JP2017027392A - Connection management program and information processing apparatus - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a connection management program and an information processing apparatus that omit input of information for user authentication when a carried-in terminal is connected to a network, and maintain the same security level with the user authentication.SOLUTION: An attendance server 1 has: attendance management means 100 of managing, as attendance information 112, an attendance state of a user 7 who operates a terminal 3 as a carried-in terminal; and profile information transmission means 102 of transmitting profile information 113 as setting information to be used to connect the terminal 3 to a network 6 to the terminal 3 when the attendance information 112 on the user 7 of the terminal 3 having sent a connection request for the network 6 shows "attendance" and position information indicative of the position of the terminal 3 is within a range of presence positions previously defined for the user 7.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a connection management program and an information processing apparatus.

  As a conventional technique, an information processing apparatus that sets access authority based on position information of a user has been proposed (see, for example, Patent Document 1).

  An information processing apparatus disclosed in Patent Document 1 includes an authentication unit that executes user authentication processing based on user authentication information received from a portable terminal device via a wireless LAN, and a position of a user in a facility. A location information acquisition unit that acquires the location information to be indicated, an access authority setting unit that sets the access authority of the authenticated user based on the acquired position information, and a resource on the network based on the set access authority And an access control unit for controlling whether or not access from a terminal is possible.

JP 2014-178873 A

  It is an object of the present invention to omit input of information for user authentication when a carry-in terminal connects to a network and to maintain a security level equivalent to the case where user authentication is performed and information processing To provide an apparatus.

  In order to achieve the above object, an aspect of the present invention provides the following connection management program and information processing apparatus.

[1]
The attendance information indicating the attendance status of the user of the terminal that has transmitted the connection request to the network is in operation, and the position information indicating the position of the terminal is within the range of the location defined in advance for the user. A connection management program for causing the terminal to function as transmission means for transmitting profile information, which is setting information used for connecting to the network, to the terminal.
[2] The connection according to [1], further causing the attendance state of the attendance information to further function as attendance management means that is set according to an operation of the user who has been authenticated to connect to the network in another terminal. Management program.
[3] Location information in which attendance information indicating the attendance status of the user of the terminal that has transmitted a connection request to the network is in operation, and location information indicating the location of the terminal is defined in advance for the user An information processing apparatus comprising: a transmission unit configured to transmit profile information, which is setting information used for connecting the terminal to the network, to the terminal when the terminal is within the range.

According to the invention according to claim 1 or 3, input of information for user authentication when the carry-in terminal connects to the network is omitted, and a security level equivalent to that when user authentication is performed is maintained. be able to.
According to the second aspect of the present invention, the attendance state can be set by a user who has been authenticated for connecting to the network in another terminal.

FIG. 1 is a schematic diagram illustrating an example of a configuration of a connection management system according to an embodiment. FIG. 2 is a block diagram illustrating a configuration example of the attendance server according to the embodiment. FIG. 3 is a schematic diagram illustrating an example of the configuration of attendance information. FIG. 4 is a flowchart showing the profile information transmission operation of the attendance server.

[Embodiment]
(Connection management system configuration)
FIG. 1 is a schematic diagram illustrating an example of a configuration of a connection management system according to an embodiment.

  The connection management system 8 manages the information related to the attendance of the user 7 and manages the profile information necessary for accessing the network 6 of the terminal 3 and whether or not the user 7 can access the attendance server 1. The authentication server 2 to be authenticated, the portable terminal 3 and the built-in terminal 4 are connected by a network 6 so that they can communicate with each other. The terminal 3 performs wireless communication via the access point 5. Further, the terminal 3 and the terminal 4 are operated by the user 7.

  The attendance server 1 is a server-type information processing apparatus that operates in response to requests from the terminal 3 and the terminal 4, and has a CPU (Central Processing Unit) having a function for processing information in the main body, Equipped with electronic components such as flash memory.

  The authentication server 2 is a server-type information processing apparatus that operates in response to requests from the terminal 3 and the terminal 4, and is an electronic device such as a CPU or flash memory having a function for processing information in the main body. Provide parts.

  The terminal 3 is a portable information processing apparatus, and includes an electronic component such as a CPU and a flash memory having a function for processing information in the main body. As an example, the terminal 3 is a bring-in terminal owned by the user 7 and brought into a company to which the user 7 belongs, and a situation called a so-called BYOD (Bring your own device) is assumed. To do. The terminal 3 has at least a communication function and a position information acquisition function.

