JP2016177632A - Security management system, and security management method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To enable easy and appropriate management of user accesses to multiple services provided by at least one server according to the attributes of users.SOLUTION: The security management module of a security management server, when a user requests service via a terminal, acquires authorized user tags for the service from security definitions stored in a security definition memory device (S180), acquires from a tag managing server a user tag matching the user ID of the user having operated the terminal (S190) and, if the user tag is included in the authorized user tags, permits supply of service to the user having operated the terminal. On the other hand, if the user tag is not included in the authorized user tags, supply of service to the user having operated the terminal is forbidden (S200 to S230).SELECTED DRAWING: Figure 8

Description

  The present disclosure relates to a security management system and a security management method for managing user access to a server that provides a service.

  Conventionally, as a database system that stores structured data in which user information is defined by tag information, a user access right to the structured data is set according to user information included in XML mail data (structured data). One including a DB server is known (for example, see Patent Document 1). In this database system, when registering each XML mail data, the DB server supports a mail address surrounded by the From tag, To tag, Cc tag, and Bcc tag corresponding to the header part information of the XML mail data. A right to access the XML mail data. That is, the DB server creates an access authority table that identifies the user's access authority for a plurality of XML mail data based on the sender and recipient information included in each mail data. Based on the access authority table created by the DB server, access to the XML mail data from the external terminal device is managed.

JP 2009-104613 A

  In the above conventional database system, it is not necessary for the administrator of the DB server to manually set the access authority. However, it is not easy to automatically set an appropriate level of access right according to user attributes such as user affiliation, job title, and service access frequency for a variety of information and services. Absent.

  Accordingly, the main object of the present disclosure is to enable easy and proper management of user access to a plurality of services provided by at least one server in accordance with user attributes.

  The security management system of the present disclosure is a security management system that manages user access to a plurality of services provided by at least one server, and a user who is permitted to access the services for each of the plurality of services. A security definition storage device that stores a security definition that defines an authorized user tag indicating the attribute of the user, a tag information storage device that stores a user tag indicating the attribute of the user having the user ID for each user ID, and the security definition The first acquisition module that acquires the permitted user tag of the service requested by the user via the terminal, and the user tag corresponding to the user ID of the user who operated the terminal is acquired from the tag information storage device. The second acquisition module and the first acquisition module It is determined whether the acquired user tag acquired by the second acquisition module is included in the acquired allowed user tag, and if the user tag is included in the permitted user tag, the terminal is A determination module that permits provision of the service to the operated user and prohibits the provision of the service to the user who operates the terminal when the permitted user tag does not include the user tag. Is.

  In this security management system, for each of a plurality of services provided by at least one server, a security definition that defines a permitted user tag indicating a user permitted to access the service is stored in a security definition storage device, The user tag indicating the attribute is stored in the tag information storage device for each user ID. When the service is requested by the user via the terminal, the first acquisition module acquires the permitted user tag of the service from the security definition, and the second acquisition module corresponds to the user ID of the user who operated the terminal. The acquired user tag is acquired from the tag information storage device. Further, the determination module determines whether or not the permitted user tag acquired by the first acquisition module includes the user tag acquired by the second acquisition module. If the user tag is included in the permitted user tag, the provision of service to the user who operates the terminal is permitted. If the user tag is not included in the permitted user tag, the service to the user who operates the terminal. Is prohibited.

  Thus, by defining a security definition and adding a user tag indicating the attribute of the user to a user (user ID), whether or not to permit user access to the requested service is properly determined. It is possible to make a quick determination. Even if a new service is added or the service provision mode is changed, the security definition is updated to appropriately determine whether to permit user access to the added / changed service. be able to. Furthermore, even if a user's affiliation, job title, etc. are changed, or a new user is added, the user tag is assigned to the user (user ID) to appropriately determine whether the service can be provided to the user. It becomes possible to do. Therefore, according to this security management system, user access to a plurality of services provided by at least one server can be easily and appropriately managed.

It is a schematic block diagram which shows the security management system of this indication. It is explanatory drawing which shows an example of the security definition memorize | stored in the security definition memory | storage device of the security management server which comprises the security management system of FIG. It is explanatory drawing which shows an example of the cache information memorize | stored in the security cache memory | storage device of the security management server which comprises the security management system of FIG. It is explanatory drawing which shows an example of the tag definition memorize | stored in the tag definition memory | storage device of the tag management server which comprises the security management system of FIG. It is explanatory drawing which shows the other example of the tag definition memorize | stored in the tag definition memory | storage device of the tag management server which comprises the security management system of FIG. It is explanatory drawing which shows an example of the tag information memorize | stored in the tag memory | storage device of the tag management server which comprises the security management system of FIG. It is explanatory drawing which shows the other example of the tag information memorize | stored in the tag memory | storage device of the tag management server which comprises the security management system of FIG. It is a flowchart which shows an example of the security determination routine performed by the security management module of the security management server which comprises the security management system of FIG. 3 is a flowchart illustrating an example of a cache information update routine executed by a security management module of a security management server configuring the security management system of FIG. 1. It is a flowchart which shows an example of the user tag information update routine performed by the tag management module of the tag management server which comprises the security management system of FIG.

