JP2010140349A - Remote access management system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a remote access management system for allowing a plurality of persons share an environment for accessing a thin client server remotely. <P>SOLUTION: An access management server 12 stores a plurality of account IDs with which a password to be used to log in the thin client server 13 is associated, dynamically allocates one account ID to a user among allocatable account IDs and transmits the allocated account ID and a password to a computer 10 upon receiving an allocation request for an account ID. The computer 10 uses the received account ID and password to request the thin client server 13 for log in, and the thin client server 13 executes log in processing of the account ID transmitted from the computer, and provides the computer succeeding in the log in with remote access environment specified by the account ID. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a technique for managing remote access of a computer.

  Computers used in companies are becoming more sophisticated, but companies that handle confidential information such as personal information are thin clients that have only the minimum necessary functions such as network communication functions from the viewpoint of preventing leakage of confidential information. Increasingly, a thin client system (Thin Client System) composed of a terminal and a thin client server that integrates functions such as management of information resources such as confidential information and processing of applications is increasing.

  Behind the introduction of thin client systems by companies, in addition to strengthening security for the purpose of preventing leakage of personal information, etc., reduction of system operation management costs (patch information, license management, etc.), realization of telework, etc. and so on.

  For example, in Patent Document 1, a storage device that has tamper resistance and that stores an application for remote access to a thin client server and authentication information used for remote access is distributed to users, and the storage device is mounted. A system for realizing telework by allowing a computer to remotely access a thin client server using the application and the authentication information is disclosed.

  Also, in Patent Document 2, the identification information of the thin client server connected to the external connection storage device (for example, USB memory) that is detachable from the computer used as the thin client terminal, and the thin client server When the external connection type storage device is attached to the computer, a part of the program or the authentication program used for the connection processing of the thin client server is stored in the computer. A method is disclosed in which everything is copied and the computer is remotely accessed to the thin client server specified by the identification information based on the copied program.

Japanese Patent Laid-Open No. 2005-235159 JP 2006-120092 JP

  However, in a company that introduces a PC to each employee, if all employees in the company are to have an environment where remote access to the thin client server is established, all existing infrastructure in the company will be There is a problem that the delivery time and the cost will increase enormously.

  Accordingly, an object of the present invention is to provide a remote access management system and method capable of sharing an environment in which a thin client server can be remotely accessed by a plurality of people.

  A first invention for solving the above-described problem is a remote access management system for managing remote access of a computer, wherein a plurality of account IDs associated with passwords used for login of a thin client server remotely accessed by the computer are provided. When the account ID assignment request is received from the computer, one account ID is dynamically assigned to the user operating the computer from among the assignable account IDs, and the assigned account ID and The password associated with the account ID is transmitted to the computer, the account ID assigned to the computer is made unassignable, and the connection between the computer and the thin client server is disconnected The account management server includes account management means for enabling assignment of the account ID assigned to the computer that has been disconnected, and the computer receives the account received from the account management server. Remote access means for making a login request to the thin client server using the ID and the password, wherein the thin client server verifies the password transmitted from the computer and stores the account ID transmitted from the computer. A remote access environment characterized by comprising: login means for executing login processing; and remote access environment providing means for providing a remote access environment specified by the account ID to the computer that has been successfully logged in. It is a system.

  According to the first invention described above, an account management server having a function of dynamically assigning an account ID associated with a password used for logging in to a thin client server to a user is installed. By logging in to the thin client server using a dynamically assigned account ID and a password associated with the account ID, it is possible to share an environment where remote access to the thin client server can be shared by multiple people. become.

  If an environment that allows remote access to a thin client server can be shared by multiple people, the size of the thin client system will be reduced, and the cost of introducing a thin client system by a company can be reduced.

  Furthermore, the second invention is the remote access management system according to the first invention, wherein the account management server stores the account ID in association with attribute information specifying a resource that can be accessed remotely, and the account The management means acquires the attribute information of the user from the computer, and dynamically assigns one account ID to the user from among the account IDs to which the acquired attribute information is associated and assignable. The allocation and remote access environment providing means of the thin client server permit use of a remote access environment that uses the resource specified by the account ID used for login processing.

  According to the second invention described above, the resources that can be accessed remotely are limited according to the attribute information of the user who operates the computer, so that the resources that can be used by the user are changed according to the user. Will be able to.

