user is performing inappropriate access. Send information by email. By using the notification destination information in this manner, it is possible to notify inappropriate page access information indicating that inappropriate access is being performed to the notification destination according to the level of cumulative inappropriateness.

  FIG. 12 is a diagram illustrating a display example of inappropriate page access information transmitted by the output unit 105 by e-mail or the like. By receiving such inappropriate page access information, an administrator or the like can easily know which user is performing inappropriate access.

  Here, processing for adding or updating keyword information, which is inappropriate page condition information stored in the inappropriate page condition information storage unit 103, will be described.

  First, an administrator who manages the access status of a user's WEB page, for example, inappropriate page designation information that is information for designating an inappropriate WEB page, and a time when access to the same WEB page is inappropriate. The time zone designation information of the zone and the value of the inappropriateness level when the same WEB page is accessed are input to the inappropriate page designation receiving unit 113. The inappropriate page designation information is information such as the URL of a WEB page or WEB site that is inappropriately accessed, or an HTML file that constitutes the WEB page.

  The improper page information acquisition unit 114 uses the URL received by the improper page designation receiving unit 113, etc., and the improper page information that is information of one or more web pages that are inappropriately accessed by an administrator or the like. To get. Note that when the inappropriate page designation receiving unit 113 receives an HTML file or the like of an inappropriate WEB page, the information of the HTML file or the like is acquired as it is.

  Next, the keyword acquisition unit 115 acquires keyword information that can be included in an inappropriate WEB page from the inappropriate page information acquired by the inappropriate page information acquisition unit 114. For example, nouns are extracted by morphological analysis or the like, and nouns with high appearance frequencies are acquired as keywords. However, nouns that are not acquired in advance are specified, and nouns that match these are not acquired. For example, when the noun “music” appears in the inappropriate page information more than a predetermined number of times, the noun “music” is acquired as a keyword. On the other hand, even if the noun “article” appears more than a predetermined number of times, the “article” is not acquired as a keyword by designating it in advance as a noun that does not acquire the noun “article”.

  Then, the keyword acquisition unit 115 uses the acquired keyword (for example, “music”) information as inappropriate page condition information, time zone specification information specified in advance, here, the time received by the inappropriate page specification reception unit 113 It is stored in the inappropriate page condition information storage unit 103 in association with the band designation information. Further, here, the inappropriateness value received by the inappropriate page designation receiving unit 113, which is a previously specified inappropriateness value, is also stored in association with the keyword information. Thereby, for example, a record is added to the inappropriate page condition information management table shown in FIG. As a result, inappropriate page condition information can be made into a database.

  The access determination unit 104 or the like constitutes inappropriate page designation information for designating the WEB page indicated by the access page information that the above-described inappropriate page determination unit 1041 determines that the condition indicated by the inappropriate page condition information is not satisfied. In this way, the inappropriate page designation receiving unit 113 may receive this inappropriate page designation information.

(Specific Example 2) When Inappropriate Page Condition Information is Inappropriate Page Designation Information Next, a case in which improper page condition information is inadequate page designation information will be described as an example. The attendance time information management table and the like are the same as in the case where the above-described inappropriate page designation information is keyword information unless otherwise described.

  FIG. 13 shows inappropriate page condition information stored in advance in the inappropriate page condition information storage unit 103 and manages inappropriate page condition information and time zone designation information associated with the inappropriate page condition information. It is a management table. The inappropriate page condition information management table has items of “time zone”, “URL”, and “degree of inappropriateness”. “Time zone” and “degree of inappropriateness” are the same as those in FIG. “URL” is inappropriate page condition information, and here, it is assumed that it is inappropriate page designation information. Here, in particular, the inappropriate page designation information is assumed to be a URL of a WEB page that is inappropriately accessed.

  First, a user logs in to the user terminal 2 whose IP address is “192.168.1.23”, starts up a WEB browser, and at 9:15 on October 1, 2008, “http: // Assume that the URL “/www.abcde.com/index.html” is input to the address input field of the WEB browser, and an instruction to display information on the WEB page indicated by the URL is given to the WEB browser. The user terminal 2 transmits the IP address of its own device and the URL “http://www.abcde.com/index.html” to, for example, a DNS server (not shown) and the like of the server device 3 corresponding to the URL. Obtain an IP address. Then, in the same manner as described above, information on the WEB page is acquired from the server device 3 and displayed.

  Here, the transmission / reception information acquisition unit 101 of the access management apparatus 1 obtains the URL transmitted from the user terminal 2 to the DNS server or the like, the local IP address “192.168.1.23” of the user terminal 2, etc. Receive via hub or router.

  The access information acquisition unit 102 uses the information received by the transmission / reception information acquisition unit 101 to acquire access page information that is information related to the WEB page. Here, it is assumed that the acquired access page information is a URL received from the user terminal 2. In addition, the access information acquisition unit 102 uses the information received by the transmission / reception information acquisition unit 101 as the user identification information about the user who accessed the WEB page, and the IP address “192.168 .. 1.23 "is acquired. In addition, access time information, which is information on the time at which the transmission / reception information acquisition unit 101 receives the information on the WEB page, is acquired from an internal clock (not shown) or the like. Assume that the access time information is, for example, “October 1, 2008 9:15”. Then, the acquired information is associated and stored in the access information storage unit 108.