  FIG. 1 is a schematic configuration diagram illustrating a security management system 10 of the present disclosure. The security management system 10 is used to manage user access to a plurality of services provided by a plurality of system servers 1A, 1B, 1C... In an enterprise or the like, and includes an authentication server 20 and a reverse proxy server 30. And a security management server 40 and a tag management server 50. As shown in the figure, the security management system 10 (tag management server 50) is connected to a personnel management server 60 and an access log management server 70 via an in-house network or the like. In addition, a large number of terminals (client computers) 100 used by users, such as officers and employees of the company, employees of registered affiliates, and external contractors, can manage security via an in-house network or a dedicated line. Connected to the authentication server 20 and the reverse proxy server 30 of the system 10.

  Each of the system servers 1A, 1B, 1C,... Stores a computer having a CPU, a ROM, a RAM, an input / output device, etc., and a product as an object created by an employee (including a product being created). And a deliverable storage device 2 for storing a database. The product stored in the product storage device 2 is tagged with, for example, an object ID as an identifier, an object tag indicating the attribute (content) of the product, and the like. In the system servers 1A, 1B, 1C,..., A product management module 3 is constructed by cooperation of hardware such as a CPU, ROM, and RAM and various programs installed in advance. The product management module 3 of the system server 1A shown in FIG. 1 provides, for example, a search tool for searching for a desired product from a plurality of products (objects) stored in the product storage device 2. , Providing services such as providing a single designated deliverable. In the present embodiment, the plurality of services provided by the system servers 1A, 1B, 1C,... Are independent of each other.

  The authentication server 20 includes a computer having a CPU, a ROM, a RAM, an input / output device, and the like, and an ID information storage device 21 that stores a database of user IDs assigned to each user. Furthermore, in the authentication server 20, an authentication information management module 25 is constructed by cooperation of hardware such as a CPU, ROM, and RAM and various programs installed in advance. The authentication information management module 25 uses the user ID input by the user on the terminal 100, the address of the service requested by the user on the terminal 100 (for example, the address (URL) of the search tool as described above, the object name, etc.) ) To get. Further, the authentication information management module 25 determines whether or not the input user ID is stored in the ID information storage device 21. If the user ID is stored in the ID information storage device 21, the authentication information management module 25 requests a service. The address of the requested service is transmitted to the reverse proxy server 30 together with the user ID of the user. If the user ID is not stored in the ID information storage device 21, the authentication information management module 25 transmits to the terminal 100 that provision of the requested service is not permitted. Note that the address of the service that can be selected by the user on the terminal 100 is used only between the terminal 100 and the authentication information management module 25.

  The reverse proxy server 30 includes a computer having a CPU, a ROM, a RAM, an input / output device, and the like, and a system address information storage device 31, and receives requests from the terminal 100 received via the authentication server 20 from the system servers 1A, 1B, 1C... And information from the system servers 1A, 1B, 1C... Is relayed to the terminal 100. Furthermore, in the reverse proxy server 30, a management module 35 is constructed by cooperation of hardware such as a CPU, ROM, and RAM and various programs installed in advance.

  The system address information storage device 31 is an address that can be input by the user on the terminal 100 side for each of a plurality of services (tools and deliverables) provided by the system servers 1A, 1B, 1C,. ID (system ID) of 1A etc., system address (tool etc.) of service in system server 1A etc., and object ID (single deliverable) are stored. Further, the management module 35 manages the exchange of information between the system servers 1A, 1B, 1C. Furthermore, when the management module 35 receives a user ID or a service address from the authentication information management module 25 of the authentication server 20 in response to a service request from the user, the system of the system server that provides the service input by the user The ID and the system address or object ID corresponding to the address of the service are read from the system address information storage device 31, and the read system ID, system address or object ID is transmitted to the security management server 40 together with the user ID.

  The security management server 40 includes a computer having a CPU, ROM, RAM, input / output device, and the like, a security definition storage device 41, and a security cache storage device. Further, the security management server 40 has user access to a plurality of services provided by the system servers 1A, 1B, 1C,... In cooperation with hardware such as CPU, ROM, and RAM and various programs installed in advance. A security management module 45 that determines whether or not to permit is constructed.

  For each of a plurality of services (including single deliverables) provided by the system servers 1A, 1B, 1C,..., The security definition storage device 41 is a permitted user tag that indicates an attribute of a user permitted to access the service. This stores the security definition that defines In the present embodiment, as shown in FIG. 2, the security definition includes a plurality of system addresses (tools, etc.) and object tags (single deliverables) of services provided by the system servers 1A, 1B, 1C,. Security ID (major classification), detailed security ID (including minor classification), ID of the system server that provides the service (system ID), service type (single deliverable is an “object”, and others are “ Resource type indicating “service”), permitted user tag (READ) indicating the attribute (affiliation, job title, etc.) of the user permitted to access (view) the service, and access (editing) to the service are permitted. An authorized user tag (EDIT) indicating the attributes of the user to be assigned, and the security management module 45 A table that prescribes a determination permission condition indicating a period during which execution of the determination process is permitted and a status (OK = execution, NG = non-execution) indicating whether or not the determination process by the security management module 45 should be executed for the service. Created as The security definition is created and updated by a predetermined administrator who manages service provision and deliverables.