  Furthermore, the third invention is the remote access management system according to the first invention or the second invention, wherein the account management server includes a verification means for verifying the validity of the computer, and the validity is confirmed. The remote access management system is characterized in that the account ID is dynamically assigned to the user only when the verification is successful.

  Further, the fourth invention is the remote access management system according to the third invention, wherein the verification means provided in the account management server is an OS (OS: Operating System) running on the computer. ) Is a means for verifying the completeness of the remote management system.

  Further, the fifth invention is the remote access management system according to the fourth invention, wherein the computer calculates the hash value of the OS image developed in the memory of the computer, and then the hash value is calculated. Generating a digital signature of the attestation message, and measuring means for transmitting the attestation message and the digital signature of the attestation message to the account management server, wherein the integrity verification means of the account management server includes the computer A remote access management system, characterized in that it is a means for verifying the digital signature of the configuration certification message transmitted from and the main body of the configuration certification message.

  Further, a sixth invention is the remote access management system according to the fifth invention, wherein the remote access management system has a security token provided with means for generating a digital signature of a message transmitted from the outside. The remote control system is characterized in that the measurement means included in the computer generates a digital signature of the configuration proof message including the hash value using the security token.

  According to the third invention described above, the account management server can improve the security of the remote access management system by verifying the validity of the computer before dynamically assigning the account ID. .

  As the validity of the computer, as described in the fourth invention, it is preferable to verify the integrity of the OS running on the computer, and the integrity of the OS running on the computer is preferred. As a method for verifying the above, the method described in the fifth invention is preferable because it can be realized by software.

  If the digital signature used for verifying the integrity of the OS running on the computer is generated with the security token, the security of the remote access management system can be further enhanced.

  The seventh invention is the remote access management system according to the sixth invention, wherein the remote access management system includes a computer program that functions as the remote access means and the measurement means of the computer. A portable storage device in which an OS for a thin client is stored, and the computer includes an activation unit that reads and activates the OS for the thin client stored in the mounted portable storage device. This is a remote access management system.

  When implementing a thin client system, since the OS for a thin client is generally stored in a portable storage device such as a USB memory, the remote access system of the present invention is applied to the thin client system. It is preferable to provide a mechanism as in the seventh invention.

Furthermore, an eighth invention is a remote access management method for managing remote access of a computer, wherein the account management stores a plurality of account IDs associated with passwords used for login of a thin client server that is remotely accessed by the computer. When the server receives a request for assigning the account ID from the computer, one account ID is dynamically assigned to the user operating the computer from among the assignable account IDs, and the assigned account ID and Sending the password associated with the account ID to the computer and making the account ID assigned to the computer unassignable;
The computer requests a login to the thin client server using the account ID and the password received from the account management server;
The thin client server verifies the password transmitted from the computer, executes login processing of the account ID transmitted from the computer, and is identified by the account ID for the computer that has successfully logged in. A remote access management method, comprising: providing a remote access environment.

  In the present invention, a security token is an arithmetic operation using an encryption key, which stores an encryption key used for a digital signature or the like with high tamper resistance, such as an IC card, and uses the encryption key in response to a request from an external device. It means a physical device with a function to perform. Further, the portable storage device means a physical device such as a USB memory that has a relatively large storage capacity and is recognized as an auxiliary storage device when attached to a computer.

  As described above, according to the present invention described above, it is possible to provide a remote access management system and method capable of sharing an environment in which a thin client server can be accessed remotely by a plurality of persons.

  Now, preferred embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram for explaining a remote access management system 1 according to the present embodiment.

  The remote access management system 1 illustrated in FIG. 1 includes the Internet 2 (The Internet) and a LAN 3 (LAN: Local Area Network) used in the company, and includes a FW device 21 (FW: Fire Wall) and a VPN. The LAN 3 is isolated from the Internet 2 by a device 20 (VPN: Virtual Private Network), and the LAN 3 is divided and managed in a subnet 3a provided for each business department (for example, sales department or development department). .

  One subnet 3a is an existing network system, and one subnet 3a has resources such as a business server 14b of a department corresponding to the subnet 3a and a file server 14a storing a data file used by the business server 14b. An in-house personal computer (PC) 15 installed and placed at the seat of an employee belonging to the department is configured to be connected to the file server 14a and the business server 14b via the router 16 or the like. ing.

