JP2014115835A - Access control system, and access control method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an access control system and an access control method capable of controlling access to information for a purpose other than a proper purpose.SOLUTION: When information is needed during processing of a job, a client terminal 100 requests the information from an information management server 200. When receiving a request for information from the client terminal 100, the information management server 200 requests a rule management server 300 to determine whether the job being processed by the client terminal 100 is associated with the information requested by the client terminal 100. The information management server 200 transmits the requested information to the client terminal 100 only when the rule management server 300 has determined that they are associated with each other.

Description

  The present invention relates to an access control system and an access control method for controlling access to information by an accessor.

  An access control technique for preventing unauthorized access to information is an indispensable technique for preventing information leakage and unauthorized use. Conventionally, access control to information has been performed by setting an access right for the authority of the user who refers to the information or the post of the user (see Non-Patent Document 1). A conventional access control technique will be described below.

  FIG. 2 is a diagram showing a configuration of an information management server used in a conventional access control technique. The information management server 1000 is a server that manages various information related to individuals and the like, and includes a communication unit 1001, an access authority check unit 1002, an information search unit 1003, an access authority table T1001, and an information table T1002.

  A communication unit 1001 communicates with other servers via a network. The access authority check unit 1002 searches the access authority table T1001 based on information sent from the client terminal and checks whether there is access authority.

The access authority table T1001 is a table that associates a user ID or authority type with an information type code. Table 1 shows an example of the access authority table T1001. As for the authority type, for example, if only members belonging to “● Section” can access the information type code 40, “● Section” is described as the symbol “A” and described in the table column. deep. As the authority type, a title such as “section manager or higher” may be described as a symbol “B”. The access authority check unit 1002 checks the access authority to the information type code in the access authority table T1001 based on the user ID or the authority type.

  The information search unit 1003 searches the information table T1002 for information after the validity of the access right is confirmed.

The information table T1002 includes a personal code for identifying an individual, an information type code indicating the type of information, and an information entity. Table 2 shows an example of the information table T1002. The information search unit 1003 searches the information table T1003 with the personal code and the information type code, and acquires an information entity.

  A processing procedure in the prior art will be described with reference to FIG. First, the communication unit 1001 acquires a user ID or authority type, an information type code, and a personal code sent from the outside such as a client terminal. Next, the access authority check unit 1002 searches the access authority table T1001 using the user ID or authority type acquired by the communication unit 1001 and the information type code. If there is a matching record, an OK signal is sent to the information search unit 1003, and if not, an NG signal is sent to the communication unit 1001.

  Next, when the access authority check unit 1002 is OK, the information search unit 1003 searches the information table T1002 with the personal code and information type code acquired by the communication unit 1001, and acquires the information entity. The data is sent to the communication unit 1001. Finally, the communication unit 1001 transmits the obtained result (the information entity obtained by the information search unit 1003 or the NG signal obtained by the access authority check unit 1002) to an external access destination such as a client terminal. .

[Online], access control matrix, [October 11, 2012 search], Internet <URL: http: // www. jpo. go. jp / shiryou / s_sonota / hyoujun_gijutsu / info_sec_tech / c-2-1. html>

  In the case of the prior art, the access right is set for the user who refers to the information or the post of the user, so that the access can be made according to the intention of the user having the access right. For this reason, unauthorized access is possible, for example, because a person with access rights has malicious intent. For example, in the public sector, the user first registers information in the application work, and processing is performed after confirmation by a public institution staff. However, in the conventional access right setting method, the access right is set for the staff. , I was able to access user information at times other than application work. Regarding access to information, rules (regulations, laws, etc.) have been established in advance, and there has been a demand for a mechanism that enables access to information only in accordance with these rules.

  In the case of the prior art, since the access control function is prepared for each server that holds information, for example, when performing access control according to laws and regulations, when changing the access control function, The change work has to be performed on all the servers that are owned, which has been a cumbersome work. Therefore, a mechanism that can easily change the access control function has been demanded.