  The security cache storage device 42 stores, as cache information, the user ID of the user permitted to access the service by the security management module 45, the service permitted to access, the system ID of the system server that provides the service, and the like. Is. As shown in FIG. 3, the cache information specifies a user ID, resource type, system ID, security ID (major classification), and action (at least one of browsing and editing) for each system address and object ID of the service. Created as a table. In the present embodiment, the cache information is appropriately set and updated by the security management module 45 after the determination process is executed by the security management module 45.

  The tag management server 50 includes a computer having a CPU, a ROM, a RAM, an input / output device, and the like, a tag definition storage device 51, and a tag information storage device 52. Further, the tag management server 50 manages information stored in the tag definition storage device 51 and the tag information storage device 52 by cooperation of hardware such as CPU, ROM, and RAM and various programs installed in advance. A tag management module 55 is constructed.

  The tag definition storage device 51 stores a user tag definition as shown in FIG. 4 and an object tag definition as shown in FIG. As shown in FIG. 4, the user tag definition includes a resource type (in this case, “person”), personnel information, and log analysis information for each of a plurality of user tags indicating user attributes (affiliation, job title, etc.). The target field indicating the range and contents of the attribute indicated by the user tag, the determination permission condition indicating the period during which the security management module 45 is allowed to execute the determination process, and the user tag It is created as a table that defines a status (OK = execution, NG = non-execution) indicating whether or not the determination process by the security management module 45 should be executed. In the present embodiment, the user tag definition is created / updated by an administrator of the security management system 10 and / or a predetermined personnel manager.

  As shown in FIG. 5, the object tag definition includes, for each of a plurality of object tags, a resource type (in this case, “object”), a system ID of a system server that provides the object, attribute contents indicated by the object tag, and results A target field indicating the creator of an object, importance, etc., a determination permission condition indicating a period during which determination processing by the security management module 45 is permitted for the object tag, and a determination processing by the security management module 45 for the object tag It is created as a table that defines a status (OK = execution, NG = non-execution) indicating whether or not to be executed. In the present embodiment, the object tag definition is created / updated by a predetermined administrator who manages the product (object).

  The tag information storage device 52 stores a user tag table as shown in FIG. 6 and an object tag table as shown in FIG. As shown in FIG. 6, in the user tag table, for each of a plurality of user IDs, a user tag indicating an attribute of a user having the user ID and whether the determination process by the security management module 45 should be executed for the user ID. A status indicating whether or not (OK = execution [valid], NG = non-execution [invalid]) is defined. The user tag table is created by the administrator of the security management system 10 and / or a predetermined personnel manager, etc., and updated by the security management module 45 based on the security definition, and the tag based on the user tag definition etc. It is updated by the management module 55.

  As shown in FIG. 7, the object tag table includes, for each object ID, an object tag indicating an attribute of a product (object) having the object ID, and a determination process performed by the security management module 45 on the object tag. The status (OK = execution [valid], NG = non-execution [invalid]) indicating whether or not to be performed is defined. The object tag table is created by an administrator of the security management system 10 and / or an administrator who manages objects, and is updated by the security management module 45 based on the security definition, and tag management based on the object tag definition etc. Updated by module 55.

  The personnel management server 60 connected to the security management system 10 includes a computer having a CPU, a ROM, a RAM, an input / output device, and the like, a personnel information storage device 61, and an organization information storage device 62. Further, the personnel management server 60 manages information stored in the personnel information storage device 61 and the organization information storage device 62 by cooperation of hardware such as CPU, ROM, and RAM and various programs installed in advance. A personnel information management module 65 is constructed. The personnel information storage device 61 stores detailed personnel information (including user IDs and target fields) of users such as officers and employees of the company, employees of registered affiliates, and external contractors, and stores organization information. The device 62 stores detailed organization information such as the company or affiliated company. Information stored in the personnel information storage device 61 and the organization information storage device 62 is updated as needed in accordance with personnel changes, organization reorganization, and the like.

  The access log management server 70 connected to the security management system 10 includes a computer having a CPU, a ROM, a RAM, an input / output device, and the like, and a log analysis information storage device 71. Further, the access log management server 70 analyzes the user access to the system servers 1A, 1B, and 1C in cooperation with hardware such as CPU, ROM, and RAM and various programs installed in advance, and displays the analysis results. A log analysis management module 75 is constructed to store the log analysis information (including the user ID and target field) in the log analysis information storage device 71.

  Next, a procedure for determining whether or not user access to a service provided by the system servers 1A, 1B, 1C,. FIG. 8 is a flowchart illustrating an example of a security determination routine executed by the security management module 45 of the security management server 40 when the user operates the terminal 100 to request the system server 1A to provide a service.

  At the start of the security determination routine shown in FIG. 8, the security management module 45 (CPU) inputs data necessary for the determination process such as a user ID, a system ID, a system address, or an object ID transmitted from the reverse proxy server 30 ( Step S100). Next, the security management module 45 compares the data input in step S100 with the cache information stored in the security cache storage device 42 (step S110), and requests the service requested for the user having the user ID. It is determined whether or not access to is permitted (step S120).