  Similarly, the access management apparatus 1 receives the URL and IP address information transmitted from the user terminal 2, acquires user identification information, access page information, and access time information, and stores them in the access information storage unit 108. Accumulate sequentially.

  FIG. 14 is an access information management table for managing user identification information, access page information, and access time information stored in the access information storage unit 108. The access information management table has items of “ID”, “user identification information”, “access page information”, and “access time information”. Other than the “access page information” is the same as FIG. “Access page information” is access page information, and here it is assumed to be the URL of the WEB page. “Access time information” is access time information, and here is information on the time at which the transmission / reception information acquisition unit 101 received the URL. The “user identification information”, “access page information”, and “access time information” that constitute one record are, for example, the user acquired when the user terminal 2 requests information on one page of a WEB page. Identification information, access page information, and access time information.

  Next, as in the specific example described above, if the access determination unit 104 determines that the current date / time is the date / time specified in advance by the determination timing specification information as shown in FIG. The determination unit 104 starts a determination process as to whether or not inappropriate access has been performed. Specifically, as in the above-described specific example, an access record stored in the access information storage unit 108 as shown in FIG. 14 and having user identification information, access page information, and access time information is accessed. Read the time information, determine whether the time indicated by the access time information is included in the time zone specification information indicating the work time zone, and include it in the time zone specification information indicating the work time zone In this case, from the inappropriate page condition information management table shown in FIG. 13, the value of “URL” of the record whose “time zone” is “working zone” is acquired. In addition, when it is not included in the time zone designation information indicating the working time zone, the value of “time zone” is “non-working time zone” from the inappropriate page condition information management table shown in FIG. The value of “URL” of the record is acquired. Then, the URL which is the value of “access page information” included in one record of the access information described above is read, and this URL and the URL acquired from the inappropriate page condition information management table shown in FIG. To determine whether or not they match. Here, if a part that completely matches the URL acquired from the inappropriate page condition information management table is included in the URL of “access page information” included in one record of the access information, it is considered to be a match. When it is determined that they match, the inappropriateness value associated with the URL acquired from the inappropriate page condition information management table is stored in association with the user identification information included in one record of the access information. . Such processing is repeated for all the records of the access information stored in the access information storage unit 108 shown in FIG. 14, thereby acquiring the cumulative inappropriate degree for each user identification information.

  Note that the subsequent processing is the same as in the above-described specific example, and thus the description thereof is omitted. The output unit 105 acquires access page information that is a URL corresponding to the user identification information of the user terminal 2 that has been inappropriately accessed from the access information management table illustrated in FIG. 14, and the acquired URL The access page information to which the above information is added may be configured and output.

  Here, processing for adding or updating inappropriate page designation information that is inappropriate page condition information stored in the inappropriate page condition information storage unit 103 will be described.

  First, an administrator who manages the access status of a user's WEB page, for example, specifies specified keyword information that is considered to be used for an inappropriately accessed WEB page, and a WEB page that can be searched using the specified keyword information. Time zone designation information of an inappropriate time zone and the inappropriateness value when a WEB page that can be searched using the designated keyword information is accessed are input to the designated keyword information receiving unit 116. For example, keywords such as “stock price” and “market” are input.

  The inappropriate page information acquisition unit 114 gives the specified keyword information input to the specified keyword information reception unit 116 as a search key to a so-called search engine, and searches the WEB page on the Internet, thereby specifying the keyword information reception unit. The URL of the WEB page or WEB site corresponding to the designated keyword information input in 116 is acquired. The search engine may be included in the inappropriate page information acquisition unit 114, or the search page provided by the WEB site or the like is used to acquire the search result by the inappropriate page information acquisition unit 114. You may do it. For example, by performing a search using a search engine using keywords such as “stock price” and “market” as described above, for example, the URL of a WEB page of stock trading can be acquired.

  Then, the inappropriate page information acquisition unit 114 receives the acquired URL as inappropriate page condition information (inappropriate page specification information), which is received by the predesignated time zone specification information, here, the specified keyword information reception unit 116. It is stored in the inappropriate page condition information storage unit 103 in association with the specified time zone designation information. Here, the inappropriateness value received by the designated keyword information receiving unit 116, which is the inappropriateness value specified in advance, is also stored in association with the inappropriate page condition information, which is a URL. Thereby, for example, a record is added to the inappropriate page condition information management table shown in FIG. As a result, inappropriate page designation information can be made into a database.

  Although the case where the inappropriate page designation information is a URL has been described as an example here, the inappropriate page designation information may be an IP address or the like. In this case, for example, the transmission / reception information acquisition unit 101 may acquire an IP address indicating a transmission destination of the information from information requesting a WEB page transmitted by the user terminal 2 or the like. Then, the access determination unit 104 may determine whether or not the acquired IP address matches the inappropriate page designation information.