  The present invention has been made in view of such problems, and an object of the present invention is to provide an access control system and an access control method capable of restricting access to information other than the purpose to be originally accessed. There is.

  To achieve the above object, the present invention provides an access control system comprising an information processing device for processing a business, an information management device for providing information, and a rule management device having rule information, which are connected to each other via a network. The information processing device requests the information from the information management device when the information is needed when processing the business, and the information management device receives the information from the information processing device. When there is a request, the rule management device is requested to determine whether or not there is an access right to the information, and only when the rule management device determines that there is an access right. The information requested by the information processing apparatus is transmitted to the information processing apparatus.

  Further, the present invention is an access control method for a system comprising an information processing device for processing a business, an information management device for providing information, and a rule management device having rule information, which are connected to each other by a network, The information processing apparatus executes a step of requesting the information to the information management apparatus when information is needed while processing a job, and the information management apparatus receives information from the information processing apparatus. Requesting the rule management device to determine whether or not there is an access right to the information, and when the rule management device determines that there is an access right. Only, the step of transmitting the information requested by the information processing apparatus to the information processing apparatus is executed.

According to the present invention, since the access authority to information is linked to a procedure such as business, access to information can be permitted only during the procedure such as business.
Further, according to the present invention, when the procedure is completed, it becomes impossible to access the information. Therefore, there is an advantage that the access time to the information can be limited within the procedure.
Further, according to the present invention, the rule management server separates the access control function from the server that holds the information, so that the rule management server can also use the rule table and the rule information when the access authority is changed due to a rule change or the like Since it is possible to respond by simply updating the search unit, it is possible to change the access control function more efficiently than in the prior art, and it is possible to reduce resources of the information management server (implementation with an inexpensive server).

It is a figure which shows the structure of the access control system which concerns on embodiment of this invention. It is a figure which shows the structure of the information management server used in the conventional access control technique.

  Embodiments of the present invention will be described with reference to the drawings. FIG. 1 is a diagram showing a configuration of an access control system according to an embodiment of the present invention. The access control system shown in FIG. 1 includes a client terminal 100 (information processing device), an information management server 200 (information management device), and a rule management server 300 (rule management device) connected to a network 400.

  The client terminal 100 is a device that processes business, and includes a communication unit 101, an input unit 102, an output unit 103, a business processing unit 104, and an information inquiry destination table T101.

  The communication unit 101 communicates with the information management server 200 via the network 400. The input unit 102 performs input to the client terminal 100 from the outside. The output unit 103 outputs the processing result in the client terminal 100 and the like from the client terminal 100 to the outside.

  The job processing unit 104 executes a job in accordance with an instruction from the input unit 102, and executes the job using information to which an information type code is assigned. The business processing unit 104 performs business using various information such as name and address. The information type code is a code assigned to the type of information such as name and address used for this business. It is. For example, name: 10, address: 20, occupation: 30, annual income: 40, permanent address: 50, and the like.

  The business processing unit 104 stores a business ID 105 for business processing executed on the client terminal 100 and a client code 106 that is a code for uniquely identifying the client terminal 100 within the network.

  Further, when using information to which an information type code is assigned in business processing, the business processing unit 104 searches the information inquiry destination table T101 with the information type code.

The information inquiry destination table T101 is a table that associates information related to information necessary for the business processing unit 104 and the information management server 200 that stores the information. Table 3 shows an example of the information inquiry destination table T101.

  The information management server 200 is a server that provides information, and includes a communication unit 201, a condition check unit 202, an information search unit 203, and an information table T201.

  The communication unit 201 communicates with other information management servers and the like via the network 400. The condition check unit 202 requests the rule management server 300 to check (access authority check) whether it is within the access range to the information specified by the rule (information provision availability), and checks the result. The information retrieval unit 203 retrieves information from the information table T201 after the validity of the access authority is confirmed.