  That is, in steps S110 and S120, the security management module 45 matches (matches) the cache information stored in the security cache storage device 42 with the user ID and system address or object ID input in step S100. It is determined whether or not there is. If the security management module 45 determines that there is cache information that matches the user ID and system address or object ID input in step S100 (step S120), the action indicated in the cache information is displayed. Is sent to the reverse proxy server 30 to allow the corresponding system server to be called (step S220), and this routine is terminated.

  As described above, the cache information as described above is stored in the security cache storage device 42, and the determination process based on the cache information is executed, so that the determination of whether or not the service can be provided can be executed more quickly. It becomes possible. The reverse proxy server 30 calls the corresponding system server in response to a command from the security management module 45. Thereby, the service corresponding to the system address or object ID is provided from the system server to the terminal 100, that is, the user who operates the terminal 100 via the reverse proxy server 30.

  On the other hand, if it is determined that there is no cache information that matches (matches) the user ID and system address or object ID input in step S100 (step S120), the security management module 45 reads from the security definition storage device 41. The security definition is read (step S130), and further, based on the system address or object ID input in step S100, it is determined whether the target requested by the user is a single product (object) (step S140). ). When the service requested by the user is a single product, the security management module 45 acquires all the object tags whose status is OK from the security definition (step S150). Hereinafter, the object tag acquired in step S150 is appropriately referred to as “predefined object tag”.

  Subsequently, the security management module 45 acquires an object tag corresponding to the object ID input in step S100 from the tag management server 50 (step S160). That is, in step S160, the security management module 45 transmits the object ID input in step S100 to the tag management module 55 of the tag management server 50. The tag management module 55 that has received the object ID from the security management module 45 acquires an object tag whose status corresponding to the received object ID is OK from the object tag table stored in the tag information storage device 52, and acquires the object tag. The object tag is transmitted to the security management module 45.

  When the object tag is acquired from the tag management server 50 in step S160, the security management module 45 includes the object tag (defined object tag) acquired from the security definition in step S150 from the tag management server 50 in step S160. It is determined whether or not the acquired object tag is included (whether there is a matching object tag) (step S170). When the object tag acquired from the tag management server 50 is not included in the defined object tag, the security management module 45 reverses a command for prohibiting access to the product (object) of the user who operates the terminal 100. The data is transmitted to the proxy server 30 (step S230), and this routine is terminated. If it is determined in step S140 that the target requested by the user is not a single product, the above-described steps S150 to S170 are skipped.

  On the other hand, when it is determined in step S140 that the target requested by the user is a service such as a search tool, it is determined that the object tag acquired from the tag management server 50 is included in the defined object tag. If so, the security management module 45 acquires from the security definition the permitted user tag corresponding to the system address input in step 100 or the object tag acquired in step S160 (step S180). Furthermore, the security management module 45 acquires a user tag corresponding to the user ID input in step S100 from the tag management server 50 (step S190). That is, in step S190, the security management module 45 transmits the user ID input in step S100 to the tag management module 55 of the tag management server 50. The tag management module 55 that has received the user ID from the security management module 45 acquires the user tag whose status corresponding to the received user ID is OK from the user tag table stored in the tag information storage device 52 and acquires the user tag. The user tag is transmitted to the security management module 45.

  When the user tag is acquired from the tag management module 55 in step S190, the security management module 45 includes the user tag acquired from the tag management server 50 in step S190 among the permitted user tags acquired from the security definition in step S180. It is determined whether it is included (there is a user tag match) (step S200). If the user tag acquired from the tag management server 50 is not included in the permitted user tag acquired from the security definition, the security management module 45 reverses the instruction to prohibit access to the service of the user who operated the terminal 100 The data is transmitted to the proxy server 30 (step S230), and this routine is terminated.

  On the other hand, if it is determined that the user tag acquired from the tag management server 50 is included in the permitted user tag acquired from the security definition, the security management module 45 determines the user ID input in step S100, the user The system address or object ID of the service requested by the ID, the resource type, the system ID, and the action permitted on the security definition are stored in the security cache storage device 42 as cache information (step S210). Then, the security management module 45 transmits to the reverse proxy server 30 a command for permitting the corresponding system server to be called in order to allow the user to execute an action permitted in the security definition (step S220). This routine is terminated.

  As described above, in the security management system 10, for each of a plurality of services provided by the system servers 1A, 1B, 1C,..., There is a security definition that defines a permitted user tag that indicates a user permitted to access the service. It is stored in the security definition storage device 41 of the security management server 40. The tag information storage device 52 of the tag management server 50 stores a user tag table that defines user tags indicating user attributes for each user ID. When the service is requested by the user via the terminal 100, the security management module 45 acquires the permitted user tag of the service from the security definition (step S180) and the user ID of the user who operated the terminal Is acquired from the tag management server 50 (tag information storage device 52) (step S190). Further, the security management module 45 determines whether or not the permitted user tag acquired in step S180 includes the user tag acquired in step S190 (step S200), and the permitted user tag includes the user tag. If it is, the provision of the service to the user who operates the terminal 100 is permitted. On the other hand, when the user tag is not included in the permitted user tag, provision of service to the user who operates the terminal 100 is prohibited.