  The remote access management system 1 shown in FIG. 1 includes a smart card IC chip 11a having a function of generating a digital signature, such as Aladdin eToken (registered trademark), and a thin client operating system (OS: USB token 11 combined with a flash memory 11b storing Operating System), a computer 10 used as a thin client terminal, an account management server 12 for verifying the platform integrity of the computer 10, and a subnet 3a A thin client server 13 that provides a remote access environment for resources is included, and remote access from outside the LAN 3 to the subnet 3a is managed using these devices.

  The thin client PC is installed outside the LAN 3, the account management server 12 and the thin client server 13 are installed outside the subnet 3 a of the LAN 3, and the USB token 11 is possessed by the user who operates the computer 10.

  An account ID for logging in to the thin client server 13 is set in advance for each department, and the account management server 12 associates the account ID with the account ID password and attribute information indicating the department in which the account ID is set. Is remembered.

  When the thin client OS 105 stored in the USB token 11 is activated on the computer 10 and the computer 10 becomes a thin client terminal, platform integrity verification according to Patent Document 3 is executed between the computer 10 and the account management server 12.

Japanese Patent Application No. 2008-012402

  After executing platform integrity verification, the account management server 12 acquires attribute information indicating the department to which the user belongs from the computer 10, and from the account ID that is associated with the attribute information and can be assigned, One account ID is dynamically assigned to the user, the assigned account ID is changed to an unassignable state, and the assigned account ID and a password associated with the account ID are transmitted to the computer 10.

  When the computer 10 receives the account ID and password from the account management server 12, the computer 10 requests the thin client server 13 for a login request using the account ID and password, and if the thin client server 13 succeeds in the account ID login processing, The client server 13 provides an environment for remote access to a resource (for example, the business server 14b) installed in the subnet 3a of the department specified by the account ID to the computer 10 that has made a login request.

  The account management server 12 acts as a proxy, has a function of relaying data exchange between the computer 10 and the thin client server 13, and monitors communication between the computer 10 to which the account ID is assigned and the thin client server 13. When the end of communication between the computer 10 and the thin client server 13 is detected, a process for returning the account ID assigned to the computer 10 to an assignable state is executed.

  As described above, according to the present invention, the account management server 12 having the function of dynamically assigning the account ID and password used for logging in to the thin client server 13 to the user is installed. By logging in to the thin client server 13 using a dynamically assigned account ID and password, it becomes possible to share an environment in which the thin client server 13 can be accessed remotely by a plurality of people.

  If an environment that allows remote access to the thin client server 13 can be shared by a plurality of people, the scale of the thin client system can be reduced, and the cost of introducing a thin client system by a company can be reduced.

  The reason why the account management server 12 verifies the platform integrity of the computer 10 before dynamically assigning the account ID to the user is to detect falsification of the thin client OS 105 that is started on the computer 10. If the platform integrity verification of the computer 10 is performed, the security of the entire system can be improved.

  From here, the procedure executed in the remote access management system 1 shown in FIG. 1 will be described. FIG. 2 is a flowchart showing a procedure executed in the remote access management system 1.

  When the user operates the computer 10 installed outside the LAN 3 to remotely access the thin client server 13 installed in the LAN 3, the user starts the computer 10 with the USB token 11 connected to the USB port. 2 (S1 in FIG. 2), the image (byte code) of the thin client OS 105 stored in the USB token 11 is expanded in the memory of the computer 10 by the function provided in the computer 10, and the thin client OS 105 is executed on the computer 10. Is activated (S2 in FIG. 2).

  FIG. 3 is a diagram for explaining the thin client OS 105 developed in the memory of the computer 10 in S2 of FIG.

  As shown in FIG. 3, the thin client OS 105 deployed in the memory of the computer 10 in S2 of FIG. 2 includes measurement software 106, which is a program necessary for executing platform integrity verification, and a thin client server 13 A remote access client 108 for remote access is included.

  When the thin client OS 105 is activated, the computer 10 that has become a thin client terminal connects to the VPN device 21 and executes user authentication using authentication information stored in the smart card IC chip 11a of the USB token 11. The account management server 12 is accessed and an account ID assignment is requested (S3 in FIG. 2).

  Upon receiving an account ID assignment request from the computer 10, the account management server 12 requests platform integrity verification from the accessed computer 10, and uses the measurement software 106 included in the thin client OS 105 to In accordance with the disclosed invention, a platform integrity verification process is executed between the account management server 12 and the computer 10 (S4 in FIG. 2).

  When the platform integrity verification process ends, the account management server 12 branches the process according to the verification result of the platform integrity verification (S5 in FIG. 2).