(Specific example 3) Inappropriate page condition information is inappropriate page attribute information specifying an inappropriate page attribute Next, an example of inappropriate page condition information being inappropriate page attribute information I will give you a description. The attendance time information management table and the like are the same as in the case where the above-described inappropriate page designation information is keyword information unless otherwise described.

  FIG. 15 illustrates inappropriate page condition information stored in advance in the inappropriate page condition information storage unit 103 and inappropriate page condition information for managing time zone designation information associated with the inappropriate page condition information. It is a management table. The inappropriate page condition information management table has items of “time zone”, “file format”, and “degree of inappropriateness”. “Time zone” and “degree of inappropriateness” are the same as those in FIG. “File format” is inappropriate page condition information, and here, it is assumed that it is inappropriate page attribute information. Here, in particular, the inappropriate page designation information is assumed to be a file format of data constituting a WEB page that is inappropriately accessed. For example, it is information indicating a file format of data referred to in HTML or the like of a WEB page. Here, it is assumed that the file format information is a file extension.

  First, as in the case of the specific example 1 described above, the transmission / reception information acquisition unit 101 obtains the information of the WEB page transmitted from the server device 3, the local IP address of the user terminal 2 that is the transmission destination of the WEB page, and the like. For example, via a hub or router.

  As in the case of the specific example 1 described above, the access information acquisition unit 102 uses the information received by the transmission / reception information acquisition unit 101 to access page information that is information about a WEB page, and an IP address that is user identification information, Get access time information. However, here, as the access page information, information indicating an attribute of data constituting the WEB page, specifically, an extension of the data is acquired. The access information acquisition unit 102 may acquire the extension in any way. For example, the WEB page information received by the transmission / reception information acquisition unit 101 is image data, moving image data, audio data, or on a WEB browser. In the case of including data that operates using a plug-in or the like, the extension of these data may be collected. Further, the file name extensions of the reference data described in the HTML file source included in the WEB page information may be collected. Then, the access information acquisition unit 102 stores the acquired information in association with each other in the access information storage unit 108.

  Similarly, the access management device 1 receives the information of the WEB page and the IP address of the user terminal 2 that are transmitted by the server device 3 in response to a request from the user terminal 2, and receives the user identification information, access page information, and Access time information is acquired and sequentially stored in the access information storage unit 108.

  FIG. 16 is an access information management table for managing access information having user identification information, access page information, and access time information stored in the access information storage unit 108. The access information management table has items of “ID”, “user identification information”, “access page information”, and “access time information”. Since “ID”, “user identification information”, and “access time information” are the same as those in FIG. Here, “access page information” is an extension of data constituting the WEB page.

  As in the case of the specific example 1, the access determination unit 104 uses the access information as shown in FIG. 16 to determine the inappropriate page condition information for each time zone from the inappropriate page condition information management table shown in FIG. Is used to determine whether or not improper access has been performed. Here, in the extension that is “access page information” of the access information, “file format” that is inappropriate page condition information It is determined whether or not there is an extension that matches the extension indicated by “”. If there is a match, an inappropriate degree corresponding to the matching “file format” is accumulated. For example, since the record whose “ID” in FIG. 16 is “001” is a record corresponding to the working hours, the “access page information” of this record is included in the inappropriate page condition information management table of FIG. Are compared with the value of “file format” corresponding to the record whose “time zone” is “working time zone”. For example, the “access page information” of the record whose “ID” is “001” is compared with the “file format” of the first to third records of the inappropriate page condition information management table of FIG. Here, the extension that matches the “file format” “mpg” of the first record is included in the “access page information” of the record whose “ID” is “001”. The degree of inappropriateness of the first record of the management table is stored in association with the user identification information “192.168.1.23”. Since the subsequent processing is the same as that in the first specific example, the description thereof is omitted.

(Specific example 4) When inappropriate page condition information is authentication page designation information for designating an authentication page Next, a case where inappropriate page condition information is authentication page designation information will be described as an example. The attendance time information management table and the like are the same as in the case where the above-described inappropriate page designation information is keyword information unless otherwise described. Here, a case will be described as an example where the degree of inappropriateness is accumulated in association with user identification information when an authentication page is accessed.

  FIG. 17 shows inappropriate page condition information that is stored in advance in the inappropriate page condition information storage unit 103 and that manages inappropriate page condition information and time zone designation information associated with the inappropriate page condition information. It is a management table. The inappropriate page condition information management table has items of “time zone” and “condition”. The “time zone” is the same as that shown in FIG. “Condition” is inappropriate page condition information. Here, in particular, when the value of the inappropriate page condition information is the value “authentication page”, the access to the authentication page is determined as inappropriate access. In other words, the fact that the accessed page is an authentication page is a condition for determining that an inappropriate page has been accessed. The processing for detecting access to the authentication page is assumed to be specified in advance, and information indicating the procedure and conditions of this processing is stored in a storage unit (not shown). Here, as an example, when “method =“ post ”is detected from information transmitted from the user terminal 2 to the server device 3 when accessing the WEB page, the access to the WEB page is changed to the access to the authentication page. A case where it is determined will be described as an example.