  Thus, by defining a security definition and adding a user tag indicating the attribute of the user to a user (user ID), whether or not to permit user access to the requested service is properly determined. It is possible to make a quick determination. Whether or not to allow user access to the added / changed service by updating the security definition even when a new service (new deliverable) is added or the service provision mode is changed Can be determined appropriately. Furthermore, even if a user's affiliation, job title, etc. are changed, or a new user is added, the user tag is assigned to the user (user ID) to appropriately determine whether the service can be provided to the user. It becomes possible to do. Therefore, according to the security management system 10, user access to a plurality of services provided by the system servers 1A, 1B, 1C,... Can be easily and appropriately managed.

  Further, in the security management system 10, before the processing of steps S180 to S200 in FIG. 8 is executed, the service requested by the user is sent to the user based on the cache information stored in the security cache storage device 42. It is determined whether or not to permit the provision (steps S110 and S120), whereby the determination of whether or not to provide the service can be performed more quickly. Further, in the security management system 10, when the user requests the provision of a deliverable (object), before comparing the permitted user tag and the user tag corresponding to the user ID (steps S 180 to S 200), the security management system 10 It is determined whether or not the acquired object tag includes the object tag (corresponding to the object ID) acquired from the tag management server 50 (steps S150 to S170). This makes it possible to more strictly manage user access to a product with higher confidentiality.

  The above-described security definition defines an authorized user tag that is permitted to access a service or product for each system address or object tag of a service provided by the system servers 1A, 1B, 1C. However, it is not limited to this. That is, the security definition may be created so as to define a prohibited user tag for which access to the service is prohibited for each of a plurality of services. When the prohibited user tag acquired from the security definition includes the user tag (corresponding to the user ID) acquired from the tag management server 50, access to the service of the user who operates the terminal 100 is prohibited. May be. In this case, if there is cache information that matches the user ID of the user who is prohibited from accessing the service and the service, the cache information may be deleted from the security cache storage device 42. Furthermore, the security definition may be created for each of a plurality of services so as to define a determination prohibition condition that is a condition for prohibiting the execution of the determination process by the security management module 45 for the service. An effective period may be set in the condition.

  FIG. 9 is a flowchart showing an example of a cache information update routine executed by the security management module 45 of the security management server 40. The cache information update routine shown in the figure is executed by the security management module 45 when the security definition is updated and / or every time a predetermined period elapses.

  At the start of the cache information update routine of FIG. 9, the security management module 45 (CPU) acquires the updated determination permission condition from the security definition stored in the security definition storage device 41 according to a predetermined order. (Step S300), it is determined whether or not the execution timing of this routine is included in the period indicated by the acquired determination permission condition (Step S310). When the execution timing is not included in the period indicated in the determination permission condition acquired in step S300, the security management module 45 sets the service status corresponding to the determination permission condition acquired in step S300 to NG. (Step S320). Further, the security management module 45 deletes the cache information about the service or object corresponding to the determination permission condition from the security cache storage device 42 (step S330).

  When the execution timing of this routine is included in the period indicated in the determination permission condition acquired in step S300, the security management module 45 displays the status of the service corresponding to the determination permission condition acquired in step S300. OK is set (step S340). After the process of step S330 or S340, the security management module 45 determines whether or not the process has been completed for all of the updated determination permission conditions (step S350), and step S300 until the process is completed for all objects. To S340 are repeatedly executed.

  As described above, according to the updated security definition, the cache information of the service that is not permitted to execute the determination process by the security management module 45 is deleted, so that the cache information is optimized, and the service based on the cache information. It is possible to execute the determination (especially permission determination) of whether or not to provide the information more quickly.

  FIG. 10 is a flowchart illustrating an example of a user tag information update routine executed by the tag management module 55 of the tag management server 50. The user tag information update routine shown in the figure is executed by the tag management module 55 when the user tag definition is updated and when personnel information and organization information are updated in the personnel management server 60.

  At the start of the user tag information update routine of FIG. 10, the tag management module 55 (CPU) follows the predetermined order and the determination permission condition updated from the user tag definition stored in the tag definition storage device 51. And the user tag corresponding to it is acquired (step S400), and it is determined whether the execution timing of this routine is included in the period shown by the acquired determination permission conditions (step S410). If the execution timing is not included in the period indicated in the determination permission condition acquired in step S400, the tag management module 55 sets the status of the user tag corresponding to the determination permission condition acquired in step S400 to NG. (Step S420).

  On the other hand, when the execution timing of this routine is included in the period indicated in the determination permission condition acquired in step S400, the tag management module 55 determines the status of the user tag corresponding to the determination permission condition acquired in step S400. Is set to OK (step S430). After the process of step S420 or S430, the tag management module 55 determines whether or not the process has been completed for all of the updated determination permission conditions (step S440), and step S400 until the process is completed for all objects. To S430 are repeatedly executed.

  If it is determined in step S440 that the processing for the determination permission condition has been completed, the tag management module 55 follows the predetermined order, and the status is OK from the user tag definition stored in the tag definition storage device 51. Of the user tags targeted for personnel information, at least an updated user tag is acquired, and a target field corresponding to the user tag is acquired (step S450). Next, the tag management module 55 acquires a user ID corresponding to the target field acquired in step S450 from the personnel management server 60 (step S460). That is, in step S460, the tag management module 55 transmits the target field acquired in step S450 to the personnel information management module 65 of the personnel management server 60. The personnel information management module 65 that has received the target field from the tag management module 55 acquires the user ID corresponding to the received target field from the personnel information storage device 61 and transmits all the acquired user IDs to the tag management module 55. .