  The terminal 4 is a built-in information processing apparatus such as a PC (Personal Computer), and includes an electronic component such as a CPU and a flash memory having a function for processing information in the main body. The terminal 4 is assumed to be the property of the company to which the user 7 belongs, not the carry-in terminal. Note that the terminal 4 may be connected by wireless communication.

  The network 6 is a communication network capable of high-speed communication, and is, for example, a wired or wireless communication network such as an intranet or a LAN (Local Area Network).

  In the above configuration, when the user 7 enters the office, he / she operates the terminal 4 and requests authentication from the authentication server 2 by inputting a user ID and password. When authenticated by the authentication server 2, the user 7 operates the terminal 4 to access the attendance server 1 and sets the work status to “working”. Next, the terminal 3 which is a carry-in terminal requests the authentication server 2 to connect to the network 6 together with its own location information. The authentication server 2 makes an inquiry to the attendance server 1 in response to a request from the terminal 3, and the position information of the terminal 3 is within a range set in advance by the user, and the work status is “working”. The profile information which is the setting information for connecting to the network 6 from the attendance server 1 to the terminal 3 is transmitted. The terminal 3 receives the profile information and connects to the network 6.

(Configuration of information processing device)
FIG. 2 is a block diagram illustrating a configuration example of the attendance server 1 according to the embodiment.

  The attendance server 1 includes a CPU and the like, and controls each unit and executes various programs, a storage unit 11 that includes a storage medium such as a flash memory and stores information, and a network. The communication unit 12 communicates with the outside.

  The control part 10 functions as the attendance management means 100 etc. by executing the attendance management program 111 mentioned later. The control unit 10 functions as the position information determination unit 101, the profile information transmission unit 102, and the like by executing a connection management program 110 described later.

  The attendance management unit 100 manages attendance information 112 indicating the work status of the user, and changes the setting of the attendance information 112 only by a request transmitted in response to the operation of the user authenticated by the authentication server 2. Is allowed.

  The position information determination unit 101 receives position information from the terminal 3 and determines whether or not the position information is within the range of the location set in advance in the attendance information 112.

  The profile information transmission unit 102 determines that the position information determination unit 101 determines that the position information of the terminal 3 is within the range of the preset location, and the work status indicated by the attendance information 112 managed by the attendance management unit 100 is “ If it is “on duty”, the profile information 113 is transmitted to the terminal 3.

  The storage unit 11 includes a connection management program 110 that causes the control unit 10 to operate as the above-described units 101 and 102, a time management program 111 that causes the control unit 10 to operate as the above-described time management unit 100, time information 112, profile information 113, and the like. Remember.

(Operation of information processing device)
Next, the operation of the present embodiment will be described separately for (1) basic operation, (2) profile information transmission operation, and (3) connection operation.

(1) Basic operation First, when the user 7 comes to the office, he / she operates the terminal 4 installed in the company and requests authentication from the authentication server 2 by inputting a user ID and a password. The terminal 4 transmits the user ID and password together with the authentication request to the authentication server 2.

  When the authentication server 2 receives the user ID and password together with the authentication request, the authentication server 2 checks the user ID and password registered in advance, and if they match, the authentication is successful and the attendance server 1 is accessible.

  When authenticated by the authentication server 2, the user 7 operates the terminal 4 to access the attendance server 1 and sets the work status to “working”.

  The attendance server 1 sets the work status of the user 7 to “on duty” in the attendance information 112.

  Next, the user 7 operates the terminal 3 to connect the terminal 3 that is a carry-in terminal to the network 6. The terminal 3 requests the authentication server 2 to connect to the network 6 together with its own location information.

(2) Profile Information Transmission Operation FIG. 3 is a schematic diagram illustrating an example of the configuration of the attendance information 112. FIG. 4 is a flowchart showing the profile information transmission operation of the attendance server 1.

  When the authentication server 2 accepts the connection request for the terminal 3, first, the user ID registered in advance in the ID of the terminal 3 (for example, “001”) and the work status is “working”. Whether the attendance server 1 is inquired.

  When the attendance management means 100 of the attendance server 1 accepts an inquiry of attendance information (S1; Yes), the attendance information 112 shown in FIG. 3 is referred to, and the work status of the user ID “001” is “working”. Since there is (S2; Yes), a response is made to the authentication server 2 that it is “working” (S3).