  When the platform integrity verification fails, the account management server 12 transmits the verification result (failure) of the platform integrity verification to the computer 10 (S13 in FIG. 2), and ends this procedure.

  If the platform integrity verification is successful, the account management server 12 sends a request to the computer 10 for attribute information (here, information indicating the user's department) used when dynamically assigning the account ID ( When the computer 10 receives the attribute information transmission request from the account management server 12, the computer 10 transmits the user attribute information to the account management server 12 (S7 in FIG. 2).

  The user attribute information transmitted from the computer 10 to the account management server 12 is preferably stored in the smart card IC chip 11a of the USB token 11, but the thin client OS 105 developed in the memory of the computer 10 is used. May be coded.

  When the attribute information is stored in the smart card IC chip 11 a of the USB token 11, the computer 10 transmits the attribute information read from the USB token 11 mounted on the computer 10 to the account management server 12. If attribute information is coded in the thin client OS 105 expanded in the memory of the computer 10, the computer 10 transmits the coded attribute information to the account management server 12.

  When the attribute information is transmitted from the computer 10, the account management server 12 associates the attribute information with an account ID that can be assigned to the user that has been successfully authenticated in S 3 of FIG. One account ID is dynamically assigned, and the account ID assigned to the user and the password associated with the account ID are transmitted to the computer 10 (S8 in FIG. 2).

  FIG. 4 is a diagram for explaining the account management table 4 stored in the account management server 12 for managing the account ID.

  For example, the account management server 12 stores the account management table 4 illustrated in FIG. 4 and refers to the account management table 4 so that the attribute information transmitted from the computer 10 to the user who has succeeded in user authentication can be obtained. One account ID is dynamically assigned from among account IDs that are associated and can be assigned.

  One record of the account management table 4 shown in FIG. 4 includes a No. assigned to the record sequentially, an account ID, a password corresponding to the account ID, and attribute information corresponding to the account ID (here, the user's (Department information), status flag indicating account ID assignable status, MAC address as identification information of the computer 10 to which the account ID is assigned, and session ID serving as a management number that dynamically assigns the account ID are described Has been.

  The account ID and password in the record of the account management table 4 are information used when the computer 10 logs in to the thin client server 13, and the account ID and password stored in the account management table 4 are stored in the thin client server 13. Is also remembered.

  The attribute information of the record in the account management table 4 is information used when the account management server 12 dynamically assigns the account ID. If the account ID does not need to be managed according to the user attribute information, the account management server 12 There is no need to describe attribute information in the table record.

  The record status flag of the account management table 4 is a flag indicating account ID assignment information, and is set to “On” when the account ID is assigned, and is set to “Off” when the account ID is not assigned. Set.

  The MAC address in the record of the account management table 4 is information for identifying the computer 10 connected to the thin client server 13, and the session ID is obtained by the account ID assignment status and user authentication of the VPN device 21. This is information (for example, file name) used to identify a log when managing a log including user information.

  When the account management server 12 receives the attribute information from the computer 10, the account management server 12 searches the account management table 4 illustrated in FIG. 4 for a record including the attribute information and having the status flag “Off”.

  Then, the account management server 12 selects one record from the retrieved records by selecting the record having the smallest “No.” from the retrieved records, and sets the account ID of the selected record to the user. The account ID is dynamically assigned to each of the computers 10 and the status flag of the selected record is set to “On”. The data incremented by one is written to the record.

  When the computer 10 receives the account ID and password from the account management server 12, the remote access client 108 of the thin client OS 105 deployed in the memory of the computer 10 is activated using the account ID and password as arguments (S9 in FIG. 2). ).

  When the remote access client 108 is activated, the computer 10 makes a login request to the thin client server 13 using the account ID and password received from the account management server 12 (S10 in FIG. 2). The password received from the server 10 is verified, and the login process of the account ID received from the computer 10 is executed (S11 in FIG. 2).

  The thin client server 13 stores the password and the network name of the subnet 3a in association with the account ID stored in the account management server 12, and receives the account ID and password from the computer 10 and associates them with the received account ID. When the stored password and the received password are collated, and the collation is successful, the use of the environment for remotely accessing the resource installed in the subnet 3a specified by the network name associated with the account ID, The computer 10 that has transmitted the password is permitted (S12 in FIG. 2), and this procedure ends.

  Since the password transmitted from the computer 10 to the thin client server 13 is the password received from the account management server 12, except when the account ID and password are illegally used such as double use of the account ID and password. The thin client server 13 succeeds in verifying the password transmitted from the computer 10.