  When the tag management module 55 acquires the user ID from the personnel management server 60 in step S460, the tag management module 55 updates the user tag table stored in the tag information storage device 52 based on the acquired user ID (step S470). That is, in step S470, the tag management module 55 assigns (tags) the user tag acquired in step S450 to all user IDs acquired from the personnel management server 60, and sets the status of the user ID to OK. . Thereby, when a user tag for personnel information is updated on the user tag definition, that is, when a new user tag for personnel information is added to the user tag definition, the user tag indicates A new user tag is assigned (tagged) to the user ID of the user having the attribute. When a new user ID of a new user (for example, a new employee) is added to the personnel information of the personnel management server 60, the user ID and a user tag corresponding to the user ID are added to the user tag table. Furthermore, when a user attribute (affiliation or title) is changed due to personnel changes or the like, a new user tag is assigned (tagged) to the user ID of the user. After the process of step S470, the tag management module 55 determines whether or not the process has been completed for all user tags targeted for personnel information (step S480), and until the process has been completed for all objects, step S450 is performed. To S470 are repeatedly executed.

  If the tag management module 55 determines in step S480 that the processing for all user tags targeted for personnel information has been completed, the tag management module 55 follows the predetermined order and stores the user tag definitions stored in the tag definition storage device 51. Then, the user tag for the log analysis information whose status is OK and the target field corresponding to the user tag are acquired (step S490). Next, the tag management module 55 acquires the user ID corresponding to the target field acquired in step S490 from the access log management server 70 (step S500). That is, in step S500, the tag management module 55 transmits the target field acquired in step S490 to the log analysis management module 75 of the access log management server 70. The log analysis management module 75 that has received the target field from the tag management module 55 acquires the user ID corresponding to the received target field from the log analysis information storage device 71 and transmits all the acquired user IDs to the tag management module 55. To do.

  When the tag management module 55 acquires the user ID from the access log management server 70 in step S500, the tag management module 55 updates the user tag table stored in the tag information storage device 52 based on the acquired user ID (step S510). . That is, in step S510, the tag management module 55 assigns (tags) the user tag acquired in step S500 to all the user IDs acquired in step S510, and sets the status of the user ID to OK. Thereby, when the user tag targeted for log analysis information is updated on the user tag definition, that is, when a new user tag targeted for log analysis information is added to the user tag definition, A new user tag is assigned (tagged) to the user ID of the user with the indicated attribute. Further, when a new user ID of a new user (for example, a new unauthorized user) is added to the log analysis information of the access log management server 70, the user ID and the corresponding user tag are added to the user tag table. The After the process of step S510, the tag management module 55 determines whether or not the process has been completed for all the user tags targeted for the log analysis information (step S520), The processing from S490 to S510 is repeatedly executed. If the tag management module 55 determines in step S520 that the processing for all the user tags targeted for the log analysis information has been completed, the tag management module 55 ends this routine.

  As described above, the security management system 10 validates the user tag in the user tag table stored in the tag information storage device 52 for each user ID based on the user tag defined in the user tag and the determination permission condition (OK). Is set) or invalidated (set to NG) (steps S400 to S440 in FIG. 9). As a result, it is possible to invalidate a user tag that does not need to be used for determining whether or not to provide a service, and more quickly determine whether or not to permit user access to the requested service.

  The tag management module 55 of the tag management server 50 assigns a user ID corresponding to the attribute indicated by the user tag for each user tag defined by the user tag to the personnel management server 60 (person information storage device 61) or the access log management server. 70 (log analysis information storage device 71), a user tag is assigned to the acquired user ID, and the user tag table stored in the tag information storage device 52 is updated (steps S450 to S520). Thereby, when a new user tag is added to the user tag definition, the new user tag can be assigned to the user ID of the corresponding user. Moreover, even if a user's affiliation, job title, or the like is changed or a new user is added, a corresponding user tag can be assigned to the user ID of the corresponding user. As a result, it is possible to more flexibly and appropriately determine whether the service can be provided.

  The tag management module 55 constructed in the tag management server 50 of the security management system 10 is determined in advance when the object tag definition is updated, for example, when the addition of a new product is notified from the system server. Each time, the object ID corresponding to the target field acquired from the object tag definition is acquired from the corresponding system server, and the object tag table is updated based on the acquired object ID. In such a case, if the deliverable is created by structured data such as XML data, the target field of the deliverable can be easily determined in the system server.

  In addition, when the process from step S450 to S480 in FIG. 9 is executed in accordance with the update of the user tag definition, the process from step S450 to S480 is executed only for the updated user tag for personnel information. Also good. Similarly, when the processing from step S490 to S520 is executed in accordance with the update of the user tag definition, the processing from step S490 to S520 is executed only for the updated user tag for the log analysis information. Also good. Furthermore, the processing from Steps S400 to S440, the processing from Steps S450 to S480, and the processing from Steps S490 to S520 in FIG. 9 are not necessarily performed continuously, and may be performed at different timings. . Further, in S420 of FIG. 9, the user tag whose status is NG and the corresponding user ID may be deleted from the user tag table.