  First, the transmission / reception information acquisition unit 101 uses the information transmitted from the user terminal 2 to the server device 3, the local IP address of the user terminal 2, the IP address of the destination server device 3, etc. Etc.

  Using the information received by the transmission / reception information acquisition unit 101, the access information acquisition unit 102 acquires access page information that is information about a WEB page, an IP address that is user identification information, and access time information. However, here, the access information acquisition unit 102 accesses information transmitted from the user terminal 2 to the server device 3 as access page information, for example, the text of request information for requesting the server device 3 to perform processing, etc. Get as page information. Then, the access information acquisition unit 102 stores the acquired information in association with each other in the access information storage unit 108.

  FIG. 18 is an access information management table for managing access information having user identification information, access page information, and access time information stored in the access information storage unit 108. The access information management table has items of “ID”, “user identification information”, “access page information”, and “access time information”. Since “ID”, “user identification information”, and “access time information” are the same as those in FIG. Here, the “access page information” is information transmitted from the user terminal 2 to the server device 3 as described above.

  Similarly to the above (specific example 1), the access determination unit 104 uses the access information as shown in FIG. 18 to determine the inappropriate page condition for each time zone from the inappropriate page condition information management table shown in FIG. The information is used to determine whether or not inappropriate access has been performed. For example, when it is determined that the time indicated by the access time information is within the working hours, access to the authentication page is performed according to the “authentication page” that is the “condition” indicated by the inappropriate page condition information management table. It is determined whether or not. Specifically, it is determined whether or not “method =“ post ”” is detected in the “access page information” information of the access information, and if “method =“ post ”” is detected, the authentication page It is determined that the access is for. In this case, the inappropriate degree “2” corresponding to the condition used for the determination is acquired from the inappropriate page condition information management table, and is stored in the inappropriate degree storage unit 1044 in association with the user identification information. The same applies when it is determined that the time indicated by the access time information is within the non-working time zone. For example, since the record whose “ID” in FIG. 16 is “001” is a record corresponding to the working hours, the “hours” in the inappropriate page condition information management table in FIG. An “authentication page” that is a “condition” corresponding to a record that is a “band” is detected. Since “condition” is “authentication page”, the access determination unit 104 detects “method =“ post ”” in the information of “access page information” of the record whose “ID” is “001” in FIG. It is determined whether or not. Here, if it is detected, it is determined that an inappropriate page has been accessed, and the inappropriateness level “2” is stored in association with the user identification information “192.168.1.23”. As a result, when information including “method =“ post ”” is transmitted from the user terminal 2 to the server device 3, it is possible to determine that the WEB page requiring authentication is being accessed. It becomes. Since the subsequent processing is the same as that in the first specific example, the description thereof is omitted.

  In the specific example 4, the case where it is determined whether or not the accessed page is the authentication page has been described. However, by combining with the configuration of the specific example 2 described above, the accessed page information is the authentication page. In addition, it is determined whether the accessed page is a WEB page in a WEB site that is inappropriately browsed in advance, and the accessed page is simply determined to be an authentication page. In addition to the authentication page, a different degree of inappropriateness may be given depending on whether the browsing page is determined to be inappropriate. For example, in the inappropriate page condition information management table shown in FIG. 17, a record specifying “condition” to be an authentication page and a WEB page specified in advance is added. May be set to a desired value. In this case, whether or not the designated WEB page has been accessed is obtained from the header information or the like included in the access page information by acquiring the address information or the like of the information transmission destination WEB page. It can be detected by determining whether the address information of the WEB page is the same as in the second specific example.

  In the above-described specific example, the case where the attendance time information stored in the attendance time information storage unit 107 is used as the time setting information has been described. However, in the present invention, it can be stored in the time setting information storage unit 106. Time setting information other than attendance time information may be used. The time setting information may be information prepared for each user in association with the user identification information, such as the attendance time information in the above specific example, or information prepared for all users. It is also good. In this case, the time setting information does not need to be associated with the user identification information. Moreover, the time setting information does not need to be prepared for each year, month, and day like the attendance time information in the above specific example, and may be information that specifies a common start time and end time for all dates. good. For example, when there is information for designating three time zones, “first time zone”, “second time zone”, and “third time zone”, as the time zone designation information, the time zone designation information is shown in FIG. As shown in FIG. 4, it may be information that designates a common start time and end time corresponding to all user identification information.

  In the present embodiment, it is needless to say that the configuration of the access management apparatus 1 described in the first specific example to the fourth specific example may be used in appropriate combination. For example, as shown in specific example 1 and specific example 2, the access management apparatus 1 uses both the keyword information and inappropriate page designation information described above as inappropriate page condition information. For each condition, it is determined whether or not the condition is satisfied. If the condition is not satisfied, an inappropriate degree corresponding to each condition may be accumulated together. Further, in such a combination, for example, when the access page specifying unit 113 determines that the access page information does not satisfy the condition indicated by the inappropriate page condition information in the access determination unit 104, the access page You may make it acquire the access page designation | designated information which designates the WEB page which information shows. Further, the designated keyword information receiving unit 116 may receive the keyword information acquired by the keyword acquiring unit 115.