  The account management server 12 monitors the communication between the computer 10 and the thin client server 13 identified by the MAC address described in the account management table and detects the end of communication between the computer 10 and the thin client server 13. The status flag of the record in which the MAC address of the computer 10 is described is set to “Off”, and the MAC address and session ID of the record are deleted.

  From here, the platform integrity verification process executed in S4 of the procedure illustrated in FIG. 2 will be described. FIG. 5 is a flowchart showing the procedure of the platform integrity verification process. The contents of the procedure illustrated in FIG. 5 are the same as the contents disclosed in Patent Document 3.

  When the platform integrity verification process is started, the computer 10 on which the thin client OS 105 is activated generates a random number Rc used for platform integrity verification, and sends a random number generation request message including the random number Rc via the Internet. It transmits to the account management server 12 (S20 in FIG. 5). The computer 10 holds the generated random number Rc in the memory of the computer 10 until the platform integrity verification is completed.

  When the account management server 12 receives the random number Rc from the computer 10, the account management server 12 generates a random number Rs used in the platform integrity verification, transmits the random number Rs to the computer 10 (S21 in FIG. 5), and the platform integrity verification ends. The random number Rc and the random number Rs are held in the memory of the account management server 12 until

  When the computer 10 receives the random number Rs from the account management server 12, the computer 10 holds the random number Rs transmitted from the account management server 12 in the memory of the computer 10, and then from all the images of the thin client OS 105 expanded in the memory of the computer 10. Then, a hash value is calculated according to a predetermined algorithm (for example, SHA1) (S22 in FIG. 5), and a configuration proof message is generated by combining the hash value, the random number Rc, and the random number Rs (S23 in FIG. 5).

  When the computer 10 generates the configuration certification message, the MAC of the configuration certification message is generated according to a predetermined procedure (for example, a procedure according to ISO / IEC 9797-1) using the MAC key hard-coded in the thin client OS 105. Calculate.

  When the computer 10 calculates the MAC of the configuration certification message, the computer 10 sends the configuration certification message and a command message including the MAC to the USB token 11, thereby requesting the USB token 11 to generate a digital signature of the configuration certification message (see FIG. 5 S24).

  When the USB token 11 receives the command message including the configuration certification message and the MAC, the smart card IC chip 11a of the USB token 11 interprets the command message, and the smart card IC chip 11a uses the MAC key, The thin client OS 105 running on the computer 10 is calculated by calculating the MAC from the configuration proof message with the same algorithm as the computer 10 and verifying whether the MAC transmitted from the computer 10 and the MAC calculated by itself are the same. Verification is performed (S25 in FIG. 5).

  The smart card IC chip 11a of the USB token 11 branches the process according to success / failure of the verification of the MAC of the configuration certification message (S26 in FIG. 5). When the process of generating the digital signature of the message is executed and the verification of the MAC of the configuration certification message fails, an error message indicating that the verification of the MAC has failed is returned to the computer 10 and the procedure is terminated.

  When the smart card IC chip 11a of the USB token 11 succeeds in verifying the MAC of the configuration certification message, the configuration certification message is used in accordance with a predetermined digital signature generation algorithm (for example, PKCS # 1) using the digital signature private key. And the generated digital signature is returned to the computer 10 (S27 in FIG. 5).

  Upon receiving the digital signature of the configuration certification message from the smart card IC chip 11a of the USB token 11, the computer 10 transmits the configuration certification message and the digital signature to the account management server 12 via the Internet 2 (FIG. 5). S28).

  When the account management server 12 receives the configuration certification message and the digital signature, the account management server 12 uses the digital signature public key stored in the account management server 12 according to a predetermined algorithm and digital signature of the configuration certification message. By verifying, the validity of the USB token 11 that generated the digital signature is verified (S29 in FIG. 5).

  When the account management server 12 succeeds in verifying the digital signature of the configuration certification message, the account management server 12 stores the random number Rc and the random number Rs held in the memory of the account management server 12 and the hard disk or the like. By referring to the expected value of the hash value and confirming whether the random number Rc, the random number Rs, and the hash value included in the configuration certification message are correct, the validity of the configuration certification message is verified and the platform integrity verification is completed. (S30 in FIG. 5).

  From here, the computer 10, the USB token 11, the account management server 12, and the thin client server 13 which comprise the platform integrity verification system shown in FIG.