  As described above, the security management system (10) of the present disclosure is a security management system that manages user access to a plurality of services provided by at least one server (1A, 1B, 1C ...), For each of the plurality of services, a security definition storage device (41) that stores a security definition that defines an authorized user tag indicating an attribute of a user permitted to access the service; A tag information storage device (52) for storing a user tag indicating an attribute of the user, and a first acquisition module for acquiring the permitted user tag of the service requested by the user via the terminal (100) from the security definition (45, S180) and the tag information storage device (52) to the terminal (100 The second acquisition module (45, S190) that acquires the user tag corresponding to the user ID of the user who operated the button, and the permitted user tag acquired by the first acquisition module are acquired by the second acquisition module. If the user tag is included in the permitted user tag, the provision of the service to the user who operated the terminal is permitted, and the authorized user is determined. And a determination module (45, S200-S230) that prohibits the provision of the service to the user who has operated the terminal when the tag does not include the user tag.

  That is, in the security management system of the present disclosure, for each of a plurality of services provided by at least one server, a security definition that defines an authorized user tag that indicates a user permitted to access the service is stored in the security definition storage device. User tags stored and indicating user attributes are stored in the tag information storage device for each user ID. When the service is requested by the user via the terminal, the first acquisition module acquires the permitted user tag of the service from the security definition, and the second acquisition module corresponds to the user ID of the user who operated the terminal. The acquired user tag is acquired from the tag information storage means. Further, the determination module determines whether or not the permitted user tag acquired by the first acquisition module includes the user tag acquired by the second acquisition module. If the user tag is included in the permitted user tag, the provision of service to the user who operates the terminal is permitted. If the user tag is not included in the permitted user tag, the service to the user who operates the terminal. Is prohibited.

  Thus, by defining a security definition and adding a user tag indicating the attribute of the user to a user (user ID), whether or not to permit user access to the requested service is properly determined. It is possible to make a quick determination. Even if a new service is added or the service provision mode is changed, the security definition is updated to appropriately determine whether to permit user access to the added / changed service. be able to. Furthermore, even if a user's affiliation, job title, etc. are changed, or a new user is added, the user tag is assigned to the user (user ID) to appropriately determine whether the service can be provided to the user. It becomes possible to do. Therefore, according to the security management system of the present disclosure, it is possible to easily and appropriately manage user access to a plurality of services provided by at least one server. As described above, provision of services may include provision of a search tool for finding a desired object from a plurality of objects, or provision of a single object.

  In addition, the security management system (10) stores, for each user tag, a tag definition storage device (51) that stores a user tag definition that defines a determination permission condition that is a condition for permitting execution of the determination process by the determination module. And updating tag information for validating or invalidating the user tag stored in the tag information storage device (51) for each user ID based on the user tag of the user tag definition and the determination permission condition A module (55, S400-S440) may be further provided. As a result, it is possible to invalidate a user tag that does not need to be used for determining whether or not to provide a service, and more quickly determine whether or not to permit user access to the requested service.

  Further, the security management system (10) may include a user information storage device (61, 71) for storing a user attribute for each user ID, and the tag information update module (55, S450-S490). For each user tag of the user tag definition, a user ID corresponding to the attribute indicated by the user tag is acquired from the user information storage device (61, 71), and the user tag is assigned to the acquired user ID. You may memorize | store in the said tag information storage device (52). Thereby, when a new user tag is added to the user tag definition, the new user tag can be assigned to the user ID of the corresponding user. Moreover, even if a user's affiliation, job title, or the like is changed or a new user is added, a corresponding user tag can be assigned to the user ID of the corresponding user. As a result, it is possible to more flexibly and appropriately determine whether the service can be provided. The information stored in the user information storage device (information indicating user attributes) may include access log analysis information.

  The security management system (10) includes the user ID of the user permitted to access the service by the determination module (45, S200 to S230), the service permitted to the user, and The information processing apparatus may further include a cache information storage device (42) that stores the ID of the server providing the service as cache information, and the determination module (45, S110, S120) includes the first acquisition module (45, S180). ) Of the service requested by the user based on the cache information before comparing the authorized user tag acquired by the second acquisition module (45, S190) with the user tag acquired by the second acquisition module (45, S190). It may be determined whether or not the provision to the user is permitted. As a result, it is possible to more quickly determine whether the service can be provided.

  Further, the security definition may define a determination permission condition that is a condition for permitting execution of the determination process by the determination module for each service, and the security management system (10) A cache information update module (45, S300 to S350) that deletes the cache information of a service that is not permitted to execute the determination process based on a determination permission condition may be further provided. As a result, it is possible to optimize the cache information according to the security definition, and to more quickly execute the determination of whether or not the service can be provided based on the cache information.