  As described above, according to the present embodiment, it is possible to determine whether or not the access to the WEB page is inappropriate by changing the condition according to the time zone when the WEB page is accessed. For this reason, an administrator or the like who manages or monitors access to a WEB page can easily grasp the access status from the user terminal regarding an inappropriate WEB page specified for each time zone.

  Further, in the present embodiment, access from the user terminal is performed using the time zone designation information and the attendance time information prepared for each user and each date and time associated with the time zone designation information. It is possible to determine whether access is within hours or non-working hours, and depending on the conditions according to the determination result, it is possible to determine whether the access is appropriate. It is possible to determine whether or not an inappropriately accessed page has been accessed according to the time zone or the non-working time zone, and a flexible determination is possible.

  In the above specific example, a case has been described in which the access management apparatus 1 acquires information transmitted and received between the user terminal 2 and the server apparatus 3 via a network or the like by packet capturing or the like. However, in the present embodiment, the user terminal 2 accumulates access history information of the WEB page of its own device in a storage medium (not shown), and requests from the access management device 1 or a predetermined periodicity. Alternatively, at an irregular timing, the information is transmitted to the access management apparatus 1 in association with the user identification information of the user who uses the own apparatus, and the access management apparatus 1 receives the received history information. Access information may be acquired from history information or the like. For example, the transmission / reception information acquisition unit 101 of the access management device 1 acquires history information or the like as information related to information to be transmitted / received, and the browsing information acquisition unit 102 determines user identification information, access page information, You may make it acquire access time information. Moreover, you may make it acquire user identification information of the user terminal 2 which transmitted access information as the user identification information in association with the access information. The history information described here is, for example, the identification information of the accessed user terminal 2, the URL of the accessed WEB page, the date and time when the access was started, the information of the WEB page itself, information such as a so-called WEB cache It is.

  In the above embodiment, each processing (each function) may be realized by centralized processing by a single device (system), or may be realized by distributed processing by a plurality of devices. May be.

  In the above embodiment, it goes without saying that two or more communication means (such as an information transmission unit) existing in one apparatus may be physically realized by one medium.

  In the above embodiment, information related to processing executed by each component, for example, information received, acquired, selected, generated, transmitted, and received by each component. In addition, information such as threshold values, mathematical formulas, addresses, etc. used by each component in processing is retained temporarily or over a long period of time on a recording medium (not shown) even when not explicitly stated in the above description. It may be. Further, the storage of information in the recording medium (not shown) may be performed by each component or a storage unit (not shown). Further, reading of information from the recording medium (not shown) may be performed by each component or a reading unit (not shown).

  Further, although cases have been described with the above embodiments where the access management device is a stand-alone device, the access management device may be a stand-alone device or a server device in a server / client system. In the latter case, the output unit or the reception unit receives an input or outputs a screen via a communication line.

  In each of the above embodiments, each component may be configured by dedicated hardware, or a component that can be realized by software may be realized by executing a program. For example, each component can be realized by a program execution unit such as a CPU reading and executing a software program recorded on a recording medium such as a hard disk or a semiconductor memory.

  The software that realizes the access management apparatus in each of the above embodiments is the following program. That is, this program accesses a WEB page by using a computer to transmit and receive information related to information transmitted and received between the user terminal and the server device, and information acquired by the transmission and reception information acquisition unit. An access information acquisition unit that acquires user identification information of a user who is accessing, access page information that is information regarding a WEB page that the user is accessing, and access time information that is information regarding the time of access Two pieces of time zone designation information, which is information for designating two or more time zones, and information associated with each time zone designation information, and information indicating conditions of a WEB page that is inappropriately accessed by a user. An inappropriate page condition information storage unit that can store two or more inappropriate page condition information, and 2 stored The time zone designation information, which is information for designating each of the upper time zones, and the information associated with each time zone designation information, and information indicating the condition of the WEB page that is inappropriately accessed by the user 2 The inappropriate page condition information associated with the time zone designation information for designating the time zone including the time indicated by the access time information is acquired from the above inappropriate page condition information, and the inappropriate page condition information is obtained. And determining whether the access page information corresponding to the access time information satisfies the condition indicated by the inappropriate page condition information, and depending on the determination result of the access determination unit, The inappropriate page, which is information indicating that inappropriate access has been performed by the user indicated by the user identification information associated with the used access page information. Is a program for functioning as an output unit for outputting the access information.

  In the program, the functions realized by the program do not include functions that can be realized only by hardware. For example, a function that can be realized only by hardware such as a modem or an interface card in an acquisition unit that acquires information or an output unit that outputs information is not included in the function realized by the program.

  Further, the computer that executes this program may be singular or plural. That is, centralized processing may be performed, or distributed processing may be performed.