  FIG. 6 is a block diagram of the USB token 11. As described above, the USB token 11 shown in FIG. 1 is a device in which the smart card IC chip 11a and the flash memory 11b are integrated, and the smart card IC chip 11a of the USB token 11 is loaded in S27 of FIG. A digital signature command 100 used to generate a digital signature, a read command 103 used in S7 of FIG. 2, a MAC key 101 and a digital signature private key 102 as encryption keys used by the digital signature command 100, and a read command The attribute information 104 read in 103 is stored.

  As described above, the flash memory 11b of the USB token 11 stores an image (byte code) of the thin client OS 105 for causing the computer 10 to execute the procedure illustrated in FIGS.

  The thin client OS 105 executes S20, S22, S23, S24, and S28 in FIG. 5 to perform measurement software 106 that is a computer program having a function of calculating the hash value of the image of the thin client OS 105, and FIG. A remote access client 108 that is activated at S9 and is an application for remotely accessing the thin client server 13 like a remote desktop of Windows (registered trademark) is included, and the measurement software 106 further includes a MAC key 107. Is hard-coded.

  7 is a block diagram of the computer 10 used as a thin client terminal. FIG. 7A is a functional block diagram and FIG. 7B is a hardware block diagram.

  As shown in FIG. 7A, the computer 10 includes an activation unit 100 for activating the thin client OS 105, and a measurement unit 101 and a remote access unit 102 as means realized by the thin client OS 105. Is provided.

  As shown in FIG. 7B, the computer 10 includes a central processing unit 10a (CPU: Central Processing Unit), a RAM 10b (RAM: Random Access Memory) as a main memory of the computer 10, and a BIOS as hardware resources. ROM 10c (ROM: Read-Only Memory), a USB interface 10d for communicating with a USB device, a network interface 10e for network communication, and a hard disk that is a large-capacity data storage device as an auxiliary storage device The hard disk 10f stores an OS that is booted when not used as a thin client terminal, for example, WINDOWS (registered trademark) of Microsoft Corporation.

  When the activation unit 100 of the computer 10 detects that the USB token 11 is attached to the computer 10, the activation unit 100 expands the image of the thin client OS 105 stored in the USB token 11 in the RAM 10 b and activates the thin client OS 105. The activation unit 100 is realized by a BIOS function or the like mounted on the ROM 10c.

  The measurement unit 101 of the computer 10 is a unit realized by the measurement software 106 of the thin client OS 105.

  The measuring means 101 of the computer 10 calculates the hash value of the image of the thin client OS 105 expanded in the RAM 10b of the computer 10, and then generates a configuration proof message including the hash value.

  Then, the computer 10 uses a MAC key 107 hard-coated on the thin client OS 105 to calculate a MAC (MAC: Message Authentication Code) as an authentication code of the configuration certification message, and converts the configuration certification message and the authentication code into the USB token 11. To the USB token 11, and when the digital signature of the configuration certification message is transmitted from the USB token 11, the configuration certification message and the digital signature are sent to the account management server 12. Send.

  If the computer 10 includes the random number Rs generated by the account management server 12 in the configuration proof message, the configuration proof message changes every time, so that the same configuration proof message can be prevented from being reused illegally.

  Further, the computer 10 generates a random number Rc before generating the configuration message, transmits the generated random number Rc to the account management server 12, and includes the random number Rc in the configuration proof message. When the attestation message is received from the computer 10, it can be determined that the attestation message is definitely transmitted from the computer 10 that verifies the platform integrity.

  Furthermore, the remote access means 102 of the computer 10 is a means realized by the remote access client 108 of the thin client OS 105, and the remote access means 102 of the computer 10 is a means for executing at least S10 of FIG.

  That is, the remote access means 102 of the computer 10 uses the account ID and password received from the account management server 12 to perform a login request to the thin client server 13 whose address is set in the remote access client 108, and The remote access environment provided by the server 13 is displayed on the display of the computer 10.

  FIG. 8 is a block diagram of the account management server 12. FIG. 8A is a functional block diagram, and FIG. 8B is a hardware block diagram.

  As illustrated in FIG. 8A, the account management server 12 includes a verification unit 120 that executes the platform integrity verification procedure disclosed in Patent Document 3, and a computer 10 that has successfully verified the platform integrity. Is provided with account management means 123 for assigning one account ID to the user from among account IDs that can be assigned to the user's attribute information. This is realized by a computer program for causing the account management server 12 to function as each means.