The information table T201 is a table that stores user information, and includes a personal code that identifies an individual, an information type code that represents the type of information, and an information entity. Table 4 shows an example of the information table T201. The information search unit 203 searches with the personal code and the information type code, and acquires the information entity.

  The rule management server 300 is a server that has rules and information, and that checks an access range (access authority check) to determine whether a job being executed by a client is permitted by regulations. And a rule information search unit 302, a classification code table T301, and a rule table T302.

  The communication unit 301 communicates with other information management servers via the network 400. The rule information search unit 302 refers to the client code in the classification code table T301, acquires the information requester classification code from the client code 106 (information requester code), and acquires information from the information management server code (information provider code). Get the provider classification code.

The classification code table T301 is a table for managing the correspondence of the classification request code (“municipalities”, “Ministry of Health, Labor and Welfare”, “Pension Agency”, etc.) to the information requester code or the information provider code. Table 5 shows an example of the classification code table T301.

  After acquiring the information requester classification code and the information provider classification code, the rule information search unit 302 searches the rule table T302 with the information requester classification code, the information provider classification code, the business ID, and the information type code.

The rule table T302 is a table describing “who”, “who”, “in what business”, and “what information” may be provided. Table 6 shows an example of the rule table T302. For example, the rule table T302 describes and manages an access range to information defined by a rule (regulations, laws, etc.) by a rule.

  Next, a processing procedure in the access control system according to the embodiment of the present invention will be described with reference to FIG.

  The communication units 101, 201, and 301 have an authentication function and an encrypted communication path construction function. The communication unit 101 and the communication unit 201 configure an encrypted communication path by authenticating the other party by mutual authentication or the like between the client terminal 100 and the information management server 200 via the network 400. The encrypted communication is performed between the unit 101 and the communication unit 201. Similarly, the communication unit 201 and the communication unit 301 configure an encrypted communication path by authenticating the other party by mutual authentication or the like between the information management server 200 and the rule management server 300. The encrypted communication is performed between 201 and the communication unit 301.

  First, an instruction is given from the outside, for example, by inputting a personal code at the input unit 102, and the personal code is sent to the business processing unit 104 to instruct execution of business processing.

  Next, the business processing unit 104 executes business processing based on the personal code input from the input unit 102. If information necessary for processing does not exist in the client terminal 100 when information is required for business processing, the information inquiry destination table T101 is searched with the information type code assigned to the missing information. The information management server code having information (information management server code) and access destination information are acquired.

  The business processing unit 104 extracts the business ID 105 and the client code 106 that the business processing unit 104 has, and together with the business ID 105 and the client code 106, the personal code input from the input unit 102 and the information obtained from the information inquiry destination table T101. The management server code, the access destination information, and the information type code of the information found to be insufficient in the business process are sent to the communication unit 101 to request information acquisition.

  In response to a request from the business processing unit 104, the communication unit 101 sends a business ID 105, a client code 106, a personal code, an information management server code, and an information type to the information management server 200 having information based on access destination information. Send a code and ask for missing information.

  In response to the information request from the communication unit 101 of the client terminal 100, the communication unit 201 receives the business ID 105, the client code 106, the personal code, the information management server code, and the information type code and sends them to the condition check unit 202.

  The condition check unit 202 first sends the business ID 105, client code 106, information management server code, and information type code to the communication unit 201 for access authority check.

  The communication unit 201 transmits the business ID 105, the client code 106, the information management server code, and the information type code received from the condition check unit 202 to the communication unit 301 of the rule management server 300.

  The communication unit 301 sends the business ID 105, the client code 106, the information management server code, and the information type code received from the communication unit 201 to the rule information search unit 302.

  The rule information search unit 302 first performs code conversion. That is, the client code 106 is searched for the client code in the classification code table T301, the classification code is acquired, and is set as the information requester classification code. Further, the client code of the classification code table T301 is searched by the information management server code, the classification code is acquired, and is set as the information provider classification code.