  FIG. 20 is a schematic diagram showing an example of the external appearance of a computer that executes the program and realizes the access management apparatus according to the embodiment. The above-described embodiment can be realized by computer hardware and a computer program executed on the computer hardware.

  20, a computer system 900 includes an optical disk drive 905 such as a CD-RW (Compact Disk Rewritable) drive, a computer 901 including an FD (Floppy (registered trademark) Disk) drive 906, a keyboard 902, a mouse 903, and a monitor. 904.

  FIG. 21 is a diagram showing an internal configuration of the computer system 900. In FIG. 21, in addition to the optical disk drive 905 and the FD drive 906, a computer 901 is connected to an MPU (Micro Processing Unit) 911, a ROM 912 for storing a program such as a bootup program, and the MPU 911. A bus 915 that interconnects a RAM (Random Access Memory) 913 that temporarily stores instructions and a temporary storage space, a hard disk 914 that stores application programs, system programs, and data, an MPU 911, a ROM 912, and the like. With. The computer 901 may include a network card (not shown) that provides connection to the LAN.

  A program that causes the computer system 900 to execute the functions of the access management apparatus according to the above-described embodiment is stored in an optical disk 921 such as a CD-ROM, CD-RW, DVD-ROM, DVD-RW, or FD 922, and the optical disk. It may be inserted into the drive 905 or the FD drive 906 and transferred to the hard disk 914. Instead, the program may be transmitted to the computer 901 via a network (not shown) and stored in the hard disk 914. The program is loaded into the RAM 913 when executed. The program may be loaded directly from the optical disc 921, the FD 922, or the network.

  The program does not necessarily include an operating system (OS) or a third-party program that causes the computer 901 to execute the functions of the access management apparatus according to the above-described embodiment. The program may include only a part of an instruction that calls an appropriate function (module) in a controlled manner and obtains a desired result. How the computer system 900 operates is well known and will not be described in detail.

  The present invention is not limited to the above-described embodiment, and various modifications are possible, and it goes without saying that these are also included in the scope of the present invention.

  As described above, the access management device according to the present invention is suitable as a device for managing the access status of a WEB page or the like by a user terminal, particularly when an inappropriate WEB page varies depending on a time zone. It is useful as an apparatus for managing access status.

Schematic diagram of an information processing system according to an embodiment of the present invention Block diagram of the access management device A flowchart for explaining the operation of the access management apparatus A flowchart for explaining the operation of the access management apparatus The figure which shows an example of the inappropriate page condition information management table in the same access management apparatus The figure which shows an example of the attendance time management table in the same access management apparatus The figure which shows an example of the access information management table in the same access management apparatus The figure which shows an example of the judgment timing management table | surface in the same access management apparatus The figure which shows an example of the HTML file in the access management apparatus The figure which shows an example of the inappropriateness management table in the same access management apparatus The figure which shows an example of the notification destination information in the same access management apparatus The figure which shows the example of a display of the inappropriate page access information in the same access management apparatus The figure which shows an example of the inappropriate page condition information management table in the same access management apparatus The figure which shows an example of the access information management table in the same access management apparatus The figure which shows an example of the inappropriate page condition information management table in the same access management apparatus The figure which shows an example of the access information management table in the same access management apparatus The figure which shows an example of the inappropriate page condition information management table in the same access management apparatus The figure which shows an example of the access information management table in the same access management apparatus The figure which shows an example of the time slot | zone designation | designated information in the same access management apparatus Schematic diagram showing an example of the appearance of a computer that implements the access management device The figure which shows the internal structure of the computer which implement | achieves the access management apparatus

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Access management apparatus 2 User terminal 3 Server apparatus 10 Information processing system 101 Transmission / reception information acquisition part 102 Access information acquisition part 103 Inappropriate page condition information storage part 104 Access judgment part 105 Output part 106 Time setting information storage part 107 Attendance time information storage Unit 108 Access information storage unit 109 Judgment timing designation information reception unit 110 Judgment timing designation information storage unit 111 Judgment timing designation information storage unit 112 Notification information storage unit 113 Improper page designation reception unit 114 Improper page information acquisition unit 115 Keyword acquisition unit 116 Designated keyword information reception unit 117 Inappropriate page designation information acquisition unit 1041 Inappropriate page determination unit 1042 Inappropriate degree storage unit 1043 Inappropriate degree determination unit 1044 Inappropriate degree storage unit

Claims (16)