  As shown in FIG. 8B, the account management server 12 performs network communication as hardware resources with the CPU 12a, the RAM 12b as the main memory of the account management server 12, and the ROM 12c on which the BIOS is mounted. Network interface 12d and a hard disk 11e which is a large-capacity data storage device as an auxiliary storage device, and the hard disk 11e stores a computer program which functions as the means shown in FIG.

  The verification unit 120 of the account management server 12 is a unit that executes S21, S29, and S30 of FIG. 5 and operates when a configuration certification message and a digital signature are received from the computer 10, and is defined using a digital signature public key. The validity of the USB token 11 that generated the digital signature is verified by verifying the digital signature of the configuration certification message according to the digital signature verification algorithm.

  Then, the verification unit 120 verifies the validity of the configuration certification message by referring to the expected value of the hash value of the thin client OS 105 and confirming whether the hash value included in the configuration certification message is correct.

  When the configuration proof message includes the random number Rc and the random number Rs, the verification unit 120 refers to the random number Rc and the random number Rs stored in the RAM in addition to the expected value of the hash value of the thin client OS 105, Verify the validity of the attestation message.

  The account management means 123 of the account management server 12 is a means for executing S6 and S8 in FIG. 2. When the verification means 120 succeeds in verifying the platform integrity of the computer 10, it acquires user attribute information from the computer 10, With reference to the account management table 4 shown in FIG. 4, a record including the acquired attribute information and having the status flag “Off” is searched, and one record is determined from the searched records.

  When the account management means 123 determines one record from the retrieved records, the account management means 123 transmits the account ID and password described in the record to the computer 10 and sets the status flag of the record to “On”. Further, data is written to the MAC address and session ID of the record.

  The account management means 123 of the account management server 12 monitors the connection between the computer 10 and the thin client server 13, and when the connection is disconnected, the MAC address of the computer 10 that has lost the connection with the thin client server 13. Is set to “Off”, and the MAC address and session ID of the record are deleted.

  Next, the thin client server 13 that provides a remote access environment for resources arranged in the subnet 3a of the LAN 3 will be described. 9 is a block diagram of the thin client server, FIG. 9A is a functional block diagram, and FIG. 9B is a hardware block diagram.

  As shown in FIG. 9A, when the thin client server 13 receives an account ID and a password from the computer 10, the thin client server 13 collates the received password to execute a login process for the account ID. 130 and remote access environment providing means 131 for permitting the use of the remote access environment of resources arranged in the subnet 3a of the department specified by the received account ID when the received password is successfully verified. This means is realized by a computer program for causing the account management server 12 to function as each means.

  As shown in FIG. 9B, the thin client server 13 performs network communication with the CPU 13a, the RAM 13b as the main memory of the account management server 12, and the ROM 13c on which the BIOS is mounted as hardware resources. Network interface 13d and a hard disk 13e which is a large-capacity data storage device as an auxiliary storage device, and the hard disk 13e stores computer programs for realizing each means provided in the thin client server 13. Yes.

  The login unit 130 of the thin client server 13 stores at least the password in association with the account ID in order to verify the password transmitted from the computer 10. When the account ID and the password are transmitted from the computer 10, the login unit 130 stores the password in the account ID. Check the associated password against the submitted password.

  The remote access environment in which the remote access environment providing unit 131 of the thin client server 13 permits the use of the computer 10 whose password has been successfully verified can be realized by, for example, a virtual computer.

  When the remote access environment is realized by a virtual computer, as many virtual PCs as the account IDs stored in the thin client server 13 are prepared on the hard disk 13e of the thin client server 13.

  The virtual PC prepared in the thin client server 13 is associated with an account ID, and an application that can be used with the virtual PC depends on attribute information corresponding to the account ID associated with the virtual PC.

  For example, in the account management table 4 illustrated in FIG. 4, an application for using the business server 14 b that manages sales is applied to the virtual PC associated with the account ID whose attribute information is “sales”. included.

  In the account management table 4 shown in FIG. 4, the virtual PC associated with the account ID whose attribute information is “development” includes an application for using the business server 14b for software development. .

  The present invention is not limited to the embodiments described so far, and various modifications and changes can be made. For example, the remote access management system 1 shown in FIG. 1 uses the USB token 11 having both the security token function and the portable storage device function. It can also be.