  Next, the rule information search unit 302 searches the rule table T302 with the four pieces of information of the business ID, the information type code, the information requester classification code, and the information provider classification code. If there is a matching record, the rule information search unit 302 sends an OK signal indicating that the user has access authority to the communication unit 301. If there is no matching record, the rule information search unit 302 sends an error signal to the communication unit 301. send.

  The communication unit 301 transmits an OK signal and an error signal obtained from the rule information search unit 303 to the communication unit 201.

  The communication unit 201 sends the OK signal and the error signal sent from the communication unit 301 to the condition check unit 203. In the case of an error signal, the condition check unit 203 sends an error signal to the communication unit 201, and in the case of an OK signal, sends a personal code and an information type code to the information search unit 203.

  The information search unit 203 searches the information table T201 using the personal code and information type code received from the condition check unit 202, and acquires an information entity. The information search unit 203 sends the acquired information entity to the communication unit 201.

  The communication unit 201 transmits an error signal to the communication unit 101 when an error signal is returned from the condition check unit 202, and communicates the information entity when the information entity is obtained from the information search unit 203. To the unit 101. The communication unit 101 sends the error signal received from the communication unit 201 or the information entity of the search result to the job processing unit 104.

  When the business processing unit 104 obtains an error signal from the communication unit 101, the business processing is terminated and the error signal is sent to the output unit 103. When the requested information entity is obtained, the business process is continued using the information entity. When the business process is completed, the business process result is sent to the output unit 103. Finally, the output unit 103 outputs an error signal that is information obtained from the business processing unit 104 or a business processing result.

  If the business processing unit 104 of the client terminal 100 lacks a plurality of pieces of information (when a plurality of pieces of information with information type codes are used), an information request is sent to the information management server 200. Conduct multiple times.

  Further, the information management server 200 having information that is lacking in the client terminal 100 may be different for each information. In this case, the client terminal 100 makes an information request to the information management server 200 having the respective information.

  Further, when a plurality of types of business are processed in the client terminal 100, the business processing unit 104 and the information inquiry destination table T101 are provided for each business ID, and in the business processing, the business ID together with the personal code is input by the input unit 102. This can be realized by inputting.

  As described above, according to the present invention, since a user who needs access to information does not directly access the information, but only by executing the access procedure, the present invention can access any information other than the access procedure. Access can be restricted. As a result, access to information other than the intended purpose can be restricted, and information leakage or unauthorized use can be prevented. Also, by separating the access control function from the server that holds the information, the rule management server only updates the rule table and the rule information search unit even if the access authority changes due to a rule change or the like Can easily cope with this.

100 Client terminal 101, 201, 301, 1001 Communication unit 102 Input unit 103 Output unit 104 Business processing unit 105 Business ID
106 Client Code 200 Information Management Server 202 Condition Check Unit 203, 1003 Information Search Unit 300 Rule Management Server 302 Rule Information Search Unit 1002 Access Authority Check Unit T101 Information Query Destination Table T201, T1002 Information Table T301 Classification Code Table T302 Rule Table T1001 Access Authorization table

Claims (2)

An access control system comprising an information processing device for processing business, an information management device for providing information, and a rule management device having rule information, which are connected to each other by a network,
The information processing device requests the information from the information management device when information is needed while processing a job,
When there is a request for information from the information processing apparatus, the information management apparatus requests the rule management apparatus to determine whether or not there is an access authority for the information. The access control system, wherein the information requested by the information processing apparatus is transmitted to the information processing apparatus only when it is determined that the user has access authority. An access control method for a system comprising an information processing device for processing a business, an information management device for providing information, and a rule management device having rule information, which are connected to each other via a network,
The information processing device executes a step of requesting the information to the information management device when information is needed while processing a job,
The information management device, when there is a request for information from the information processing device, requesting the rule management device to determine whether or not the information management device has an access authority; And transmitting the information requested by the information processing apparatus to the information processing apparatus only when it is determined that the user has access authority.

Images