  When the authentication server 2 receives the message “working” from the attendance server 1, next, the attendance server 1 determines whether or not the location information received from the terminal 3 is within a range preset for the user 7. Contact

  When the position information determination unit 101 of the attendance server 1 receives a position information determination request (S4; Yes), the position information of the attendance information 112 shown in FIG. 3 is referred to and the position information is within the range of the position. (S5; Yes), the profile information 113 which is the setting information for connecting to the network 6 is transmitted to the terminal 3 (S6).

  In step S5, if the position information is outside the range of the location (S5; No), the fact that the profile information 113 is outside the connectable range and is invalid is transmitted to the terminal 3 (S7).

  In step S2, if the work status is not “working” (S2; No), the authentication server 2 is informed of “not working” (S8), and the authentication server 2 is accessed to the terminal 3. Reject (S9).

(3) Connection Operation Next, the terminal 3 receives the profile information 113 from the attendance server 1, executes connection setting using the profile information 113, and connects to the network 6.

  The connection may be disconnected when it is outside the time period set for the normal working hours of the attendance information 112 in FIG.

(Effect of embodiment)
According to the above-described embodiment, when the terminal 3 which is a carry-in terminal requests connection to the network 6, the work status of the user registered in advance in the terminal 3 and the position information of the terminal 3 are set to the preset conditions. Since the profile information 113 for connection is transmitted only when they match, it is possible to omit the input of information for user authentication in the terminal 3 that is a bring-in terminal, and when user authentication is performed. Equivalent security level can be maintained.

  In other words, for example, even if the terminal 3 is stolen and handed over to a person other than the user 7, the user cannot connect to the network 6 unless the user 7 is on duty. Since the connection to the network 6 is not possible unless the location is predetermined in FIG. 7, the security level is not lowered.

[Other embodiments]
The present invention is not limited to the above embodiment, and various modifications can be made without departing from the spirit of the present invention. For example, even if there is a connection request from the terminal 3, the profile information 113 may not be transmitted if it is outside the time period set for the normal working hours of the attendance information 112 of FIG.

  Further, the location of the attendance information 112 may be a predetermined location, or may be a location when the user 7 requests authentication from the authentication server 2.

  In addition, the function of the connection management program 110 of the attendance server 1 and the function of the attendance management program 111 may be executed on different servers. The attendance server 1 and the authentication server 2 may be configured as one server.

  Also, after the terminal 3 establishes the connection to the network 6, even if the terminal 3 is out of the location of the attendance information 112, the connection is permitted if the user who owns the terminal 3 is on duty. Also good. This eliminates the need to repeat all operations for reconnection when the user 7 holding the terminal 3 temporarily leaves the location due to a meal or a toilet.

  In the above embodiment, the functions of the units 100 to 102 of the control unit 10 are realized by a program. However, all or part of the units may be realized by hardware such as an ASIC. The program used in the above embodiment can be provided by being stored in a recording medium such as a CD-ROM. In addition, replacement, deletion, addition, and the like of the above-described steps described in the above embodiment are possible within a range that does not change the gist of the present invention.

DESCRIPTION OF SYMBOLS 1 Time server 2 Authentication server 3 Terminal 4 Terminal 5 Access point 6 Network 7 User 8 Connection management system 10 Control part 11 Storage part 12 Communication part 100 Time management means 101 Location information determination means 102 Profile information transmission means 110 Connection management program 111 Time management program 112 Time information 113 Profile information

Claims (3)

Computer
The attendance information indicating the attendance status of the user of the terminal that has transmitted the connection request to the network is in operation, and the position information indicating the position of the terminal is within the range of the location defined in advance for the user. A connection management program for causing the terminal to function as transmission means for transmitting profile information, which is setting information used for connecting to the network, to the terminal.   The connection management program according to claim 1, further functioning as attendance management means for setting the attendance state of the attendance information in accordance with an operation of the user who has been authenticated for connecting to the network in another terminal. The attendance information indicating the attendance status of the user of the terminal that has transmitted the connection request to the network is in operation, and the position information indicating the position of the terminal is within the range of the location defined in advance for the user. An information processing apparatus comprising: a transmission unit configured to transmit profile information, which is setting information used for the terminal to connect to the network.

Images