  At this time, the user possesses an IC card that stores the digital signature command 100, the MAC key 102, and the digital signature private key 101 provided in the smart card IC chip 11a of the USB token 11 as a security token. As a type storage device, a USB memory storing the thin client OS 105 stored in the flash memory 11b of the USB token 11 is possessed, and an IC card reader for communicating with the IC card is provided to the computer 10 used as a thin client terminal. Prepare.

1 is a diagram illustrating a remote access management system 1. FIG. The flowchart which showed the procedure performed with a remote access management system. The figure explaining thin client OS expand | deployed to the memory of a computer. The figure explaining an account management table. The flowchart which showed the procedure of the platform integrity verification process. The block diagram of a USB token. The block diagram of a computer. The block diagram of an account management server. The block diagram of a thin client server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Remote access management system 10 Computer 100 Starting means 101 Measuring means 102 Remote access means 11 USB token 11a IC card 11b for smart cards Flash memory 105 Thin client OS
12 Account management server 120 Verification means 123 Account management means 13 Thin client server 130 Login means 132 Remote access environment providing means 14a File server 14b Business server 15 In-house PC
16 Router 2 Internet 3 LAN
3a subnet

Claims (8)

A remote access management system for managing remote access of a computer,
A plurality of account IDs associated with passwords used to log in to the thin client server remotely accessed by the computer are stored, and when an account ID assignment request is received from the computer, the account IDs that can be assigned are One account ID is dynamically assigned to a user who operates the computer, the assigned account ID and the password associated with the account ID are transmitted to the computer, and the account ID assigned to the computer is assigned. When it is detected that the connection between the computer and the thin client server is disconnected, the account ID assigned to the computer that has been disconnected can be allocated. Including an account management server with management means,
The computer includes remote access means for requesting a login to the thin client server using the account ID and the password received from the account management server,
The thin client server verifies the password transmitted from the computer, executes login processing of the account ID transmitted from the computer, and uses the account ID for the computer successfully logged in. A remote access environment providing means for permitting use of the specified remote access environment is provided.
Remote access management system characterized by that.   2. The remote access management system according to claim 1, wherein the account management server stores the account ID in association with attribute information specifying a resource that can be accessed remotely, and the account management unit is configured to store the attribute of the user. Information is acquired from the computer, and the account information associated with the acquired attribute information is dynamically assigned to the user from among the assignable account IDs, and the thin client server is remotely accessed. The environment providing means permits use of a remote access environment that uses a resource specified by the account ID used for login processing.   3. The remote access management system according to claim 1, wherein the account management server includes verification means for verifying the validity of the computer, and the account ID only when the validity is successfully verified. Is dynamically assigned to the user.   4. The remote access management system according to claim 3, wherein the verification means provided in the account management server is means for verifying the integrity of an OS (OS: Operating System) running on the computer. A remote management system characterized by being. The remote access management system according to claim 4, wherein
The computer calculates a hash value of the OS image developed in the memory of the computer, generates a digital signature of a configuration certification message including the hash value, and generates a digital signature of the configuration certification message and the configuration certification message. Measuring means for transmitting a signature to the account management server;
The remote access management system according to claim 1, wherein the integrity verification means of the account management server is means for verifying a digital signature of the configuration certification message transmitted from the computer and a body of the configuration certification message. 6. The remote access management system according to claim 5, wherein said remote access management system includes a security token comprising means for generating a digital signature of a message transmitted from outside,
The remote management system, wherein the measuring means provided in the computer uses the security token to generate a digital signature of a configuration certification message including the hash value. 7. The remote access management system according to claim 6, wherein an OS for a thin client including a computer program functioning as the remote access means and the measurement means of the computer is stored in the remote access management system. Portable storage devices included,
The remote access management system according to claim 1, wherein the computer includes an activation unit that reads and activates the OS for the thin client stored in the mounted portable storage device. A remote access management method for managing remote access of a computer,
When an account management server storing a plurality of account IDs associated with passwords used for login of a thin client server remotely accessed by the computer receives an account ID assignment request from the computer, the account IDs of the assignable account IDs Among them, one account ID is dynamically assigned to a user operating the computer, and the assigned account ID and the password associated with the account ID are transmitted to the computer, and the assigned computer ID is assigned to the computer. A step to make the account ID unassignable,
The computer requesting a login to the thin client server using the account ID and the password received from the account management server;
The thin client server verifies the password transmitted from the computer, executes login processing of the account ID transmitted from the computer, and is identified by the account ID for the computer that has successfully logged in. Providing a remote access environment,
A remote access management method comprising:

Images