A transmission / reception information acquisition unit that acquires information about information transmitted / received between the user terminal and the server device;
Using the information acquired by the transmission / reception information acquisition unit, the user identification information of the user accessing the WEB page, the access page information that is information related to the WEB page accessed by the user, and the access An access information acquisition unit that acquires access time information that is information about time;
It is information indicating time zone designation information that is information for designating two or more time zones, and information associated with each time zone designation information, and information indicating conditions of a WEB page that is inappropriately accessed by the user. An inappropriate page condition information storage unit capable of storing two or more inappropriate page condition information;
Obtaining inappropriate page condition information associated with time zone designation information that designates a time zone including the time indicated by the access time information, and using the inappropriate page condition information, access corresponding to the access time information An access determination unit that determines whether the page information satisfies a condition indicated by inappropriate page condition information;
Inappropriate page, which is information indicating that inappropriate access has been performed by the user indicated by the user identification information associated with the access page information used for the determination according to the determination result of the access determination unit An access management apparatus comprising: an output unit that outputs access information. A time setting information storage unit capable of storing time setting information that is information for setting the start time and end time of the time zone indicated by the time zone designation information;
The access determination unit detects the time setting information indicating a time zone including a time indicated by the access time information, detects time zone designation information corresponding to the detected time setting information, and includes the time zone designation information in the time zone designation information. The associated inappropriate page condition information is acquired, and using the inappropriate page condition information, it is determined whether or not the access page information corresponding to the access time information satisfies a condition indicated by the inappropriate page condition information The access management apparatus according to claim 1. The inappropriate page condition information storage unit stores at least two time zone designation information for designating a working time zone which is a working time zone and a non-working time zone which is a non-working time zone. Can be
The access determination unit
Determining whether the time zone of the time indicated by the access time information is one of the working time zone and the non-working time zone indicated by the time zone designation information;
When the time zone including the time indicated by the access time information is the work time zone, obtain inappropriate page condition information associated with the time zone designation information for designating the work time zone,
When the time zone including the time indicated by the access time information is a non-working time zone, the inappropriate page condition information associated with the time zone designation information for designating the non-working time zone is obtained, and 3. The access management according to claim 1, wherein access page information associated with the access time information is determined using appropriate page condition information as to whether or not the access page information is information related to an inappropriate WEB page. apparatus. Time information that can be stored in association with user identification information, time information that is information specifying the start time and end time of the work time zone and non-work time zone of the user indicated by the time zone specification information A storage unit;
The access determination unit
Using the attendance time information of the user corresponding to the access time information, the attendance time information indicating the time zone including the time indicated by the access time information is detected, and the time zone designation information corresponding to the detected attendance time information is And detecting inappropriate page condition information associated with the time zone designation information, and using the inappropriate page condition information, the access page information corresponding to the access time information is The access management apparatus according to claim 3, wherein it is determined whether or not a condition shown is satisfied. The inappropriate page condition information is authentication page designation information that is information for designating a WEB page that requires user authentication as a condition of an inappropriate WEB page,
The inappropriate page condition information storage unit stores the time zone designation information for designating work hours and the authentication page designation information that is the inappropriate page condition information in association with each other.
The access determination unit
When the time zone designation information that designates the time zone including the time indicated by the access time information is the time zone designation information that designates the work time zone, the authentication page designation information is acquired and the authentication page designation information is used. Whether or not an inappropriate access has been made by determining whether or not the WEB page indicated by the access page information corresponding to the access time information is a WEB page that requires authentication specified by the authentication page specifying information. 5. The access management apparatus according to claim 3, wherein the access management apparatus determines whether or not. An access information storage unit that can store the user identification information, the access page information, and the access time information in association with each other;
The access information acquisition unit accumulates the acquired user identification information, the access page information, and the access time information in the access information storage unit,
The access determination unit reads the access page information stored in the access information storage unit and the access time information, and determines whether or not inappropriate access has been performed. 5. The access management device according to any one of 5. The inappropriate page condition information is keyword information that is information indicating a keyword that an inappropriate WEB page may include,
The access determination unit determines whether or not the WEB page indicated by the access page information includes a character string that matches the keyword indicated by the keyword information, and if the WEB page includes a character string that matches the keyword, The access management apparatus according to claim 1, wherein the access management apparatus determines that the condition indicated by the appropriate page condition information is satisfied. The access determination unit
Obtaining inappropriate page condition information associated with time zone designation information that designates a time zone including the time indicated by the access time information, and using the inappropriate page condition information, access corresponding to the access time information Inappropriate page determination means for determining whether the page information satisfies a condition indicated by inappropriate page condition information,
An inappropriate degree accumulation means for accumulating the inappropriate degree, which is information indicating the degree of inappropriateness of access, of the WEB page determined to satisfy the conditions indicated by the inappropriate page condition information;
An inappropriate degree determination means for determining whether or not the inappropriate degree stored for each user identification information exceeds a predetermined degree;
When the inappropriateness determination unit determines that the inappropriateness exceeds a predesignated degree, the output unit determines whether the inappropriateness is exceeded by a user indicated by the user identification information associated with the inappropriateness. The access management apparatus according to claim 1, wherein inappropriate page access information indicating that proper access has been performed is output. The inappropriate page condition information storage unit can store the keyword information and an inappropriate degree that is information indicating a degree of inappropriateness of a WEB page including the keyword indicated by the keyword information in association with each other. Yes,