The security management method of the present disclosure is a security management method for managing user access to a service provided by a server,
(A) For each of a plurality of services, a security definition that defines an authorized user tag indicating an attribute of a user permitted to access the service is stored in the security definition storage device (41), and for each user ID, Storing a user tag indicating an attribute of a user having a user ID in the tag information storage device (52);
(B) The authorized user tag of the service requested by the user via the terminal (100) is acquired from the security definition (S180), and the terminal (100) is retrieved from the tag information storage device (52). Obtaining the user tag corresponding to the user ID of the operated user (S190);
(C) It is determined whether or not the user tag acquired in step (b) is included in the permitted user tag acquired in step (b), and the user tag is included in the permitted user tag. If it is included, the provision of the service to the user who operates the terminal is permitted, and if the user tag is not included in the permitted user tag, the service to the user who operates the terminal A step of prohibiting the provision (S200-S230);
Is included.

  As in the security management method of the present disclosure, the user is allowed to access the requested service by defining the security definition and assigning a user tag indicating the attribute of the user to the user (user ID). It is possible to appropriately determine whether or not to do so. Even if a new service is added or the service provision mode is changed, the security definition is updated to appropriately determine whether to permit user access to the added / changed service. be able to. Furthermore, even if a user's affiliation, job title, etc. are changed, or a new user is added, the user tag is assigned to the user (user ID) to appropriately determine whether the service can be provided to the user. It becomes possible to do. Therefore, according to the security management method of the present disclosure, user access to a plurality of services provided by at least one server can be easily and appropriately managed.

  However, the invention of the present disclosure is not limited to the embodiment described above, and it is needless to say that various changes can be made within the scope of the extension of the present disclosure. Furthermore, the above-described embodiment is merely a specific form of the invention described in the Summary of Invention column, and does not limit the elements of the invention described in the Summary of Invention column.

  The invention of the present disclosure is useful for managing user access to a server that provides a service in a company or the like.

  1A, 1B, 1C system server, 2 product storage device, 3 product management module, 10 security management system, 20 authentication server, 21 ID information storage device, 25 authentication information management module, 30 reverse proxy server, 31 system address information Storage device 35 Management module 40 Security management server 41 Security definition storage device 42 Security cache storage device 45 Security management module 50 Tag management server 51 Tag definition storage device 52 Tag information storage device 55 Tag management module 60 personnel management server 61 personnel information storage device 62 organization information storage device 65 personnel information management module 70 access log management server 71 log analysis information storage device 75 log analysis management module 100 terminals.

Claims (6)

A security management system for managing user access to a plurality of services provided by at least one server,
A security definition storage device that stores a security definition that defines an allowed user tag indicating an attribute of a user permitted to access the service for each of the plurality of services;
A tag information storage device for storing a user tag indicating an attribute of a user having the user ID for each user ID;
A first acquisition module that acquires the permitted user tag of a service requested by a user via a terminal from the security definition;
A second acquisition module for acquiring the user tag corresponding to the user ID of the user who operated the terminal from the tag information storage device;
It is determined whether or not the permitted user tag acquired by the first acquisition module includes the user tag acquired by the second acquisition module, and the permitted user tag includes the user tag. If the user tag is not included in the permitted user tag, the service provided to the user who operated the terminal is prohibited. A determination module to
A security management system comprising: The security management system according to claim 1,
For each user tag, a tag definition storage device that stores a user tag definition that defines a determination permission condition that is a condition for permitting execution of a determination process by the determination module;
A tag information update module that validates or invalidates the user tag stored in the tag information storage device for each user ID, based on the user tag of the user tag definition and the determination permission condition;
A security management system further comprising: In the security management system according to claim 2,
A user information storage device for storing user attributes for each user ID;
The tag information update module acquires a user ID corresponding to an attribute indicated by the user tag for each user tag defined in the user tag from the user information storage device, and assigns the user tag to the acquired user ID. A security management system for storing in the tag information storage device. In the security management system according to any one of claims 1 to 3,
Cache information storage that stores, as cache information, the user ID of the user permitted to access the service by the determination module, the service permitted to access the user, and the ID of the server that provides the service Further comprising a device,
The determination module is requested by the user based on the cache information before comparing the authorized user tag acquired by the first acquisition module with the user tag acquired by the second acquisition module. Security management system for determining whether to permit the provision of the service to the user. In the security management system according to claim 4,
The security definition defines a determination permission condition that is a condition for permitting execution of the determination process by the determination module for each service.
A security management system further comprising: a cache information update module that deletes the cache information of a service that is not permitted to execute the determination process based on the determination permission condition of the security definition. A security management method for managing user access to services provided by a server, comprising:
(A) For each of a plurality of services, a security definition defining a permitted user tag indicating an attribute of a user permitted to access the service is stored in the security definition storage device, and the user ID is stored for each user ID. Storing a user tag indicating an attribute of the user having the tag information storage device;
(B) The user tag corresponding to the user ID of the user who operated the terminal is acquired from the tag information storage device while acquiring the permitted user tag of the service requested by the user via the terminal from the security definition. Step to get the
(C) It is determined whether or not the user tag acquired in step (b) is included in the permitted user tag acquired in step (b), and the user tag is included in the permitted user tag. If it is included, the provision of the service to the user who operates the terminal is permitted, and if the user tag is not included in the permitted user tag, the service to the user who operates the terminal The step of prohibiting the provision;
Security management method including.

Images