The access determination unit
Inappropriate page determination means for determining whether or not the keyword indicated by the keyword information is included in the WEB page indicated by the access page information;
When the inappropriate page determination unit determines that the keyword indicated by the keyword information is included in the WEB page indicated by the access page information, the inappropriate degree corresponding to the keyword information is accumulated for each user identification information. Inappropriateness accumulation means;
An inappropriate degree judgment means for judging whether or not the inappropriate degree accumulated for each user identification information exceeds a predetermined degree;
The output unit may be inappropriate by a user indicated by user identification information associated with the inappropriate degree when the inappropriate degree determining unit determines that the inappropriate degree exceeds a predetermined degree. 8. The access management apparatus according to claim 7, wherein inappropriate page access information indicating that a proper access has been made is output. Notification information that can store notification destination information in which inappropriate degree range information that is information specifying the degree of inappropriate degree range and information that specifies one or more notification destinations of inappropriate page access information can be stored. A storage unit;
The output unit acquires notification destination information corresponding to the inappropriateness range information including the inappropriateness level stored by the inappropriateness level storage unit, and outputs the notification destination information indicated by the acquired notification destination information to the notification destination. The access management apparatus according to claim 8 or 9, which notifies appropriate page access information. A determination timing designation information receiving section for receiving determination timing designation information for designating a timing at which the access determination section performs inappropriate access determination;
A judgment timing designation information accumulating section for accumulating the judgment timing designation information accepted by the judgment timing designation information accepting section;
11. The access management apparatus according to claim 8, wherein the access determination unit determines the inappropriate access at a timing specified by the determination timing specification information stored by the determination timing specification information storage unit. . An inappropriate page designation receiving unit for receiving inappropriate page designation information that is information for designating one or more WEB pages that are inappropriately accessed;
An inappropriate page information acquisition unit that acquires information on the WEB page specified by the inappropriate page specification information received by the inappropriate page specification reception unit;
A keyword that can be included in an inappropriate WEB page is acquired from inappropriate page information that is information on a WEB page acquired by the inappropriate page information acquisition unit, and keyword information that is information indicating the keyword is acquired as the inappropriate page condition. The access management apparatus according to claim 7 or 9, further comprising a keyword acquisition unit that stores information in the inappropriate page condition information storage unit in association with time zone specification information specified in advance. A designated keyword information receiving unit that receives designated keyword information that is information indicating a keyword indicating an inappropriately accessed WEB page;
Using the designated keyword information received by the designated keyword information receiving unit, obtain inappropriate page designation information that is information for designating an inappropriately accessed WEB page, and obtain the obtained inappropriate page information as the inappropriate page 13. The access according to claim 1, further comprising: an inappropriate page designation information acquisition unit that accumulates in the inappropriate page condition information storage unit in association with time zone designation information designated in advance as page condition information. Management device. The output unit outputs the inappropriate page access information further including at least one of access source terminal information, access destination WEB page information, access start time information, or service provision contents received at the time of access. The access management apparatus according to any one of claims 1 to 13. Transmission / reception information acquisition unit, access information acquisition unit, time zone designation information that is information for designating two or more time zones, and information associated with each time zone designation information. In an access management method performed using an inappropriate page condition information storage unit, an access determination unit, and an output unit that can store two or more inappropriate page condition information that is information indicating appropriate web page conditions There,
The transmission / reception information acquisition unit acquires information related to information transmitted / received between the user terminal and the server device; and
Using the information acquired by the access information acquisition unit in the transmission / reception information acquisition step, user identification information of the user accessing the WEB page, and access page information that is information regarding the WEB page accessed by the user And an access information acquisition step for acquiring access time information, which is information related to the access time,
The access determination unit acquires inappropriate page condition information associated with time zone designation information that designates a time zone including a time indicated by the access time information, and uses the inappropriate page condition information to access the access An access determination step for determining whether or not the access page information corresponding to the time information satisfies the condition indicated by the inappropriate page condition information;
Information indicating that an inappropriate access has been made by the user indicated by the user identification information associated with the access page information used for the determination according to the determination result of the access determination step by the output unit And an output step for outputting inappropriate page access information. Computer
A transmission / reception information acquisition unit that acquires information about information transmitted / received between the user terminal and the server device;
Using the information acquired by the transmission / reception information acquisition unit, the user identification information of the user accessing the WEB page, the access page information that is information related to the WEB page accessed by the user, and the access An access information acquisition unit that acquires access time information that is information about time;
It is information indicating time zone designation information that is information for designating two or more time zones, and information associated with each time zone designation information, and information indicating conditions of a WEB page that is inappropriately accessed by the user. An inappropriate page condition information storage unit capable of storing two or more inappropriate page condition information;
The time zone designation information, which is information for designating two or more stored time zones, and the information associated with each time zone designation information, and the conditions of the WEB page that is inappropriately accessed by the user The inappropriate page condition information associated with the time zone designation information for designating the time zone including the time indicated by the access time information is acquired from the two or more inappropriate page condition information that is the information to be displayed, and An access determination unit that determines whether the access page information corresponding to the access time information satisfies a condition indicated by the inappropriate page condition information, using appropriate page condition information;
Inappropriate page, which is information indicating that inappropriate access has been performed by the user indicated by the user identification information associated with the access page information used for the determination according to the determination result of the access determination unit A program for functioning as an output unit that outputs access information.

Images